cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-10-04 19:16:58 -04:00
Code Issues Packages Projects Releases Wiki Activity

raw_key_agreement_fail: Add a nominal run

Browse Source 
Ensure that the nominal run works properly, so that it's apparent that the
injected failure is responsible for the failure of the handshake.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2022-04-08 16:48:09 -04:00 committed by Andrzej Kurek
parent 6cbc9986fb
commit b4f874d1da
2 changed files with 20 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
tests/suites/test_suite_ssl.data
View File

@ -3361,5 +3361,8 @@ timing_final_delay_accessor
Sanity test cid functions Sanity test cid functions
cid_sanity: cid_sanity:
Raw key agreement fail Raw key agreement: nominal
raw_key_agreement_fail: raw_key_agreement_fail:0
Raw key agreement: bad server key
raw_key_agreement_fail:1

25
tests/suites/test_suite_ssl.function
View File

@ -5595,7 +5595,7 @@ void cid_sanity( )
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_ECDSA_C */ /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_ECDSA_C */
void raw_key_agreement_fail( ) void raw_key_agreement_fail( int bad_server_ecdhe_key )
{ {
enum { BUFFSIZE = 17000 }; enum { BUFFSIZE = 17000 };
mbedtls_endpoint client, server; mbedtls_endpoint client, server;
@ -5633,19 +5633,24 @@ void raw_key_agreement_fail( )
* With PSA, one can be used for the ECDH private key. */ * With PSA, one can be used for the ECDH private key. */
free_slots_before = stats.empty_slots; free_slots_before = stats.empty_slots;
/* Force a simulated bitflip in the server key. to make the if( bad_server_ecdhe_key )
* raw key agreement in ssl_write_client_key_exchange fail. */ {
(client.ssl).handshake->ecdh_psa_peerkey[0] ^= 0x02; /* Force a simulated bitflip in the server key. to make the
* raw key agreement in ssl_write_client_key_exchange fail. */
(client.ssl).handshake->ecdh_psa_peerkey[0] ^= 0x02;
}
TEST_ASSERT( mbedtls_move_handshake_to_state( &(client.ssl), TEST_EQUAL( mbedtls_move_handshake_to_state( &(client.ssl),
&(server.ssl), &(server.ssl),
MBEDTLS_SSL_HANDSHAKE_OVER ) MBEDTLS_SSL_HANDSHAKE_OVER ),
!= 0 ); bad_server_ecdhe_key ? MBEDTLS_ERR_SSL_HW_ACCEL_FAILED : 0 );
mbedtls_psa_get_stats( &stats ); mbedtls_psa_get_stats( &stats );
/* Make sure that the key slot is destroyed properly in case of failure. */ /* Make sure that the key slot is already destroyed in case of failure,
TEST_ASSERT( free_slots_before == stats.empty_slots ); * without waiting to close the connection. */
if( bad_server_ecdhe_key )
TEST_EQUAL( free_slots_before, stats.empty_slots );
exit: exit:
mbedtls_endpoint_free( &client, NULL ); mbedtls_endpoint_free( &client, NULL );