Merge pull request #7175 from paul-elliott-arm/interruptible_sign_hash_test_comments
Interruptible sign hash test comments
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 17984c8..f340a7f 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -4557,9 +4557,9 @@
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
interruptible_signverify_hash_state_test:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b"
-PSA sign/vrfy hash int neg tests: randomized ECDSA SECP256R1 SHA-256
+PSA sign/vrfy hash int edge case tests: randomized ECDSA SECP256R1 SHA-256
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
-interruptible_signverify_hash_negative_tests:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b"
+interruptible_signverify_hash_edgecase_tests:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b"
PSA sign/vrfy hash int max ops tests: randomized ECDSA SECP256R1 SHA-256
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 8f0ea25..ab39fba 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -6473,6 +6473,24 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */
+/**
+ * sign_hash_interruptible() test intentions:
+ *
+ * Note: This test can currently only handle ECDSA.
+ *
+ * 1. Test interruptible sign hash with known outcomes (deterministic ECDSA
+ * only).
+ *
+ * 2. Test the number of calls to psa_sign_hash_complete() required are as
+ * expected for different max_ops values.
+ *
+ * 3. Test that the number of ops done prior to start and after abort is zero
+ * and that each successful stage completes some ops (this is not mandated by
+ * the PSA specification, but is currently the case).
+ *
+ * 4. Test that calling psa_sign_hash_get_num_ops() multiple times between
+ * complete() calls does not alter the number of ops returned.
+ */
void sign_hash_interruptible(int key_type_arg, data_t *key_data,
int alg_arg, data_t *input_data,
data_t *output_data, int max_ops_arg)
@@ -6629,6 +6647,22 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */
+/**
+ * sign_hash_fail_interruptible() test intentions:
+ *
+ * Note: This test can currently only handle ECDSA.
+ *
+ * 1. Test that various failure cases for interruptible sign hash fail with the
+ * correct error codes, and at the correct point (at start or during
+ * complete).
+ *
+ * 2. Test the number of calls to psa_sign_hash_complete() required are as
+ * expected for different max_ops values.
+ *
+ * 3. Test that the number of ops done prior to start and after abort is zero
+ * and that each successful stage completes some ops (this is not mandated by
+ * the PSA specification, but is currently the case).
+ */
void sign_hash_fail_interruptible(int key_type_arg, data_t *key_data,
int alg_arg, data_t *input_data,
int signature_size_arg,
@@ -6816,6 +6850,21 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */
+/**
+ * sign_verify_hash_interruptible() test intentions:
+ *
+ * Note: This test can currently only handle ECDSA.
+ *
+ * 1. Test that we can sign an input hash with the given key and then afterwards
+ * verify that signature. This is currently the only way to test non
+ * deterministic ECDSA, but this test can also handle deterministic.
+ *
+ * 2. Test that after corrupting the hash, the verification detects an invalid
+ * signature.
+ *
+ * 3. Test the number of calls to psa_sign_hash_complete() required are as
+ * expected for different max_ops values.
+ */
void sign_verify_hash_interruptible(int key_type_arg, data_t *key_data,
int alg_arg, data_t *input_data,
int max_ops_arg)
@@ -6979,6 +7028,21 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */
+/**
+ * verify_hash_interruptible() test intentions:
+ *
+ * Note: This test can currently only handle ECDSA.
+ *
+ * 1. Test interruptible verify hash with known outcomes (deterministic ECDSA
+ * only).
+ *
+ * 2. Test the number of calls to psa_verify_hash_complete() required are as
+ * expected for different max_ops values.
+ *
+ * 3. Test that the number of ops done prior to start and after abort is zero
+ * and that each successful stage completes some ops (this is not mandated by
+ * the PSA specification, but is currently the case).
+ */
void verify_hash_interruptible(int key_type_arg, data_t *key_data,
int alg_arg, data_t *hash_data,
data_t *signature_data, int max_ops_arg)
@@ -7104,6 +7168,22 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */
+/**
+ * verify_hash_fail_interruptible() test intentions:
+ *
+ * Note: This test can currently only handle ECDSA.
+ *
+ * 1. Test that various failure cases for interruptible verify hash fail with
+ * the correct error codes, and at the correct point (at start or during
+ * complete).
+ *
+ * 2. Test the number of calls to psa_verify_hash_complete() required are as
+ * expected for different max_ops values.
+ *
+ * 3. Test that the number of ops done prior to start and after abort is zero
+ * and that each successful stage completes some ops (this is not mandated by
+ * the PSA specification, but is currently the case).
+ */
void verify_hash_fail_interruptible(int key_type_arg, data_t *key_data,
int alg_arg, data_t *hash_data,
data_t *signature_data,
@@ -7207,6 +7287,14 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */
+/**
+ * interruptible_signverify_hash_state_test() test intentions:
+ *
+ * Note: This test can currently only handle ECDSA.
+ *
+ * 1. Test that calling the various interruptible sign and verify hash functions
+ * in incorrect orders returns BAD_STATE errors.
+ */
void interruptible_signverify_hash_state_test(int key_type_arg,
data_t *key_data, int alg_arg, data_t *input_data)
{
@@ -7354,7 +7442,15 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */
-void interruptible_signverify_hash_negative_tests(int key_type_arg,
+/**
+ * interruptible_signverify_hash_edgecase_tests() test intentions:
+ *
+ * Note: This test can currently only handle ECDSA.
+ *
+ * 1. Test various edge cases in the interruptible sign and verify hash
+ * interfaces.
+ */
+void interruptible_signverify_hash_edgecase_tests(int key_type_arg,
data_t *key_data, int alg_arg, data_t *input_data)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
@@ -7505,6 +7601,14 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */
+/**
+ * interruptible_signverify_hash_maxops_tests() test intentions:
+ *
+ * Note: This test can currently only handle ECDSA.
+ *
+ * 1. Test that setting max ops is reflected in both interruptible sign and
+ * verify hash
+ */
void interruptible_signverify_hash_maxops_tests(int key_type_arg,
data_t *key_data, int alg_arg, data_t *input_data)
{