commit 611a83b5719dbd184839fbcb40619098fbabcea0
author Hanno Becker <hanno.becker@arm.com> Wed Jan 03 14:27:32 2018 +0000
committer Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Mon Apr 29 12:15:21 2019 +0200
tree daea54135430abd1338e87188a75b7127a70e112
parent 92231325a7653e044542e0a2befc7b021ec6538a

Add tests for record encryption/decryption

This commit adds tests exercising mutually inverse pairs of
record encryption and decryption transformations for the various
transformation types allowed in TLS: Stream, CBC, and AEAD.

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index b6567fb..274d004 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1466,11 +1466,11 @@
     add_data[12] = rec->data_len & 0xFF;
 }
 
-static int ssl_encrypt_buf( mbedtls_ssl_context *ssl,
-                            mbedtls_ssl_transform *transform,
-                            mbedtls_record *rec,
-                            int (*f_rng)(void *, unsigned char *, size_t),
-                            void *p_rng )
+int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
+                             mbedtls_ssl_transform *transform,
+                             mbedtls_record *rec,
+                             int (*f_rng)(void *, unsigned char *, size_t),
+                             void *p_rng )
 {
     mbedtls_cipher_mode_t mode;
     int auth_done = 0;
@@ -1479,7 +1479,7 @@
     size_t post_avail;
 
     /* The SSL context is only used for debugging purposes! */
-#if !defined(MBEDTLS_SSL_DEBUG_C)
+#if !defined(MBEDTLS_DEBUG_C)
     ((void) ssl);
 #endif
 
@@ -1858,9 +1858,9 @@
     return( 0 );
 }
 
-static int ssl_decrypt_buf( mbedtls_ssl_context *ssl,
-                            mbedtls_ssl_transform *transform,
-                            mbedtls_record *rec )
+int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl,
+                             mbedtls_ssl_transform *transform,
+                             mbedtls_record *rec )
 {
     size_t olen;
     mbedtls_cipher_mode_t mode;
@@ -1871,7 +1871,7 @@
     unsigned char* data;
     unsigned char add_data[13];
 
-#if !defined(MBEDTLS_SSL_DEBUG_C)
+#if !defined(MBEDTLS_DEBUG_C)
     ((void) ssl);
 #endif
 
@@ -3451,7 +3451,7 @@
                                        ssl->conf->transport, rec.ver );
             rec.type = ssl->out_msgtype;
 
-            if( ( ret = ssl_encrypt_buf( ssl, ssl->transform_out, &rec,
+            if( ( ret = mbedtls_ssl_encrypt_buf( ssl, ssl->transform_out, &rec,
                                          ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
             {
                 MBEDTLS_SSL_DEBUG_RET( 1, "ssl_encrypt_buf", ret );
@@ -4333,7 +4333,8 @@
         mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
                                    ssl->conf->transport, rec.ver );
         rec.type = ssl->in_msgtype;
-        if( ( ret = ssl_decrypt_buf( ssl, ssl->transform_in, &rec ) ) != 0 )
+        if( ( ret = mbedtls_ssl_decrypt_buf( ssl, ssl->transform_in,
+                                             &rec ) ) != 0 )
         {
             MBEDTLS_SSL_DEBUG_RET( 1, "ssl_decrypt_buf", ret );
             return( ret );
@@ -6783,7 +6784,7 @@
 #endif
 }
 
-static void ssl_transform_init( mbedtls_ssl_transform *transform )
+void mbedtls_ssl_transform_init( mbedtls_ssl_transform *transform )
 {
     memset( transform, 0, sizeof(mbedtls_ssl_transform) );
 
@@ -6850,7 +6851,7 @@
 
     /* Initialize structures */
     mbedtls_ssl_session_init( ssl->session_negotiate );
-    ssl_transform_init( ssl->transform_negotiate );
+    mbedtls_ssl_transform_init( ssl->transform_negotiate );
     ssl_handshake_params_init( ssl->handshake );
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)