commit a18d1320daad8b2b76dd2179580c265c10477791
author Hanno Becker <hanno.becker@arm.com> Wed Jan 03 14:27:32 2018 +0000
committer Hanno Becker <hanno.becker@arm.com> Thu Apr 25 12:58:21 2019 +0100
tree 2a97d71a99ae9c8416215d2392ede471b9ca1595
parent d56ed2491be9f0a55729933ad90aa3b244a8ab3c

Add tests for record encryption/decryption

This commit adds tests exercising mutually inverse pairs of
record encryption and decryption transformations for the various
transformation types allowed in TLS: Stream, CBC, and AEAD.

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 933dfe2..79e0623 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1767,11 +1767,11 @@
     add_data[12] = rec->data_len & 0xFF;
 }
 
-static int ssl_encrypt_buf( mbedtls_ssl_context *ssl,
-                            mbedtls_ssl_transform *transform,
-                            mbedtls_record *rec,
-                            int (*f_rng)(void *, unsigned char *, size_t),
-                            void *p_rng )
+int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
+                             mbedtls_ssl_transform *transform,
+                             mbedtls_record *rec,
+                             int (*f_rng)(void *, unsigned char *, size_t),
+                             void *p_rng )
 {
     mbedtls_cipher_mode_t mode;
     int auth_done = 0;
@@ -1780,7 +1780,7 @@
     size_t post_avail;
 
     /* The SSL context is only used for debugging purposes! */
-#if !defined(MBEDTLS_SSL_DEBUG_C)
+#if !defined(MBEDTLS_DEBUG_C)
     ((void) ssl);
 #endif
 
@@ -2159,9 +2159,9 @@
     return( 0 );
 }
 
-static int ssl_decrypt_buf( mbedtls_ssl_context *ssl,
-                            mbedtls_ssl_transform *transform,
-                            mbedtls_record *rec )
+int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl,
+                             mbedtls_ssl_transform *transform,
+                             mbedtls_record *rec )
 {
     size_t olen;
     mbedtls_cipher_mode_t mode;
@@ -2172,7 +2172,7 @@
     unsigned char* data;
     unsigned char add_data[13];
 
-#if !defined(MBEDTLS_SSL_DEBUG_C)
+#if !defined(MBEDTLS_DEBUG_C)
     ((void) ssl);
 #endif
 
@@ -3752,7 +3752,7 @@
                                        ssl->conf->transport, rec.ver );
             rec.type = ssl->out_msgtype;
 
-            if( ( ret = ssl_encrypt_buf( ssl, ssl->transform_out, &rec,
+            if( ( ret = mbedtls_ssl_encrypt_buf( ssl, ssl->transform_out, &rec,
                                          ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
             {
                 MBEDTLS_SSL_DEBUG_RET( 1, "ssl_encrypt_buf", ret );
@@ -4634,7 +4634,8 @@
         mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
                                    ssl->conf->transport, rec.ver );
         rec.type = ssl->in_msgtype;
-        if( ( ret = ssl_decrypt_buf( ssl, ssl->transform_in, &rec ) ) != 0 )
+        if( ( ret = mbedtls_ssl_decrypt_buf( ssl, ssl->transform_in,
+                                             &rec ) ) != 0 )
         {
             MBEDTLS_SSL_DEBUG_RET( 1, "ssl_decrypt_buf", ret );
             return( ret );
@@ -7422,7 +7423,7 @@
 #endif
 }
 
-static void ssl_transform_init( mbedtls_ssl_transform *transform )
+void mbedtls_ssl_transform_init( mbedtls_ssl_transform *transform )
 {
     memset( transform, 0, sizeof(mbedtls_ssl_transform) );
 
@@ -7489,7 +7490,7 @@
 
     /* Initialize structures */
     mbedtls_ssl_session_init( ssl->session_negotiate );
-    ssl_transform_init( ssl->transform_negotiate );
+    mbedtls_ssl_transform_init( ssl->transform_negotiate );
     ssl_handshake_params_init( ssl->handshake );
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)