| #!/bin/sh |
| |
| # context-info.sh |
| # |
| # Copyright The Mbed TLS Contributors |
| # SPDX-License-Identifier: Apache-2.0 |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); you may |
| # not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| # |
| # This program is intended for testing the ssl_context_info program |
| # |
| |
| set -eu |
| |
| if ! cd "$(dirname "$0")"; then |
| exit 125 |
| fi |
| |
| # Variables |
| |
| THIS_SCRIPT_NAME=$(basename "$0") |
| PROG_PATH="../programs/ssl/ssl_context_info" |
| OUT_FILE="ssl_context_info.log" |
| IN_DIR="data_files/base64" |
| |
| USE_VALGRIND=0 |
| |
| T_COUNT=0 |
| T_PASSED=0 |
| T_FAILED=0 |
| |
| |
| # Functions |
| |
| print_usage() { |
| echo "Usage: $0 [options]" |
| printf " -h|--help\tPrint this help.\n" |
| printf " -m|--memcheck\tUse valgrind to check the memory.\n" |
| } |
| |
| # Print test name <name> |
| print_name() { |
| printf "%s %.*s " "$1" $(( 71 - ${#1} )) \ |
| "........................................................................" |
| } |
| |
| # Print header to the test output file <test name> <file path> <test command> |
| print_header() |
| { |
| date="$(date)" |
| echo "******************************************************************" > $2 |
| echo "* File created by: $THIS_SCRIPT_NAME" >> $2 |
| echo "* Test name: $1" >> $2 |
| echo "* Date: $date" >> $2 |
| echo "* Command: $3" >> $2 |
| echo "******************************************************************" >> $2 |
| echo "" >> $2 |
| } |
| |
| # Print footer at the end of file <file path> |
| print_footer() |
| { |
| echo "" >> $1 |
| echo "******************************************************************" >> $1 |
| echo "* End command" >> $1 |
| echo "******************************************************************" >> $1 |
| echo "" >> $1 |
| } |
| |
| # Use the arguments of this script |
| get_options() { |
| while [ $# -gt 0 ]; do |
| case "$1" in |
| -h|--help) |
| print_usage |
| exit 0 |
| ;; |
| -m|--memcheck) |
| USE_VALGRIND=1 |
| ;; |
| *) |
| echo "Unknown argument: '$1'" |
| print_usage |
| exit 1 |
| ;; |
| esac |
| shift |
| done |
| } |
| |
| # Current test failed |
| fail() |
| { |
| T_FAILED=$(( $T_FAILED + 1)) |
| FAIL_OUT="Fail.$T_FAILED""_$OUT_FILE" |
| |
| echo "FAIL" |
| echo " Error: $1" |
| |
| cp -f "$OUT_FILE" "$FAIL_OUT" |
| echo "Error: $1" >> "$FAIL_OUT" |
| } |
| |
| # Current test passed |
| pass() |
| { |
| T_PASSED=$(( $T_PASSED + 1)) |
| echo "PASS" |
| } |
| |
| # Usage: run_test <name> <input file with b64 code> [ -arg <extra arguments for tested program> ] [option [...]] |
| # Options: -m <pattern that MUST be present in the output of tested program> |
| # -n <pattern that must NOT be present in the output of tested program> |
| # -u <pattern that must be UNIQUE in the output of tested program> |
| run_test() |
| { |
| TEST_NAME="$1" |
| RUN_CMD="$PROG_PATH -f $IN_DIR/$2" |
| |
| if [ "-arg" = "$3" ]; then |
| RUN_CMD="$RUN_CMD $4" |
| shift 4 |
| else |
| shift 2 |
| fi |
| |
| # prepend valgrind to our commands if active |
| if [ "$USE_VALGRIND" -gt 0 ]; then |
| RUN_CMD="valgrind --leak-check=full $RUN_CMD" |
| fi |
| |
| T_COUNT=$(( $T_COUNT + 1)) |
| print_name "$TEST_NAME" |
| |
| # run tested program |
| print_header "$TEST_NAME" "$OUT_FILE" "$RUN_CMD" |
| eval "$RUN_CMD" >> "$OUT_FILE" 2>&1 |
| print_footer "$OUT_FILE" |
| |
| # check valgrind's results |
| if [ "$USE_VALGRIND" -gt 0 ]; then |
| if ! ( grep -F 'All heap blocks were freed -- no leaks are possible' "$OUT_FILE" && |
| grep -F 'ERROR SUMMARY: 0 errors from 0 contexts' "$OUT_FILE" ) > /dev/null |
| then |
| fail "Memory error detected" |
| return |
| fi |
| fi |
| |
| # check other assertions |
| # lines beginning with == are added by valgrind, ignore them, because we already checked them before |
| # lines with 'Serious error when reading debug info', are valgrind issues as well |
| # lines beginning with * are added by this script, ignore too |
| while [ $# -gt 0 ] |
| do |
| case $1 in |
| "-m") |
| if grep -v '^==' "$OUT_FILE" | grep -v 'Serious error when reading debug info' | grep -v "^*" | grep "$2" >/dev/null; then :; else |
| fail "pattern '$2' MUST be present in the output" |
| return |
| fi |
| ;; |
| |
| "-n") |
| if grep -v '^==' "$OUT_FILE" | grep -v 'Serious error when reading debug info' | grep -v "^*" | grep "$2" >/dev/null; then |
| fail "pattern '$2' MUST NOT be present in the output" |
| return |
| fi |
| ;; |
| |
| "-u") |
| if [ $(grep -v '^==' "$OUT_FILE"| grep -v 'Serious error when reading debug info' | grep -v "^*" | grep "$2" | wc -l) -ne 1 ]; then |
| fail "lines following pattern '$2' must be once in the output" |
| return |
| fi |
| ;; |
| |
| *) |
| echo "Unknown test: $1" >&2 |
| exit 1 |
| esac |
| shift 2 |
| done |
| |
| rm -f "$OUT_FILE" |
| |
| pass |
| } |
| |
| get_options "$@" |
| |
| # Tests |
| |
| run_test "Default configuration, server" \ |
| "srv_def.txt" \ |
| -n "ERROR" \ |
| -u "major.* 2$" \ |
| -u "minor.* 21$" \ |
| -u "path.* 0$" \ |
| -u "MBEDTLS_HAVE_TIME$" \ |
| -u "MBEDTLS_X509_CRT_PARSE_C$" \ |
| -u "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \ |
| -u "MBEDTLS_SSL_TRUNCATED_HMAC$" \ |
| -u "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \ |
| -u "MBEDTLS_SSL_SESSION_TICKETS$" \ |
| -u "MBEDTLS_SSL_SESSION_TICKETS and client$" \ |
| -u "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \ |
| -u "MBEDTLS_SSL_ALPN$" \ |
| -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \ |
| -u "cipher flags.* 0x00$" \ |
| -u "Message-Digest.* SHA256$" \ |
| -u "compression.* disabled$" \ |
| -u "DTLS datagram packing.* enabled$" \ |
| -n "Certificate" \ |
| -n "bytes left to analyze from context" |
| |
| run_test "Default configuration, client" \ |
| "cli_def.txt" \ |
| -n "ERROR" \ |
| -u "major.* 2$" \ |
| -u "minor.* 21$" \ |
| -u "path.* 0$" \ |
| -u "MBEDTLS_HAVE_TIME$" \ |
| -u "MBEDTLS_X509_CRT_PARSE_C$" \ |
| -u "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \ |
| -u "MBEDTLS_SSL_TRUNCATED_HMAC$" \ |
| -u "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \ |
| -u "MBEDTLS_SSL_SESSION_TICKETS$" \ |
| -u "MBEDTLS_SSL_SESSION_TICKETS and client$" \ |
| -u "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \ |
| -u "MBEDTLS_SSL_ALPN$" \ |
| -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \ |
| -u "cipher flags.* 0x00$" \ |
| -u "Message-Digest.* SHA256$" \ |
| -u "compression.* disabled$" \ |
| -u "DTLS datagram packing.* enabled$" \ |
| -u "cert. version .* 3$" \ |
| -u "serial number.* 02$" \ |
| -u "issuer name.* C=NL, O=PolarSSL, CN=PolarSSL Test CA$" \ |
| -u "subject name.* C=NL, O=PolarSSL, CN=localhost$" \ |
| -u "issued on.* 2019-02-10 14:44:06$" \ |
| -u "expires on.* 2029-02-10 14:44:06$" \ |
| -u "signed using.* RSA with SHA-256$" \ |
| -u "RSA key size.* 2048 bits$" \ |
| -u "basic constraints.* CA=false$" \ |
| -n "bytes left to analyze from context" |
| |
| run_test "Ciphersuite TLS-RSA-WITH-AES-256-CCM-8, server" \ |
| "srv_ciphersuite.txt" \ |
| -n "ERROR" \ |
| -u "ciphersuite.* TLS-RSA-WITH-AES-256-CCM-8$" \ |
| |
| run_test "Ciphersuite TLS-RSA-WITH-AES-256-CCM-8, client" \ |
| "cli_ciphersuite.txt" \ |
| -n "ERROR" \ |
| -u "ciphersuite.* TLS-RSA-WITH-AES-256-CCM-8$" \ |
| |
| run_test "No packing, server" \ |
| "srv_no_packing.txt" \ |
| -n "ERROR" \ |
| -u "DTLS datagram packing.* disabled" |
| |
| run_test "No packing, client" \ |
| "cli_no_packing.txt" \ |
| -n "ERROR" \ |
| -u "DTLS datagram packing.* disabled" |
| |
| run_test "DTLS CID, server" \ |
| "srv_cid.txt" \ |
| -n "ERROR" \ |
| -u "in CID.* DE AD" \ |
| -u "out CID.* BE EF" |
| |
| run_test "DTLS CID, client" \ |
| "cli_cid.txt" \ |
| -n "ERROR" \ |
| -u "in CID.* BE EF" \ |
| -u "out CID.* DE AD" |
| |
| run_test "No MBEDTLS_SSL_MAX_FRAGMENT_LENGTH, server" \ |
| "srv_no_mfl.txt" \ |
| -n "ERROR" \ |
| -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH" |
| |
| run_test "No MBEDTLS_SSL_MAX_FRAGMENT_LENGTH, client" \ |
| "cli_no_mfl.txt" \ |
| -n "ERROR" \ |
| -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH" |
| |
| run_test "No MBEDTLS_SSL_ALPN, server" \ |
| "srv_no_alpn.txt" \ |
| -n "ERROR" \ |
| -n "MBEDTLS_SSL_ALPN" |
| |
| run_test "No MBEDTLS_SSL_ALPN, client" \ |
| "cli_no_alpn.txt" \ |
| -n "ERROR" \ |
| -n "MBEDTLS_SSL_ALPN" |
| |
| run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, server" \ |
| "srv_no_keep_cert.txt" \ |
| -arg "--keep-peer-cert=0" \ |
| -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \ |
| -u "cipher flags.* 0x00" \ |
| -u "compression.* disabled" \ |
| -u "DTLS datagram packing.* enabled" \ |
| -n "ERROR" |
| |
| run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, client" \ |
| "cli_no_keep_cert.txt" \ |
| -arg "--keep-peer-cert=0" \ |
| -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \ |
| -u "cipher flags.* 0x00" \ |
| -u "compression.* disabled" \ |
| -u "DTLS datagram packing.* enabled" \ |
| -n "ERROR" |
| |
| run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, negative, server" \ |
| "srv_no_keep_cert.txt" \ |
| -m "Deserializing" \ |
| -m "ERROR" |
| |
| run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, negative, client" \ |
| "cli_no_keep_cert.txt" \ |
| -m "Deserializing" \ |
| -m "ERROR" |
| |
| run_test "Minimal configuration, server" \ |
| "srv_min_cfg.txt" \ |
| -n "ERROR" \ |
| -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \ |
| -n "MBEDTLS_SSL_TRUNCATED_HMAC$" \ |
| -n "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \ |
| -n "MBEDTLS_SSL_SESSION_TICKETS$" \ |
| -n "MBEDTLS_SSL_SESSION_TICKETS and client$" \ |
| -n "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \ |
| -n "MBEDTLS_SSL_ALPN$" \ |
| |
| run_test "Minimal configuration, client" \ |
| "cli_min_cfg.txt" \ |
| -n "ERROR" \ |
| -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \ |
| -n "MBEDTLS_SSL_TRUNCATED_HMAC$" \ |
| -n "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \ |
| -n "MBEDTLS_SSL_SESSION_TICKETS$" \ |
| -n "MBEDTLS_SSL_SESSION_TICKETS and client$" \ |
| -n "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \ |
| -n "MBEDTLS_SSL_ALPN$" \ |
| |
| run_test "MTU=10000" \ |
| "mtu_10000.txt" \ |
| -n "ERROR" \ |
| -u "MTU.* 10000$" |
| |
| run_test "MFL=1024" \ |
| "mfl_1024.txt" \ |
| -n "ERROR" \ |
| -u "MFL.* 1024$" |
| |
| run_test "Older version (v2.19.1)" \ |
| "v2.19.1.txt" \ |
| -n "ERROR" \ |
| -u "major.* 2$" \ |
| -u "minor.* 19$" \ |
| -u "path.* 1$" \ |
| -u "ciphersuite.* TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8$" \ |
| -u "Message-Digest.* SHA256$" \ |
| -u "compression.* disabled$" \ |
| -u "serial number.* 01:70:AF:40:B4:E6$" \ |
| -u "issuer name.* CN=ca$" \ |
| -u "subject name.* L=160001, OU=acc1, CN=device01$" \ |
| -u "issued on.* 2020-03-06 09:50:18$" \ |
| -u "expires on.* 2056-02-26 09:50:18$" \ |
| -u "signed using.* ECDSA with SHA256$" \ |
| -u "lifetime.* 0 sec.$" \ |
| -u "MFL.* none$" \ |
| -u "negotiate truncated HMAC.* disabled$" \ |
| -u "Encrypt-then-MAC.* enabled$" \ |
| -u "DTLS datagram packing.* enabled$" \ |
| -u "verify result.* 0x00000000$" \ |
| -n "bytes left to analyze from context" |
| |
| run_test "Wrong base64 format" \ |
| "def_bad_b64.txt" \ |
| -m "ERROR" \ |
| -u "The length of the base64 code found should be a multiple of 4" \ |
| -n "bytes left to analyze from context" |
| |
| run_test "Too much data at the beginning of base64 code" \ |
| "def_b64_too_big_1.txt" \ |
| -m "ERROR" \ |
| -n "The length of the base64 code found should be a multiple of 4" \ |
| |
| run_test "Too much data in the middle of base64 code" \ |
| "def_b64_too_big_2.txt" \ |
| -m "ERROR" \ |
| -n "The length of the base64 code found should be a multiple of 4" \ |
| |
| run_test "Too much data at the end of base64 code" \ |
| "def_b64_too_big_3.txt" \ |
| -m "ERROR" \ |
| -n "The length of the base64 code found should be a multiple of 4" \ |
| -u "bytes left to analyze from context" |
| |
| run_test "Empty file as input" \ |
| "empty.txt" \ |
| -u "Finished. No valid base64 code found" |
| |
| run_test "Not empty file without base64 code" \ |
| "../../context-info.sh" \ |
| -n "Deserializing" |
| |
| run_test "Binary file instead of text file" \ |
| "../../../programs/ssl/ssl_context_info" \ |
| -m "ERROR" \ |
| -u "Too many bad symbols detected. File check aborted" \ |
| -n "Deserializing" |
| |
| run_test "Decoder continues past 0xff character" \ |
| "def_b64_ff.bin" \ |
| -n "No valid base64" \ |
| -u "ciphersuite.* TLS-" |
| |
| |
| # End of tests |
| |
| echo |
| if [ $T_FAILED -eq 0 ]; then |
| echo "PASSED ( $T_COUNT tests )" |
| else |
| echo "FAILED ( $T_FAILED / $T_COUNT tests )" |
| fi |
| |
| exit $T_FAILED |