mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-17 20:42:44 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

test: pake: modify opaque key verification before destruction

Browse Source 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
This commit is contained in:
Valerio Setti 2022-12-12 11:59:25 +01:00
parent 31e99bb0c7
commit 785116a5be
3 changed files with 21 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
programs/ssl/ssl_client2.c
View File

@ -3333,10 +3333,16 @@ exit:
* In case opaque keys it's the user responsibility to keep the key valid * In case opaque keys it's the user responsibility to keep the key valid
* for the duration of the handshake and destroy it at the end * for the duration of the handshake and destroy it at the end
*/ */
if( ( opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE ) && if( ( opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE ) )
( ! mbedtls_svc_key_id_is_null( ecjpake_pw_slot ) ) )
{ {
psa_destroy_key( ecjpake_pw_slot ); psa_key_attributes_t check_attributes = PSA_KEY_ATTRIBUTES_INIT;
/* Verify that the key is still valid before destroying it */
if( psa_get_key_attributes( ecjpake_pw_slot, &check_attributes ) ==
PSA_SUCCESS )
{
psa_destroy_key( ecjpake_pw_slot );
}
} }
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */

12
programs/ssl/ssl_server2.c
View File

@ -4443,10 +4443,16 @@ exit:
* In case opaque keys it's the user responsibility to keep the key valid * In case opaque keys it's the user responsibility to keep the key valid
* for the duration of the handshake and destroy it at the end * for the duration of the handshake and destroy it at the end
*/ */
if( ( opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE ) && if( ( opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE ) )
( ! mbedtls_svc_key_id_is_null( ecjpake_pw_slot ) ) )
{ {
psa_destroy_key( ecjpake_pw_slot ); psa_key_attributes_t check_attributes = PSA_KEY_ATTRIBUTES_INIT;
/* Verify that the key is still valid before destroying it */
if( psa_get_key_attributes( ecjpake_pw_slot, &check_attributes ) ==
PSA_SUCCESS )
{
psa_destroy_key( ecjpake_pw_slot );
}
} }
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */

4
tests/suites/test_suite_ssl.function
View File

@ -6236,6 +6236,7 @@ void ssl_ecjpake_set_password( int use_opaque_arg )
if( use_opaque_arg ) if( use_opaque_arg )
{ {
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_attributes_t check_attributes = PSA_KEY_ATTRIBUTES_INIT;
/* First try with an invalid usage */ /* First try with an invalid usage */
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
@ -6248,7 +6249,8 @@ void ssl_ecjpake_set_password( int use_opaque_arg )
ECJPAKE_TEST_SET_PASSWORD( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); ECJPAKE_TEST_SET_PASSWORD( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
/* check that the opaque key is still valid after failure */ /* check that the opaque key is still valid after failure */
TEST_ASSERT( ! mbedtls_svc_key_id_is_null( pwd_slot ) ); TEST_EQUAL( psa_get_key_attributes( pwd_slot, &check_attributes ),
PSA_SUCCESS );
psa_destroy_key( pwd_slot ); psa_destroy_key( pwd_slot );