TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / ac36e382a97a54b06cca1f61f70eddc8c3904f4d^! / . / tests / ssl-opt.sh
commitac36e382a97a54b06cca1f61f70eddc8c3904f4d[log] [tgz]
authorAndres Amaya Garcia <andres.amayagarcia@arm.com>Wed Sep 06 15:44:01 2017 +0100
committerSimon Butcher <simon.butcher@arm.com>Fri Oct 06 11:55:32 2017 +0100
treea18c5a278e1693eb2707c667f3c5c980300fae01
parenta46a58ab942c324c414d46bc78fb4eb4db26f4ee [diff] [blame]
Add ssl-opt.sh test to check gmt_unix_time is good

Add a test to ssl-opt.sh that parses the client and server debug
output and then checks that the Unix timestamp in the ServerHello
message is within acceptable bounds.

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index b349512..e23daee 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh

@@ -321,6 +321,33 @@
     fi
 }
 
+# Given the client or server debug output, parse the unix timestamp that is
+# included in the first 4 bytes of the random bytes and check that its within
+# acceptable bounds
+check_server_hello_time() {
+    # Extract the time from the debug (lvl 3) output of the client
+    SERVER_HELLO_TIME="$(cat "$1" | sed -n 's/.*server hello, current time: \([0-9]\+\)$/\1/p')"
+    # Get the Unix timestamp for now
+    CUR_TIME=$(date +'%s')
+    THRESHOLD_IN_SECS=300
+
+    # Check if the ServerHello time was printed
+    if [ -z "$SERVER_HELLO_TIME" ]; then
+        return 1
+    fi
+
+    # Check the time in ServerHello is within acceptable bounds
+    if [ $SERVER_HELLO_TIME -lt $(( $CUR_TIME - $THRESHOLD_IN_SECS )) ]; then
+        # The time in ServerHello is at least 5 minutes before now
+        return 1
+    elif [ $SERVER_HELLO_TIME -gt $(( $CUR_TIME + $THRESHOLD_IN_SECS )) ]; then
+        # The time in ServerHello is at least 5 minues later than now
+        return 1
+    else
+        return 0
+    fi
+}
+
 # wait for client to terminate and set CLI_EXIT
 # must be called right after starting the client
 wait_client_done() {
@@ -696,6 +723,21 @@
             -s "Protocol is DTLSv1.2" \
             -s "Ciphersuite is TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384"
 
+# Test current time in ServerHello
+requires_config_enabled MBEDTLS_HAVE_TIME
+run_test    "Default, ServerHello contains gmt_unix_time" \
+            "$P_SRV debug_level=3" \
+            "$P_CLI debug_level=3" \
+            0 \
+            -s "Protocol is TLSv1.2" \
+            -s "Ciphersuite is TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \
+            -s "client hello v3, signature_algorithm ext: 6" \
+            -s "ECDHE curve: secp521r1" \
+            -S "error" \
+            -C "error" \
+            -f "check_server_hello_time" \
+            -F "check_server_hello_time"
+
 # Test for uniqueness of IVs in AEAD ciphersuites
 run_test    "Unique IV in GCM" \
             "$P_SRV exchanges=20 debug_level=4" \