From e7729edd9fd542a4440a0f8ce8cd40b8e0fad0e4 Mon Sep 17 00:00:00 2001 From: Inbal Levi Date: Sun, 5 Jan 2025 16:07:41 +0200 Subject: [PATCH 1/5] [Add] TLS Tests file - Add and integrate to project a TLS tests file - Initiate basic tests --- .../BaseCryptLib/BaseCryptLibUnitTestApp.inf | 1 + .../BaseCryptLib/BaseCryptLibUnitTests.c | 1 + .../UnitTest/Library/BaseCryptLib/TLSTests.c | 87 +++++++++++++++++++ .../Library/BaseCryptLib/TestBaseCryptLib.h | 3 + .../BaseCryptLib/TestBaseCryptLibHost.inf | 1 + 5 files changed, 93 insertions(+) create mode 100644 CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TLSTests.c diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTestApp.inf b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTestApp.inf index 84a99440a4..bd3774f39d 100644 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTestApp.inf +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTestApp.inf @@ -32,6 +32,7 @@ AuthenticodeTests.c TSTests.c DhTests.c + TLSTests.c RandTests.c Pkcs7EkuTests.c OaepEncryptTests.c diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTests.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTests.c index 5546259488..60b3e9710e 100644 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTests.c +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTests.c @@ -23,6 +23,7 @@ SUITE_DESC mSuiteDesc[] = { { "Authenticode verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mAuthenticodeTestNum, mAuthenticodeTest }, { "ImageTimestamp verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mImageTimestampTestNum, mImageTimestampTest }, { "DH verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mDhTestNum, mDhTest }, + { "TLS verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mTlsTestNum, mTlsTest }, { "PRNG verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mPrngTestNum, mPrngTest }, { "OAEP encrypt verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mOaepTestNum, mOaepTest }, { "Hkdf extract and expand tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mHkdfTestNum, mHkdfTest }, diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TLSTests.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TLSTests.c new file mode 100644 index 0000000000..9654cc27f8 --- /dev/null +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TLSTests.c @@ -0,0 +1,87 @@ +/** @file + Application for Diffie-Hellman Primitives Validation. + +Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "TestBaseCryptLib.h" +#include "TlsLib.h" + +UNIT_TEST_STATUS +EFIAPI +TestVerifyTlsPreReq ( + UNIT_TEST_CONTEXT Context + ) +{ + if (!PcdGetBool (PcdCryptoServiceTlsInitialize) || !PcdGetBool (PcdCryptoServiceTlsCtxNew) || !PcdGetBool (PcdCryptoServiceTlsCtxFree)) { + return UNIT_TEST_ERROR_PREREQUISITE_NOT_MET; + } + + return UNIT_TEST_PASSED; +} + +VOID +EFIAPI +TestVerifyTlsCleanUp ( + UNIT_TEST_CONTEXT Context + ) +{ + // TODO: Inbal: Fill in free of needed buffers +} + +/* Tests for init protocol */ + +UNIT_TEST_STATUS +EFIAPI +TestTlsInitialize ( + VOID + ) +{ + BOOLEAN Status = TlsInitialize(); + UT_ASSERT_TRUE (Status); + + return UNIT_TEST_PASSED; +} + +UNIT_TEST_STATUS +EFIAPI +TestTlsCreation31CtxNewFree ( + VOID + ) +{ + BOOLEAN Status = TlsInitialize(); + UT_ASSERT_TRUE (Status); + + auto SslCtxObj = TlsCtxNew(3,1); + UT_ASSERT_NOT_NULL(SslCtxObj); + + TlsFree(SslCtxObj); + + return UNIT_TEST_PASSED; +} + + + + +UNIT_TEST_STATUS +EFIAPI +TestVerifyTlsGenerateKey ( + UNIT_TEST_CONTEXT Context + ) +{ + BOOLEAN Status = TRUE; + + return Status; +} + +TEST_DESC mTlsTest[] = { + // + // -----Description--------------------------------Class---------------------Function----------------Pre-----------------Post------------Context + // + { "TestVerifyTlsGenerateKey()", "CryptoPkg.BaseCryptLib.Tls", TestTlsInitialize, TestVerifyTlsPreReq, NULL, NULL}, + { "TestVerifyTlsGenerateKey()", "CryptoPkg.BaseCryptLib.Tls", TestTlsCreation31CtxNewFree, TestVerifyTlsPreReq, NULL, NULL}, +}; + +UINTN mTlsTestNum = ARRAY_SIZE (mTlsTest); diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.h b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.h index 91f3ec41d4..2c064c3608 100644 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.h +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.h @@ -77,6 +77,9 @@ extern TEST_DESC mImageTimestampTest[]; extern UINTN mDhTestNum; extern TEST_DESC mDhTest[]; +extern UINTN mTlsTestNum; +extern TEST_DESC mTlsTest[]; + extern UINTN mPrngTestNum; extern TEST_DESC mPrngTest[]; diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf index 5cce75cb7a..f06c0d67a5 100644 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf @@ -32,6 +32,7 @@ AuthenticodeTests.c TSTests.c DhTests.c + TLSTests.c RandTests.c Pkcs7EkuTests.c OaepEncryptTests.c From 0f8152ba219fa906e2d7ecf1130a0a4dd4d1bc9c Mon Sep 17 00:00:00 2001 From: Inbal Levi Date: Mon, 20 Jan 2025 12:50:32 +0200 Subject: [PATCH 2/5] [Add] Extend TLS tests - Test for connection - Test for ciphers set/get --- .../UnitTest/Library/BaseCryptLib/TLSTests.c | 344 +++++++++++++++++- 1 file changed, 328 insertions(+), 16 deletions(-) diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TLSTests.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TLSTests.c index 9654cc27f8..24ea71c3f5 100644 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TLSTests.c +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TLSTests.c @@ -7,7 +7,27 @@ SPDX-License-Identifier: BSD-2-Clause-Patent **/ #include "TestBaseCryptLib.h" -#include "TlsLib.h" +#include +#include "TlsDriver.h" +#include "TlsImpl.h" // For pulling "EfiTlsClient" enum + + +// List of Ciphers as appears in TLS Cipher Suite Registry of the IANA +// https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml + +// TODO: Verify order of bytes is correct in all cases (or use UINT8) +CONST UINT16 mCipherId[] = { 0xC030, // TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + 0xC02F, // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + 0xC028, // TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 + 0xC027 // TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 + }; +#define CIPHER_COUNT (sizeof(mCipherId) / sizeof(mCipherId[0])) + + +// TODO: Check if we need to test other versions then SSL3.1 +#define TLS_PROTOCOL_VERSION_MAJOR 0x03 +#define TLS_PROTOCOL_VERSION_MINOR 0x01 + UNIT_TEST_STATUS EFIAPI @@ -15,6 +35,7 @@ TestVerifyTlsPreReq ( UNIT_TEST_CONTEXT Context ) { + // TODO: Flags to be removed with the refactoring of UEFI PCDs if (!PcdGetBool (PcdCryptoServiceTlsInitialize) || !PcdGetBool (PcdCryptoServiceTlsCtxNew) || !PcdGetBool (PcdCryptoServiceTlsCtxFree)) { return UNIT_TEST_ERROR_PREREQUISITE_NOT_MET; } @@ -28,60 +49,351 @@ TestVerifyTlsCleanUp ( UNIT_TEST_CONTEXT Context ) { - // TODO: Inbal: Fill in free of needed buffers + // TODO: Fill in in case needed } -/* Tests for init protocol */ - UNIT_TEST_STATUS EFIAPI -TestTlsInitialize ( +TestTls31CreatCtxObjNewFree ( VOID ) { + TLS_SERVICE *TlsService; + BOOLEAN Status = TlsInitialize(); UT_ASSERT_TRUE (Status); + + auto SslCtxObj = TlsCtxNew(TLS_PROTOCOL_VERSION_MAJOR,TLS_PROTOCOL_VERSION_MINOR); + UT_ASSERT_NOT_NULL(SslCtxObj); + + auto TlsObj = TlsNew(SslCtxObj); + UT_ASSERT_NOT_NULL(TlsObj); + + // Cleanup + TlsFree(TlsObj); + TlsCtxFree(SslCtxObj); return UNIT_TEST_PASSED; } UNIT_TEST_STATUS EFIAPI -TestTlsCreation31CtxNewFree ( +TestTls31ServiceCreateConnection ( VOID ) { - BOOLEAN Status = TlsInitialize(); + EFI_HANDLE ImageHandle; + TLS_SERVICE *TlsService; + TLS_INSTANCE *TlsInstance; + EFI_STATUS Status; + + Status = TlsCreateService(ImageHandle, &TlsService); + UT_ASSERT_EQUAL(EFI_SUCCESS, Status); + + Status = TlsInitialize(); UT_ASSERT_TRUE (Status); - auto SslCtxObj = TlsCtxNew(3,1); - UT_ASSERT_NOT_NULL(SslCtxObj); + TlsService->TlsCtx = TlsCtxNew(TLS_PROTOCOL_VERSION_MAJOR,TLS_PROTOCOL_VERSION_MINOR); + UT_ASSERT_NOT_NULL(TlsService->TlsCtx); + + Status = TlsCreateInstance (TlsService, &TlsInstance); + UT_ASSERT_EQUAL(EFI_SUCCESS, Status); + + TlsInstance->TlsConn = TlsNew(TlsService->TlsCtx); + UT_ASSERT_NOT_NULL(TlsInstance->TlsConn); - TlsFree(SslCtxObj); + Status = TlsSetConnectionEnd (TlsInstance->TlsConn, EfiTlsClient); + UT_ASSERT_EQUAL(EFI_SUCCESS, Status); + + // Cleanup + // NOTE: this is aligned with other tests, but will not be called if test fails + TlsFree(TlsInstance->TlsConn); + TlsCtxFree(TlsService->TlsCtx); + TlsCleanService(TlsService); return UNIT_TEST_PASSED; } +// TODO: Check if we need to call other stages to establish connection +// For example: Handshake, etc. +UNIT_TEST_STATUS +EFIAPI +TestTls31VerifySetCipherList ( + VOID + ) +{ + UINT16 CipherId = 0; + EFI_HANDLE ImageHandle; + TLS_SERVICE *TlsService; + TLS_INSTANCE *TlsInstance; + EFI_STATUS Status; + + Status = TlsCreateService(ImageHandle, &TlsService); + UT_ASSERT_EQUAL(EFI_SUCCESS, Status); + + Status = TlsInitialize(); + UT_ASSERT_TRUE (Status); + + TlsService->TlsCtx = TlsCtxNew(TLS_PROTOCOL_VERSION_MAJOR,TLS_PROTOCOL_VERSION_MINOR); + UT_ASSERT_NOT_NULL(TlsService->TlsCtx); + + Status = TlsCreateInstance (TlsService, &TlsInstance); + UT_ASSERT_EQUAL(EFI_SUCCESS, Status); + + TlsInstance->TlsConn = TlsNew(TlsService->TlsCtx); + UT_ASSERT_NOT_NULL(TlsInstance->TlsConn); + + Status = TlsSetConnectionEnd (TlsInstance->TlsConn, EfiTlsClient); + UT_ASSERT_EQUAL(EFI_SUCCESS, Status); + + Status = TlsSetCipherList (TlsInstance->TlsConn, mCipherId, CIPHER_COUNT); + UT_ASSERT_EQUAL(EFI_SUCCESS, Status); + + TlsGetCurrentCipher(TlsInstance->TlsConn, &CipherId); + UT_ASSERT_EQUAL(EFI_SUCCESS, Status); + + BOOLEAN Found = FALSE; + + for (int i = 0 ; i < CIPHER_COUNT ; i++) { + if (mCipherId[i] == CipherId) { + Found = TRUE; + break; + } + } + UT_ASSERT_TRUE(Found); + + // Cleanup + // NOTE: this is aligned with other tests, but will not be called if test fails + TlsFree(TlsInstance->TlsConn); + TlsCtxFree(TlsService->TlsCtx); + TlsCleanService(TlsService); + + return UNIT_TEST_PASSED; +} UNIT_TEST_STATUS EFIAPI -TestVerifyTlsGenerateKey ( - UNIT_TEST_CONTEXT Context +TestTls31GetCurrentCipher ( + VOID ) { - BOOLEAN Status = TRUE; + UINT16 CipherId = 0; + EFI_HANDLE ImageHandle; + TLS_SERVICE *TlsService; + TLS_INSTANCE *TlsInstance; + EFI_STATUS Status; + + Status = TlsCreateService(ImageHandle, &TlsService); + UT_ASSERT_EQUAL(EFI_SUCCESS, Status); + + Status = TlsInitialize(); + UT_ASSERT_TRUE (Status); + + TlsService->TlsCtx = TlsCtxNew(TLS_PROTOCOL_VERSION_MAJOR,TLS_PROTOCOL_VERSION_MINOR); + UT_ASSERT_NOT_NULL(TlsService->TlsCtx); + + Status = TlsCreateInstance (TlsService, &TlsInstance); + UT_ASSERT_EQUAL(EFI_SUCCESS, Status); + + TlsInstance->TlsConn = TlsNew(TlsService->TlsCtx); + UT_ASSERT_NOT_NULL(TlsInstance->TlsConn); + + TlsGetCurrentCipher(TlsInstance->TlsConn, &CipherId); + UT_ASSERT_EQUAL(EFI_SUCCESS, Status); + + BOOLEAN Found = FALSE; - return Status; + for (int i = 0 ; i < CIPHER_COUNT ; i++) { + if (mCipherId[i] == CipherId) { + Found = TRUE; + break; + } + } + UT_ASSERT_TRUE(Found); + + Status = TlsSetConnectionEnd (TlsInstance->TlsConn, EfiTlsClient); + UT_ASSERT_EQUAL(EFI_SUCCESS, Status); + + // Cleanup + // NOTE: this is aligned with other tests, but will not be called if test fails + TlsFree(TlsInstance->TlsConn); + TlsCtxFree(TlsService->TlsCtx); + TlsCleanService(TlsService); + + return UNIT_TEST_PASSED; } + TEST_DESC mTlsTest[] = { // // -----Description--------------------------------Class---------------------Function----------------Pre-----------------Post------------Context // - { "TestVerifyTlsGenerateKey()", "CryptoPkg.BaseCryptLib.Tls", TestTlsInitialize, TestVerifyTlsPreReq, NULL, NULL}, - { "TestVerifyTlsGenerateKey()", "CryptoPkg.BaseCryptLib.Tls", TestTlsCreation31CtxNewFree, TestVerifyTlsPreReq, NULL, NULL}, + { "TestTls31CreatCtxObjNewFree()", "CryptoPkg.BaseCryptLib.Tls", TestTls31CreatCtxObjNewFree, TestVerifyTlsPreReq, NULL, NULL}, + { "TestTls31ServiceCreateConnection()", "CryptoPkg.BaseCryptLib.Tls", TestTls31ServiceCreateConnection, TestVerifyTlsPreReq, NULL, NULL}, + { "TestTls31VerifyConnection()", "CryptoPkg.BaseCryptLib.Tls", TestTls31VerifySetCipherList, TestVerifyTlsPreReq, NULL, NULL}, + { "TestTls31VerifyCurrentCipher()", "CryptoPkg.BaseCryptLib.Tls", TestTls31GetCurrentCipher, TestVerifyTlsPreReq, NULL, NULL} }; UINTN mTlsTestNum = ARRAY_SIZE (mTlsTest); + + + +// ~~~~ TODO: check if any of these tests are needed ~~~~ + +/* +UNIT_TEST_STATUS +EFIAPI +TestTlsHandleAlert ( + VOID + ) +{ + BOOLEAN Status = TlsInitialize(); + UT_ASSERT_TRUE (Status); + + auto SslCtxObj = TlsCtxNew(3,1); + UT_ASSERT_NOT_NULL(SslCtxObj); + + auto TlsObj = TlsNew(SslCtxObj); + UT_ASSERT_NOT_NULL(TlsObj); + + Status = TlsHandleAlert(TlsObj, NULL, 0, NULL, NULL); + UT_ASSERT_TRUE(Status); + + // Cleanup + TlsFree(TlsObj); + TlsCtxFree(SslCtxObj); + + return UNIT_TEST_PASSED; +} + +UNIT_TEST_STATUS +EFIAPI +TestTlsCloseNotify ( + VOID + ) +{ + BOOLEAN Status = TlsInitialize(); + UT_ASSERT_TRUE (Status); + + auto SslCtxObj = TlsCtxNew(3,1); + UT_ASSERT_NOT_NULL(SslCtxObj); + + auto TlsObj = TlsNew(SslCtxObj); + UT_ASSERT_NOT_NULL(TlsObj); + + Status = TlsCloseNotify(TlsObj, NULL, NULL); + UT_ASSERT_TRUE(Status); + + // Cleanup + TlsFree(TlsObj); + TlsCtxFree(SslCtxObj); + + return UNIT_TEST_PASSED; +} + +UNIT_TEST_STATUS +EFIAPI +TestTlsCtrlTrafficOut ( + VOID + ) +{ + BOOLEAN Status = TlsInitialize(); + UT_ASSERT_TRUE (Status); + + auto SslCtxObj = TlsCtxNew(3,1); + UT_ASSERT_NOT_NULL(SslCtxObj); + + auto TlsObj = TlsNew(SslCtxObj); + UT_ASSERT_NOT_NULL(TlsObj); + + Status = TlsCtrlTrafficOut(TlsObj, NULL, 0); + UT_ASSERT_TRUE(Status); + + // Cleanup + TlsFree(TlsObj); + TlsCtxFree(SslCtxObj); + + return UNIT_TEST_PASSED; +} + +UNIT_TEST_STATUS +EFIAPI +TestTlsCtrlTrafficIn ( + VOID + ) +{ + BOOLEAN Status = TlsInitialize(); + UT_ASSERT_TRUE (Status); + + auto SslCtxObj = TlsCtxNew(3,1); + UT_ASSERT_NOT_NULL(SslCtxObj); + + auto TlsObj = TlsNew(SslCtxObj); + UT_ASSERT_NOT_NULL(TlsObj); + + Status = TlsCtrlTrafficIn(TlsObj, NULL, 0); + UT_ASSERT_TRUE(Status); + + // Cleanup + TlsFree(TlsObj); + TlsCtxFree(SslCtxObj); + + return UNIT_TEST_PASSED; +} + +UNIT_TEST_STATUS +EFIAPI +TestTlsRead ( + VOID + ) +{ + BOOLEAN Status = TlsInitialize(); + UT_ASSERT_TRUE (Status); + + auto SslCtxObj = TlsCtxNew(3,1); + UT_ASSERT_NOT_NULL(SslCtxObj); + + auto TlsObj = TlsNew(SslCtxObj); + UT_ASSERT_NOT_NULL(TlsObj); + + UINT8 Buffer[256]; + UINTN BufferSize = sizeof(Buffer); + Status = TlsRead(TlsObj, Buffer, &BufferSize); + UT_ASSERT_TRUE(Status); + + // Cleanup + TlsFree(TlsObj); + TlsCtxFree(SslCtxObj); + + return UNIT_TEST_PASSED; +} + +UNIT_TEST_STATUS +EFIAPI +TestTlsWrite ( + VOID + ) +{ + BOOLEAN Status = TlsInitialize(); + UT_ASSERT_TRUE (Status); + + auto SslCtxObj = TlsCtxNew(3,1); + UT_ASSERT_NOT_NULL(SslCtxObj); + + auto TlsObj = TlsNew(SslCtxObj); + UT_ASSERT_NOT_NULL(TlsObj); + + UINT8 Buffer[256] = {0}; + UINTN BufferSize = sizeof(Buffer); + Status = TlsWrite(SslCtxObj, Buffer, BufferSize); + UT_ASSERT_TRUE(Status); + + // Cleanup + TlsFree(TlsObj); + TlsCtxFree(SslCtxObj); + + return UNIT_TEST_PASSED; +} +*/ \ No newline at end of file From 92768ef2c1b2819db7aa43d49fd23dc6c661e614 Mon Sep 17 00:00:00 2001 From: Inbal Levi Date: Mon, 20 Jan 2025 20:39:30 +0200 Subject: [PATCH 3/5] [Fix] Minimize dependancy - Minimize header dependancy - Fix funcs input type --- .../UnitTest/Library/BaseCryptLib/TLSTests.c | 141 +++++++----------- 1 file changed, 58 insertions(+), 83 deletions(-) diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TLSTests.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TLSTests.c index 24ea71c3f5..3e7ef0d688 100644 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TLSTests.c +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TLSTests.c @@ -1,26 +1,26 @@ /** @file - Application for Diffie-Hellman Primitives Validation. - -Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent + This is a unit test for RSA OAEP encrypt/decrypt. + Copyright (c) Microsoft Corporation. All rights reserved. + SPDX-License-Identifier: BSD-2-Clause-Patent **/ #include "TestBaseCryptLib.h" #include -#include "TlsDriver.h" -#include "TlsImpl.h" // For pulling "EfiTlsClient" enum +// #include + +typedef void *TLS_OBJ; // List of Ciphers as appears in TLS Cipher Suite Registry of the IANA // https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml // TODO: Verify order of bytes is correct in all cases (or use UINT8) -CONST UINT16 mCipherId[] = { 0xC030, // TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - 0xC02F, // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - 0xC028, // TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - 0xC027 // TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - }; +UINT16 mCipherId[] = { 0xC030, // TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + 0xC02F, // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + 0xC028, // TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 + 0xC027 // TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 + }; #define CIPHER_COUNT (sizeof(mCipherId) / sizeof(mCipherId[0])) @@ -28,6 +28,8 @@ CONST UINT16 mCipherId[] = { 0xC030, // TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 #define TLS_PROTOCOL_VERSION_MAJOR 0x03 #define TLS_PROTOCOL_VERSION_MINOR 0x01 +#define EfiTlsClient 0 + UNIT_TEST_STATUS EFIAPI @@ -36,9 +38,11 @@ TestVerifyTlsPreReq ( ) { // TODO: Flags to be removed with the refactoring of UEFI PCDs + /* if (!PcdGetBool (PcdCryptoServiceTlsInitialize) || !PcdGetBool (PcdCryptoServiceTlsCtxNew) || !PcdGetBool (PcdCryptoServiceTlsCtxFree)) { return UNIT_TEST_ERROR_PREREQUISITE_NOT_MET; } + */ return UNIT_TEST_PASSED; } @@ -55,18 +59,16 @@ TestVerifyTlsCleanUp ( UNIT_TEST_STATUS EFIAPI TestTls31CreatCtxObjNewFree ( - VOID + IN UNIT_TEST_CONTEXT Context ) { - TLS_SERVICE *TlsService; - BOOLEAN Status = TlsInitialize(); UT_ASSERT_TRUE (Status); - auto SslCtxObj = TlsCtxNew(TLS_PROTOCOL_VERSION_MAJOR,TLS_PROTOCOL_VERSION_MINOR); + TLS_OBJ SslCtxObj = TlsCtxNew(TLS_PROTOCOL_VERSION_MAJOR,TLS_PROTOCOL_VERSION_MINOR); UT_ASSERT_NOT_NULL(SslCtxObj); - auto TlsObj = TlsNew(SslCtxObj); + TLS_OBJ TlsObj = TlsNew(SslCtxObj); UT_ASSERT_NOT_NULL(TlsObj); // Cleanup @@ -78,38 +80,29 @@ TestTls31CreatCtxObjNewFree ( UNIT_TEST_STATUS EFIAPI -TestTls31ServiceCreateConnection ( - VOID +TestTls31CreateConnection ( + IN UNIT_TEST_CONTEXT Context ) { - EFI_HANDLE ImageHandle; - TLS_SERVICE *TlsService; - TLS_INSTANCE *TlsInstance; EFI_STATUS Status; + BOOLEAN Result; - Status = TlsCreateService(ImageHandle, &TlsService); - UT_ASSERT_EQUAL(EFI_SUCCESS, Status); - - Status = TlsInitialize(); - UT_ASSERT_TRUE (Status); - - TlsService->TlsCtx = TlsCtxNew(TLS_PROTOCOL_VERSION_MAJOR,TLS_PROTOCOL_VERSION_MINOR); - UT_ASSERT_NOT_NULL(TlsService->TlsCtx); + Result = TlsInitialize(); + UT_ASSERT_TRUE (Result); - Status = TlsCreateInstance (TlsService, &TlsInstance); - UT_ASSERT_EQUAL(EFI_SUCCESS, Status); + TLS_OBJ TlsCtx = TlsCtxNew(TLS_PROTOCOL_VERSION_MAJOR,TLS_PROTOCOL_VERSION_MINOR); + UT_ASSERT_NOT_NULL(TlsCtx); - TlsInstance->TlsConn = TlsNew(TlsService->TlsCtx); - UT_ASSERT_NOT_NULL(TlsInstance->TlsConn); + TLS_OBJ TlsConn = TlsNew(TlsCtx); + UT_ASSERT_NOT_NULL(TlsConn); - Status = TlsSetConnectionEnd (TlsInstance->TlsConn, EfiTlsClient); + Status = TlsSetConnectionEnd (TlsConn, EfiTlsClient); UT_ASSERT_EQUAL(EFI_SUCCESS, Status); // Cleanup // NOTE: this is aligned with other tests, but will not be called if test fails - TlsFree(TlsInstance->TlsConn); - TlsCtxFree(TlsService->TlsCtx); - TlsCleanService(TlsService); + TlsFree(TlsConn); + TlsCtxFree(TlsCtx); return UNIT_TEST_PASSED; } @@ -121,37 +114,29 @@ TestTls31ServiceCreateConnection ( UNIT_TEST_STATUS EFIAPI TestTls31VerifySetCipherList ( - VOID + IN UNIT_TEST_CONTEXT Context ) { UINT16 CipherId = 0; - EFI_HANDLE ImageHandle; - TLS_SERVICE *TlsService; - TLS_INSTANCE *TlsInstance; EFI_STATUS Status; + BOOLEAN Result; - Status = TlsCreateService(ImageHandle, &TlsService); - UT_ASSERT_EQUAL(EFI_SUCCESS, Status); - - Status = TlsInitialize(); - UT_ASSERT_TRUE (Status); - - TlsService->TlsCtx = TlsCtxNew(TLS_PROTOCOL_VERSION_MAJOR,TLS_PROTOCOL_VERSION_MINOR); - UT_ASSERT_NOT_NULL(TlsService->TlsCtx); + Result = TlsInitialize(); + UT_ASSERT_TRUE (Result); - Status = TlsCreateInstance (TlsService, &TlsInstance); - UT_ASSERT_EQUAL(EFI_SUCCESS, Status); + TLS_OBJ TlsCtx = TlsCtxNew(TLS_PROTOCOL_VERSION_MAJOR,TLS_PROTOCOL_VERSION_MINOR); + UT_ASSERT_NOT_NULL(TlsCtx); - TlsInstance->TlsConn = TlsNew(TlsService->TlsCtx); - UT_ASSERT_NOT_NULL(TlsInstance->TlsConn); + TLS_OBJ TlsConn = TlsNew(TlsCtx); + UT_ASSERT_NOT_NULL(TlsConn); - Status = TlsSetConnectionEnd (TlsInstance->TlsConn, EfiTlsClient); + Status = TlsSetConnectionEnd (TlsConn, EfiTlsClient); UT_ASSERT_EQUAL(EFI_SUCCESS, Status); - Status = TlsSetCipherList (TlsInstance->TlsConn, mCipherId, CIPHER_COUNT); + Status = TlsSetCipherList (TlsConn, mCipherId, CIPHER_COUNT); UT_ASSERT_EQUAL(EFI_SUCCESS, Status); - TlsGetCurrentCipher(TlsInstance->TlsConn, &CipherId); + TlsGetCurrentCipher(TlsConn, &CipherId); UT_ASSERT_EQUAL(EFI_SUCCESS, Status); BOOLEAN Found = FALSE; @@ -166,9 +151,8 @@ TestTls31VerifySetCipherList ( // Cleanup // NOTE: this is aligned with other tests, but will not be called if test fails - TlsFree(TlsInstance->TlsConn); - TlsCtxFree(TlsService->TlsCtx); - TlsCleanService(TlsService); + TlsFree(TlsConn); + TlsCtxFree(TlsCtx); return UNIT_TEST_PASSED; } @@ -176,31 +160,23 @@ TestTls31VerifySetCipherList ( UNIT_TEST_STATUS EFIAPI TestTls31GetCurrentCipher ( - VOID + IN UNIT_TEST_CONTEXT Context ) { UINT16 CipherId = 0; - EFI_HANDLE ImageHandle; - TLS_SERVICE *TlsService; - TLS_INSTANCE *TlsInstance; EFI_STATUS Status; + BOOLEAN Result; - Status = TlsCreateService(ImageHandle, &TlsService); - UT_ASSERT_EQUAL(EFI_SUCCESS, Status); - - Status = TlsInitialize(); - UT_ASSERT_TRUE (Status); + Result = TlsInitialize(); + UT_ASSERT_TRUE (Result); - TlsService->TlsCtx = TlsCtxNew(TLS_PROTOCOL_VERSION_MAJOR,TLS_PROTOCOL_VERSION_MINOR); - UT_ASSERT_NOT_NULL(TlsService->TlsCtx); + TLS_OBJ TlsCtx = TlsCtxNew(TLS_PROTOCOL_VERSION_MAJOR,TLS_PROTOCOL_VERSION_MINOR); + UT_ASSERT_NOT_NULL(TlsCtx); - Status = TlsCreateInstance (TlsService, &TlsInstance); - UT_ASSERT_EQUAL(EFI_SUCCESS, Status); - - TlsInstance->TlsConn = TlsNew(TlsService->TlsCtx); - UT_ASSERT_NOT_NULL(TlsInstance->TlsConn); + TLS_OBJ TlsConn = TlsNew(TlsCtx); + UT_ASSERT_NOT_NULL(TlsConn); - TlsGetCurrentCipher(TlsInstance->TlsConn, &CipherId); + TlsGetCurrentCipher(TlsConn, &CipherId); UT_ASSERT_EQUAL(EFI_SUCCESS, Status); BOOLEAN Found = FALSE; @@ -213,14 +189,13 @@ TestTls31GetCurrentCipher ( } UT_ASSERT_TRUE(Found); - Status = TlsSetConnectionEnd (TlsInstance->TlsConn, EfiTlsClient); + Status = TlsSetConnectionEnd (TlsConn, EfiTlsClient); UT_ASSERT_EQUAL(EFI_SUCCESS, Status); // Cleanup // NOTE: this is aligned with other tests, but will not be called if test fails - TlsFree(TlsInstance->TlsConn); - TlsCtxFree(TlsService->TlsCtx); - TlsCleanService(TlsService); + TlsFree(TlsConn); + TlsCtxFree(TlsCtx); return UNIT_TEST_PASSED; } @@ -231,9 +206,9 @@ TEST_DESC mTlsTest[] = { // -----Description--------------------------------Class---------------------Function----------------Pre-----------------Post------------Context // { "TestTls31CreatCtxObjNewFree()", "CryptoPkg.BaseCryptLib.Tls", TestTls31CreatCtxObjNewFree, TestVerifyTlsPreReq, NULL, NULL}, - { "TestTls31ServiceCreateConnection()", "CryptoPkg.BaseCryptLib.Tls", TestTls31ServiceCreateConnection, TestVerifyTlsPreReq, NULL, NULL}, - { "TestTls31VerifyConnection()", "CryptoPkg.BaseCryptLib.Tls", TestTls31VerifySetCipherList, TestVerifyTlsPreReq, NULL, NULL}, - { "TestTls31VerifyCurrentCipher()", "CryptoPkg.BaseCryptLib.Tls", TestTls31GetCurrentCipher, TestVerifyTlsPreReq, NULL, NULL} + { "TestTls31CreateConnection()", "CryptoPkg.BaseCryptLib.Tls", TestTls31CreateConnection, TestVerifyTlsPreReq, NULL, NULL}, + { "TestTls31VerifySetCipherList()", "CryptoPkg.BaseCryptLib.Tls", TestTls31VerifySetCipherList, TestVerifyTlsPreReq, NULL, NULL}, + { "TestTls31GetCurrentCipher()", "CryptoPkg.BaseCryptLib.Tls", TestTls31GetCurrentCipher, TestVerifyTlsPreReq, NULL, NULL} }; UINTN mTlsTestNum = ARRAY_SIZE (mTlsTest); From 600dbe4ca9962a78885414e61b397775a456aaa7 Mon Sep 17 00:00:00 2001 From: Inbal Levi Date: Wed, 22 Jan 2025 18:31:16 +0200 Subject: [PATCH 4/5] [Fix] Linkage --- .../UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTestApp.inf | 1 + CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TLSTests.c | 2 +- .../Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTestApp.inf b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTestApp.inf index bd3774f39d..83e903a43b 100644 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTestApp.inf +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTestApp.inf @@ -54,6 +54,7 @@ UnitTestLib PrintLib BaseCryptLib + TlsLib [FixedPcd] gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceHmacSha256New ## CONSUMES # MU_CHANGE diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TLSTests.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TLSTests.c index 3e7ef0d688..6ed8862959 100644 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TLSTests.c +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TLSTests.c @@ -180,7 +180,7 @@ TestTls31GetCurrentCipher ( UT_ASSERT_EQUAL(EFI_SUCCESS, Status); BOOLEAN Found = FALSE; - + // Check if default config support ciphers for (int i = 0 ; i < CIPHER_COUNT ; i++) { if (mCipherId[i] == CipherId) { Found = TRUE; diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf index f06c0d67a5..7f1e102397 100644 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf @@ -55,6 +55,7 @@ UnitTestLib MmServicesTableLib SynchronizationLib + TlsLib [FixedPcd] gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceHmacSha256New ## CONSUMES # MU_CHANGE From f1ae265aa5657e9c5c49636d2b639ab64806e595 Mon Sep 17 00:00:00 2001 From: Inbal Levi Date: Thu, 23 Jan 2025 14:10:08 +0200 Subject: [PATCH 5/5] [Fix] TLS version, warnings - Fix defines, rename functions - Initialize vars - Remove commented tests - Fix formatting --- .../UnitTest/Library/BaseCryptLib/TLSTests.c | 211 +++++++++--------- 1 file changed, 110 insertions(+), 101 deletions(-) diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TLSTests.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TLSTests.c index 6ed8862959..1816dc8671 100644 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TLSTests.c +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TLSTests.c @@ -7,8 +7,6 @@ #include "TestBaseCryptLib.h" #include -// #include - typedef void *TLS_OBJ; @@ -16,20 +14,19 @@ typedef void *TLS_OBJ; // https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml // TODO: Verify order of bytes is correct in all cases (or use UINT8) -UINT16 mCipherId[] = { 0xC030, // TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - 0xC02F, // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - 0xC028, // TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - 0xC027 // TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - }; -#define CIPHER_COUNT (sizeof(mCipherId) / sizeof(mCipherId[0])) - - -// TODO: Check if we need to test other versions then SSL3.1 -#define TLS_PROTOCOL_VERSION_MAJOR 0x03 -#define TLS_PROTOCOL_VERSION_MINOR 0x01 +UINT16 mCipherId[] = { + 0xC030, // TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + 0xC02F, // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + 0xC028, // TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 + 0xC027 // TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +}; +#define CIPHER_COUNT (sizeof(mCipherId) / sizeof(mCipherId[0])) -#define EfiTlsClient 0 +// Note: Setting TLS 1.2 (Redefined to avoid dependency on MdePkg/Include/IndustryStandard/Tls1.h) +#define TLS12_PROTOCOL_VERSION_MAJOR 0x03 +#define TLS12_PROTOCOL_VERSION_MINOR 0x03 +#define EfiTlsClient 0 UNIT_TEST_STATUS EFIAPI @@ -38,6 +35,7 @@ TestVerifyTlsPreReq ( ) { // TODO: Flags to be removed with the refactoring of UEFI PCDs + /* if (!PcdGetBool (PcdCryptoServiceTlsInitialize) || !PcdGetBool (PcdCryptoServiceTlsCtxNew) || !PcdGetBool (PcdCryptoServiceTlsCtxFree)) { return UNIT_TEST_ERROR_PREREQUISITE_NOT_MET; @@ -47,174 +45,185 @@ TestVerifyTlsPreReq ( return UNIT_TEST_PASSED; } +// Some broken format VOID EFIAPI TestVerifyTlsCleanUp ( UNIT_TEST_CONTEXT Context ) -{ +{ // TODO: Fill in in case needed } UNIT_TEST_STATUS EFIAPI -TestTls31CreatCtxObjNewFree ( +TestTsl12CreatCtxObjNewFree ( IN UNIT_TEST_CONTEXT Context ) { - BOOLEAN Status = TlsInitialize(); + BOOLEAN Status = TlsInitialize (); + UT_ASSERT_TRUE (Status); - - TLS_OBJ SslCtxObj = TlsCtxNew(TLS_PROTOCOL_VERSION_MAJOR,TLS_PROTOCOL_VERSION_MINOR); - UT_ASSERT_NOT_NULL(SslCtxObj); - - TLS_OBJ TlsObj = TlsNew(SslCtxObj); - UT_ASSERT_NOT_NULL(TlsObj); + + TLS_OBJ SslCtxObj = TlsCtxNew (TLS12_PROTOCOL_VERSION_MAJOR, TLS12_PROTOCOL_VERSION_MINOR); + + UT_ASSERT_NOT_NULL (SslCtxObj); + + TLS_OBJ TlsObj = TlsNew (SslCtxObj); + + UT_ASSERT_NOT_NULL (TlsObj); // Cleanup - TlsFree(TlsObj); - TlsCtxFree(SslCtxObj); + TlsFree (TlsObj); + TlsCtxFree (SslCtxObj); return UNIT_TEST_PASSED; } UNIT_TEST_STATUS EFIAPI -TestTls31CreateConnection ( +TestTsl12CreateConnection ( IN UNIT_TEST_CONTEXT Context ) { - EFI_STATUS Status; - BOOLEAN Result; + EFI_STATUS Status = EFI_SUCCESS; + BOOLEAN Result = FALSE; - Result = TlsInitialize(); + Result = TlsInitialize (); UT_ASSERT_TRUE (Result); - - TLS_OBJ TlsCtx = TlsCtxNew(TLS_PROTOCOL_VERSION_MAJOR,TLS_PROTOCOL_VERSION_MINOR); - UT_ASSERT_NOT_NULL(TlsCtx); - TLS_OBJ TlsConn = TlsNew(TlsCtx); - UT_ASSERT_NOT_NULL(TlsConn); - + TLS_OBJ TlsCtx = TlsCtxNew (TLS12_PROTOCOL_VERSION_MAJOR, TLS12_PROTOCOL_VERSION_MINOR); + + UT_ASSERT_NOT_NULL (TlsCtx); + + TLS_OBJ TlsConn = TlsNew (TlsCtx); + + UT_ASSERT_NOT_NULL (TlsConn); + Status = TlsSetConnectionEnd (TlsConn, EfiTlsClient); - UT_ASSERT_EQUAL(EFI_SUCCESS, Status); + UT_ASSERT_EQUAL (EFI_SUCCESS, Status); - // Cleanup + // Cleanup // NOTE: this is aligned with other tests, but will not be called if test fails - TlsFree(TlsConn); - TlsCtxFree(TlsCtx); + TlsFree (TlsConn); + TlsCtxFree (TlsCtx); return UNIT_TEST_PASSED; } - // TODO: Check if we need to call other stages to establish connection // For example: Handshake, etc. UNIT_TEST_STATUS EFIAPI -TestTls31VerifySetCipherList ( - IN UNIT_TEST_CONTEXT Context +TestTsl12VerifySetCipherList ( + IN + UNIT_TEST_CONTEXT + Context ) { - UINT16 CipherId = 0; - EFI_STATUS Status; - BOOLEAN Result; + UINT16 CipherId = 0; + EFI_STATUS Status = EFI_SUCCESS; + BOOLEAN Result = FALSE; - Result = TlsInitialize(); + Result = TlsInitialize (); UT_ASSERT_TRUE (Result); - - TLS_OBJ TlsCtx = TlsCtxNew(TLS_PROTOCOL_VERSION_MAJOR,TLS_PROTOCOL_VERSION_MINOR); - UT_ASSERT_NOT_NULL(TlsCtx); - TLS_OBJ TlsConn = TlsNew(TlsCtx); - UT_ASSERT_NOT_NULL(TlsConn); - + TLS_OBJ TlsCtx = TlsCtxNew (TLS12_PROTOCOL_VERSION_MAJOR, TLS12_PROTOCOL_VERSION_MINOR); + + UT_ASSERT_NOT_NULL (TlsCtx); + + TLS_OBJ TlsConn = TlsNew (TlsCtx); + + UT_ASSERT_NOT_NULL (TlsConn); + Status = TlsSetConnectionEnd (TlsConn, EfiTlsClient); - UT_ASSERT_EQUAL(EFI_SUCCESS, Status); + UT_ASSERT_EQUAL (EFI_SUCCESS, Status); Status = TlsSetCipherList (TlsConn, mCipherId, CIPHER_COUNT); - UT_ASSERT_EQUAL(EFI_SUCCESS, Status); + UT_ASSERT_EQUAL (EFI_SUCCESS, Status); - TlsGetCurrentCipher(TlsConn, &CipherId); - UT_ASSERT_EQUAL(EFI_SUCCESS, Status); + TlsGetCurrentCipher (TlsConn, &CipherId); + UT_ASSERT_EQUAL (EFI_SUCCESS, Status); - BOOLEAN Found = FALSE; + BOOLEAN Found = FALSE; - for (int i = 0 ; i < CIPHER_COUNT ; i++) { + for (int i = 0; i < CIPHER_COUNT; i++) { if (mCipherId[i] == CipherId) { Found = TRUE; break; } } - UT_ASSERT_TRUE(Found); - // Cleanup + UT_ASSERT_TRUE (Found); + + // Cleanup // NOTE: this is aligned with other tests, but will not be called if test fails - TlsFree(TlsConn); - TlsCtxFree(TlsCtx); + TlsFree (TlsConn); + TlsCtxFree (TlsCtx); return UNIT_TEST_PASSED; } UNIT_TEST_STATUS EFIAPI -TestTls31GetCurrentCipher ( +TestTsl12GetCurrentCipher ( IN UNIT_TEST_CONTEXT Context ) { - UINT16 CipherId = 0; - EFI_STATUS Status; - BOOLEAN Result; + UINT16 CipherId = 0; + EFI_STATUS Status = EFI_SUCCESS; + BOOLEAN Result = FALSE; - Result = TlsInitialize(); + Result = TlsInitialize (); UT_ASSERT_TRUE (Result); - - TLS_OBJ TlsCtx = TlsCtxNew(TLS_PROTOCOL_VERSION_MAJOR,TLS_PROTOCOL_VERSION_MINOR); - UT_ASSERT_NOT_NULL(TlsCtx); - - TLS_OBJ TlsConn = TlsNew(TlsCtx); - UT_ASSERT_NOT_NULL(TlsConn); - TlsGetCurrentCipher(TlsConn, &CipherId); - UT_ASSERT_EQUAL(EFI_SUCCESS, Status); + TLS_OBJ TlsCtx = TlsCtxNew (TLS12_PROTOCOL_VERSION_MAJOR, TLS12_PROTOCOL_VERSION_MINOR); + + UT_ASSERT_NOT_NULL (TlsCtx); + + TLS_OBJ TlsConn = TlsNew (TlsCtx); + + UT_ASSERT_NOT_NULL (TlsConn); + + TlsGetCurrentCipher (TlsConn, &CipherId); + UT_ASSERT_EQUAL (EFI_SUCCESS, Status); + + BOOLEAN Found = FALSE; - BOOLEAN Found = FALSE; // Check if default config support ciphers - for (int i = 0 ; i < CIPHER_COUNT ; i++) { + for (int i = 0; i < CIPHER_COUNT; i++) { if (mCipherId[i] == CipherId) { Found = TRUE; break; } } - UT_ASSERT_TRUE(Found); + + UT_ASSERT_TRUE (Found); Status = TlsSetConnectionEnd (TlsConn, EfiTlsClient); - UT_ASSERT_EQUAL(EFI_SUCCESS, Status); + UT_ASSERT_EQUAL (EFI_SUCCESS, Status); - // Cleanup + // Cleanup // NOTE: this is aligned with other tests, but will not be called if test fails - TlsFree(TlsConn); - TlsCtxFree(TlsCtx); + TlsFree (TlsConn); + TlsCtxFree (TlsCtx); return UNIT_TEST_PASSED; } - TEST_DESC mTlsTest[] = { // // -----Description--------------------------------Class---------------------Function----------------Pre-----------------Post------------Context // - { "TestTls31CreatCtxObjNewFree()", "CryptoPkg.BaseCryptLib.Tls", TestTls31CreatCtxObjNewFree, TestVerifyTlsPreReq, NULL, NULL}, - { "TestTls31CreateConnection()", "CryptoPkg.BaseCryptLib.Tls", TestTls31CreateConnection, TestVerifyTlsPreReq, NULL, NULL}, - { "TestTls31VerifySetCipherList()", "CryptoPkg.BaseCryptLib.Tls", TestTls31VerifySetCipherList, TestVerifyTlsPreReq, NULL, NULL}, - { "TestTls31GetCurrentCipher()", "CryptoPkg.BaseCryptLib.Tls", TestTls31GetCurrentCipher, TestVerifyTlsPreReq, NULL, NULL} + { "TestTsl12CreatCtxObjNewFree()", "CryptoPkg.BaseCryptLib.Tls", TestTsl12CreatCtxObjNewFree, TestVerifyTlsPreReq, NULL, NULL }, + { "TestTsl12CreateConnection()", "CryptoPkg.BaseCryptLib.Tls", TestTsl12CreateConnection, TestVerifyTlsPreReq, NULL, NULL }, + { "TestTsl12VerifySetCipherList()", "CryptoPkg.BaseCryptLib.Tls", TestTsl12VerifySetCipherList, TestVerifyTlsPreReq, NULL, NULL }, + { "TestTsl12GetCurrentCipher()", "CryptoPkg.BaseCryptLib.Tls", TestTsl12GetCurrentCipher, TestVerifyTlsPreReq, NULL, NULL } }; UINTN mTlsTestNum = ARRAY_SIZE (mTlsTest); - - // ~~~~ TODO: check if any of these tests are needed ~~~~ /* @@ -226,10 +235,10 @@ TestTlsHandleAlert ( { BOOLEAN Status = TlsInitialize(); UT_ASSERT_TRUE (Status); - + auto SslCtxObj = TlsCtxNew(3,1); UT_ASSERT_NOT_NULL(SslCtxObj); - + auto TlsObj = TlsNew(SslCtxObj); UT_ASSERT_NOT_NULL(TlsObj); @@ -251,7 +260,7 @@ TestTlsCloseNotify ( { BOOLEAN Status = TlsInitialize(); UT_ASSERT_TRUE (Status); - + auto SslCtxObj = TlsCtxNew(3,1); UT_ASSERT_NOT_NULL(SslCtxObj); @@ -276,10 +285,10 @@ TestTlsCtrlTrafficOut ( { BOOLEAN Status = TlsInitialize(); UT_ASSERT_TRUE (Status); - + auto SslCtxObj = TlsCtxNew(3,1); UT_ASSERT_NOT_NULL(SslCtxObj); - + auto TlsObj = TlsNew(SslCtxObj); UT_ASSERT_NOT_NULL(TlsObj); @@ -301,10 +310,10 @@ TestTlsCtrlTrafficIn ( { BOOLEAN Status = TlsInitialize(); UT_ASSERT_TRUE (Status); - + auto SslCtxObj = TlsCtxNew(3,1); UT_ASSERT_NOT_NULL(SslCtxObj); - + auto TlsObj = TlsNew(SslCtxObj); UT_ASSERT_NOT_NULL(TlsObj); @@ -326,10 +335,10 @@ TestTlsRead ( { BOOLEAN Status = TlsInitialize(); UT_ASSERT_TRUE (Status); - + auto SslCtxObj = TlsCtxNew(3,1); UT_ASSERT_NOT_NULL(SslCtxObj); - + auto TlsObj = TlsNew(SslCtxObj); UT_ASSERT_NOT_NULL(TlsObj); @@ -353,10 +362,10 @@ TestTlsWrite ( { BOOLEAN Status = TlsInitialize(); UT_ASSERT_TRUE (Status); - + auto SslCtxObj = TlsCtxNew(3,1); UT_ASSERT_NOT_NULL(SslCtxObj); - + auto TlsObj = TlsNew(SslCtxObj); UT_ASSERT_NOT_NULL(TlsObj); @@ -371,4 +380,4 @@ TestTlsWrite ( return UNIT_TEST_PASSED; } -*/ \ No newline at end of file +*/