From b2713abb8f4af13a1eaead65ef025fca9d756da6 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 7 May 2020 14:54:22 +0100
Subject: [PATCH] Enhance record encryption unit tests by checking hidden
 content type

TLS 1.3 and DTLS 1.2 + CID hide the real content type of a record
within the record's inner plaintext, while always using the same
content type for the protected record:
- TLS 1.3 always uses ApplicationData
- DTLS 1.2 + CID always uses a special CID content type.

This commit enhances the record encryption unit test to check
that the record content type is indeed correctly hidden.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 tests/suites/test_suite_ssl.function | 40 ++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index e59a1677c..d902abd2b 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -3178,6 +3178,26 @@ void ssl_crypt_record( int cipher_type, int hash_id,
             continue;
         }
 
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+        if( rec.cid_len != 0 )
+        {
+            /* DTLS 1.2 + CID hides the real content type and
+             * uses a special CID content type in the protected
+             * record. Double-check this. */
+            TEST_ASSERT( rec.type == MBEDTLS_SSL_MSG_CID );
+        }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+        if( t_enc->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
+        {
+            /* TLS 1.3 hides the real content type and
+             * always uses Application Data as the content type
+             * for protected records. Double-check this. */
+            TEST_ASSERT( rec.type == MBEDTLS_SSL_MSG_APPLICATION_DATA );
+        }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
         /* Decrypt record with t_dec */
         ret = mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec );
         TEST_ASSERT( ret == 0 );
@@ -3321,6 +3341,26 @@ void ssl_crypt_record_small( int cipher_type, int hash_id,
             if( ret != 0 )
                 continue;
 
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+            if( rec.cid_len != 0 )
+            {
+                /* DTLS 1.2 + CID hides the real content type and
+                 * uses a special CID content type in the protected
+                 * record. Double-check this. */
+                TEST_ASSERT( rec.type == MBEDTLS_SSL_MSG_CID );
+            }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+            if( t_enc->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
+            {
+                /* TLS 1.3 hides the real content type and
+                 * always uses Application Data as the content type
+                 * for protected records. Double-check this. */
+                TEST_ASSERT( rec.type == MBEDTLS_SSL_MSG_APPLICATION_DATA );
+            }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
             /* Decrypt record with t_dec */
             TEST_ASSERT( mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec ) == 0 );