Fix PSA init/deinit in mbedtls_xxx tests when using PSA

In tests of mbedtls_cipher_xxx and mbedtls_pk_xxx with
MBEDTLS_USE_PSA_CRYPTO enabled, initialize and deinitialize the PSA
subsystem in every function. Before, the tests were only passing
because the first function to be called happened to call
psa_crypto_init() but not mbedtls_psa_crypto_free(). In some
configurations (not tested on CI), psa_crypto_init() was not called so
the tests using PSA failed.

Call PSA_DONE() at the end of each test function. This ensures that no
resources are leaked in the form of PSA crypto slot contents.
Incidentally, this also fixes a build error due to
test_helper_psa_done() being unused in test_suite_pk: the fact that it
wasn't used betrayed the missing calls to PSA_DONE().
This commit is contained in:
Gilles Peskine 2019-08-01 12:47:40 +02:00
parent 8b66389d0d
commit 5386f6ba07
2 changed files with 29 additions and 6 deletions

View File

@ -4,6 +4,11 @@
#if defined(MBEDTLS_GCM_C) #if defined(MBEDTLS_GCM_C)
#include "mbedtls/gcm.h" #include "mbedtls/gcm.h"
#endif #endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa_crypto_helpers.h"
#endif
/* END_HEADER */ /* END_HEADER */
/* BEGIN_DEPENDENCIES /* BEGIN_DEPENDENCIES
@ -982,7 +987,7 @@ void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv,
#else #else
if( use_psa == 1 ) if( use_psa == 1 )
{ {
TEST_ASSERT( psa_crypto_init() == 0 ); PSA_ASSERT( psa_crypto_init( ) );
/* PSA requires that the tag immediately follows the ciphertext. */ /* PSA requires that the tag immediately follows the ciphertext. */
tmp_cipher = mbedtls_calloc( 1, cipher->len + tag->len ); tmp_cipher = mbedtls_calloc( 1, cipher->len + tag->len );
@ -1066,14 +1071,15 @@ void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv,
exit: exit:
mbedtls_cipher_free( &ctx );
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
if( use_psa == 1 ) if( use_psa == 1 )
{ {
mbedtls_free( tmp_cipher ); mbedtls_free( tmp_cipher );
PSA_DONE( );
} }
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_cipher_free( &ctx );
} }
/* END_CASE */ /* END_CASE */
@ -1143,7 +1149,7 @@ void test_vec_crypt( int cipher_id, int operation, char *hex_key,
#else #else
if( use_psa == 1 ) if( use_psa == 1 )
{ {
TEST_ASSERT( psa_crypto_init() == 0 ); PSA_ASSERT( psa_crypto_init( ) );
TEST_ASSERT( 0 == mbedtls_cipher_setup_psa( &ctx, TEST_ASSERT( 0 == mbedtls_cipher_setup_psa( &ctx,
mbedtls_cipher_info_from_type( cipher_id ), 0 ) ); mbedtls_cipher_info_from_type( cipher_id ), 0 ) );
} }
@ -1172,6 +1178,9 @@ void test_vec_crypt( int cipher_id, int operation, char *hex_key,
exit: exit:
mbedtls_cipher_free( &ctx ); mbedtls_cipher_free( &ctx );
#if defined(MBEDTLS_USE_PSA_CRYPTO)
PSA_DONE( );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
} }
/* END_CASE */ /* END_CASE */

View File

@ -13,6 +13,13 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "mbedtls/psa_util.h" #include "mbedtls/psa_util.h"
#include "psa_crypto_helpers.h" #include "psa_crypto_helpers.h"
#define PSA_INIT( ) PSA_ASSERT( psa_crypto_init( ) )
#else
/* Define empty macros so that we can use them in the preamble and teardown
* of every test function that uses PSA conditionally based on
* MBEDTLS_USE_PSA_CRYPTO. */
#define PSA_INIT( ) ( (void) 0 )
#define PSA_DONE( ) ( (void) 0 )
#endif #endif
static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len ); static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len );
@ -117,7 +124,7 @@ void pk_psa_utils( )
size_t len; size_t len;
mbedtls_pk_debug_item dbg; mbedtls_pk_debug_item dbg;
TEST_ASSERT( psa_crypto_init() == 0 ); PSA_ASSERT( psa_crypto_init( ) );
mbedtls_pk_init( &pk ); mbedtls_pk_init( &pk );
mbedtls_pk_init( &pk2 ); mbedtls_pk_init( &pk2 );
@ -173,6 +180,7 @@ void pk_psa_utils( )
exit: exit:
mbedtls_pk_free( &pk ); /* redundant except upon error */ mbedtls_pk_free( &pk ); /* redundant except upon error */
mbedtls_pk_free( &pk2 ); mbedtls_pk_free( &pk2 );
PSA_DONE( );
} }
/* END_CASE */ /* END_CASE */
@ -763,7 +771,7 @@ void pk_ec_test_vec( int type, int id, data_t * key, data_t * hash,
mbedtls_ecp_keypair *eckey; mbedtls_ecp_keypair *eckey;
mbedtls_pk_init( &pk ); mbedtls_pk_init( &pk );
PSA_INIT( );
TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( type ) ) == 0 ); TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( type ) ) == 0 );
@ -780,6 +788,7 @@ void pk_ec_test_vec( int type, int id, data_t * key, data_t * hash,
exit: exit:
mbedtls_pk_free( &pk ); mbedtls_pk_free( &pk );
PSA_DONE( );
} }
/* END_CASE */ /* END_CASE */
@ -904,6 +913,7 @@ void pk_sign_verify( int type, int sign_ret, int verify_ret )
#endif #endif
mbedtls_pk_init( &pk ); mbedtls_pk_init( &pk );
PSA_INIT( );
memset( hash, 0x2a, sizeof hash ); memset( hash, 0x2a, sizeof hash );
memset( sig, 0, sizeof sig ); memset( sig, 0, sizeof sig );
@ -955,6 +965,7 @@ exit:
mbedtls_pk_restart_free( rs_ctx ); mbedtls_pk_restart_free( rs_ctx );
#endif #endif
mbedtls_pk_free( &pk ); mbedtls_pk_free( &pk );
PSA_DONE( );
} }
/* END_CASE */ /* END_CASE */
@ -1210,6 +1221,8 @@ void pk_psa_sign( )
* - parse it to a PK context and verify the signature this way * - parse it to a PK context and verify the signature this way
*/ */
PSA_ASSERT( psa_crypto_init( ) );
/* Create legacy EC public/private key in PK context. */ /* Create legacy EC public/private key in PK context. */
mbedtls_pk_init( &pk ); mbedtls_pk_init( &pk );
TEST_ASSERT( mbedtls_pk_setup( &pk, TEST_ASSERT( mbedtls_pk_setup( &pk,
@ -1259,5 +1272,6 @@ void pk_psa_sign( )
exit: exit:
mbedtls_pk_free( &pk ); mbedtls_pk_free( &pk );
PSA_DONE( );
} }
/* END_CASE */ /* END_CASE */