tests: psa: Add macros to skip a test case

Add macros to skip a test case when hitting a
common alternative implementation limitation.

Add a macro for AES-192 and GCM with a nonce
length different from 12 bytes.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2021-02-09 20:35:42 +01:00
parent 50f1f5e119
commit 28a45ed8db
2 changed files with 97 additions and 40 deletions

View file

@ -21,6 +21,7 @@
#ifndef PSA_CRYPTO_HELPERS_H
#define PSA_CRYPTO_HELPERS_H
#include "test/helpers.h"
#include "test/psa_helpers.h"
#include <psa/crypto.h>
@ -100,4 +101,86 @@ psa_status_t mbedtls_test_record_status( psa_status_t status,
#endif /* defined(RECORD_PSA_STATUS_COVERAGE_LOG) */
/** Skip a test case if the given key is an 192 bits AES key and the AES
* implementation is at least partially an alternative implementation.
*
* Call this macro in a test case when a cryptography operation that may
* involve an AES operation returns with the PSA_ERROR_NOT_SUPPORTED error
* code to skip and not fail the test case in case the operation involves an
* 192 bits AES key and the AES implementation is at least partially an
* alternative implementation.
*
* Hardware AES implementations are likely to not support 192 bits keys.
* Consequently, PSA test cases aim at not failing when an AES operation with
* an 192 bits key performed by an alternative AES implementation returns
* with the PSA_ERROR_NOT_SUPPORTED error code. The purpose of this macro
* is to facilitate this and make the related code more readable.
*
* \param key_type Key type
* \param key_bits Key length in number of bits.
*/
#if defined(MBEDTLS_AES_ALT) || \
defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \
defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES)
#define MBEDTLS_TEST_HAVE_ALT_AES 1
#else
#define MBEDTLS_TEST_HAVE_ALT_AES 0
#endif
#define MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_bits ) \
do \
{ \
if( ( MBEDTLS_TEST_HAVE_ALT_AES ) && \
( ( key_type ) == PSA_KEY_TYPE_AES ) && \
( key_bits == 192 ) ) \
{ \
mbedtls_test_skip( "AES-192 not supported", __LINE__, __FILE__ ); \
goto exit; \
} \
} \
while( 0 )
/** Skip a test case in case of a GCM operation with a nonce length different
* from 12 bytes.
*
* Call this macro in a test case when an AEAD cryptography operation that
* may involve the GCM mode returns with the PSA_ERROR_NOT_SUPPORTED error
* code to skip and not fail the test case in case the operation involves the
* GCM mode, a nonce with a length different from 12 bytes and the GCM mode
* implementation is an alternative one.
*
* Hardware GCM implementations are likely to not support nonce lengths
* different from 12 are those imply additional computations involving the
* GHASH function. Consequently, PSA test cases aim at not failing when an
* AEAD operation in GCM mode with a nonce length different from 12 bytes
* performed by an alternative GCM implementation returns with the
* PSA_ERROR_NOT_SUPPORTED error code. The purpose of this macro is to
* facilitate this and make the related code more readable.
*
* \param alg The AEAD algorithm.
* \param nonce_length The nonce length in number of bytes.
*/
#if defined(MBEDTLS_GCM_ALT) || \
defined(MBEDTLS_PSA_ACCEL_ALG_GCM)
#define MBEDTLS_TEST_HAVE_ALT_GCM 1
#else
#define MBEDTLS_TEST_HAVE_ALT_GCM 0
#endif
#define MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, \
nonce_length ) \
do \
{ \
if( ( MBEDTLS_TEST_HAVE_ALT_GCM ) && \
( PSA_ALG_AEAD_WITH_TAG_LENGTH( ( alg ) , 0 ) == \
PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 0 ) ) && \
( ( nonce_length ) != 12 ) ) \
{ \
mbedtls_test_skip( "GCM with non-12-byte IV is not supported", __LINE__, __FILE__ ); \
goto exit; \
} \
} \
while( 0 )
#endif /* PSA_CRYPTO_HELPERS_H */

View file

@ -12,6 +12,8 @@
#include "psa/crypto.h"
#include "psa_crypto_slot_management.h"
#include "test/psa_crypto_helpers.h"
/** An invalid export length that will never be set by psa_export_key(). */
static const size_t INVALID_EXPORT_LENGTH = ~0U;
@ -4093,28 +4095,14 @@ void aead_encrypt( int key_type_arg, data_t *key_data,
output_data, output_size,
&output_length );
#if defined(MBEDTLS_AES_ALT) || \
defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \
defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES)
if( status == PSA_ERROR_NOT_SUPPORTED &&
key_type == PSA_KEY_TYPE_AES &&
key_data->len == 24 )
/* If the operation is not supported, just skip and not fail in case the
* encryption involves a common limitation of cryptography hardwares and
* an alternative implementation. */
if( status == PSA_ERROR_NOT_SUPPORTED )
{
test_skip( "AES-192 not supported", __LINE__, __FILE__ );
goto exit;
MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 );
MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len );
}
#endif /* AES could be alternatively implemented */
#if defined(MBEDTLS_GCM_ALT) || \
defined(MBEDTLS_PSA_ACCEL_ALG_GCM)
if( status == PSA_ERROR_NOT_SUPPORTED &&
( PSA_ALG_AEAD_WITH_TAG_LENGTH( alg, 0 ) ==
PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 0 ) ) &&
nonce->len != 12 )
{
test_skip( "AES-GCM with non-12-byte IV is not supported", __LINE__, __FILE__ );
goto exit;
}
#endif /* AES-GCM could be alternatively implemented */
PSA_ASSERT( status );
ASSERT_COMPARE( expected_result->x, expected_result->len,
@ -4172,28 +4160,14 @@ void aead_decrypt( int key_type_arg, data_t *key_data,
output_data, output_size,
&output_length );
#if defined(MBEDTLS_AES_ALT) || \
defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \
defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES)
if( status == PSA_ERROR_NOT_SUPPORTED &&
key_type == PSA_KEY_TYPE_AES &&
key_data->len == 24 )
/* If the operation is not supported, just skip and not fail in case the
* decryption involves a common limitation of cryptography hardwares and
* an alternative implementation. */
if( status == PSA_ERROR_NOT_SUPPORTED )
{
test_skip( "AES-192 not supported", __LINE__, __FILE__ );
goto exit;
MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 );
MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len );
}
#endif /* AES could be alternatively implemented */
#if defined(MBEDTLS_GCM_ALT) || \
defined(MBEDTLS_PSA_ACCEL_ALG_GCM)
if( status == PSA_ERROR_NOT_SUPPORTED &&
( PSA_ALG_AEAD_WITH_TAG_LENGTH( alg, 0 ) ==
PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 0 ) ) &&
nonce->len != 12 )
{
test_skip( "AES-GCM with non-12-byte IV is not supported", __LINE__, __FILE__ );
goto exit;
}
#endif /* AES-GCM could be alternatively implemented */
TEST_EQUAL( status, expected_result );