From 10e0e4d4ff251f7c34c68a7e7c48a9405d830d9f Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Wed, 23 May 2018 19:44:26 +0100 Subject: [PATCH] hkdf: Add negative tests Test for the expected bad input parameter error when given specific sets of bad input parameters. --- tests/suites/test_suite_hkdf.data | 15 +++++++ tests/suites/test_suite_hkdf.function | 60 +++++++++++++++++++++++++++ 2 files changed, 75 insertions(+) diff --git a/tests/suites/test_suite_hkdf.data b/tests/suites/test_suite_hkdf.data index cdf602a01..15837365f 100644 --- a/tests/suites/test_suite_hkdf.data +++ b/tests/suites/test_suite_hkdf.data @@ -1,3 +1,18 @@ +HKDF extract fails with hash_len of 0 +test_hkdf_extract_ret:0:MBEDTLS_ERR_HKDF_BAD_INPUT_DATA + +HKDF expand fails with NULL okm +test_hkdf_expand_ret:32:32:0:MBEDTLS_ERR_HKDF_BAD_INPUT_DATA + +HKDF expand fails with hash_len of 0 +test_hkdf_expand_ret:0:32:32:MBEDTLS_ERR_HKDF_BAD_INPUT_DATA + +HKDF expand fails with prk_len < hash_len +test_hkdf_expand_ret:32:16:32:MBEDTLS_ERR_HKDF_BAD_INPUT_DATA + +HKDF expand fails with okm_len / hash_len > 255 +test_hkdf_expand_ret:32:32:8192:MBEDTLS_ERR_HKDF_BAD_INPUT_DATA + HKDF RFC5869 Test Vector #1 depends_on:MBEDTLS_SHA256_C test_hkdf:6:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865" diff --git a/tests/suites/test_suite_hkdf.function b/tests/suites/test_suite_hkdf.function index f38545c6a..c85a51a7a 100644 --- a/tests/suites/test_suite_hkdf.function +++ b/tests/suites/test_suite_hkdf.function @@ -1,5 +1,6 @@ /* BEGIN_HEADER */ #include "mbedtls/hkdf.h" +#include "mbedtls/md_internal.h" /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -108,3 +109,62 @@ exit: mbedtls_free(output_okm); } /* END_CASE */ + +/* BEGIN_CASE */ +void test_hkdf_extract_ret( int hash_len, int ret ) +{ + int output_ret; + unsigned char *salt = NULL; + unsigned char *ikm = NULL; + unsigned char *prk = NULL; + size_t salt_len, ikm_len; + struct mbedtls_md_info_t fake_md_info; + + memset( &fake_md_info, 0, sizeof( fake_md_info ) ); + fake_md_info.type = MBEDTLS_MD_NONE; + fake_md_info.size = hash_len; + + prk = mbedtls_calloc( MBEDTLS_MD_MAX_SIZE, 1 ); + salt_len = 0; + ikm_len = 0; + + output_ret = mbedtls_hkdf_extract( &fake_md_info, salt, salt_len, + ikm, ikm_len, prk ); + TEST_ASSERT( output_ret == ret ); + +exit: + mbedtls_free(prk); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void test_hkdf_expand_ret( int hash_len, int prk_len, int okm_len, int ret ) +{ + int output_ret; + unsigned char *info = NULL; + unsigned char *prk = NULL; + unsigned char *okm = NULL; + size_t info_len; + struct mbedtls_md_info_t fake_md_info; + + memset( &fake_md_info, 0, sizeof( fake_md_info ) ); + fake_md_info.type = MBEDTLS_MD_NONE; + fake_md_info.size = hash_len; + + info_len = 0; + + if (prk_len > 0) + prk = mbedtls_calloc( prk_len, 1 ); + + if (okm_len > 0) + okm = mbedtls_calloc( okm_len, 1 ); + + output_ret = mbedtls_hkdf_expand( &fake_md_info, prk, prk_len, + info, info_len, okm, okm_len ); + TEST_ASSERT( output_ret == ret ); + +exit: + mbedtls_free(prk); + mbedtls_free(okm); +} +/* END_CASE */