There are other issues that can fail with the same error code. Make sure
that the handshake fails exactly the way we want it to fail by analysing
the client logs.
Signed-off-by: Janos Follath <janos.follath@arm.com>
The logic was easier to follow before 693a47a, which removed the
ssl_parse_signature_algorithm function and introduced the bug being
fixed in this PR.
When validating multiple conditions, it's easier to read, easier to
debug and, as we can see, easier to get right if you validate them
separately.
Signed-off-by: Janos Follath <janos.follath@arm.com>
We usually follow the pattern that a zero-initialised struct is safe to
free. This wasn't the case here.
Signed-off-by: Janos Follath <janos.follath@arm.com>
This root certificate uses SECP-384 and if we don't have it in the
build, the parsing already fails even if we don't try to use it, there
is no reason to have it in the build without the SECP-384.
Signed-off-by: Janos Follath <janos.follath@arm.com>
This bug caused the client accepting sig_algs used by the server that
it explicitly wanted to disallow.
Signed-off-by: Janos Follath <janos.follath@arm.com>
Add tests for key import-export and key import followed by public-key
export when the output buffer is too small. Add these tests for the
following curves:
* p256 as an example of a Weierstrass curve
* Curve25519
* Curve448
Signed-off-by: David Horstmann <david.horstmann@arm.com>
When exporting an FFDH public key we were not properly checking the
length of the output buffer and would write the full length of the key
in all cases. Fix this by checking the size of the output buffer before
we write to it.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
This testcase calls psa_export_public_key() on an FFDH key with an
output buffer that is too small. Since the size is calculated based on
the required key size but not checked against the available buffer size,
we overflow the buffer.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
There was a single case for key_agreement_setup that was failing when
setting up the derivation operation. Move this test case to use
derive_setup() instead. Add a corresponding positive test with
derive_setup() to make it more obvious that KEY_AGREEEMENT(ECDH, KDF)
works and the problem really is that the KDF is unknown.
Not the expected_status_setup argument of key_agreement_setup is no
longer needed and can be removed.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
- avoid grouping checks, for a better debugging experience (breakpoints)
- use a more logical order, checking the key type first
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
See the comment that was there. I chose not to split the test function
in two, but just have two arguments for each expected status.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Failing right now, will fix the library in the next commit.
For 8192-bit, we don't have any positive test, because we have a stupid
line length limitation [1] and we can't fit both our key, the peer's
key, and the output. But for negative tests we don't need the output and
the rest fits, so let's have those.
[1] https://github.com/Mbed-TLS/mbedtls/issues/1866
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
