• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#!/bin/sh
2
3# context-info.sh
4#
5# Copyright The Mbed TLS Contributors
6# SPDX-License-Identifier: Apache-2.0
7#
8# Licensed under the Apache License, Version 2.0 (the "License"); you may
9# not use this file except in compliance with the License.
10# You may obtain a copy of the License at
11#
12# http://www.apache.org/licenses/LICENSE-2.0
13#
14# Unless required by applicable law or agreed to in writing, software
15# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17# See the License for the specific language governing permissions and
18# limitations under the License.
19#
20# This program is intended for testing the ssl_context_info program
21#
22
23set -eu
24
25if ! cd "$(dirname "$0")"; then
26    exit 125
27fi
28
29# Variables
30
31THIS_SCRIPT_NAME=$(basename "$0")
32PROG_PATH="../programs/ssl/ssl_context_info"
33OUT_FILE="ssl_context_info.log"
34IN_DIR="data_files/base64"
35
36USE_VALGRIND=0
37
38T_COUNT=0
39T_PASSED=0
40T_FAILED=0
41
42
43# Functions
44
45print_usage() {
46    echo "Usage: $0 [options]"
47    printf "  -h|--help\tPrint this help.\n"
48    printf "  -m|--memcheck\tUse valgrind to check the memory.\n"
49}
50
51# Print test name <name>
52print_name() {
53    printf "%s %.*s " "$1" $(( 71 - ${#1} )) \
54    "........................................................................"
55}
56
57# Print header to the test output file <test name> <file path> <test command>
58print_header()
59{
60    date="$(date)"
61    echo "******************************************************************" >  $2
62    echo "* File created by: $THIS_SCRIPT_NAME"                               >> $2
63    echo "* Test name:  $1"                                                   >> $2
64    echo "* Date:       $date"                                                >> $2
65    echo "* Command:    $3"                                                   >> $2
66    echo "******************************************************************" >> $2
67    echo ""                                                                   >> $2
68}
69
70# Print footer at the end of file <file path>
71print_footer()
72{
73    echo ""                                                                   >> $1
74    echo "******************************************************************" >> $1
75    echo "* End command"                                                      >> $1
76    echo "******************************************************************" >> $1
77    echo ""                                                                   >> $1
78}
79
80# Use the arguments of this script
81get_options() {
82    while [ $# -gt 0 ]; do
83        case "$1" in
84            -h|--help)
85                print_usage
86                exit 0
87                ;;
88            -m|--memcheck)
89                USE_VALGRIND=1
90                ;;
91            *)
92                echo "Unknown argument: '$1'"
93                print_usage
94                exit 1
95                ;;
96        esac
97        shift
98    done
99}
100
101# Current test failed
102fail()
103{
104    T_FAILED=$(( $T_FAILED + 1))
105    FAIL_OUT="Fail.$T_FAILED""_$OUT_FILE"
106
107    echo "FAIL"
108    echo "    Error: $1"
109
110    cp -f "$OUT_FILE" "$FAIL_OUT"
111    echo "Error: $1" >> "$FAIL_OUT"
112}
113
114# Current test passed
115pass()
116{
117    T_PASSED=$(( $T_PASSED + 1))
118    echo "PASS"
119}
120
121# Usage: run_test <name> <input file with b64 code> [ -arg <extra arguments for tested program> ] [option [...]]
122# Options:  -m <pattern that MUST be present in the output of tested program>
123#           -n <pattern that must NOT be present in the output of tested program>
124#           -u <pattern that must be UNIQUE in the output of tested program>
125run_test()
126{
127    TEST_NAME="$1"
128    RUN_CMD="$PROG_PATH -f $IN_DIR/$2"
129
130    if [ "-arg" = "$3" ]; then
131        RUN_CMD="$RUN_CMD $4"
132        shift 4
133    else
134        shift 2
135    fi
136
137    # prepend valgrind to our commands if active
138    if [ "$USE_VALGRIND" -gt 0 ]; then
139        RUN_CMD="valgrind --leak-check=full $RUN_CMD"
140    fi
141
142    T_COUNT=$(( $T_COUNT + 1))
143    print_name "$TEST_NAME"
144
145    # run tested program
146    print_header "$TEST_NAME" "$OUT_FILE" "$RUN_CMD"
147    eval "$RUN_CMD" >> "$OUT_FILE" 2>&1
148    print_footer "$OUT_FILE"
149
150    # check valgrind's results
151    if [ "$USE_VALGRIND" -gt 0 ]; then
152        if ! ( grep -F 'All heap blocks were freed -- no leaks are possible' "$OUT_FILE" &&
153             grep -F 'ERROR SUMMARY: 0 errors from 0 contexts' "$OUT_FILE" ) > /dev/null
154        then
155            fail "Memory error detected"
156            return
157        fi
158    fi
159
160    # check other assertions
161    # lines beginning with == are added by valgrind, ignore them, because we already checked them before
162    # lines with 'Serious error when reading debug info', are valgrind issues as well
163    # lines beginning with * are added by this script, ignore too
164    while [ $# -gt 0 ]
165    do
166        case $1 in
167            "-m")
168                if grep -v '^==' "$OUT_FILE" | grep -v 'Serious error when reading debug info' | grep -v "^*" | grep "$2" >/dev/null; then :; else
169                    fail "pattern '$2' MUST be present in the output"
170                    return
171                fi
172                ;;
173
174            "-n")
175                if grep -v '^==' "$OUT_FILE" | grep -v 'Serious error when reading debug info' | grep -v "^*" | grep "$2" >/dev/null; then
176                    fail "pattern '$2' MUST NOT be present in the output"
177                    return
178                fi
179                ;;
180
181            "-u")
182                if [ $(grep -v '^==' "$OUT_FILE"| grep -v 'Serious error when reading debug info' | grep -v "^*" | grep "$2" | wc -l) -ne 1 ]; then
183                    fail "lines following pattern '$2' must be once in the output"
184                    return
185                fi
186                ;;
187
188            *)
189                echo "Unknown test: $1" >&2
190                exit 1
191        esac
192        shift 2
193    done
194
195    rm -f "$OUT_FILE"
196
197    pass
198}
199
200get_options "$@"
201
202# Tests
203
204run_test "Default configuration, server" \
205         "srv_def.txt" \
206         -n "ERROR" \
207         -u "major.* 2$" \
208         -u "minor.* 21$" \
209         -u "path.* 0$" \
210         -u "MBEDTLS_HAVE_TIME$" \
211         -u "MBEDTLS_X509_CRT_PARSE_C$" \
212         -u "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \
213         -u "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
214         -u "MBEDTLS_SSL_SESSION_TICKETS$" \
215         -u "MBEDTLS_SSL_SESSION_TICKETS and client$" \
216         -u "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
217         -u "MBEDTLS_SSL_ALPN$" \
218         -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \
219         -u "cipher flags.* 0x00$" \
220         -u "Message-Digest.* SHA256$" \
221         -u "compression.* disabled$" \
222         -u "DTLS datagram packing.* enabled$" \
223         -n "Certificate" \
224         -n "bytes left to analyze from context"
225
226run_test "Default configuration, client" \
227         "cli_def.txt" \
228         -n "ERROR" \
229         -u "major.* 2$" \
230         -u "minor.* 21$" \
231         -u "path.* 0$" \
232         -u "MBEDTLS_HAVE_TIME$" \
233         -u "MBEDTLS_X509_CRT_PARSE_C$" \
234         -u "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \
235         -u "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
236         -u "MBEDTLS_SSL_SESSION_TICKETS$" \
237         -u "MBEDTLS_SSL_SESSION_TICKETS and client$" \
238         -u "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
239         -u "MBEDTLS_SSL_ALPN$" \
240         -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \
241         -u "cipher flags.* 0x00$" \
242         -u "Message-Digest.* SHA256$" \
243         -u "compression.* disabled$" \
244         -u "DTLS datagram packing.* enabled$" \
245         -u "cert. version .* 3$" \
246         -u "serial number.* 02$" \
247         -u "issuer name.* C=NL, O=PolarSSL, CN=PolarSSL Test CA$" \
248         -u "subject name.* C=NL, O=PolarSSL, CN=localhost$" \
249         -u "issued  on.* 2019-02-10 14:44:06$" \
250         -u "expires on.* 2029-02-10 14:44:06$" \
251         -u "signed using.* RSA with SHA-256$" \
252         -u "RSA key size.* 2048 bits$" \
253         -u "basic constraints.* CA=false$" \
254         -n "bytes left to analyze from context"
255
256run_test "Ciphersuite TLS-RSA-WITH-AES-256-CCM-8, server" \
257         "srv_ciphersuite.txt" \
258         -n "ERROR" \
259         -u "ciphersuite.* TLS-RSA-WITH-AES-256-CCM-8$" \
260
261run_test "Ciphersuite TLS-RSA-WITH-AES-256-CCM-8, client" \
262         "cli_ciphersuite.txt" \
263         -n "ERROR" \
264         -u "ciphersuite.* TLS-RSA-WITH-AES-256-CCM-8$" \
265
266run_test "No packing, server" \
267         "srv_no_packing.txt" \
268         -n "ERROR" \
269         -u "DTLS datagram packing.* disabled"
270
271run_test "No packing, client" \
272         "cli_no_packing.txt" \
273         -n "ERROR" \
274         -u "DTLS datagram packing.* disabled"
275
276run_test "DTLS CID, server" \
277         "srv_cid.txt" \
278         -n "ERROR" \
279         -u "in CID.* DE AD" \
280         -u "out CID.* BE EF"
281
282run_test "DTLS CID, client" \
283         "cli_cid.txt" \
284         -n "ERROR" \
285         -u "in CID.* BE EF" \
286         -u "out CID.* DE AD"
287
288run_test "No MBEDTLS_SSL_MAX_FRAGMENT_LENGTH, server" \
289         "srv_no_mfl.txt" \
290         -n "ERROR" \
291         -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH"
292
293run_test "No MBEDTLS_SSL_MAX_FRAGMENT_LENGTH, client" \
294         "cli_no_mfl.txt" \
295         -n "ERROR" \
296         -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH"
297
298run_test "No MBEDTLS_SSL_ALPN, server" \
299         "srv_no_alpn.txt" \
300         -n "ERROR" \
301         -n "MBEDTLS_SSL_ALPN"
302
303run_test "No MBEDTLS_SSL_ALPN, client" \
304         "cli_no_alpn.txt" \
305         -n "ERROR" \
306         -n "MBEDTLS_SSL_ALPN"
307
308run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, server" \
309         "srv_no_keep_cert.txt" \
310         -arg "--keep-peer-cert=0" \
311         -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \
312         -u "cipher flags.* 0x00" \
313         -u "compression.* disabled" \
314         -u "DTLS datagram packing.* enabled" \
315         -n "ERROR"
316
317run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, client" \
318         "cli_no_keep_cert.txt" \
319         -arg "--keep-peer-cert=0" \
320         -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \
321         -u "cipher flags.* 0x00" \
322         -u "compression.* disabled" \
323         -u "DTLS datagram packing.* enabled" \
324         -n "ERROR"
325
326run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, negative, server" \
327         "srv_no_keep_cert.txt" \
328         -m "Deserializing" \
329         -m "ERROR"
330
331run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, negative, client" \
332         "cli_no_keep_cert.txt" \
333         -m "Deserializing" \
334         -m "ERROR"
335
336run_test "Minimal configuration, server" \
337         "srv_min_cfg.txt" \
338         -n "ERROR" \
339         -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \
340         -n "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
341         -n "MBEDTLS_SSL_SESSION_TICKETS$" \
342         -n "MBEDTLS_SSL_SESSION_TICKETS and client$" \
343         -n "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
344         -n "MBEDTLS_SSL_ALPN$" \
345
346run_test "Minimal configuration, client" \
347         "cli_min_cfg.txt" \
348         -n "ERROR" \
349         -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \
350         -n "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
351         -n "MBEDTLS_SSL_SESSION_TICKETS$" \
352         -n "MBEDTLS_SSL_SESSION_TICKETS and client$" \
353         -n "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
354         -n "MBEDTLS_SSL_ALPN$" \
355
356run_test "MTU=10000" \
357         "mtu_10000.txt" \
358         -n "ERROR" \
359         -u "MTU.* 10000$"
360
361run_test "MFL=1024" \
362         "mfl_1024.txt" \
363         -n "ERROR" \
364         -u "MFL.* 1024$"
365
366run_test "Older version (v2.19.1)" \
367         "v2.19.1.txt" \
368         -n "ERROR" \
369         -u "major.* 2$" \
370         -u "minor.* 19$" \
371         -u "path.* 1$" \
372         -u "ciphersuite.* TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8$" \
373         -u "Message-Digest.* SHA256$" \
374         -u "compression.* disabled$" \
375         -u "serial number.* 01:70:AF:40:B4:E6$" \
376         -u "issuer name.* CN=ca$" \
377         -u "subject name.* L=160001, OU=acc1, CN=device01$" \
378         -u "issued  on.* 2020-03-06 09:50:18$" \
379         -u "expires on.* 2056-02-26 09:50:18$" \
380         -u "signed using.* ECDSA with SHA256$" \
381         -u "lifetime.* 0 sec.$" \
382         -u "MFL.* none$" \
383         -u "negotiate truncated HMAC.* disabled$" \
384         -u "Encrypt-then-MAC.* enabled$" \
385         -u "DTLS datagram packing.* enabled$" \
386         -u "verify result.* 0x00000000$" \
387         -n "bytes left to analyze from context"
388
389run_test "Wrong base64 format" \
390         "def_bad_b64.txt" \
391         -m "ERROR" \
392         -u "The length of the base64 code found should be a multiple of 4" \
393         -n "bytes left to analyze from context"
394
395run_test "Too much data at the beginning of base64 code" \
396         "def_b64_too_big_1.txt" \
397         -m "ERROR" \
398         -n "The length of the base64 code found should be a multiple of 4" \
399
400run_test "Too much data in the middle of base64 code" \
401         "def_b64_too_big_2.txt" \
402         -m "ERROR" \
403         -n "The length of the base64 code found should be a multiple of 4" \
404
405run_test "Too much data at the end of base64 code" \
406         "def_b64_too_big_3.txt" \
407         -m "ERROR" \
408         -n "The length of the base64 code found should be a multiple of 4" \
409         -u "bytes left to analyze from context"
410
411run_test "Empty file as input" \
412         "empty.txt" \
413         -u "Finished. No valid base64 code found"
414
415run_test "Not empty file without base64 code" \
416         "../../context-info.sh" \
417         -n "Deserializing"
418
419run_test "Binary file instead of text file" \
420         "../../../programs/ssl/ssl_context_info" \
421         -m "ERROR" \
422         -u "Too many bad symbols detected. File check aborted" \
423         -n "Deserializing"
424
425run_test "Decoder continues past 0xff character" \
426         "def_b64_ff.bin" \
427         -n "No valid base64" \
428         -u "ciphersuite.* TLS-"
429
430
431# End of tests
432
433echo
434if [ $T_FAILED -eq 0 ]; then
435    echo "PASSED ( $T_COUNT tests )"
436else
437    echo "FAILED ( $T_FAILED / $T_COUNT tests )"
438fi
439
440exit $T_FAILED
441