Enhance record encryption unit tests by checking hidden content type

TLS 1.3 and DTLS 1.2 + CID hide the real content type of a record within the record's inner plaintext, while always using the same content type for the protected record: - TLS 1.3 always uses ApplicationData - DTLS 1.2 + CID always uses a special CID content type. This commit enhances the record encryption unit test to check that the record content type is indeed correctly hidden. Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2024-11-22 22:45:48 +01:00 · 2020-05-07 14:54:22 +01:00 · 2020-05-07 14:54:22 +01:00 · b2713abb8f
commit b2713abb8f
parent 3169dad48b
1 changed files with 40 additions and 0 deletions
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@ -3178,6 +3178,26 @@ void ssl_crypt_record( int cipher_type, int hash_id,
            continue;
        }

+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+        if( rec.cid_len != 0 )
+        {
+            /* DTLS 1.2 + CID hides the real content type and
+             * uses a special CID content type in the protected
+             * record. Double-check this. */
+            TEST_ASSERT( rec.type == MBEDTLS_SSL_MSG_CID );
+        }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+        if( t_enc->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
+        {
+            /* TLS 1.3 hides the real content type and
+             * always uses Application Data as the content type
+             * for protected records. Double-check this. */
+            TEST_ASSERT( rec.type == MBEDTLS_SSL_MSG_APPLICATION_DATA );
+        }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
        /* Decrypt record with t_dec */
        ret = mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec );
        TEST_ASSERT( ret == 0 );
@ -3321,6 +3341,26 @@ void ssl_crypt_record_small( int cipher_type, int hash_id,
            if( ret != 0 )
                continue;

+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+            if( rec.cid_len != 0 )
+            {
+                /* DTLS 1.2 + CID hides the real content type and
+                 * uses a special CID content type in the protected
+                 * record. Double-check this. */
+                TEST_ASSERT( rec.type == MBEDTLS_SSL_MSG_CID );
+            }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+            if( t_enc->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
+            {
+                /* TLS 1.3 hides the real content type and
+                 * always uses Application Data as the content type
+                 * for protected records. Double-check this. */
+                TEST_ASSERT( rec.type == MBEDTLS_SSL_MSG_APPLICATION_DATA );
+            }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
            /* Decrypt record with t_dec */
            TEST_ASSERT( mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec ) == 0 );