Add test that save-load is the identity

This test works regardless of the serialisation format and embedded pointers
in it, contrary to the load-save test, though it requires more maintenance of
the test code (sync the member list with the struct definition).
This commit is contained in:
Manuel Pégourié-Gonnard 2019-05-24 09:41:39 +02:00 committed by Jarno Lamsa
parent 6b840704c4
commit f9deaece43
2 changed files with 109 additions and 0 deletions

View File

@ -8753,6 +8753,29 @@ SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SHA256 SHA-256 not enabled
depends_on:!MBEDTLS_SHA256_C depends_on:!MBEDTLS_SHA256_C
ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA256:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"7f9998393198a02c8d731ccc2ef90b2c":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA256:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"7f9998393198a02c8d731ccc2ef90b2c":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
Session serialisation, save-load: no ticket, no cert
ssl_serialise_session_save_load:0:""
Session serialisation, save-load: small ticket, no cert
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C
ssl_serialise_session_save_load:42:""
Session serialisation, save-load: large ticket, no cert
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C
ssl_serialise_session_save_load:1023:""
Session serialisation, save-load: no ticket, cert
depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
ssl_serialise_session_save_load:0:"data_files/server5.crt"
Session serialisation, save-load: small ticket, cert
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
ssl_serialise_session_save_load:42:"data_files/server5.crt"
Session serialisation, save-load: large ticket, cert
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
ssl_serialise_session_save_load:1023:"data_files/server5.crt"
Session serialisation, load-save: no ticket, no cert Session serialisation, load-save: no ticket, no cert
ssl_serialise_session_load_save:0:"" ssl_serialise_session_load_save:0:""

View File

@ -668,6 +668,92 @@ exit:
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE */
void ssl_serialise_session_save_load( int ticket_len, char *crt_file )
{
mbedtls_ssl_session original, restored;
unsigned char *buf = NULL;
size_t len;
/*
* Test that a save-load pair is the identity
*/
mbedtls_ssl_session_init( &original );
mbedtls_ssl_session_init( &restored );
/* Prepare a dummy session to work on */
TEST_ASSERT( ssl_populate_session( &original, ticket_len, crt_file ) == 0 );
/* Serialise it */
TEST_ASSERT( mbedtls_ssl_session_save( &original, NULL, 0, &len )
== MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
TEST_ASSERT( ( buf = mbedtls_calloc( 1, len ) ) != NULL );
TEST_ASSERT( mbedtls_ssl_session_save( &original, buf, len, &len )
== 0 );
/* Restore session from serialised data */
TEST_ASSERT( mbedtls_ssl_session_load( &restored, buf, len) == 0 );
/*
* Make sure both session structures are identical
*/
#if defined(MBEDTLS_HAVE_TIME)
TEST_ASSERT( original.start == restored.start );
#endif
TEST_ASSERT( original.ciphersuite == restored.ciphersuite );
TEST_ASSERT( original.compression == restored.compression );
TEST_ASSERT( original.id_len == restored.id_len );
TEST_ASSERT( memcmp( original.id,
restored.id, sizeof( original.id ) ) == 0 );
TEST_ASSERT( memcmp( original.master,
restored.master, sizeof( original.master ) ) == 0 );
#if defined(MBEDTLS_X509_CRT_PARSE_C)
TEST_ASSERT( ( original.peer_cert == NULL ) ==
( restored.peer_cert == NULL ) );
if( original.peer_cert != NULL )
{
TEST_ASSERT( original.peer_cert->raw.len ==
restored.peer_cert->raw.len );
TEST_ASSERT( memcmp( original.peer_cert->raw.p,
restored.peer_cert->raw.p,
original.peer_cert->raw.len ) == 0 );
}
#endif
TEST_ASSERT( original.verify_result == restored.verify_result );
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
TEST_ASSERT( original.ticket_len == restored.ticket_len );
if( original.ticket_len != 0 )
{
TEST_ASSERT( original.ticket != NULL );
TEST_ASSERT( restored.ticket != NULL );
TEST_ASSERT( memcmp( original.ticket,
restored.ticket, original.ticket_len ) == 0 );
}
TEST_ASSERT( original.ticket_lifetime == restored.ticket_lifetime );
#endif
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
TEST_ASSERT( original.mfl_code == restored.mfl_code );
#endif
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
TEST_ASSERT( original.trunc_hmac == restored.trunc_hmac );
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
TEST_ASSERT( original.encrypt_then_mac == restored.encrypt_then_mac );
#endif
exit:
mbedtls_ssl_session_free( &original );
mbedtls_ssl_session_free( &restored );
mbedtls_free( buf );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SEE_FUTURE_PR */ /* BEGIN_CASE depends_on:MBEDTLS_SEE_FUTURE_PR */
void ssl_serialise_session_load_save( int ticket_len, char *crt_file ) void ssl_serialise_session_load_save( int ticket_len, char *crt_file )
{ {