Specify padding granularity in TLS 1.3 record protection KATs

Still check that encryption and decryption are inverse to each other if the granularity does not match the one used in the KAT. Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-01 19:18:28 +01:00 · 2021-08-01 19:18:28 +01:00 · 1f91878281
commit 1f91878281
parent dfba065d80
2 changed files with 21 additions and 8 deletions
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@ -6028,7 +6028,8 @@ SSL TLS 1.3 Record Encryption, tls13.ulfheim.net Example #1
 # - Client App IV:  bc4dd5f7b98acff85466261d
 # - App data payload: 70696e67
 # - Complete record:  1703030015c74061535eb12f5f25a781957874742ab7fb305dd5
-ssl_tls1_3_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_CLIENT:0:"0b6d22c8ff68097ea871c672073773bf":"1b13dd9f8d8f17091d34b349":"49134b95328f279f0183860589ac6707":"bc4dd5f7b98acff85466261d":"70696e67":"c74061535eb12f5f25a781957874742ab7fb305dd5"
+# - Padding used: No (== granularity 1)
+ssl_tls1_3_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_CLIENT:0:1:"0b6d22c8ff68097ea871c672073773bf":"1b13dd9f8d8f17091d34b349":"49134b95328f279f0183860589ac6707":"bc4dd5f7b98acff85466261d":"70696e67":"c74061535eb12f5f25a781957874742ab7fb305dd5"

 SSL TLS 1.3 Record Encryption, tls13.ulfheim.net Example #2
 # - Server App Key: 0b6d22c8ff68097ea871c672073773bf
@ -6037,7 +6038,8 @@ SSL TLS 1.3 Record Encryption, tls13.ulfheim.net Example #2
 # - Client App IV:  bc4dd5f7b98acff85466261d
 # - App data payload: 706f6e67
 # - Complete record:  1703030015370e5f168afa7fb16b663ecdfca3dbb81931a90ca7
-ssl_tls1_3_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_SERVER:1:"0b6d22c8ff68097ea871c672073773bf":"1b13dd9f8d8f17091d34b349":"49134b95328f279f0183860589ac6707":"bc4dd5f7b98acff85466261d":"706f6e67":"370e5f168afa7fb16b663ecdfca3dbb81931a90ca7"
+# - Padding used: No (== granularity 1)
+ssl_tls1_3_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_SERVER:1:1:"0b6d22c8ff68097ea871c672073773bf":"1b13dd9f8d8f17091d34b349":"49134b95328f279f0183860589ac6707":"bc4dd5f7b98acff85466261d":"706f6e67":"370e5f168afa7fb16b663ecdfca3dbb81931a90ca7"

 SSL TLS 1.3 Record Encryption RFC 8448 Example #1
 # Application Data record sent by Client in 1-RTT example of RFC 8448, Section 3
@ -6054,7 +6056,8 @@ SSL TLS 1.3 Record Encryption RFC 8448 Example #1
 #                     2b 98 19 a8 a5 b4 6b 39 5b d5 4a 9a 20 44 1e 2b
 #                     62 97 4e 1f 5a 62 92 a2 97 70 14 bd 1e 3d ea e6
 #                     3a ee bb 21 69 49 15 e4
-ssl_tls1_3_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_CLIENT:0:"9f02283b6c9c07efc26bb9f2ac92e356":"cf782b88dd83549aadf1e984":"17422dda596ed5d9acd890e3c63f5051":"5b78923dee08579033e523d9":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031":"a23f7054b62c94d0affafe8228ba55cbefacea42f914aa66bcab3f2b9819a8a5b46b395bd54a9a20441e2b62974e1f5a6292a2977014bd1e3deae63aeebb21694915e4"
+# - Padding used: No (== granularity 1)
+ssl_tls1_3_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_CLIENT:0:1:"9f02283b6c9c07efc26bb9f2ac92e356":"cf782b88dd83549aadf1e984":"17422dda596ed5d9acd890e3c63f5051":"5b78923dee08579033e523d9":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031":"a23f7054b62c94d0affafe8228ba55cbefacea42f914aa66bcab3f2b9819a8a5b46b395bd54a9a20441e2b62974e1f5a6292a2977014bd1e3deae63aeebb21694915e4"

 SSL TLS 1.3 Record Encryption RFC 8448 Example #2
 # Application Data record sent by Server in 1-RTT example of RFC 8448, Section 3
@ -6071,7 +6074,8 @@ SSL TLS 1.3 Record Encryption RFC 8448 Example #2
 #                     e3 0e fa f9 7d 90 e6 df fc 60 2d cb 50 1a 59 a8
 #                     fc c4 9c 4b f2 e5 f0 a2 1c 00 47 c2 ab f3 32 54
 #                     0d d0 32 e1 67 c2 95 5d
-ssl_tls1_3_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_SERVER:1:"9f02283b6c9c07efc26bb9f2ac92e356":"cf782b88dd83549aadf1e984":"17422dda596ed5d9acd890e3c63f5051":"5b78923dee08579033e523d9":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031":"2e937e11ef4ac740e538ad36005fc4a46932fc3225d05f82aa1b36e30efaf97d90e6dffc602dcb501a59a8fcc49c4bf2e5f0a21c0047c2abf332540dd032e167c2955d"
+# - Padding used: No (== granularity 1)
+ssl_tls1_3_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_SERVER:1:1:"9f02283b6c9c07efc26bb9f2ac92e356":"cf782b88dd83549aadf1e984":"17422dda596ed5d9acd890e3c63f5051":"5b78923dee08579033e523d9":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031":"2e937e11ef4ac740e538ad36005fc4a46932fc3225d05f82aa1b36e30efaf97d90e6dffc602dcb501a59a8fcc49c4bf2e5f0a21c0047c2abf332540dd032e167c2955d"

 SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_NONE
 ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_NONE:"":"":"test tls_prf label":"":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@ -3947,6 +3947,7 @@ void ssl_tls1_3_create_psk_binder( int hash_alg,
 void ssl_tls1_3_record_protection( int ciphersuite,
                                   int endpoint,
                                   int ctr,
+                                   int padding_used,
                                   data_t *server_write_key,
                                   data_t *server_write_iv,
                                   data_t *client_write_key,
@ -3959,6 +3960,7 @@ void ssl_tls1_3_record_protection( int ciphersuite,
    mbedtls_ssl_transform transform_recv;
    mbedtls_record rec;
    unsigned char *buf = NULL;
+    size_t buf_len;
    int other_endpoint;

    TEST_ASSERT( endpoint == MBEDTLS_SSL_IS_CLIENT ||
@ -3994,7 +3996,10 @@ void ssl_tls1_3_record_protection( int ciphersuite,
                     &transform_recv, other_endpoint,
                     ciphersuite, &keys, NULL ) == 0 );

-    ASSERT_ALLOC( buf, ciphertext->len );
+    /* Make sure we have enough space in the buffer even if
+     * we use more padding than the KAT. */
+    buf_len = ciphertext->len + MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY;
+    ASSERT_ALLOC( buf, buf_len );
    rec.type   = MBEDTLS_SSL_MSG_APPLICATION_DATA;

    /* TLS 1.3 uses the version identifier from TLS 1.2 on the wire. */
@ -4005,7 +4010,7 @@ void ssl_tls1_3_record_protection( int ciphersuite,

    /* Copy plaintext into record structure */
    rec.buf = buf;
-    rec.buf_len = ciphertext->len;
+    rec.buf_len = buf_len;
    rec.data_offset = 0;
    TEST_ASSERT( plaintext->len <= ciphertext->len );
    memcpy( rec.buf + rec.data_offset, plaintext->x, plaintext->len );
@ -4019,8 +4024,12 @@ void ssl_tls1_3_record_protection( int ciphersuite,

    TEST_ASSERT( mbedtls_ssl_encrypt_buf( NULL, &transform_send, &rec,
                                          NULL, NULL ) == 0 );
-    ASSERT_COMPARE( rec.buf + rec.data_offset, rec.data_len,
-                    ciphertext->x, ciphertext->len );
+
+    if( padding_used == MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY )
+    {
+        ASSERT_COMPARE( rec.buf + rec.data_offset, rec.data_len,
+                        ciphertext->x, ciphertext->len );
+    }

    TEST_ASSERT( mbedtls_ssl_decrypt_buf( NULL, &transform_recv, &rec ) == 0 );
    ASSERT_COMPARE( rec.buf + rec.data_offset, rec.data_len,