Document what the signature tests are doing a bit better

Add a check that the purported output length is less than the buffer size in sign_fail.
2025-02-02 17:21:09 +00:00 · 2018-06-28 12:23:00 +02:00 · 2018-06-28 12:23:00 +02:00 · 860ce9d9e5
parent a26ff6a290
commit 860ce9d9e5
1 changed files with 11 additions and 2 deletions
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@ -1589,17 +1589,21 @@ void sign_deterministic( int key_type_arg, data_t *key_data,
                                          NULL,
                                          &key_bits ) == PSA_SUCCESS );

+    /* Allocate a buffer which has the size advertized by the
+     * library. */
    signature_size = PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE( key_type,
                                                      key_bits, alg );
    TEST_ASSERT( signature_size != 0 );
    signature = mbedtls_calloc( 1, signature_size );
    TEST_ASSERT( signature != NULL );

+    /* Perform the signature. */
    TEST_ASSERT( psa_asymmetric_sign( slot, alg,
                                      input_data->x, input_data->len,
                                      NULL, 0,
                                      signature, signature_size,
                                      &signature_length ) == PSA_SUCCESS );
+    /* Verify that the signature is correct. */
    TEST_ASSERT( signature_length == output_data->len );
    TEST_ASSERT( memcmp( signature, output_data->x,
                         output_data->len ) == 0 );
@ -1614,11 +1618,12 @@ exit:
 /* BEGIN_CASE */
 void sign_fail( int key_type_arg, data_t *key_data,
                int alg_arg, data_t *input_data,
-                int signature_size, int expected_status_arg )
+                int signature_size_arg, int expected_status_arg )
 {
    int slot = 1;
    psa_key_type_t key_type = key_type_arg;
    psa_algorithm_t alg = alg_arg;
+    size_t signature_size = signature_size_arg;
    psa_status_t actual_status;
    psa_status_t expected_status = expected_status_arg;
    unsigned char *signature = NULL;
@ -1649,7 +1654,11 @@ void sign_fail( int key_type_arg, data_t *key_data,
                                         signature, signature_size,
                                         &signature_length );
    TEST_ASSERT( actual_status == expected_status );
-    TEST_ASSERT( signature_length == 0 );
+    /* The value of *signature_length is unspecified on error, but
+     * whatever it is, it should be less than signature_size, so that
+     * if the caller tries to read *signature_length bytes without
+     * checking the error code then they don't overflow a buffer. */
+    TEST_ASSERT( signature_length <= signature_size );

 exit:
    psa_destroy_key( slot );