From dc32ac20fd76b76a023e0d6360659adb216526c1 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 13 Nov 2023 10:27:56 +0100 Subject: [PATCH] test_suite_[ctr_drbg/random]: initialize/close PSA in tests This commit also adds AES_PSA_[INIT/DONE] in "psa_crypto_helpers.h". Its scope is to call PSA_[INIT/DONE] only when AES_C is not defined (which is when PSA is effectively required for CTR_DRBG). Signed-off-by: Valerio Setti --- tests/include/test/psa_crypto_helpers.h | 23 +++++++++++++++++++++++ tests/suites/test_suite_ctr_drbg.function | 20 ++++++++++++++++++++ tests/suites/test_suite_random.function | 9 +++++++++ 3 files changed, 52 insertions(+) diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index f4c49fb020..cd64dc7adf 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -397,4 +397,27 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); #define MD_OR_USE_PSA_DONE() ((void) 0) #endif +/** \def AES_PSA_INIT + * + * Call this macro to initialize the PSA subsystem if AES_C is not defined, + * so that CTR_DRBG uses PSA implementation to get AES-ECB. + * + * If the initialization fails, mark the test case as failed and jump to the + * \p exit label. + */ +/** \def AES_PSA_DONE + * + * Call this macro at the end of a test case if you called #AES_PSA_INIT. + * + * This is like #PSA_DONE except it does nothing under the same conditions as + * #AES_PSA_INIT. + */ +#if defined(MBEDTLS_AES_C) +#define AES_PSA_INIT() ((void) 0) +#define AES_PSA_DONE() ((void) 0) +#else /* MBEDTLS_AES_C */ +#define AES_PSA_INIT() PSA_INIT() +#define AES_PSA_DONE() PSA_DONE() +#endif /* MBEDTLS_AES_C */ + #endif /* PSA_CRYPTO_HELPERS_H */ diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index c6896998ee..066e70b352 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -137,10 +137,12 @@ void ctr_drbg_validate_no_reseed(data_t *add_init, data_t *entropy, data_t *result_string) { data_t empty = { 0, 0 }; + AES_PSA_INIT(); ctr_drbg_validate_internal(RESEED_NEVER, add_init, entropy->len, entropy, &empty, add1, add2, result_string); + AES_PSA_DONE(); goto exit; // goto is needed to avoid warning ( no test assertions in func) } /* END_CASE */ @@ -151,10 +153,12 @@ void ctr_drbg_validate_pr(data_t *add_init, data_t *entropy, data_t *result_string) { data_t empty = { 0, 0 }; + AES_PSA_INIT(); ctr_drbg_validate_internal(RESEED_ALWAYS, add_init, entropy->len / 3, entropy, &empty, add1, add2, result_string); + AES_PSA_DONE(); goto exit; // goto is needed to avoid warning ( no test assertions in func) } /* END_CASE */ @@ -164,10 +168,12 @@ void ctr_drbg_validate_reseed_between(data_t *add_init, data_t *entropy, data_t *add1, data_t *add_reseed, data_t *add2, data_t *result_string) { + AES_PSA_INIT(); ctr_drbg_validate_internal(RESEED_SECOND, add_init, entropy->len / 2, entropy, add_reseed, add1, add2, result_string); + AES_PSA_DONE(); goto exit; // goto is needed to avoid warning ( no test assertions in func) } /* END_CASE */ @@ -177,10 +183,12 @@ void ctr_drbg_validate_reseed_first(data_t *add_init, data_t *entropy, data_t *add1, data_t *add_reseed, data_t *add2, data_t *result_string) { + AES_PSA_INIT(); ctr_drbg_validate_internal(RESEED_FIRST, add_init, entropy->len / 2, entropy, add_reseed, add1, add2, result_string); + AES_PSA_DONE(); goto exit; // goto is needed to avoid warning ( no test assertions in func) } /* END_CASE */ @@ -196,6 +204,8 @@ void ctr_drbg_entropy_strength(int expected_bit_strength) size_t byte_strength = expected_bit_strength / 8; mbedtls_ctr_drbg_init(&ctx); + + AES_PSA_INIT(); test_offset_idx = 0; test_max_idx = sizeof(entropy); memset(entropy, 0, sizeof(entropy)); @@ -214,6 +224,7 @@ void ctr_drbg_entropy_strength(int expected_bit_strength) exit: mbedtls_ctr_drbg_free(&ctx); + AES_PSA_DONE(); } /* END_CASE */ @@ -228,6 +239,9 @@ void ctr_drbg_entropy_usage(int entropy_nonce_len) size_t expected_idx = 0; mbedtls_ctr_drbg_init(&ctx); + + AES_PSA_INIT(); + test_offset_idx = 0; test_max_idx = sizeof(entropy); memset(entropy, 0, sizeof(entropy)); @@ -307,6 +321,7 @@ void ctr_drbg_entropy_usage(int entropy_nonce_len) exit: mbedtls_ctr_drbg_free(&ctx); + AES_PSA_DONE(); } /* END_CASE */ @@ -317,6 +332,8 @@ void ctr_drbg_seed_file(char *path, int ret) mbedtls_ctr_drbg_init(&ctx); + AES_PSA_INIT(); + TEST_ASSERT(mbedtls_ctr_drbg_seed(&ctx, mbedtls_test_rnd_std_rand, NULL, NULL, 0) == 0); TEST_ASSERT(mbedtls_ctr_drbg_write_seed_file(&ctx, path) == ret); @@ -324,12 +341,15 @@ void ctr_drbg_seed_file(char *path, int ret) exit: mbedtls_ctr_drbg_free(&ctx); + AES_PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void ctr_drbg_selftest() { + AES_PSA_INIT(); TEST_ASSERT(mbedtls_ctr_drbg_self_test(1) == 0); + AES_PSA_DONE(); } /* END_CASE */ diff --git a/tests/suites/test_suite_random.function b/tests/suites/test_suite_random.function index 58cddb7158..155b8e7083 100644 --- a/tests/suites/test_suite_random.function +++ b/tests/suites/test_suite_random.function @@ -26,7 +26,12 @@ void random_twice_with_ctr_drbg() unsigned char output1[OUTPUT_SIZE]; unsigned char output2[OUTPUT_SIZE]; +#if defined(MBEDTLS_AES_C) MD_PSA_INIT(); +#else + USE_PSA_INIT(); +#endif + /* First round */ mbedtls_entropy_init(&entropy); @@ -56,7 +61,11 @@ void random_twice_with_ctr_drbg() exit: mbedtls_ctr_drbg_free(&drbg); mbedtls_entropy_free(&entropy); +#if defined(MBEDTLS_AES_C) MD_PSA_DONE(); +#else + USE_PSA_DONE(); +#endif } /* END_CASE */