Refactoring: prepare to create mbedtls_test_ssl_prepare_record_mac()
No semantic change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/tests/suites/test_suite_ssl_decrypt.function b/tests/suites/test_suite_ssl_decrypt.function
index 84abe2f..01cee61 100644
--- a/tests/suites/test_suite_ssl_decrypt.function
+++ b/tests/suites/test_suite_ssl_decrypt.function
@@ -40,13 +40,8 @@
size_t buflen, olen = 0;
size_t plaintext_len, block_size, i;
unsigned char padlen; /* excluding the padding_length byte */
- unsigned char add_data[13];
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
- size_t sign_mac_length = 0;
- unsigned char mac[PSA_HASH_MAX_SIZE];
-#else
- unsigned char mac[MBEDTLS_MD_MAX_SIZE];
#endif
int exp_ret;
int ret;
@@ -111,14 +106,6 @@
rec.data_len = plaintext_len;
memset(rec.buf + rec.data_offset, 42, rec.data_len);
- /* Serialized version of record header for MAC purposes */
- memcpy(add_data, rec.ctr, 8);
- add_data[8] = rec.type;
- add_data[9] = rec.ver[0];
- add_data[10] = rec.ver[1];
- add_data[11] = (rec.data_len >> 8) & 0xff;
- add_data[12] = (rec.data_len >> 0) & 0xff;
-
/* Set dummy IV */
memset(t0.iv_enc, 0x55, t0.ivlen);
memcpy(rec.buf, t0.iv_enc, t0.ivlen);
@@ -126,29 +113,48 @@
/*
* Prepare a pre-encryption record (with MAC and padding), and save it.
*/
+ mbedtls_ssl_transform *transform_out = &t0;
+ mbedtls_record *record = &rec;
+
+ /* Serialized version of record header for MAC purposes */
+ unsigned char add_data[13];
+ memcpy(add_data, record->ctr, 8);
+ add_data[8] = record->type;
+ add_data[9] = record->ver[0];
+ add_data[10] = record->ver[1];
+ add_data[11] = (record->data_len >> 8) & 0xff;
+ add_data[12] = (record->data_len >> 0) & 0xff;
/* MAC with additional data */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ size_t sign_mac_length = 0;
TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_setup(&operation,
- t0.psa_mac_enc,
- t0.psa_mac_alg));
+ transform_out->psa_mac_enc,
+ transform_out->psa_mac_alg));
TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation, add_data, 13));
TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation,
- rec.buf + rec.data_offset,
- rec.data_len));
+ record->buf + record->data_offset,
+ record->data_len));
+ /* Use a temporary buffer for the MAC, because with the truncated HMAC
+ * extension, there might not be enough room in the record for the
+ * full-length MAC. */
+ unsigned char mac[PSA_HASH_MAX_SIZE];
TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_finish(&operation,
mac, sizeof(mac),
&sign_mac_length));
#else
- TEST_EQUAL(0, mbedtls_md_hmac_update(&t0.md_ctx_enc, add_data, 13));
- TEST_EQUAL(0, mbedtls_md_hmac_update(&t0.md_ctx_enc,
- rec.buf + rec.data_offset,
- rec.data_len));
- TEST_EQUAL(0, mbedtls_md_hmac_finish(&t0.md_ctx_enc, mac));
+ TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc, add_data, 13));
+ TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc,
+ record->buf + record->data_offset,
+ record->data_len));
+ /* Use a temporary buffer for the MAC, because with the truncated HMAC
+ * extension, there might not be enough room in the record for the
+ * full-length MAC. */
+ unsigned char mac[MBEDTLS_MD_MAX_SIZE];
+ TEST_EQUAL(0, mbedtls_md_hmac_finish(&transform_out->md_ctx_enc, mac));
#endif
-
- memcpy(rec.buf + rec.data_offset + rec.data_len, mac, t0.maclen);
- rec.data_len += t0.maclen;
+ memcpy(record->buf + record->data_offset + record->data_len, mac, transform_out->maclen);
+ record->data_len += transform_out->maclen;
/* Pad */
memset(rec.buf + rec.data_offset + rec.data_len, padlen, padlen + 1);