From f9deaece430c0d3493a0712f56e6296ca749c9bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 24 May 2019 09:41:39 +0200 Subject: [PATCH] Add test that save-load is the identity This test works regardless of the serialisation format and embedded pointers in it, contrary to the load-save test, though it requires more maintenance of the test code (sync the member list with the struct definition). --- tests/suites/test_suite_ssl.data | 23 ++++++++ tests/suites/test_suite_ssl.function | 86 ++++++++++++++++++++++++++++ 2 files changed, 109 insertions(+) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index d41fcd01d..4041de229 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -8753,6 +8753,29 @@ SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SHA256 SHA-256 not enabled depends_on:!MBEDTLS_SHA256_C ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA256:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"7f9998393198a02c8d731ccc2ef90b2c":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE +Session serialisation, save-load: no ticket, no cert +ssl_serialise_session_save_load:0:"" + +Session serialisation, save-load: small ticket, no cert +depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C +ssl_serialise_session_save_load:42:"" + +Session serialisation, save-load: large ticket, no cert +depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C +ssl_serialise_session_save_load:1023:"" + +Session serialisation, save-load: no ticket, cert +depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C +ssl_serialise_session_save_load:0:"data_files/server5.crt" + +Session serialisation, save-load: small ticket, cert +depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C +ssl_serialise_session_save_load:42:"data_files/server5.crt" + +Session serialisation, save-load: large ticket, cert +depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C +ssl_serialise_session_save_load:1023:"data_files/server5.crt" + Session serialisation, load-save: no ticket, no cert ssl_serialise_session_load_save:0:"" diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 61c17e121..1c5f67c16 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -668,6 +668,92 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void ssl_serialise_session_save_load( int ticket_len, char *crt_file ) +{ + mbedtls_ssl_session original, restored; + unsigned char *buf = NULL; + size_t len; + + /* + * Test that a save-load pair is the identity + */ + + mbedtls_ssl_session_init( &original ); + mbedtls_ssl_session_init( &restored ); + + /* Prepare a dummy session to work on */ + TEST_ASSERT( ssl_populate_session( &original, ticket_len, crt_file ) == 0 ); + + /* Serialise it */ + TEST_ASSERT( mbedtls_ssl_session_save( &original, NULL, 0, &len ) + == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + TEST_ASSERT( ( buf = mbedtls_calloc( 1, len ) ) != NULL ); + TEST_ASSERT( mbedtls_ssl_session_save( &original, buf, len, &len ) + == 0 ); + + /* Restore session from serialised data */ + TEST_ASSERT( mbedtls_ssl_session_load( &restored, buf, len) == 0 ); + + /* + * Make sure both session structures are identical + */ +#if defined(MBEDTLS_HAVE_TIME) + TEST_ASSERT( original.start == restored.start ); +#endif + TEST_ASSERT( original.ciphersuite == restored.ciphersuite ); + TEST_ASSERT( original.compression == restored.compression ); + TEST_ASSERT( original.id_len == restored.id_len ); + TEST_ASSERT( memcmp( original.id, + restored.id, sizeof( original.id ) ) == 0 ); + TEST_ASSERT( memcmp( original.master, + restored.master, sizeof( original.master ) ) == 0 ); + +#if defined(MBEDTLS_X509_CRT_PARSE_C) + TEST_ASSERT( ( original.peer_cert == NULL ) == + ( restored.peer_cert == NULL ) ); + if( original.peer_cert != NULL ) + { + TEST_ASSERT( original.peer_cert->raw.len == + restored.peer_cert->raw.len ); + TEST_ASSERT( memcmp( original.peer_cert->raw.p, + restored.peer_cert->raw.p, + original.peer_cert->raw.len ) == 0 ); + } +#endif + TEST_ASSERT( original.verify_result == restored.verify_result ); + +#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) + TEST_ASSERT( original.ticket_len == restored.ticket_len ); + if( original.ticket_len != 0 ) + { + TEST_ASSERT( original.ticket != NULL ); + TEST_ASSERT( restored.ticket != NULL ); + TEST_ASSERT( memcmp( original.ticket, + restored.ticket, original.ticket_len ) == 0 ); + } + TEST_ASSERT( original.ticket_lifetime == restored.ticket_lifetime ); +#endif + +#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) + TEST_ASSERT( original.mfl_code == restored.mfl_code ); +#endif + +#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) + TEST_ASSERT( original.trunc_hmac == restored.trunc_hmac ); +#endif + +#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) + TEST_ASSERT( original.encrypt_then_mac == restored.encrypt_then_mac ); +#endif + +exit: + mbedtls_ssl_session_free( &original ); + mbedtls_ssl_session_free( &restored ); + mbedtls_free( buf ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_SEE_FUTURE_PR */ void ssl_serialise_session_load_save( int ticket_len, char *crt_file ) {