TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / cad59ed48e4e6bb1fa0f8f25c5e9b25f79eda527 / . / tests / context-info.sh
blob: 3465298458f0154c9d8d726b94175e850c556463 [file] [log] [blame]
Piotr Nowicki9978e6e2020-04-07 16:07:05 +0200[diff] [blame]1#!/bin/sh
2
3# context-info.sh
4#
Bence Szépkúti1e148272020-08-07 13:07:28 +0200[diff] [blame]5# Copyright The Mbed TLS Contributors
Bence Szépkútic7da1fe2020-05-26 01:54:15 +0200[diff] [blame]6# SPDX-License-Identifier: Apache-2.0
7#
8# Licensed under the Apache License, Version 2.0 (the "License"); you may
9# not use this file except in compliance with the License.
10# You may obtain a copy of the License at
11#
12# http://www.apache.org/licenses/LICENSE-2.0
13#
14# Unless required by applicable law or agreed to in writing, software
15# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17# See the License for the specific language governing permissions and
18# limitations under the License.
19#
Piotr Nowicki9978e6e2020-04-07 16:07:05 +0200[diff] [blame]20# This program is intended for testing the ssl_context_info program
21#
22
23set -eu
24
25if ! cd "$(dirname "$0")"; then
26 exit 125
27fi
28
29# Variables
30
31THIS_SCRIPT_NAME=$(basename "$0")
32PROG_PATH="../programs/ssl/ssl_context_info"
33OUT_FILE="ssl_context_info.log"
34IN_DIR="data_files/base64"
35
36USE_VALGRIND=0
37
38T_COUNT=0
39T_PASSED=0
40T_FAILED=0
41
42
43# Functions
44
45print_usage() {
46 echo "Usage: $0 [options]"
47 printf " -h|--help\tPrint this help.\n"
48 printf " -m|--memcheck\tUse valgrind to check the memory.\n"
49}
50
51# Print test name <name>
52print_name() {
53 printf "%s %.*s " "$1" $(( 71 - ${#1} )) \
54 "........................................................................"
55}
56
57# Print header to the test output file <test name> <file path> <test command>
58print_header()
59{
60 date="$(date)"
61 echo "******************************************************************" > $2
62 echo "* File created by: $THIS_SCRIPT_NAME" >> $2
63 echo "* Test name: $1" >> $2
64 echo "* Date: $date" >> $2
65 echo "* Command: $3" >> $2
66 echo "******************************************************************" >> $2
67 echo "" >> $2
68}
69
70# Print footer at the end of file <file path>
71print_footer()
72{
73 echo "" >> $1
74 echo "******************************************************************" >> $1
75 echo "* End command" >> $1
76 echo "******************************************************************" >> $1
77 echo "" >> $1
78}
79
80# Use the arguments of this script
81get_options() {
82 while [ $# -gt 0 ]; do
83 case "$1" in
84 -h|--help)
85 print_usage
86 exit 0
87 ;;
88 -m|--memcheck)
89 USE_VALGRIND=1
90 ;;
91 *)
92 echo "Unknown argument: '$1'"
93 print_usage
94 exit 1
95 ;;
96 esac
97 shift
98 done
99}
100
101# Current test failed
102fail()
103{
104 T_FAILED=$(( $T_FAILED + 1))
105 FAIL_OUT="Fail.$T_FAILED""_$OUT_FILE"
106
107 echo "FAIL"
108 echo " Error: $1"
109
110 cp -f "$OUT_FILE" "$FAIL_OUT"
111 echo "Error: $1" >> "$FAIL_OUT"
112}
113
114# Current test passed
115pass()
116{
117 T_PASSED=$(( $T_PASSED + 1))
118 echo "PASS"
119}
120
121# Usage: run_test <name> <input file with b64 code> [ -arg <extra arguments for tested program> ] [option [...]]
122# Options: -m <pattern that MUST be present in the output of tested program>
123# -n <pattern that must NOT be present in the output of tested program>
124# -u <pattern that must be UNIQUE in the output of tested program>
125run_test()
126{
127 TEST_NAME="$1"
128 RUN_CMD="$PROG_PATH -f $IN_DIR/$2"
129
130 if [ "-arg" = "$3" ]; then
131 RUN_CMD="$RUN_CMD $4"
132 shift 4
133 else
134 shift 2
135 fi
136
137 # prepend valgrind to our commands if active
138 if [ "$USE_VALGRIND" -gt 0 ]; then
139 RUN_CMD="valgrind --leak-check=full $RUN_CMD"
140 fi
141
142 T_COUNT=$(( $T_COUNT + 1))
143 print_name "$TEST_NAME"
144
145 # run tested program
146 print_header "$TEST_NAME" "$OUT_FILE" "$RUN_CMD"
147 eval "$RUN_CMD" >> "$OUT_FILE" 2>&1
148 print_footer "$OUT_FILE"
149
150 # check valgrind's results
151 if [ "$USE_VALGRIND" -gt 0 ]; then
152 if ! ( grep -F 'All heap blocks were freed -- no leaks are possible' "$OUT_FILE" &&
153 grep -F 'ERROR SUMMARY: 0 errors from 0 contexts' "$OUT_FILE" ) > /dev/null
154 then
155 fail "Memory error detected"
156 return
157 fi
158 fi
159
160 # check other assertions
161 # lines beginning with == are added by valgrind, ignore them, because we already checked them before
162 # lines with 'Serious error when reading debug info', are valgrind issues as well
163 # lines beginning with * are added by this script, ignore too
164 while [ $# -gt 0 ]
165 do
166 case $1 in
167 "-m")
168 if grep -v '^==' "$OUT_FILE" | grep -v 'Serious error when reading debug info' | grep -v "^*" | grep "$2" >/dev/null; then :; else
169 fail "pattern '$2' MUST be present in the output"
170 return
171 fi
172 ;;
173
174 "-n")
175 if grep -v '^==' "$OUT_FILE" | grep -v 'Serious error when reading debug info' | grep -v "^*" | grep "$2" >/dev/null; then
176 fail "pattern '$2' MUST NOT be present in the output"
177 return
178 fi
179 ;;
180
181 "-u")
182 if [ $(grep -v '^==' "$OUT_FILE"| grep -v 'Serious error when reading debug info' | grep -v "^*" | grep "$2" | wc -l) -ne 1 ]; then
183 fail "lines following pattern '$2' must be once in the output"
184 return
185 fi
186 ;;
187
188 *)
189 echo "Unknown test: $1" >&2
190 exit 1
191 esac
192 shift 2
193 done
194
195 rm -f "$OUT_FILE"
196
197 pass
198}
199
200get_options "$@"
201
202# Tests
203
204run_test "Default configuration, server" \
205 "srv_def.txt" \
206 -n "ERROR" \
207 -u "major.* 2$" \
208 -u "minor.* 21$" \
209 -u "path.* 0$" \
210 -u "MBEDTLS_HAVE_TIME$" \
211 -u "MBEDTLS_X509_CRT_PARSE_C$" \
212 -u "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \
213 -u "MBEDTLS_SSL_TRUNCATED_HMAC$" \
214 -u "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
215 -u "MBEDTLS_SSL_SESSION_TICKETS$" \
216 -u "MBEDTLS_SSL_SESSION_TICKETS and client$" \
217 -u "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \
218 -u "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
219 -u "MBEDTLS_SSL_ALPN$" \
220 -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \
221 -u "cipher flags.* 0x00$" \
222 -u "Message-Digest.* SHA256$" \
223 -u "compression.* disabled$" \
224 -u "DTLS datagram packing.* enabled$" \
225 -n "Certificate" \
226 -n "bytes left to analyze from context"
227
228run_test "Default configuration, client" \
229 "cli_def.txt" \
230 -n "ERROR" \
231 -u "major.* 2$" \
232 -u "minor.* 21$" \
233 -u "path.* 0$" \
234 -u "MBEDTLS_HAVE_TIME$" \
235 -u "MBEDTLS_X509_CRT_PARSE_C$" \
236 -u "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \
237 -u "MBEDTLS_SSL_TRUNCATED_HMAC$" \
238 -u "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
239 -u "MBEDTLS_SSL_SESSION_TICKETS$" \
240 -u "MBEDTLS_SSL_SESSION_TICKETS and client$" \
241 -u "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \
242 -u "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
243 -u "MBEDTLS_SSL_ALPN$" \
244 -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \
245 -u "cipher flags.* 0x00$" \
246 -u "Message-Digest.* SHA256$" \
247 -u "compression.* disabled$" \
248 -u "DTLS datagram packing.* enabled$" \
249 -u "cert. version .* 3$" \
250 -u "serial number.* 02$" \
251 -u "issuer name.* C=NL, O=PolarSSL, CN=PolarSSL Test CA$" \
252 -u "subject name.* C=NL, O=PolarSSL, CN=localhost$" \
253 -u "issued on.* 2019-02-10 14:44:06$" \
254 -u "expires on.* 2029-02-10 14:44:06$" \
255 -u "signed using.* RSA with SHA-256$" \
256 -u "RSA key size.* 2048 bits$" \
257 -u "basic constraints.* CA=false$" \
258 -n "bytes left to analyze from context"
259
260run_test "Ciphersuite TLS-RSA-WITH-AES-256-CCM-8, server" \
261 "srv_ciphersuite.txt" \
262 -n "ERROR" \
263 -u "ciphersuite.* TLS-RSA-WITH-AES-256-CCM-8$" \
264
265run_test "Ciphersuite TLS-RSA-WITH-AES-256-CCM-8, client" \
266 "cli_ciphersuite.txt" \
267 -n "ERROR" \
268 -u "ciphersuite.* TLS-RSA-WITH-AES-256-CCM-8$" \
269
270run_test "No packing, server" \
271 "srv_no_packing.txt" \
272 -n "ERROR" \
273 -u "DTLS datagram packing.* disabled"
274
275run_test "No packing, client" \
276 "cli_no_packing.txt" \
277 -n "ERROR" \
278 -u "DTLS datagram packing.* disabled"
279
280run_test "DTLS CID, server" \
281 "srv_cid.txt" \
282 -n "ERROR" \
283 -u "in CID.* DE AD" \
284 -u "out CID.* BE EF"
285
286run_test "DTLS CID, client" \
287 "cli_cid.txt" \
288 -n "ERROR" \
289 -u "in CID.* BE EF" \
290 -u "out CID.* DE AD"
291
292run_test "No MBEDTLS_SSL_MAX_FRAGMENT_LENGTH, server" \
293 "srv_no_mfl.txt" \
294 -n "ERROR" \
295 -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH"
296
297run_test "No MBEDTLS_SSL_MAX_FRAGMENT_LENGTH, client" \
298 "cli_no_mfl.txt" \
299 -n "ERROR" \
300 -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH"
301
302run_test "No MBEDTLS_SSL_ALPN, server" \
303 "srv_no_alpn.txt" \
304 -n "ERROR" \
305 -n "MBEDTLS_SSL_ALPN"
306
307run_test "No MBEDTLS_SSL_ALPN, client" \
308 "cli_no_alpn.txt" \
309 -n "ERROR" \
310 -n "MBEDTLS_SSL_ALPN"
311
312run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, server" \
313 "srv_no_keep_cert.txt" \
314 -arg "--keep-peer-cert=0" \
315 -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \
316 -u "cipher flags.* 0x00" \
317 -u "compression.* disabled" \
318 -u "DTLS datagram packing.* enabled" \
319 -n "ERROR"
320
321run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, client" \
322 "cli_no_keep_cert.txt" \
323 -arg "--keep-peer-cert=0" \
324 -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \
325 -u "cipher flags.* 0x00" \
326 -u "compression.* disabled" \
327 -u "DTLS datagram packing.* enabled" \
328 -n "ERROR"
329
330run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, negative, server" \
331 "srv_no_keep_cert.txt" \
332 -m "Deserializing" \
333 -m "ERROR"
334
335run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, negative, client" \
336 "cli_no_keep_cert.txt" \
337 -m "Deserializing" \
338 -m "ERROR"
339
340run_test "Minimal configuration, server" \
341 "srv_min_cfg.txt" \
342 -n "ERROR" \
343 -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \
344 -n "MBEDTLS_SSL_TRUNCATED_HMAC$" \
345 -n "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
346 -n "MBEDTLS_SSL_SESSION_TICKETS$" \
347 -n "MBEDTLS_SSL_SESSION_TICKETS and client$" \
348 -n "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \
349 -n "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
350 -n "MBEDTLS_SSL_ALPN$" \
351
352run_test "Minimal configuration, client" \
353 "cli_min_cfg.txt" \
354 -n "ERROR" \
355 -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \
356 -n "MBEDTLS_SSL_TRUNCATED_HMAC$" \
357 -n "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
358 -n "MBEDTLS_SSL_SESSION_TICKETS$" \
359 -n "MBEDTLS_SSL_SESSION_TICKETS and client$" \
360 -n "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \
361 -n "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
362 -n "MBEDTLS_SSL_ALPN$" \
363
364run_test "MTU=10000" \
365 "mtu_10000.txt" \
366 -n "ERROR" \
367 -u "MTU.* 10000$"
368
369run_test "MFL=1024" \
370 "mfl_1024.txt" \
371 -n "ERROR" \
372 -u "MFL.* 1024$"
373
374run_test "Older version (v2.19.1)" \
375 "v2.19.1.txt" \
376 -n "ERROR" \
377 -u "major.* 2$" \
378 -u "minor.* 19$" \
379 -u "path.* 1$" \
380 -u "ciphersuite.* TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8$" \
381 -u "Message-Digest.* SHA256$" \
382 -u "compression.* disabled$" \
383 -u "serial number.* 01:70:AF:40:B4:E6$" \
384 -u "issuer name.* CN=ca$" \
385 -u "subject name.* L=160001, OU=acc1, CN=device01$" \
386 -u "issued on.* 2020-03-06 09:50:18$" \
387 -u "expires on.* 2056-02-26 09:50:18$" \
388 -u "signed using.* ECDSA with SHA256$" \
389 -u "lifetime.* 0 sec.$" \
390 -u "MFL.* none$" \
391 -u "negotiate truncated HMAC.* disabled$" \
392 -u "Encrypt-then-MAC.* enabled$" \
393 -u "DTLS datagram packing.* enabled$" \
394 -u "verify result.* 0x00000000$" \
395 -n "bytes left to analyze from context"
396
397run_test "Wrong base64 format" \
398 "def_bad_b64.txt" \
399 -m "ERROR" \
400 -u "The length of the base64 code found should be a multiple of 4" \
401 -n "bytes left to analyze from context"
402
403run_test "Too much data at the beginning of base64 code" \
404 "def_b64_too_big_1.txt" \
405 -m "ERROR" \
406 -n "The length of the base64 code found should be a multiple of 4" \
407
408run_test "Too much data in the middle of base64 code" \
409 "def_b64_too_big_2.txt" \
410 -m "ERROR" \
411 -n "The length of the base64 code found should be a multiple of 4" \
412
413run_test "Too much data at the end of base64 code" \
414 "def_b64_too_big_3.txt" \
415 -m "ERROR" \
416 -n "The length of the base64 code found should be a multiple of 4" \
417 -u "bytes left to analyze from context"
418
419run_test "Empty file as input" \
420 "empty.txt" \
421 -u "Finished. No valid base64 code found"
422
423run_test "Not empty file without base64 code" \
424 "../../context-info.sh" \
425 -n "Deserializing"
426
427run_test "Binary file instead of text file" \
428 "../../../programs/ssl/ssl_context_info" \
429 -m "ERROR" \
430 -u "Too many bad symbols detected. File check aborted" \
431 -n "Deserializing"
432
David Brown3bea9f62020-10-16 13:15:59 -0600[diff] [blame]433run_test "Decoder continues past 0xff character" \
434 "def_b64_ff.bin" \
435 -n "No valid base64" \
436 -u "ciphersuite.* TLS-"
437
Piotr Nowicki9978e6e2020-04-07 16:07:05 +0200[diff] [blame]438
439# End of tests
440
Gilles Peskine231befa2020-08-26 20:05:11 +0200[diff] [blame]441echo
Piotr Nowicki9978e6e2020-04-07 16:07:05 +0200[diff] [blame]442if [ $T_FAILED -eq 0 ]; then
Gilles Peskine231befa2020-08-26 20:05:11 +0200[diff] [blame]443 echo "PASSED ( $T_COUNT tests )"
Piotr Nowicki9978e6e2020-04-07 16:07:05 +0200[diff] [blame]444else
Gilles Peskine231befa2020-08-26 20:05:11 +0200[diff] [blame]445 echo "FAILED ( $T_FAILED / $T_COUNT tests )"
Piotr Nowicki9978e6e2020-04-07 16:07:05 +0200[diff] [blame]446fi
447
448exit $T_FAILED