TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / 70d7fb0c2df35e3086503590f5a2a48cef0a822d^! / . / tests / suites / test_suite_ssl.function
commit70d7fb0c2df35e3086503590f5a2a48cef0a822d[log] [tgz]
authorHanno Becker <hanno.becker@arm.com>Wed Sep 09 10:11:21 2020 +0100
committerHanno Becker <hanno.becker@arm.com>Wed Sep 09 10:17:37 2020 +0100
tree3e9fcccd45cb8d733a02c04939dd7592bb5ac029
parent90551c7a26f798afe968011bfd2655768cbc31fd [diff] [blame]
Don't hardcode TLS 1.3 labels in test cases

ssl_tls1_3_keys.c exports a structure containing all labels used
in the TLS 1.3 key schedule, but the TLS 1.3 key scheduling unit
tests so far replicated those labels in the test file. In particular,
wrong label values in ssl_tls1_3_keys.c wouldn't have been caught
by the unit tests.

This commit modifies the TLS 1.3 key schedule unit tests to use
the TLS 1.3 labels as exported by ssl_tls1_3_keys.c. This not only
makes sure that those labels are correct, but also avoids hardcoding
their hex-encoding in the test file.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>

diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 58abef8..1532429 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function

@@ -12,6 +12,11 @@
 
 #include <test/constant_flow.h>
 
+#define MBEDTLS_SSL_TLS1_3_LABEL( idx, name, string )   \
+    const int tls1_3_label_ ## name = idx;
+MBEDTLS_SSL_TLS1_3_LABEL_LIST
+#undef MBEDTLS_SSL_TLS1_3_LABEL
+
 typedef struct log_pattern
 {
     const char *pattern;
@@ -3673,13 +3678,24 @@
 /* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 void ssl_tls1_3_hkdf_expand_label( int hash_alg,
                                    data_t *secret,
-                                   data_t *label,
+                                   int label_idx,
                                    data_t *ctx,
                                    int desired_length,
                                    data_t *expected )
 {
     unsigned char dst[ 100 ];
 
+    unsigned char const *lbl = NULL;
+    size_t lbl_len;
+#define MBEDTLS_SSL_TLS1_3_LABEL( idx, name, string )                   \
+    if( label_idx == tls1_3_label_ ## name )                            \
+    {                                                                   \
+        lbl = mbedtls_ssl_tls1_3_labels.name;                           \
+        lbl_len = sizeof( mbedtls_ssl_tls1_3_labels.name );             \
+    }
+MBEDTLS_SSL_TLS1_3_LABEL_LIST
+#undef MBEDTLS_SSL_TLS1_3_LABEL
+    TEST_ASSERT( lbl != NULL );
 
     /* Check sanity of test parameters. */
     TEST_ASSERT( (size_t) desired_length <= sizeof(dst) );
@@ -3688,7 +3704,7 @@
     TEST_ASSERT( mbedtls_ssl_tls1_3_hkdf_expand_label(
                       (mbedtls_md_type_t) hash_alg,
                       secret->x, secret->len,
-                      label->x, label->len,
+                      lbl, lbl_len,
                       ctx->x, ctx->len,
                       dst, desired_length ) == 0 );
 
@@ -3747,7 +3763,7 @@
 /* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 void ssl_tls1_3_derive_secret( int hash_alg,
                                data_t *secret,
-                               data_t *label,
+                               int label_idx,
                                data_t *ctx,
                                int desired_length,
                                int already_hashed,
@@ -3755,6 +3771,18 @@
 {
     unsigned char dst[ 100 ];
 
+    unsigned char const *lbl = NULL;
+    size_t lbl_len;
+#define MBEDTLS_SSL_TLS1_3_LABEL( idx, name, string )                   \
+    if( label_idx == tls1_3_label_ ## name )                            \
+    {                                                                   \
+        lbl = mbedtls_ssl_tls1_3_labels.name;                           \
+        lbl_len = sizeof( mbedtls_ssl_tls1_3_labels.name );             \
+    }
+MBEDTLS_SSL_TLS1_3_LABEL_LIST
+#undef MBEDTLS_SSL_TLS1_3_LABEL
+    TEST_ASSERT( lbl != NULL );
+
     /* Check sanity of test parameters. */
     TEST_ASSERT( (size_t) desired_length <= sizeof(dst) );
     TEST_ASSERT( (size_t) desired_length == expected->len );
@@ -3762,7 +3790,7 @@
     TEST_ASSERT( mbedtls_ssl_tls1_3_derive_secret(
                       (mbedtls_md_type_t) hash_alg,
                       secret->x, secret->len,
-                      label->x, label->len,
+                      lbl, lbl_len,
                       ctx->x, ctx->len,
                       already_hashed,
                       dst, desired_length ) == 0 );