Add tests for record encryption/decryption

This commit adds tests exercising mutually inverse pairs of record encryption and decryption transformations for the various transformation types allowed in TLS: Stream, CBC, and AEAD.
2025-07-29 11:41:15 +03:00 · 2018-01-03 14:27:32 +00:00
parent d56ed2491b
commit a18d1320da
5 changed files with 2470 additions and 15 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -1767,11 +1767,11 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data,
    add_data[12] = rec->data_len & 0xFF;
 }

-static int ssl_encrypt_buf( mbedtls_ssl_context *ssl,
-                            mbedtls_ssl_transform *transform,
-                            mbedtls_record *rec,
-                            int (*f_rng)(void *, unsigned char *, size_t),
-                            void *p_rng )
+int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
+                             mbedtls_ssl_transform *transform,
+                             mbedtls_record *rec,
+                             int (*f_rng)(void *, unsigned char *, size_t),
+                             void *p_rng )
 {
    mbedtls_cipher_mode_t mode;
    int auth_done = 0;
@ -1780,7 +1780,7 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl,
    size_t post_avail;

    /* The SSL context is only used for debugging purposes! */
-#if !defined(MBEDTLS_SSL_DEBUG_C)
+#if !defined(MBEDTLS_DEBUG_C)
    ((void) ssl);
 #endif

@ -2159,9 +2159,9 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl,
    return( 0 );
 }

-static int ssl_decrypt_buf( mbedtls_ssl_context *ssl,
-                            mbedtls_ssl_transform *transform,
-                            mbedtls_record *rec )
+int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl,
+                             mbedtls_ssl_transform *transform,
+                             mbedtls_record *rec )
 {
    size_t olen;
    mbedtls_cipher_mode_t mode;
@ -2172,7 +2172,7 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl,
    unsigned char* data;
    unsigned char add_data[13];

-#if !defined(MBEDTLS_SSL_DEBUG_C)
+#if !defined(MBEDTLS_DEBUG_C)
    ((void) ssl);
 #endif

@ -3752,7 +3752,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
                                       ssl->conf->transport, rec.ver );
            rec.type = ssl->out_msgtype;

-            if( ( ret = ssl_encrypt_buf( ssl, ssl->transform_out, &rec,
+            if( ( ret = mbedtls_ssl_encrypt_buf( ssl, ssl->transform_out, &rec,
                                         ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
            {
                MBEDTLS_SSL_DEBUG_RET( 1, "ssl_encrypt_buf", ret );
@ -4634,7 +4634,8 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl )
        mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
                                   ssl->conf->transport, rec.ver );
        rec.type = ssl->in_msgtype;
-        if( ( ret = ssl_decrypt_buf( ssl, ssl->transform_in, &rec ) ) != 0 )
+        if( ( ret = mbedtls_ssl_decrypt_buf( ssl, ssl->transform_in,
+                                             &rec ) ) != 0 )
        {
            MBEDTLS_SSL_DEBUG_RET( 1, "ssl_decrypt_buf", ret );
            return( ret );
@ -7422,7 +7423,7 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake )
 #endif
 }

-static void ssl_transform_init( mbedtls_ssl_transform *transform )
+void mbedtls_ssl_transform_init( mbedtls_ssl_transform *transform )
 {
    memset( transform, 0, sizeof(mbedtls_ssl_transform) );

@ -7489,7 +7490,7 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )

    /* Initialize structures */
    mbedtls_ssl_session_init( ssl->session_negotiate );
-    ssl_transform_init( ssl->transform_negotiate );
+    mbedtls_ssl_transform_init( ssl->transform_negotiate );
    ssl_handshake_params_init( ssl->handshake );

 #if defined(MBEDTLS_SSL_PROTO_DTLS)