From 861d0bbbf22eac0dced35b8e9e6f8123462828fc Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 21 May 2019 16:39:30 +0100
Subject: [PATCH] Add negative tests for unexpected ver/cfg in session
 deserialization

---
 tests/suites/test_suite_ssl.data     | 12 +++++++
 tests/suites/test_suite_ssl.function | 50 ++++++++++++++++++++++++++++
 2 files changed, 62 insertions(+)

diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 01517c19c..89dc54802 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -58,6 +58,18 @@ ssl_dtls_replay:"abcd12340000abcd12340100":"abcd123400ff":0
 SSL SET_HOSTNAME memory leak: call ssl_set_hostname twice
 ssl_set_hostname_twice:"server0":"server1"
 
+SSL session serialization: Wrong major version
+ssl_session_serialize_version_check:1:0:0:0
+
+SSL session serialization: Wrong minor version
+ssl_session_serialize_version_check:1:0:0:0
+
+SSL session serialization: Wrong patch version
+ssl_session_serialize_version_check:1:0:0:0
+
+SSL session serialization: Wrong config
+ssl_session_serialize_version_check:1:0:0:0
+
 Record crypt, AES-128-CBC, 1.2, SHA-384
 depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
 ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 4faa5d33f..80c0ab044 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -921,3 +921,53 @@ exit:
     mbedtls_free( bad_buf );
 }
 /* END_CASE */
+
+/* BEGIN_CASE depends_on:!MBEDTLS_SSL_SERIALIZED_STRUCTURES_LOCAL_ONLY */
+void ssl_session_serialize_version_check( int corrupt_major,
+                                          int corrupt_minor,
+                                          int corrupt_patch,
+                                          int corrupt_config )
+{
+    unsigned char serialized_session[ 2048 ];
+    size_t serialized_session_len;
+
+    mbedtls_ssl_session session;
+    mbedtls_ssl_session_init( &session );
+
+    /* Infer length of serialized session. */
+    TEST_ASSERT( mbedtls_ssl_session_save( &session,
+                                           serialized_session,
+                                           sizeof( serialized_session ),
+                                           &serialized_session_len ) == 0 );
+
+    mbedtls_ssl_session_free( &session );
+
+    /* Without any modification, we should be able to successfully
+     * de-serialize the session - double-check that. */
+    TEST_ASSERT( mbedtls_ssl_session_load( &session,
+                                           serialized_session,
+                                           serialized_session_len ) == 0 );
+    mbedtls_ssl_session_free( &session );
+
+    if( corrupt_major )
+        serialized_session[0] ^= (uint8_t) 0x1;
+
+    if( corrupt_minor )
+        serialized_session[1] ^= (uint8_t) 0x1;
+
+    if( corrupt_patch )
+        serialized_session[2] ^= (uint8_t) 0x1;
+
+    if( corrupt_config )
+    {
+        serialized_session[3] ^= (uint8_t) 0x1;
+        serialized_session[4] ^= (uint8_t) 0x1;
+        serialized_session[5] ^= (uint8_t) 0x1;
+    }
+
+    TEST_ASSERT( mbedtls_ssl_session_load( &session,
+                                           serialized_session,
+                                           serialized_session_len ) ==
+                 MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+}
+/* END_CASE */