eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add num_ops tests to sign and verify interruptible hash

Browse source 
This is the only test usable for non-deterministic ECDSA, thus needs this
code path testing as well.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
This commit is contained in:
Paul Elliott 2023-02-26 18:44:45 +00:00
parent 8359c14c14
commit 7c17308253
1 changed files with 26 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

26
tests/suites/test_suite_psa_crypto.function
View file

@ -6864,6 +6864,10 @@ exit:
* *
* 3. Test the number of calls to psa_sign_hash_complete() required are as * 3. Test the number of calls to psa_sign_hash_complete() required are as
* expected for different max_ops values. * expected for different max_ops values.
*
* 4. Test that the number of ops done prior to starting signing and after abort
* is zero and that each successful signing stage completes some ops (this is
* not mandated by the PSA specification, but is currently the case).
*/ */
void sign_verify_hash_interruptible(int key_type_arg, data_t *key_data, void sign_verify_hash_interruptible(int key_type_arg, data_t *key_data,
int alg_arg, data_t *input_data, int alg_arg, data_t *input_data,
@ -6879,6 +6883,8 @@ void sign_verify_hash_interruptible(int key_type_arg, data_t *key_data,
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status = PSA_OPERATION_INCOMPLETE; psa_status_t status = PSA_OPERATION_INCOMPLETE;
uint32_t max_ops = max_ops_arg; uint32_t max_ops = max_ops_arg;
uint32_t num_ops = 0;
uint32_t num_ops_prior = 0;
size_t num_completes = 0; size_t num_completes = 0;
size_t min_completes = 0; size_t min_completes = 0;
size_t max_completes = 0; size_t max_completes = 0;
@ -6913,10 +6919,16 @@ void sign_verify_hash_interruptible(int key_type_arg, data_t *key_data,
interruptible_signverify_get_minmax_completes(max_ops, PSA_SUCCESS, interruptible_signverify_get_minmax_completes(max_ops, PSA_SUCCESS,
&min_completes, &max_completes); &min_completes, &max_completes);
num_ops_prior = psa_sign_hash_get_num_ops(&sign_operation);
TEST_ASSERT(num_ops_prior == 0);
/* Start performing the signature. */ /* Start performing the signature. */
PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg, PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg,
input_data->x, input_data->len)); input_data->x, input_data->len));
num_ops_prior = psa_sign_hash_get_num_ops(&sign_operation);
TEST_ASSERT(num_ops_prior == 0);
/* Continue performing the signature until complete. */ /* Continue performing the signature until complete. */
do { do {
@ -6925,6 +6937,17 @@ void sign_verify_hash_interruptible(int key_type_arg, data_t *key_data,
&signature_length); &signature_length);
num_completes++; num_completes++;
if (status == PSA_SUCCESS || status == PSA_OPERATION_INCOMPLETE) {
num_ops = psa_sign_hash_get_num_ops(&sign_operation);
/* We are asserting here that every complete makes progress
* (completes some ops), which is true of the internal
* implementation and probably any implementation, however this is
* not mandated by the PSA specification. */
TEST_ASSERT(num_ops > num_ops_prior);
num_ops_prior = num_ops;
}
} while (status == PSA_OPERATION_INCOMPLETE); } while (status == PSA_OPERATION_INCOMPLETE);
TEST_ASSERT(status == PSA_SUCCESS); TEST_ASSERT(status == PSA_SUCCESS);
@ -6934,6 +6957,9 @@ void sign_verify_hash_interruptible(int key_type_arg, data_t *key_data,
PSA_ASSERT(psa_sign_hash_abort(&sign_operation)); PSA_ASSERT(psa_sign_hash_abort(&sign_operation));
num_ops = psa_sign_hash_get_num_ops(&sign_operation);
TEST_ASSERT(num_ops == 0);
/* Check that the signature length looks sensible. */ /* Check that the signature length looks sensible. */
TEST_LE_U(signature_length, signature_size); TEST_LE_U(signature_length, signature_size);
TEST_ASSERT(signature_length > 0); TEST_ASSERT(signature_length > 0);