mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-29 17:34:22 +01:00
TLS: Add negative tests for non-EtM CBC decryption
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
parent
bfbdca8bb4
commit
0ac01a1c59
@ -9374,6 +9374,102 @@ Record crypt, little space, NULL cipher, SSL3, MD5, short tag, EtM
|
|||||||
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
||||||
|
|
||||||
|
Decrypt CBC !EtM, AES SHA256 !trunc, 0, good min pad, good mac
|
||||||
|
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:0:"0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f":0
|
||||||
|
|
||||||
|
Decrypt CBC !EtM, AES SHA256 !trunc, 0, good min pad, bad mac
|
||||||
|
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:1:"0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f":MBEDTLS_ERR_SSL_INVALID_MAC
|
||||||
|
|
||||||
|
Decrypt CBC !EtM, AES SHA256 !trunc, 0, bad min pad (byte 0), good mac
|
||||||
|
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:0:"0E0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f":MBEDTLS_ERR_SSL_INVALID_MAC
|
||||||
|
|
||||||
|
Decrypt CBC !EtM, AES SHA256 !trunc, 0, bad min pad (byte 0), bad mac
|
||||||
|
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:1:"0E0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f":MBEDTLS_ERR_SSL_INVALID_MAC
|
||||||
|
|
||||||
|
Decrypt CBC !EtM, AES SHA256 !trunc, 0, bad min pad (len), good mac
|
||||||
|
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:0:"0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0E":MBEDTLS_ERR_SSL_INVALID_MAC
|
||||||
|
|
||||||
|
Decrypt CBC !EtM, AES SHA256 !trunc, 0, overlong pad 1, good mac
|
||||||
|
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:0:"10101010101010101010101010101010":MBEDTLS_ERR_SSL_INVALID_MAC
|
||||||
|
|
||||||
|
Decrypt CBC !EtM, AES SHA256 !trunc, 0, overlong pad 2, good mac
|
||||||
|
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:0:"30303030303030303030303030303030":MBEDTLS_ERR_SSL_INVALID_MAC
|
||||||
|
|
||||||
|
Decrypt CBC !EtM, AES SHA256 !trunc, 0, good maxlen pad, good mac
|
||||||
|
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:0:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":0
|
||||||
|
|
||||||
|
Decrypt CBC !EtM, AES SHA256 !trunc, 0, good maxlen pad, bad mac
|
||||||
|
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:1:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":MBEDTLS_ERR_SSL_INVALID_MAC
|
||||||
|
|
||||||
|
Decrypt CBC !EtM, AES SHA256 !trunc, 0, bad maxlen pad (byte 0), good mac
|
||||||
|
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:0:"fEffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":MBEDTLS_ERR_SSL_INVALID_MAC
|
||||||
|
|
||||||
|
Decrypt CBC !EtM, AES SHA256 !trunc, 0, bad maxlen pad (byte 0), bad mac
|
||||||
|
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:1:"fEffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":MBEDTLS_ERR_SSL_INVALID_MAC
|
||||||
|
|
||||||
|
Decrypt CBC !EtM, AES SHA256 !trunc, 0, bad maxlen (len), good mac
|
||||||
|
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:0:"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffE":MBEDTLS_ERR_SSL_INVALID_MAC
|
||||||
|
|
||||||
|
Decrypt CBC !EtM, AES SHA256 trunc, 0, good min pad, good mac
|
||||||
|
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:0:"050505050505":0
|
||||||
|
|
||||||
|
Decrypt CBC !EtM, AES SHA256 trunc, 0, good min pad, bad mac
|
||||||
|
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:1:"050505050505":MBEDTLS_ERR_SSL_INVALID_MAC
|
||||||
|
|
||||||
|
Decrypt CBC !EtM, AES SHA256 trunc, 0, bad min pad (byte 0), good mac
|
||||||
|
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:0:"040505050505":MBEDTLS_ERR_SSL_INVALID_MAC
|
||||||
|
|
||||||
|
Decrypt CBC !EtM, AES SHA256 trunc, 0, bad min pad (byte 0), bad mac
|
||||||
|
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:1:"040505050505":MBEDTLS_ERR_SSL_INVALID_MAC
|
||||||
|
|
||||||
|
Decrypt CBC !EtM, AES SHA256 trunc, 0, bad min pad (len), good mac
|
||||||
|
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:0:"050505050504":MBEDTLS_ERR_SSL_INVALID_MAC
|
||||||
|
|
||||||
|
Decrypt CBC !EtM, AES SHA256 trunc, 0, overlong pad 1, good mac
|
||||||
|
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:0:"060606060606":MBEDTLS_ERR_SSL_INVALID_MAC
|
||||||
|
|
||||||
|
Decrypt CBC !EtM, AES SHA256 trunc, 0, overlong pad 2, good mac
|
||||||
|
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:0:"101010101010":MBEDTLS_ERR_SSL_INVALID_MAC
|
||||||
|
|
||||||
|
Decrypt CBC !EtM, AES SHA256 trunc, 0, good maxlen pad, good mac
|
||||||
|
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:0:"f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5":0
|
||||||
|
|
||||||
|
Decrypt CBC !EtM, AES SHA256 trunc, 0, good maxlen pad, bad mac
|
||||||
|
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:1:"f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5":MBEDTLS_ERR_SSL_INVALID_MAC
|
||||||
|
|
||||||
|
Decrypt CBC !EtM, AES SHA256 trunc, 0, bad maxlen pad (byte 0), good mac
|
||||||
|
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:0:"E5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5":MBEDTLS_ERR_SSL_INVALID_MAC
|
||||||
|
|
||||||
|
Decrypt CBC !EtM, AES SHA256 trunc, 0, bad maxlen pad (byte 0), bad mac
|
||||||
|
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:1:"E5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5":MBEDTLS_ERR_SSL_INVALID_MAC
|
||||||
|
|
||||||
|
Decrypt CBC !EtM, AES SHA256 trunc, 0, bad maxlen (len), good mac
|
||||||
|
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:0:"f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f4":MBEDTLS_ERR_SSL_INVALID_MAC
|
||||||
|
|
||||||
SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_NONE
|
SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_NONE
|
||||||
ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_NONE:"":"":"test tls_prf label":"":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
|
ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_NONE:"":"":"test tls_prf label":"":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
|
||||||
|
|
||||||
|
@ -3452,6 +3452,116 @@ exit:
|
|||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
|
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||||
|
void ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac,
|
||||||
|
int plaintext_len, int badmac, data_t *padding,
|
||||||
|
int exp_ret )
|
||||||
|
{
|
||||||
|
/*
|
||||||
|
* Test record decryption for CBC without EtM with possibly incorrect
|
||||||
|
* padding (provided as input) or MAC (generated by this function).
|
||||||
|
*
|
||||||
|
* Actually depends on TLS >= 1.0 (SSL 3.0 computes the MAC differently),
|
||||||
|
* but since the test framework doesn't support alternation in dependency
|
||||||
|
* statements, just depend on TLS 1.2.
|
||||||
|
*/
|
||||||
|
mbedtls_ssl_context ssl; /* ONLY for debugging */
|
||||||
|
mbedtls_ssl_transform t0, t1;
|
||||||
|
mbedtls_record rec;
|
||||||
|
unsigned char *buf = NULL;
|
||||||
|
size_t buflen, olen = 0;
|
||||||
|
const size_t rec_data_offset = 16; /* IV size */
|
||||||
|
unsigned char add_data[13];
|
||||||
|
unsigned char mac[MBEDTLS_MD_MAX_SIZE];
|
||||||
|
|
||||||
|
mbedtls_ssl_init( &ssl );
|
||||||
|
mbedtls_ssl_transform_init( &t0 );
|
||||||
|
mbedtls_ssl_transform_init( &t1 );
|
||||||
|
|
||||||
|
/* Set up transforms with dummy keys */
|
||||||
|
TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id,
|
||||||
|
0, trunc_hmac,
|
||||||
|
MBEDTLS_SSL_MINOR_VERSION_3,
|
||||||
|
0 , 0 ) == 0 );
|
||||||
|
|
||||||
|
/* Prepare a buffer for record data */
|
||||||
|
buflen = rec_data_offset
|
||||||
|
+ plaintext_len
|
||||||
|
+ t0.maclen
|
||||||
|
+ padding->len;
|
||||||
|
ASSERT_ALLOC( buf, buflen );
|
||||||
|
|
||||||
|
/* Prepare a dummy record header */
|
||||||
|
memset( rec.ctr, 0, sizeof( rec.ctr ) );
|
||||||
|
rec.type = MBEDTLS_SSL_MSG_APPLICATION_DATA;
|
||||||
|
rec.ver[0] = MBEDTLS_SSL_MAJOR_VERSION_3;
|
||||||
|
rec.ver[1] = MBEDTLS_SSL_MINOR_VERSION_3;
|
||||||
|
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||||
|
rec.cid_len = 0;
|
||||||
|
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||||
|
|
||||||
|
/* Prepare dummy record content */
|
||||||
|
rec.buf = buf;
|
||||||
|
rec.buf_len = buflen;
|
||||||
|
rec.data_offset = rec_data_offset;
|
||||||
|
rec.data_len = plaintext_len;
|
||||||
|
memset( rec.buf + rec.data_offset, 42, rec.data_len );
|
||||||
|
|
||||||
|
/*
|
||||||
|
* MAC, "pad" and encrypt - this near-duplicates the TLS 1.x non-EtM CBC
|
||||||
|
* code path of mbedtls_ssl_encrypt_buf(), but with user-provided padding,
|
||||||
|
* and possibly wrong HMAC. Also, without safety checks or CID support.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/* MAC with additional data */
|
||||||
|
memcpy( add_data, rec.ctr, 8 );
|
||||||
|
add_data[8] = rec.type;
|
||||||
|
add_data[9] = rec.ver[0];
|
||||||
|
add_data[10] = rec.ver[1];
|
||||||
|
add_data[11] = ( rec.data_len >> 8 ) & 0xff;
|
||||||
|
add_data[12] = ( rec.data_len >> 0 ) & 0xff;
|
||||||
|
|
||||||
|
TEST_EQUAL( 0, mbedtls_md_hmac_update( &t0.md_ctx_enc, add_data, 13 ) );
|
||||||
|
TEST_EQUAL( 0, mbedtls_md_hmac_update( &t0.md_ctx_enc,
|
||||||
|
rec.buf + rec.data_offset,
|
||||||
|
rec.data_len ) );
|
||||||
|
TEST_EQUAL( 0, mbedtls_md_hmac_finish( &t0.md_ctx_enc, mac ) );
|
||||||
|
|
||||||
|
memcpy( rec.buf + rec.data_offset + rec.data_len, mac, t0.maclen );
|
||||||
|
rec.data_len += t0.maclen;
|
||||||
|
|
||||||
|
/* Possibly falsify the MAC */
|
||||||
|
rec.buf[rec.data_offset + rec.data_len - 1] ^= badmac;
|
||||||
|
|
||||||
|
/* Append the user-provided padding */
|
||||||
|
memcpy( rec.buf + rec.data_offset + rec.data_len, padding->x, padding->len );
|
||||||
|
rec.data_len += padding->len;
|
||||||
|
|
||||||
|
/* Set dummy IV and encrypt */
|
||||||
|
memset( t0.iv_enc, 0x55, t0.ivlen );
|
||||||
|
TEST_ASSERT( t0.ivlen == rec_data_offset );
|
||||||
|
memcpy( rec.buf, t0.iv_enc, rec_data_offset );
|
||||||
|
|
||||||
|
TEST_EQUAL( 0, mbedtls_cipher_crypt( &t0.cipher_ctx_enc,
|
||||||
|
t0.iv_enc, t0.ivlen,
|
||||||
|
rec.buf + rec.data_offset, rec.data_len,
|
||||||
|
rec.buf + rec.data_offset, &olen ) );
|
||||||
|
rec.data_offset -= t0.ivlen;
|
||||||
|
rec.data_len += t0.ivlen;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Try to decrypt and check that we get the expected result
|
||||||
|
*/
|
||||||
|
TEST_EQUAL( exp_ret, mbedtls_ssl_decrypt_buf( &ssl, &t1, &rec ) );
|
||||||
|
|
||||||
|
exit:
|
||||||
|
mbedtls_ssl_free( &ssl );
|
||||||
|
mbedtls_ssl_transform_free( &t0 );
|
||||||
|
mbedtls_ssl_transform_free( &t1 );
|
||||||
|
mbedtls_free( buf );
|
||||||
|
}
|
||||||
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE */
|
/* BEGIN_CASE */
|
||||||
void ssl_tls_prf( int type, data_t * secret, data_t * random,
|
void ssl_tls_prf( int type, data_t * secret, data_t * random,
|
||||||
char *label, data_t *result_hex_str, int exp_ret )
|
char *label, data_t *result_hex_str, int exp_ret )
|
||||||
|
Loading…
Reference in New Issue
Block a user