Merge branch 'development-restricted' into mbedtls-3.1.0rc-pr

This commit is contained in:
Ronald Cron 2021-12-14 10:58:18 +01:00
commit 8188d19b0e
12 changed files with 180 additions and 61 deletions

View file

@ -0,0 +1,5 @@
Security
* In psa_aead_generate_nonce(), do not read back from the output buffer.
This fixes a potential policy bypass or decryption oracle vulnerability
if the output buffer is in memory that is shared with an untrusted
application.

View file

@ -0,0 +1,5 @@
Security
* In psa_cipher_generate_iv() and psa_cipher_encrypt(), do not read back
from the output buffer. This fixes a potential policy bypass or decryption
oracle vulnerability if the output buffer is in memory that is shared with
an untrusted application.

View file

@ -0,0 +1,6 @@
Bugfix
* Fix a double-free that happened after mbedtls_ssl_set_session() or
mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED
(out of memory). After that, calling mbedtls_ssl_session_free()
and mbedtls_ssl_free() would cause an internal session buffer to
be free()'d twice.

View file

@ -3362,8 +3362,8 @@ psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation,
size_t *iv_length ) size_t *iv_length )
{ {
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
uint8_t local_iv[PSA_CIPHER_IV_MAX_SIZE];
*iv_length = 0; size_t default_iv_length;
if( operation->id == 0 ) if( operation->id == 0 )
{ {
@ -3377,28 +3377,38 @@ psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation,
goto exit; goto exit;
} }
if( iv_size < operation->default_iv_length ) default_iv_length = operation->default_iv_length;
if( iv_size < default_iv_length )
{ {
status = PSA_ERROR_BUFFER_TOO_SMALL; status = PSA_ERROR_BUFFER_TOO_SMALL;
goto exit; goto exit;
} }
status = psa_generate_random( iv, operation->default_iv_length ); if( default_iv_length > PSA_CIPHER_IV_MAX_SIZE )
{
status = PSA_ERROR_GENERIC_ERROR;
goto exit;
}
status = psa_generate_random( local_iv, default_iv_length );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
goto exit; goto exit;
status = psa_driver_wrapper_cipher_set_iv( operation, status = psa_driver_wrapper_cipher_set_iv( operation,
iv, local_iv, default_iv_length );
operation->default_iv_length );
exit: exit:
if( status == PSA_SUCCESS ) if( status == PSA_SUCCESS )
{ {
memcpy( iv, local_iv, default_iv_length );
*iv_length = default_iv_length;
operation->iv_set = 1; operation->iv_set = 1;
*iv_length = operation->default_iv_length;
} }
else else
{
*iv_length = 0;
psa_cipher_abort( operation ); psa_cipher_abort( operation );
}
return( status ); return( status );
} }
@ -3539,50 +3549,67 @@ psa_status_t psa_cipher_encrypt( mbedtls_svc_key_id_t key,
{ {
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot; psa_key_slot_t *slot = NULL;
psa_key_type_t key_type; uint8_t local_iv[PSA_CIPHER_IV_MAX_SIZE];
size_t iv_length; size_t default_iv_length = 0;
*output_length = 0;
if( ! PSA_ALG_IS_CIPHER( alg ) ) if( ! PSA_ALG_IS_CIPHER( alg ) )
return( PSA_ERROR_INVALID_ARGUMENT ); {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
status = psa_get_and_lock_key_slot_with_policy( key, &slot, status = psa_get_and_lock_key_slot_with_policy( key, &slot,
PSA_KEY_USAGE_ENCRYPT, PSA_KEY_USAGE_ENCRYPT,
alg ); alg );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
return( status ); goto exit;
psa_key_attributes_t attributes = { psa_key_attributes_t attributes = {
.core = slot->attr .core = slot->attr
}; };
key_type = slot->attr.type; default_iv_length = PSA_CIPHER_IV_LENGTH( slot->attr.type, alg );
iv_length = PSA_CIPHER_IV_LENGTH( key_type, alg ); if( default_iv_length > PSA_CIPHER_IV_MAX_SIZE )
if( iv_length > 0 )
{ {
if( output_size < iv_length ) status = PSA_ERROR_GENERIC_ERROR;
goto exit;
}
if( default_iv_length > 0 )
{
if( output_size < default_iv_length )
{ {
status = PSA_ERROR_BUFFER_TOO_SMALL; status = PSA_ERROR_BUFFER_TOO_SMALL;
goto exit; goto exit;
} }
status = psa_generate_random( output, iv_length ); status = psa_generate_random( local_iv, default_iv_length );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
goto exit; goto exit;
} }
status = psa_driver_wrapper_cipher_encrypt( status = psa_driver_wrapper_cipher_encrypt(
&attributes, slot->key.data, slot->key.bytes, &attributes, slot->key.data, slot->key.bytes,
alg, input, input_length, alg, local_iv, default_iv_length, input, input_length,
output, output_size, output_length ); output + default_iv_length, output_size - default_iv_length,
output_length );
exit: exit:
unlock_status = psa_unlock_key_slot( slot ); unlock_status = psa_unlock_key_slot( slot );
if( status == PSA_SUCCESS )
status = unlock_status;
return( ( status == PSA_SUCCESS ) ? unlock_status : status ); if( status == PSA_SUCCESS )
{
if( default_iv_length > 0 )
memcpy( output, local_iv, default_iv_length );
*output_length += default_iv_length;
}
else
*output_length = 0;
return( status );
} }
psa_status_t psa_cipher_decrypt( mbedtls_svc_key_id_t key, psa_status_t psa_cipher_decrypt( mbedtls_svc_key_id_t key,
@ -3595,18 +3622,19 @@ psa_status_t psa_cipher_decrypt( mbedtls_svc_key_id_t key,
{ {
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot; psa_key_slot_t *slot = NULL;
*output_length = 0;
if( ! PSA_ALG_IS_CIPHER( alg ) ) if( ! PSA_ALG_IS_CIPHER( alg ) )
return( PSA_ERROR_INVALID_ARGUMENT ); {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
status = psa_get_and_lock_key_slot_with_policy( key, &slot, status = psa_get_and_lock_key_slot_with_policy( key, &slot,
PSA_KEY_USAGE_DECRYPT, PSA_KEY_USAGE_DECRYPT,
alg ); alg );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
return( status ); goto exit;
psa_key_attributes_t attributes = { psa_key_attributes_t attributes = {
.core = slot->attr .core = slot->attr
@ -3630,8 +3658,13 @@ psa_status_t psa_cipher_decrypt( mbedtls_svc_key_id_t key,
exit: exit:
unlock_status = psa_unlock_key_slot( slot ); unlock_status = psa_unlock_key_slot( slot );
if( status == PSA_SUCCESS )
status = unlock_status;
return( ( status == PSA_SUCCESS ) ? unlock_status : status ); if( status != PSA_SUCCESS )
*output_length = 0;
return( status );
} }
@ -3885,6 +3918,7 @@ psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation,
size_t *nonce_length ) size_t *nonce_length )
{ {
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
uint8_t local_nonce[PSA_AEAD_NONCE_MAX_SIZE];
size_t required_nonce_size; size_t required_nonce_size;
*nonce_length = 0; *nonce_length = 0;
@ -3918,15 +3952,18 @@ psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation,
goto exit; goto exit;
} }
status = psa_generate_random( nonce, required_nonce_size ); status = psa_generate_random( local_nonce, required_nonce_size );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
goto exit; goto exit;
status = psa_aead_set_nonce( operation, nonce, required_nonce_size ); status = psa_aead_set_nonce( operation, local_nonce, required_nonce_size );
exit: exit:
if( status == PSA_SUCCESS ) if( status == PSA_SUCCESS )
{
memcpy( nonce, local_nonce, required_nonce_size );
*nonce_length = required_nonce_size; *nonce_length = required_nonce_size;
}
else else
psa_aead_abort( operation ); psa_aead_abort( operation );

View file

@ -449,6 +449,8 @@ psa_status_t mbedtls_psa_cipher_encrypt(
const uint8_t *key_buffer, const uint8_t *key_buffer,
size_t key_buffer_size, size_t key_buffer_size,
psa_algorithm_t alg, psa_algorithm_t alg,
const uint8_t *iv,
size_t iv_length,
const uint8_t *input, const uint8_t *input,
size_t input_length, size_t input_length,
uint8_t *output, uint8_t *output,
@ -457,7 +459,7 @@ psa_status_t mbedtls_psa_cipher_encrypt(
{ {
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
mbedtls_psa_cipher_operation_t operation = MBEDTLS_PSA_CIPHER_OPERATION_INIT; mbedtls_psa_cipher_operation_t operation = MBEDTLS_PSA_CIPHER_OPERATION_INIT;
size_t olength, accumulated_length; size_t update_output_length, finish_output_length;
status = mbedtls_psa_cipher_encrypt_setup( &operation, attributes, status = mbedtls_psa_cipher_encrypt_setup( &operation, attributes,
key_buffer, key_buffer_size, key_buffer, key_buffer_size,
@ -465,33 +467,27 @@ psa_status_t mbedtls_psa_cipher_encrypt(
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
goto exit; goto exit;
accumulated_length = 0; if( iv_length > 0 )
if( operation.iv_length > 0 )
{ {
status = mbedtls_psa_cipher_set_iv( &operation, status = mbedtls_psa_cipher_set_iv( &operation, iv, iv_length );
output, operation.iv_length );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
goto exit; goto exit;
accumulated_length = operation.iv_length;
} }
status = mbedtls_psa_cipher_update( &operation, input, input_length, status = mbedtls_psa_cipher_update( &operation, input, input_length,
output + operation.iv_length, output, output_size,
output_size - operation.iv_length, &update_output_length );
&olength );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
goto exit; goto exit;
accumulated_length += olength; status = mbedtls_psa_cipher_finish( &operation,
output + update_output_length,
status = mbedtls_psa_cipher_finish( &operation, output + accumulated_length, output_size - update_output_length,
output_size - accumulated_length, &finish_output_length );
&olength );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
goto exit; goto exit;
*output_length = accumulated_length + olength; *output_length = update_output_length + finish_output_length;
exit: exit:
if( status == PSA_SUCCESS ) if( status == PSA_SUCCESS )

View file

@ -213,16 +213,12 @@ psa_status_t mbedtls_psa_cipher_abort( mbedtls_psa_cipher_operation_t *operation
* \param[in] alg The cipher algorithm to compute * \param[in] alg The cipher algorithm to compute
* (\c PSA_ALG_XXX value such that * (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_CIPHER(\p alg) is true). * #PSA_ALG_IS_CIPHER(\p alg) is true).
* \param[in] input Buffer containing the message to encrypt. * \param[in] iv Buffer containing the IV for encryption. The
* \param[in] input_length Size of the \p input buffer in bytes. * IV has been generated by the core.
* \param[in] iv_length Size of the \p iv in bytes.
* \param[in] input Buffer containing the message to encrypt.
* \param[in] input_length Size of the \p input buffer in bytes.
* \param[in,out] output Buffer where the output is to be written. * \param[in,out] output Buffer where the output is to be written.
* The core has generated and written the IV
* at the beginning of this buffer before
* this function is called. The size of the IV
* is PSA_CIPHER_IV_LENGTH( key_type, alg ) where
* \c key_type is the type of the key identified
* by \p key and \p alg is the cipher algorithm
* to compute.
* \param[in] output_size Size of the \p output buffer in bytes. * \param[in] output_size Size of the \p output buffer in bytes.
* \param[out] output_length On success, the number of bytes that make up * \param[out] output_length On success, the number of bytes that make up
* the returned output. Initialized to zero * the returned output. Initialized to zero
@ -235,7 +231,7 @@ psa_status_t mbedtls_psa_cipher_abort( mbedtls_psa_cipher_operation_t *operation
* \retval #PSA_ERROR_BUFFER_TOO_SMALL * \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p output buffer is too small. * The size of the \p output buffer is too small.
* \retval #PSA_ERROR_INVALID_ARGUMENT * \retval #PSA_ERROR_INVALID_ARGUMENT
* The size of \p iv is not acceptable for the chosen algorithm, * The size \p iv_length is not acceptable for the chosen algorithm,
* or the chosen algorithm does not use an IV. * or the chosen algorithm does not use an IV.
* The total input size passed to this operation is not valid for * The total input size passed to this operation is not valid for
* this particular algorithm. For example, the algorithm is a based * this particular algorithm. For example, the algorithm is a based
@ -249,6 +245,8 @@ psa_status_t mbedtls_psa_cipher_encrypt( const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, const uint8_t *key_buffer,
size_t key_buffer_size, size_t key_buffer_size,
psa_algorithm_t alg, psa_algorithm_t alg,
const uint8_t *iv,
size_t iv_length,
const uint8_t *input, const uint8_t *input,
size_t input_length, size_t input_length,
uint8_t *output, uint8_t *output,

View file

@ -873,6 +873,8 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
const uint8_t *key_buffer, const uint8_t *key_buffer,
size_t key_buffer_size, size_t key_buffer_size,
psa_algorithm_t alg, psa_algorithm_t alg,
const uint8_t *iv,
size_t iv_length,
const uint8_t *input, const uint8_t *input,
size_t input_length, size_t input_length,
uint8_t *output, uint8_t *output,
@ -894,6 +896,8 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
key_buffer, key_buffer,
key_buffer_size, key_buffer_size,
alg, alg,
iv,
iv_length,
input, input,
input_length, input_length,
output, output,
@ -910,6 +914,8 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
key_buffer, key_buffer,
key_buffer_size, key_buffer_size,
alg, alg,
iv,
iv_length,
input, input,
input_length, input_length,
output, output,
@ -927,6 +933,8 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
key_buffer, key_buffer,
key_buffer_size, key_buffer_size,
alg, alg,
iv,
iv_length,
input, input,
input_length, input_length,
output, output,

View file

@ -119,6 +119,8 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
const uint8_t *key_buffer, const uint8_t *key_buffer,
size_t key_buffer_size, size_t key_buffer_size,
psa_algorithm_t alg, psa_algorithm_t alg,
const uint8_t *iv,
size_t iv_length,
const uint8_t *input, const uint8_t *input,
size_t input_length, size_t input_length,
uint8_t *output, uint8_t *output,

View file

@ -53,6 +53,7 @@ psa_status_t mbedtls_test_transparent_cipher_encrypt(
const psa_key_attributes_t *attributes, const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length, const uint8_t *key, size_t key_length,
psa_algorithm_t alg, psa_algorithm_t alg,
const uint8_t *iv, size_t iv_length,
const uint8_t *input, size_t input_length, const uint8_t *input, size_t input_length,
uint8_t *output, size_t output_size, size_t *output_length); uint8_t *output, size_t output_size, size_t *output_length);
@ -98,6 +99,7 @@ psa_status_t mbedtls_test_opaque_cipher_encrypt(
const psa_key_attributes_t *attributes, const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length, const uint8_t *key, size_t key_length,
psa_algorithm_t alg, psa_algorithm_t alg,
const uint8_t *iv, size_t iv_length,
const uint8_t *input, size_t input_length, const uint8_t *input, size_t input_length,
uint8_t *output, size_t output_size, size_t *output_length); uint8_t *output, size_t output_size, size_t *output_length);

View file

@ -44,6 +44,8 @@ psa_status_t mbedtls_test_transparent_cipher_encrypt(
const uint8_t *key_buffer, const uint8_t *key_buffer,
size_t key_buffer_size, size_t key_buffer_size,
psa_algorithm_t alg, psa_algorithm_t alg,
const uint8_t *iv,
size_t iv_length,
const uint8_t *input, const uint8_t *input,
size_t input_length, size_t input_length,
uint8_t *output, uint8_t *output,
@ -68,19 +70,17 @@ psa_status_t mbedtls_test_transparent_cipher_encrypt(
if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
return( mbedtls_test_driver_cipher_hooks.forced_status ); return( mbedtls_test_driver_cipher_hooks.forced_status );
psa_generate_random( output, PSA_CIPHER_IV_LENGTH( attributes->core.type, alg ) );
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
return( libtestdriver1_mbedtls_psa_cipher_encrypt( return( libtestdriver1_mbedtls_psa_cipher_encrypt(
(const libtestdriver1_psa_key_attributes_t *)attributes, (const libtestdriver1_psa_key_attributes_t *)attributes,
key_buffer, key_buffer_size, key_buffer, key_buffer_size,
alg, input, input_length, alg, iv, iv_length, input, input_length,
output, output_size, output_length ) ); output, output_size, output_length ) );
#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) #elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
return( mbedtls_psa_cipher_encrypt( return( mbedtls_psa_cipher_encrypt(
attributes, key_buffer, key_buffer_size, attributes, key_buffer, key_buffer_size,
alg, input, input_length, alg, iv, iv_length, input, input_length,
output, output_size, output_length ) ); output, output_size, output_length ) );
#endif #endif
@ -314,6 +314,7 @@ psa_status_t mbedtls_test_opaque_cipher_encrypt(
const psa_key_attributes_t *attributes, const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length, const uint8_t *key, size_t key_length,
psa_algorithm_t alg, psa_algorithm_t alg,
const uint8_t *iv, size_t iv_length,
const uint8_t *input, size_t input_length, const uint8_t *input, size_t input_length,
uint8_t *output, size_t output_size, size_t *output_length) uint8_t *output, size_t output_size, size_t *output_length)
{ {
@ -321,6 +322,8 @@ psa_status_t mbedtls_test_opaque_cipher_encrypt(
(void) key; (void) key;
(void) key_length; (void) key_length;
(void) alg; (void) alg;
(void) iv;
(void) iv_length;
(void) input; (void) input;
(void) input_length; (void) input_length;
(void) output; (void) output;

View file

@ -2907,6 +2907,9 @@ void cipher_encrypt_alg_without_iv( int alg_arg,
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg; psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg; psa_algorithm_t alg = alg_arg;
psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
uint8_t iv[1] = { 0x5a };
size_t iv_length;
unsigned char *output = NULL; unsigned char *output = NULL;
size_t output_buffer_size = 0; size_t output_buffer_size = 0;
size_t output_length = 0; size_t output_length = 0;
@ -2924,6 +2927,14 @@ void cipher_encrypt_alg_without_iv( int alg_arg,
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
&key ) ); &key ) );
PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
TEST_EQUAL( psa_cipher_set_iv( &operation, iv, sizeof( iv ) ),
PSA_ERROR_BAD_STATE );
PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
TEST_EQUAL( psa_cipher_generate_iv( &operation, iv, sizeof( iv ),
&iv_length ),
PSA_ERROR_BAD_STATE );
PSA_ASSERT( psa_cipher_encrypt( key, alg, input->x, input->len, output, PSA_ASSERT( psa_cipher_encrypt( key, alg, input->x, input->len, output,
output_buffer_size, &output_length ) ); output_buffer_size, &output_length ) );
TEST_ASSERT( output_length <= TEST_ASSERT( output_length <=

View file

@ -872,6 +872,39 @@ void cipher_entry_points( int alg_arg, int key_type_arg,
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
&key ) ); &key ) );
/*
* Test encrypt failure
* First test that if we don't force a driver error, encryption is
* successfull, then force driver error.
*/
status = psa_cipher_encrypt(
key, alg, input->x, input->len,
output, output_buffer_size, &function_output_length );
TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
TEST_EQUAL( status, PSA_SUCCESS );
mbedtls_test_driver_cipher_hooks.hits = 0;
mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR;
/* Set the output buffer in a given state. */
for( size_t i = 0; i < output_buffer_size; i++ )
output[i] = 0xa5;
status = psa_cipher_encrypt(
key, alg, input->x, input->len,
output, output_buffer_size, &function_output_length );
TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
TEST_EQUAL( status, PSA_ERROR_GENERIC_ERROR );
/*
* Check that the output buffer is still in the same state.
* This will fail if the output buffer is used by the core to pass the IV
* it generated to the driver (and is not restored).
*/
for( size_t i = 0; i < output_buffer_size; i++ )
{
TEST_EQUAL( output[i], 0xa5 );
}
mbedtls_test_driver_cipher_hooks.hits = 0;
/* Test setup call, encrypt */ /* Test setup call, encrypt */
mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR;
status = psa_cipher_encrypt_setup( &operation, key, alg ); status = psa_cipher_encrypt_setup( &operation, key, alg );
@ -923,10 +956,23 @@ void cipher_entry_points( int alg_arg, int key_type_arg,
mbedtls_test_driver_cipher_hooks.hits = 0; mbedtls_test_driver_cipher_hooks.hits = 0;
mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR;
/* Set the output buffer in a given state. */
for( size_t i = 0; i < 16; i++ )
output[i] = 0xa5;
status = psa_cipher_generate_iv( &operation, output, 16, &function_output_length ); status = psa_cipher_generate_iv( &operation, output, 16, &function_output_length );
/* When generating the IV fails, it should call abort too */ /* When generating the IV fails, it should call abort too */
TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 2 ); TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 2 );
TEST_EQUAL( status, mbedtls_test_driver_cipher_hooks.forced_status ); TEST_EQUAL( status, mbedtls_test_driver_cipher_hooks.forced_status );
/*
* Check that the output buffer is still in the same state.
* This will fail if the output buffer is used by the core to pass the IV
* it generated to the driver (and is not restored).
*/
for( size_t i = 0; i < 16; i++ )
{
TEST_EQUAL( output[i], 0xa5 );
}
/* Failure should prevent further operations from executing on the driver */ /* Failure should prevent further operations from executing on the driver */
mbedtls_test_driver_cipher_hooks.hits = 0; mbedtls_test_driver_cipher_hooks.hits = 0;
status = psa_cipher_update( &operation, status = psa_cipher_update( &operation,