yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-03-04 15:49:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

raw_key_agreement_fail: Add a nominal run

Browse source 
Ensure that the nominal run works properly, so that it's apparent that the
injected failure is responsible for the failure of the handshake.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2022-04-15 05:54:40 -04:00 committed by Andrzej Kurek
parent 703a88916b
commit 6dd489cb15
2 changed files with 20 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
tests/suites/test_suite_ssl.data
View file

@ -10684,5 +10684,8 @@ ssl_cf_memcpy_offset:0:255:32
Constant-flow memcpy from offset: large Constant-flow memcpy from offset: large
ssl_cf_memcpy_offset:100:339:48 ssl_cf_memcpy_offset:100:339:48
Raw key agreement fail Raw key agreement: nominal
raw_key_agreement_fail: raw_key_agreement_fail:0
Raw key agreement: bad server key
raw_key_agreement_fail:1

25
tests/suites/test_suite_ssl.function
View file

@ -4557,7 +4557,7 @@ exit:
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_ECDSA_C */ /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_ECDSA_C */
void raw_key_agreement_fail( ) void raw_key_agreement_fail( int bad_server_ecdhe_key )
{ {
enum { BUFFSIZE = 17000 }; enum { BUFFSIZE = 17000 };
mbedtls_endpoint client, server; mbedtls_endpoint client, server;
@ -4595,19 +4595,24 @@ void raw_key_agreement_fail( )
* With PSA, one can be used for the ECDH private key. */ * With PSA, one can be used for the ECDH private key. */
free_slots_before = stats.empty_slots; free_slots_before = stats.empty_slots;
/* Force a simulated bitflip in the server key. to make the if( bad_server_ecdhe_key )
* raw key agreement in ssl_write_client_key_exchange fail. */ {
(client.ssl).handshake->ecdh_psa_peerkey[0] ^= 0x02; /* Force a simulated bitflip in the server key. to make the
* raw key agreement in ssl_write_client_key_exchange fail. */
(client.ssl).handshake->ecdh_psa_peerkey[0] ^= 0x02;
}
TEST_ASSERT( mbedtls_move_handshake_to_state( &(client.ssl), TEST_EQUAL( mbedtls_move_handshake_to_state( &(client.ssl),
&(server.ssl), &(server.ssl),
MBEDTLS_SSL_HANDSHAKE_OVER ) MBEDTLS_SSL_HANDSHAKE_OVER ),
!= 0 ); bad_server_ecdhe_key ? MBEDTLS_ERR_SSL_HW_ACCEL_FAILED : 0 );
mbedtls_psa_get_stats( &stats ); mbedtls_psa_get_stats( &stats );
/* Make sure that the key slot is destroyed properly in case of failure. */ /* Make sure that the key slot is already destroyed in case of failure,
TEST_ASSERT( free_slots_before == stats.empty_slots ); * without waiting to close the connection. */
if( bad_server_ecdhe_key )
TEST_EQUAL( free_slots_before, stats.empty_slots );
exit: exit:
mbedtls_endpoint_free( &client, NULL ); mbedtls_endpoint_free( &client, NULL );