From 89e54f2edcb7f9c32784eb39a3daa46d50c60867 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 10 Sep 2020 18:07:57 +0200 Subject: [PATCH] Add mock and negative testing to cipher driver Signed-off-by: Steven Cooreman --- tests/src/drivers/cipher.c | 15 +- ...test_suite_psa_crypto_driver_wrappers.data | 39 +++- ..._suite_psa_crypto_driver_wrappers.function | 175 ++++++++++++++++++ 3 files changed, 222 insertions(+), 7 deletions(-) diff --git a/tests/src/drivers/cipher.c b/tests/src/drivers/cipher.c index 2915fba68..f9106d171 100644 --- a/tests/src/drivers/cipher.c +++ b/tests/src/drivers/cipher.c @@ -296,6 +296,8 @@ psa_status_t test_transparent_cipher_decrypt_setup( psa_status_t test_transparent_cipher_abort( test_transparent_cipher_operation_t *operation) { + test_driver_cipher_hooks.hits++; + if( operation->alg == 0 ) return( PSA_SUCCESS ); if( operation->alg != PSA_ALG_CTR ) @@ -309,7 +311,6 @@ psa_status_t test_transparent_cipher_abort( * struct. */ memset( operation, 0, sizeof( *operation ) ); - test_driver_cipher_hooks.hits++; return( PSA_SUCCESS ); } @@ -325,6 +326,9 @@ psa_status_t test_transparent_cipher_generate_iv( test_driver_cipher_hooks.hits++; + if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_cipher_hooks.forced_status ); + if( operation->alg != PSA_ALG_CTR ) return( PSA_ERROR_BAD_STATE ); @@ -356,6 +360,9 @@ psa_status_t test_transparent_cipher_set_iv( test_driver_cipher_hooks.hits++; + if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_cipher_hooks.forced_status ); + if( operation->alg != PSA_ALG_CTR ) return( PSA_ERROR_BAD_STATE ); @@ -386,6 +393,9 @@ psa_status_t test_transparent_cipher_update( test_driver_cipher_hooks.hits++; + if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_cipher_hooks.forced_status ); + if( operation->alg != PSA_ALG_CTR ) return( PSA_ERROR_BAD_STATE ); @@ -425,6 +435,9 @@ psa_status_t test_transparent_cipher_finish( test_driver_cipher_hooks.hits++; + if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_cipher_hooks.forced_status ); + if( operation->alg != PSA_ALG_CTR ) return( PSA_ERROR_BAD_STATE ); diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data index 9374f28be..7b5d6bd84 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data @@ -42,27 +42,51 @@ generate_key:PSA_ERROR_GENERIC_ERROR:"":PSA_ERROR_GENERIC_ERROR PSA symmetric encrypt: AES-CTR, 16 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"8f9408fe80a81d3e813da3c7b0b2bd32":PSA_SUCCESS:PSA_SUCCESS +cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"8f9408fe80a81d3e813da3c7b0b2bd32":0:PSA_SUCCESS:PSA_SUCCESS PSA symmetric encrypt: AES-CTR, 15 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"8f9408fe80a81d3e813da3c7b0b2bd":PSA_SUCCESS:PSA_SUCCESS +cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"8f9408fe80a81d3e813da3c7b0b2bd":0:PSA_SUCCESS:PSA_SUCCESS PSA symmetric encrypt: AES-CTR, 16 bytes, fallback depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"8f9408fe80a81d3e813da3c7b0b2bd32":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS +cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"8f9408fe80a81d3e813da3c7b0b2bd32":0:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS PSA symmetric encrypt: AES-CTR, 15 bytes, fallback depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"8f9408fe80a81d3e813da3c7b0b2bd":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS +cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"8f9408fe80a81d3e813da3c7b0b2bd":0:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS + +PSA symmetric encrypt: AES-CTR, 16 bytes, fallback w/ fake +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"8f9408fe80a81d3e813da3c7b0b2bd32":1:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS + +PSA symmetric encrypt: AES-CTR, 15 bytes, fallback w/ fake +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"8f9408fe80a81d3e813da3c7b0b2bd":1:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS + +PSA symmetric encrypt: AES-CTR, 16 bytes, fake +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"d07a6a6e2687feb2":1:PSA_SUCCESS:PSA_SUCCESS + +PSA symmetric encrypt: AES-CTR, 15 bytes, fake +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"d07a6a6e2687feb2":1:PSA_SUCCESS:PSA_SUCCESS PSA symmetric decrypt: AES-CTR, 16 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_MODE_CTR -cipher_decrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"dd3b5e5319b7591daab1e1a92687feb2":PSA_SUCCESS:PSA_SUCCESS +cipher_decrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"dd3b5e5319b7591daab1e1a92687feb2":0:PSA_SUCCESS:PSA_SUCCESS PSA symmetric decrypt: AES-CTR, 16 bytes, fallback depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_MODE_CTR -cipher_decrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"dd3b5e5319b7591daab1e1a92687feb2":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS +cipher_decrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"dd3b5e5319b7591daab1e1a92687feb2":0:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS + +PSA symmetric decrypt: AES-CTR, 16 bytes, fallback w/ fake +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_MODE_CTR +cipher_decrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"dd3b5e5319b7591daab1e1a92687feb2":1:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS + +PSA symmetric decrypt: AES-CTR, 16 bytes, fake +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_MODE_CTR +cipher_decrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"d07a6a6e2687feb2":1:PSA_SUCCESS:PSA_SUCCESS PSA symmetric encryption multipart: AES-CTR, 11+5 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR @@ -135,3 +159,6 @@ cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf715880 PSA symmetric decryption multipart: AES-CTR, 16+0 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":16:16:0:"8f9408fe80a81d3e813da3c7b0b2bd32" + +Cipher driver: negative testing on all entry points +cipher_entry_points:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a" diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index b1a1ae389..af0c7eefe 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -188,6 +188,7 @@ exit: void cipher_encrypt( int alg_arg, int key_type_arg, data_t *key, data_t *iv, data_t *input, data_t *expected_output, + int mock_output_arg, int force_status_arg, int expected_status_arg ) { @@ -227,6 +228,12 @@ void cipher_encrypt( int alg_arg, int key_type_arg, PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) ); ASSERT_ALLOC( output, output_buffer_size ); + if( mock_output_arg ) + { + test_driver_cipher_hooks.forced_output = expected_output->x; + test_driver_cipher_hooks.forced_output_length = expected_output->len; + } + PSA_ASSERT( psa_cipher_update( &operation, input->x, input->len, output, output_buffer_size, @@ -234,6 +241,12 @@ void cipher_encrypt( int alg_arg, int key_type_arg, TEST_EQUAL( test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 1 : 0 ) ); test_driver_cipher_hooks.hits = 0; + if( mock_output_arg ) + { + test_driver_cipher_hooks.forced_output = NULL; + test_driver_cipher_hooks.forced_output_length = 0; + } + total_output_length += function_output_length; status = psa_cipher_finish( &operation, output + total_output_length, @@ -441,6 +454,7 @@ exit: void cipher_decrypt( int alg_arg, int key_type_arg, data_t *key, data_t *iv, data_t *input, data_t *expected_output, + int mock_output_arg, int force_status_arg, int expected_status_arg ) { @@ -480,6 +494,12 @@ void cipher_decrypt( int alg_arg, int key_type_arg, PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) ); ASSERT_ALLOC( output, output_buffer_size ); + if( mock_output_arg ) + { + test_driver_cipher_hooks.forced_output = expected_output->x; + test_driver_cipher_hooks.forced_output_length = expected_output->len; + } + PSA_ASSERT( psa_cipher_update( &operation, input->x, input->len, output, output_buffer_size, @@ -487,6 +507,12 @@ void cipher_decrypt( int alg_arg, int key_type_arg, TEST_EQUAL( test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 1 : 0 ) ); test_driver_cipher_hooks.hits = 0; + if( mock_output_arg ) + { + test_driver_cipher_hooks.forced_output = NULL; + test_driver_cipher_hooks.forced_output_length = 0; + } + total_output_length += function_output_length; status = psa_cipher_finish( &operation, output + total_output_length, @@ -515,3 +541,152 @@ exit: test_driver_cipher_hooks = test_driver_cipher_hooks_init(); } /* END_CASE */ + +/* BEGIN_CASE */ +void cipher_entry_points( int alg_arg, int key_type_arg, + data_t *key, data_t *iv, + data_t *input ) +{ + psa_key_handle_t handle = 0; + psa_status_t status; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + unsigned char *output = NULL; + size_t output_buffer_size = 0; + size_t function_output_length = 0; + psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + test_driver_cipher_hooks = test_driver_cipher_hooks_init(); + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) ); + + /* Test setup call, encrypt */ + test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; + status = psa_cipher_encrypt_setup( &operation, + handle, alg ); + /* When setup fails, it shouldn't call any further entry points */ + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); + test_driver_cipher_hooks.hits = 0; + + /* Test setup call failure, decrypt */ + status = psa_cipher_decrypt_setup( &operation, + handle, alg ); + /* When setup fails, it shouldn't call any further entry points */ + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); + test_driver_cipher_hooks.hits = 0; + + /* Test IV setting failure */ + test_driver_cipher_hooks.forced_status = PSA_SUCCESS; + status = psa_cipher_encrypt_setup( &operation, + handle, alg ); + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); + test_driver_cipher_hooks.hits = 0; + + test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; + status = psa_cipher_set_iv( &operation, iv->x, iv->len ); + /* When setting the IV fails, it should call abort too */ + TEST_EQUAL( test_driver_cipher_hooks.hits, 2 ); + TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); + psa_cipher_abort( &operation ); + test_driver_cipher_hooks.hits = 0; + + /* Test IV generation failure */ + test_driver_cipher_hooks.forced_status = PSA_SUCCESS; + status = psa_cipher_encrypt_setup( &operation, + handle, alg ); + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); + test_driver_cipher_hooks.hits = 0; + + test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; + ASSERT_ALLOC( output, 16 ); + status = psa_cipher_generate_iv( &operation, output, 16, &output_buffer_size ); + /* When setting the IV fails, it should call abort too */ + TEST_EQUAL( test_driver_cipher_hooks.hits, 2 ); + TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); + mbedtls_free( output ); + output = NULL; + psa_cipher_abort( &operation ); + test_driver_cipher_hooks.hits = 0; + + /* Test update failure */ + test_driver_cipher_hooks.forced_status = PSA_SUCCESS; + status = psa_cipher_encrypt_setup( &operation, + handle, alg ); + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); + test_driver_cipher_hooks.hits = 0; + + status = psa_cipher_set_iv( &operation, iv->x, iv->len ); + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); + test_driver_cipher_hooks.hits = 0; + + test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; + ASSERT_ALLOC( output, input->len + 16 ); + output_buffer_size = input->len + 16; + status = psa_cipher_update( &operation, + input->x, input->len, + output, output_buffer_size, + &function_output_length ); + /* When the update call fails, it should call abort too */ + TEST_EQUAL( test_driver_cipher_hooks.hits, 2 ); + TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); + mbedtls_free( output ); + output = NULL; + psa_cipher_abort( &operation ); + test_driver_cipher_hooks.hits = 0; + + /* Test finish failure */ + test_driver_cipher_hooks.forced_status = PSA_SUCCESS; + status = psa_cipher_encrypt_setup( &operation, + handle, alg ); + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); + test_driver_cipher_hooks.hits = 0; + + status = psa_cipher_set_iv( &operation, iv->x, iv->len ); + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); + test_driver_cipher_hooks.hits = 0; + + ASSERT_ALLOC( output, input->len + 16 ); + output_buffer_size = input->len + 16; + status = psa_cipher_update( &operation, + input->x, input->len, + output, output_buffer_size, + &function_output_length ); + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); + test_driver_cipher_hooks.hits = 0; + + test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; + status = psa_cipher_finish( &operation, + output + function_output_length, + output_buffer_size - function_output_length, + &function_output_length ); + /* When the finish call fails, it should call abort too */ + TEST_EQUAL( test_driver_cipher_hooks.hits, 2 ); + TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); + mbedtls_free( output ); + output = NULL; + psa_cipher_abort( &operation ); + test_driver_cipher_hooks.hits = 0; + +exit: + psa_cipher_abort( &operation ); + mbedtls_free( output ); + psa_destroy_key( handle ); + PSA_DONE( ); + test_driver_cipher_hooks = test_driver_cipher_hooks_init(); +} +/* END_CASE */