Add tests for mbedtls_psa_hkdf_expand

Add test cases which test psa_import_key and psa_mac_sign_setup
function call if they return error.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
This commit is contained in:
Gabor Mezei 2022-02-17 11:52:12 +01:00
parent 8e3602569b
commit cbe5ba500a
No known key found for this signature in database
GPG key ID: 106F5A41ECC305BD
2 changed files with 43 additions and 1 deletions

View file

@ -4382,9 +4382,13 @@ SSL TLS 1.3 Key schedule: HKDF expand fails with NULL okm
depends_on:PSA_WANT_ALG_SHA_256 depends_on:PSA_WANT_ALG_SHA_256
psa_hkdf_expand_ret:PSA_ALG_HMAC(PSA_ALG_SHA_256):32:0:PSA_ERROR_INVALID_ARGUMENT psa_hkdf_expand_ret:PSA_ALG_HMAC(PSA_ALG_SHA_256):32:0:PSA_ERROR_INVALID_ARGUMENT
SSL TLS 1.3 Key schedule: HKDF expand fails with wrong hash alg SSL TLS 1.3 Key schedule: HKDF expand fails with invalid alg
psa_hkdf_expand_ret:0:32:32:PSA_ERROR_INVALID_ARGUMENT psa_hkdf_expand_ret:0:32:32:PSA_ERROR_INVALID_ARGUMENT
SSL TLS 1.3 Key schedule: HKDF expand fails with incompatible alg
depends_on:PSA_WANT_ALG_SHA_256
psa_hkdf_expand_ret:PSA_ALG_SHA_256:32:32:PSA_ERROR_INVALID_ARGUMENT
SSL TLS 1.3 Key schedule: HKDF expand fails with prk_len < hash_len SSL TLS 1.3 Key schedule: HKDF expand fails with prk_len < hash_len
depends_on:PSA_WANT_ALG_SHA_256 depends_on:PSA_WANT_ALG_SHA_256
psa_hkdf_expand_ret:PSA_ALG_HMAC(PSA_ALG_SHA_256):16:32:PSA_ERROR_INVALID_ARGUMENT psa_hkdf_expand_ret:PSA_ALG_HMAC(PSA_ALG_SHA_256):16:32:PSA_ERROR_INVALID_ARGUMENT
@ -4392,6 +4396,10 @@ psa_hkdf_expand_ret:PSA_ALG_HMAC(PSA_ALG_SHA_256):16:32:PSA_ERROR_INVALID_ARGUME
SSL TLS 1.3 Key schedule: HKDF expand fails with okm_len / hash_len > 255 SSL TLS 1.3 Key schedule: HKDF expand fails with okm_len / hash_len > 255
psa_hkdf_expand_ret:PSA_ALG_HMAC(PSA_ALG_SHA_256):32:8192:PSA_ERROR_INVALID_ARGUMENT psa_hkdf_expand_ret:PSA_ALG_HMAC(PSA_ALG_SHA_256):32:8192:PSA_ERROR_INVALID_ARGUMENT
SSL TLS 1.3 Key schedule: HKDF expand fails with key import
depends_on:PSA_WANT_ALG_SHA_256
psa_hkdf_expand_ret:PSA_ALG_HMAC(PSA_ALG_SHA_256):32:32:PSA_ERROR_INSUFFICIENT_MEMORY
SSL TLS 1.3 Key schedule: HKDF Expand Label #1 SSL TLS 1.3 Key schedule: HKDF Expand Label #1
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
# Server handshake traffic secret -> Server traffic key # Server handshake traffic secret -> Server traffic key

View file

@ -3848,6 +3848,8 @@ void psa_hkdf_expand_ret( int alg, int prk_len, int okm_len, int ret )
unsigned char *prk = NULL; unsigned char *prk = NULL;
unsigned char *okm = NULL; unsigned char *okm = NULL;
size_t info_len; size_t info_len;
size_t i;
mbedtls_svc_key_id_t *keys = NULL;
PSA_INIT( ); PSA_INIT( );
@ -3859,6 +3861,30 @@ void psa_hkdf_expand_ret( int alg, int prk_len, int okm_len, int ret )
if( okm_len > 0 ) if( okm_len > 0 )
ASSERT_ALLOC( okm, okm_len ); ASSERT_ALLOC( okm, okm_len );
if( ret == PSA_ERROR_INSUFFICIENT_MEMORY )
{
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
/* Reserve all key slot to make the key import fail. */
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE );
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC );
ASSERT_ALLOC( keys, MBEDTLS_PSA_KEY_SLOT_COUNT );
for( i = 0; i < MBEDTLS_PSA_KEY_SLOT_COUNT; i++ )
{
/* Do not use the 0 value because it will be passed to
mbedtls_psa_hkdf_expand */
prk[0] = i + 1;
keys[i] = MBEDTLS_SVC_KEY_ID_INIT;
psa_import_key( &attributes, prk, prk_len, &keys[i] );
}
/* reset prk buffer */
prk[0] = 0;
}
output_ret = mbedtls_psa_hkdf_expand( alg, prk, prk_len, output_ret = mbedtls_psa_hkdf_expand( alg, prk, prk_len,
info, info_len, info, info_len,
okm, okm_len ); okm, okm_len );
@ -3868,6 +3894,14 @@ exit:
mbedtls_free( prk ); mbedtls_free( prk );
mbedtls_free( okm ); mbedtls_free( okm );
if( ret == PSA_ERROR_INSUFFICIENT_MEMORY )
{
for( i = 0; i < MBEDTLS_PSA_KEY_SLOT_COUNT; i++ )
psa_destroy_key( keys[i] );
mbedtls_free( keys );
}
PSA_DONE( ); PSA_DONE( );
} }
/* END_CASE */ /* END_CASE */