Test TLS 1.3 second level key derivation helpers
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index d9261d1..59fae70 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -3794,6 +3794,126 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+void ssl_tls1_3_derive_early_secrets( int hash_alg,
+ data_t *secret,
+ data_t *transcript,
+ data_t *traffic_expected,
+ data_t *exporter_expected )
+{
+ mbedtls_ssl_tls1_3_early_secrets secrets;
+
+ /* Double-check that we've passed sane parameters. */
+ mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
+ mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
+ size_t const md_size = mbedtls_md_get_size( md_info );
+ TEST_ASSERT( md_info != 0 &&
+ secret->len == md_size &&
+ transcript->len == md_size &&
+ traffic_expected->len == md_size &&
+ exporter_expected->len == md_size );
+
+ TEST_ASSERT( mbedtls_ssl_tls1_3_derive_early_secrets(
+ md_type, secret->x, transcript->x, transcript->len,
+ &secrets ) == 0 );
+
+ ASSERT_COMPARE( secrets.client_early_traffic_secret, md_size,
+ traffic_expected->x, traffic_expected->len );
+ ASSERT_COMPARE( secrets.early_exporter_master_secret, md_size,
+ exporter_expected->x, exporter_expected->len );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+void ssl_tls1_3_derive_handshake_secrets( int hash_alg,
+ data_t *secret,
+ data_t *transcript,
+ data_t *client_expected,
+ data_t *server_expected )
+{
+ mbedtls_ssl_tls1_3_handshake_secrets secrets;
+
+ /* Double-check that we've passed sane parameters. */
+ mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
+ mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
+ size_t const md_size = mbedtls_md_get_size( md_info );
+ TEST_ASSERT( md_info != 0 &&
+ secret->len == md_size &&
+ transcript->len == md_size &&
+ client_expected->len == md_size &&
+ server_expected->len == md_size );
+
+ TEST_ASSERT( mbedtls_ssl_tls1_3_derive_handshake_secrets(
+ md_type, secret->x, transcript->x, transcript->len,
+ &secrets ) == 0 );
+
+ ASSERT_COMPARE( secrets.client_handshake_traffic_secret, md_size,
+ client_expected->x, client_expected->len );
+ ASSERT_COMPARE( secrets.server_handshake_traffic_secret, md_size,
+ server_expected->x, server_expected->len );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+void ssl_tls1_3_derive_application_secrets( int hash_alg,
+ data_t *secret,
+ data_t *transcript,
+ data_t *client_expected,
+ data_t *server_expected,
+ data_t *exporter_expected )
+{
+ mbedtls_ssl_tls1_3_application_secrets secrets;
+
+ /* Double-check that we've passed sane parameters. */
+ mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
+ mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
+ size_t const md_size = mbedtls_md_get_size( md_info );
+ TEST_ASSERT( md_info != 0 &&
+ secret->len == md_size &&
+ transcript->len == md_size &&
+ client_expected->len == md_size &&
+ server_expected->len == md_size &&
+ exporter_expected->len == md_size );
+
+ TEST_ASSERT( mbedtls_ssl_tls1_3_derive_application_secrets(
+ md_type, secret->x, transcript->x, transcript->len,
+ &secrets ) == 0 );
+
+ ASSERT_COMPARE( secrets.client_application_traffic_secret_N, md_size,
+ client_expected->x, client_expected->len );
+ ASSERT_COMPARE( secrets.server_application_traffic_secret_N, md_size,
+ server_expected->x, server_expected->len );
+ ASSERT_COMPARE( secrets.exporter_master_secret, md_size,
+ exporter_expected->x, exporter_expected->len );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+void ssl_tls1_3_derive_resumption_secrets( int hash_alg,
+ data_t *secret,
+ data_t *transcript,
+ data_t *resumption_expected )
+{
+ mbedtls_ssl_tls1_3_application_secrets secrets;
+
+ /* Double-check that we've passed sane parameters. */
+ mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
+ mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
+ size_t const md_size = mbedtls_md_get_size( md_info );
+ TEST_ASSERT( md_info != 0 &&
+ secret->len == md_size &&
+ transcript->len == md_size &&
+ resumption_expected->len == md_size );
+
+ TEST_ASSERT( mbedtls_ssl_tls1_3_derive_resumption_master_secret(
+ md_type, secret->x, transcript->x, transcript->len,
+ &secrets ) == 0 );
+
+ ASSERT_COMPARE( secrets.resumption_master_secret, md_size,
+ resumption_expected->x, resumption_expected->len );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
void ssl_tls1_3_key_evolution( int hash_alg,
data_t *secret,
data_t *input,