1#!/bin/sh 2 3# context-info.sh 4# 5# Copyright The Mbed TLS Contributors 6# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 7# 8# This program is intended for testing the ssl_context_info program 9# 10 11set -eu 12 13if ! cd "$(dirname "$0")"; then 14 exit 125 15fi 16 17# Variables 18 19THIS_SCRIPT_NAME=$(basename "$0") 20PROG_PATH="../programs/ssl/ssl_context_info" 21OUT_FILE="ssl_context_info.log" 22IN_DIR="data_files/base64" 23 24USE_VALGRIND=0 25 26T_COUNT=0 27T_PASSED=0 28T_FAILED=0 29 30 31# Functions 32 33print_usage() { 34 echo "Usage: $0 [options]" 35 printf " -h|--help\tPrint this help.\n" 36 printf " -m|--memcheck\tUse valgrind to check the memory.\n" 37} 38 39# Print test name <name> 40print_name() { 41 printf "%s %.*s " "$1" $(( 71 - ${#1} )) \ 42 "........................................................................" 43} 44 45# Print header to the test output file <test name> <file path> <test command> 46print_header() 47{ 48 date="$(date)" 49 echo "******************************************************************" > $2 50 echo "* File created by: $THIS_SCRIPT_NAME" >> $2 51 echo "* Test name: $1" >> $2 52 echo "* Date: $date" >> $2 53 echo "* Command: $3" >> $2 54 echo "******************************************************************" >> $2 55 echo "" >> $2 56} 57 58# Print footer at the end of file <file path> 59print_footer() 60{ 61 echo "" >> $1 62 echo "******************************************************************" >> $1 63 echo "* End command" >> $1 64 echo "******************************************************************" >> $1 65 echo "" >> $1 66} 67 68# Use the arguments of this script 69get_options() { 70 while [ $# -gt 0 ]; do 71 case "$1" in 72 -h|--help) 73 print_usage 74 exit 0 75 ;; 76 -m|--memcheck) 77 USE_VALGRIND=1 78 ;; 79 *) 80 echo "Unknown argument: '$1'" 81 print_usage 82 exit 1 83 ;; 84 esac 85 shift 86 done 87} 88 89# Current test failed 90fail() 91{ 92 T_FAILED=$(( $T_FAILED + 1)) 93 FAIL_OUT="Fail.$T_FAILED""_$OUT_FILE" 94 95 echo "FAIL" 96 echo " Error: $1" 97 98 cp -f "$OUT_FILE" "$FAIL_OUT" 99 echo "Error: $1" >> "$FAIL_OUT" 100} 101 102# Current test passed 103pass() 104{ 105 T_PASSED=$(( $T_PASSED + 1)) 106 echo "PASS" 107} 108 109# Usage: run_test <name> <input file with b64 code> [ -arg <extra arguments for tested program> ] [option [...]] 110# Options: -m <pattern that MUST be present in the output of tested program> 111# -n <pattern that must NOT be present in the output of tested program> 112# -u <pattern that must be UNIQUE in the output of tested program> 113run_test() 114{ 115 TEST_NAME="$1" 116 RUN_CMD="$PROG_PATH -f $IN_DIR/$2" 117 118 if [ "-arg" = "$3" ]; then 119 RUN_CMD="$RUN_CMD $4" 120 shift 4 121 else 122 shift 2 123 fi 124 125 # prepend valgrind to our commands if active 126 if [ "$USE_VALGRIND" -gt 0 ]; then 127 RUN_CMD="valgrind --leak-check=full $RUN_CMD" 128 fi 129 130 T_COUNT=$(( $T_COUNT + 1)) 131 print_name "$TEST_NAME" 132 133 # run tested program 134 print_header "$TEST_NAME" "$OUT_FILE" "$RUN_CMD" 135 eval "$RUN_CMD" >> "$OUT_FILE" 2>&1 136 print_footer "$OUT_FILE" 137 138 # check valgrind's results 139 if [ "$USE_VALGRIND" -gt 0 ]; then 140 if ! ( grep -F 'All heap blocks were freed -- no leaks are possible' "$OUT_FILE" && 141 grep -F 'ERROR SUMMARY: 0 errors from 0 contexts' "$OUT_FILE" ) > /dev/null 142 then 143 fail "Memory error detected" 144 return 145 fi 146 fi 147 148 # check other assertions 149 # lines beginning with == are added by valgrind, ignore them, because we already checked them before 150 # lines with 'Serious error when reading debug info', are valgrind issues as well 151 # lines beginning with * are added by this script, ignore too 152 while [ $# -gt 0 ] 153 do 154 case $1 in 155 "-m") 156 if grep -v '^==' "$OUT_FILE" | grep -v 'Serious error when reading debug info' | grep -v "^*" | grep "$2" >/dev/null; then :; else 157 fail "pattern '$2' MUST be present in the output" 158 return 159 fi 160 ;; 161 162 "-n") 163 if grep -v '^==' "$OUT_FILE" | grep -v 'Serious error when reading debug info' | grep -v "^*" | grep "$2" >/dev/null; then 164 fail "pattern '$2' MUST NOT be present in the output" 165 return 166 fi 167 ;; 168 169 "-u") 170 if [ $(grep -v '^==' "$OUT_FILE"| grep -v 'Serious error when reading debug info' | grep -v "^*" | grep "$2" | wc -l) -ne 1 ]; then 171 fail "lines following pattern '$2' must be once in the output" 172 return 173 fi 174 ;; 175 176 *) 177 echo "Unknown test: $1" >&2 178 exit 1 179 esac 180 shift 2 181 done 182 183 rm -f "$OUT_FILE" 184 185 pass 186} 187 188get_options "$@" 189 190# Tests 191 192run_test "Default configuration, server" \ 193 "srv_def.txt" \ 194 -n "ERROR" \ 195 -u "major.* 2$" \ 196 -u "minor.* 21$" \ 197 -u "path.* 0$" \ 198 -u "MBEDTLS_HAVE_TIME$" \ 199 -u "MBEDTLS_X509_CRT_PARSE_C$" \ 200 -u "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \ 201 -u "MBEDTLS_SSL_TRUNCATED_HMAC$" \ 202 -u "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \ 203 -u "MBEDTLS_SSL_SESSION_TICKETS$" \ 204 -u "MBEDTLS_SSL_SESSION_TICKETS and client$" \ 205 -u "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \ 206 -u "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \ 207 -u "MBEDTLS_SSL_ALPN$" \ 208 -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \ 209 -u "cipher flags.* 0x00$" \ 210 -u "Message-Digest.* SHA256$" \ 211 -u "compression.* disabled$" \ 212 -u "DTLS datagram packing.* enabled$" \ 213 -n "Certificate" \ 214 -n "bytes left to analyze from context" 215 216run_test "Default configuration, client" \ 217 "cli_def.txt" \ 218 -n "ERROR" \ 219 -u "major.* 2$" \ 220 -u "minor.* 21$" \ 221 -u "path.* 0$" \ 222 -u "MBEDTLS_HAVE_TIME$" \ 223 -u "MBEDTLS_X509_CRT_PARSE_C$" \ 224 -u "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \ 225 -u "MBEDTLS_SSL_TRUNCATED_HMAC$" \ 226 -u "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \ 227 -u "MBEDTLS_SSL_SESSION_TICKETS$" \ 228 -u "MBEDTLS_SSL_SESSION_TICKETS and client$" \ 229 -u "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \ 230 -u "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \ 231 -u "MBEDTLS_SSL_ALPN$" \ 232 -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \ 233 -u "cipher flags.* 0x00$" \ 234 -u "Message-Digest.* SHA256$" \ 235 -u "compression.* disabled$" \ 236 -u "DTLS datagram packing.* enabled$" \ 237 -u "cert. version .* 3$" \ 238 -u "serial number.* 02$" \ 239 -u "issuer name.* C=NL, O=PolarSSL, CN=PolarSSL Test CA$" \ 240 -u "subject name.* C=NL, O=PolarSSL, CN=localhost$" \ 241 -u "issued on.* 2019-02-10 14:44:06$" \ 242 -u "expires on.* 2029-02-10 14:44:06$" \ 243 -u "signed using.* RSA with SHA-256$" \ 244 -u "RSA key size.* 2048 bits$" \ 245 -u "basic constraints.* CA=false$" \ 246 -n "bytes left to analyze from context" 247 248run_test "Ciphersuite TLS-RSA-WITH-AES-256-CCM-8, server" \ 249 "srv_ciphersuite.txt" \ 250 -n "ERROR" \ 251 -u "ciphersuite.* TLS-RSA-WITH-AES-256-CCM-8$" \ 252 253run_test "Ciphersuite TLS-RSA-WITH-AES-256-CCM-8, client" \ 254 "cli_ciphersuite.txt" \ 255 -n "ERROR" \ 256 -u "ciphersuite.* TLS-RSA-WITH-AES-256-CCM-8$" \ 257 258run_test "No packing, server" \ 259 "srv_no_packing.txt" \ 260 -n "ERROR" \ 261 -u "DTLS datagram packing.* disabled" 262 263run_test "No packing, client" \ 264 "cli_no_packing.txt" \ 265 -n "ERROR" \ 266 -u "DTLS datagram packing.* disabled" 267 268run_test "DTLS CID, server" \ 269 "srv_cid.txt" \ 270 -n "ERROR" \ 271 -u "in CID.* DE AD" \ 272 -u "out CID.* BE EF" 273 274run_test "DTLS CID, client" \ 275 "cli_cid.txt" \ 276 -n "ERROR" \ 277 -u "in CID.* BE EF" \ 278 -u "out CID.* DE AD" 279 280run_test "No MBEDTLS_SSL_MAX_FRAGMENT_LENGTH, server" \ 281 "srv_no_mfl.txt" \ 282 -n "ERROR" \ 283 -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH" 284 285run_test "No MBEDTLS_SSL_MAX_FRAGMENT_LENGTH, client" \ 286 "cli_no_mfl.txt" \ 287 -n "ERROR" \ 288 -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH" 289 290run_test "No MBEDTLS_SSL_ALPN, server" \ 291 "srv_no_alpn.txt" \ 292 -n "ERROR" \ 293 -n "MBEDTLS_SSL_ALPN" 294 295run_test "No MBEDTLS_SSL_ALPN, client" \ 296 "cli_no_alpn.txt" \ 297 -n "ERROR" \ 298 -n "MBEDTLS_SSL_ALPN" 299 300run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, server" \ 301 "srv_no_keep_cert.txt" \ 302 -arg "--keep-peer-cert=0" \ 303 -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \ 304 -u "cipher flags.* 0x00" \ 305 -u "compression.* disabled" \ 306 -u "DTLS datagram packing.* enabled" \ 307 -n "ERROR" 308 309run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, client" \ 310 "cli_no_keep_cert.txt" \ 311 -arg "--keep-peer-cert=0" \ 312 -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \ 313 -u "cipher flags.* 0x00" \ 314 -u "compression.* disabled" \ 315 -u "DTLS datagram packing.* enabled" \ 316 -n "ERROR" 317 318run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, negative, server" \ 319 "srv_no_keep_cert.txt" \ 320 -m "Deserializing" \ 321 -m "ERROR" 322 323run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, negative, client" \ 324 "cli_no_keep_cert.txt" \ 325 -m "Deserializing" \ 326 -m "ERROR" 327 328run_test "Minimal configuration, server" \ 329 "srv_min_cfg.txt" \ 330 -n "ERROR" \ 331 -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \ 332 -n "MBEDTLS_SSL_TRUNCATED_HMAC$" \ 333 -n "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \ 334 -n "MBEDTLS_SSL_SESSION_TICKETS$" \ 335 -n "MBEDTLS_SSL_SESSION_TICKETS and client$" \ 336 -n "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \ 337 -n "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \ 338 -n "MBEDTLS_SSL_ALPN$" \ 339 340run_test "Minimal configuration, client" \ 341 "cli_min_cfg.txt" \ 342 -n "ERROR" \ 343 -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \ 344 -n "MBEDTLS_SSL_TRUNCATED_HMAC$" \ 345 -n "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \ 346 -n "MBEDTLS_SSL_SESSION_TICKETS$" \ 347 -n "MBEDTLS_SSL_SESSION_TICKETS and client$" \ 348 -n "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \ 349 -n "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \ 350 -n "MBEDTLS_SSL_ALPN$" \ 351 352run_test "MTU=10000" \ 353 "mtu_10000.txt" \ 354 -n "ERROR" \ 355 -u "MTU.* 10000$" 356 357run_test "MFL=1024" \ 358 "mfl_1024.txt" \ 359 -n "ERROR" \ 360 -u "MFL.* 1024$" 361 362run_test "Older version (v2.19.1)" \ 363 "v2.19.1.txt" \ 364 -n "ERROR" \ 365 -u "major.* 2$" \ 366 -u "minor.* 19$" \ 367 -u "path.* 1$" \ 368 -u "ciphersuite.* TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8$" \ 369 -u "Message-Digest.* SHA256$" \ 370 -u "compression.* disabled$" \ 371 -u "serial number.* 01:70:AF:40:B4:E6$" \ 372 -u "issuer name.* CN=ca$" \ 373 -u "subject name.* L=160001, OU=acc1, CN=device01$" \ 374 -u "issued on.* 2020-03-06 09:50:18$" \ 375 -u "expires on.* 2056-02-26 09:50:18$" \ 376 -u "signed using.* ECDSA with SHA256$" \ 377 -u "lifetime.* 0 sec.$" \ 378 -u "MFL.* none$" \ 379 -u "negotiate truncated HMAC.* disabled$" \ 380 -u "Encrypt-then-MAC.* enabled$" \ 381 -u "DTLS datagram packing.* enabled$" \ 382 -u "verify result.* 0x00000000$" \ 383 -n "bytes left to analyze from context" 384 385run_test "Wrong base64 format" \ 386 "def_bad_b64.txt" \ 387 -m "ERROR" \ 388 -u "The length of the base64 code found should be a multiple of 4" \ 389 -n "bytes left to analyze from context" 390 391run_test "Too much data at the beginning of base64 code" \ 392 "def_b64_too_big_1.txt" \ 393 -m "ERROR" \ 394 -n "The length of the base64 code found should be a multiple of 4" \ 395 396run_test "Too much data in the middle of base64 code" \ 397 "def_b64_too_big_2.txt" \ 398 -m "ERROR" \ 399 -n "The length of the base64 code found should be a multiple of 4" \ 400 401run_test "Too much data at the end of base64 code" \ 402 "def_b64_too_big_3.txt" \ 403 -m "ERROR" \ 404 -n "The length of the base64 code found should be a multiple of 4" \ 405 -u "bytes left to analyze from context" 406 407run_test "Empty file as input" \ 408 "empty.txt" \ 409 -u "Finished. No valid base64 code found" 410 411run_test "Not empty file without base64 code" \ 412 "../../context-info.sh" \ 413 -n "Deserializing" 414 415run_test "Binary file instead of text file" \ 416 "../../../programs/ssl/ssl_context_info" \ 417 -m "ERROR" \ 418 -u "Too many bad symbols detected. File check aborted" \ 419 -n "Deserializing" 420 421run_test "Decoder continues past 0xff character" \ 422 "def_b64_ff.bin" \ 423 -n "No valid base64" \ 424 -u "ciphersuite.* TLS-" 425 426 427# End of tests 428 429echo 430if [ $T_FAILED -eq 0 ]; then 431 echo "PASSED ( $T_COUNT tests )" 432else 433 echo "FAILED ( $T_FAILED / $T_COUNT tests )" 434fi 435 436exit $T_FAILED 437