tests: psa: Add macros to skip a test case

Add macros to skip a test case when hitting a common alternative implementation limitation. Add a macro for AES-192 and GCM with a nonce length different from 12 bytes. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-11-26 02:05:39 +01:00 · 2021-02-09 20:35:42 +01:00 · 2021-02-09 20:35:42 +01:00 · 28a45ed8db
commit 28a45ed8db
parent 50f1f5e119
2 changed files with 97 additions and 40 deletions
--- a/tests/include/test/psa_crypto_helpers.h
+++ b/tests/include/test/psa_crypto_helpers.h
@ -21,6 +21,7 @@
 #ifndef PSA_CRYPTO_HELPERS_H
 #define PSA_CRYPTO_HELPERS_H

+#include "test/helpers.h"
 #include "test/psa_helpers.h"

 #include <psa/crypto.h>
@ -100,4 +101,86 @@ psa_status_t mbedtls_test_record_status( psa_status_t status,

 #endif /* defined(RECORD_PSA_STATUS_COVERAGE_LOG) */

+/** Skip a test case if the given key is an 192 bits AES key and the AES
+ *  implementation is at least partially an alternative implementation.
+ *
+ *  Call this macro in a test case when a cryptography operation that may
+ *  involve an AES operation returns with the PSA_ERROR_NOT_SUPPORTED error
+ *  code to skip and not fail the test case in case the operation involves an
+ *  192 bits AES key and the AES implementation is at least partially an
+ *  alternative implementation.
+ *
+ *  Hardware AES implementations are likely to not support 192 bits keys.
+ *  Consequently, PSA test cases aim at not failing when an AES operation with
+ *  an 192 bits key performed by an alternative AES implementation returns
+ *  with the PSA_ERROR_NOT_SUPPORTED error code. The purpose of this macro
+ *  is to facilitate this and make the related code more readable.
+ *
+ *  \param key_type  Key type
+ *  \param key_bits  Key length in number of bits.
+ */
+#if defined(MBEDTLS_AES_ALT) || \
+    defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \
+    defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES)
+#define MBEDTLS_TEST_HAVE_ALT_AES 1
+#else
+#define MBEDTLS_TEST_HAVE_ALT_AES 0
+#endif
+
+#define MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_bits )        \
+    do                                                                    \
+    {                                                                     \
+        if( ( MBEDTLS_TEST_HAVE_ALT_AES ) &&                              \
+            ( ( key_type ) == PSA_KEY_TYPE_AES ) &&                       \
+            ( key_bits == 192 ) )                                         \
+        {                                                                 \
+            mbedtls_test_skip( "AES-192 not supported", __LINE__, __FILE__ );     \
+            goto exit;                                                    \
+        }                                                                 \
+    }                                                                     \
+    while( 0 )
+
+/** Skip a test case in case of a GCM operation with a nonce length different
+ *  from 12 bytes.
+ *
+ *  Call this macro in a test case when an AEAD cryptography operation that
+ *  may involve the GCM mode returns with the PSA_ERROR_NOT_SUPPORTED error
+ *  code to skip and not fail the test case in case the operation involves the
+ *  GCM mode, a nonce with a length different from 12 bytes and the GCM mode
+ *  implementation is an alternative one.
+ *
+ *  Hardware GCM implementations are likely to not support nonce lengths
+ *  different from 12 are those imply additional computations involving the
+ *  GHASH function. Consequently, PSA test cases aim at not failing when an
+ *  AEAD operation in GCM mode with a nonce length different from 12 bytes
+ *  performed by an alternative GCM implementation returns with the
+ *  PSA_ERROR_NOT_SUPPORTED error code. The purpose of this macro is to
+ *  facilitate this and make the related code more readable.
+ *
+ *  \param  alg  The AEAD algorithm.
+ *  \param  nonce_length  The nonce length in number of bytes.
+ */
+
+#if defined(MBEDTLS_GCM_ALT) || \
+    defined(MBEDTLS_PSA_ACCEL_ALG_GCM)
+#define MBEDTLS_TEST_HAVE_ALT_GCM  1
+#else
+#define MBEDTLS_TEST_HAVE_ALT_GCM  0
+#endif
+
+#define MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg,           \
+                                                            nonce_length ) \
+    do                                                                     \
+    {                                                                      \
+        if( ( MBEDTLS_TEST_HAVE_ALT_GCM ) &&                               \
+            ( PSA_ALG_AEAD_WITH_TAG_LENGTH( ( alg ) , 0 ) ==               \
+              PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 0 ) ) &&          \
+            ( ( nonce_length ) != 12 ) )                                   \
+        {                                                                  \
+            mbedtls_test_skip( "GCM with non-12-byte IV is not supported", __LINE__, __FILE__ ); \
+            goto exit;                                                     \
+        }                                                                  \
+    }                                                                      \
+    while( 0 )
+
 #endif /* PSA_CRYPTO_HELPERS_H */
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@ -12,6 +12,8 @@
 #include "psa/crypto.h"
 #include "psa_crypto_slot_management.h"

+#include "test/psa_crypto_helpers.h"
+
 /** An invalid export length that will never be set by psa_export_key(). */
 static const size_t INVALID_EXPORT_LENGTH = ~0U;

@ -4093,28 +4095,14 @@ void aead_encrypt( int key_type_arg, data_t *key_data,
                               output_data, output_size,
                               &output_length );

-#if defined(MBEDTLS_AES_ALT) || \
-    defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \
-    defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES)
-    if( status == PSA_ERROR_NOT_SUPPORTED &&
-        key_type == PSA_KEY_TYPE_AES &&
-        key_data->len == 24 )
+    /* If the operation is not supported, just skip and not fail in case the
+     * encryption involves a common limitation of cryptography hardwares and
+     * an alternative implementation. */
+    if( status == PSA_ERROR_NOT_SUPPORTED )
    {
-        test_skip( "AES-192 not supported", __LINE__, __FILE__ );
-        goto exit;
+        MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 );
+        MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len );
    }
-#endif /* AES could be alternatively implemented */
-#if defined(MBEDTLS_GCM_ALT) || \
-    defined(MBEDTLS_PSA_ACCEL_ALG_GCM)
-    if( status == PSA_ERROR_NOT_SUPPORTED &&
-        ( PSA_ALG_AEAD_WITH_TAG_LENGTH( alg, 0 ) ==
-          PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 0 ) ) &&
-        nonce->len != 12 )
-    {
-        test_skip( "AES-GCM with non-12-byte IV is not supported", __LINE__, __FILE__ );
-        goto exit;
-    }
-#endif /* AES-GCM could be alternatively implemented */

    PSA_ASSERT( status );
    ASSERT_COMPARE( expected_result->x, expected_result->len,
@ -4172,28 +4160,14 @@ void aead_decrypt( int key_type_arg, data_t *key_data,
                               output_data, output_size,
                               &output_length );

-#if defined(MBEDTLS_AES_ALT) || \
-    defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \
-    defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES)
-    if( status == PSA_ERROR_NOT_SUPPORTED &&
-        key_type == PSA_KEY_TYPE_AES &&
-        key_data->len == 24 )
+    /* If the operation is not supported, just skip and not fail in case the
+     * decryption involves a common limitation of cryptography hardwares and
+     * an alternative implementation. */
+    if( status == PSA_ERROR_NOT_SUPPORTED )
    {
-        test_skip( "AES-192 not supported", __LINE__, __FILE__ );
-        goto exit;
+        MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 );
+        MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len );
    }
-#endif /* AES could be alternatively implemented */
-#if defined(MBEDTLS_GCM_ALT) || \
-    defined(MBEDTLS_PSA_ACCEL_ALG_GCM)
-    if( status == PSA_ERROR_NOT_SUPPORTED &&
-        ( PSA_ALG_AEAD_WITH_TAG_LENGTH( alg, 0 ) ==
-          PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 0 ) ) &&
-        nonce->len != 12 )
-    {
-        test_skip( "AES-GCM with non-12-byte IV is not supported", __LINE__, __FILE__ );
-        goto exit;
-    }
-#endif /* AES-GCM could be alternatively implemented */

    TEST_EQUAL( status, expected_result );