Merge pull request #5747 from AndrzejKurek/raw-key-agreement-fail-2-28

Backport 2.28: Add a test for a raw key agreement failure
This commit is contained in:
Gilles Peskine 2022-04-19 14:00:34 +02:00 committed by GitHub
commit 6e8a4b87ea
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 89 additions and 9 deletions

View File

@ -10683,3 +10683,9 @@ ssl_cf_memcpy_offset:0:255:32
# we could get this with 255-bytes plaintext and untruncated SHA-384 # we could get this with 255-bytes plaintext and untruncated SHA-384
Constant-flow memcpy from offset: large Constant-flow memcpy from offset: large
ssl_cf_memcpy_offset:100:339:48 ssl_cf_memcpy_offset:100:339:48
Raw key agreement: nominal
raw_key_agreement_fail:0
Raw key agreement: bad server key
raw_key_agreement_fail:1

View File

@ -876,7 +876,8 @@ exit:
int mbedtls_endpoint_init( mbedtls_endpoint *ep, int endpoint_type, int pk_alg, int mbedtls_endpoint_init( mbedtls_endpoint *ep, int endpoint_type, int pk_alg,
mbedtls_test_message_socket_context *dtls_context, mbedtls_test_message_socket_context *dtls_context,
mbedtls_test_message_queue *input_queue, mbedtls_test_message_queue *input_queue,
mbedtls_test_message_queue *output_queue ) mbedtls_test_message_queue *output_queue,
const mbedtls_ecp_group_id *curves )
{ {
int ret = -1; int ret = -1;
@ -936,6 +937,13 @@ int mbedtls_endpoint_init( mbedtls_endpoint *ep, int endpoint_type, int pk_alg,
MBEDTLS_SSL_PRESET_DEFAULT ); MBEDTLS_SSL_PRESET_DEFAULT );
TEST_ASSERT( ret == 0 ); TEST_ASSERT( ret == 0 );
#if defined(MBEDTLS_ECP_C)
if( curves != NULL )
mbedtls_ssl_conf_curves( &(ep->conf), curves );
#else
(void) curves;
#endif
ret = mbedtls_ssl_setup( &( ep->ssl ), &( ep->conf ) ); ret = mbedtls_ssl_setup( &( ep->ssl ), &( ep->conf ) );
TEST_ASSERT( ret == 0 ); TEST_ASSERT( ret == 0 );
@ -1712,7 +1720,7 @@ void perform_handshake( handshake_test_options* options )
TEST_ASSERT( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT, TEST_ASSERT( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT,
options->pk_alg, &client_context, options->pk_alg, &client_context,
&client_queue, &client_queue,
&server_queue ) == 0 ); &server_queue, NULL ) == 0 );
#if defined(MBEDTLS_TIMING_C) #if defined(MBEDTLS_TIMING_C)
mbedtls_ssl_set_timer_cb( &client.ssl, &timer_client, mbedtls_ssl_set_timer_cb( &client.ssl, &timer_client,
mbedtls_timing_set_delay, mbedtls_timing_set_delay,
@ -1723,7 +1731,7 @@ void perform_handshake( handshake_test_options* options )
{ {
TEST_ASSERT( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT, TEST_ASSERT( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT,
options->pk_alg, NULL, NULL, options->pk_alg, NULL, NULL,
NULL ) == 0 ); NULL, NULL ) == 0 );
} }
if( options->client_min_version != TEST_SSL_MINOR_VERSION_NONE ) if( options->client_min_version != TEST_SSL_MINOR_VERSION_NONE )
@ -1758,7 +1766,7 @@ void perform_handshake( handshake_test_options* options )
TEST_ASSERT( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER, TEST_ASSERT( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
options->pk_alg, &server_context, options->pk_alg, &server_context,
&server_queue, &server_queue,
&client_queue) == 0 ); &client_queue, NULL ) == 0 );
#if defined(MBEDTLS_TIMING_C) #if defined(MBEDTLS_TIMING_C)
mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server, mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server,
mbedtls_timing_set_delay, mbedtls_timing_set_delay,
@ -1768,7 +1776,8 @@ void perform_handshake( handshake_test_options* options )
else else
{ {
TEST_ASSERT( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER, TEST_ASSERT( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
options->pk_alg, NULL, NULL, NULL ) == 0 ); options->pk_alg, NULL, NULL,
NULL, NULL ) == 0 );
} }
mbedtls_ssl_conf_authmode( &server.conf, options->srv_auth_mode ); mbedtls_ssl_conf_authmode( &server.conf, options->srv_auth_mode );
@ -4154,14 +4163,14 @@ void mbedtls_endpoint_sanity( int endpoint_type )
int ret = -1; int ret = -1;
ret = mbedtls_endpoint_init( NULL, endpoint_type, MBEDTLS_PK_RSA, ret = mbedtls_endpoint_init( NULL, endpoint_type, MBEDTLS_PK_RSA,
NULL, NULL, NULL ); NULL, NULL, NULL, NULL );
TEST_ASSERT( MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret ); TEST_ASSERT( MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret );
ret = mbedtls_endpoint_certificate_init( NULL, MBEDTLS_PK_RSA ); ret = mbedtls_endpoint_certificate_init( NULL, MBEDTLS_PK_RSA );
TEST_ASSERT( MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret ); TEST_ASSERT( MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret );
ret = mbedtls_endpoint_init( &ep, endpoint_type, MBEDTLS_PK_RSA, ret = mbedtls_endpoint_init( &ep, endpoint_type, MBEDTLS_PK_RSA,
NULL, NULL, NULL ); NULL, NULL, NULL, NULL );
TEST_ASSERT( ret == 0 ); TEST_ASSERT( ret == 0 );
exit: exit:
@ -4177,13 +4186,13 @@ void move_handshake_to_state(int endpoint_type, int state, int need_pass)
int ret = -1; int ret = -1;
ret = mbedtls_endpoint_init( &base_ep, endpoint_type, MBEDTLS_PK_RSA, ret = mbedtls_endpoint_init( &base_ep, endpoint_type, MBEDTLS_PK_RSA,
NULL, NULL, NULL ); NULL, NULL, NULL, NULL );
TEST_ASSERT( ret == 0 ); TEST_ASSERT( ret == 0 );
ret = mbedtls_endpoint_init( &second_ep, ret = mbedtls_endpoint_init( &second_ep,
( endpoint_type == MBEDTLS_SSL_IS_SERVER ) ? ( endpoint_type == MBEDTLS_SSL_IS_SERVER ) ?
MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER, MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER,
MBEDTLS_PK_RSA, NULL, NULL, NULL ); MBEDTLS_PK_RSA, NULL, NULL, NULL, NULL );
TEST_ASSERT( ret == 0 ); TEST_ASSERT( ret == 0 );
ret = mbedtls_mock_socket_connect( &(base_ep.socket), ret = mbedtls_mock_socket_connect( &(base_ep.socket),
@ -4550,3 +4559,68 @@ exit:
mbedtls_free( src ); mbedtls_free( src );
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_ECDSA_C */
void raw_key_agreement_fail( int bad_server_ecdhe_key )
{
enum { BUFFSIZE = 17000 };
mbedtls_endpoint client, server;
mbedtls_psa_stats_t stats;
size_t free_slots_before = -1;
mbedtls_ecp_group_id curve_list[] = { MBEDTLS_ECP_DP_SECP256R1,
MBEDTLS_ECP_DP_NONE };
USE_PSA_INIT( );
/* Client side, force SECP256R1 to make one key bitflip fail
* the raw key agreement. Flipping the first byte makes the
* required 0x04 identifier invalid. */
TEST_EQUAL( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_PK_ECDSA, NULL, NULL,
NULL, curve_list ), 0 );
/* Server side */
TEST_EQUAL( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
MBEDTLS_PK_ECDSA, NULL, NULL,
NULL, NULL ), 0 );
TEST_EQUAL( mbedtls_mock_socket_connect( &(client.socket),
&(server.socket),
BUFFSIZE ), 0 );
TEST_EQUAL( mbedtls_move_handshake_to_state( &(client.ssl),
&(server.ssl),
MBEDTLS_SSL_CLIENT_KEY_EXCHANGE )
, 0 );
mbedtls_psa_get_stats( &stats );
/* Save the number of slots in use up to this point.
* With PSA, one can be used for the ECDH private key. */
free_slots_before = stats.empty_slots;
if( bad_server_ecdhe_key )
{
/* Force a simulated bitflip in the server key. to make the
* raw key agreement in ssl_write_client_key_exchange fail. */
(client.ssl).handshake->ecdh_psa_peerkey[0] ^= 0x02;
}
TEST_EQUAL( mbedtls_move_handshake_to_state( &(client.ssl),
&(server.ssl),
MBEDTLS_SSL_HANDSHAKE_OVER ),
bad_server_ecdhe_key ? MBEDTLS_ERR_SSL_HW_ACCEL_FAILED : 0 );
mbedtls_psa_get_stats( &stats );
/* Make sure that the key slot is already destroyed in case of failure,
* without waiting to close the connection. */
if( bad_server_ecdhe_key )
TEST_EQUAL( free_slots_before, stats.empty_slots );
exit:
mbedtls_endpoint_free( &client, NULL );
mbedtls_endpoint_free( &server, NULL );
USE_PSA_DONE( );
}
/* END_CASE */