Toyomasa Watarai
Simple interface for Mbed Cloud Client
Embed:
(wiki syntax)
Show/hide line numbers
pal_tls_test.c
00001 /******************************************************************************* 00002 * Copyright 2016, 2017 ARM Ltd. 00003 * 00004 * Licensed under the Apache License, Version 2.0 (the "License"); 00005 * you may not use this file except in compliance with the License. 00006 * You may obtain a copy of the License at 00007 * 00008 * http://www.apache.org/licenses/LICENSE-2.0 00009 * 00010 * Unless required by applicable law or agreed to in writing, software 00011 * distributed under the License is distributed on an "AS IS" BASIS, 00012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00013 * See the License for the specific language governing permissions and 00014 * limitations under the License. 00015 *******************************************************************************/ 00016 00017 #include "unity.h" 00018 #include "unity_fixture.h" 00019 #include "pal.h" 00020 #include "pal_tls_utils.h" 00021 #include "pal_network.h" 00022 #include "stdlib.h" 00023 #include "sotp.h" 00024 #include "test_runners.h" 00025 00026 #define TRACE_GROUP "TLS_TESTS" 00027 #define PAL_TEST_PSK_IDENTITY "Client_identity" 00028 00029 #define PAL_TEST_PSK {0x12,0x34,0x45,0x67,0x89,0x10} 00030 00031 00032 PAL_PRIVATE palSocket_t g_socket = 0; 00033 extern void * g_palTestTLSInterfaceCTX; // this is set by the palTestMain funciton 00034 PAL_PRIVATE uint32_t g_interfaceCTXIndex = 0; 00035 00036 #if ((PAL_USE_SECURE_TIME == 1) && (PAL_USE_INTERNAL_FLASH == 1)) 00037 PAL_PRIVATE uint8_t g_trustedServerID[PAL_CERT_ID_SIZE] __attribute__((aligned(4))) = { 0 }; 00038 PAL_PRIVATE size_t g_actualServerIDSize = 0; 00039 #endif 00040 00041 PAL_PRIVATE palMutexID_t g_mutex1 = NULLPTR; 00042 PAL_PRIVATE palMutexID_t g_mutex2 = NULLPTR; 00043 PAL_PRIVATE palMutexID_t g_mutexHandShake1 = NULLPTR; 00044 PAL_PRIVATE bool g_retryHandshake = false; 00045 PAL_PRIVATE const uint8_t g_coapHelloWorldRequest[16] = { 0x50,0x01,0x57,0x3e,0xff,0x2f,0x68,0x65,0x6c,0x6c,0x6f,0x57,0x6f,0x72,0x6c,0x64 }; 00046 00047 #define PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(a, b) \ 00048 if (a != b) \ 00049 {\ 00050 PAL_LOG(ERR,"Expected: %" PRId32 " , Actual: %" PRId32 " , Line: %d\n", (int32_t)a, (int32_t)b, __LINE__);\ 00051 goto finish;\ 00052 } 00053 00054 00055 //! This structre is for tests only and MUST be the same structure as in the pal_TLS.c file 00056 //! For any change done in the original structure, please make sure to change this structure too. 00057 typedef struct palTLSService 00058 { 00059 bool retryHandShake; 00060 uint64_t serverTime; 00061 palTLSHandle_t platTlsHandle; 00062 }palTLSTest_t; 00063 00064 TEST_GROUP(pal_tls); 00065 00066 TEST_SETUP(pal_tls) 00067 { 00068 palStatus_t status = PAL_SUCCESS; 00069 uint64_t currentTime = 1504893346; //GMT: Friday, September 8, 2017 5:55:46 PM 00070 00071 pal_init(); 00072 00073 if (g_palTestTLSInterfaceCTX == NULL) 00074 { 00075 PAL_LOG(ERR, "error: net interface not configutred correctly"); 00076 } 00077 else 00078 { 00079 status = pal_registerNetworkInterface(g_palTestTLSInterfaceCTX, &g_interfaceCTXIndex); 00080 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00081 } 00082 00083 g_socket = 0; 00084 00085 status = pal_osSetTime(currentTime); 00086 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00087 00088 } 00089 00090 TEST_TEAR_DOWN(pal_tls) 00091 { 00092 sotp_result_e sotpRes = SOTP_SUCCESS; 00093 if (0 != g_socket) 00094 { 00095 pal_close(&g_socket); 00096 } 00097 00098 sotpRes = sotp_delete(SOTP_TYPE_TRUSTED_TIME_SRV_ID); 00099 TEST_ASSERT_TRUE((SOTP_SUCCESS == sotpRes) || (SOTP_NOT_FOUND == sotpRes)); 00100 00101 pal_destroy(); 00102 } 00103 00104 /** 00105 * @brief Test TLS cofiguration initialization and uninitialization. 00106 * 00107 * 00108 * | # | Step | Expected | 00109 * |---|--------------------------------|-------------| 00110 * | 1 | Initialize TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS | 00111 * | 2 | Uninitialize TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS | 00112 */ 00113 TEST(pal_tls, tlsConfiguration) 00114 { 00115 palStatus_t status = PAL_SUCCESS; 00116 palTLSConfHandle_t palTLSConf = NULLPTR; 00117 palTLSTransportMode_t transportationMode = PAL_TLS_MODE; 00118 /*#1*/ 00119 status = pal_initTLSConfiguration(&palTLSConf, transportationMode); 00120 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00121 TEST_ASSERT_TRUE(NULLPTR != palTLSConf); 00122 /*#2*/ 00123 status = pal_tlsConfigurationFree(&palTLSConf); 00124 TEST_ASSERT_EQUAL_HEX(NULLPTR, palTLSConf); 00125 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00126 } 00127 00128 int palTestEntropySource(void *data, unsigned char *output, size_t len, size_t *olen) 00129 { 00130 palStatus_t status = PAL_SUCCESS; 00131 (void)data; 00132 00133 status = pal_osRandomBuffer(output, len); 00134 if (PAL_SUCCESS == status) 00135 { 00136 *olen = len; 00137 } 00138 else 00139 { 00140 return -1; 00141 } 00142 return 0; 00143 } 00144 00145 static void handshakeUDP(bool socketNonBlocking) 00146 { 00147 palStatus_t status = PAL_SUCCESS; 00148 palTLSConfHandle_t palTLSConf = NULLPTR; 00149 palTLSHandle_t palTLSHandle = NULLPTR; 00150 palTLSTransportMode_t transportationMode = PAL_DTLS_MODE; 00151 palSocketAddress_t socketAddr = {0}; 00152 palSocketLength_t addressLength = 0; 00153 char serverResponse[PAL_TLS_MESSAGE_SIZE] = {0}; 00154 uint32_t actualLen = 0; 00155 uint32_t written = 0; 00156 #if (PAL_ENABLE_X509 == 1) 00157 palX509_t pubKey = {(const void*)g_pubKey,sizeof(g_pubKey)}; 00158 palPrivateKey_t prvKey = {(const void*)g_prvKey,sizeof(g_prvKey)}; 00159 palX509_t caCert = { (const void*)pal_test_cas,sizeof(pal_test_cas) }; 00160 #elif (PAL_ENABLE_PSK == 1) 00161 const char* identity = PAL_TEST_PSK_IDENTITY; 00162 const char psk[]= PAL_TEST_PSK; 00163 #endif 00164 palTLSSocket_t tlsSocket = {g_socket, &socketAddr, 0, transportationMode}; 00165 int32_t verifyResult = 0; 00166 00167 /*#1*/ 00168 status = pal_socket(PAL_AF_INET, PAL_SOCK_DGRAM , socketNonBlocking, 0, &g_socket); 00169 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00170 /*#2*/ 00171 status = pal_getAddressInfo(PAL_TLS_TEST_SERVER_ADDRESS, &socketAddr, &addressLength); 00172 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00173 00174 tlsSocket.addressLength = addressLength; 00175 tlsSocket.socket = g_socket; 00176 /*#3*/ 00177 status = pal_setSockAddrPort(&socketAddr, DTLS_SERVER_PORT); 00178 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00179 /*#4*/ 00180 status = pal_initTLSConfiguration(&palTLSConf, transportationMode); 00181 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00182 /*#5*/ 00183 status = pal_initTLS(palTLSConf, &palTLSHandle); 00184 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00185 00186 // This code commented out to prevent massive prints from mbedTLS, if you want to see logs from client side, just uncomment them. 00187 //status = pal_sslDebugging(true); 00188 //TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00189 #if (PAL_ENABLE_X509 == 1) 00190 /*#6*/ 00191 status = pal_setOwnCertAndPrivateKey(palTLSConf, &pubKey, &prvKey); 00192 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00193 /*#7*/ 00194 status = pal_setCAChain(palTLSConf, &caCert, NULL); 00195 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00196 #elif (PAL_ENABLE_PSK == 1) 00197 /*#6 + #7*/ 00198 status = pal_setPSK(palTLSConf, (const unsigned char*)identity, strlen(identity), (const unsigned char*)psk, sizeof(psk)); 00199 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00200 #endif 00201 /*#8*/ 00202 status = pal_tlsSetSocket(palTLSConf, &tlsSocket); 00203 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00204 /*#9*/ 00205 00206 status = pal_setHandShakeTimeOut(palTLSConf, 30000); 00207 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00208 /*#10*/ 00209 00210 do 00211 { 00212 status = pal_handShake(palTLSHandle, palTLSConf); 00213 } 00214 while (PAL_ERR_TLS_WANT_READ == status || PAL_ERR_TLS_WANT_WRITE == status); 00215 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00216 00217 /*#11*/ 00218 status = pal_sslGetVerifyResultExtended(palTLSHandle, &verifyResult); 00219 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00220 /*#12*/ 00221 status = pal_sslWrite(palTLSHandle, g_coapHelloWorldRequest, sizeof(g_coapHelloWorldRequest), &written); 00222 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00223 /*#13*/ 00224 pal_osDelay(5000); 00225 /*#14*/ 00226 do 00227 { 00228 status = pal_sslRead(palTLSHandle, serverResponse, PAL_TLS_MESSAGE_SIZE, &actualLen); 00229 }while (PAL_ERR_TLS_WANT_READ == status); 00230 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00231 00232 /*#15*/ 00233 status = pal_freeTLS(&palTLSHandle); 00234 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00235 /*#16*/ 00236 status = pal_tlsConfigurationFree(&palTLSConf); 00237 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00238 /*#17*/ 00239 status = pal_close(&g_socket); 00240 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00241 } 00242 00243 00244 static void handshakeTCP(bool socketNonBlocking) 00245 { 00246 palStatus_t status = PAL_SUCCESS; 00247 palTLSConfHandle_t palTLSConf = NULLPTR; 00248 palTLSHandle_t palTLSHandle = NULLPTR; 00249 palTLSTransportMode_t transportationMode = PAL_TLS_MODE; 00250 palSocketAddress_t socketAddr = {0}; 00251 palSocketLength_t addressLength = 0; 00252 char serverResponse[PAL_TLS_MESSAGE_SIZE] = {0}; 00253 uint32_t actualLen = 0; 00254 uint32_t written = 0; 00255 #if (PAL_ENABLE_X509 == 1) 00256 palX509_t pubKey = {(const void*)g_pubKey,sizeof(g_pubKey)}; 00257 palPrivateKey_t prvKey = {(const void*)g_prvKey,sizeof(g_prvKey)}; 00258 palX509_t caCert = { (const void*)pal_test_cas,sizeof(pal_test_cas) }; 00259 #elif (PAL_ENABLE_PSK == 1) 00260 const char* identity = PAL_TEST_PSK_IDENTITY; 00261 const char psk[]= PAL_TEST_PSK; 00262 #endif 00263 palTLSSocket_t tlsSocket = { g_socket, &socketAddr, 0, transportationMode }; 00264 uint64_t curTimeInSec, timePassedInSec; 00265 const uint64_t minSecSinceEpoch = PAL_MIN_SEC_FROM_EPOCH + 1; //At least 47 years passed from 1.1.1970 in seconds 00266 int32_t verifyResult = 0; 00267 00268 00269 /*#1*/ 00270 status = pal_socket(PAL_AF_INET, PAL_SOCK_STREAM, socketNonBlocking, 0, &g_socket); 00271 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00272 /*#2*/ 00273 status = pal_getAddressInfo(PAL_TLS_TEST_SERVER_ADDRESS, &socketAddr, &addressLength); 00274 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00275 00276 tlsSocket.addressLength = addressLength; 00277 tlsSocket.socket = g_socket; 00278 /*#3*/ 00279 if (true == socketNonBlocking) 00280 { 00281 status = pal_setSockAddrPort(&socketAddr, TLS_SERVER_PORT_NB); 00282 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00283 } 00284 else //blocking 00285 { 00286 status = pal_setSockAddrPort(&socketAddr, TLS_SERVER_PORT); 00287 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00288 } 00289 00290 /*#4*/ 00291 status = pal_connect(g_socket, &socketAddr, addressLength); 00292 if (PAL_ERR_SOCKET_IN_PROGRES == status) 00293 { 00294 pal_osDelay(400); 00295 } 00296 else 00297 { 00298 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00299 } 00300 /*#5*/ 00301 status = pal_initTLSConfiguration(&palTLSConf, transportationMode); 00302 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00303 TEST_ASSERT_NOT_EQUAL(palTLSConf, NULLPTR); 00304 /*#6*/ 00305 status = pal_initTLS(palTLSConf, &palTLSHandle); 00306 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00307 00308 // This code commented out to prevent massive prints from mbedTLS, if you want to see logs from client side, just uncomment them. 00309 //status = pal_sslDebugging(true); 00310 //TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00311 #if (PAL_ENABLE_X509 == 1) 00312 /*#7*/ 00313 status = pal_setOwnCertAndPrivateKey(palTLSConf, &pubKey, &prvKey); 00314 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00315 /*#8*/ 00316 status = pal_setCAChain(palTLSConf, &caCert, NULL); 00317 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00318 #elif (PAL_ENABLE_PSK == 1) 00319 /*#7 + 8*/ 00320 status = pal_setPSK(palTLSConf, (const unsigned char*)identity, strlen(identity), (const unsigned char*)psk, sizeof(psk)); 00321 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00322 #endif 00323 /*#9*/ 00324 status = pal_tlsSetSocket(palTLSConf, &tlsSocket); 00325 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00326 /*#10*/ 00327 if (true == socketNonBlocking) 00328 { 00329 status = pal_osSetTime(minSecSinceEpoch); 00330 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); // More than current epoch time -> success 00331 do 00332 { 00333 curTimeInSec = pal_osGetTime(); 00334 TEST_ASSERT_TRUE(curTimeInSec >= minSecSinceEpoch); 00335 timePassedInSec = curTimeInSec - minSecSinceEpoch; 00336 status = pal_handShake(palTLSHandle, palTLSConf); 00337 } 00338 while ( (PAL_ERR_TLS_WANT_READ == status || PAL_ERR_TLS_WANT_WRITE == status) && 00339 (timePassedInSec < PAL_SECONDS_PER_MIN)); //2 minutes to wait for handshake 00340 } 00341 else //blocking 00342 { 00343 status = pal_handShake(palTLSHandle, palTLSConf); 00344 } 00345 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00346 00347 /*#11*/ 00348 status = pal_sslGetVerifyResultExtended(palTLSHandle, &verifyResult); 00349 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00350 /*#12*/ 00351 status = pal_sslWrite(palTLSHandle, TLS_GET_REQUEST, sizeof(TLS_GET_REQUEST), &written); 00352 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00353 /*#13*/ 00354 pal_osDelay(5000); 00355 /*#14*/ 00356 status = pal_sslRead(palTLSHandle, serverResponse, PAL_TLS_MESSAGE_SIZE, &actualLen); 00357 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00358 00359 /*#15*/ 00360 status = pal_freeTLS(&palTLSHandle); 00361 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00362 /*#16*/ 00363 status = pal_tlsConfigurationFree(&palTLSConf); 00364 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00365 /*#17*/ 00366 status = pal_close(&g_socket); 00367 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00368 00369 } 00370 00371 /** 00372 * @brief Test TLS initialization and uninitialization. 00373 * 00374 * 00375 * | # | Step | Expected | 00376 * |---|--------------------------------|-------------| 00377 * | 1 | Initialize TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS | 00378 * | 2 | Initialize TLS context using `pal_initTLS`. | PAL_SUCCESS | 00379 * | 3 | Add a NULL entropy source using `pal_addEntropySource`. | PAL_ERR_INVALID_ARGUMENT | 00380 * | 4 | Add a valid entropy source using `pal_addEntropySource`. | PAL_SUCCESS | 00381 * | 5 | Uninitialize TLS context using `pal_freeTLS`. | PAL_SUCCESS | 00382 * | 6 | Uninitialize TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS | 00383 */ 00384 TEST(pal_tls, tlsInitTLS) 00385 { 00386 palStatus_t status = PAL_SUCCESS; 00387 palTLSConfHandle_t palTLSConf = NULLPTR; 00388 palTLSHandle_t palTLSHandle = NULLPTR; 00389 palTLSTransportMode_t transportationMode = PAL_TLS_MODE; 00390 /*#1*/ 00391 status = pal_initTLSConfiguration(&palTLSConf, transportationMode); 00392 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00393 /*#2*/ 00394 status = pal_initTLS(palTLSConf, &palTLSHandle); 00395 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00396 #ifdef DEBUG 00397 /*#3*/ 00398 status = pal_addEntropySource(NULL); 00399 TEST_ASSERT_EQUAL_HEX(PAL_ERR_INVALID_ARGUMENT , status); 00400 #endif 00401 /*#4*/ 00402 status = pal_addEntropySource(palTestEntropySource); 00403 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00404 /*#5*/ 00405 status = pal_freeTLS(&palTLSHandle); 00406 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00407 /*#6*/ 00408 status = pal_tlsConfigurationFree(&palTLSConf); 00409 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00410 } 00411 00412 00413 /** 00414 * @brief Test TLS initialization and uninitialization with additional keys. 00415 * 00416 * 00417 * | # | Step | Expected | 00418 * |---|--------------------------------|-------------| 00419 * | 1 | Initialize TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS | 00420 * | 2 | Add keys to the configuration using `pal_setOwnCertAndPrivateKey`. | PAL_SUCCESS | 00421 * | 3 | Initialize TLS context using `pal_initTLS`. | PAL_SUCCESS | 00422 * | 4 | Uninitialize TLS context using `pal_freeTLS`. | PAL_SUCCESS | 00423 * | 5 | Uninitialize TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS | 00424 */ 00425 TEST(pal_tls, tlsPrivateAndPublicKeys) 00426 { 00427 #if (PAL_ENABLE_X509 == 1) 00428 palStatus_t status = PAL_SUCCESS; 00429 palTLSConfHandle_t palTLSConf = NULLPTR; 00430 palTLSHandle_t palTLSHandle = NULLPTR; 00431 palTLSTransportMode_t transportationMode = PAL_TLS_MODE; 00432 palX509_t pubKey = { (const void*)g_pubKey,sizeof(g_pubKey) }; 00433 palPrivateKey_t prvKey = { (const void*)g_prvKey,sizeof(g_prvKey) }; 00434 00435 /*#1*/ 00436 status = pal_initTLSConfiguration(&palTLSConf, transportationMode); 00437 TEST_ASSERT_NOT_EQUAL(palTLSConf, NULLPTR); 00438 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00439 /*#2*/ 00440 status = pal_setOwnCertAndPrivateKey(palTLSConf, &pubKey, &prvKey); 00441 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00442 /*#3*/ 00443 status = pal_initTLS(palTLSConf, &palTLSHandle); 00444 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00445 /*#4*/ 00446 status = pal_freeTLS(&palTLSHandle); 00447 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00448 /*#5*/ 00449 status = pal_tlsConfigurationFree(&palTLSConf); 00450 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00451 #endif 00452 } 00453 00454 00455 /** 00456 * @brief Test TLS initialization and uninitialization with additional certificate and pre-shared keys. 00457 * 00458 * 00459 * | # | Step | Expected | 00460 * |---|--------------------------------|-------------| 00461 * | 1 | Initialize TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS | 00462 * | 2 | Set pre-shared keys to the configuration using `pal_setPSK`. | PAL_SUCCESS | 00463 * | 3 | Initialize TLS context using `pal_initTLS`. | PAL_SUCCESS 00464 * | 4 | Uninitialize TLS context using `pal_freeTLS`. |PAL_SUCCESS | 00465 * | 5 | Uninitialize TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS | 00466 */ 00467 TEST(pal_tls, tlsCACertandPSK) 00468 { 00469 #if (PAL_ENABLE_PSK == 1) 00470 palStatus_t status = PAL_SUCCESS; 00471 palTLSConfHandle_t palTLSConf = NULLPTR; 00472 palTLSHandle_t palTLSHandle = NULLPTR; 00473 palTLSTransportMode_t transportationMode = PAL_TLS_MODE; 00474 /*#1*/ 00475 status = pal_initTLSConfiguration(&palTLSConf, transportationMode); 00476 TEST_ASSERT_NOT_EQUAL(palTLSConf, NULLPTR); 00477 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00478 /*#2*/ 00479 status = pal_setPSK(palTLSConf, g_psk_id, sizeof(g_psk_id) - 1, g_psk, sizeof(g_psk)); 00480 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00481 /*#3*/ 00482 status = pal_initTLS(palTLSConf, &palTLSHandle); 00483 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00484 /*#4*/ 00485 status = pal_freeTLS(&palTLSHandle); 00486 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00487 /*#5*/ 00488 status = pal_tlsConfigurationFree(&palTLSConf); 00489 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00490 #endif 00491 } 00492 00493 00494 /** 00495 * @brief Test TLS handshake (TCP blocking). 00496 * 00497 * 00498 * | # | Step | Expected | 00499 * |---|--------------------------------|-------------| 00500 * | 1 | Create a TCP (blocking) socket. | PAL_SUCCESS | 00501 * | 2 | Perform a DNS lookup on the server address. | PAL_SUCCESS | 00502 * | 3 | Set the server port. | PAL_SUCCESS | 00503 * | 4 | Connect the TCP socket to the server. | PAL_SUCCESS | 00504 * | 5 | Initialize the TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS | 00505 * | 6 | Initialize the TLS context using `pal_initTLS`. | PAL_SUCCESS | 00506 * | 7 | Set the certificate and keys to the configuration using `pal_setOwnCertAndPrivateKey`.| PAL_SUCCESS | 00507 * | 8 | Set the certificate chain to the configuration using `pal_setCAChain`. | PAL_SUCCESS | 00508 * | 9 | Set the socket chain to the configuration using `pal_tlsSetSocket`. | PAL_SUCCESS | 00509 * | 10 | Perform a TLS handshake with the server using `pal_handShaket`. | PAL_SUCCESS | 00510 * | 11 | Verify the handshake result using `pal_sslGetVerifyResult`. | PAL_SUCCESS | 00511 * | 12 | Write data over open TLS connection using `pal_sslWrite`. | PAL_SUCCESS | 00512 * | 13 | Wait for the response. | PAL_SUCCESS | 00513 * | 14 | Read data from the open TLS connection using `pal_sslRead`. | PAL_SUCCESS | 00514 * | 15 | Uninitialize the TLS context using `pal_freeTLS`. | PAL_SUCCESS | 00515 * | 16 | Uninitialize the TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS | 00516 * | 17 | Close the TCP socket. | PAL_SUCCESS | 00517 */ 00518 TEST(pal_tls, tlsHandshakeTCP) 00519 { 00520 handshakeTCP(false); 00521 } 00522 00523 /** 00524 * @brief Test TLS handshake (TCP non-blocking). 00525 * 00526 * 00527 * | # | Step | Expected | 00528 * |---|--------------------------------|-------------| 00529 * | 1 | Create a TCP (non-blocking) socket. | PAL_SUCCESS | 00530 * | 2 | Perform a DNS lookup on the server address. | PAL_SUCCESS | 00531 * | 3 | Set the server port. | PAL_SUCCESS | 00532 * | 4 | Connect the TCP socket to the server. | PAL_SUCCESS | 00533 * | 5 | Initialize the TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS | 00534 * | 6 | Initialize the TLS context using `pal_initTLS`. | PAL_SUCCESS | 00535 * | 7 | Set the certificate and keys to the configuration using `pal_setOwnCertAndPrivateKey`.| PAL_SUCCESS | 00536 * | 8 | Set the certificate chain to the configuration using `pal_setCAChain`. | PAL_SUCCESS | 00537 * | 9 | Set the socket chain to the configuration using `pal_tlsSetSocket`. | PAL_SUCCESS | 00538 * | 10 | Perform a TLS handshake with the server using `pal_handShaket` in a loop. | PAL_SUCCESS | 00539 * | 11 | Verify the handshake result using `pal_sslGetVerifyResult`. | PAL_SUCCESS | 00540 * | 12 | Write data over the open TLS connection using `pal_sslWrite`. | PAL_SUCCESS | 00541 * | 13 | Wait for the response. | PAL_SUCCESS | 00542 * | 14 | Read data from the open TLS connection using `pal_sslRead`. | PAL_SUCCESS | 00543 * | 15 | Uninitialize the TLS context using `pal_freeTLS`. | PAL_SUCCESS | 00544 * | 16 | Uninitialize the TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS | 00545 * | 17 | Close the TCP socket. | PAL_SUCCESS | 00546 */ 00547 TEST(pal_tls, tlsHandshakeTCP_nonBlocking) 00548 { 00549 handshakeTCP(true); 00550 } 00551 00552 /** 00553 * @brief Test (D)TLS handshake (UDP -blocking). 00554 * 00555 * 00556 * | # | Step | Expected | 00557 * |---|--------------------------------|-------------| 00558 * | 1 | Create a UDP (blocking) socket. | PAL_SUCCESS | 00559 * | 2 | Perform a DNS lookup on the server address. | PAL_SUCCESS | 00560 * | 3 | Set the server port. | PAL_SUCCESS | 00561 * | 4 | Initialize the TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS | 00562 * | 5 | Initialize the TLS context using `pal_initTLS`. | PAL_SUCCESS | 00563 * | 6 | Set the certificate and keys to the configuration using `pal_setOwnCertAndPrivateKey`.| PAL_SUCCESS | 00564 * | 7 | Set the certificate chain to the configuration using `pal_setCAChain`. | PAL_SUCCESS | 00565 * | 8 | Set the socket chain to the configuration using `pal_tlsSetSocket`. | PAL_SUCCESS | 00566 * | 9 | Set the timeout for the handshake using `pal_setHandShakeTimeOut`. | PAL_SUCCESS | 00567 * | 10 | Perform a TLS handshake with the server using `pal_handShaket` in a loop. | PAL_SUCCESS | 00568 * | 11 | Verify the handshake result using `pal_sslGetVerifyResult`. | PAL_SUCCESS | 00569 * | 12 | Write data over the open TLS connection using `pal_sslWrite`. | PAL_SUCCESS | 00570 * | 13 | Wait for the response. | PAL_SUCCESS | 00571 * | 14 | Read data from the open TLS connection using `pal_sslRead`. | PAL_SUCCESS | 00572 * | 15 | Uninitialize the TLS context using `pal_freeTLS`. | PAL_SUCCESS | 00573 * | 16 | Uninitialize the TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS | 00574 * | 17 | Close the UDP socket. | PAL_SUCCESS | 00575 */ 00576 TEST(pal_tls, tlsHandshakeUDP) 00577 { 00578 handshakeUDP(false); 00579 } 00580 00581 /** 00582 * @brief Test (D)TLS handshake (UDP -NonBlocking). 00583 * 00584 * 00585 * | # | Step | Expected | 00586 * |---|--------------------------------|-------------| 00587 * | 1 | Create a UDP (blocking) socket. | PAL_SUCCESS | 00588 * | 2 | Perform a DNS lookup on the server address. | PAL_SUCCESS | 00589 * | 3 | Set the server port. | PAL_SUCCESS | 00590 * | 4 | Initialize the TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS | 00591 * | 5 | Initialize the TLS context using `pal_initTLS`. | PAL_SUCCESS | 00592 * | 6 | Set the certificate and keys to the configuration using `pal_setOwnCertAndPrivateKey`.| PAL_SUCCESS | 00593 * | 7 | Set the certificate chain to the configuration using `pal_setCAChain`. | PAL_SUCCESS | 00594 * | 8 | Set the socket chain to the configuration using `pal_tlsSetSocket`. | PAL_SUCCESS | 00595 * | 9 | Set the timeout for the handshake using `pal_setHandShakeTimeOut`. | PAL_SUCCESS | 00596 * | 10 | Perform a TLS handshake with the server using `pal_handShaket` in a loop. | PAL_SUCCESS | 00597 * | 11 | Verify the handshake result using `pal_sslGetVerifyResult`. | PAL_SUCCESS | 00598 * | 12 | Write data over the open TLS connection using `pal_sslWrite`. | PAL_SUCCESS | 00599 * | 13 | Wait for the response. | PAL_SUCCESS | 00600 * | 14 | Read data from the open TLS connection using `pal_sslRead`. | PAL_SUCCESS | 00601 * | 15 | Uninitialize the TLS context using `pal_freeTLS`. | PAL_SUCCESS | 00602 * | 16 | Uninitialize the TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS | 00603 * | 17 | Close the UDP socket. | PAL_SUCCESS | 00604 */ 00605 TEST(pal_tls, tlsHandshakeUDP_NonBlocking) 00606 { 00607 handshakeUDP(true); 00608 } 00609 00610 /** 00611 * @brief Test (D)TLS handshake (UDP non-blocking) with a very short timeout to see if you get a timeout. 00612 * 00613 * 00614 * | # | Step | Expected | 00615 * |---|--------------------------------|-------------| 00616 * | 1 | Create a UDP (blocking) socket. | PAL_SUCCESS | 00617 * | 2 | Perform a DNS lookup on server adderss. | PAL_SUCCESS | 00618 * | 3 | Set the server port. | PAL_SUCCESS | 00619 * | 4 | Initialize the TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS | 00620 * | 5 | Initialize the TLS context using `pal_initTLS`. | PAL_SUCCESS | 00621 * | 6 | Set the certificate and keys to the configuration using `pal_setOwnCertAndPrivateKey`.| PAL_SUCCESS | 00622 * | 7 | Set the certificate chain to the configuration using `pal_setCAChain`. | PAL_SUCCESS | 00623 * | 8 | Set the socket chain to the configuration using `pal_tlsSetSocket`. | PAL_SUCCESS | 00624 * | 9 | Set a short timeout for the handshake using `pal_setHandShakeTimeOut`. | PAL_SUCCESS | 00625 * | 10 | Perform a TLS handshake with the server using `pal_handShaket` in a loop. | PAL_ERR_TIMEOUT_EXPIRED | 00626 * | 11 | Uninitialize the TLS context using `pal_freeTLS`. | PAL_SUCCESS | 00627 * | 12 | Uninitialize the TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS | 00628 */ 00629 TEST(pal_tls, tlsHandshakeUDPTimeOut) 00630 { 00631 palStatus_t status = PAL_SUCCESS; 00632 palTLSConfHandle_t palTLSConf = NULLPTR; 00633 palTLSHandle_t palTLSHandle = NULLPTR; 00634 palTLSTransportMode_t transportationMode = PAL_DTLS_MODE; 00635 palSocketAddress_t socketAddr = { 0 }; 00636 palSocketLength_t addressLength = 0; 00637 #if (PAL_ENABLE_X509 == 1) 00638 palX509_t pubKey = { (const void*)g_pubKey,sizeof(g_pubKey) }; 00639 palPrivateKey_t prvKey = { (const void*)g_prvKey,sizeof(g_prvKey) }; 00640 palX509_t caCert = { (const void*)pal_test_cas,sizeof(pal_test_cas) }; 00641 #elif (PAL_ENABLE_PSK == 1) 00642 const char* identity = PAL_TEST_PSK_IDENTITY; 00643 const char psk[]= PAL_TEST_PSK; 00644 #endif 00645 palTLSSocket_t tlsSocket = { g_socket, &socketAddr, 0, transportationMode }; 00646 00647 uint64_t curTimeInSec; 00648 const uint64_t minSecSinceEpoch = PAL_MIN_SEC_FROM_EPOCH + 1; //At least 47 years passed from 1.1.1970 in seconds 00649 00650 /*#1*/ 00651 status = pal_socket(PAL_AF_INET, PAL_SOCK_DGRAM , false, 0, &g_socket); 00652 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00653 /*#2*/ 00654 status = pal_getAddressInfo(PAL_TLS_TEST_SERVER_ADDRESS, &socketAddr, &addressLength); 00655 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00656 00657 tlsSocket.addressLength = addressLength; 00658 tlsSocket.socket = g_socket; 00659 /*#3*/ 00660 status = pal_setSockAddrPort(&socketAddr, DTLS_SERVER_PORT_TIMEOUT); 00661 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00662 /*#4*/ 00663 status = pal_initTLSConfiguration(&palTLSConf, transportationMode); 00664 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00665 /*#5*/ 00666 status = pal_initTLS(palTLSConf, &palTLSHandle); 00667 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00668 00669 // This code commented out to prevent massive prints from mbedTLS, if you want to see logs from client side, just uncomment them. 00670 //status = pal_sslDebugging(true); 00671 //TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00672 #if (PAL_ENABLE_X509 == 1) 00673 /*#6*/ 00674 status = pal_setOwnCertAndPrivateKey(palTLSConf, &pubKey, &prvKey); 00675 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00676 /*#7*/ 00677 status = pal_setCAChain(palTLSConf, &caCert, NULL); 00678 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00679 #elif (PAL_ENABLE_PSK == 1) 00680 /*#6 + #7*/ 00681 status = pal_setPSK(palTLSConf, (const unsigned char*)identity, strlen(identity), (const unsigned char*)psk, sizeof(psk)); 00682 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00683 #endif 00684 /*#8*/ 00685 status = pal_tlsSetSocket(palTLSConf, &tlsSocket); 00686 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00687 /*#9*/ 00688 status = pal_setHandShakeTimeOut(palTLSConf, 100); 00689 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00690 00691 status = pal_osSetTime(minSecSinceEpoch); 00692 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); // More than current epoch time -> success 00693 /*#10*/ 00694 do 00695 { 00696 status = pal_handShake(palTLSHandle, palTLSConf); 00697 } 00698 while (PAL_ERR_TLS_WANT_READ == status || PAL_ERR_TLS_WANT_WRITE == status); 00699 00700 curTimeInSec = pal_osGetTime(); 00701 TEST_ASSERT_EQUAL_HEX(PAL_ERR_TIMEOUT_EXPIRED , status); 00702 TEST_ASSERT_TRUE(curTimeInSec - minSecSinceEpoch <= 1); //less than one second 00703 /*#11*/ 00704 status = pal_freeTLS(&palTLSHandle); 00705 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00706 /*#12*/ 00707 status = pal_tlsConfigurationFree(&palTLSConf); 00708 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00709 00710 status = pal_close(&g_socket); 00711 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00712 } 00713 00714 #if PAL_USE_INTERNAL_FLASH 00715 /** 00716 * @brief Test TLS handshake (TCP blocking). 00717 * 00718 * 00719 * | # | Step | Expected | 00720 * |---|--------------------------------|-------------| 00721 * | 1 | Create a TCP (blocking) socket. | PAL_SUCCESS | 00722 * | 2 | Perform a DNS lookup on the server address. | PAL_SUCCESS | 00723 * | 3 | Set the server port. | PAL_SUCCESS | 00724 * | 4 | Connect the TCP socket to the server. | PAL_SUCCESS | 00725 * | 5 | Initialize the TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS | 00726 * | 6 | Initialize the TLS context using `pal_initTLS`. | PAL_SUCCESS | 00727 * | 7 | Set the certificate and keys to the configuration using `pal_setOwnCertAndPrivateKey`.| PAL_SUCCESS | 00728 * | 8 | Set the certificate chain to the configuration using `pal_setCAChain`. | PAL_SUCCESS | 00729 * | 9 | Set the socket chain to the configuration using `pal_tlsSetSocket`. | PAL_SUCCESS | 00730 * | 10 | Set device time to be in future. | PAL_SUCCESS | 00731 * | 11 | Perform a TLS handshake with the server using `pal_handShaket`. | PAL_SUCCESS | 00732 * | 12 | Verify the handshake result using `pal_sslGetVerifyResult`. | PAL_SUCCESS | 00733 * | 13 | Write data over open TLS connection using `pal_sslWrite`. | PAL_SUCCESS | 00734 * | 14 | Uninitialize the TLS context using `pal_freeTLS`. | PAL_SUCCESS | 00735 * | 15 | Uninitialize the TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS | 00736 * | 16 | Close the TCP socket. | PAL_SUCCESS | 00737 * | 17 | Check that time is updated. | PAL_SUCCESS | 00738 * | 18 | Verify that the SOTP time value was updated. | PAL_SUCCESS | 00739 */ 00740 TEST(pal_tls, tlsHandshakeTCP_FutureLWM2M) 00741 { 00742 #if ((PAL_USE_SECURE_TIME == 1) && (PAL_USE_INTERNAL_FLASH == 1)) 00743 palStatus_t status = PAL_SUCCESS; 00744 palTLSConfHandle_t palTLSConf = NULLPTR; 00745 palTLSHandle_t palTLSHandle = NULLPTR; 00746 palTLSTransportMode_t transportationMode = PAL_TLS_MODE; 00747 palSocketAddress_t socketAddr = {0}; 00748 palSocketLength_t addressLength = 0; 00749 uint32_t written = 0; 00750 palX509_t pubKey = {(const void*)g_pubKey,sizeof(g_pubKey)}; 00751 palPrivateKey_t prvKey = {(const void*)g_prvKey,sizeof(g_prvKey)}; 00752 palX509_t caCert = { (const void*)pal_test_cas,sizeof(pal_test_cas) }; 00753 palTLSSocket_t tlsSocket = { g_socket, &socketAddr, 0, transportationMode }; 00754 00755 char serverResponse[PAL_TLS_MESSAGE_SIZE] = {0}; 00756 uint32_t actualLen = 0; 00757 uint64_t deviceTime = pal_osGetTime(); //get device time to update it in case of failure 00758 uint64_t currentTime = 0; 00759 uint16_t actualSavedTimeSize = 0; 00760 uint64_t initialSOTPTime = 0; 00761 sotp_result_e sotpRes = SOTP_SUCCESS; 00762 int32_t verifyResult = 0; 00763 00764 /*#1*/ 00765 status = pal_socket(PAL_AF_INET, PAL_SOCK_STREAM, false, 0, &g_socket); 00766 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00767 /*#2*/ 00768 status = pal_getAddressInfo(PAL_TLS_TEST_SERVER_ADDRESS, &socketAddr, &addressLength); 00769 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00770 00771 tlsSocket.addressLength = addressLength; 00772 tlsSocket.socket = g_socket; 00773 /*#3*/ 00774 status = pal_setSockAddrPort(&socketAddr, TLS_RENEGOTIATE_SERVER_PORT); 00775 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00776 /*#4*/ 00777 status = pal_connect(g_socket, &socketAddr, addressLength); 00778 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00779 /*#5*/ 00780 status = pal_initTLSConfiguration(&palTLSConf, transportationMode); 00781 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00782 /*#6*/ 00783 status = pal_initTLS(palTLSConf, &palTLSHandle); 00784 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00785 /*#7*/ 00786 status = pal_setOwnCertAndPrivateKey(palTLSConf, &pubKey, &prvKey); 00787 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00788 /*#8*/ 00789 status = pal_setCAChain(palTLSConf, &caCert, NULL); 00790 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00791 /*#9*/ 00792 status = pal_tlsSetSocket(palTLSConf, &tlsSocket); 00793 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00794 /*#10*/ 00795 00796 sotpRes = sotp_set(SOTP_TYPE_SAVED_TIME, (uint16_t)sizeof(initialSOTPTime), (uint32_t*)&initialSOTPTime); 00797 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); 00798 status = pal_osSetTime(0);//back in the past to set time to the future during handhsake 00799 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00800 /*#11*/ 00801 status = pal_handShake(palTLSHandle, palTLSConf); 00802 if (PAL_SUCCESS != status) 00803 { 00804 pal_osSetTime(deviceTime); 00805 } 00806 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00807 /*#12*/ 00808 status = pal_sslGetVerifyResultExtended(palTLSHandle, &verifyResult); 00809 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00810 /*#13*/ 00811 status = pal_sslWrite(palTLSHandle, TLS_GET_REQUEST, sizeof(TLS_GET_REQUEST), &written); 00812 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00813 00814 pal_osDelay(5000); 00815 /*#14*/ 00816 status = pal_sslRead(palTLSHandle, serverResponse, PAL_TLS_MESSAGE_SIZE, &actualLen); 00817 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00818 /*#14*/ 00819 status = pal_freeTLS(&palTLSHandle); 00820 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00821 /*#15*/ 00822 status = pal_tlsConfigurationFree(&palTLSConf); 00823 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00824 /*#16*/ 00825 status = pal_close(&g_socket); 00826 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00827 /*#17*/ 00828 deviceTime = pal_osGetTime(); 00829 TEST_ASSERT_TRUE(0 != deviceTime); 00830 /*#18*/ 00831 sotpRes = sotp_get(SOTP_TYPE_SAVED_TIME, sizeof(currentTime), (uint32_t*)¤tTime, &actualSavedTimeSize); 00832 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); 00833 TEST_ASSERT_TRUE(0 != currentTime); 00834 #endif 00835 } 00836 00837 /** 00838 * @brief Test TLS handshake (TCP blocking) with near future time and validate that the handshake didn't update the device time (due to set time rules) 00839 * 00840 * 00841 * | # | Step | Expected | 00842 * |---|--------------------------------|-------------| 00843 * | 1 | Get saved time from SOTP, move backward half day and set time to RAM | PAL_SUCCESS | 00844 * | 2 | Update `SOTP_TYPE_SAVED_TIME` directly in SOTP to the new time from #1 | PAL_SUCCESS | 00845 * | 3 | Create a TCP (blocking) socket. | PAL_SUCCESS | 00846 * | 4 | Perform a DNS lookup on the server address. | PAL_SUCCESS | 00847 * | 5 | Set the server port. | PAL_SUCCESS | 00848 * | 6 | Connect the TCP socket to the server. | PAL_SUCCESS | 00849 * | 7 | Initialize the TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS | 00850 * | 8 | Initialize the TLS context using `pal_initTLS`. | PAL_SUCCESS | 00851 * | 9 | Set the certificate and keys to the configuration using `pal_setOwnCertAndPrivateKey`.| PAL_SUCCESS | 00852 * | 10 | Set the certificate chain to the configuration using `pal_setCAChain`. | PAL_SUCCESS | 00853 * | 11 | Set the socket to the configuration using `pal_tlsSetSocket`. | PAL_SUCCESS | 00854 * | 12 | Perform a TLS handshake with the server using `pal_handShake`. | PAL_SUCCESS | 00855 * | 13 | Verify the handshake result using `pal_sslGetVerifyResult`. | PAL_SUCCESS | 00856 * | 14 | Write data over open TLS connection using `pal_sslWrite`. | PAL_SUCCESS | 00857 * | 15 | Uninitialize the TLS context using `pal_freeTLS`. | PAL_SUCCESS | 00858 * | 16 | Uninitialize the TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS | 00859 * | 17 | Verify that the time was NOT updated during the handshake. | PAL_SUCCESS | 00860 */ 00861 TEST(pal_tls, tlsHandshakeTCP_FutureLWM2M_NoTimeUpdate) 00862 { 00863 #if ((PAL_USE_SECURE_TIME == 1) && (PAL_USE_INTERNAL_FLASH == 1)) 00864 palStatus_t status = PAL_SUCCESS; 00865 palTLSConfHandle_t palTLSConf = NULLPTR; 00866 palTLSHandle_t palTLSHandle = NULLPTR; 00867 palTLSTransportMode_t transportationMode = PAL_TLS_MODE; 00868 palSocketAddress_t socketAddr = { 0 }; 00869 palSocketLength_t addressLength = 0; 00870 uint32_t written = 0; 00871 char serverResponse[PAL_TLS_MESSAGE_SIZE] = {0}; 00872 uint32_t actualLen = 0; 00873 palX509_t pubKey = { (const void*)g_pubKey,sizeof(g_pubKey) }; 00874 palPrivateKey_t prvKey = { (const void*)g_prvKey,sizeof(g_prvKey) }; 00875 palTLSSocket_t tlsSocket = { g_socket, &socketAddr, 0, transportationMode }; 00876 palX509_t caCert = { (const void*)pal_test_cas,sizeof(pal_test_cas) }; 00877 sotp_result_e sotpRes = SOTP_SUCCESS; 00878 uint64_t currentTime = 0; 00879 uint64_t tmpTime = 0; 00880 uint64_t updatedTime = 0; 00881 uint16_t actualSavedTimeSize = 0; 00882 int32_t verifyResult = 0; 00883 00884 /*#1*/ 00885 sotpRes = sotp_get(SOTP_TYPE_SAVED_TIME, sizeof(tmpTime), (uint32_t*)&tmpTime, &actualSavedTimeSize); 00886 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); 00887 00888 currentTime = tmpTime - (PAL_SECONDS_PER_DAY / 2); //going back half day to simulate future server by half day (in order to prevent time update) 00889 status = pal_osSetTime(currentTime); 00890 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00891 /*#2*/ 00892 sotpRes = sotp_set(SOTP_TYPE_SAVED_TIME, (uint16_t)sizeof(currentTime), (uint32_t*)¤tTime); 00893 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); 00894 00895 /*#3*/ 00896 status = pal_socket(PAL_AF_INET, PAL_SOCK_STREAM, false, 0, &g_socket); 00897 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00898 /*#4*/ 00899 status = pal_getAddressInfo(PAL_TLS_TEST_SERVER_ADDRESS, &socketAddr, &addressLength); 00900 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00901 /*#5*/ 00902 status = pal_setSockAddrPort(&socketAddr, TLS_RENEGOTIATE_SERVER_PORT); 00903 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00904 00905 tlsSocket.addressLength = addressLength; 00906 tlsSocket.socket = g_socket; 00907 00908 /*#6*/ 00909 status = pal_connect(g_socket, &socketAddr, addressLength); 00910 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00911 /*#7*/ 00912 status = pal_initTLSConfiguration(&palTLSConf, transportationMode); 00913 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00914 /*#8*/ 00915 status = pal_initTLS(palTLSConf, &palTLSHandle); 00916 if (PAL_SUCCESS != status) 00917 { 00918 pal_freeTLS(&palTLSHandle); 00919 pal_tlsConfigurationFree(&palTLSConf); 00920 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00921 } 00922 00923 /*#9*/ 00924 status = pal_setOwnCertAndPrivateKey(palTLSConf, &pubKey, &prvKey); 00925 if (PAL_SUCCESS != status) 00926 { 00927 pal_freeTLS(&palTLSHandle); 00928 pal_tlsConfigurationFree(&palTLSConf); 00929 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00930 } 00931 /*#10*/ 00932 status = pal_setCAChain(palTLSConf, &caCert, NULL); 00933 if (PAL_SUCCESS != status) 00934 { 00935 pal_freeTLS(&palTLSHandle); 00936 pal_tlsConfigurationFree(&palTLSConf); 00937 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00938 } 00939 /*#11*/ 00940 status = pal_tlsSetSocket(palTLSConf, &tlsSocket); 00941 if (PAL_SUCCESS != status) 00942 { 00943 pal_freeTLS(&palTLSHandle); 00944 pal_tlsConfigurationFree(&palTLSConf); 00945 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00946 } 00947 /*#12*/ 00948 status = pal_handShake(palTLSHandle, palTLSConf); 00949 if (PAL_SUCCESS != status) 00950 { 00951 pal_freeTLS(&palTLSHandle); 00952 pal_tlsConfigurationFree(&palTLSConf); 00953 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00954 } 00955 /*#13*/ 00956 status = pal_sslGetVerifyResultExtended(palTLSHandle, &verifyResult); 00957 if (PAL_SUCCESS != status) 00958 { 00959 pal_freeTLS(&palTLSHandle); 00960 pal_tlsConfigurationFree(&palTLSConf); 00961 TEST_ASSERT_TRUE(PAL_ERR_X509_BADCERT_EXPIRED & verifyResult); 00962 } 00963 /*#14*/ 00964 status = pal_sslWrite(palTLSHandle, TLS_GET_REQUEST, sizeof(TLS_GET_REQUEST), &written); 00965 if (PAL_SUCCESS != status) 00966 { 00967 pal_freeTLS(&palTLSHandle); 00968 pal_tlsConfigurationFree(&palTLSConf); 00969 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00970 } 00971 00972 pal_osDelay(5000); 00973 /*#14*/ 00974 status = pal_sslRead(palTLSHandle, serverResponse, PAL_TLS_MESSAGE_SIZE, &actualLen); 00975 if (PAL_SUCCESS != status) 00976 { 00977 pal_freeTLS(&palTLSHandle); 00978 pal_tlsConfigurationFree(&palTLSConf); 00979 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00980 } 00981 00982 /*#15*/ 00983 status = pal_freeTLS(&palTLSHandle); 00984 if (PAL_SUCCESS != status) 00985 { 00986 pal_tlsConfigurationFree(&palTLSConf); 00987 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00988 } 00989 /*#16*/ 00990 status = pal_tlsConfigurationFree(&palTLSConf); 00991 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00992 00993 status = pal_close(&g_socket); 00994 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 00995 00996 /*#17*/ 00997 sotpRes = sotp_get(SOTP_TYPE_SAVED_TIME, sizeof(updatedTime), (uint32_t*)&updatedTime, &actualSavedTimeSize); 00998 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); 00999 TEST_ASSERT_EQUAL_HEX(currentTime, updatedTime); 01000 #endif 01001 } 01002 01003 01004 /** 01005 * @brief Test TLS handshake (TCP blocking) with future time to make handshake to fail due to bad cert time from server. 01006 * 01007 * 01008 * | # | Step | Expected | 01009 * |---|--------------------------------|-------------| 01010 * | 1 | Create a TCP (blocking) socket. | PAL_SUCCESS | 01011 * | 2 | Perform a DNS lookup on the server address. | PAL_SUCCESS | 01012 * | 3 | Set the server port. | PAL_SUCCESS | 01013 * | 4 | Connect the TCP socket to the server. | PAL_SUCCESS | 01014 * | 5 | Initialize the TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS | 01015 * | 6 | Initialize the TLS context using `pal_initTLS`. | PAL_SUCCESS | 01016 * | 7 | Set the certificate and keys to the configuration using `pal_setOwnCertAndPrivateKey`.| PAL_SUCCESS | 01017 * | 8 | Set the certificate chain to the configuration using `pal_setCAChain`. | PAL_SUCCESS | 01018 * | 9 | Set the socket chain to the configuration using `pal_tlsSetSocket`. | PAL_SUCCESS | 01019 * | 10 | Setsystem time to be far in the future `pal_osSetTime`. | PAL_SUCCESS | 01020 * | 11 | Perform a TLS handshake with the server using `pal_handShake`. | PAL_ERR_X509_CERT_VERIFY_FAILED | 01021 * | 12 | Verify the handshake result using `pal_sslGetVerifyResult`. | PAL_ERR_X509_BADCERT_EXPIRED | 01022 * | 13 | Set tme back to the original time before the test. | PAL_SUCCESS | 01023 * | 14 | Uninitialize the TLS context using `pal_freeTLS`. | PAL_SUCCESS | 01024 * | 15 | Uninitialize the TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS | 01025 * | 16 | Verify that the SOTP time value was not changed. | PAL_SUCCESS | 01026 */ 01027 TEST(pal_tls, tlsHandshakeTCP_ExpiredLWM2MCert) 01028 { 01029 #if ((PAL_USE_SECURE_TIME == 1) && (PAL_USE_INTERNAL_FLASH == 1)) 01030 palStatus_t status = PAL_SUCCESS; 01031 palTLSConfHandle_t palTLSConf = NULLPTR; 01032 palTLSHandle_t palTLSHandle = NULLPTR; 01033 palTLSTransportMode_t transportationMode = PAL_TLS_MODE; 01034 palSocketAddress_t socketAddr = {0}; 01035 palSocketLength_t addressLength = 0; 01036 palX509_t pubKey = {(const void*)g_pubKey,sizeof(g_pubKey)}; 01037 palPrivateKey_t prvKey = {(const void*)g_prvKey,sizeof(g_prvKey)}; 01038 palTLSSocket_t tlsSocket = { g_socket, &socketAddr, 0, transportationMode }; 01039 palX509_t caCert = { (const void*)pal_test_cas,sizeof(pal_test_cas) }; 01040 uint64_t futureTime = 2145542642; //Wed, 27 Dec 2037 16:04:02 GMT 01041 uint64_t currentTime = 0; 01042 uint64_t currentSOTPTime = 0; 01043 uint16_t actualSavedTimeSize = 0; 01044 sotp_result_e sotpRes = SOTP_SUCCESS; 01045 int32_t verifyResult = 0; 01046 01047 01048 /*#1*/ 01049 status = pal_socket(PAL_AF_INET, PAL_SOCK_STREAM, false, 0, &g_socket); 01050 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01051 /*#2*/ 01052 status = pal_getAddressInfo(PAL_TLS_TEST_SERVER_ADDRESS, &socketAddr, &addressLength); 01053 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01054 01055 tlsSocket.addressLength = addressLength; 01056 tlsSocket.socket = g_socket; 01057 /*#3*/ 01058 status = pal_setSockAddrPort(&socketAddr, TLS_RENEGOTIATE_SERVER_PORT); 01059 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01060 /*#4*/ 01061 status = pal_connect(g_socket, &socketAddr, addressLength); 01062 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01063 /*#5*/ 01064 status = pal_initTLSConfiguration(&palTLSConf, transportationMode); 01065 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01066 /*#6*/ 01067 status = pal_initTLS(palTLSConf, &palTLSHandle); 01068 if (PAL_SUCCESS != status) 01069 { 01070 pal_freeTLS(&palTLSHandle); 01071 pal_tlsConfigurationFree(&palTLSConf); 01072 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01073 } 01074 01075 /*#7*/ 01076 status = pal_setOwnCertAndPrivateKey(palTLSConf, &pubKey, &prvKey); 01077 if (PAL_SUCCESS != status) 01078 { 01079 pal_freeTLS(&palTLSHandle); 01080 pal_tlsConfigurationFree(&palTLSConf); 01081 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01082 } 01083 /*#8*/ 01084 status = pal_setCAChain(palTLSConf, &caCert, NULL); 01085 if (PAL_SUCCESS != status) 01086 { 01087 pal_freeTLS(&palTLSHandle); 01088 pal_tlsConfigurationFree(&palTLSConf); 01089 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01090 } 01091 /*#9*/ 01092 status = pal_tlsSetSocket(palTLSConf, &tlsSocket); 01093 if (PAL_SUCCESS != status) 01094 { 01095 pal_freeTLS(&palTLSHandle); 01096 pal_tlsConfigurationFree(&palTLSConf); 01097 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01098 } 01099 /*#10*/ 01100 sotpRes = sotp_get(SOTP_TYPE_SAVED_TIME, sizeof(currentTime), (uint32_t*)¤tTime, &actualSavedTimeSize); 01101 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); 01102 status = pal_osSetTime(futureTime); 01103 if (PAL_SUCCESS != status) 01104 { 01105 pal_freeTLS(&palTLSHandle); 01106 pal_tlsConfigurationFree(&palTLSConf); 01107 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01108 } 01109 /*#11*/ 01110 status = pal_handShake(palTLSHandle, palTLSConf); 01111 if (PAL_ERR_X509_CERT_VERIFY_FAILED != status) 01112 { 01113 pal_osSetTime(currentTime); 01114 pal_freeTLS(&palTLSHandle); 01115 pal_tlsConfigurationFree(&palTLSConf); 01116 TEST_ASSERT_EQUAL_HEX(PAL_ERR_X509_CERT_VERIFY_FAILED, status); 01117 } 01118 /*#12*/ 01119 status = pal_sslGetVerifyResultExtended(palTLSHandle, &verifyResult); 01120 if ((PAL_ERR_X509_CERT_VERIFY_FAILED != status) || (0 == (PAL_ERR_X509_BADCERT_EXPIRED & verifyResult))) 01121 { 01122 pal_osSetTime(currentTime); 01123 pal_freeTLS(&palTLSHandle); 01124 pal_tlsConfigurationFree(&palTLSConf); 01125 TEST_ASSERT_TRUE(PAL_ERR_X509_BADCERT_EXPIRED & verifyResult); 01126 } 01127 /*#13*/ 01128 status = pal_osSetTime(currentTime); 01129 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01130 /*#14*/ 01131 status = pal_freeTLS(&palTLSHandle); 01132 if (PAL_SUCCESS != status) 01133 { 01134 pal_tlsConfigurationFree(&palTLSConf); 01135 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01136 } 01137 /*#15*/ 01138 status = pal_tlsConfigurationFree(&palTLSConf); 01139 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01140 01141 status = pal_close(&g_socket); 01142 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01143 01144 /*#16*/ 01145 sotpRes = sotp_get(SOTP_TYPE_SAVED_TIME, sizeof(currentSOTPTime), (uint32_t*)¤tSOTPTime, &actualSavedTimeSize); 01146 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); 01147 TEST_ASSERT_TRUE(futureTime <= currentSOTPTime); 01148 #endif 01149 } 01150 01151 /** 01152 * @brief Test TLS handshake (TCP blocking) with future time to make handshake update the device time according to the server time. 01153 * 01154 * 01155 * | # | Step | Expected | 01156 * |---|--------------------------------|-------------| 01157 * | 1 | Create a TCP (blocking) socket. | PAL_SUCCESS | 01158 * | 2 | Perform a DNS lookup on the server address. | PAL_SUCCESS | 01159 * | 3 | Set the server port. | PAL_SUCCESS | 01160 * | 4 | Parse the CA cert. | PAL_SUCCESS | 01161 * | 5 | Get the CA cert ID. | PAL_SUCCESS | 01162 * | 6 | Set the CA cert ID into the SOTP. | PAL_SUCCESS | 01163 * | 7 | Connect the TCP socket to the server. | PAL_SUCCESS | 01164 * | 8 | Initialize the TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS | 01165 * | 9 | Initialize the TLS context using `pal_initTLS`. | PAL_SUCCESS | 01166 * | 10 | Set the certificate and keys to the configuration using `pal_setOwnCertAndPrivateKey`.| PAL_SUCCESS | 01167 * | 11 | Set the certificate chain to the configuration using `pal_setCAChain`. | PAL_SUCCESS | 01168 * | 12 | Set the socket to the configuration using `pal_tlsSetSocket`. | PAL_SUCCESS | 01169 * | 13 | Set system time to be far in the future `pal_osSetTime`. | PAL_SUCCESS | 01170 * | 14 | Perform a TLS handshake with the server using `pal_handShake`. | PAL_SUCCESS | 01171 * | 15 | Verify the handshake result using `pal_sslGetVerifyResult`. | PAL_SUCCESS | 01172 * | 16 | Write data over open TLS connection using `pal_sslWrite`. | PAL_SUCCESS | 01173 * | 17 | Uninitialize the TLS context using `pal_freeTLS`. | PAL_SUCCESS | 01174 * | 18 | Uninitialize the TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS | 01175 * | 19 | Free X509 handle. | PAL_SUCCESS | 01176 * | 20 | Verify that the time updated during the handshake. | PAL_SUCCESS | 01177 */ 01178 TEST(pal_tls, tlsHandshakeTCP_ExpiredServerCert_Trusted) 01179 { 01180 #if ((PAL_USE_SECURE_TIME == 1) && (PAL_USE_INTERNAL_FLASH == 1)) 01181 palStatus_t status = PAL_SUCCESS; 01182 palTLSConfHandle_t palTLSConf = NULLPTR; 01183 palTLSHandle_t palTLSHandle = NULLPTR; 01184 palTLSTransportMode_t transportationMode = PAL_TLS_MODE; 01185 palSocketAddress_t socketAddr = { 0 }; 01186 palSocketLength_t addressLength = 0; 01187 char serverResponse[PAL_TLS_MESSAGE_SIZE] = {0}; 01188 uint32_t actualLen = 0; 01189 uint32_t written = 0; 01190 palX509_t pubKey = { (const void*)g_pubKey,sizeof(g_pubKey) }; 01191 palPrivateKey_t prvKey = { (const void*)g_prvKey,sizeof(g_prvKey) }; 01192 palTLSSocket_t tlsSocket = { g_socket, &socketAddr, 0, transportationMode }; 01193 palX509_t caCert = { (const void*)pal_test_cas,sizeof(pal_test_cas) }; 01194 uint64_t futureTime = 2145542642; //Wed, 27 Dec 2037 16:04:02 GMT 01195 uint64_t updatedTime = 0; 01196 uint16_t actualSavedTimeSize = 0; 01197 palX509Handle_t trustedServerCA = NULLPTR; 01198 sotp_result_e sotpRes = SOTP_SUCCESS; 01199 int32_t verifyResult = 0; 01200 01201 /*#1*/ 01202 status = pal_socket(PAL_AF_INET, PAL_SOCK_STREAM, false, 0, &g_socket); 01203 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01204 /*#2*/ 01205 status = pal_getAddressInfo(PAL_TLS_TEST_SERVER_ADDRESS, &socketAddr, &addressLength); 01206 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01207 /*#3*/ 01208 status = pal_setSockAddrPort(&socketAddr, TLS_RENEGOTIATE_SERVER_PORT); 01209 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01210 01211 tlsSocket.addressLength = addressLength; 01212 tlsSocket.socket = g_socket; 01213 /*#4*/ 01214 status = pal_x509Initiate(&trustedServerCA); 01215 TEST_ASSERT_NOT_EQUAL(trustedServerCA, NULLPTR); 01216 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01217 01218 status = pal_x509CertParse(trustedServerCA, (const unsigned char *)pal_test_cas, sizeof(pal_test_cas)); 01219 if (PAL_SUCCESS != status) 01220 { 01221 pal_x509Free(&trustedServerCA); 01222 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01223 } 01224 /*#5*/ 01225 status = pal_x509CertGetAttribute(trustedServerCA, PAL_X509_CERT_ID_ATTR, g_trustedServerID, sizeof(g_trustedServerID), &g_actualServerIDSize); 01226 if (PAL_SUCCESS != status) 01227 { 01228 pal_x509Free(&trustedServerCA); 01229 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01230 } 01231 /*#6*/ 01232 sotpRes = sotp_set(SOTP_TYPE_TRUSTED_TIME_SRV_ID, g_actualServerIDSize, (uint32_t*)g_trustedServerID); 01233 if (SOTP_SUCCESS != sotpRes) 01234 { 01235 pal_x509Free(&trustedServerCA); 01236 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); 01237 } 01238 01239 /*#7*/ 01240 status = pal_connect(g_socket, &socketAddr, addressLength); 01241 if (PAL_SUCCESS != status) 01242 { 01243 pal_x509Free(&trustedServerCA); 01244 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01245 } 01246 /*#8*/ 01247 status = pal_initTLSConfiguration(&palTLSConf, transportationMode); 01248 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01249 /*#9*/ 01250 status = pal_initTLS(palTLSConf, &palTLSHandle); 01251 if (PAL_SUCCESS != status) 01252 { 01253 pal_freeTLS(&palTLSHandle); 01254 pal_tlsConfigurationFree(&palTLSConf); 01255 pal_x509Free(&trustedServerCA); 01256 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01257 } 01258 01259 /*#10*/ 01260 status = pal_setOwnCertAndPrivateKey(palTLSConf, &pubKey, &prvKey); 01261 if (PAL_SUCCESS != status) 01262 { 01263 pal_freeTLS(&palTLSHandle); 01264 pal_tlsConfigurationFree(&palTLSConf); 01265 pal_x509Free(&trustedServerCA); 01266 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01267 } 01268 /*#11*/ 01269 status = pal_setCAChain(palTLSConf, &caCert, NULL); 01270 if (PAL_SUCCESS != status) 01271 { 01272 pal_freeTLS(&palTLSHandle); 01273 pal_tlsConfigurationFree(&palTLSConf); 01274 pal_x509Free(&trustedServerCA); 01275 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01276 } 01277 /*#12*/ 01278 status = pal_tlsSetSocket(palTLSConf, &tlsSocket); 01279 if (PAL_SUCCESS != status) 01280 { 01281 pal_freeTLS(&palTLSHandle); 01282 pal_tlsConfigurationFree(&palTLSConf); 01283 pal_x509Free(&trustedServerCA); 01284 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01285 } 01286 /*#13*/ 01287 status = pal_osSetStrongTime(futureTime); 01288 if (PAL_SUCCESS != status) 01289 { 01290 pal_freeTLS(&palTLSHandle); 01291 pal_tlsConfigurationFree(&palTLSConf); 01292 pal_x509Free(&trustedServerCA); 01293 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01294 } 01295 /*#14*/ 01296 status = pal_handShake(palTLSHandle, palTLSConf); 01297 if (PAL_SUCCESS != status) 01298 { 01299 pal_freeTLS(&palTLSHandle); 01300 pal_tlsConfigurationFree(&palTLSConf); 01301 pal_x509Free(&trustedServerCA); 01302 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01303 } 01304 /*#15*/ 01305 status = pal_sslGetVerifyResultExtended(palTLSHandle, &verifyResult); 01306 if (PAL_SUCCESS != status) 01307 { 01308 pal_freeTLS(&palTLSHandle); 01309 pal_tlsConfigurationFree(&palTLSConf); 01310 pal_x509Free(&trustedServerCA); 01311 TEST_ASSERT_TRUE(PAL_ERR_X509_BADCERT_EXPIRED & verifyResult); 01312 } 01313 /*#16*/ 01314 status = pal_sslWrite(palTLSHandle, TLS_GET_REQUEST, sizeof(TLS_GET_REQUEST), &written); 01315 if (PAL_SUCCESS != status) 01316 { 01317 pal_freeTLS(&palTLSHandle); 01318 pal_tlsConfigurationFree(&palTLSConf); 01319 pal_x509Free(&trustedServerCA); 01320 TEST_ASSERT_EQUAL_HEX(PAL_ERR_X509_BADCERT_EXPIRED, status); 01321 } 01322 01323 pal_osDelay(5000); 01324 /*#14*/ 01325 status = pal_sslRead(palTLSHandle, serverResponse, PAL_TLS_MESSAGE_SIZE, &actualLen); 01326 if (PAL_SUCCESS != status) 01327 { 01328 pal_freeTLS(&palTLSHandle); 01329 pal_tlsConfigurationFree(&palTLSConf); 01330 pal_x509Free(&trustedServerCA); 01331 TEST_ASSERT_EQUAL_HEX(PAL_ERR_X509_BADCERT_EXPIRED, status); 01332 } 01333 01334 /*#17*/ 01335 status = pal_freeTLS(&palTLSHandle); 01336 if (PAL_SUCCESS != status) 01337 { 01338 pal_x509Free(&trustedServerCA); 01339 pal_tlsConfigurationFree(&palTLSConf); 01340 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01341 } 01342 /*#18*/ 01343 status = pal_tlsConfigurationFree(&palTLSConf); 01344 if (PAL_SUCCESS != status) 01345 { 01346 pal_x509Free(&trustedServerCA); 01347 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01348 } 01349 /*#19*/ 01350 status = pal_x509Free(&trustedServerCA); 01351 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01352 /*#20*/ 01353 updatedTime = pal_osGetTime(); 01354 TEST_ASSERT_TRUE(updatedTime < futureTime); 01355 01356 status = pal_close(&g_socket); 01357 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01358 01359 sotpRes = sotp_get(SOTP_TYPE_SAVED_TIME, sizeof(updatedTime), (uint32_t*)&updatedTime, &actualSavedTimeSize); 01360 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); 01361 TEST_ASSERT_TRUE(updatedTime <= futureTime); 01362 01363 sotpRes = sotp_get(SOTP_TYPE_LAST_TIME_BACK, sizeof(updatedTime), (uint32_t*)&updatedTime, &actualSavedTimeSize); 01364 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); 01365 TEST_ASSERT_TRUE(updatedTime <= futureTime); 01366 #endif 01367 } 01368 01369 /** 01370 * @brief Test TLS handshake (TCP blocking) with near future time and validate that the handshake didn't update the device time (due to set time rules) 01371 * 01372 * 01373 * | # | Step | Expected | 01374 * |---|--------------------------------|-------------| 01375 * | 1 | Get saved time from SOTP, move backward half day and set time to RAM | PAL_SUCCESS | 01376 * | 2 | Create a TCP (blocking) socket. | PAL_SUCCESS | 01377 * | 3 | Perform a DNS lookup on the server address. | PAL_SUCCESS | 01378 * | 4 | Set the server port. | PAL_SUCCESS | 01379 * | 5 | Parse the CA cert. | PAL_SUCCESS | 01380 * | 6 | Get the CA cert ID. | PAL_SUCCESS | 01381 * | 7 | Set the CA cert ID into the SOTP. | PAL_SUCCESS | 01382 * | 8 | Connect the TCP socket to the server. | PAL_SUCCESS | 01383 * | 9 | Initialize the TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS | 01384 * | 10 | Initialize the TLS context using `pal_initTLS`. | PAL_SUCCESS | 01385 * | 11 | Set the certificate and keys to the configuration using `pal_setOwnCertAndPrivateKey`.| PAL_SUCCESS | 01386 * | 12 | Set the certificate chain to the configuration using `pal_setCAChain`. | PAL_SUCCESS | 01387 * | 13 | Set the socket to the configuration using `pal_tlsSetSocket`. | PAL_SUCCESS | 01388 * | 14 | Perform a TLS handshake with the server using `pal_handShake`. | PAL_SUCCESS | 01389 * | 15 | Verify the handshake result using `pal_sslGetVerifyResult`. | PAL_SUCCESS | 01390 * | 16 | Write data over open TLS connection using `pal_sslWrite`. | PAL_SUCCESS | 01391 * | 17 | Uninitialize the TLS context using `pal_freeTLS`. | PAL_SUCCESS | 01392 * | 18 | Uninitialize the TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS | 01393 * | 19 | Free X509 Handle. | PAL_SUCCESS | 01394 * | 20 | Verify that the time was NOT updated during the handshake. | PAL_SUCCESS | 01395 */ 01396 TEST(pal_tls, tlsHandshakeTCP_FutureTrustedServer_NoTimeUpdate) 01397 { 01398 #if ((PAL_USE_SECURE_TIME == 1) && (PAL_USE_INTERNAL_FLASH == 1)) 01399 palStatus_t status = PAL_SUCCESS; 01400 palTLSConfHandle_t palTLSConf = NULLPTR; 01401 palTLSHandle_t palTLSHandle = NULLPTR; 01402 palTLSTransportMode_t transportationMode = PAL_TLS_MODE; 01403 palSocketAddress_t socketAddr = { 0 }; 01404 palSocketLength_t addressLength = 0; 01405 char serverResponse[PAL_TLS_MESSAGE_SIZE] = {0}; 01406 uint32_t actualLen = 0; 01407 uint32_t written = 0; 01408 palX509_t pubKey = { (const void*)g_pubKey,sizeof(g_pubKey) }; 01409 palPrivateKey_t prvKey = { (const void*)g_prvKey,sizeof(g_prvKey) }; 01410 palTLSSocket_t tlsSocket = { g_socket, &socketAddr, 0, transportationMode }; 01411 palX509_t caCert = { (const void*)pal_test_cas,sizeof(pal_test_cas) }; 01412 sotp_result_e sotpRes = SOTP_SUCCESS; 01413 uint64_t currentTime = 0; 01414 uint64_t updatedTime = 0; 01415 uint16_t actualSavedTimeSize = 0; 01416 palX509Handle_t trustedServerCA = NULLPTR; 01417 int32_t verifyResult = 0; 01418 01419 /*#1*/ 01420 sotpRes = sotp_get(SOTP_TYPE_SAVED_TIME, sizeof(currentTime), (uint32_t*)¤tTime, &actualSavedTimeSize); 01421 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); 01422 TEST_ASSERT_TRUE(0 != currentTime); 01423 01424 status = pal_osSetTime(currentTime - (PAL_SECONDS_PER_DAY / 2));//going back half day to simulate future server by half day (in order to prevent time update) 01425 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01426 /*#2*/ 01427 status = pal_socket(PAL_AF_INET, PAL_SOCK_STREAM, false, 0, &g_socket); 01428 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01429 /*#3*/ 01430 status = pal_getAddressInfo(PAL_TLS_TEST_SERVER_ADDRESS, &socketAddr, &addressLength); 01431 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01432 /*#4*/ 01433 status = pal_setSockAddrPort(&socketAddr, TLS_RENEGOTIATE_SERVER_PORT); 01434 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01435 01436 tlsSocket.addressLength = addressLength; 01437 tlsSocket.socket = g_socket; 01438 01439 /*#5*/ 01440 status = pal_x509Initiate(&trustedServerCA); 01441 TEST_ASSERT_NOT_EQUAL(trustedServerCA, NULLPTR); 01442 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01443 01444 status = pal_x509CertParse(trustedServerCA, (const unsigned char *)pal_test_cas, sizeof(pal_test_cas)); 01445 if (PAL_SUCCESS != status) 01446 { 01447 pal_x509Free(&trustedServerCA); 01448 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01449 } 01450 /*#6*/ 01451 status = pal_x509CertGetAttribute(trustedServerCA, PAL_X509_CERT_ID_ATTR, g_trustedServerID, sizeof(g_trustedServerID), &g_actualServerIDSize); 01452 if (PAL_SUCCESS != status) 01453 { 01454 pal_x509Free(&trustedServerCA); 01455 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01456 } 01457 /*#7*/ 01458 sotpRes = sotp_set(SOTP_TYPE_TRUSTED_TIME_SRV_ID, g_actualServerIDSize, (uint32_t*)g_trustedServerID); 01459 if (SOTP_SUCCESS != sotpRes) 01460 { 01461 pal_x509Free(&trustedServerCA); 01462 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); 01463 } 01464 01465 /*#8*/ 01466 status = pal_connect(g_socket, &socketAddr, addressLength); 01467 if (PAL_SUCCESS != status) 01468 { 01469 pal_x509Free(&trustedServerCA); 01470 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01471 } 01472 /*#9*/ 01473 status = pal_initTLSConfiguration(&palTLSConf, transportationMode); 01474 if (PAL_SUCCESS != status) 01475 { 01476 pal_x509Free(&trustedServerCA); 01477 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01478 } 01479 /*#10*/ 01480 status = pal_initTLS(palTLSConf, &palTLSHandle); 01481 if (PAL_SUCCESS != status) 01482 { 01483 pal_freeTLS(&palTLSHandle); 01484 pal_tlsConfigurationFree(&palTLSConf); 01485 pal_x509Free(&trustedServerCA); 01486 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01487 } 01488 01489 /*#11*/ 01490 status = pal_setOwnCertAndPrivateKey(palTLSConf, &pubKey, &prvKey); 01491 if (PAL_SUCCESS != status) 01492 { 01493 pal_freeTLS(&palTLSHandle); 01494 pal_tlsConfigurationFree(&palTLSConf); 01495 pal_x509Free(&trustedServerCA); 01496 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01497 } 01498 /*#12*/ 01499 status = pal_setCAChain(palTLSConf, &caCert, NULL); 01500 if (PAL_SUCCESS != status) 01501 { 01502 pal_freeTLS(&palTLSHandle); 01503 pal_tlsConfigurationFree(&palTLSConf); 01504 pal_x509Free(&trustedServerCA); 01505 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01506 } 01507 /*#13*/ 01508 status = pal_tlsSetSocket(palTLSConf, &tlsSocket); 01509 if (PAL_SUCCESS != status) 01510 { 01511 pal_freeTLS(&palTLSHandle); 01512 pal_tlsConfigurationFree(&palTLSConf); 01513 pal_x509Free(&trustedServerCA); 01514 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01515 } 01516 /*#14*/ 01517 status = pal_handShake(palTLSHandle, palTLSConf); 01518 if (PAL_SUCCESS != status) 01519 { 01520 pal_freeTLS(&palTLSHandle); 01521 pal_tlsConfigurationFree(&palTLSConf); 01522 pal_x509Free(&trustedServerCA); 01523 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01524 } 01525 /*#15*/ 01526 status = pal_sslGetVerifyResultExtended(palTLSHandle, &verifyResult); 01527 if (PAL_SUCCESS != status) 01528 { 01529 pal_freeTLS(&palTLSHandle); 01530 pal_tlsConfigurationFree(&palTLSConf); 01531 pal_x509Free(&trustedServerCA); 01532 TEST_ASSERT_TRUE(PAL_ERR_X509_BADCERT_EXPIRED & verifyResult); 01533 } 01534 /*#16*/ 01535 status = pal_sslWrite(palTLSHandle, TLS_GET_REQUEST, sizeof(TLS_GET_REQUEST), &written); 01536 if (PAL_SUCCESS != status) 01537 { 01538 pal_freeTLS(&palTLSHandle); 01539 pal_tlsConfigurationFree(&palTLSConf); 01540 pal_x509Free(&trustedServerCA); 01541 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01542 } 01543 01544 pal_osDelay(5000); 01545 /*#14*/ 01546 status = pal_sslRead(palTLSHandle, serverResponse, PAL_TLS_MESSAGE_SIZE, &actualLen); 01547 if (PAL_SUCCESS != status) 01548 { 01549 pal_freeTLS(&palTLSHandle); 01550 pal_tlsConfigurationFree(&palTLSConf); 01551 pal_x509Free(&trustedServerCA); 01552 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01553 } 01554 01555 /*#17*/ 01556 status = pal_freeTLS(&palTLSHandle); 01557 if (PAL_SUCCESS != status) 01558 { 01559 pal_tlsConfigurationFree(&palTLSConf); 01560 pal_x509Free(&trustedServerCA); 01561 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01562 } 01563 /*#18*/ 01564 status = pal_tlsConfigurationFree(&palTLSConf); 01565 if (PAL_SUCCESS != status) 01566 { 01567 pal_x509Free(&trustedServerCA); 01568 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01569 } 01570 /*#19*/ 01571 status = pal_x509Free(&trustedServerCA); 01572 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01573 01574 status = pal_close(&g_socket); 01575 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01576 01577 /*#20*/ 01578 sotpRes = sotp_get(SOTP_TYPE_SAVED_TIME, sizeof(updatedTime), (uint32_t*)&updatedTime, &actualSavedTimeSize); 01579 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); 01580 TEST_ASSERT_EQUAL_HEX(currentTime, updatedTime); 01581 #endif 01582 01583 } 01584 01585 /** 01586 * @brief Test TLS handshake (TCP blocking) with near past time and validate that the handshake didn't update the device time (due to set time rules) 01587 * 01588 * 01589 * | # | Step | Expected | 01590 * |---|--------------------------------|-------------| 01591 * | 1 | Get saved time from SOTP, move forward half day and set time to RAM | PAL_SUCCESS | 01592 * | 2 | Create a TCP (blocking) socket. | PAL_SUCCESS | 01593 * | 3 | Perform a DNS lookup on the server address. | PAL_SUCCESS | 01594 * | 4 | Set the server port. | PAL_SUCCESS | 01595 * | 5 | Parse the CA cert. | PAL_SUCCESS | 01596 * | 6 | Get the CA cert ID. | PAL_SUCCESS | 01597 * | 7 | Set the CA cert ID into the SOTP. | PAL_SUCCESS | 01598 * | 8 | Connect the TCP socket to the server. | PAL_SUCCESS | 01599 * | 9 | Initialize the TLS configuration using `pal_initTLSConfiguration`. | PAL_SUCCESS | 01600 * | 10 | Initialize the TLS context using `pal_initTLS`. | PAL_SUCCESS | 01601 * | 11 | Set the certificate and keys to the configuration using `pal_setOwnCertAndPrivateKey`.| PAL_SUCCESS | 01602 * | 12 | Set the certificate chain to the configuration using `pal_setCAChain`. | PAL_SUCCESS | 01603 * | 13 | Set the socket to the configuration using `pal_tlsSetSocket`. | PAL_SUCCESS | 01604 * | 14 | Perform a TLS handshake with the server using `pal_handShake`. | PAL_SUCCESS | 01605 * | 15 | Verify the handshake result using `pal_sslGetVerifyResult`. | PAL_SUCCESS | 01606 * | 16 | Write data over open TLS connection using `pal_sslWrite`. | PAL_SUCCESS | 01607 * | 17 | Uninitialize the TLS context using `pal_freeTLS`. | PAL_SUCCESS | 01608 * | 18 | Uninitialize the TLS configuration using `pal_tlsConfigurationFree`. | PAL_SUCCESS | 01609 * | 19 | Free X509 handle. | PAL_SUCCESS | 01610 * | 20 | Verify that the time was NOT updated during the handshake. | PAL_SUCCESS | 01611 */ 01612 TEST(pal_tls, tlsHandshakeTCP_NearPastTrustedServer_NoTimeUpdate) 01613 { 01614 #if ((PAL_USE_SECURE_TIME == 1) && (PAL_USE_INTERNAL_FLASH == 1)) 01615 palStatus_t status = PAL_SUCCESS; 01616 palTLSConfHandle_t palTLSConf = NULLPTR; 01617 palTLSHandle_t palTLSHandle = NULLPTR; 01618 palTLSTransportMode_t transportationMode = PAL_TLS_MODE; 01619 palSocketAddress_t socketAddr = { 0 }; 01620 palSocketLength_t addressLength = 0; 01621 char serverResponse[PAL_TLS_MESSAGE_SIZE] = {0}; 01622 uint32_t actualLen = 0; 01623 uint32_t written = 0; 01624 palX509_t pubKey = { (const void*)g_pubKey,sizeof(g_pubKey) }; 01625 palPrivateKey_t prvKey = { (const void*)g_prvKey,sizeof(g_prvKey) }; 01626 palTLSSocket_t tlsSocket = { g_socket, &socketAddr, 0, transportationMode }; 01627 palX509_t caCert = { (const void*)pal_test_cas,sizeof(pal_test_cas) }; 01628 sotp_result_e sotpRes = SOTP_SUCCESS; 01629 uint64_t currentTime = 0; 01630 uint64_t updatedTime = 0; 01631 uint16_t actualSavedTimeSize = 0; 01632 palX509Handle_t trustedServerCA = NULLPTR; 01633 int32_t verifyResult = 0; 01634 01635 /*#1*/ 01636 sotpRes = sotp_get(SOTP_TYPE_SAVED_TIME, sizeof(currentTime), (uint32_t*)¤tTime, &actualSavedTimeSize); 01637 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); 01638 TEST_ASSERT_TRUE(0 != currentTime); 01639 01640 status = pal_osSetTime(currentTime + (PAL_SECONDS_PER_DAY / 2));//going back half day to simulate future server by half day (in order to prevent time update) 01641 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01642 /*#2*/ 01643 status = pal_socket(PAL_AF_INET, PAL_SOCK_STREAM, false, 0, &g_socket); 01644 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01645 /*#3*/ 01646 status = pal_getAddressInfo(PAL_TLS_TEST_SERVER_ADDRESS, &socketAddr, &addressLength); 01647 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01648 /*#4*/ 01649 status = pal_setSockAddrPort(&socketAddr, TLS_RENEGOTIATE_SERVER_PORT); 01650 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01651 01652 tlsSocket.addressLength = addressLength; 01653 tlsSocket.socket = g_socket; 01654 01655 /*#5*/ 01656 status = pal_x509Initiate(&trustedServerCA); 01657 TEST_ASSERT_NOT_EQUAL(trustedServerCA, NULLPTR); 01658 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01659 01660 status = pal_x509CertParse(trustedServerCA, (const unsigned char *)pal_test_cas, sizeof(pal_test_cas)); 01661 if (PAL_SUCCESS != status) 01662 { 01663 pal_x509Free(&trustedServerCA); 01664 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01665 } 01666 /*#6*/ 01667 status = pal_x509CertGetAttribute(trustedServerCA, PAL_X509_CERT_ID_ATTR, g_trustedServerID, sizeof(g_trustedServerID), &g_actualServerIDSize); 01668 if (PAL_SUCCESS != status) 01669 { 01670 pal_x509Free(&trustedServerCA); 01671 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01672 } 01673 /*#7*/ 01674 sotpRes = sotp_set(SOTP_TYPE_TRUSTED_TIME_SRV_ID, g_actualServerIDSize, (uint32_t*)g_trustedServerID); 01675 if (SOTP_SUCCESS != sotpRes) 01676 { 01677 pal_x509Free(&trustedServerCA); 01678 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); 01679 } 01680 01681 /*#8*/ 01682 status = pal_connect(g_socket, &socketAddr, addressLength); 01683 if (PAL_SUCCESS != status) 01684 { 01685 pal_x509Free(&trustedServerCA); 01686 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01687 } 01688 /*#9*/ 01689 status = pal_initTLSConfiguration(&palTLSConf, transportationMode); 01690 if (PAL_SUCCESS != status) 01691 { 01692 pal_x509Free(&trustedServerCA); 01693 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01694 } 01695 /*#10*/ 01696 status = pal_initTLS(palTLSConf, &palTLSHandle); 01697 if (PAL_SUCCESS != status) 01698 { 01699 pal_freeTLS(&palTLSHandle); 01700 pal_tlsConfigurationFree(&palTLSConf); 01701 pal_x509Free(&trustedServerCA); 01702 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01703 } 01704 01705 /*#11*/ 01706 status = pal_setOwnCertAndPrivateKey(palTLSConf, &pubKey, &prvKey); 01707 if (PAL_SUCCESS != status) 01708 { 01709 pal_freeTLS(&palTLSHandle); 01710 pal_tlsConfigurationFree(&palTLSConf); 01711 pal_x509Free(&trustedServerCA); 01712 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01713 } 01714 /*#12*/ 01715 status = pal_setCAChain(palTLSConf, &caCert, NULL); 01716 if (PAL_SUCCESS != status) 01717 { 01718 pal_freeTLS(&palTLSHandle); 01719 pal_tlsConfigurationFree(&palTLSConf); 01720 pal_x509Free(&trustedServerCA); 01721 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01722 } 01723 /*#13*/ 01724 status = pal_tlsSetSocket(palTLSConf, &tlsSocket); 01725 if (PAL_SUCCESS != status) 01726 { 01727 pal_freeTLS(&palTLSHandle); 01728 pal_tlsConfigurationFree(&palTLSConf); 01729 pal_x509Free(&trustedServerCA); 01730 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01731 } 01732 /*#14*/ 01733 status = pal_handShake(palTLSHandle, palTLSConf); 01734 if (PAL_SUCCESS != status) 01735 { 01736 pal_freeTLS(&palTLSHandle); 01737 pal_tlsConfigurationFree(&palTLSConf); 01738 pal_x509Free(&trustedServerCA); 01739 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01740 } 01741 /*#15*/ 01742 status = pal_sslGetVerifyResultExtended(palTLSHandle, &verifyResult); 01743 if (PAL_SUCCESS != status) 01744 { 01745 pal_freeTLS(&palTLSHandle); 01746 pal_tlsConfigurationFree(&palTLSConf); 01747 pal_x509Free(&trustedServerCA); 01748 TEST_ASSERT_TRUE(PAL_ERR_X509_BADCERT_EXPIRED & verifyResult); 01749 } 01750 /*#16*/ 01751 status = pal_sslWrite(palTLSHandle, TLS_GET_REQUEST, sizeof(TLS_GET_REQUEST), &written); 01752 if (PAL_SUCCESS != status) 01753 { 01754 pal_freeTLS(&palTLSHandle); 01755 pal_tlsConfigurationFree(&palTLSConf); 01756 pal_x509Free(&trustedServerCA); 01757 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01758 } 01759 01760 pal_osDelay(5000); 01761 /*#14*/ 01762 status = pal_sslRead(palTLSHandle, serverResponse, PAL_TLS_MESSAGE_SIZE, &actualLen); 01763 if (PAL_SUCCESS != status) 01764 { 01765 pal_freeTLS(&palTLSHandle); 01766 pal_tlsConfigurationFree(&palTLSConf); 01767 pal_x509Free(&trustedServerCA); 01768 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01769 } 01770 01771 /*#17*/ 01772 status = pal_freeTLS(&palTLSHandle); 01773 if (PAL_SUCCESS != status) 01774 { 01775 pal_tlsConfigurationFree(&palTLSConf); 01776 pal_x509Free(&trustedServerCA); 01777 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01778 } 01779 /*#18*/ 01780 status = pal_tlsConfigurationFree(&palTLSConf); 01781 if (PAL_SUCCESS != status) 01782 { 01783 pal_x509Free(&trustedServerCA); 01784 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01785 } 01786 /*#19*/ 01787 status = pal_x509Free(&trustedServerCA); 01788 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01789 01790 status = pal_close(&g_socket); 01791 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01792 /*#20*/ 01793 sotpRes = sotp_get(SOTP_TYPE_SAVED_TIME, sizeof(updatedTime), (uint32_t*)&updatedTime, &actualSavedTimeSize); 01794 TEST_ASSERT_EQUAL_HEX(SOTP_SUCCESS, sotpRes); 01795 TEST_ASSERT_EQUAL_HEX(currentTime, updatedTime); 01796 #endif 01797 } 01798 01799 #endif //PAL_USE_INTERNAL_FLASH 01800 01801 static palStatus_t ThreadHandshakeTCPResource() 01802 { 01803 01804 palStatus_t status = PAL_SUCCESS; 01805 palStatus_t mutexStatus = PAL_SUCCESS; 01806 palStatus_t tmpStatus = PAL_SUCCESS; 01807 palTLSConfHandle_t palTLSConf = NULLPTR; 01808 palTLSHandle_t palTLSHandle = NULLPTR; 01809 palTLSTransportMode_t transportationMode = PAL_TLS_MODE; 01810 01811 mutexStatus = pal_osMutexWait(g_mutexHandShake1, PAL_RTOS_WAIT_FOREVER); 01812 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, mutexStatus); 01813 01814 /*#1*/ 01815 status = pal_initTLSConfiguration(&palTLSConf, transportationMode); 01816 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01817 01818 /*#2*/ 01819 status = pal_initTLS(palTLSConf, &palTLSHandle); 01820 01821 mutexStatus = pal_osMutexRelease(g_mutexHandShake1); 01822 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, mutexStatus); 01823 01824 pal_osDelay(800); 01825 if(PAL_SUCCESS == status) 01826 { 01827 tmpStatus = pal_freeTLS(&palTLSHandle); 01828 if (PAL_SUCCESS != tmpStatus) 01829 { 01830 PAL_LOG(ERR,"Expected: %d , Actual: %d , Line: %d\n", (int)PAL_SUCCESS, (int)tmpStatus, __LINE__); 01831 } 01832 } 01833 01834 /*#16*/ 01835 tmpStatus = pal_tlsConfigurationFree(&palTLSConf); 01836 if (PAL_SUCCESS != tmpStatus) 01837 { 01838 PAL_LOG(ERR,"Expected: %d , Actual: %d , Line: %d\n", (int)PAL_SUCCESS, (int)tmpStatus, __LINE__); 01839 } 01840 01841 return status; 01842 } 01843 01844 static palStatus_t ThreadHandshakeTCP(bool socketNonBlocking) 01845 { 01846 palStatus_t status = PAL_SUCCESS; 01847 palStatus_t tmpStatus = PAL_SUCCESS; 01848 palTLSConfHandle_t palTLSConf = NULLPTR; 01849 palTLSHandle_t palTLSHandle = NULLPTR; 01850 palTLSTransportMode_t transportationMode = PAL_TLS_MODE; 01851 palSocketAddress_t socketAddr = {0}; 01852 palSocketLength_t addressLength = 0; 01853 char serverResponse[PAL_TLS_MESSAGE_SIZE] = {0}; 01854 uint32_t actualLen = 0; 01855 uint32_t written = 0; 01856 palSocket_t socketTCP = 0; 01857 palX509_t pubKey = {(const void*)g_pubKey,sizeof(g_pubKey)}; 01858 palPrivateKey_t prvKey = {(const void*)g_prvKey,sizeof(g_prvKey)}; 01859 palTLSSocket_t tlsSocket = { socketTCP, &socketAddr, 0, transportationMode }; 01860 palX509_t caCert = { (const void*)pal_test_cas,sizeof(pal_test_cas) }; 01861 palTLSTest_t *testTLSCtx = NULL; 01862 palStatus_t mutexStatus = PAL_SUCCESS; 01863 bool mutexWait = false; 01864 int32_t verifyResult = 0; 01865 01866 01867 mutexStatus = pal_osMutexWait(g_mutexHandShake1, PAL_RTOS_WAIT_FOREVER); 01868 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, mutexStatus); 01869 mutexWait = true; 01870 /*#1*/ 01871 status = pal_socket(PAL_AF_INET, PAL_SOCK_STREAM, socketNonBlocking, 0, &socketTCP); 01872 PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status); 01873 /*#2*/ 01874 status = pal_getAddressInfo(PAL_TLS_TEST_SERVER_ADDRESS, &socketAddr, &addressLength); 01875 PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status); 01876 01877 tlsSocket.addressLength = addressLength; 01878 tlsSocket.socket = socketTCP; 01879 /*#3*/ 01880 if (true == socketNonBlocking) 01881 { 01882 status = pal_setSockAddrPort(&socketAddr, TLS_SERVER_PORT_NB); 01883 PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status); 01884 } 01885 else //blocking 01886 { 01887 status = pal_setSockAddrPort(&socketAddr, TLS_SERVER_PORT); 01888 PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status); 01889 } 01890 01891 /*#4*/ 01892 status = pal_connect(socketTCP, &socketAddr, addressLength); 01893 if (PAL_ERR_SOCKET_IN_PROGRES == status) 01894 { 01895 pal_osDelay(400); 01896 } 01897 else 01898 { 01899 PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status); 01900 } 01901 /*#5*/ 01902 status = pal_initTLSConfiguration(&palTLSConf, transportationMode); 01903 PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status); 01904 TEST_ASSERT_NOT_EQUAL(palTLSConf, NULLPTR); 01905 /*#6*/ 01906 status = pal_initTLS(palTLSConf, &palTLSHandle); 01907 PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status); 01908 01909 // This code commented out to prevent massive prints from mbedTLS, if you want to see logs from client side, just uncomment them. 01910 //status = pal_sslDebugging(true); 01911 //TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 01912 /*#7*/ 01913 status = pal_setOwnCertAndPrivateKey(palTLSConf, &pubKey, &prvKey); 01914 PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status); 01915 /*#8*/ 01916 status = pal_setCAChain(palTLSConf, &caCert, NULL); 01917 PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status); 01918 /*#9*/ 01919 status = pal_tlsSetSocket(palTLSConf, &tlsSocket); 01920 PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status); 01921 /*#10*/ 01922 testTLSCtx = (palTLSTest_t*)palTLSHandle; //This casting is done to sign that we are in retry situation. 01923 if (true == socketNonBlocking) 01924 { 01925 PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status); // More than current epoch time -> success 01926 do 01927 { 01928 if (testTLSCtx->retryHandShake && !g_retryHandshake) 01929 { 01930 g_retryHandshake = true; 01931 if (mutexWait) 01932 { 01933 mutexStatus = pal_osMutexRelease(g_mutexHandShake1); 01934 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, mutexStatus); 01935 mutexWait = false; 01936 pal_osDelay(100); 01937 } 01938 } 01939 status = pal_handShake(palTLSHandle, palTLSConf); 01940 } 01941 while ( (PAL_ERR_TLS_WANT_READ == status) || (PAL_ERR_TLS_WANT_WRITE == status)); 01942 } 01943 else //blocking 01944 { 01945 status = pal_handShake(palTLSHandle, palTLSConf); 01946 } 01947 PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status); 01948 01949 /*#11*/ 01950 status = pal_sslGetVerifyResultExtended(palTLSHandle, &verifyResult); 01951 PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status); 01952 /*#12*/ 01953 status = pal_sslWrite(palTLSHandle, TLS_GET_REQUEST, sizeof(TLS_GET_REQUEST), &written); 01954 PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status); 01955 /*#13*/ 01956 pal_osDelay(5000); 01957 01958 /*#14*/ 01959 status = pal_sslRead(palTLSHandle, serverResponse, PAL_TLS_MESSAGE_SIZE, &actualLen); 01960 PAL_TLS_INT32_CHECK_NOT_EQUAL_GOTO_FINISH(PAL_SUCCESS, status); 01961 01962 finish: 01963 if (mutexWait) 01964 { 01965 mutexStatus = pal_osMutexRelease(g_mutexHandShake1); 01966 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, mutexStatus); 01967 } 01968 /*#15*/ 01969 tmpStatus = pal_freeTLS(&palTLSHandle); 01970 if (PAL_SUCCESS != tmpStatus) 01971 { 01972 PAL_LOG(ERR,"Expected: %d , Actual: %d , Line: %d\n", (int)PAL_SUCCESS, (int)tmpStatus, __LINE__); 01973 } 01974 /*#16*/ 01975 tmpStatus = pal_tlsConfigurationFree(&palTLSConf); 01976 if (PAL_SUCCESS != tmpStatus) 01977 { 01978 PAL_LOG(ERR,"Expected: %d , Actual: %d , Line: %d\n", (int)PAL_SUCCESS, (int)tmpStatus, __LINE__); 01979 } 01980 /*#17*/ 01981 tmpStatus = pal_close(&socketTCP); 01982 if (PAL_SUCCESS != tmpStatus) 01983 { 01984 PAL_LOG(ERR,"Expected: %d , Actual: %d , Line: %d\n", (int)PAL_SUCCESS, (int)tmpStatus, __LINE__); 01985 } 01986 if (PAL_SUCCESS == status) 01987 { 01988 status = tmpStatus; 01989 } 01990 return status; 01991 01992 } 01993 01994 void pal_TCPHandshakeFunc1(void const *argument) 01995 { 01996 palStatus_t mutexStatus = PAL_SUCCESS; 01997 palStatus_t* arg = (palStatus_t*)argument; 01998 mutexStatus = pal_osMutexWait(g_mutex1, PAL_RTOS_WAIT_FOREVER); 01999 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, mutexStatus); 02000 02001 *arg = ThreadHandshakeTCPResource(); 02002 02003 mutexStatus = pal_osMutexRelease(g_mutex1); 02004 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, mutexStatus); 02005 } 02006 02007 void pal_TCPHandshakeFunc2(void const *argument) 02008 { 02009 palStatus_t mutexStatus = PAL_SUCCESS; 02010 palStatus_t* arg = (palStatus_t*)argument; 02011 mutexStatus = pal_osMutexWait(g_mutex2, PAL_RTOS_WAIT_FOREVER); 02012 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, mutexStatus); 02013 02014 *arg = ThreadHandshakeTCPResource(); 02015 02016 mutexStatus = pal_osMutexRelease(g_mutex2); 02017 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, mutexStatus); 02018 } 02019 02020 02021 void pal_TCPHandshakeFunc3(void const *argument) 02022 { 02023 palStatus_t mutexStatus = PAL_SUCCESS; 02024 palStatus_t* arg = (palStatus_t*)argument; 02025 mutexStatus = pal_osMutexWait(g_mutex1, PAL_RTOS_WAIT_FOREVER); 02026 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, mutexStatus); 02027 *arg = ThreadHandshakeTCP(true); 02028 02029 mutexStatus = pal_osMutexRelease(g_mutex1); 02030 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, mutexStatus); 02031 } 02032 02033 void pal_CertVerify(void const *argument) 02034 { 02035 #if (PAL_ENABLE_X509 == 1) 02036 palStatus_t status = PAL_SUCCESS; 02037 palStatus_t mutexStatus = PAL_SUCCESS; 02038 palStatus_t* arg = (palStatus_t*)argument; 02039 palX509Handle_t certHandle = NULLPTR; 02040 int32_t verifyResult = 0; 02041 02042 mutexStatus = pal_osMutexWait(g_mutexHandShake1, PAL_RTOS_WAIT_FOREVER); 02043 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, mutexStatus); 02044 02045 status = pal_osMutexWait(g_mutex2, PAL_RTOS_WAIT_FOREVER); 02046 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 02047 02048 status = pal_x509Initiate(&certHandle); 02049 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 02050 02051 status = pal_x509CertParse(certHandle, (const void*)pal_test_cas, sizeof(pal_test_cas)); 02052 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 02053 02054 PAL_LOG(INFO,"Calling Cert Verify.."); 02055 *arg = pal_x509CertVerifyExtended(certHandle, certHandle, &verifyResult); 02056 TEST_ASSERT_TRUE(PAL_ERR_X509_BADCERT_FUTURE & verifyResult); 02057 02058 pal_x509Free(&certHandle); 02059 02060 mutexStatus = pal_osMutexRelease(g_mutexHandShake1); 02061 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, mutexStatus); 02062 02063 mutexStatus = pal_osMutexRelease(g_mutex2); 02064 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, mutexStatus); 02065 #endif 02066 } 02067 02068 static void runTLSThreadTest(palThreadFuncPtr func1, palThreadFuncPtr func2, palStatus_t test1Result, palStatus_t test2Result) 02069 { 02070 palStatus_t status = PAL_SUCCESS; 02071 palThreadID_t threadID1 = NULLPTR; 02072 palThreadID_t threadID2 = NULLPTR; 02073 palStatus_t tlsArgs1 = PAL_SUCCESS; 02074 palStatus_t tlsArgs2 = PAL_SUCCESS; 02075 02076 status = pal_osMutexCreate(&g_mutexHandShake1); 02077 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 02078 02079 status = pal_osMutexCreate(&g_mutex1); 02080 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 02081 02082 status = pal_osMutexCreate(&g_mutex2); 02083 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 02084 02085 status = pal_osThreadCreateWithAlloc(func1, &tlsArgs1, PAL_osPriorityHigh , 5*PAL_TEST_THREAD_STACK_SIZE, NULL, &threadID1); 02086 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 02087 02088 status = pal_osThreadCreateWithAlloc(func2, &tlsArgs2, PAL_osPriorityAboveNormal, 5*PAL_TEST_THREAD_STACK_SIZE, NULL, &threadID2); 02089 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 02090 02091 status = pal_osMutexWait(g_mutex1, PAL_RTOS_WAIT_FOREVER); 02092 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 02093 02094 status = pal_osMutexWait(g_mutex2, PAL_RTOS_WAIT_FOREVER); 02095 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 02096 02097 status = pal_osThreadTerminate(&threadID1); 02098 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 02099 02100 status = pal_osThreadTerminate(&threadID2); 02101 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 02102 02103 status = pal_osMutexRelease(g_mutex1); 02104 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 02105 02106 status = pal_osMutexRelease(g_mutex2); 02107 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 02108 02109 status = pal_osMutexDelete(&g_mutex1); 02110 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 02111 02112 status = pal_osMutexDelete(&g_mutex2); 02113 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 02114 02115 status = pal_osMutexDelete(&g_mutexHandShake1); 02116 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 02117 02118 TEST_ASSERT_EQUAL_HEX(test1Result, tlsArgs1); 02119 TEST_ASSERT_EQUAL_HEX(test2Result, tlsArgs2); 02120 } 02121 02122 02123 /** 02124 * @brief Test try to process multiple handshake in the same time over different threads (second handhsake MUST fail) 02125 * 02126 * 02127 * | # | Step | Expected | 02128 * |---|--------------------------------|-------------| 02129 * | 1 | Create Thread1 to process DTLS handshake | PAL_SUCCESS | 02130 * | 1 | Create Thread2 to process TLS handshake | PAL_ERR_TLS_RESOURCE | 02131 */ 02132 TEST(pal_tls, parallelTCPHandshakes_threads) 02133 { 02134 runTLSThreadTest(pal_TCPHandshakeFunc1, pal_TCPHandshakeFunc2, PAL_SUCCESS, PAL_ERR_TLS_RESOURCE); 02135 } 02136 02137 /** 02138 * @brief Test try to process certificate verification with future certificate validation time while processing handshake 02139 * in another thread to update the device time, we need to check that certificate verification is done against the 02140 * broken device time (0) and after handshake is done, we need to re-verify against the fixed time according to the 02141 * server time sent by the server during handshake. 02142 * 02143 * 02144 * | # | Step | Expected | 02145 * |---|--------------------------------|-------------| 02146 * | 1 | Create Thread1 to process DTLS handshake | PAL_SUCCESS | 02147 * | 1 | Create Thread2 to process TLS handshake | PAL_ERR_X509_CERT_VERIFY_FAILED | 02148 */ 02149 TEST(pal_tls, TCPHandshakeWhileCertVerify_threads) 02150 { 02151 #if (PAL_USE_SECURE_TIME == 1) 02152 palStatus_t status = PAL_SUCCESS; 02153 palX509Handle_t certHandle = NULLPTR; 02154 uint64_t systemTime = 0; 02155 02156 status = pal_osSetTime(0); 02157 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 02158 02159 runTLSThreadTest(pal_TCPHandshakeFunc3, pal_CertVerify, PAL_SUCCESS, PAL_ERR_X509_CERT_VERIFY_FAILED); 02160 02161 systemTime = pal_osGetTime(); 02162 TEST_ASSERT_TRUE(0 < systemTime); 02163 02164 status = pal_x509Initiate(&certHandle); 02165 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 02166 02167 status = pal_x509CertParse(certHandle, (const void*)pal_test_cas, sizeof(pal_test_cas)); 02168 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 02169 02170 status = pal_x509CertVerify(certHandle, certHandle); 02171 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 02172 02173 status = pal_x509Free(&certHandle); 02174 TEST_ASSERT_EQUAL_HEX(PAL_SUCCESS, status); 02175 #endif 02176 } 02177 02178 02179 02180 02181 02182 02183 02184
Generated on Tue Jul 12 2022 19:01:36 by
1.7.2