diff options
Diffstat (limited to 'tests/context-info.sh')
| -rwxr-xr-x | tests/context-info.sh | 428 |
1 files changed, 428 insertions, 0 deletions
diff --git a/tests/context-info.sh b/tests/context-info.sh new file mode 100755 index 00000000000..55e321943cc --- /dev/null +++ b/tests/context-info.sh @@ -0,0 +1,428 @@ +#!/bin/sh + +# context-info.sh +# +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# +# This program is intended for testing the ssl_context_info program +# + +set -eu + +if ! cd "$(dirname "$0")"; then + exit 125 +fi + +# Variables + +THIS_SCRIPT_NAME=$(basename "$0") +PROG_PATH="../programs/ssl/ssl_context_info" +OUT_FILE="ssl_context_info.log" +IN_DIR="data_files/base64" + +USE_VALGRIND=0 + +T_COUNT=0 +T_PASSED=0 +T_FAILED=0 + + +# Functions + +print_usage() { + echo "Usage: $0 [options]" + printf " -h|--help\tPrint this help.\n" + printf " -m|--memcheck\tUse valgrind to check the memory.\n" +} + +# Print test name <name> +print_name() { + printf "%s %.*s " "$1" $(( 71 - ${#1} )) \ + "........................................................................" +} + +# Print header to the test output file <test name> <file path> <test command> +print_header() +{ + date="$(date)" + echo "******************************************************************" > $2 + echo "* File created by: $THIS_SCRIPT_NAME" >> $2 + echo "* Test name: $1" >> $2 + echo "* Date: $date" >> $2 + echo "* Command: $3" >> $2 + echo "******************************************************************" >> $2 + echo "" >> $2 +} + +# Print footer at the end of file <file path> +print_footer() +{ + echo "" >> $1 + echo "******************************************************************" >> $1 + echo "* End command" >> $1 + echo "******************************************************************" >> $1 + echo "" >> $1 +} + +# Use the arguments of this script +get_options() { + while [ $# -gt 0 ]; do + case "$1" in + -h|--help) + print_usage + exit 0 + ;; + -m|--memcheck) + USE_VALGRIND=1 + ;; + *) + echo "Unknown argument: '$1'" + print_usage + exit 1 + ;; + esac + shift + done +} + +# Current test failed +fail() +{ + T_FAILED=$(( $T_FAILED + 1)) + FAIL_OUT="Fail.$T_FAILED""_$OUT_FILE" + + echo "FAIL" + echo " Error: $1" + + cp -f "$OUT_FILE" "$FAIL_OUT" + echo "Error: $1" >> "$FAIL_OUT" +} + +# Current test passed +pass() +{ + T_PASSED=$(( $T_PASSED + 1)) + echo "PASS" +} + +# Usage: run_test <name> <input file with b64 code> [ -arg <extra arguments for tested program> ] [option [...]] +# Options: -m <pattern that MUST be present in the output of tested program> +# -n <pattern that must NOT be present in the output of tested program> +# -u <pattern that must be UNIQUE in the output of tested program> +run_test() +{ + TEST_NAME="$1" + RUN_CMD="$PROG_PATH -f $IN_DIR/$2" + + if [ "-arg" = "$3" ]; then + RUN_CMD="$RUN_CMD $4" + shift 4 + else + shift 2 + fi + + # prepend valgrind to our commands if active + if [ "$USE_VALGRIND" -gt 0 ]; then + RUN_CMD="valgrind --leak-check=full $RUN_CMD" + fi + + T_COUNT=$(( $T_COUNT + 1)) + print_name "$TEST_NAME" + + # run tested program + print_header "$TEST_NAME" "$OUT_FILE" "$RUN_CMD" + eval "$RUN_CMD" >> "$OUT_FILE" 2>&1 + print_footer "$OUT_FILE" + + # check valgrind's results + if [ "$USE_VALGRIND" -gt 0 ]; then + if ! ( grep -F 'All heap blocks were freed -- no leaks are possible' "$OUT_FILE" && + grep -F 'ERROR SUMMARY: 0 errors from 0 contexts' "$OUT_FILE" ) > /dev/null + then + fail "Memory error detected" + return + fi + fi + + # check other assertions + # lines beginning with == are added by valgrind, ignore them, because we already checked them before + # lines with 'Serious error when reading debug info', are valgrind issues as well + # lines beginning with * are added by this script, ignore too + while [ $# -gt 0 ] + do + case $1 in + "-m") + if grep -v '^==' "$OUT_FILE" | grep -v 'Serious error when reading debug info' | grep -v "^*" | grep "$2" >/dev/null; then :; else + fail "pattern '$2' MUST be present in the output" + return + fi + ;; + + "-n") + if grep -v '^==' "$OUT_FILE" | grep -v 'Serious error when reading debug info' | grep -v "^*" | grep "$2" >/dev/null; then + fail "pattern '$2' MUST NOT be present in the output" + return + fi + ;; + + "-u") + if [ $(grep -v '^==' "$OUT_FILE"| grep -v 'Serious error when reading debug info' | grep -v "^*" | grep "$2" | wc -l) -ne 1 ]; then + fail "lines following pattern '$2' must be once in the output" + return + fi + ;; + + *) + echo "Unknown test: $1" >&2 + exit 1 + esac + shift 2 + done + + rm -f "$OUT_FILE" + + pass +} + +get_options "$@" + +# Tests + +run_test "Default configuration, server" \ + "srv_def.txt" \ + -n "ERROR" \ + -u "major.* 2$" \ + -u "minor.* 21$" \ + -u "path.* 0$" \ + -u "MBEDTLS_HAVE_TIME$" \ + -u "MBEDTLS_X509_CRT_PARSE_C$" \ + -u "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \ + -u "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \ + -u "MBEDTLS_SSL_SESSION_TICKETS$" \ + -u "MBEDTLS_SSL_SESSION_TICKETS and client$" \ + -u "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \ + -u "MBEDTLS_SSL_ALPN$" \ + -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \ + -u "cipher flags.* 0x00$" \ + -u "Message-Digest.* SHA256$" \ + -u "compression.* disabled$" \ + -u "DTLS datagram packing.* enabled$" \ + -n "Certificate" \ + -n "bytes left to analyze from context" + +run_test "Default configuration, client" \ + "cli_def.txt" \ + -n "ERROR" \ + -u "major.* 2$" \ + -u "minor.* 21$" \ + -u "path.* 0$" \ + -u "MBEDTLS_HAVE_TIME$" \ + -u "MBEDTLS_X509_CRT_PARSE_C$" \ + -u "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \ + -u "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \ + -u "MBEDTLS_SSL_SESSION_TICKETS$" \ + -u "MBEDTLS_SSL_SESSION_TICKETS and client$" \ + -u "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \ + -u "MBEDTLS_SSL_ALPN$" \ + -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \ + -u "cipher flags.* 0x00$" \ + -u "Message-Digest.* SHA256$" \ + -u "compression.* disabled$" \ + -u "DTLS datagram packing.* enabled$" \ + -u "cert. version .* 3$" \ + -u "serial number.* 02$" \ + -u "issuer name.* C=NL, O=PolarSSL, CN=PolarSSL Test CA$" \ + -u "subject name.* C=NL, O=PolarSSL, CN=localhost$" \ + -u "issued on.* 2019-02-10 14:44:06$" \ + -u "expires on.* 2029-02-10 14:44:06$" \ + -u "signed using.* RSA with SHA-256$" \ + -u "RSA key size.* 2048 bits$" \ + -u "basic constraints.* CA=false$" \ + -n "bytes left to analyze from context" + +run_test "Ciphersuite TLS-RSA-WITH-AES-256-CCM-8, server" \ + "srv_ciphersuite.txt" \ + -n "ERROR" \ + -u "ciphersuite.* TLS-RSA-WITH-AES-256-CCM-8$" \ + +run_test "Ciphersuite TLS-RSA-WITH-AES-256-CCM-8, client" \ + "cli_ciphersuite.txt" \ + -n "ERROR" \ + -u "ciphersuite.* TLS-RSA-WITH-AES-256-CCM-8$" \ + +run_test "No packing, server" \ + "srv_no_packing.txt" \ + -n "ERROR" \ + -u "DTLS datagram packing.* disabled" + +run_test "No packing, client" \ + "cli_no_packing.txt" \ + -n "ERROR" \ + -u "DTLS datagram packing.* disabled" + +run_test "DTLS CID, server" \ + "srv_cid.txt" \ + -n "ERROR" \ + -u "in CID.* DE AD" \ + -u "out CID.* BE EF" + +run_test "DTLS CID, client" \ + "cli_cid.txt" \ + -n "ERROR" \ + -u "in CID.* BE EF" \ + -u "out CID.* DE AD" + +run_test "No MBEDTLS_SSL_MAX_FRAGMENT_LENGTH, server" \ + "srv_no_mfl.txt" \ + -n "ERROR" \ + -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH" + +run_test "No MBEDTLS_SSL_MAX_FRAGMENT_LENGTH, client" \ + "cli_no_mfl.txt" \ + -n "ERROR" \ + -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH" + +run_test "No MBEDTLS_SSL_ALPN, server" \ + "srv_no_alpn.txt" \ + -n "ERROR" \ + -n "MBEDTLS_SSL_ALPN" + +run_test "No MBEDTLS_SSL_ALPN, client" \ + "cli_no_alpn.txt" \ + -n "ERROR" \ + -n "MBEDTLS_SSL_ALPN" + +run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, server" \ + "srv_no_keep_cert.txt" \ + -arg "--keep-peer-cert=0" \ + -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \ + -u "cipher flags.* 0x00" \ + -u "compression.* disabled" \ + -u "DTLS datagram packing.* enabled" \ + -n "ERROR" + +run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, client" \ + "cli_no_keep_cert.txt" \ + -arg "--keep-peer-cert=0" \ + -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \ + -u "cipher flags.* 0x00" \ + -u "compression.* disabled" \ + -u "DTLS datagram packing.* enabled" \ + -n "ERROR" + +run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, negative, server" \ + "srv_no_keep_cert.txt" \ + -m "Deserializing" \ + -m "ERROR" + +run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, negative, client" \ + "cli_no_keep_cert.txt" \ + -m "Deserializing" \ + -m "ERROR" + +run_test "Minimal configuration, server" \ + "srv_min_cfg.txt" \ + -n "ERROR" \ + -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \ + -n "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \ + -n "MBEDTLS_SSL_SESSION_TICKETS$" \ + -n "MBEDTLS_SSL_SESSION_TICKETS and client$" \ + -n "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \ + -n "MBEDTLS_SSL_ALPN$" \ + +run_test "Minimal configuration, client" \ + "cli_min_cfg.txt" \ + -n "ERROR" \ + -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \ + -n "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \ + -n "MBEDTLS_SSL_SESSION_TICKETS$" \ + -n "MBEDTLS_SSL_SESSION_TICKETS and client$" \ + -n "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \ + -n "MBEDTLS_SSL_ALPN$" \ + +run_test "MTU=10000" \ + "mtu_10000.txt" \ + -n "ERROR" \ + -u "MTU.* 10000$" + +run_test "MFL=1024" \ + "mfl_1024.txt" \ + -n "ERROR" \ + -u "MFL.* 1024$" + +run_test "Older version (v2.19.1)" \ + "v2.19.1.txt" \ + -n "ERROR" \ + -u "major.* 2$" \ + -u "minor.* 19$" \ + -u "path.* 1$" \ + -u "ciphersuite.* TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8$" \ + -u "Message-Digest.* SHA256$" \ + -u "compression.* disabled$" \ + -u "serial number.* 01:70:AF:40:B4:E6$" \ + -u "issuer name.* CN=ca$" \ + -u "subject name.* L=160001, OU=acc1, CN=device01$" \ + -u "issued on.* 2020-03-06 09:50:18$" \ + -u "expires on.* 2056-02-26 09:50:18$" \ + -u "signed using.* ECDSA with SHA256$" \ + -u "lifetime.* 0 sec.$" \ + -u "MFL.* none$" \ + -u "negotiate truncated HMAC.* disabled$" \ + -u "Encrypt-then-MAC.* enabled$" \ + -u "DTLS datagram packing.* enabled$" \ + -u "verify result.* 0x00000000$" \ + -n "bytes left to analyze from context" + +run_test "Wrong base64 format" \ + "def_bad_b64.txt" \ + -m "ERROR" \ + -u "The length of the base64 code found should be a multiple of 4" \ + -n "bytes left to analyze from context" + +run_test "Too much data at the beginning of base64 code" \ + "def_b64_too_big_1.txt" \ + -m "ERROR" \ + -n "The length of the base64 code found should be a multiple of 4" \ + +run_test "Too much data in the middle of base64 code" \ + "def_b64_too_big_2.txt" \ + -m "ERROR" \ + -n "The length of the base64 code found should be a multiple of 4" \ + +run_test "Too much data at the end of base64 code" \ + "def_b64_too_big_3.txt" \ + -m "ERROR" \ + -n "The length of the base64 code found should be a multiple of 4" \ + -u "bytes left to analyze from context" + +run_test "Empty file as input" \ + "empty.txt" \ + -u "Finished. No valid base64 code found" + +run_test "Not empty file without base64 code" \ + "../../context-info.sh" \ + -n "Deserializing" + +run_test "Binary file instead of text file" \ + "../../../programs/ssl/ssl_context_info" \ + -m "ERROR" \ + -u "Too many bad symbols detected. File check aborted" \ + -n "Deserializing" + +run_test "Decoder continues past 0xff character" \ + "def_b64_ff.bin" \ + -n "No valid base64" \ + -u "ciphersuite.* TLS-" + + +# End of tests + +echo +if [ $T_FAILED -eq 0 ]; then + echo "PASSED ( $T_COUNT tests )" +else + echo "FAILED ( $T_FAILED / $T_COUNT tests )" +fi + +exit $T_FAILED |