tests: psa: Add macros to skip a test case
Add macros to skip a test case when hitting a common alternative implementation limitation. Add a macro for AES-192 and GCM with a nonce length different from 12 bytes. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
parent
50f1f5e119
commit
28a45ed8db
2 changed files with 97 additions and 40 deletions
|
@ -21,6 +21,7 @@
|
|||
#ifndef PSA_CRYPTO_HELPERS_H
|
||||
#define PSA_CRYPTO_HELPERS_H
|
||||
|
||||
#include "test/helpers.h"
|
||||
#include "test/psa_helpers.h"
|
||||
|
||||
#include <psa/crypto.h>
|
||||
|
@ -100,4 +101,86 @@ psa_status_t mbedtls_test_record_status( psa_status_t status,
|
|||
|
||||
#endif /* defined(RECORD_PSA_STATUS_COVERAGE_LOG) */
|
||||
|
||||
/** Skip a test case if the given key is an 192 bits AES key and the AES
|
||||
* implementation is at least partially an alternative implementation.
|
||||
*
|
||||
* Call this macro in a test case when a cryptography operation that may
|
||||
* involve an AES operation returns with the PSA_ERROR_NOT_SUPPORTED error
|
||||
* code to skip and not fail the test case in case the operation involves an
|
||||
* 192 bits AES key and the AES implementation is at least partially an
|
||||
* alternative implementation.
|
||||
*
|
||||
* Hardware AES implementations are likely to not support 192 bits keys.
|
||||
* Consequently, PSA test cases aim at not failing when an AES operation with
|
||||
* an 192 bits key performed by an alternative AES implementation returns
|
||||
* with the PSA_ERROR_NOT_SUPPORTED error code. The purpose of this macro
|
||||
* is to facilitate this and make the related code more readable.
|
||||
*
|
||||
* \param key_type Key type
|
||||
* \param key_bits Key length in number of bits.
|
||||
*/
|
||||
#if defined(MBEDTLS_AES_ALT) || \
|
||||
defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \
|
||||
defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES)
|
||||
#define MBEDTLS_TEST_HAVE_ALT_AES 1
|
||||
#else
|
||||
#define MBEDTLS_TEST_HAVE_ALT_AES 0
|
||||
#endif
|
||||
|
||||
#define MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_bits ) \
|
||||
do \
|
||||
{ \
|
||||
if( ( MBEDTLS_TEST_HAVE_ALT_AES ) && \
|
||||
( ( key_type ) == PSA_KEY_TYPE_AES ) && \
|
||||
( key_bits == 192 ) ) \
|
||||
{ \
|
||||
mbedtls_test_skip( "AES-192 not supported", __LINE__, __FILE__ ); \
|
||||
goto exit; \
|
||||
} \
|
||||
} \
|
||||
while( 0 )
|
||||
|
||||
/** Skip a test case in case of a GCM operation with a nonce length different
|
||||
* from 12 bytes.
|
||||
*
|
||||
* Call this macro in a test case when an AEAD cryptography operation that
|
||||
* may involve the GCM mode returns with the PSA_ERROR_NOT_SUPPORTED error
|
||||
* code to skip and not fail the test case in case the operation involves the
|
||||
* GCM mode, a nonce with a length different from 12 bytes and the GCM mode
|
||||
* implementation is an alternative one.
|
||||
*
|
||||
* Hardware GCM implementations are likely to not support nonce lengths
|
||||
* different from 12 are those imply additional computations involving the
|
||||
* GHASH function. Consequently, PSA test cases aim at not failing when an
|
||||
* AEAD operation in GCM mode with a nonce length different from 12 bytes
|
||||
* performed by an alternative GCM implementation returns with the
|
||||
* PSA_ERROR_NOT_SUPPORTED error code. The purpose of this macro is to
|
||||
* facilitate this and make the related code more readable.
|
||||
*
|
||||
* \param alg The AEAD algorithm.
|
||||
* \param nonce_length The nonce length in number of bytes.
|
||||
*/
|
||||
|
||||
#if defined(MBEDTLS_GCM_ALT) || \
|
||||
defined(MBEDTLS_PSA_ACCEL_ALG_GCM)
|
||||
#define MBEDTLS_TEST_HAVE_ALT_GCM 1
|
||||
#else
|
||||
#define MBEDTLS_TEST_HAVE_ALT_GCM 0
|
||||
#endif
|
||||
|
||||
#define MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, \
|
||||
nonce_length ) \
|
||||
do \
|
||||
{ \
|
||||
if( ( MBEDTLS_TEST_HAVE_ALT_GCM ) && \
|
||||
( PSA_ALG_AEAD_WITH_TAG_LENGTH( ( alg ) , 0 ) == \
|
||||
PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 0 ) ) && \
|
||||
( ( nonce_length ) != 12 ) ) \
|
||||
{ \
|
||||
mbedtls_test_skip( "GCM with non-12-byte IV is not supported", __LINE__, __FILE__ ); \
|
||||
goto exit; \
|
||||
} \
|
||||
} \
|
||||
while( 0 )
|
||||
|
||||
#endif /* PSA_CRYPTO_HELPERS_H */
|
||||
|
|
|
@ -12,6 +12,8 @@
|
|||
#include "psa/crypto.h"
|
||||
#include "psa_crypto_slot_management.h"
|
||||
|
||||
#include "test/psa_crypto_helpers.h"
|
||||
|
||||
/** An invalid export length that will never be set by psa_export_key(). */
|
||||
static const size_t INVALID_EXPORT_LENGTH = ~0U;
|
||||
|
||||
|
@ -4093,28 +4095,14 @@ void aead_encrypt( int key_type_arg, data_t *key_data,
|
|||
output_data, output_size,
|
||||
&output_length );
|
||||
|
||||
#if defined(MBEDTLS_AES_ALT) || \
|
||||
defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \
|
||||
defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES)
|
||||
if( status == PSA_ERROR_NOT_SUPPORTED &&
|
||||
key_type == PSA_KEY_TYPE_AES &&
|
||||
key_data->len == 24 )
|
||||
/* If the operation is not supported, just skip and not fail in case the
|
||||
* encryption involves a common limitation of cryptography hardwares and
|
||||
* an alternative implementation. */
|
||||
if( status == PSA_ERROR_NOT_SUPPORTED )
|
||||
{
|
||||
test_skip( "AES-192 not supported", __LINE__, __FILE__ );
|
||||
goto exit;
|
||||
MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 );
|
||||
MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len );
|
||||
}
|
||||
#endif /* AES could be alternatively implemented */
|
||||
#if defined(MBEDTLS_GCM_ALT) || \
|
||||
defined(MBEDTLS_PSA_ACCEL_ALG_GCM)
|
||||
if( status == PSA_ERROR_NOT_SUPPORTED &&
|
||||
( PSA_ALG_AEAD_WITH_TAG_LENGTH( alg, 0 ) ==
|
||||
PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 0 ) ) &&
|
||||
nonce->len != 12 )
|
||||
{
|
||||
test_skip( "AES-GCM with non-12-byte IV is not supported", __LINE__, __FILE__ );
|
||||
goto exit;
|
||||
}
|
||||
#endif /* AES-GCM could be alternatively implemented */
|
||||
|
||||
PSA_ASSERT( status );
|
||||
ASSERT_COMPARE( expected_result->x, expected_result->len,
|
||||
|
@ -4172,28 +4160,14 @@ void aead_decrypt( int key_type_arg, data_t *key_data,
|
|||
output_data, output_size,
|
||||
&output_length );
|
||||
|
||||
#if defined(MBEDTLS_AES_ALT) || \
|
||||
defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \
|
||||
defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES)
|
||||
if( status == PSA_ERROR_NOT_SUPPORTED &&
|
||||
key_type == PSA_KEY_TYPE_AES &&
|
||||
key_data->len == 24 )
|
||||
/* If the operation is not supported, just skip and not fail in case the
|
||||
* decryption involves a common limitation of cryptography hardwares and
|
||||
* an alternative implementation. */
|
||||
if( status == PSA_ERROR_NOT_SUPPORTED )
|
||||
{
|
||||
test_skip( "AES-192 not supported", __LINE__, __FILE__ );
|
||||
goto exit;
|
||||
MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 );
|
||||
MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len );
|
||||
}
|
||||
#endif /* AES could be alternatively implemented */
|
||||
#if defined(MBEDTLS_GCM_ALT) || \
|
||||
defined(MBEDTLS_PSA_ACCEL_ALG_GCM)
|
||||
if( status == PSA_ERROR_NOT_SUPPORTED &&
|
||||
( PSA_ALG_AEAD_WITH_TAG_LENGTH( alg, 0 ) ==
|
||||
PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 0 ) ) &&
|
||||
nonce->len != 12 )
|
||||
{
|
||||
test_skip( "AES-GCM with non-12-byte IV is not supported", __LINE__, __FILE__ );
|
||||
goto exit;
|
||||
}
|
||||
#endif /* AES-GCM could be alternatively implemented */
|
||||
|
||||
TEST_EQUAL( status, expected_result );
|
||||
|
||||
|
|
Loading…
Reference in a new issue