AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

psa: Rework unauthenticated cipher support in transparent test driver

Browse Source 
Make use of psa_cipher_xyz_internal() functions to
simplify the transparent test driver code and
extend the algorithms it supports to all algorithms
supported by the MbedTLS library.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2020-12-15 15:17:20 +01:00
parent dd24c9bbd9
commit 8d310ad2e6
2 changed files with 59 additions and 186 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
tests/include/test/drivers/cipher.h
View File

@ -28,17 +28,10 @@
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include <psa/crypto_driver_common.h>
#include <psa/crypto.h>
#include "mbedtls/cipher.h"
typedef struct {
psa_algorithm_t alg;
unsigned int key_set : 1;
unsigned int iv_required : 1;
unsigned int iv_set : 1;
uint8_t iv_size;
uint8_t block_size;
mbedtls_cipher_context_t cipher;
} test_transparent_cipher_operation_t;
typedef psa_cipher_operation_t test_transparent_cipher_operation_t;
typedef struct{
unsigned int initialised : 1;

216
tests/src/drivers/cipher.c
View File

@ -26,6 +26,7 @@
#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
#include "psa/crypto.h"
#include "psa_crypto_cipher.h"
#include "psa_crypto_core.h"
#include "mbedtls/cipher.h"
@ -204,75 +205,24 @@ psa_status_t test_transparent_cipher_decrypt(
output, output_size, output_length) );
}
static psa_status_t test_transparent_cipher_setup(
mbedtls_operation_t direction,
test_transparent_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg)
{
const mbedtls_cipher_info_t *cipher_info = NULL;
int ret = 0;
test_driver_cipher_hooks.hits++;
if( operation->alg != 0 )
return( PSA_ERROR_BAD_STATE );
/* Wiping the entire struct here, instead of member-by-member. This is useful
* for the test suite, since it gives a chance of catching memory corruption
* errors should the core not have allocated (enough) memory for our context
* struct. */
memset( operation, 0, sizeof( *operation ) );
/* Allow overriding return value for testing purposes */
if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
return( test_driver_cipher_hooks.forced_status );
/* Test driver supports AES-CTR only, to verify operation calls. */
if( alg != PSA_ALG_CTR ||
psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES )
return( PSA_ERROR_NOT_SUPPORTED );
operation->alg = alg;
operation->iv_size = 16;
cipher_info = mbedtls_cipher_info_from_values( MBEDTLS_CIPHER_ID_AES,
key_length * 8,
MBEDTLS_MODE_CTR );
if( cipher_info == NULL )
return( PSA_ERROR_NOT_SUPPORTED );
mbedtls_cipher_init( &operation->cipher );
ret = mbedtls_cipher_setup( &operation->cipher, cipher_info );
if( ret != 0 ) {
mbedtls_cipher_free( &operation->cipher );
return( mbedtls_to_psa_error( ret ) );
}
ret = mbedtls_cipher_setkey( &operation->cipher,
key,
key_length * 8, direction );
if( ret != 0 ) {
mbedtls_cipher_free( &operation->cipher );
return( mbedtls_to_psa_error( ret ) );
}
operation->iv_set = 0;
operation->iv_required = 1;
operation->key_set = 1;
return( test_driver_cipher_hooks.forced_status );
}
psa_status_t test_transparent_cipher_encrypt_setup(
test_transparent_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg)
{
return ( test_transparent_cipher_setup( MBEDTLS_ENCRYPT,
operation,
test_driver_cipher_hooks.hits++;
/* Wiping the entire struct here, instead of member-by-member. This is
* useful for the test suite, since it gives a chance of catching memory
* corruption errors should the core not have allocated (enough) memory for
* our context struct. */
memset( operation, 0, sizeof( *operation ) );
if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
return( test_driver_cipher_hooks.forced_status );
return ( mbedtls_psa_cipher_encrypt_setup( operation,
attributes,
key,
key_length,
@ -285,8 +235,12 @@ psa_status_t test_transparent_cipher_decrypt_setup(
const uint8_t *key, size_t key_length,
psa_algorithm_t alg)
{
return ( test_transparent_cipher_setup( MBEDTLS_DECRYPT,
operation,
test_driver_cipher_hooks.hits++;
if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
return( test_driver_cipher_hooks.forced_status );
return ( mbedtls_psa_cipher_decrypt_setup( operation,
attributes,
key,
key_length,
@ -300,18 +254,16 @@ psa_status_t test_transparent_cipher_abort(
if( operation->alg == 0 )
return( PSA_SUCCESS );
if( operation->alg != PSA_ALG_CTR )
return( PSA_ERROR_BAD_STATE );
mbedtls_cipher_free( &operation->cipher );
mbedtls_psa_cipher_abort( operation );
/* Wiping the entire struct here, instead of member-by-member. This is useful
* for the test suite, since it gives a chance of catching memory corruption
* errors should the core not have allocated (enough) memory for our context
* struct. */
/* Wiping the entire struct here, instead of member-by-member. This is
* useful for the test suite, since it gives a chance of catching memory
* corruption errors should the core not have allocated (enough) memory for
* our context struct. */
memset( operation, 0, sizeof( *operation ) );
return( PSA_SUCCESS );
return( test_driver_cipher_hooks.forced_status );
}
psa_status_t test_transparent_cipher_generate_iv(
@ -320,35 +272,15 @@ psa_status_t test_transparent_cipher_generate_iv(
size_t iv_size,
size_t *iv_length)
{
psa_status_t status;
mbedtls_test_rnd_pseudo_info rnd_info;
memset( &rnd_info, 0x5A, sizeof( mbedtls_test_rnd_pseudo_info ) );
test_driver_cipher_hooks.hits++;
if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
return( test_driver_cipher_hooks.forced_status );
if( operation->alg != PSA_ALG_CTR )
return( PSA_ERROR_BAD_STATE );
if( operation->iv_set || ! operation->iv_required )
return( PSA_ERROR_BAD_STATE );
if( iv_size < operation->iv_size )
return( PSA_ERROR_BUFFER_TOO_SMALL );
status = mbedtls_to_psa_error(
mbedtls_test_rnd_pseudo_rand( &rnd_info,
return( mbedtls_psa_cipher_generate_iv( operation,
iv,
operation->iv_size ) );
if( status != PSA_SUCCESS )
return( status );
*iv_length = operation->iv_size;
status = test_transparent_cipher_set_iv( operation, iv, *iv_length );
return( status );
iv_size,
iv_length ) );
}
psa_status_t test_transparent_cipher_set_iv(
@ -356,29 +288,14 @@ psa_status_t test_transparent_cipher_set_iv(
const uint8_t *iv,
size_t iv_length)
{
psa_status_t status;
test_driver_cipher_hooks.hits++;
if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
return( test_driver_cipher_hooks.forced_status );
if( operation->alg != PSA_ALG_CTR )
return( PSA_ERROR_BAD_STATE );
if( operation->iv_set || ! operation->iv_required )
return( PSA_ERROR_BAD_STATE );
if( iv_length != operation->iv_size )
return( PSA_ERROR_INVALID_ARGUMENT );
status = mbedtls_to_psa_error(
mbedtls_cipher_set_iv( &operation->cipher, iv, iv_length ) );
if( status == PSA_SUCCESS )
operation->iv_set = 1;
return( status );
return( mbedtls_psa_cipher_set_iv( operation,
iv,
iv_length ) );
}
psa_status_t test_transparent_cipher_update(
@ -389,27 +306,8 @@ psa_status_t test_transparent_cipher_update(
size_t output_size,
size_t *output_length)
{
psa_status_t status;
test_driver_cipher_hooks.hits++;
if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
return( test_driver_cipher_hooks.forced_status );
if( operation->alg != PSA_ALG_CTR )
return( PSA_ERROR_BAD_STATE );
/* CTR is a stream cipher, so data in and out are always the same size */
if( output_size < input_length )
return( PSA_ERROR_BUFFER_TOO_SMALL );
status = mbedtls_to_psa_error(
mbedtls_cipher_update( &operation->cipher, input,
input_length, output, output_length ) );
if( status != PSA_SUCCESS )
return status;
if( test_driver_cipher_hooks.forced_output != NULL )
{
if( output_size < test_driver_cipher_hooks.forced_output_length )
@ -419,52 +317,27 @@ psa_status_t test_transparent_cipher_update(
test_driver_cipher_hooks.forced_output,
test_driver_cipher_hooks.forced_output_length );
*output_length = test_driver_cipher_hooks.forced_output_length;
}
return( test_driver_cipher_hooks.forced_status );
}
if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
return( test_driver_cipher_hooks.forced_status );
return( mbedtls_psa_cipher_update( operation,
input, input_length,
output, output_size,
output_length ) );
}
psa_status_t test_transparent_cipher_finish(
test_transparent_cipher_operation_t *operation,
uint8_t *output,
size_t output_size,
size_t *output_length)
{
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH];
test_driver_cipher_hooks.hits++;
if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
return( test_driver_cipher_hooks.forced_status );
if( operation->alg != PSA_ALG_CTR )
return( PSA_ERROR_BAD_STATE );
if( ! operation->key_set )
return( PSA_ERROR_BAD_STATE );
if( operation->iv_required && ! operation->iv_set )
return( PSA_ERROR_BAD_STATE );
status = mbedtls_to_psa_error(
mbedtls_cipher_finish( &operation->cipher,
temp_output_buffer,
output_length ) );
mbedtls_cipher_free( &operation->cipher );
if( status != PSA_SUCCESS )
return( status );
if( *output_length == 0 )
; /* Nothing to copy. Note that output may be NULL in this case. */
else if( output_size >= *output_length )
memcpy( output, temp_output_buffer, *output_length );
else
return( PSA_ERROR_BUFFER_TOO_SMALL );
if( test_driver_cipher_hooks.forced_output != NULL )
{
if( output_size < test_driver_cipher_hooks.forced_output_length )
@ -474,11 +347,18 @@ psa_status_t test_transparent_cipher_finish(
test_driver_cipher_hooks.forced_output,
test_driver_cipher_hooks.forced_output_length );
*output_length = test_driver_cipher_hooks.forced_output_length;
}
return( test_driver_cipher_hooks.forced_status );
}
if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
return( test_driver_cipher_hooks.forced_status );
return( mbedtls_psa_cipher_finish( operation,
output, output_size,
output_length ) );
}
/*
* opaque versions, to do
*/