TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 6dd489cb15d29219c7793ad57c9de11193d30503^! / . / tests / suites / test_suite_ssl.function
commit6dd489cb15d29219c7793ad57c9de11193d30503[log] [tgz]
authorGilles Peskine <Gilles.Peskine@arm.com>Fri Apr 15 05:54:40 2022 -0400
committerAndrzej Kurek <andrzej.kurek@arm.com>Fri Apr 15 07:02:16 2022 -0400
tree0e370dba28ccd68d55e241905edbcfe74ff74c7d
parent703a88916b211b89b266368a535453bd4d2258ee [diff] [blame]
raw_key_agreement_fail: Add a nominal run

Ensure that the nominal run works properly, so that it's apparent that the
injected failure is responsible for the failure of the handshake.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 9378f2f..d6ce82a 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function

@@ -4557,7 +4557,7 @@
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_ECDSA_C */
-void raw_key_agreement_fail( )
+void raw_key_agreement_fail( int bad_server_ecdhe_key )
 {
     enum { BUFFSIZE = 17000 };
     mbedtls_endpoint client, server;
@@ -4595,19 +4595,24 @@
      * With PSA, one can be used for the ECDH private key. */
     free_slots_before = stats.empty_slots;
 
-    /* Force a simulated bitflip in the server key. to make the
-     * raw key agreement in ssl_write_client_key_exchange fail. */
-    (client.ssl).handshake->ecdh_psa_peerkey[0] ^= 0x02;
+    if( bad_server_ecdhe_key )
+    {
+        /* Force a simulated bitflip in the server key. to make the
+         * raw key agreement in ssl_write_client_key_exchange fail. */
+        (client.ssl).handshake->ecdh_psa_peerkey[0] ^= 0x02;
+    }
 
-    TEST_ASSERT( mbedtls_move_handshake_to_state( &(client.ssl),
-                                                  &(server.ssl),
-                                                  MBEDTLS_SSL_HANDSHAKE_OVER )
-                 !=  0 );
+    TEST_EQUAL( mbedtls_move_handshake_to_state( &(client.ssl),
+                                                 &(server.ssl),
+                                                 MBEDTLS_SSL_HANDSHAKE_OVER ),
+                bad_server_ecdhe_key ? MBEDTLS_ERR_SSL_HW_ACCEL_FAILED : 0 );
 
     mbedtls_psa_get_stats( &stats );
 
-    /* Make sure that the key slot is destroyed properly in case of failure. */
-    TEST_ASSERT( free_slots_before == stats.empty_slots );
+    /* Make sure that the key slot is already destroyed in case of failure,
+     * without waiting to close the connection. */
+    if( bad_server_ecdhe_key )
+        TEST_EQUAL( free_slots_before, stats.empty_slots );
 
 exit:
     mbedtls_endpoint_free( &client, NULL );