Refactoring: create mbedtls_test_ssl_prepare_record_mac()

No semantic change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

tests/suites/test_suite_ssl_decrypt.function

@@ -40,9 +40,6 @@ void ssl_decrypt_non_etm_cbc(int cipher_type, int hash_id, int trunc_hmac,
     size_t buflen, olen = 0;
     size_t plaintext_len, block_size, i;
     unsigned char padlen; /* excluding the padding_length byte */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
-#endif
     int exp_ret;
     int ret;
     const unsigned char pad_max_len = 255; /* Per the standard */
@@ -113,48 +110,7 @@ void ssl_decrypt_non_etm_cbc(int cipher_type, int hash_id, int trunc_hmac,
     /*
      * Prepare a pre-encryption record (with MAC and padding), and save it.
      */
-    mbedtls_ssl_transform *transform_out = &t0;
-    mbedtls_record *record = &rec;
-
-    /* Serialized version of record header for MAC purposes */
-    unsigned char add_data[13];
-    memcpy(add_data, record->ctr, 8);
-    add_data[8] = record->type;
-    add_data[9] = record->ver[0];
-    add_data[10] = record->ver[1];
-    add_data[11] = (record->data_len >> 8) & 0xff;
-    add_data[12] = (record->data_len >> 0) & 0xff;
-
-    /* MAC with additional data */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    size_t sign_mac_length = 0;
-    TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_setup(&operation,
-                                               transform_out->psa_mac_enc,
-                                               transform_out->psa_mac_alg));
-    TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation, add_data, 13));
-    TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation,
-                                           record->buf + record->data_offset,
-                                           record->data_len));
-    /* Use a temporary buffer for the MAC, because with the truncated HMAC
-     * extension, there might not be enough room in the record for the
-     * full-length MAC. */
-    unsigned char mac[PSA_HASH_MAX_SIZE];
-    TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_finish(&operation,
-                                                mac, sizeof(mac),
-                                                &sign_mac_length));
-#else
-    TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc, add_data, 13));
-    TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc,
-                                         record->buf + record->data_offset,
-                                         record->data_len));
-    /* Use a temporary buffer for the MAC, because with the truncated HMAC
-     * extension, there might not be enough room in the record for the
-     * full-length MAC. */
-    unsigned char mac[MBEDTLS_MD_MAX_SIZE];
-    TEST_EQUAL(0, mbedtls_md_hmac_finish(&transform_out->md_ctx_enc, mac));
-#endif
-    memcpy(record->buf + record->data_offset + record->data_len, mac, transform_out->maclen);
-    record->data_len += transform_out->maclen;
+    TEST_EQUAL(0, mbedtls_test_ssl_prepare_record_mac(&rec, &t0));
 
     /* Pad */
     memset(rec.buf + rec.data_offset + rec.data_len, padlen, padlen + 1);
@@ -239,9 +195,6 @@ void ssl_decrypt_non_etm_cbc(int cipher_type, int hash_id, int trunc_hmac,
     }
 
 exit:
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_mac_abort(&operation);
-#endif
     mbedtls_ssl_free(&ssl);
     mbedtls_ssl_transform_free(&t0);
     mbedtls_ssl_transform_free(&t1);