Refactoring: create mbedtls_test_ssl_prepare_record_mac()

No semantic change. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-07-30 22:43:08 +03:00 · 2023-09-18 13:11:50 +02:00
parent 027e1b4b3d
commit 2198cc5273
3 changed files with 55 additions and 24 deletions
--- a/tests/include/test/ssl_helpers.h
+++ b/tests/include/test/ssl_helpers.h
@ -468,6 +468,27 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in,
                                      size_t cid0_len,
                                      size_t cid1_len);

+#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
+/**
+ * \param[in,out] record        The record to prepare.
+ *                              It must contain the data to MAC at offset
+ *                              `record->data_offset`, of length
+ *                              `record->data_length`.
+ *                              On success, write the MAC immediately
+ *                              after the data and increment
+ *                              `record->data_length` accordingly.
+ * \param[in,out] transform_out The out transform, typically prepared by
+ *                              mbedtls_test_ssl_build_transforms().
+ *                              Its HMAC context may be used. Other than that
+ *                              it is treated as an input parameter.
+ *
+ * \return                      0 on success, an `MBEDTLS_ERR_xxx` error code
+ *                              or -1 on error.
+ */
+int mbedtls_test_ssl_prepare_record_mac(mbedtls_record *record,
+                                        mbedtls_ssl_transform *transform_out);
+#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
+
 /*
 * Populate a session structure for serialization tests.
 * Choose dummy values, mostly non-0 to distinguish from the init default.
--- a/tests/src/test_helpers/ssl_helpers.c
+++ b/tests/src/test_helpers/ssl_helpers.c
@ -1195,6 +1195,39 @@ cleanup:
    return ret;
 }

+#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
+int mbedtls_test_ssl_prepare_record_mac(mbedtls_record *record,
+                                        mbedtls_ssl_transform *transform_out)
+{
+    /* Serialized version of record header for MAC purposes */
+    unsigned char add_data[13];
+    memcpy(add_data, record->ctr, 8);
+    add_data[8] = record->type;
+    add_data[9] = record->ver[0];
+    add_data[10] = record->ver[1];
+    add_data[11] = (record->data_len >> 8) & 0xff;
+    add_data[12] = (record->data_len >> 0) & 0xff;
+
+    /* MAC with additional data */
+    TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc, add_data, 13));
+    TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc,
+                                         record->buf + record->data_offset,
+                                         record->data_len));
+    /* Use a temporary buffer for the MAC, because with the truncated HMAC
+     * extension, there might not be enough room in the record for the
+     * full-length MAC. */
+    unsigned char mac[MBEDTLS_MD_MAX_SIZE];
+    TEST_EQUAL(0, mbedtls_md_hmac_finish(&transform_out->md_ctx_enc, mac));
+    memcpy(record->buf + record->data_offset + record->data_len, mac, transform_out->maclen);
+    record->data_len += transform_out->maclen;
+
+    return 0;
+
+exit:
+    return -1;
+}
+#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
+
 int mbedtls_test_ssl_populate_session(mbedtls_ssl_session *session,
                                      int ticket_len,
                                      const char *crt_file)
--- a/tests/suites/test_suite_ssl_decrypt.function
+++ b/tests/suites/test_suite_ssl_decrypt.function
@ -107,30 +107,7 @@ void ssl_decrypt_non_etm_cbc(int cipher_type, int hash_id, int trunc_hmac,
    /*
     * Prepare a pre-encryption record (with MAC and padding), and save it.
     */
-    mbedtls_ssl_transform *transform_out = &t0;
-    mbedtls_record *record = &rec;
-
-    /* Serialized version of record header for MAC purposes */
-    unsigned char add_data[13];
-    memcpy(add_data, record->ctr, 8);
-    add_data[8] = record->type;
-    add_data[9] = record->ver[0];
-    add_data[10] = record->ver[1];
-    add_data[11] = (record->data_len >> 8) & 0xff;
-    add_data[12] = (record->data_len >> 0) & 0xff;
-
-    /* MAC with additional data */
-    TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc, add_data, 13));
-    TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc,
-                                         record->buf + record->data_offset,
-                                         record->data_len));
-    /* Use a temporary buffer for the MAC, because with the truncated HMAC
-     * extension, there might not be enough room in the record for the
-     * full-length MAC. */
-    unsigned char mac[MBEDTLS_MD_MAX_SIZE];
-    TEST_EQUAL(0, mbedtls_md_hmac_finish(&transform_out->md_ctx_enc, mac));
-    memcpy(record->buf + record->data_offset + record->data_len, mac, transform_out->maclen);
-    record->data_len += transform_out->maclen;
+    TEST_EQUAL(0, mbedtls_test_ssl_prepare_record_mac(&rec, &t0));

    /* Pad */
    memset(rec.buf + rec.data_offset + rec.data_len, padlen, padlen + 1);