Enhance record encryption unit tests by checking hidden content type

TLS 1.3 and DTLS 1.2 + CID hide the real content type of a record
within the record's inner plaintext, while always using the same
content type for the protected record:
- TLS 1.3 always uses ApplicationData
- DTLS 1.2 + CID always uses a special CID content type.

This commit enhances the record encryption unit test to check
that the record content type is indeed correctly hidden.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
This commit is contained in:
Hanno Becker 2020-05-07 14:54:22 +01:00
parent 3169dad48b
commit b2713abb8f

View File

@ -3178,6 +3178,26 @@ void ssl_crypt_record( int cipher_type, int hash_id,
continue; continue;
} }
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
if( rec.cid_len != 0 )
{
/* DTLS 1.2 + CID hides the real content type and
* uses a special CID content type in the protected
* record. Double-check this. */
TEST_ASSERT( rec.type == MBEDTLS_SSL_MSG_CID );
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
if( t_enc->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
{
/* TLS 1.3 hides the real content type and
* always uses Application Data as the content type
* for protected records. Double-check this. */
TEST_ASSERT( rec.type == MBEDTLS_SSL_MSG_APPLICATION_DATA );
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
/* Decrypt record with t_dec */ /* Decrypt record with t_dec */
ret = mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec ); ret = mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec );
TEST_ASSERT( ret == 0 ); TEST_ASSERT( ret == 0 );
@ -3321,6 +3341,26 @@ void ssl_crypt_record_small( int cipher_type, int hash_id,
if( ret != 0 ) if( ret != 0 )
continue; continue;
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
if( rec.cid_len != 0 )
{
/* DTLS 1.2 + CID hides the real content type and
* uses a special CID content type in the protected
* record. Double-check this. */
TEST_ASSERT( rec.type == MBEDTLS_SSL_MSG_CID );
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
if( t_enc->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
{
/* TLS 1.3 hides the real content type and
* always uses Application Data as the content type
* for protected records. Double-check this. */
TEST_ASSERT( rec.type == MBEDTLS_SSL_MSG_APPLICATION_DATA );
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
/* Decrypt record with t_dec */ /* Decrypt record with t_dec */
TEST_ASSERT( mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec ) == 0 ); TEST_ASSERT( mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec ) == 0 );