From 34b147d1e6db67bfd8b34edf5b18630628790935 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 23 Jun 2021 12:49:59 +0100 Subject: [PATCH] Add negative tests for psa_abort in cipher and mac functions Various functions for PSA cipher and mac operations call abort on failure; test that this is done. The PSA spec does not require this behaviour, but it makes our implementation more robust in case the user does not abort the operation as required by the PSA spec. Signed-off-by: Dave Rodgman --- tests/suites/test_suite_psa_crypto.function | 23 +++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 02e1bb0e8..b4495f041 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -19,6 +19,11 @@ /* If this comes up, it's a bug in the test code or in the test data. */ #define UNUSED 0xdeadbeef +/* Assert that an operation is (not) active. + * This serves as a proxy for checking if the operation is aborted. */ +#define ASSERT_OPERATION_IS_ACTIVE( operation ) TEST_ASSERT( operation.id != 0 ) +#define ASSERT_OPERATION_IS_INACTIVE( operation ) TEST_ASSERT( operation.id == 0 ) + /** An invalid export length that will never be set by psa_export_key(). */ static const size_t INVALID_EXPORT_LENGTH = ~0U; @@ -1980,19 +1985,25 @@ void mac_bad_order( ) /* Setup sign but try verify. */ PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) ); PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) ); + ASSERT_OPERATION_IS_ACTIVE( operation ); TEST_EQUAL( psa_mac_verify_finish( &operation, verify_mac, sizeof( verify_mac ) ), PSA_ERROR_BAD_STATE ); + ASSERT_OPERATION_IS_INACTIVE( operation ); PSA_ASSERT( psa_mac_abort( &operation ) ); + ASSERT_OPERATION_IS_INACTIVE( operation ); /* Setup verify but try sign. */ PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) ); PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) ); + ASSERT_OPERATION_IS_ACTIVE( operation ); TEST_EQUAL( psa_mac_sign_finish( &operation, sign_mac, sizeof( sign_mac ), &sign_mac_length ), PSA_ERROR_BAD_STATE ); + ASSERT_OPERATION_IS_INACTIVE( operation ); PSA_ASSERT( psa_mac_abort( &operation ) ); + ASSERT_OPERATION_IS_INACTIVE( operation ); PSA_ASSERT( psa_destroy_key( key ) ); @@ -2316,11 +2327,14 @@ void cipher_bad_order( ) PSA_ASSERT( psa_cipher_generate_iv( &operation, buffer, sizeof( buffer ), &length ) ); + ASSERT_OPERATION_IS_ACTIVE( operation ); TEST_EQUAL( psa_cipher_generate_iv( &operation, buffer, sizeof( buffer ), &length ), PSA_ERROR_BAD_STATE ); + ASSERT_OPERATION_IS_INACTIVE( operation ); PSA_ASSERT( psa_cipher_abort( &operation ) ); + ASSERT_OPERATION_IS_INACTIVE( operation ); /* Generate an IV after it's already set. */ PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); @@ -2342,10 +2356,13 @@ void cipher_bad_order( ) PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); PSA_ASSERT( psa_cipher_set_iv( &operation, iv, sizeof( iv ) ) ); + ASSERT_OPERATION_IS_ACTIVE( operation ); TEST_EQUAL( psa_cipher_set_iv( &operation, iv, sizeof( iv ) ), PSA_ERROR_BAD_STATE ); + ASSERT_OPERATION_IS_INACTIVE( operation ); PSA_ASSERT( psa_cipher_abort( &operation ) ); + ASSERT_OPERATION_IS_INACTIVE( operation ); /* Set an IV after it's already generated. */ PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); @@ -2367,12 +2384,15 @@ void cipher_bad_order( ) /* Call update without an IV where an IV is required. */ PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); + ASSERT_OPERATION_IS_ACTIVE( operation ); TEST_EQUAL( psa_cipher_update( &operation, text, sizeof( text ), buffer, sizeof( buffer ), &length ), PSA_ERROR_BAD_STATE ); + ASSERT_OPERATION_IS_INACTIVE( operation ); PSA_ASSERT( psa_cipher_abort( &operation ) ); + ASSERT_OPERATION_IS_INACTIVE( operation ); /* Call update after finish. */ PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); @@ -2397,10 +2417,13 @@ void cipher_bad_order( ) PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); /* Not calling update means we are encrypting an empty buffer, which is OK * for cipher modes with padding. */ + ASSERT_OPERATION_IS_ACTIVE( operation ); TEST_EQUAL( psa_cipher_finish( &operation, buffer, sizeof( buffer ), &length ), PSA_ERROR_BAD_STATE ); + ASSERT_OPERATION_IS_INACTIVE( operation ); PSA_ASSERT( psa_cipher_abort( &operation ) ); + ASSERT_OPERATION_IS_INACTIVE( operation ); /* Call finish twice in a row. */ PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );