From 5719e1a8ba6dea814a4e4d7485e4e47935d48c46 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ren=C3=A9=20Meusel?= <rene.meusel@nexenio.com>
Date: Thu, 27 Jan 2022 11:04:17 +0100
Subject: [PATCH] protected CCI

---
 src/tests/test_tls_record_layer_13.cpp | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/tests/test_tls_record_layer_13.cpp b/src/tests/test_tls_record_layer_13.cpp
index c96ae17c0eb..ffb70242955 100644
--- a/src/tests/test_tls_record_layer_13.cpp
+++ b/src/tests/test_tls_record_layer_13.cpp
@@ -12,6 +12,7 @@
 #include <botan/tls_magic.h>
 #include <botan/internal/stl_util.h>
 #include <botan/internal/tls_reader.h>
+#include <botan/tls_exceptn.h>
 
 #include <botan/internal/tls_record_layer_13.h>
 
@@ -265,7 +266,7 @@ std::vector<Test::Result> write_records()
          {
          auto record = TLS::Record_Layer().prepare_protected_records(Botan::TLS::APPLICATION_DATA, nullptr, 0);
 
-         result.require("record header was added", record.size() > Botan::TLS::TLS_HEADER_SIZE);
+         result.require("record header was added", record.size() > Botan::TLS::TLS_HEADER_SIZE + 1 /* encrypted content type */);
          }),
       CHECK("prepare a client hello", [&](auto& result)
          {
@@ -380,6 +381,14 @@ read_encrypted_records() {
             {
             TLS::Record_Layer().parse_records(short_record);
             });
+      }),
+
+      CHECK("protected Change Cipher Spec message is illegal", [](Test::Result& result) {
+         // factored message, encrypted under the same key as `encrypted_record`
+         const auto protected_cci = Botan::hex_decode("00");
+         result.test_throws<Botan::TLS::TLS_Exception>("illegal state causes TLS alert", [&] {
+            TLS::Record_Layer().parse_records(protected_cci);
+         });
       })
    };
 }