Merge branch 'development-restricted' into mbedtls-3.1.0rc-pr
diff --git a/tests/include/test/drivers/cipher.h b/tests/include/test/drivers/cipher.h
index 142f3b7..33a5e66 100644
--- a/tests/include/test/drivers/cipher.h
+++ b/tests/include/test/drivers/cipher.h
@@ -53,6 +53,7 @@
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg,
+ const uint8_t *iv, size_t iv_length,
const uint8_t *input, size_t input_length,
uint8_t *output, size_t output_size, size_t *output_length);
@@ -98,6 +99,7 @@
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg,
+ const uint8_t *iv, size_t iv_length,
const uint8_t *input, size_t input_length,
uint8_t *output, size_t output_size, size_t *output_length);
diff --git a/tests/src/drivers/test_driver_cipher.c b/tests/src/drivers/test_driver_cipher.c
index 3d1efb8..3536408 100644
--- a/tests/src/drivers/test_driver_cipher.c
+++ b/tests/src/drivers/test_driver_cipher.c
@@ -44,6 +44,8 @@
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
+ const uint8_t *iv,
+ size_t iv_length,
const uint8_t *input,
size_t input_length,
uint8_t *output,
@@ -68,19 +70,17 @@
if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
return( mbedtls_test_driver_cipher_hooks.forced_status );
- psa_generate_random( output, PSA_CIPHER_IV_LENGTH( attributes->core.type, alg ) );
-
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
return( libtestdriver1_mbedtls_psa_cipher_encrypt(
(const libtestdriver1_psa_key_attributes_t *)attributes,
key_buffer, key_buffer_size,
- alg, input, input_length,
+ alg, iv, iv_length, input, input_length,
output, output_size, output_length ) );
#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
return( mbedtls_psa_cipher_encrypt(
attributes, key_buffer, key_buffer_size,
- alg, input, input_length,
+ alg, iv, iv_length, input, input_length,
output, output_size, output_length ) );
#endif
@@ -314,6 +314,7 @@
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg,
+ const uint8_t *iv, size_t iv_length,
const uint8_t *input, size_t input_length,
uint8_t *output, size_t output_size, size_t *output_length)
{
@@ -321,6 +322,8 @@
(void) key;
(void) key_length;
(void) alg;
+ (void) iv;
+ (void) iv_length;
(void) input;
(void) input_length;
(void) output;
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index b6222b9..638a85c 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -2907,6 +2907,9 @@
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
+ psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+ uint8_t iv[1] = { 0x5a };
+ size_t iv_length;
unsigned char *output = NULL;
size_t output_buffer_size = 0;
size_t output_length = 0;
@@ -2924,6 +2927,14 @@
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
&key ) );
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
+ TEST_EQUAL( psa_cipher_set_iv( &operation, iv, sizeof( iv ) ),
+ PSA_ERROR_BAD_STATE );
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
+ TEST_EQUAL( psa_cipher_generate_iv( &operation, iv, sizeof( iv ),
+ &iv_length ),
+ PSA_ERROR_BAD_STATE );
+
PSA_ASSERT( psa_cipher_encrypt( key, alg, input->x, input->len, output,
output_buffer_size, &output_length ) );
TEST_ASSERT( output_length <=
diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
index 8b7f413..64adba9 100644
--- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function
+++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
@@ -872,6 +872,39 @@
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
&key ) );
+ /*
+ * Test encrypt failure
+ * First test that if we don't force a driver error, encryption is
+ * successfull, then force driver error.
+ */
+ status = psa_cipher_encrypt(
+ key, alg, input->x, input->len,
+ output, output_buffer_size, &function_output_length );
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
+ TEST_EQUAL( status, PSA_SUCCESS );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
+
+ mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR;
+ /* Set the output buffer in a given state. */
+ for( size_t i = 0; i < output_buffer_size; i++ )
+ output[i] = 0xa5;
+
+ status = psa_cipher_encrypt(
+ key, alg, input->x, input->len,
+ output, output_buffer_size, &function_output_length );
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
+ TEST_EQUAL( status, PSA_ERROR_GENERIC_ERROR );
+ /*
+ * Check that the output buffer is still in the same state.
+ * This will fail if the output buffer is used by the core to pass the IV
+ * it generated to the driver (and is not restored).
+ */
+ for( size_t i = 0; i < output_buffer_size; i++ )
+ {
+ TEST_EQUAL( output[i], 0xa5 );
+ }
+ mbedtls_test_driver_cipher_hooks.hits = 0;
+
/* Test setup call, encrypt */
mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR;
status = psa_cipher_encrypt_setup( &operation, key, alg );
@@ -923,10 +956,23 @@
mbedtls_test_driver_cipher_hooks.hits = 0;
mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR;
+ /* Set the output buffer in a given state. */
+ for( size_t i = 0; i < 16; i++ )
+ output[i] = 0xa5;
+
status = psa_cipher_generate_iv( &operation, output, 16, &function_output_length );
/* When generating the IV fails, it should call abort too */
TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 2 );
TEST_EQUAL( status, mbedtls_test_driver_cipher_hooks.forced_status );
+ /*
+ * Check that the output buffer is still in the same state.
+ * This will fail if the output buffer is used by the core to pass the IV
+ * it generated to the driver (and is not restored).
+ */
+ for( size_t i = 0; i < 16; i++ )
+ {
+ TEST_EQUAL( output[i], 0xa5 );
+ }
/* Failure should prevent further operations from executing on the driver */
mbedtls_test_driver_cipher_hooks.hits = 0;
status = psa_cipher_update( &operation,