TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / ae59c5232274df36b1b58dd52eb74cb153829a1a / . / tests / context-info.sh
blob: b87069295e9519dcd52d5ac95c0344c4c443d483 [file] [log] [blame]
Piotr Nowicki9978e6e2020-04-07 16:07:05 +0200[diff] [blame]1#!/bin/sh
2
3# context-info.sh
4#
Bence Szépkúti1e148272020-08-07 13:07:28 +0200[diff] [blame]5# Copyright The Mbed TLS Contributors
Dave Rodgman7ff79652023-11-03 12:04:52 +0000[diff] [blame]6# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
Bence Szépkútic7da1fe2020-05-26 01:54:15 +0200[diff] [blame]7#
Piotr Nowicki9978e6e2020-04-07 16:07:05 +0200[diff] [blame]8# This program is intended for testing the ssl_context_info program
9#
10
11set -eu
12
13if ! cd "$(dirname "$0")"; then
14 exit 125
15fi
16
17# Variables
18
19THIS_SCRIPT_NAME=$(basename "$0")
20PROG_PATH="../programs/ssl/ssl_context_info"
21OUT_FILE="ssl_context_info.log"
22IN_DIR="data_files/base64"
23
24USE_VALGRIND=0
25
26T_COUNT=0
27T_PASSED=0
28T_FAILED=0
29
30
31# Functions
32
33print_usage() {
34 echo "Usage: $0 [options]"
35 printf " -h|--help\tPrint this help.\n"
36 printf " -m|--memcheck\tUse valgrind to check the memory.\n"
37}
38
39# Print test name <name>
40print_name() {
41 printf "%s %.*s " "$1" $(( 71 - ${#1} )) \
42 "........................................................................"
43}
44
45# Print header to the test output file <test name> <file path> <test command>
46print_header()
47{
48 date="$(date)"
49 echo "******************************************************************" > $2
50 echo "* File created by: $THIS_SCRIPT_NAME" >> $2
51 echo "* Test name: $1" >> $2
52 echo "* Date: $date" >> $2
53 echo "* Command: $3" >> $2
54 echo "******************************************************************" >> $2
55 echo "" >> $2
56}
57
58# Print footer at the end of file <file path>
59print_footer()
60{
61 echo "" >> $1
62 echo "******************************************************************" >> $1
63 echo "* End command" >> $1
64 echo "******************************************************************" >> $1
65 echo "" >> $1
66}
67
68# Use the arguments of this script
69get_options() {
70 while [ $# -gt 0 ]; do
71 case "$1" in
72 -h|--help)
73 print_usage
74 exit 0
75 ;;
76 -m|--memcheck)
77 USE_VALGRIND=1
78 ;;
79 *)
80 echo "Unknown argument: '$1'"
81 print_usage
82 exit 1
83 ;;
84 esac
85 shift
86 done
87}
88
89# Current test failed
90fail()
91{
92 T_FAILED=$(( $T_FAILED + 1))
93 FAIL_OUT="Fail.$T_FAILED""_$OUT_FILE"
94
95 echo "FAIL"
96 echo " Error: $1"
97
98 cp -f "$OUT_FILE" "$FAIL_OUT"
99 echo "Error: $1" >> "$FAIL_OUT"
100}
101
102# Current test passed
103pass()
104{
105 T_PASSED=$(( $T_PASSED + 1))
106 echo "PASS"
107}
108
109# Usage: run_test <name> <input file with b64 code> [ -arg <extra arguments for tested program> ] [option [...]]
110# Options: -m <pattern that MUST be present in the output of tested program>
111# -n <pattern that must NOT be present in the output of tested program>
112# -u <pattern that must be UNIQUE in the output of tested program>
113run_test()
114{
115 TEST_NAME="$1"
116 RUN_CMD="$PROG_PATH -f $IN_DIR/$2"
117
118 if [ "-arg" = "$3" ]; then
119 RUN_CMD="$RUN_CMD $4"
120 shift 4
121 else
122 shift 2
123 fi
124
125 # prepend valgrind to our commands if active
126 if [ "$USE_VALGRIND" -gt 0 ]; then
127 RUN_CMD="valgrind --leak-check=full $RUN_CMD"
128 fi
129
130 T_COUNT=$(( $T_COUNT + 1))
131 print_name "$TEST_NAME"
132
133 # run tested program
134 print_header "$TEST_NAME" "$OUT_FILE" "$RUN_CMD"
135 eval "$RUN_CMD" >> "$OUT_FILE" 2>&1
136 print_footer "$OUT_FILE"
137
138 # check valgrind's results
139 if [ "$USE_VALGRIND" -gt 0 ]; then
140 if ! ( grep -F 'All heap blocks were freed -- no leaks are possible' "$OUT_FILE" &&
141 grep -F 'ERROR SUMMARY: 0 errors from 0 contexts' "$OUT_FILE" ) > /dev/null
142 then
143 fail "Memory error detected"
144 return
145 fi
146 fi
147
148 # check other assertions
149 # lines beginning with == are added by valgrind, ignore them, because we already checked them before
150 # lines with 'Serious error when reading debug info', are valgrind issues as well
151 # lines beginning with * are added by this script, ignore too
152 while [ $# -gt 0 ]
153 do
154 case $1 in
155 "-m")
156 if grep -v '^==' "$OUT_FILE" | grep -v 'Serious error when reading debug info' | grep -v "^*" | grep "$2" >/dev/null; then :; else
157 fail "pattern '$2' MUST be present in the output"
158 return
159 fi
160 ;;
161
162 "-n")
163 if grep -v '^==' "$OUT_FILE" | grep -v 'Serious error when reading debug info' | grep -v "^*" | grep "$2" >/dev/null; then
164 fail "pattern '$2' MUST NOT be present in the output"
165 return
166 fi
167 ;;
168
169 "-u")
170 if [ $(grep -v '^==' "$OUT_FILE"| grep -v 'Serious error when reading debug info' | grep -v "^*" | grep "$2" | wc -l) -ne 1 ]; then
171 fail "lines following pattern '$2' must be once in the output"
172 return
173 fi
174 ;;
175
176 *)
177 echo "Unknown test: $1" >&2
178 exit 1
179 esac
180 shift 2
181 done
182
183 rm -f "$OUT_FILE"
184
185 pass
186}
187
188get_options "$@"
189
190# Tests
191
192run_test "Default configuration, server" \
193 "srv_def.txt" \
194 -n "ERROR" \
195 -u "major.* 2$" \
196 -u "minor.* 21$" \
197 -u "path.* 0$" \
198 -u "MBEDTLS_HAVE_TIME$" \
199 -u "MBEDTLS_X509_CRT_PARSE_C$" \
200 -u "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \
201 -u "MBEDTLS_SSL_TRUNCATED_HMAC$" \
202 -u "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
203 -u "MBEDTLS_SSL_SESSION_TICKETS$" \
204 -u "MBEDTLS_SSL_SESSION_TICKETS and client$" \
205 -u "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \
206 -u "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
207 -u "MBEDTLS_SSL_ALPN$" \
208 -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \
209 -u "cipher flags.* 0x00$" \
210 -u "Message-Digest.* SHA256$" \
211 -u "compression.* disabled$" \
212 -u "DTLS datagram packing.* enabled$" \
213 -n "Certificate" \
214 -n "bytes left to analyze from context"
215
216run_test "Default configuration, client" \
217 "cli_def.txt" \
218 -n "ERROR" \
219 -u "major.* 2$" \
220 -u "minor.* 21$" \
221 -u "path.* 0$" \
222 -u "MBEDTLS_HAVE_TIME$" \
223 -u "MBEDTLS_X509_CRT_PARSE_C$" \
224 -u "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \
225 -u "MBEDTLS_SSL_TRUNCATED_HMAC$" \
226 -u "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
227 -u "MBEDTLS_SSL_SESSION_TICKETS$" \
228 -u "MBEDTLS_SSL_SESSION_TICKETS and client$" \
229 -u "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \
230 -u "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
231 -u "MBEDTLS_SSL_ALPN$" \
232 -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \
233 -u "cipher flags.* 0x00$" \
234 -u "Message-Digest.* SHA256$" \
235 -u "compression.* disabled$" \
236 -u "DTLS datagram packing.* enabled$" \
237 -u "cert. version .* 3$" \
238 -u "serial number.* 02$" \
239 -u "issuer name.* C=NL, O=PolarSSL, CN=PolarSSL Test CA$" \
240 -u "subject name.* C=NL, O=PolarSSL, CN=localhost$" \
241 -u "issued on.* 2019-02-10 14:44:06$" \
242 -u "expires on.* 2029-02-10 14:44:06$" \
243 -u "signed using.* RSA with SHA-256$" \
244 -u "RSA key size.* 2048 bits$" \
245 -u "basic constraints.* CA=false$" \
246 -n "bytes left to analyze from context"
247
248run_test "Ciphersuite TLS-RSA-WITH-AES-256-CCM-8, server" \
249 "srv_ciphersuite.txt" \
250 -n "ERROR" \
251 -u "ciphersuite.* TLS-RSA-WITH-AES-256-CCM-8$" \
252
253run_test "Ciphersuite TLS-RSA-WITH-AES-256-CCM-8, client" \
254 "cli_ciphersuite.txt" \
255 -n "ERROR" \
256 -u "ciphersuite.* TLS-RSA-WITH-AES-256-CCM-8$" \
257
258run_test "No packing, server" \
259 "srv_no_packing.txt" \
260 -n "ERROR" \
261 -u "DTLS datagram packing.* disabled"
262
263run_test "No packing, client" \
264 "cli_no_packing.txt" \
265 -n "ERROR" \
266 -u "DTLS datagram packing.* disabled"
267
268run_test "DTLS CID, server" \
269 "srv_cid.txt" \
270 -n "ERROR" \
271 -u "in CID.* DE AD" \
272 -u "out CID.* BE EF"
273
274run_test "DTLS CID, client" \
275 "cli_cid.txt" \
276 -n "ERROR" \
277 -u "in CID.* BE EF" \
278 -u "out CID.* DE AD"
279
280run_test "No MBEDTLS_SSL_MAX_FRAGMENT_LENGTH, server" \
281 "srv_no_mfl.txt" \
282 -n "ERROR" \
283 -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH"
284
285run_test "No MBEDTLS_SSL_MAX_FRAGMENT_LENGTH, client" \
286 "cli_no_mfl.txt" \
287 -n "ERROR" \
288 -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH"
289
290run_test "No MBEDTLS_SSL_ALPN, server" \
291 "srv_no_alpn.txt" \
292 -n "ERROR" \
293 -n "MBEDTLS_SSL_ALPN"
294
295run_test "No MBEDTLS_SSL_ALPN, client" \
296 "cli_no_alpn.txt" \
297 -n "ERROR" \
298 -n "MBEDTLS_SSL_ALPN"
299
300run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, server" \
301 "srv_no_keep_cert.txt" \
302 -arg "--keep-peer-cert=0" \
303 -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \
304 -u "cipher flags.* 0x00" \
305 -u "compression.* disabled" \
306 -u "DTLS datagram packing.* enabled" \
307 -n "ERROR"
308
309run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, client" \
310 "cli_no_keep_cert.txt" \
311 -arg "--keep-peer-cert=0" \
312 -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \
313 -u "cipher flags.* 0x00" \
314 -u "compression.* disabled" \
315 -u "DTLS datagram packing.* enabled" \
316 -n "ERROR"
317
318run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, negative, server" \
319 "srv_no_keep_cert.txt" \
320 -m "Deserializing" \
321 -m "ERROR"
322
323run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, negative, client" \
324 "cli_no_keep_cert.txt" \
325 -m "Deserializing" \
326 -m "ERROR"
327
328run_test "Minimal configuration, server" \
329 "srv_min_cfg.txt" \
330 -n "ERROR" \
331 -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \
332 -n "MBEDTLS_SSL_TRUNCATED_HMAC$" \
333 -n "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
334 -n "MBEDTLS_SSL_SESSION_TICKETS$" \
335 -n "MBEDTLS_SSL_SESSION_TICKETS and client$" \
336 -n "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \
337 -n "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
338 -n "MBEDTLS_SSL_ALPN$" \
339
340run_test "Minimal configuration, client" \
341 "cli_min_cfg.txt" \
342 -n "ERROR" \
343 -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \
344 -n "MBEDTLS_SSL_TRUNCATED_HMAC$" \
345 -n "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
346 -n "MBEDTLS_SSL_SESSION_TICKETS$" \
347 -n "MBEDTLS_SSL_SESSION_TICKETS and client$" \
348 -n "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \
349 -n "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
350 -n "MBEDTLS_SSL_ALPN$" \
351
352run_test "MTU=10000" \
353 "mtu_10000.txt" \
354 -n "ERROR" \
355 -u "MTU.* 10000$"
356
357run_test "MFL=1024" \
358 "mfl_1024.txt" \
359 -n "ERROR" \
360 -u "MFL.* 1024$"
361
362run_test "Older version (v2.19.1)" \
363 "v2.19.1.txt" \
364 -n "ERROR" \
365 -u "major.* 2$" \
366 -u "minor.* 19$" \
367 -u "path.* 1$" \
368 -u "ciphersuite.* TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8$" \
369 -u "Message-Digest.* SHA256$" \
370 -u "compression.* disabled$" \
371 -u "serial number.* 01:70:AF:40:B4:E6$" \
372 -u "issuer name.* CN=ca$" \
373 -u "subject name.* L=160001, OU=acc1, CN=device01$" \
374 -u "issued on.* 2020-03-06 09:50:18$" \
375 -u "expires on.* 2056-02-26 09:50:18$" \
376 -u "signed using.* ECDSA with SHA256$" \
377 -u "lifetime.* 0 sec.$" \
378 -u "MFL.* none$" \
379 -u "negotiate truncated HMAC.* disabled$" \
380 -u "Encrypt-then-MAC.* enabled$" \
381 -u "DTLS datagram packing.* enabled$" \
382 -u "verify result.* 0x00000000$" \
383 -n "bytes left to analyze from context"
384
385run_test "Wrong base64 format" \
386 "def_bad_b64.txt" \
387 -m "ERROR" \
388 -u "The length of the base64 code found should be a multiple of 4" \
389 -n "bytes left to analyze from context"
390
391run_test "Too much data at the beginning of base64 code" \
392 "def_b64_too_big_1.txt" \
393 -m "ERROR" \
394 -n "The length of the base64 code found should be a multiple of 4" \
395
396run_test "Too much data in the middle of base64 code" \
397 "def_b64_too_big_2.txt" \
398 -m "ERROR" \
399 -n "The length of the base64 code found should be a multiple of 4" \
400
401run_test "Too much data at the end of base64 code" \
402 "def_b64_too_big_3.txt" \
403 -m "ERROR" \
404 -n "The length of the base64 code found should be a multiple of 4" \
405 -u "bytes left to analyze from context"
406
407run_test "Empty file as input" \
408 "empty.txt" \
409 -u "Finished. No valid base64 code found"
410
411run_test "Not empty file without base64 code" \
412 "../../context-info.sh" \
413 -n "Deserializing"
414
415run_test "Binary file instead of text file" \
416 "../../../programs/ssl/ssl_context_info" \
417 -m "ERROR" \
418 -u "Too many bad symbols detected. File check aborted" \
419 -n "Deserializing"
420
David Brown3bea9f62020-10-16 13:15:59 -0600[diff] [blame]421run_test "Decoder continues past 0xff character" \
422 "def_b64_ff.bin" \
423 -n "No valid base64" \
424 -u "ciphersuite.* TLS-"
425
Piotr Nowicki9978e6e2020-04-07 16:07:05 +0200[diff] [blame]426
427# End of tests
428
Gilles Peskine231befa2020-08-26 20:05:11 +0200[diff] [blame]429echo
Piotr Nowicki9978e6e2020-04-07 16:07:05 +0200[diff] [blame]430if [ $T_FAILED -eq 0 ]; then
Gilles Peskine231befa2020-08-26 20:05:11 +0200[diff] [blame]431 echo "PASSED ( $T_COUNT tests )"
Piotr Nowicki9978e6e2020-04-07 16:07:05 +0200[diff] [blame]432else
Gilles Peskine231befa2020-08-26 20:05:11 +0200[diff] [blame]433 echo "FAILED ( $T_FAILED / $T_COUNT tests )"
Piotr Nowicki9978e6e2020-04-07 16:07:05 +0200[diff] [blame]434fi
435
436exit $T_FAILED