mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-03-22 12:15:15 +00:00
Add negative tests for psa_abort in cipher and mac functions
Various functions for PSA cipher and mac operations call abort on failure; test that this is done. The PSA spec does not require this behaviour, but it makes our implementation more robust in case the user does not abort the operation as required by the PSA spec. Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
This commit is contained in:
parent
33b58eeb36
commit
34b147d1e6
|
@ -19,6 +19,11 @@
|
|||
/* If this comes up, it's a bug in the test code or in the test data. */
|
||||
#define UNUSED 0xdeadbeef
|
||||
|
||||
/* Assert that an operation is (not) active.
|
||||
* This serves as a proxy for checking if the operation is aborted. */
|
||||
#define ASSERT_OPERATION_IS_ACTIVE( operation ) TEST_ASSERT( operation.id != 0 )
|
||||
#define ASSERT_OPERATION_IS_INACTIVE( operation ) TEST_ASSERT( operation.id == 0 )
|
||||
|
||||
/** An invalid export length that will never be set by psa_export_key(). */
|
||||
static const size_t INVALID_EXPORT_LENGTH = ~0U;
|
||||
|
||||
|
@ -1980,19 +1985,25 @@ void mac_bad_order( )
|
|||
/* Setup sign but try verify. */
|
||||
PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) );
|
||||
PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
|
||||
ASSERT_OPERATION_IS_ACTIVE( operation );
|
||||
TEST_EQUAL( psa_mac_verify_finish( &operation,
|
||||
verify_mac, sizeof( verify_mac ) ),
|
||||
PSA_ERROR_BAD_STATE );
|
||||
ASSERT_OPERATION_IS_INACTIVE( operation );
|
||||
PSA_ASSERT( psa_mac_abort( &operation ) );
|
||||
ASSERT_OPERATION_IS_INACTIVE( operation );
|
||||
|
||||
/* Setup verify but try sign. */
|
||||
PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
|
||||
PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
|
||||
ASSERT_OPERATION_IS_ACTIVE( operation );
|
||||
TEST_EQUAL( psa_mac_sign_finish( &operation,
|
||||
sign_mac, sizeof( sign_mac ),
|
||||
&sign_mac_length ),
|
||||
PSA_ERROR_BAD_STATE );
|
||||
ASSERT_OPERATION_IS_INACTIVE( operation );
|
||||
PSA_ASSERT( psa_mac_abort( &operation ) );
|
||||
ASSERT_OPERATION_IS_INACTIVE( operation );
|
||||
|
||||
PSA_ASSERT( psa_destroy_key( key ) );
|
||||
|
||||
|
@ -2316,11 +2327,14 @@ void cipher_bad_order( )
|
|||
PSA_ASSERT( psa_cipher_generate_iv( &operation,
|
||||
buffer, sizeof( buffer ),
|
||||
&length ) );
|
||||
ASSERT_OPERATION_IS_ACTIVE( operation );
|
||||
TEST_EQUAL( psa_cipher_generate_iv( &operation,
|
||||
buffer, sizeof( buffer ),
|
||||
&length ),
|
||||
PSA_ERROR_BAD_STATE );
|
||||
ASSERT_OPERATION_IS_INACTIVE( operation );
|
||||
PSA_ASSERT( psa_cipher_abort( &operation ) );
|
||||
ASSERT_OPERATION_IS_INACTIVE( operation );
|
||||
|
||||
/* Generate an IV after it's already set. */
|
||||
PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
|
||||
|
@ -2342,10 +2356,13 @@ void cipher_bad_order( )
|
|||
PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
|
||||
PSA_ASSERT( psa_cipher_set_iv( &operation,
|
||||
iv, sizeof( iv ) ) );
|
||||
ASSERT_OPERATION_IS_ACTIVE( operation );
|
||||
TEST_EQUAL( psa_cipher_set_iv( &operation,
|
||||
iv, sizeof( iv ) ),
|
||||
PSA_ERROR_BAD_STATE );
|
||||
ASSERT_OPERATION_IS_INACTIVE( operation );
|
||||
PSA_ASSERT( psa_cipher_abort( &operation ) );
|
||||
ASSERT_OPERATION_IS_INACTIVE( operation );
|
||||
|
||||
/* Set an IV after it's already generated. */
|
||||
PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
|
||||
|
@ -2367,12 +2384,15 @@ void cipher_bad_order( )
|
|||
|
||||
/* Call update without an IV where an IV is required. */
|
||||
PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
|
||||
ASSERT_OPERATION_IS_ACTIVE( operation );
|
||||
TEST_EQUAL( psa_cipher_update( &operation,
|
||||
text, sizeof( text ),
|
||||
buffer, sizeof( buffer ),
|
||||
&length ),
|
||||
PSA_ERROR_BAD_STATE );
|
||||
ASSERT_OPERATION_IS_INACTIVE( operation );
|
||||
PSA_ASSERT( psa_cipher_abort( &operation ) );
|
||||
ASSERT_OPERATION_IS_INACTIVE( operation );
|
||||
|
||||
/* Call update after finish. */
|
||||
PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
|
||||
|
@ -2397,10 +2417,13 @@ void cipher_bad_order( )
|
|||
PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
|
||||
/* Not calling update means we are encrypting an empty buffer, which is OK
|
||||
* for cipher modes with padding. */
|
||||
ASSERT_OPERATION_IS_ACTIVE( operation );
|
||||
TEST_EQUAL( psa_cipher_finish( &operation,
|
||||
buffer, sizeof( buffer ), &length ),
|
||||
PSA_ERROR_BAD_STATE );
|
||||
ASSERT_OPERATION_IS_INACTIVE( operation );
|
||||
PSA_ASSERT( psa_cipher_abort( &operation ) );
|
||||
ASSERT_OPERATION_IS_INACTIVE( operation );
|
||||
|
||||
/* Call finish twice in a row. */
|
||||
PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
|
||||
|
|
Loading…
Reference in a new issue