From 9b9b614a0249d4b615c61d9df35b72d2c260bd1e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 20 Apr 2022 16:55:03 +0200 Subject: [PATCH] cipher_encrypt_alg_without_iv: validate size macros independently Validate the size macros directly from the output length in the test data, rather than using the value returned by the library. This is equivalent since the value returned by the library is checked to be identical. Enforce that SIZE() <= MAX_SIZE(), in addition to length <= SIZE(). This is stronger than the previous code which merely enforced length <= SIZE() and length <= MAX_SIZE(). Signed-off-by: Gilles Peskine --- tests/suites/test_suite_psa_crypto.function | 23 +++++++++++++-------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 6552ecd8c..d24d1eb74 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3323,25 +3323,33 @@ void cipher_encrypt_alg_without_iv( int alg_arg, PSA_ASSERT( psa_crypto_init( ) ); + /* Validate size macros */ + TEST_ASSERT( expected_output->len <= + PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len ) ); + TEST_ASSERT( PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len ) <= + PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) ); + + /* Set up key and output buffer */ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); - + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len ); ASSERT_ALLOC( output, output_buffer_size ); - PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &key ) ); - + /* set_iv() is not allowed */ PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); TEST_EQUAL( psa_cipher_set_iv( &operation, iv, sizeof( iv ) ), PSA_ERROR_BAD_STATE ); + + /* generate_iv() is not allowed */ PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); TEST_EQUAL( psa_cipher_generate_iv( &operation, iv, sizeof( iv ), &iv_length ), PSA_ERROR_BAD_STATE ); - /* Encrypt, one-shot */ + /* One-shot encryption */ PSA_ASSERT( psa_cipher_encrypt( key, alg, input->x, input->len, output, output_buffer_size, &output_length ) ); TEST_ASSERT( output_length <= @@ -3359,10 +3367,6 @@ void cipher_encrypt_alg_without_iv( int alg_arg, PSA_ASSERT( psa_cipher_update( &operation, input->x, input->len, output, output_buffer_size, &output_length) ); - TEST_ASSERT( output_length <= - PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len ) ); - TEST_ASSERT( output_length <= - PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) ); ASSERT_COMPARE( expected_output->x, expected_output->len, output, output_length ); @@ -3370,6 +3374,7 @@ void cipher_encrypt_alg_without_iv( int alg_arg, exit: PSA_ASSERT( psa_cipher_abort( &operation ) ); mbedtls_free( output ); + psa_cipher_abort( &operation ); psa_destroy_key( key ); PSA_DONE( ); }