Add cookie parsing tests to test_suite_ssl Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>

commit: cfb01948c86e5a13ca164dd69a576264ff71583e [log] [tgz]
author: Andrzej Kurek <andrzej.kurek@arm.com> Mon Jun 06 13:08:23 2022 -0400
committer: Andrzej Kurek <andrzej.kurek@arm.com> Mon Jun 06 15:29:15 2022 -0400
tree: 660c1faa719195d890d5ddc1d74eda0bf2ad9dc3
parent: c8183cc4924e25a205db6f42150fd075cdeb83c8 [diff]
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index c2c3cd2..1a3217c 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h

@@ -2296,4 +2296,12 @@
 int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf,
                                    const unsigned char *end, size_t *out_len );
 
+#if defined(MBEDTLS_TEST_HOOKS)
+int ssl_check_dtls_clihlo_cookie(
+                           mbedtls_ssl_context *ssl,
+                           const unsigned char *cli_id, size_t cli_id_len,
+                           const unsigned char *in, size_t in_len,
+                           unsigned char *obuf, size_t buf_len, size_t *olen );
+#endif
+
 #endif /* ssl_misc.h */

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index da4dbc7..ee6a01b 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c

@@ -3149,7 +3149,10 @@
  *   return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED
  * - otherwise return a specific error code
  */
-static int ssl_check_dtls_clihlo_cookie(
+#if !defined(MBEDTLS_TEST_HOOKS)
+static
+#endif
+int ssl_check_dtls_clihlo_cookie(
                            mbedtls_ssl_context *ssl,
                            const unsigned char *cli_id, size_t cli_id_len,
                            const unsigned char *in, size_t in_len,

diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 848a497..b6a46b2 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data

@@ -3366,3 +3366,21 @@
 
 Raw key agreement: bad server key
 raw_key_agreement_fail:1
+
+Cookie parsing: nominal run
+cookie_parsing:"16fefd0000000000000000002F010000de000000000000011efefd7b7272727272727272727272727272727272727272727272727272727272727d00200000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_ERR_SSL_INTERNAL_ERROR
+
+Cookie parsing: cookie_len overflow
+cookie_parsing:"16fefd000000000000000000ea010000de000000000000011efefd7b7272727272727272727272727272727272727272727272727272727272727db97b7373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737db963":MBEDTLS_ERR_SSL_DECODE_ERROR
+
+Cookie parsing: non-zero fragment offset
+cookie_parsing:"16fefd00000000000000000032010000de000072000000011efefd7b7272727272727272727272727272727272727272727272727272727272727d01730143":MBEDTLS_ERR_SSL_DECODE_ERROR
+
+Cookie parsing: sid_len overflow
+cookie_parsing:"16fefd00000000000000000032010000de000000000000011efefd7b7272727272727272727272727272727272727272727272727272727272727dFF730143":MBEDTLS_ERR_SSL_DECODE_ERROR
+
+Cookie parsing: record too short
+cookie_parsing:"16fefd0000000000000000002f010000de000072000000011efefd7b7272727272727272727272727272727272727272727272727272727272727dFF":MBEDTLS_ERR_SSL_DECODE_ERROR
+
+Cookie parsing: one byte overread
+cookie_parsing:"16fefd0000000000000000002F010000de000000000000011efefd7b7272727272727272727272727272727272727272727272727272727272727d0001":MBEDTLS_ERR_SSL_DECODE_ERROR

diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 35f1638..51d57a0 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function

@@ -5506,6 +5506,33 @@
 }
 /* END_CASE */
 
+/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */
+void cookie_parsing( data_t *cookie, int exp_ret )
+{
+    mbedtls_ssl_context ssl;
+    mbedtls_ssl_config conf;
+    size_t len;
+
+    mbedtls_ssl_init( &ssl );
+    mbedtls_ssl_config_init( &conf );
+    TEST_EQUAL( mbedtls_ssl_config_defaults( &conf, MBEDTLS_SSL_IS_SERVER,
+                                             MBEDTLS_SSL_TRANSPORT_DATAGRAM,
+                                             MBEDTLS_SSL_PRESET_DEFAULT ),
+                0 );
+
+    TEST_EQUAL( mbedtls_ssl_setup( &ssl, &conf ), 0 );
+    TEST_EQUAL( ssl_check_dtls_clihlo_cookie( &ssl, ssl.cli_id, ssl.cli_id_len,
+                                              cookie->x, cookie->len,
+                                              ssl.out_buf,
+                                              MBEDTLS_SSL_OUT_CONTENT_LEN,
+                                              &len ),
+                exp_ret );
+
+    mbedtls_ssl_free( &ssl );
+    mbedtls_ssl_config_free( &conf );
+}
+/* END_CASE */
+
 /* BEGIN_CASE depends_on:MBEDTLS_TIMING_C:MBEDTLS_HAVE_TIME */
 void timing_final_delay_accessor( )
 {
commit	cfb01948c86e5a13ca164dd69a576264ff71583e	[log] [tgz]
author	Andrzej Kurek <andrzej.kurek@arm.com>	Mon Jun 06 13:08:23 2022 -0400
committer	Andrzej Kurek <andrzej.kurek@arm.com>	Mon Jun 06 15:29:15 2022 -0400
tree	660c1faa719195d890d5ddc1d74eda0bf2ad9dc3
parent	c8183cc4924e25a205db6f42150fd075cdeb83c8 [diff]