From 5770224ef3372b0cb505793003ced75d7c31d68f Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Sun, 26 Feb 2023 20:36:10 +0000 Subject: [PATCH 1/3] Rename max ops tests to ops tests Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.data | 4 ++-- tests/suites/test_suite_psa_crypto.function | 8 +++++--- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index f340a7ff2c..cfcdac1021 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -4561,9 +4561,9 @@ PSA sign/vrfy hash int edge case tests: randomized ECDSA SECP256R1 SHA-256 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 interruptible_signverify_hash_edgecase_tests:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" -PSA sign/vrfy hash int max ops tests: randomized ECDSA SECP256R1 SHA-256 +PSA sign/vrfy hash int ops tests: randomized ECDSA SECP256R1 SHA-256 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -interruptible_signverify_hash_maxops_tests:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" +interruptible_signverify_hash_ops_tests:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" PSA sign message: RSA PKCS#1 v1.5 SHA-256 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index ab39fba554..f3ccac01b3 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -7602,15 +7602,17 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ /** - * interruptible_signverify_hash_maxops_tests() test intentions: + * interruptible_signverify_hash_ops_tests() test intentions: * * Note: This test can currently only handle ECDSA. * * 1. Test that setting max ops is reflected in both interruptible sign and * verify hash + */ -void interruptible_signverify_hash_maxops_tests(int key_type_arg, - data_t *key_data, int alg_arg, data_t *input_data) +void interruptible_signverify_hash_ops_tests(int key_type_arg, + data_t *key_data, int alg_arg, + data_t *input_data) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; From 9e8819f356f296cb8f062ce2207f6e690220ebce Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Sun, 26 Feb 2023 19:01:35 +0000 Subject: [PATCH 2/3] Move 'change max_ops' test into ops tests Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 74 +++++++++++---------- 1 file changed, 38 insertions(+), 36 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index f3ccac01b3..ce531e1b00 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -7487,41 +7487,6 @@ void interruptible_signverify_hash_edgecase_tests(int key_type_arg, TEST_LE_U(signature_size, PSA_SIGNATURE_MAX_SIZE); ASSERT_ALLOC(signature, signature_size); - /* --- Ensure changing the max ops mid operation works (operation should - * complete successfully after setting max ops to unlimited --- */ - psa_interruptible_set_max_ops(1); - - PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg, - input_data->x, input_data->len)); - - TEST_EQUAL(psa_sign_hash_complete(&sign_operation, signature, - signature_size, - &signature_length), - PSA_OPERATION_INCOMPLETE); - - psa_interruptible_set_max_ops(PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED); - - PSA_ASSERT(psa_sign_hash_complete(&sign_operation, signature, - signature_size, - &signature_length)); - - PSA_ASSERT(psa_sign_hash_abort(&sign_operation)); - - psa_interruptible_set_max_ops(1); - - PSA_ASSERT(psa_verify_hash_start(&verify_operation, key, alg, - input_data->x, input_data->len, - signature, signature_length)); - - TEST_EQUAL(psa_verify_hash_complete(&verify_operation), - PSA_OPERATION_INCOMPLETE); - - psa_interruptible_set_max_ops(PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED); - - PSA_ASSERT(psa_verify_hash_complete(&verify_operation)); - - PSA_ASSERT(psa_verify_hash_abort(&verify_operation)); - /* --- Change function inputs mid run, to cause an error (sign only, * verify passes all inputs to start. --- */ @@ -7608,7 +7573,8 @@ exit: * * 1. Test that setting max ops is reflected in both interruptible sign and * verify hash - + * 2. Test that changing the value of max_ops to unlimited during an operation + * causes that operation to complete in the next call. */ void interruptible_signverify_hash_ops_tests(int key_type_arg, data_t *key_data, int alg_arg, @@ -7621,6 +7587,7 @@ void interruptible_signverify_hash_ops_tests(int key_type_arg, size_t key_bits; unsigned char *signature = NULL; size_t signature_size; + size_t signature_length = 0xdeadbeef; psa_sign_hash_interruptible_operation_t sign_operation = psa_sign_hash_interruptible_operation_init(); psa_verify_hash_interruptible_operation_t verify_operation = @@ -7669,6 +7636,41 @@ void interruptible_signverify_hash_ops_tests(int key_type_arg, TEST_EQUAL(psa_interruptible_get_max_ops(), 0xbeef); + /* --- Ensure changing the max ops mid operation works (operation should + * complete successfully after setting max ops to unlimited --- */ + psa_interruptible_set_max_ops(1); + + PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg, + input_data->x, input_data->len)); + + TEST_EQUAL(psa_sign_hash_complete(&sign_operation, signature, + signature_size, + &signature_length), + PSA_OPERATION_INCOMPLETE); + + psa_interruptible_set_max_ops(PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED); + + PSA_ASSERT(psa_sign_hash_complete(&sign_operation, signature, + signature_size, + &signature_length)); + + PSA_ASSERT(psa_sign_hash_abort(&sign_operation)); + + psa_interruptible_set_max_ops(1); + + PSA_ASSERT(psa_verify_hash_start(&verify_operation, key, alg, + input_data->x, input_data->len, + signature, signature_length)); + + TEST_EQUAL(psa_verify_hash_complete(&verify_operation), + PSA_OPERATION_INCOMPLETE); + + psa_interruptible_set_max_ops(PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED); + + PSA_ASSERT(psa_verify_hash_complete(&verify_operation)); + + PSA_ASSERT(psa_verify_hash_abort(&verify_operation)); + exit: /* * Key attributes may have been returned by psa_get_key_attributes() From c1e0400bac3e409e85b44739a5037c24912fe261 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Sun, 26 Feb 2023 20:27:23 +0000 Subject: [PATCH 3/3] Add test to check not calling get_num_ops() Make sure that not calling get_num_ops() inbetweeen calls to complete() does not mean that ops get lost (Regression test for previous fix). Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 76 +++++++++++++++++++++ 1 file changed, 76 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index ce531e1b00..62f2fbf683 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -7575,6 +7575,9 @@ exit: * verify hash * 2. Test that changing the value of max_ops to unlimited during an operation * causes that operation to complete in the next call. + * + * 3. Test that calling get_num_ops() between complete calls gives the same + * result as calling get_num_ops() once at the end of the operation. */ void interruptible_signverify_hash_ops_tests(int key_type_arg, data_t *key_data, int alg_arg, @@ -7588,6 +7591,9 @@ void interruptible_signverify_hash_ops_tests(int key_type_arg, unsigned char *signature = NULL; size_t signature_size; size_t signature_length = 0xdeadbeef; + uint32_t num_ops = 0; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_sign_hash_interruptible_operation_t sign_operation = psa_sign_hash_interruptible_operation_init(); psa_verify_hash_interruptible_operation_t verify_operation = @@ -7671,6 +7677,76 @@ void interruptible_signverify_hash_ops_tests(int key_type_arg, PSA_ASSERT(psa_verify_hash_abort(&verify_operation)); + /* --- Test that not calling get_num_ops inbetween complete calls does not + * result in lost ops. ---*/ + + psa_interruptible_set_max_ops(1); + + PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg, + input_data->x, input_data->len)); + + /* Continue performing the signature until complete. */ + do { + status = psa_sign_hash_complete(&sign_operation, signature, + signature_size, + &signature_length); + + num_ops = psa_sign_hash_get_num_ops(&sign_operation); + + } while (status == PSA_OPERATION_INCOMPLETE); + + PSA_ASSERT(status); + + PSA_ASSERT(psa_sign_hash_abort(&sign_operation)); + + PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg, + input_data->x, input_data->len)); + + /* Continue performing the signature until complete. */ + do { + status = psa_sign_hash_complete(&sign_operation, signature, + signature_size, + &signature_length); + } while (status == PSA_OPERATION_INCOMPLETE); + + PSA_ASSERT(status); + + TEST_EQUAL(num_ops, psa_sign_hash_get_num_ops(&sign_operation)); + + PSA_ASSERT(psa_sign_hash_abort(&sign_operation)); + + PSA_ASSERT(psa_verify_hash_start(&verify_operation, key, alg, + input_data->x, input_data->len, + signature, signature_length)); + + /* Continue performing the verification until complete. */ + do { + status = psa_verify_hash_complete(&verify_operation); + + num_ops = psa_verify_hash_get_num_ops(&verify_operation); + + } while (status == PSA_OPERATION_INCOMPLETE); + + PSA_ASSERT(status); + + PSA_ASSERT(psa_verify_hash_abort(&verify_operation)); + + PSA_ASSERT(psa_verify_hash_start(&verify_operation, key, alg, + input_data->x, input_data->len, + signature, signature_length)); + + /* Continue performing the verification until complete. */ + do { + status = psa_verify_hash_complete(&verify_operation); + + } while (status == PSA_OPERATION_INCOMPLETE); + + PSA_ASSERT(status); + + TEST_EQUAL(num_ops, psa_verify_hash_get_num_ops(&verify_operation)); + + PSA_ASSERT(psa_verify_hash_abort(&verify_operation)); + exit: /* * Key attributes may have been returned by psa_get_key_attributes()