Specify padding granularity in TLS 1.3 record protection KATs Still check that encryption and decryption are inverse to each other if the granularity does not match the one used in the KAT. Signed-off-by: Hanno Becker <hanno.becker@arm.com>

commit: 1f91878281cdb680c98f33a3312d1fce56f45eba [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Sun Aug 01 19:18:28 2021 +0100
committer: Hanno Becker <hanno.becker@arm.com> Mon Aug 02 04:54:03 2021 +0100
tree: db30ac9e176cb13eb03b013d87a3f88fd7948f11
parent: dfba065d80adc007e81288e3655de82dfefb56d5 [diff]
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index efedd06..04f6e1d 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data

@@ -6028,7 +6028,8 @@
 # - Client App IV:  bc4dd5f7b98acff85466261d
 # - App data payload: 70696e67
 # - Complete record:  1703030015c74061535eb12f5f25a781957874742ab7fb305dd5
-ssl_tls1_3_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_CLIENT:0:"0b6d22c8ff68097ea871c672073773bf":"1b13dd9f8d8f17091d34b349":"49134b95328f279f0183860589ac6707":"bc4dd5f7b98acff85466261d":"70696e67":"c74061535eb12f5f25a781957874742ab7fb305dd5"
+# - Padding used: No (== granularity 1)
+ssl_tls1_3_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_CLIENT:0:1:"0b6d22c8ff68097ea871c672073773bf":"1b13dd9f8d8f17091d34b349":"49134b95328f279f0183860589ac6707":"bc4dd5f7b98acff85466261d":"70696e67":"c74061535eb12f5f25a781957874742ab7fb305dd5"
 
 SSL TLS 1.3 Record Encryption, tls13.ulfheim.net Example #2
 # - Server App Key: 0b6d22c8ff68097ea871c672073773bf
@@ -6037,7 +6038,8 @@
 # - Client App IV:  bc4dd5f7b98acff85466261d
 # - App data payload: 706f6e67
 # - Complete record:  1703030015370e5f168afa7fb16b663ecdfca3dbb81931a90ca7
-ssl_tls1_3_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_SERVER:1:"0b6d22c8ff68097ea871c672073773bf":"1b13dd9f8d8f17091d34b349":"49134b95328f279f0183860589ac6707":"bc4dd5f7b98acff85466261d":"706f6e67":"370e5f168afa7fb16b663ecdfca3dbb81931a90ca7"
+# - Padding used: No (== granularity 1)
+ssl_tls1_3_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_SERVER:1:1:"0b6d22c8ff68097ea871c672073773bf":"1b13dd9f8d8f17091d34b349":"49134b95328f279f0183860589ac6707":"bc4dd5f7b98acff85466261d":"706f6e67":"370e5f168afa7fb16b663ecdfca3dbb81931a90ca7"
 
 SSL TLS 1.3 Record Encryption RFC 8448 Example #1
 # Application Data record sent by Client in 1-RTT example of RFC 8448, Section 3
@@ -6054,7 +6056,8 @@
 #                     2b 98 19 a8 a5 b4 6b 39 5b d5 4a 9a 20 44 1e 2b
 #                     62 97 4e 1f 5a 62 92 a2 97 70 14 bd 1e 3d ea e6
 #                     3a ee bb 21 69 49 15 e4
-ssl_tls1_3_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_CLIENT:0:"9f02283b6c9c07efc26bb9f2ac92e356":"cf782b88dd83549aadf1e984":"17422dda596ed5d9acd890e3c63f5051":"5b78923dee08579033e523d9":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031":"a23f7054b62c94d0affafe8228ba55cbefacea42f914aa66bcab3f2b9819a8a5b46b395bd54a9a20441e2b62974e1f5a6292a2977014bd1e3deae63aeebb21694915e4"
+# - Padding used: No (== granularity 1)
+ssl_tls1_3_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_CLIENT:0:1:"9f02283b6c9c07efc26bb9f2ac92e356":"cf782b88dd83549aadf1e984":"17422dda596ed5d9acd890e3c63f5051":"5b78923dee08579033e523d9":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031":"a23f7054b62c94d0affafe8228ba55cbefacea42f914aa66bcab3f2b9819a8a5b46b395bd54a9a20441e2b62974e1f5a6292a2977014bd1e3deae63aeebb21694915e4"
 
 SSL TLS 1.3 Record Encryption RFC 8448 Example #2
 # Application Data record sent by Server in 1-RTT example of RFC 8448, Section 3
@@ -6071,7 +6074,8 @@
 #                     e3 0e fa f9 7d 90 e6 df fc 60 2d cb 50 1a 59 a8
 #                     fc c4 9c 4b f2 e5 f0 a2 1c 00 47 c2 ab f3 32 54
 #                     0d d0 32 e1 67 c2 95 5d
-ssl_tls1_3_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_SERVER:1:"9f02283b6c9c07efc26bb9f2ac92e356":"cf782b88dd83549aadf1e984":"17422dda596ed5d9acd890e3c63f5051":"5b78923dee08579033e523d9":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031":"2e937e11ef4ac740e538ad36005fc4a46932fc3225d05f82aa1b36e30efaf97d90e6dffc602dcb501a59a8fcc49c4bf2e5f0a21c0047c2abf332540dd032e167c2955d"
+# - Padding used: No (== granularity 1)
+ssl_tls1_3_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_SERVER:1:1:"9f02283b6c9c07efc26bb9f2ac92e356":"cf782b88dd83549aadf1e984":"17422dda596ed5d9acd890e3c63f5051":"5b78923dee08579033e523d9":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031":"2e937e11ef4ac740e538ad36005fc4a46932fc3225d05f82aa1b36e30efaf97d90e6dffc602dcb501a59a8fcc49c4bf2e5f0a21c0047c2abf332540dd032e167c2955d"
 
 SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_NONE
 ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_NONE:"":"":"test tls_prf label":"":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE

diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 2e09907..6d8a9e8 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function

@@ -3947,6 +3947,7 @@
 void ssl_tls1_3_record_protection( int ciphersuite,
                                    int endpoint,
                                    int ctr,
+                                   int padding_used,
                                    data_t *server_write_key,
                                    data_t *server_write_iv,
                                    data_t *client_write_key,
@@ -3959,6 +3960,7 @@
     mbedtls_ssl_transform transform_recv;
     mbedtls_record rec;
     unsigned char *buf = NULL;
+    size_t buf_len;
     int other_endpoint;
 
     TEST_ASSERT( endpoint == MBEDTLS_SSL_IS_CLIENT ||
@@ -3994,7 +3996,10 @@
                      &transform_recv, other_endpoint,
                      ciphersuite, &keys, NULL ) == 0 );
 
-    ASSERT_ALLOC( buf, ciphertext->len );
+    /* Make sure we have enough space in the buffer even if
+     * we use more padding than the KAT. */
+    buf_len = ciphertext->len + MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY;
+    ASSERT_ALLOC( buf, buf_len );
     rec.type   = MBEDTLS_SSL_MSG_APPLICATION_DATA;
 
     /* TLS 1.3 uses the version identifier from TLS 1.2 on the wire. */
@@ -4005,7 +4010,7 @@
 
     /* Copy plaintext into record structure */
     rec.buf = buf;
-    rec.buf_len = ciphertext->len;
+    rec.buf_len = buf_len;
     rec.data_offset = 0;
     TEST_ASSERT( plaintext->len <= ciphertext->len );
     memcpy( rec.buf + rec.data_offset, plaintext->x, plaintext->len );
@@ -4019,8 +4024,12 @@
 
     TEST_ASSERT( mbedtls_ssl_encrypt_buf( NULL, &transform_send, &rec,
                                           NULL, NULL ) == 0 );
-    ASSERT_COMPARE( rec.buf + rec.data_offset, rec.data_len,
-                    ciphertext->x, ciphertext->len );
+
+    if( padding_used == MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY )
+    {
+        ASSERT_COMPARE( rec.buf + rec.data_offset, rec.data_len,
+                        ciphertext->x, ciphertext->len );
+    }
 
     TEST_ASSERT( mbedtls_ssl_decrypt_buf( NULL, &transform_recv, &rec ) == 0 );
     ASSERT_COMPARE( rec.buf + rec.data_offset, rec.data_len,
commit	1f91878281cdb680c98f33a3312d1fce56f45eba	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Sun Aug 01 19:18:28 2021 +0100
committer	Hanno Becker <hanno.becker@arm.com>	Mon Aug 02 04:54:03 2021 +0100
tree	db30ac9e176cb13eb03b013d87a3f88fd7948f11
parent	dfba065d80adc007e81288e3655de82dfefb56d5 [diff]