From fe1275e3fe2811131a16cf11ff0eca089d1be1a4 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 29 May 2019 12:45:21 +0100
Subject: [PATCH] Improve test for detection of ver/cfg corruption in
 serialized data

This commit improves the test exercising the behaviour of
session deserialization when facing an unexpected version
or config, by testing ver/cfg corruption at any bit in the
ver/cfg header of the serialized data; previously, it had
only tested the first bit of each byte.
---
 tests/suites/test_suite_ssl.function | 55 +++++++++++++++++-----------
 1 file changed, 34 insertions(+), 21 deletions(-)

diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index a3d1c0056..018322b9e 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -930,44 +930,57 @@ void ssl_session_serialize_version_check( int corrupt_major,
 {
     unsigned char serialized_session[ 2048 ];
     size_t serialized_session_len;
-
+    unsigned cur_byte;
     mbedtls_ssl_session session;
+    uint8_t should_corrupt_byte[] = { corrupt_major  == 1,
+                                      corrupt_minor  == 1,
+                                      corrupt_patch  == 1,
+                                      corrupt_config == 1,
+                                      corrupt_config == 1 };
+
     mbedtls_ssl_session_init( &session );
 
-     /* Infer length of serialized session. */
+    /* Infer length of serialized session. */
     TEST_ASSERT( mbedtls_ssl_session_save( &session,
                                            serialized_session,
                                            sizeof( serialized_session ),
                                            &serialized_session_len ) == 0 );
 
-     mbedtls_ssl_session_free( &session );
+    mbedtls_ssl_session_free( &session );
 
-     /* Without any modification, we should be able to successfully
+    /* Without any modification, we should be able to successfully
      * de-serialize the session - double-check that. */
     TEST_ASSERT( mbedtls_ssl_session_load( &session,
                                            serialized_session,
                                            serialized_session_len ) == 0 );
     mbedtls_ssl_session_free( &session );
 
-     if( corrupt_major )
-        serialized_session[0] ^= (uint8_t) 0x1;
-
-     if( corrupt_minor )
-        serialized_session[1] ^= (uint8_t) 0x1;
-
-     if( corrupt_patch )
-        serialized_session[2] ^= (uint8_t) 0x1;
-
-     if( corrupt_config )
+    /* Go through the bytes in the serialized session header and
+     * corrupt them bit-by-bit. */
+    for( cur_byte = 0; cur_byte < sizeof( should_corrupt_byte ); cur_byte++ )
     {
-        serialized_session[3] ^= (uint8_t) 0x1;
-        serialized_session[4] ^= (uint8_t) 0x1;
-        serialized_session[5] ^= (uint8_t) 0x1;
+        int cur_bit;
+        unsigned char * const byte = &serialized_session[ cur_byte ];
+
+        if( should_corrupt_byte[ cur_byte ] == 0 )
+            continue;
+
+        for( cur_bit = 0; cur_bit < CHAR_BIT; cur_bit++ )
+        {
+            unsigned char const corrupted_bit = 0x1u << cur_bit;
+            /* Modify a single bit in the serialized session. */
+            *byte ^= corrupted_bit;
+
+            /* Attempt to deserialize */
+            TEST_ASSERT( mbedtls_ssl_session_load( &session,
+                                                   serialized_session,
+                                                   serialized_session_len ) ==
+                         MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+            /* Undo the change */
+            *byte ^= corrupted_bit;
+        }
     }
 
-     TEST_ASSERT( mbedtls_ssl_session_load( &session,
-                                           serialized_session,
-                                           serialized_session_len ) ==
-                 MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
 }
 /* END_CASE */