commit b3427823bd9d164505df3ed4ffed84ecf696e992
author Andrzej Kurek <andrzej.kurek@arm.com> Tue Mar 08 06:55:42 2022 -0500
committer Andrzej Kurek <andrzej.kurek@mobica.com> Wed Apr 06 11:24:17 2022 -0400
tree f21aa5b4175b63e94df06276151d3e1d25d24cfb
parent 74394a5c393ce4bff11669b7029d96d01792806f

Test failing raw_key_agreement in ssl mock tests

Force a bitflip in server key to make the raw key
agreement fail, and then verify that no key slots
are left open at the end. Use a Weierstrass curve
to have a high chance of failure upon encountering
such bitflip.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>

tests/suites/test_suite_ssl.function

diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 83b32a5..871c838 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -5595,3 +5595,78 @@
 /* END_CASE */
 
 
+
+/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO */
+void raw_key_agreement_fail( )
+{
+    enum { BUFFSIZE = 17000 };
+    mbedtls_endpoint client, server;
+    mbedtls_psa_stats_t stats;
+
+#if defined(MBEDTLS_TIMING_C)
+    mbedtls_timing_delay_context timer_client, timer_server;
+#endif
+    uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 };
+
+    mbedtls_test_message_queue server_queue, client_queue;
+    mbedtls_test_message_socket_context server_context, client_context;
+
+    mbedtls_message_socket_init( &server_context );
+    mbedtls_message_socket_init( &client_context );
+
+    USE_PSA_INIT( );
+
+    /* Client side, force SECP256R1 to make one key bitflip fail
+     * the raw key agreement. Flipping one bit with a Weierstrass
+     * curve (as opposed to a Montgomery curve) has a high chance of
+     * making it invalid. */
+    TEST_ASSERT( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT,
+                                        MBEDTLS_PK_RSA, &client_context,
+                                        &client_queue,
+                                        &server_queue, iana_tls_group_list ) == 0 );
+#if defined(MBEDTLS_TIMING_C)
+    mbedtls_ssl_set_timer_cb( &client.ssl, &timer_client,
+                              mbedtls_timing_set_delay,
+                              mbedtls_timing_get_delay );
+#endif
+
+    /* Server side */
+    TEST_ASSERT( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
+                                        MBEDTLS_PK_RSA, &server_context,
+                                        &server_queue,
+                                        &client_queue, NULL ) == 0 );
+#if defined(MBEDTLS_TIMING_C)
+    mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server,
+                              mbedtls_timing_set_delay,
+                              mbedtls_timing_get_delay );
+#endif
+
+    TEST_ASSERT( mbedtls_mock_socket_connect( &(client.socket),
+                                              &(server.socket),
+                                              BUFFSIZE ) == 0 );
+
+    TEST_ASSERT( mbedtls_move_handshake_to_state( &(client.ssl),
+                                                  &(server.ssl),
+                                                  MBEDTLS_SSL_CLIENT_KEY_EXCHANGE )
+                 ==  0 );
+
+    /* Force a simulated bitflip in the server key. to make the
+     * raw key agreement in ssl_write_client_key_exchange fail. */
+    (client.ssl).handshake->ecdh_psa_peerkey[5] ^= 0x02;
+
+    TEST_ASSERT( mbedtls_move_handshake_to_state( &(client.ssl),
+                                                  &(server.ssl),
+                                                  MBEDTLS_SSL_HANDSHAKE_OVER )
+                 !=  0 );
+
+    mbedtls_psa_get_stats( &stats );
+
+    /* Make sure that the key slot is destroyed properly in case of failure. */
+    TEST_ASSERT( stats.empty_slots == MBEDTLS_PSA_KEY_SLOT_COUNT );
+
+exit:
+    mbedtls_endpoint_free( &client, &client_context );
+    mbedtls_endpoint_free( &server, &server_context );
+    USE_PSA_DONE( );
+}
+/* END_CASE */