From 8d310ad2e66bc01aa6510aa9441f9056c0d910e9 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 15 Dec 2020 15:17:20 +0100 Subject: [PATCH] psa: Rework unauthenticated cipher support in transparent test driver Make use of psa_cipher_xyz_internal() functions to simplify the transparent test driver code and extend the algorithms it supports to all algorithms supported by the MbedTLS library. Signed-off-by: Ronald Cron --- tests/include/test/drivers/cipher.h | 11 +- tests/src/drivers/cipher.c | 234 +++++++--------------------- 2 files changed, 59 insertions(+), 186 deletions(-) diff --git a/tests/include/test/drivers/cipher.h b/tests/include/test/drivers/cipher.h index ef787f794..06efa983a 100644 --- a/tests/include/test/drivers/cipher.h +++ b/tests/include/test/drivers/cipher.h @@ -28,17 +28,10 @@ #if defined(PSA_CRYPTO_DRIVER_TEST) #include +#include #include "mbedtls/cipher.h" -typedef struct { - psa_algorithm_t alg; - unsigned int key_set : 1; - unsigned int iv_required : 1; - unsigned int iv_set : 1; - uint8_t iv_size; - uint8_t block_size; - mbedtls_cipher_context_t cipher; -} test_transparent_cipher_operation_t; +typedef psa_cipher_operation_t test_transparent_cipher_operation_t; typedef struct{ unsigned int initialised : 1; diff --git a/tests/src/drivers/cipher.c b/tests/src/drivers/cipher.c index fa7c6a9e7..6a205b487 100644 --- a/tests/src/drivers/cipher.c +++ b/tests/src/drivers/cipher.c @@ -26,6 +26,7 @@ #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) #include "psa/crypto.h" +#include "psa_crypto_cipher.h" #include "psa_crypto_core.h" #include "mbedtls/cipher.h" @@ -204,79 +205,28 @@ psa_status_t test_transparent_cipher_decrypt( output, output_size, output_length) ); } -static psa_status_t test_transparent_cipher_setup( - mbedtls_operation_t direction, - test_transparent_cipher_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg) -{ - const mbedtls_cipher_info_t *cipher_info = NULL; - int ret = 0; - - test_driver_cipher_hooks.hits++; - - if( operation->alg != 0 ) - return( PSA_ERROR_BAD_STATE ); - - /* Wiping the entire struct here, instead of member-by-member. This is useful - * for the test suite, since it gives a chance of catching memory corruption - * errors should the core not have allocated (enough) memory for our context - * struct. */ - memset( operation, 0, sizeof( *operation ) ); - - /* Allow overriding return value for testing purposes */ - if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) - return( test_driver_cipher_hooks.forced_status ); - - /* Test driver supports AES-CTR only, to verify operation calls. */ - if( alg != PSA_ALG_CTR || - psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES ) - return( PSA_ERROR_NOT_SUPPORTED ); - - operation->alg = alg; - operation->iv_size = 16; - - cipher_info = mbedtls_cipher_info_from_values( MBEDTLS_CIPHER_ID_AES, - key_length * 8, - MBEDTLS_MODE_CTR ); - if( cipher_info == NULL ) - return( PSA_ERROR_NOT_SUPPORTED ); - - mbedtls_cipher_init( &operation->cipher ); - ret = mbedtls_cipher_setup( &operation->cipher, cipher_info ); - if( ret != 0 ) { - mbedtls_cipher_free( &operation->cipher ); - return( mbedtls_to_psa_error( ret ) ); - } - - ret = mbedtls_cipher_setkey( &operation->cipher, - key, - key_length * 8, direction ); - if( ret != 0 ) { - mbedtls_cipher_free( &operation->cipher ); - return( mbedtls_to_psa_error( ret ) ); - } - - operation->iv_set = 0; - operation->iv_required = 1; - operation->key_set = 1; - - return( test_driver_cipher_hooks.forced_status ); -} - psa_status_t test_transparent_cipher_encrypt_setup( test_transparent_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg) { - return ( test_transparent_cipher_setup( MBEDTLS_ENCRYPT, - operation, - attributes, - key, - key_length, - alg ) ); + test_driver_cipher_hooks.hits++; + + /* Wiping the entire struct here, instead of member-by-member. This is + * useful for the test suite, since it gives a chance of catching memory + * corruption errors should the core not have allocated (enough) memory for + * our context struct. */ + memset( operation, 0, sizeof( *operation ) ); + + if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_cipher_hooks.forced_status ); + + return ( mbedtls_psa_cipher_encrypt_setup( operation, + attributes, + key, + key_length, + alg ) ); } psa_status_t test_transparent_cipher_decrypt_setup( @@ -285,12 +235,16 @@ psa_status_t test_transparent_cipher_decrypt_setup( const uint8_t *key, size_t key_length, psa_algorithm_t alg) { - return ( test_transparent_cipher_setup( MBEDTLS_DECRYPT, - operation, - attributes, - key, - key_length, - alg ) ); + test_driver_cipher_hooks.hits++; + + if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_cipher_hooks.forced_status ); + + return ( mbedtls_psa_cipher_decrypt_setup( operation, + attributes, + key, + key_length, + alg ) ); } psa_status_t test_transparent_cipher_abort( @@ -300,18 +254,16 @@ psa_status_t test_transparent_cipher_abort( if( operation->alg == 0 ) return( PSA_SUCCESS ); - if( operation->alg != PSA_ALG_CTR ) - return( PSA_ERROR_BAD_STATE ); - mbedtls_cipher_free( &operation->cipher ); + mbedtls_psa_cipher_abort( operation ); - /* Wiping the entire struct here, instead of member-by-member. This is useful - * for the test suite, since it gives a chance of catching memory corruption - * errors should the core not have allocated (enough) memory for our context - * struct. */ + /* Wiping the entire struct here, instead of member-by-member. This is + * useful for the test suite, since it gives a chance of catching memory + * corruption errors should the core not have allocated (enough) memory for + * our context struct. */ memset( operation, 0, sizeof( *operation ) ); - return( PSA_SUCCESS ); + return( test_driver_cipher_hooks.forced_status ); } psa_status_t test_transparent_cipher_generate_iv( @@ -320,35 +272,15 @@ psa_status_t test_transparent_cipher_generate_iv( size_t iv_size, size_t *iv_length) { - psa_status_t status; - mbedtls_test_rnd_pseudo_info rnd_info; - memset( &rnd_info, 0x5A, sizeof( mbedtls_test_rnd_pseudo_info ) ); - test_driver_cipher_hooks.hits++; if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) return( test_driver_cipher_hooks.forced_status ); - if( operation->alg != PSA_ALG_CTR ) - return( PSA_ERROR_BAD_STATE ); - - if( operation->iv_set || ! operation->iv_required ) - return( PSA_ERROR_BAD_STATE ); - - if( iv_size < operation->iv_size ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); - - status = mbedtls_to_psa_error( - mbedtls_test_rnd_pseudo_rand( &rnd_info, - iv, - operation->iv_size ) ); - if( status != PSA_SUCCESS ) - return( status ); - - *iv_length = operation->iv_size; - status = test_transparent_cipher_set_iv( operation, iv, *iv_length ); - - return( status ); + return( mbedtls_psa_cipher_generate_iv( operation, + iv, + iv_size, + iv_length ) ); } psa_status_t test_transparent_cipher_set_iv( @@ -356,29 +288,14 @@ psa_status_t test_transparent_cipher_set_iv( const uint8_t *iv, size_t iv_length) { - psa_status_t status; - test_driver_cipher_hooks.hits++; if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) return( test_driver_cipher_hooks.forced_status ); - if( operation->alg != PSA_ALG_CTR ) - return( PSA_ERROR_BAD_STATE ); - - if( operation->iv_set || ! operation->iv_required ) - return( PSA_ERROR_BAD_STATE ); - - if( iv_length != operation->iv_size ) - return( PSA_ERROR_INVALID_ARGUMENT ); - - status = mbedtls_to_psa_error( - mbedtls_cipher_set_iv( &operation->cipher, iv, iv_length ) ); - - if( status == PSA_SUCCESS ) - operation->iv_set = 1; - - return( status ); + return( mbedtls_psa_cipher_set_iv( operation, + iv, + iv_length ) ); } psa_status_t test_transparent_cipher_update( @@ -389,27 +306,8 @@ psa_status_t test_transparent_cipher_update( size_t output_size, size_t *output_length) { - psa_status_t status; - test_driver_cipher_hooks.hits++; - if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) - return( test_driver_cipher_hooks.forced_status ); - - if( operation->alg != PSA_ALG_CTR ) - return( PSA_ERROR_BAD_STATE ); - - /* CTR is a stream cipher, so data in and out are always the same size */ - if( output_size < input_length ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); - - status = mbedtls_to_psa_error( - mbedtls_cipher_update( &operation->cipher, input, - input_length, output, output_length ) ); - - if( status != PSA_SUCCESS ) - return status; - if( test_driver_cipher_hooks.forced_output != NULL ) { if( output_size < test_driver_cipher_hooks.forced_output_length ) @@ -419,9 +317,17 @@ psa_status_t test_transparent_cipher_update( test_driver_cipher_hooks.forced_output, test_driver_cipher_hooks.forced_output_length ); *output_length = test_driver_cipher_hooks.forced_output_length; + + return( test_driver_cipher_hooks.forced_status ); } - return( test_driver_cipher_hooks.forced_status ); + if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_cipher_hooks.forced_status ); + + return( mbedtls_psa_cipher_update( operation, + input, input_length, + output, output_size, + output_length ) ); } psa_status_t test_transparent_cipher_finish( @@ -430,41 +336,8 @@ psa_status_t test_transparent_cipher_finish( size_t output_size, size_t *output_length) { - psa_status_t status = PSA_ERROR_GENERIC_ERROR; - uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH]; - test_driver_cipher_hooks.hits++; - if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) - return( test_driver_cipher_hooks.forced_status ); - - if( operation->alg != PSA_ALG_CTR ) - return( PSA_ERROR_BAD_STATE ); - - if( ! operation->key_set ) - return( PSA_ERROR_BAD_STATE ); - - if( operation->iv_required && ! operation->iv_set ) - return( PSA_ERROR_BAD_STATE ); - - status = mbedtls_to_psa_error( - mbedtls_cipher_finish( &operation->cipher, - temp_output_buffer, - output_length ) ); - - mbedtls_cipher_free( &operation->cipher ); - - if( status != PSA_SUCCESS ) - return( status ); - - if( *output_length == 0 ) - ; /* Nothing to copy. Note that output may be NULL in this case. */ - else if( output_size >= *output_length ) - memcpy( output, temp_output_buffer, *output_length ); - else - return( PSA_ERROR_BUFFER_TOO_SMALL ); - - if( test_driver_cipher_hooks.forced_output != NULL ) { if( output_size < test_driver_cipher_hooks.forced_output_length ) @@ -474,9 +347,16 @@ psa_status_t test_transparent_cipher_finish( test_driver_cipher_hooks.forced_output, test_driver_cipher_hooks.forced_output_length ); *output_length = test_driver_cipher_hooks.forced_output_length; + + return( test_driver_cipher_hooks.forced_status ); } - return( test_driver_cipher_hooks.forced_status ); + if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_cipher_hooks.forced_status ); + + return( mbedtls_psa_cipher_finish( operation, + output, output_size, + output_length ) ); } /*