TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 1f91878281cdb680c98f33a3312d1fce56f45eba^! / . / tests / suites / test_suite_ssl.function
commit1f91878281cdb680c98f33a3312d1fce56f45eba[log] [tgz]
authorHanno Becker <hanno.becker@arm.com>Sun Aug 01 19:18:28 2021 +0100
committerHanno Becker <hanno.becker@arm.com>Mon Aug 02 04:54:03 2021 +0100
treedb30ac9e176cb13eb03b013d87a3f88fd7948f11
parentdfba065d80adc007e81288e3655de82dfefb56d5 [diff] [blame]
Specify padding granularity in TLS 1.3 record protection KATs

Still check that encryption and decryption are inverse to each other
if the granularity does not match the one used in the KAT.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>

diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 2e09907..6d8a9e8 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function

@@ -3947,6 +3947,7 @@
 void ssl_tls1_3_record_protection( int ciphersuite,
                                    int endpoint,
                                    int ctr,
+                                   int padding_used,
                                    data_t *server_write_key,
                                    data_t *server_write_iv,
                                    data_t *client_write_key,
@@ -3959,6 +3960,7 @@
     mbedtls_ssl_transform transform_recv;
     mbedtls_record rec;
     unsigned char *buf = NULL;
+    size_t buf_len;
     int other_endpoint;
 
     TEST_ASSERT( endpoint == MBEDTLS_SSL_IS_CLIENT ||
@@ -3994,7 +3996,10 @@
                      &transform_recv, other_endpoint,
                      ciphersuite, &keys, NULL ) == 0 );
 
-    ASSERT_ALLOC( buf, ciphertext->len );
+    /* Make sure we have enough space in the buffer even if
+     * we use more padding than the KAT. */
+    buf_len = ciphertext->len + MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY;
+    ASSERT_ALLOC( buf, buf_len );
     rec.type   = MBEDTLS_SSL_MSG_APPLICATION_DATA;
 
     /* TLS 1.3 uses the version identifier from TLS 1.2 on the wire. */
@@ -4005,7 +4010,7 @@
 
     /* Copy plaintext into record structure */
     rec.buf = buf;
-    rec.buf_len = ciphertext->len;
+    rec.buf_len = buf_len;
     rec.data_offset = 0;
     TEST_ASSERT( plaintext->len <= ciphertext->len );
     memcpy( rec.buf + rec.data_offset, plaintext->x, plaintext->len );
@@ -4019,8 +4024,12 @@
 
     TEST_ASSERT( mbedtls_ssl_encrypt_buf( NULL, &transform_send, &rec,
                                           NULL, NULL ) == 0 );
-    ASSERT_COMPARE( rec.buf + rec.data_offset, rec.data_len,
-                    ciphertext->x, ciphertext->len );
+
+    if( padding_used == MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY )
+    {
+        ASSERT_COMPARE( rec.buf + rec.data_offset, rec.data_len,
+                        ciphertext->x, ciphertext->len );
+    }
 
     TEST_ASSERT( mbedtls_ssl_decrypt_buf( NULL, &transform_recv, &rec ) == 0 );
     ASSERT_COMPARE( rec.buf + rec.data_offset, rec.data_len,