mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-26 12:35:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #7177 from paul-elliott-arm/interruptible_sign_hash_improve_num_ops_testing

Browse Source 
Interruptible sign hash improve num ops testing
This commit is contained in:
Paul Elliott 2023-03-01 14:59:44 +00:00 committed by GitHub
commit ebf2e38662
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 120 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
tests/suites/test_suite_psa_crypto.data
View File

@ -4561,9 +4561,9 @@ PSA sign/vrfy hash int edge case tests: randomized ECDSA SECP256R1 SHA-256
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
interruptible_signverify_hash_edgecase_tests:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b"
PSA sign/vrfy hash int max ops tests: randomized ECDSA SECP256R1 SHA-256
PSA sign/vrfy hash int ops tests: randomized ECDSA SECP256R1 SHA-256
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
interruptible_signverify_hash_maxops_tests:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b"
interruptible_signverify_hash_ops_tests:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b"
PSA sign message: RSA PKCS#1 v1.5 SHA-256
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C

156
tests/suites/test_suite_psa_crypto.function
View File

@ -7487,41 +7487,6 @@ void interruptible_signverify_hash_edgecase_tests(int key_type_arg,
TEST_LE_U(signature_size, PSA_SIGNATURE_MAX_SIZE);
ASSERT_ALLOC(signature, signature_size);
/* --- Ensure changing the max ops mid operation works (operation should
* complete successfully after setting max ops to unlimited --- */
psa_interruptible_set_max_ops(1);
PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg,
input_data->x, input_data->len));
TEST_EQUAL(psa_sign_hash_complete(&sign_operation, signature,
signature_size,
&signature_length),
PSA_OPERATION_INCOMPLETE);
psa_interruptible_set_max_ops(PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED);
PSA_ASSERT(psa_sign_hash_complete(&sign_operation, signature,
signature_size,
&signature_length));
PSA_ASSERT(psa_sign_hash_abort(&sign_operation));
psa_interruptible_set_max_ops(1);
PSA_ASSERT(psa_verify_hash_start(&verify_operation, key, alg,
input_data->x, input_data->len,
signature, signature_length));
TEST_EQUAL(psa_verify_hash_complete(&verify_operation),
PSA_OPERATION_INCOMPLETE);
psa_interruptible_set_max_ops(PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED);
PSA_ASSERT(psa_verify_hash_complete(&verify_operation));
PSA_ASSERT(psa_verify_hash_abort(&verify_operation));
/* --- Change function inputs mid run, to cause an error (sign only,
* verify passes all inputs to start. --- */
@ -7602,15 +7567,21 @@ exit:
/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */
/**
* interruptible_signverify_hash_maxops_tests() test intentions:
* interruptible_signverify_hash_ops_tests() test intentions:
*
* Note: This test can currently only handle ECDSA.
*
* 1. Test that setting max ops is reflected in both interruptible sign and
* verify hash
* 2. Test that changing the value of max_ops to unlimited during an operation
* causes that operation to complete in the next call.
*
* 3. Test that calling get_num_ops() between complete calls gives the same
* result as calling get_num_ops() once at the end of the operation.
*/
void interruptible_signverify_hash_maxops_tests(int key_type_arg,
data_t *key_data, int alg_arg, data_t *input_data)
void interruptible_signverify_hash_ops_tests(int key_type_arg,
data_t *key_data, int alg_arg,
data_t *input_data)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
@ -7619,6 +7590,10 @@ void interruptible_signverify_hash_maxops_tests(int key_type_arg,
size_t key_bits;
unsigned char *signature = NULL;
size_t signature_size;
size_t signature_length = 0xdeadbeef;
uint32_t num_ops = 0;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_sign_hash_interruptible_operation_t sign_operation =
psa_sign_hash_interruptible_operation_init();
psa_verify_hash_interruptible_operation_t verify_operation =
@ -7667,6 +7642,111 @@ void interruptible_signverify_hash_maxops_tests(int key_type_arg,
TEST_EQUAL(psa_interruptible_get_max_ops(), 0xbeef);
/* --- Ensure changing the max ops mid operation works (operation should
* complete successfully after setting max ops to unlimited --- */
psa_interruptible_set_max_ops(1);
PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg,
input_data->x, input_data->len));
TEST_EQUAL(psa_sign_hash_complete(&sign_operation, signature,
signature_size,
&signature_length),
PSA_OPERATION_INCOMPLETE);
psa_interruptible_set_max_ops(PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED);
PSA_ASSERT(psa_sign_hash_complete(&sign_operation, signature,
signature_size,
&signature_length));
PSA_ASSERT(psa_sign_hash_abort(&sign_operation));
psa_interruptible_set_max_ops(1);
PSA_ASSERT(psa_verify_hash_start(&verify_operation, key, alg,
input_data->x, input_data->len,
signature, signature_length));
TEST_EQUAL(psa_verify_hash_complete(&verify_operation),
PSA_OPERATION_INCOMPLETE);
psa_interruptible_set_max_ops(PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED);
PSA_ASSERT(psa_verify_hash_complete(&verify_operation));
PSA_ASSERT(psa_verify_hash_abort(&verify_operation));
/* --- Test that not calling get_num_ops inbetween complete calls does not
* result in lost ops. ---*/
psa_interruptible_set_max_ops(1);
PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg,
input_data->x, input_data->len));
/* Continue performing the signature until complete. */
do {
status = psa_sign_hash_complete(&sign_operation, signature,
signature_size,
&signature_length);
num_ops = psa_sign_hash_get_num_ops(&sign_operation);
} while (status == PSA_OPERATION_INCOMPLETE);
PSA_ASSERT(status);
PSA_ASSERT(psa_sign_hash_abort(&sign_operation));
PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg,
input_data->x, input_data->len));
/* Continue performing the signature until complete. */
do {
status = psa_sign_hash_complete(&sign_operation, signature,
signature_size,
&signature_length);
} while (status == PSA_OPERATION_INCOMPLETE);
PSA_ASSERT(status);
TEST_EQUAL(num_ops, psa_sign_hash_get_num_ops(&sign_operation));
PSA_ASSERT(psa_sign_hash_abort(&sign_operation));
PSA_ASSERT(psa_verify_hash_start(&verify_operation, key, alg,
input_data->x, input_data->len,
signature, signature_length));
/* Continue performing the verification until complete. */
do {
status = psa_verify_hash_complete(&verify_operation);
num_ops = psa_verify_hash_get_num_ops(&verify_operation);
} while (status == PSA_OPERATION_INCOMPLETE);
PSA_ASSERT(status);
PSA_ASSERT(psa_verify_hash_abort(&verify_operation));
PSA_ASSERT(psa_verify_hash_start(&verify_operation, key, alg,
input_data->x, input_data->len,
signature, signature_length));
/* Continue performing the verification until complete. */
do {
status = psa_verify_hash_complete(&verify_operation);
} while (status == PSA_OPERATION_INCOMPLETE);
PSA_ASSERT(status);
TEST_EQUAL(num_ops, psa_verify_hash_get_num_ops(&verify_operation));
PSA_ASSERT(psa_verify_hash_abort(&verify_operation));
exit:
/*
* Key attributes may have been returned by psa_get_key_attributes()