TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / b2713abb8f4af13a1eaead65ef025fca9d756da6^! / .
commitb2713abb8f4af13a1eaead65ef025fca9d756da6[log] [tgz]
authorHanno Becker <hanno.becker@arm.com>Thu May 07 14:54:22 2020 +0100
committerHanno Becker <hanno.becker@arm.com>Thu May 28 10:32:23 2020 +0100
tree917c0b92553b128ef069f12f0a84446d2ea60fd9
parent3169dad48bf0afa0694823c986c45735ca800904 [diff]
Enhance record encryption unit tests by checking hidden content type

TLS 1.3 and DTLS 1.2 + CID hide the real content type of a record
within the record's inner plaintext, while always using the same
content type for the protected record:
- TLS 1.3 always uses ApplicationData
- DTLS 1.2 + CID always uses a special CID content type.

This commit enhances the record encryption unit test to check
that the record content type is indeed correctly hidden.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>

diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index e59a167..d902abd 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function

@@ -3178,6 +3178,26 @@
             continue;
         }
 
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+        if( rec.cid_len != 0 )
+        {
+            /* DTLS 1.2 + CID hides the real content type and
+             * uses a special CID content type in the protected
+             * record. Double-check this. */
+            TEST_ASSERT( rec.type == MBEDTLS_SSL_MSG_CID );
+        }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+        if( t_enc->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
+        {
+            /* TLS 1.3 hides the real content type and
+             * always uses Application Data as the content type
+             * for protected records. Double-check this. */
+            TEST_ASSERT( rec.type == MBEDTLS_SSL_MSG_APPLICATION_DATA );
+        }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
         /* Decrypt record with t_dec */
         ret = mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec );
         TEST_ASSERT( ret == 0 );
@@ -3321,6 +3341,26 @@
             if( ret != 0 )
                 continue;
 
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+            if( rec.cid_len != 0 )
+            {
+                /* DTLS 1.2 + CID hides the real content type and
+                 * uses a special CID content type in the protected
+                 * record. Double-check this. */
+                TEST_ASSERT( rec.type == MBEDTLS_SSL_MSG_CID );
+            }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+            if( t_enc->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
+            {
+                /* TLS 1.3 hides the real content type and
+                 * always uses Application Data as the content type
+                 * for protected records. Double-check this. */
+                TEST_ASSERT( rec.type == MBEDTLS_SSL_MSG_APPLICATION_DATA );
+            }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
             /* Decrypt record with t_dec */
             TEST_ASSERT( mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec ) == 0 );