TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / c7da1fe3812ce0d3ee0e351e67118d46af540519 / . / tests / context-info.sh
blob: 344dd4ea93d0357ba2b67e8599fa6ab1d3819805 [file] [log] [blame]
Piotr Nowicki9978e6e2020-04-07 16:07:05 +0200[diff] [blame]1#!/bin/sh
2
3# context-info.sh
4#
Piotr Nowicki9978e6e2020-04-07 16:07:05 +0200[diff] [blame]5# Copyright (c) 2012-2020, ARM Limited, All Rights Reserved
Bence Szépkútic7da1fe2020-05-26 01:54:15 +0200[diff] [blame^]6# SPDX-License-Identifier: Apache-2.0
7#
8# Licensed under the Apache License, Version 2.0 (the "License"); you may
9# not use this file except in compliance with the License.
10# You may obtain a copy of the License at
11#
12# http://www.apache.org/licenses/LICENSE-2.0
13#
14# Unless required by applicable law or agreed to in writing, software
15# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17# See the License for the specific language governing permissions and
18# limitations under the License.
19#
20# This file is part of Mbed TLS (https://tls.mbed.org)
Piotr Nowicki9978e6e2020-04-07 16:07:05 +0200[diff] [blame]21#
22# This program is intended for testing the ssl_context_info program
23#
24
25set -eu
26
27if ! cd "$(dirname "$0")"; then
28 exit 125
29fi
30
31# Variables
32
33THIS_SCRIPT_NAME=$(basename "$0")
34PROG_PATH="../programs/ssl/ssl_context_info"
35OUT_FILE="ssl_context_info.log"
36IN_DIR="data_files/base64"
37
38USE_VALGRIND=0
39
40T_COUNT=0
41T_PASSED=0
42T_FAILED=0
43
44
45# Functions
46
47print_usage() {
48 echo "Usage: $0 [options]"
49 printf " -h|--help\tPrint this help.\n"
50 printf " -m|--memcheck\tUse valgrind to check the memory.\n"
51}
52
53# Print test name <name>
54print_name() {
55 printf "%s %.*s " "$1" $(( 71 - ${#1} )) \
56 "........................................................................"
57}
58
59# Print header to the test output file <test name> <file path> <test command>
60print_header()
61{
62 date="$(date)"
63 echo "******************************************************************" > $2
64 echo "* File created by: $THIS_SCRIPT_NAME" >> $2
65 echo "* Test name: $1" >> $2
66 echo "* Date: $date" >> $2
67 echo "* Command: $3" >> $2
68 echo "******************************************************************" >> $2
69 echo "" >> $2
70}
71
72# Print footer at the end of file <file path>
73print_footer()
74{
75 echo "" >> $1
76 echo "******************************************************************" >> $1
77 echo "* End command" >> $1
78 echo "******************************************************************" >> $1
79 echo "" >> $1
80}
81
82# Use the arguments of this script
83get_options() {
84 while [ $# -gt 0 ]; do
85 case "$1" in
86 -h|--help)
87 print_usage
88 exit 0
89 ;;
90 -m|--memcheck)
91 USE_VALGRIND=1
92 ;;
93 *)
94 echo "Unknown argument: '$1'"
95 print_usage
96 exit 1
97 ;;
98 esac
99 shift
100 done
101}
102
103# Current test failed
104fail()
105{
106 T_FAILED=$(( $T_FAILED + 1))
107 FAIL_OUT="Fail.$T_FAILED""_$OUT_FILE"
108
109 echo "FAIL"
110 echo " Error: $1"
111
112 cp -f "$OUT_FILE" "$FAIL_OUT"
113 echo "Error: $1" >> "$FAIL_OUT"
114}
115
116# Current test passed
117pass()
118{
119 T_PASSED=$(( $T_PASSED + 1))
120 echo "PASS"
121}
122
123# Usage: run_test <name> <input file with b64 code> [ -arg <extra arguments for tested program> ] [option [...]]
124# Options: -m <pattern that MUST be present in the output of tested program>
125# -n <pattern that must NOT be present in the output of tested program>
126# -u <pattern that must be UNIQUE in the output of tested program>
127run_test()
128{
129 TEST_NAME="$1"
130 RUN_CMD="$PROG_PATH -f $IN_DIR/$2"
131
132 if [ "-arg" = "$3" ]; then
133 RUN_CMD="$RUN_CMD $4"
134 shift 4
135 else
136 shift 2
137 fi
138
139 # prepend valgrind to our commands if active
140 if [ "$USE_VALGRIND" -gt 0 ]; then
141 RUN_CMD="valgrind --leak-check=full $RUN_CMD"
142 fi
143
144 T_COUNT=$(( $T_COUNT + 1))
145 print_name "$TEST_NAME"
146
147 # run tested program
148 print_header "$TEST_NAME" "$OUT_FILE" "$RUN_CMD"
149 eval "$RUN_CMD" >> "$OUT_FILE" 2>&1
150 print_footer "$OUT_FILE"
151
152 # check valgrind's results
153 if [ "$USE_VALGRIND" -gt 0 ]; then
154 if ! ( grep -F 'All heap blocks were freed -- no leaks are possible' "$OUT_FILE" &&
155 grep -F 'ERROR SUMMARY: 0 errors from 0 contexts' "$OUT_FILE" ) > /dev/null
156 then
157 fail "Memory error detected"
158 return
159 fi
160 fi
161
162 # check other assertions
163 # lines beginning with == are added by valgrind, ignore them, because we already checked them before
164 # lines with 'Serious error when reading debug info', are valgrind issues as well
165 # lines beginning with * are added by this script, ignore too
166 while [ $# -gt 0 ]
167 do
168 case $1 in
169 "-m")
170 if grep -v '^==' "$OUT_FILE" | grep -v 'Serious error when reading debug info' | grep -v "^*" | grep "$2" >/dev/null; then :; else
171 fail "pattern '$2' MUST be present in the output"
172 return
173 fi
174 ;;
175
176 "-n")
177 if grep -v '^==' "$OUT_FILE" | grep -v 'Serious error when reading debug info' | grep -v "^*" | grep "$2" >/dev/null; then
178 fail "pattern '$2' MUST NOT be present in the output"
179 return
180 fi
181 ;;
182
183 "-u")
184 if [ $(grep -v '^==' "$OUT_FILE"| grep -v 'Serious error when reading debug info' | grep -v "^*" | grep "$2" | wc -l) -ne 1 ]; then
185 fail "lines following pattern '$2' must be once in the output"
186 return
187 fi
188 ;;
189
190 *)
191 echo "Unknown test: $1" >&2
192 exit 1
193 esac
194 shift 2
195 done
196
197 rm -f "$OUT_FILE"
198
199 pass
200}
201
202get_options "$@"
203
204# Tests
205
206run_test "Default configuration, server" \
207 "srv_def.txt" \
208 -n "ERROR" \
209 -u "major.* 2$" \
210 -u "minor.* 21$" \
211 -u "path.* 0$" \
212 -u "MBEDTLS_HAVE_TIME$" \
213 -u "MBEDTLS_X509_CRT_PARSE_C$" \
214 -u "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \
215 -u "MBEDTLS_SSL_TRUNCATED_HMAC$" \
216 -u "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
217 -u "MBEDTLS_SSL_SESSION_TICKETS$" \
218 -u "MBEDTLS_SSL_SESSION_TICKETS and client$" \
219 -u "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \
220 -u "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
221 -u "MBEDTLS_SSL_ALPN$" \
222 -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \
223 -u "cipher flags.* 0x00$" \
224 -u "Message-Digest.* SHA256$" \
225 -u "compression.* disabled$" \
226 -u "DTLS datagram packing.* enabled$" \
227 -n "Certificate" \
228 -n "bytes left to analyze from context"
229
230run_test "Default configuration, client" \
231 "cli_def.txt" \
232 -n "ERROR" \
233 -u "major.* 2$" \
234 -u "minor.* 21$" \
235 -u "path.* 0$" \
236 -u "MBEDTLS_HAVE_TIME$" \
237 -u "MBEDTLS_X509_CRT_PARSE_C$" \
238 -u "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \
239 -u "MBEDTLS_SSL_TRUNCATED_HMAC$" \
240 -u "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
241 -u "MBEDTLS_SSL_SESSION_TICKETS$" \
242 -u "MBEDTLS_SSL_SESSION_TICKETS and client$" \
243 -u "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \
244 -u "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
245 -u "MBEDTLS_SSL_ALPN$" \
246 -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \
247 -u "cipher flags.* 0x00$" \
248 -u "Message-Digest.* SHA256$" \
249 -u "compression.* disabled$" \
250 -u "DTLS datagram packing.* enabled$" \
251 -u "cert. version .* 3$" \
252 -u "serial number.* 02$" \
253 -u "issuer name.* C=NL, O=PolarSSL, CN=PolarSSL Test CA$" \
254 -u "subject name.* C=NL, O=PolarSSL, CN=localhost$" \
255 -u "issued on.* 2019-02-10 14:44:06$" \
256 -u "expires on.* 2029-02-10 14:44:06$" \
257 -u "signed using.* RSA with SHA-256$" \
258 -u "RSA key size.* 2048 bits$" \
259 -u "basic constraints.* CA=false$" \
260 -n "bytes left to analyze from context"
261
262run_test "Ciphersuite TLS-RSA-WITH-AES-256-CCM-8, server" \
263 "srv_ciphersuite.txt" \
264 -n "ERROR" \
265 -u "ciphersuite.* TLS-RSA-WITH-AES-256-CCM-8$" \
266
267run_test "Ciphersuite TLS-RSA-WITH-AES-256-CCM-8, client" \
268 "cli_ciphersuite.txt" \
269 -n "ERROR" \
270 -u "ciphersuite.* TLS-RSA-WITH-AES-256-CCM-8$" \
271
272run_test "No packing, server" \
273 "srv_no_packing.txt" \
274 -n "ERROR" \
275 -u "DTLS datagram packing.* disabled"
276
277run_test "No packing, client" \
278 "cli_no_packing.txt" \
279 -n "ERROR" \
280 -u "DTLS datagram packing.* disabled"
281
282run_test "DTLS CID, server" \
283 "srv_cid.txt" \
284 -n "ERROR" \
285 -u "in CID.* DE AD" \
286 -u "out CID.* BE EF"
287
288run_test "DTLS CID, client" \
289 "cli_cid.txt" \
290 -n "ERROR" \
291 -u "in CID.* BE EF" \
292 -u "out CID.* DE AD"
293
294run_test "No MBEDTLS_SSL_MAX_FRAGMENT_LENGTH, server" \
295 "srv_no_mfl.txt" \
296 -n "ERROR" \
297 -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH"
298
299run_test "No MBEDTLS_SSL_MAX_FRAGMENT_LENGTH, client" \
300 "cli_no_mfl.txt" \
301 -n "ERROR" \
302 -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH"
303
304run_test "No MBEDTLS_SSL_ALPN, server" \
305 "srv_no_alpn.txt" \
306 -n "ERROR" \
307 -n "MBEDTLS_SSL_ALPN"
308
309run_test "No MBEDTLS_SSL_ALPN, client" \
310 "cli_no_alpn.txt" \
311 -n "ERROR" \
312 -n "MBEDTLS_SSL_ALPN"
313
314run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, server" \
315 "srv_no_keep_cert.txt" \
316 -arg "--keep-peer-cert=0" \
317 -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \
318 -u "cipher flags.* 0x00" \
319 -u "compression.* disabled" \
320 -u "DTLS datagram packing.* enabled" \
321 -n "ERROR"
322
323run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, client" \
324 "cli_no_keep_cert.txt" \
325 -arg "--keep-peer-cert=0" \
326 -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \
327 -u "cipher flags.* 0x00" \
328 -u "compression.* disabled" \
329 -u "DTLS datagram packing.* enabled" \
330 -n "ERROR"
331
332run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, negative, server" \
333 "srv_no_keep_cert.txt" \
334 -m "Deserializing" \
335 -m "ERROR"
336
337run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, negative, client" \
338 "cli_no_keep_cert.txt" \
339 -m "Deserializing" \
340 -m "ERROR"
341
342run_test "Minimal configuration, server" \
343 "srv_min_cfg.txt" \
344 -n "ERROR" \
345 -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \
346 -n "MBEDTLS_SSL_TRUNCATED_HMAC$" \
347 -n "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
348 -n "MBEDTLS_SSL_SESSION_TICKETS$" \
349 -n "MBEDTLS_SSL_SESSION_TICKETS and client$" \
350 -n "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \
351 -n "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
352 -n "MBEDTLS_SSL_ALPN$" \
353
354run_test "Minimal configuration, client" \
355 "cli_min_cfg.txt" \
356 -n "ERROR" \
357 -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \
358 -n "MBEDTLS_SSL_TRUNCATED_HMAC$" \
359 -n "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
360 -n "MBEDTLS_SSL_SESSION_TICKETS$" \
361 -n "MBEDTLS_SSL_SESSION_TICKETS and client$" \
362 -n "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \
363 -n "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
364 -n "MBEDTLS_SSL_ALPN$" \
365
366run_test "MTU=10000" \
367 "mtu_10000.txt" \
368 -n "ERROR" \
369 -u "MTU.* 10000$"
370
371run_test "MFL=1024" \
372 "mfl_1024.txt" \
373 -n "ERROR" \
374 -u "MFL.* 1024$"
375
376run_test "Older version (v2.19.1)" \
377 "v2.19.1.txt" \
378 -n "ERROR" \
379 -u "major.* 2$" \
380 -u "minor.* 19$" \
381 -u "path.* 1$" \
382 -u "ciphersuite.* TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8$" \
383 -u "Message-Digest.* SHA256$" \
384 -u "compression.* disabled$" \
385 -u "serial number.* 01:70:AF:40:B4:E6$" \
386 -u "issuer name.* CN=ca$" \
387 -u "subject name.* L=160001, OU=acc1, CN=device01$" \
388 -u "issued on.* 2020-03-06 09:50:18$" \
389 -u "expires on.* 2056-02-26 09:50:18$" \
390 -u "signed using.* ECDSA with SHA256$" \
391 -u "lifetime.* 0 sec.$" \
392 -u "MFL.* none$" \
393 -u "negotiate truncated HMAC.* disabled$" \
394 -u "Encrypt-then-MAC.* enabled$" \
395 -u "DTLS datagram packing.* enabled$" \
396 -u "verify result.* 0x00000000$" \
397 -n "bytes left to analyze from context"
398
399run_test "Wrong base64 format" \
400 "def_bad_b64.txt" \
401 -m "ERROR" \
402 -u "The length of the base64 code found should be a multiple of 4" \
403 -n "bytes left to analyze from context"
404
405run_test "Too much data at the beginning of base64 code" \
406 "def_b64_too_big_1.txt" \
407 -m "ERROR" \
408 -n "The length of the base64 code found should be a multiple of 4" \
409
410run_test "Too much data in the middle of base64 code" \
411 "def_b64_too_big_2.txt" \
412 -m "ERROR" \
413 -n "The length of the base64 code found should be a multiple of 4" \
414
415run_test "Too much data at the end of base64 code" \
416 "def_b64_too_big_3.txt" \
417 -m "ERROR" \
418 -n "The length of the base64 code found should be a multiple of 4" \
419 -u "bytes left to analyze from context"
420
421run_test "Empty file as input" \
422 "empty.txt" \
423 -u "Finished. No valid base64 code found"
424
425run_test "Not empty file without base64 code" \
426 "../../context-info.sh" \
427 -n "Deserializing"
428
429run_test "Binary file instead of text file" \
430 "../../../programs/ssl/ssl_context_info" \
431 -m "ERROR" \
432 -u "Too many bad symbols detected. File check aborted" \
433 -n "Deserializing"
434
435
436# End of tests
437
438if [ $T_FAILED -eq 0 ]; then
439 printf "\nPASSED ( $T_COUNT tests )\n"
440else
441 printf "\nFAILED ( $T_FAILED / $T_COUNT tests )\n"
442fi
443
444exit $T_FAILED