From 8359c14c14d5ac9b8a6e163319650a8751e0c926 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 24 Feb 2023 18:40:10 +0000 Subject: [PATCH] Add hash corruption test to interruptible verify test Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 25 +++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index ab39fba55..844d9bcba 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -7042,6 +7042,12 @@ exit: * 3. Test that the number of ops done prior to start and after abort is zero * and that each successful stage completes some ops (this is not mandated by * the PSA specification, but is currently the case). + * + * 4. Test that calling psa_sign_hash_get_num_ops() multiple times between + * complete() calls does not alter the number of ops returned. + * + * 5. Test that after corrupting the hash, the verification detects an invalid + * signature. */ void verify_hash_interruptible(int key_type_arg, data_t *key_data, int alg_arg, data_t *hash_data, @@ -7126,6 +7132,25 @@ void verify_hash_interruptible(int key_type_arg, data_t *key_data, num_ops = psa_verify_hash_get_num_ops(&operation); TEST_ASSERT(num_ops == 0); + if (hash_data->len != 0) { + /* Flip a bit in the hash and verify that the signature is now detected + * as invalid. Flip a bit at the beginning, not at the end, because + * ECDSA may ignore the last few bits of the input. */ + hash_data->x[0] ^= 1; + + /* Start verification. */ + PSA_ASSERT(psa_verify_hash_start(&operation, key, alg, + hash_data->x, hash_data->len, + signature_data->x, signature_data->len)); + + /* Continue performing the signature until complete. */ + do { + status = psa_verify_hash_complete(&operation); + } while (status == PSA_OPERATION_INCOMPLETE); + + TEST_ASSERT(status == PSA_ERROR_INVALID_SIGNATURE); + } + exit: psa_reset_key_attributes(&attributes); psa_destroy_key(key);