Refactoring: create mbedtls_test_ssl_prepare_record_mac()
No semantic change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h
index 1f160c7..ddbd6a3 100644
--- a/tests/include/test/ssl_helpers.h
+++ b/tests/include/test/ssl_helpers.h
@@ -516,6 +516,27 @@
size_t cid0_len,
size_t cid1_len);
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
+/**
+ * \param[in,out] record The record to prepare.
+ * It must contain the data to MAC at offset
+ * `record->data_offset`, of length
+ * `record->data_length`.
+ * On success, write the MAC immediately
+ * after the data and increment
+ * `record->data_length` accordingly.
+ * \param[in,out] transform_out The out transform, typically prepared by
+ * mbedtls_test_ssl_build_transforms().
+ * Its HMAC context may be used. Other than that
+ * it is treated as an input parameter.
+ *
+ * \return 0 on success, an `MBEDTLS_ERR_xxx` error code
+ * or -1 on error.
+ */
+int mbedtls_test_ssl_prepare_record_mac(mbedtls_record *record,
+ mbedtls_ssl_transform *transform_out);
+#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
+
/*
* Populate a session structure for serialization tests.
* Choose dummy values, mostly non-0 to distinguish from the init default.
diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c
index 9144d85..5c305cb 100644
--- a/tests/src/test_helpers/ssl_helpers.c
+++ b/tests/src/test_helpers/ssl_helpers.c
@@ -1467,6 +1467,64 @@
return ret;
}
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
+int mbedtls_test_ssl_prepare_record_mac(mbedtls_record *record,
+ mbedtls_ssl_transform *transform_out)
+{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+#endif
+
+ /* Serialized version of record header for MAC purposes */
+ unsigned char add_data[13];
+ memcpy(add_data, record->ctr, 8);
+ add_data[8] = record->type;
+ add_data[9] = record->ver[0];
+ add_data[10] = record->ver[1];
+ add_data[11] = (record->data_len >> 8) & 0xff;
+ add_data[12] = (record->data_len >> 0) & 0xff;
+
+ /* MAC with additional data */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ size_t sign_mac_length = 0;
+ TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_setup(&operation,
+ transform_out->psa_mac_enc,
+ transform_out->psa_mac_alg));
+ TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation, add_data, 13));
+ TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation,
+ record->buf + record->data_offset,
+ record->data_len));
+ /* Use a temporary buffer for the MAC, because with the truncated HMAC
+ * extension, there might not be enough room in the record for the
+ * full-length MAC. */
+ unsigned char mac[PSA_HASH_MAX_SIZE];
+ TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_finish(&operation,
+ mac, sizeof(mac),
+ &sign_mac_length));
+#else
+ TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc, add_data, 13));
+ TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc,
+ record->buf + record->data_offset,
+ record->data_len));
+ /* Use a temporary buffer for the MAC, because with the truncated HMAC
+ * extension, there might not be enough room in the record for the
+ * full-length MAC. */
+ unsigned char mac[MBEDTLS_MD_MAX_SIZE];
+ TEST_EQUAL(0, mbedtls_md_hmac_finish(&transform_out->md_ctx_enc, mac));
+#endif
+ memcpy(record->buf + record->data_offset + record->data_len, mac, transform_out->maclen);
+ record->data_len += transform_out->maclen;
+
+ return 0;
+
+exit:
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_mac_abort(&operation);
+#endif
+ return -1;
+}
+#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
+
int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session,
int ticket_len,
const char *crt_file)
diff --git a/tests/suites/test_suite_ssl_decrypt.function b/tests/suites/test_suite_ssl_decrypt.function
index 8b7082a..048093f 100644
--- a/tests/suites/test_suite_ssl_decrypt.function
+++ b/tests/suites/test_suite_ssl_decrypt.function
@@ -40,9 +40,6 @@
size_t buflen, olen = 0;
size_t plaintext_len, block_size, i;
unsigned char padlen; /* excluding the padding_length byte */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
-#endif
int exp_ret;
int ret;
const unsigned char pad_max_len = 255; /* Per the standard */
@@ -113,48 +110,7 @@
/*
* Prepare a pre-encryption record (with MAC and padding), and save it.
*/
- mbedtls_ssl_transform *transform_out = &t0;
- mbedtls_record *record = &rec;
-
- /* Serialized version of record header for MAC purposes */
- unsigned char add_data[13];
- memcpy(add_data, record->ctr, 8);
- add_data[8] = record->type;
- add_data[9] = record->ver[0];
- add_data[10] = record->ver[1];
- add_data[11] = (record->data_len >> 8) & 0xff;
- add_data[12] = (record->data_len >> 0) & 0xff;
-
- /* MAC with additional data */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- size_t sign_mac_length = 0;
- TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_setup(&operation,
- transform_out->psa_mac_enc,
- transform_out->psa_mac_alg));
- TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation, add_data, 13));
- TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation,
- record->buf + record->data_offset,
- record->data_len));
- /* Use a temporary buffer for the MAC, because with the truncated HMAC
- * extension, there might not be enough room in the record for the
- * full-length MAC. */
- unsigned char mac[PSA_HASH_MAX_SIZE];
- TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_finish(&operation,
- mac, sizeof(mac),
- &sign_mac_length));
-#else
- TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc, add_data, 13));
- TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc,
- record->buf + record->data_offset,
- record->data_len));
- /* Use a temporary buffer for the MAC, because with the truncated HMAC
- * extension, there might not be enough room in the record for the
- * full-length MAC. */
- unsigned char mac[MBEDTLS_MD_MAX_SIZE];
- TEST_EQUAL(0, mbedtls_md_hmac_finish(&transform_out->md_ctx_enc, mac));
-#endif
- memcpy(record->buf + record->data_offset + record->data_len, mac, transform_out->maclen);
- record->data_len += transform_out->maclen;
+ TEST_EQUAL(0, mbedtls_test_ssl_prepare_record_mac(&rec, &t0));
/* Pad */
memset(rec.buf + rec.data_offset + rec.data_len, padlen, padlen + 1);
@@ -239,9 +195,6 @@
}
exit:
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_mac_abort(&operation);
-#endif
mbedtls_ssl_free(&ssl);
mbedtls_ssl_transform_free(&t0);
mbedtls_ssl_transform_free(&t1);