From 6dd489cb15d29219c7793ad57c9de11193d30503 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 15 Apr 2022 05:54:40 -0400 Subject: [PATCH] raw_key_agreement_fail: Add a nominal run Ensure that the nominal run works properly, so that it's apparent that the injected failure is responsible for the failure of the handshake. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_ssl.data | 7 +++++-- tests/suites/test_suite_ssl.function | 25 +++++++++++++++---------- 2 files changed, 20 insertions(+), 12 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 15d9c5f85..cc88d90da 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -10684,5 +10684,8 @@ ssl_cf_memcpy_offset:0:255:32 Constant-flow memcpy from offset: large ssl_cf_memcpy_offset:100:339:48 -Raw key agreement fail -raw_key_agreement_fail: +Raw key agreement: nominal +raw_key_agreement_fail:0 + +Raw key agreement: bad server key +raw_key_agreement_fail:1 diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 9378f2f6c..d6ce82a52 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -4557,7 +4557,7 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_ECDSA_C */ -void raw_key_agreement_fail( ) +void raw_key_agreement_fail( int bad_server_ecdhe_key ) { enum { BUFFSIZE = 17000 }; mbedtls_endpoint client, server; @@ -4595,19 +4595,24 @@ void raw_key_agreement_fail( ) * With PSA, one can be used for the ECDH private key. */ free_slots_before = stats.empty_slots; - /* Force a simulated bitflip in the server key. to make the - * raw key agreement in ssl_write_client_key_exchange fail. */ - (client.ssl).handshake->ecdh_psa_peerkey[0] ^= 0x02; + if( bad_server_ecdhe_key ) + { + /* Force a simulated bitflip in the server key. to make the + * raw key agreement in ssl_write_client_key_exchange fail. */ + (client.ssl).handshake->ecdh_psa_peerkey[0] ^= 0x02; + } - TEST_ASSERT( mbedtls_move_handshake_to_state( &(client.ssl), - &(server.ssl), - MBEDTLS_SSL_HANDSHAKE_OVER ) - != 0 ); + TEST_EQUAL( mbedtls_move_handshake_to_state( &(client.ssl), + &(server.ssl), + MBEDTLS_SSL_HANDSHAKE_OVER ), + bad_server_ecdhe_key ? MBEDTLS_ERR_SSL_HW_ACCEL_FAILED : 0 ); mbedtls_psa_get_stats( &stats ); - /* Make sure that the key slot is destroyed properly in case of failure. */ - TEST_ASSERT( free_slots_before == stats.empty_slots ); + /* Make sure that the key slot is already destroyed in case of failure, + * without waiting to close the connection. */ + if( bad_server_ecdhe_key ) + TEST_EQUAL( free_slots_before, stats.empty_slots ); exit: mbedtls_endpoint_free( &client, NULL );