mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-29 07:54:27 +01:00
Merge pull request #5747 from AndrzejKurek/raw-key-agreement-fail-2-28
Backport 2.28: Add a test for a raw key agreement failure
This commit is contained in:
commit
6e8a4b87ea
@ -10683,3 +10683,9 @@ ssl_cf_memcpy_offset:0:255:32
|
|||||||
# we could get this with 255-bytes plaintext and untruncated SHA-384
|
# we could get this with 255-bytes plaintext and untruncated SHA-384
|
||||||
Constant-flow memcpy from offset: large
|
Constant-flow memcpy from offset: large
|
||||||
ssl_cf_memcpy_offset:100:339:48
|
ssl_cf_memcpy_offset:100:339:48
|
||||||
|
|
||||||
|
Raw key agreement: nominal
|
||||||
|
raw_key_agreement_fail:0
|
||||||
|
|
||||||
|
Raw key agreement: bad server key
|
||||||
|
raw_key_agreement_fail:1
|
||||||
|
@ -876,7 +876,8 @@ exit:
|
|||||||
int mbedtls_endpoint_init( mbedtls_endpoint *ep, int endpoint_type, int pk_alg,
|
int mbedtls_endpoint_init( mbedtls_endpoint *ep, int endpoint_type, int pk_alg,
|
||||||
mbedtls_test_message_socket_context *dtls_context,
|
mbedtls_test_message_socket_context *dtls_context,
|
||||||
mbedtls_test_message_queue *input_queue,
|
mbedtls_test_message_queue *input_queue,
|
||||||
mbedtls_test_message_queue *output_queue )
|
mbedtls_test_message_queue *output_queue,
|
||||||
|
const mbedtls_ecp_group_id *curves )
|
||||||
{
|
{
|
||||||
int ret = -1;
|
int ret = -1;
|
||||||
|
|
||||||
@ -936,6 +937,13 @@ int mbedtls_endpoint_init( mbedtls_endpoint *ep, int endpoint_type, int pk_alg,
|
|||||||
MBEDTLS_SSL_PRESET_DEFAULT );
|
MBEDTLS_SSL_PRESET_DEFAULT );
|
||||||
TEST_ASSERT( ret == 0 );
|
TEST_ASSERT( ret == 0 );
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_ECP_C)
|
||||||
|
if( curves != NULL )
|
||||||
|
mbedtls_ssl_conf_curves( &(ep->conf), curves );
|
||||||
|
#else
|
||||||
|
(void) curves;
|
||||||
|
#endif
|
||||||
|
|
||||||
ret = mbedtls_ssl_setup( &( ep->ssl ), &( ep->conf ) );
|
ret = mbedtls_ssl_setup( &( ep->ssl ), &( ep->conf ) );
|
||||||
TEST_ASSERT( ret == 0 );
|
TEST_ASSERT( ret == 0 );
|
||||||
|
|
||||||
@ -1712,7 +1720,7 @@ void perform_handshake( handshake_test_options* options )
|
|||||||
TEST_ASSERT( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT,
|
TEST_ASSERT( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT,
|
||||||
options->pk_alg, &client_context,
|
options->pk_alg, &client_context,
|
||||||
&client_queue,
|
&client_queue,
|
||||||
&server_queue ) == 0 );
|
&server_queue, NULL ) == 0 );
|
||||||
#if defined(MBEDTLS_TIMING_C)
|
#if defined(MBEDTLS_TIMING_C)
|
||||||
mbedtls_ssl_set_timer_cb( &client.ssl, &timer_client,
|
mbedtls_ssl_set_timer_cb( &client.ssl, &timer_client,
|
||||||
mbedtls_timing_set_delay,
|
mbedtls_timing_set_delay,
|
||||||
@ -1723,7 +1731,7 @@ void perform_handshake( handshake_test_options* options )
|
|||||||
{
|
{
|
||||||
TEST_ASSERT( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT,
|
TEST_ASSERT( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT,
|
||||||
options->pk_alg, NULL, NULL,
|
options->pk_alg, NULL, NULL,
|
||||||
NULL ) == 0 );
|
NULL, NULL ) == 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
if( options->client_min_version != TEST_SSL_MINOR_VERSION_NONE )
|
if( options->client_min_version != TEST_SSL_MINOR_VERSION_NONE )
|
||||||
@ -1758,7 +1766,7 @@ void perform_handshake( handshake_test_options* options )
|
|||||||
TEST_ASSERT( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
|
TEST_ASSERT( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
|
||||||
options->pk_alg, &server_context,
|
options->pk_alg, &server_context,
|
||||||
&server_queue,
|
&server_queue,
|
||||||
&client_queue) == 0 );
|
&client_queue, NULL ) == 0 );
|
||||||
#if defined(MBEDTLS_TIMING_C)
|
#if defined(MBEDTLS_TIMING_C)
|
||||||
mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server,
|
mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server,
|
||||||
mbedtls_timing_set_delay,
|
mbedtls_timing_set_delay,
|
||||||
@ -1768,7 +1776,8 @@ void perform_handshake( handshake_test_options* options )
|
|||||||
else
|
else
|
||||||
{
|
{
|
||||||
TEST_ASSERT( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
|
TEST_ASSERT( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
|
||||||
options->pk_alg, NULL, NULL, NULL ) == 0 );
|
options->pk_alg, NULL, NULL,
|
||||||
|
NULL, NULL ) == 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
mbedtls_ssl_conf_authmode( &server.conf, options->srv_auth_mode );
|
mbedtls_ssl_conf_authmode( &server.conf, options->srv_auth_mode );
|
||||||
@ -4154,14 +4163,14 @@ void mbedtls_endpoint_sanity( int endpoint_type )
|
|||||||
int ret = -1;
|
int ret = -1;
|
||||||
|
|
||||||
ret = mbedtls_endpoint_init( NULL, endpoint_type, MBEDTLS_PK_RSA,
|
ret = mbedtls_endpoint_init( NULL, endpoint_type, MBEDTLS_PK_RSA,
|
||||||
NULL, NULL, NULL );
|
NULL, NULL, NULL, NULL );
|
||||||
TEST_ASSERT( MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret );
|
TEST_ASSERT( MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret );
|
||||||
|
|
||||||
ret = mbedtls_endpoint_certificate_init( NULL, MBEDTLS_PK_RSA );
|
ret = mbedtls_endpoint_certificate_init( NULL, MBEDTLS_PK_RSA );
|
||||||
TEST_ASSERT( MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret );
|
TEST_ASSERT( MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret );
|
||||||
|
|
||||||
ret = mbedtls_endpoint_init( &ep, endpoint_type, MBEDTLS_PK_RSA,
|
ret = mbedtls_endpoint_init( &ep, endpoint_type, MBEDTLS_PK_RSA,
|
||||||
NULL, NULL, NULL );
|
NULL, NULL, NULL, NULL );
|
||||||
TEST_ASSERT( ret == 0 );
|
TEST_ASSERT( ret == 0 );
|
||||||
|
|
||||||
exit:
|
exit:
|
||||||
@ -4177,13 +4186,13 @@ void move_handshake_to_state(int endpoint_type, int state, int need_pass)
|
|||||||
int ret = -1;
|
int ret = -1;
|
||||||
|
|
||||||
ret = mbedtls_endpoint_init( &base_ep, endpoint_type, MBEDTLS_PK_RSA,
|
ret = mbedtls_endpoint_init( &base_ep, endpoint_type, MBEDTLS_PK_RSA,
|
||||||
NULL, NULL, NULL );
|
NULL, NULL, NULL, NULL );
|
||||||
TEST_ASSERT( ret == 0 );
|
TEST_ASSERT( ret == 0 );
|
||||||
|
|
||||||
ret = mbedtls_endpoint_init( &second_ep,
|
ret = mbedtls_endpoint_init( &second_ep,
|
||||||
( endpoint_type == MBEDTLS_SSL_IS_SERVER ) ?
|
( endpoint_type == MBEDTLS_SSL_IS_SERVER ) ?
|
||||||
MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER,
|
MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER,
|
||||||
MBEDTLS_PK_RSA, NULL, NULL, NULL );
|
MBEDTLS_PK_RSA, NULL, NULL, NULL, NULL );
|
||||||
TEST_ASSERT( ret == 0 );
|
TEST_ASSERT( ret == 0 );
|
||||||
|
|
||||||
ret = mbedtls_mock_socket_connect( &(base_ep.socket),
|
ret = mbedtls_mock_socket_connect( &(base_ep.socket),
|
||||||
@ -4550,3 +4559,68 @@ exit:
|
|||||||
mbedtls_free( src );
|
mbedtls_free( src );
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
|
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_ECDSA_C */
|
||||||
|
void raw_key_agreement_fail( int bad_server_ecdhe_key )
|
||||||
|
{
|
||||||
|
enum { BUFFSIZE = 17000 };
|
||||||
|
mbedtls_endpoint client, server;
|
||||||
|
mbedtls_psa_stats_t stats;
|
||||||
|
size_t free_slots_before = -1;
|
||||||
|
|
||||||
|
mbedtls_ecp_group_id curve_list[] = { MBEDTLS_ECP_DP_SECP256R1,
|
||||||
|
MBEDTLS_ECP_DP_NONE };
|
||||||
|
USE_PSA_INIT( );
|
||||||
|
|
||||||
|
/* Client side, force SECP256R1 to make one key bitflip fail
|
||||||
|
* the raw key agreement. Flipping the first byte makes the
|
||||||
|
* required 0x04 identifier invalid. */
|
||||||
|
TEST_EQUAL( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT,
|
||||||
|
MBEDTLS_PK_ECDSA, NULL, NULL,
|
||||||
|
NULL, curve_list ), 0 );
|
||||||
|
|
||||||
|
/* Server side */
|
||||||
|
TEST_EQUAL( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
|
||||||
|
MBEDTLS_PK_ECDSA, NULL, NULL,
|
||||||
|
NULL, NULL ), 0 );
|
||||||
|
|
||||||
|
TEST_EQUAL( mbedtls_mock_socket_connect( &(client.socket),
|
||||||
|
&(server.socket),
|
||||||
|
BUFFSIZE ), 0 );
|
||||||
|
|
||||||
|
TEST_EQUAL( mbedtls_move_handshake_to_state( &(client.ssl),
|
||||||
|
&(server.ssl),
|
||||||
|
MBEDTLS_SSL_CLIENT_KEY_EXCHANGE )
|
||||||
|
, 0 );
|
||||||
|
|
||||||
|
mbedtls_psa_get_stats( &stats );
|
||||||
|
/* Save the number of slots in use up to this point.
|
||||||
|
* With PSA, one can be used for the ECDH private key. */
|
||||||
|
free_slots_before = stats.empty_slots;
|
||||||
|
|
||||||
|
if( bad_server_ecdhe_key )
|
||||||
|
{
|
||||||
|
/* Force a simulated bitflip in the server key. to make the
|
||||||
|
* raw key agreement in ssl_write_client_key_exchange fail. */
|
||||||
|
(client.ssl).handshake->ecdh_psa_peerkey[0] ^= 0x02;
|
||||||
|
}
|
||||||
|
|
||||||
|
TEST_EQUAL( mbedtls_move_handshake_to_state( &(client.ssl),
|
||||||
|
&(server.ssl),
|
||||||
|
MBEDTLS_SSL_HANDSHAKE_OVER ),
|
||||||
|
bad_server_ecdhe_key ? MBEDTLS_ERR_SSL_HW_ACCEL_FAILED : 0 );
|
||||||
|
|
||||||
|
mbedtls_psa_get_stats( &stats );
|
||||||
|
|
||||||
|
/* Make sure that the key slot is already destroyed in case of failure,
|
||||||
|
* without waiting to close the connection. */
|
||||||
|
if( bad_server_ecdhe_key )
|
||||||
|
TEST_EQUAL( free_slots_before, stats.empty_slots );
|
||||||
|
|
||||||
|
exit:
|
||||||
|
mbedtls_endpoint_free( &client, NULL );
|
||||||
|
mbedtls_endpoint_free( &server, NULL );
|
||||||
|
|
||||||
|
USE_PSA_DONE( );
|
||||||
|
}
|
||||||
|
/* END_CASE */
|
||||||
|
Loading…
Reference in New Issue
Block a user