TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 9978e6ee143b055d6edfd6ee8d76dfd0af989cf2 / . / tests / context-info.sh
blob: 78aeb70f7c97b83acf25a39487f5e92d1a8c11ae [file] [log] [blame]
Piotr Nowicki9978e6e2020-04-07 16:07:05 +0200[diff] [blame^]1#!/bin/sh
2
3# context-info.sh
4#
5# This file is part of mbed TLS (https://tls.mbed.org)
6#
7# Copyright (c) 2012-2020, ARM Limited, All Rights Reserved
8#
9# This program is intended for testing the ssl_context_info program
10#
11
12set -eu
13
14if ! cd "$(dirname "$0")"; then
15 exit 125
16fi
17
18# Variables
19
20THIS_SCRIPT_NAME=$(basename "$0")
21PROG_PATH="../programs/ssl/ssl_context_info"
22OUT_FILE="ssl_context_info.log"
23IN_DIR="data_files/base64"
24
25USE_VALGRIND=0
26
27T_COUNT=0
28T_PASSED=0
29T_FAILED=0
30
31
32# Functions
33
34print_usage() {
35 echo "Usage: $0 [options]"
36 printf " -h|--help\tPrint this help.\n"
37 printf " -m|--memcheck\tUse valgrind to check the memory.\n"
38}
39
40# Print test name <name>
41print_name() {
42 printf "%s %.*s " "$1" $(( 71 - ${#1} )) \
43 "........................................................................"
44}
45
46# Print header to the test output file <test name> <file path> <test command>
47print_header()
48{
49 date="$(date)"
50 echo "******************************************************************" > $2
51 echo "* File created by: $THIS_SCRIPT_NAME" >> $2
52 echo "* Test name: $1" >> $2
53 echo "* Date: $date" >> $2
54 echo "* Command: $3" >> $2
55 echo "******************************************************************" >> $2
56 echo "" >> $2
57}
58
59# Print footer at the end of file <file path>
60print_footer()
61{
62 echo "" >> $1
63 echo "******************************************************************" >> $1
64 echo "* End command" >> $1
65 echo "******************************************************************" >> $1
66 echo "" >> $1
67}
68
69# Use the arguments of this script
70get_options() {
71 while [ $# -gt 0 ]; do
72 case "$1" in
73 -h|--help)
74 print_usage
75 exit 0
76 ;;
77 -m|--memcheck)
78 USE_VALGRIND=1
79 ;;
80 *)
81 echo "Unknown argument: '$1'"
82 print_usage
83 exit 1
84 ;;
85 esac
86 shift
87 done
88}
89
90# Current test failed
91fail()
92{
93 T_FAILED=$(( $T_FAILED + 1))
94 FAIL_OUT="Fail.$T_FAILED""_$OUT_FILE"
95
96 echo "FAIL"
97 echo " Error: $1"
98
99 cp -f "$OUT_FILE" "$FAIL_OUT"
100 echo "Error: $1" >> "$FAIL_OUT"
101}
102
103# Current test passed
104pass()
105{
106 T_PASSED=$(( $T_PASSED + 1))
107 echo "PASS"
108}
109
110# Usage: run_test <name> <input file with b64 code> [ -arg <extra arguments for tested program> ] [option [...]]
111# Options: -m <pattern that MUST be present in the output of tested program>
112# -n <pattern that must NOT be present in the output of tested program>
113# -u <pattern that must be UNIQUE in the output of tested program>
114run_test()
115{
116 TEST_NAME="$1"
117 RUN_CMD="$PROG_PATH -f $IN_DIR/$2"
118
119 if [ "-arg" = "$3" ]; then
120 RUN_CMD="$RUN_CMD $4"
121 shift 4
122 else
123 shift 2
124 fi
125
126 # prepend valgrind to our commands if active
127 if [ "$USE_VALGRIND" -gt 0 ]; then
128 RUN_CMD="valgrind --leak-check=full $RUN_CMD"
129 fi
130
131 T_COUNT=$(( $T_COUNT + 1))
132 print_name "$TEST_NAME"
133
134 # run tested program
135 print_header "$TEST_NAME" "$OUT_FILE" "$RUN_CMD"
136 eval "$RUN_CMD" >> "$OUT_FILE" 2>&1
137 print_footer "$OUT_FILE"
138
139 # check valgrind's results
140 if [ "$USE_VALGRIND" -gt 0 ]; then
141 if ! ( grep -F 'All heap blocks were freed -- no leaks are possible' "$OUT_FILE" &&
142 grep -F 'ERROR SUMMARY: 0 errors from 0 contexts' "$OUT_FILE" ) > /dev/null
143 then
144 fail "Memory error detected"
145 return
146 fi
147 fi
148
149 # check other assertions
150 # lines beginning with == are added by valgrind, ignore them, because we already checked them before
151 # lines with 'Serious error when reading debug info', are valgrind issues as well
152 # lines beginning with * are added by this script, ignore too
153 while [ $# -gt 0 ]
154 do
155 case $1 in
156 "-m")
157 if grep -v '^==' "$OUT_FILE" | grep -v 'Serious error when reading debug info' | grep -v "^*" | grep "$2" >/dev/null; then :; else
158 fail "pattern '$2' MUST be present in the output"
159 return
160 fi
161 ;;
162
163 "-n")
164 if grep -v '^==' "$OUT_FILE" | grep -v 'Serious error when reading debug info' | grep -v "^*" | grep "$2" >/dev/null; then
165 fail "pattern '$2' MUST NOT be present in the output"
166 return
167 fi
168 ;;
169
170 "-u")
171 if [ $(grep -v '^==' "$OUT_FILE"| grep -v 'Serious error when reading debug info' | grep -v "^*" | grep "$2" | wc -l) -ne 1 ]; then
172 fail "lines following pattern '$2' must be once in the output"
173 return
174 fi
175 ;;
176
177 *)
178 echo "Unknown test: $1" >&2
179 exit 1
180 esac
181 shift 2
182 done
183
184 rm -f "$OUT_FILE"
185
186 pass
187}
188
189get_options "$@"
190
191# Tests
192
193run_test "Default configuration, server" \
194 "srv_def.txt" \
195 -n "ERROR" \
196 -u "major.* 2$" \
197 -u "minor.* 21$" \
198 -u "path.* 0$" \
199 -u "MBEDTLS_HAVE_TIME$" \
200 -u "MBEDTLS_X509_CRT_PARSE_C$" \
201 -u "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \
202 -u "MBEDTLS_SSL_TRUNCATED_HMAC$" \
203 -u "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
204 -u "MBEDTLS_SSL_SESSION_TICKETS$" \
205 -u "MBEDTLS_SSL_SESSION_TICKETS and client$" \
206 -u "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \
207 -u "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
208 -u "MBEDTLS_SSL_ALPN$" \
209 -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \
210 -u "cipher flags.* 0x00$" \
211 -u "Message-Digest.* SHA256$" \
212 -u "compression.* disabled$" \
213 -u "DTLS datagram packing.* enabled$" \
214 -n "Certificate" \
215 -n "bytes left to analyze from context"
216
217run_test "Default configuration, client" \
218 "cli_def.txt" \
219 -n "ERROR" \
220 -u "major.* 2$" \
221 -u "minor.* 21$" \
222 -u "path.* 0$" \
223 -u "MBEDTLS_HAVE_TIME$" \
224 -u "MBEDTLS_X509_CRT_PARSE_C$" \
225 -u "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \
226 -u "MBEDTLS_SSL_TRUNCATED_HMAC$" \
227 -u "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
228 -u "MBEDTLS_SSL_SESSION_TICKETS$" \
229 -u "MBEDTLS_SSL_SESSION_TICKETS and client$" \
230 -u "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \
231 -u "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
232 -u "MBEDTLS_SSL_ALPN$" \
233 -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \
234 -u "cipher flags.* 0x00$" \
235 -u "Message-Digest.* SHA256$" \
236 -u "compression.* disabled$" \
237 -u "DTLS datagram packing.* enabled$" \
238 -u "cert. version .* 3$" \
239 -u "serial number.* 02$" \
240 -u "issuer name.* C=NL, O=PolarSSL, CN=PolarSSL Test CA$" \
241 -u "subject name.* C=NL, O=PolarSSL, CN=localhost$" \
242 -u "issued on.* 2019-02-10 14:44:06$" \
243 -u "expires on.* 2029-02-10 14:44:06$" \
244 -u "signed using.* RSA with SHA-256$" \
245 -u "RSA key size.* 2048 bits$" \
246 -u "basic constraints.* CA=false$" \
247 -n "bytes left to analyze from context"
248
249run_test "Ciphersuite TLS-RSA-WITH-AES-256-CCM-8, server" \
250 "srv_ciphersuite.txt" \
251 -n "ERROR" \
252 -u "ciphersuite.* TLS-RSA-WITH-AES-256-CCM-8$" \
253
254run_test "Ciphersuite TLS-RSA-WITH-AES-256-CCM-8, client" \
255 "cli_ciphersuite.txt" \
256 -n "ERROR" \
257 -u "ciphersuite.* TLS-RSA-WITH-AES-256-CCM-8$" \
258
259run_test "No packing, server" \
260 "srv_no_packing.txt" \
261 -n "ERROR" \
262 -u "DTLS datagram packing.* disabled"
263
264run_test "No packing, client" \
265 "cli_no_packing.txt" \
266 -n "ERROR" \
267 -u "DTLS datagram packing.* disabled"
268
269run_test "DTLS CID, server" \
270 "srv_cid.txt" \
271 -n "ERROR" \
272 -u "in CID.* DE AD" \
273 -u "out CID.* BE EF"
274
275run_test "DTLS CID, client" \
276 "cli_cid.txt" \
277 -n "ERROR" \
278 -u "in CID.* BE EF" \
279 -u "out CID.* DE AD"
280
281run_test "No MBEDTLS_SSL_MAX_FRAGMENT_LENGTH, server" \
282 "srv_no_mfl.txt" \
283 -n "ERROR" \
284 -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH"
285
286run_test "No MBEDTLS_SSL_MAX_FRAGMENT_LENGTH, client" \
287 "cli_no_mfl.txt" \
288 -n "ERROR" \
289 -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH"
290
291run_test "No MBEDTLS_SSL_ALPN, server" \
292 "srv_no_alpn.txt" \
293 -n "ERROR" \
294 -n "MBEDTLS_SSL_ALPN"
295
296run_test "No MBEDTLS_SSL_ALPN, client" \
297 "cli_no_alpn.txt" \
298 -n "ERROR" \
299 -n "MBEDTLS_SSL_ALPN"
300
301run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, server" \
302 "srv_no_keep_cert.txt" \
303 -arg "--keep-peer-cert=0" \
304 -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \
305 -u "cipher flags.* 0x00" \
306 -u "compression.* disabled" \
307 -u "DTLS datagram packing.* enabled" \
308 -n "ERROR"
309
310run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, client" \
311 "cli_no_keep_cert.txt" \
312 -arg "--keep-peer-cert=0" \
313 -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \
314 -u "cipher flags.* 0x00" \
315 -u "compression.* disabled" \
316 -u "DTLS datagram packing.* enabled" \
317 -n "ERROR"
318
319run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, negative, server" \
320 "srv_no_keep_cert.txt" \
321 -m "Deserializing" \
322 -m "ERROR"
323
324run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, negative, client" \
325 "cli_no_keep_cert.txt" \
326 -m "Deserializing" \
327 -m "ERROR"
328
329run_test "Minimal configuration, server" \
330 "srv_min_cfg.txt" \
331 -n "ERROR" \
332 -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \
333 -n "MBEDTLS_SSL_TRUNCATED_HMAC$" \
334 -n "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
335 -n "MBEDTLS_SSL_SESSION_TICKETS$" \
336 -n "MBEDTLS_SSL_SESSION_TICKETS and client$" \
337 -n "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \
338 -n "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
339 -n "MBEDTLS_SSL_ALPN$" \
340
341run_test "Minimal configuration, client" \
342 "cli_min_cfg.txt" \
343 -n "ERROR" \
344 -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \
345 -n "MBEDTLS_SSL_TRUNCATED_HMAC$" \
346 -n "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
347 -n "MBEDTLS_SSL_SESSION_TICKETS$" \
348 -n "MBEDTLS_SSL_SESSION_TICKETS and client$" \
349 -n "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \
350 -n "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
351 -n "MBEDTLS_SSL_ALPN$" \
352
353run_test "MTU=10000" \
354 "mtu_10000.txt" \
355 -n "ERROR" \
356 -u "MTU.* 10000$"
357
358run_test "MFL=1024" \
359 "mfl_1024.txt" \
360 -n "ERROR" \
361 -u "MFL.* 1024$"
362
363run_test "Older version (v2.19.1)" \
364 "v2.19.1.txt" \
365 -n "ERROR" \
366 -u "major.* 2$" \
367 -u "minor.* 19$" \
368 -u "path.* 1$" \
369 -u "ciphersuite.* TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8$" \
370 -u "Message-Digest.* SHA256$" \
371 -u "compression.* disabled$" \
372 -u "serial number.* 01:70:AF:40:B4:E6$" \
373 -u "issuer name.* CN=ca$" \
374 -u "subject name.* L=160001, OU=acc1, CN=device01$" \
375 -u "issued on.* 2020-03-06 09:50:18$" \
376 -u "expires on.* 2056-02-26 09:50:18$" \
377 -u "signed using.* ECDSA with SHA256$" \
378 -u "lifetime.* 0 sec.$" \
379 -u "MFL.* none$" \
380 -u "negotiate truncated HMAC.* disabled$" \
381 -u "Encrypt-then-MAC.* enabled$" \
382 -u "DTLS datagram packing.* enabled$" \
383 -u "verify result.* 0x00000000$" \
384 -n "bytes left to analyze from context"
385
386run_test "Wrong base64 format" \
387 "def_bad_b64.txt" \
388 -m "ERROR" \
389 -u "The length of the base64 code found should be a multiple of 4" \
390 -n "bytes left to analyze from context"
391
392run_test "Too much data at the beginning of base64 code" \
393 "def_b64_too_big_1.txt" \
394 -m "ERROR" \
395 -n "The length of the base64 code found should be a multiple of 4" \
396
397run_test "Too much data in the middle of base64 code" \
398 "def_b64_too_big_2.txt" \
399 -m "ERROR" \
400 -n "The length of the base64 code found should be a multiple of 4" \
401
402run_test "Too much data at the end of base64 code" \
403 "def_b64_too_big_3.txt" \
404 -m "ERROR" \
405 -n "The length of the base64 code found should be a multiple of 4" \
406 -u "bytes left to analyze from context"
407
408run_test "Empty file as input" \
409 "empty.txt" \
410 -u "Finished. No valid base64 code found"
411
412run_test "Not empty file without base64 code" \
413 "../../context-info.sh" \
414 -n "Deserializing"
415
416run_test "Binary file instead of text file" \
417 "../../../programs/ssl/ssl_context_info" \
418 -m "ERROR" \
419 -u "Too many bad symbols detected. File check aborted" \
420 -n "Deserializing"
421
422
423# End of tests
424
425if [ $T_FAILED -eq 0 ]; then
426 printf "\nPASSED ( $T_COUNT tests )\n"
427else
428 printf "\nFAILED ( $T_FAILED / $T_COUNT tests )\n"
429fi
430
431exit $T_FAILED