mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-13 17:45:38 +00:00
test: psa driver wrapper: Add non regression test for psa_cipher_encrypt()
Add non regression test for invalid usage of the output buffer in psa_cipher_encrypt(). The output buffer should not be used to pass the IV to the driver as a local attacker could be able to control the used IV. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
parent
3563210c10
commit
732a6e250d
|
@ -885,11 +885,24 @@ void cipher_entry_points( int alg_arg, int key_type_arg,
|
||||||
mbedtls_test_driver_cipher_hooks.hits = 0;
|
mbedtls_test_driver_cipher_hooks.hits = 0;
|
||||||
|
|
||||||
mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR;
|
mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR;
|
||||||
|
/* Set the output buffer in a given state. */
|
||||||
|
for( size_t i = 0; i < output_buffer_size; i++ )
|
||||||
|
output[i] = 0xa5;
|
||||||
|
|
||||||
status = psa_cipher_encrypt(
|
status = psa_cipher_encrypt(
|
||||||
key, alg, input->x, input->len,
|
key, alg, input->x, input->len,
|
||||||
output, output_buffer_size, &function_output_length );
|
output, output_buffer_size, &function_output_length );
|
||||||
TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
|
TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
|
||||||
TEST_EQUAL( status, PSA_ERROR_GENERIC_ERROR );
|
TEST_EQUAL( status, PSA_ERROR_GENERIC_ERROR );
|
||||||
|
/*
|
||||||
|
* Check that the output buffer is still in the same state.
|
||||||
|
* This will fail if the output buffer is used by the core to pass the IV
|
||||||
|
* it generated to the driver (and is not restored).
|
||||||
|
*/
|
||||||
|
for( size_t i = 0; i < output_buffer_size; i++ )
|
||||||
|
{
|
||||||
|
TEST_EQUAL( output[i], 0xa5 );
|
||||||
|
}
|
||||||
mbedtls_test_driver_cipher_hooks.hits = 0;
|
mbedtls_test_driver_cipher_hooks.hits = 0;
|
||||||
|
|
||||||
/* Test setup call, encrypt */
|
/* Test setup call, encrypt */
|
||||||
|
|
Loading…
Reference in a new issue