diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index b97263d59..df3bc0e08 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -21,6 +21,7 @@ #ifndef PSA_CRYPTO_HELPERS_H #define PSA_CRYPTO_HELPERS_H +#include "test/helpers.h" #include "test/psa_helpers.h" #include @@ -100,4 +101,86 @@ psa_status_t mbedtls_test_record_status( psa_status_t status, #endif /* defined(RECORD_PSA_STATUS_COVERAGE_LOG) */ +/** Skip a test case if the given key is an 192 bits AES key and the AES + * implementation is at least partially an alternative implementation. + * + * Call this macro in a test case when a cryptography operation that may + * involve an AES operation returns with the PSA_ERROR_NOT_SUPPORTED error + * code to skip and not fail the test case in case the operation involves an + * 192 bits AES key and the AES implementation is at least partially an + * alternative implementation. + * + * Hardware AES implementations are likely to not support 192 bits keys. + * Consequently, PSA test cases aim at not failing when an AES operation with + * an 192 bits key performed by an alternative AES implementation returns + * with the PSA_ERROR_NOT_SUPPORTED error code. The purpose of this macro + * is to facilitate this and make the related code more readable. + * + * \param key_type Key type + * \param key_bits Key length in number of bits. + */ +#if defined(MBEDTLS_AES_ALT) || \ + defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) +#define MBEDTLS_TEST_HAVE_ALT_AES 1 +#else +#define MBEDTLS_TEST_HAVE_ALT_AES 0 +#endif + +#define MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_bits ) \ + do \ + { \ + if( ( MBEDTLS_TEST_HAVE_ALT_AES ) && \ + ( ( key_type ) == PSA_KEY_TYPE_AES ) && \ + ( key_bits == 192 ) ) \ + { \ + mbedtls_test_skip( "AES-192 not supported", __LINE__, __FILE__ ); \ + goto exit; \ + } \ + } \ + while( 0 ) + +/** Skip a test case in case of a GCM operation with a nonce length different + * from 12 bytes. + * + * Call this macro in a test case when an AEAD cryptography operation that + * may involve the GCM mode returns with the PSA_ERROR_NOT_SUPPORTED error + * code to skip and not fail the test case in case the operation involves the + * GCM mode, a nonce with a length different from 12 bytes and the GCM mode + * implementation is an alternative one. + * + * Hardware GCM implementations are likely to not support nonce lengths + * different from 12 are those imply additional computations involving the + * GHASH function. Consequently, PSA test cases aim at not failing when an + * AEAD operation in GCM mode with a nonce length different from 12 bytes + * performed by an alternative GCM implementation returns with the + * PSA_ERROR_NOT_SUPPORTED error code. The purpose of this macro is to + * facilitate this and make the related code more readable. + * + * \param alg The AEAD algorithm. + * \param nonce_length The nonce length in number of bytes. + */ + +#if defined(MBEDTLS_GCM_ALT) || \ + defined(MBEDTLS_PSA_ACCEL_ALG_GCM) +#define MBEDTLS_TEST_HAVE_ALT_GCM 1 +#else +#define MBEDTLS_TEST_HAVE_ALT_GCM 0 +#endif + +#define MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, \ + nonce_length ) \ + do \ + { \ + if( ( MBEDTLS_TEST_HAVE_ALT_GCM ) && \ + ( PSA_ALG_AEAD_WITH_TAG_LENGTH( ( alg ) , 0 ) == \ + PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 0 ) ) && \ + ( ( nonce_length ) != 12 ) ) \ + { \ + mbedtls_test_skip( "GCM with non-12-byte IV is not supported", __LINE__, __FILE__ ); \ + goto exit; \ + } \ + } \ + while( 0 ) + #endif /* PSA_CRYPTO_HELPERS_H */ diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index b68eb7c6f..dbcdb3f3b 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -12,6 +12,8 @@ #include "psa/crypto.h" #include "psa_crypto_slot_management.h" +#include "test/psa_crypto_helpers.h" + /** An invalid export length that will never be set by psa_export_key(). */ static const size_t INVALID_EXPORT_LENGTH = ~0U; @@ -4093,28 +4095,14 @@ void aead_encrypt( int key_type_arg, data_t *key_data, output_data, output_size, &output_length ); -#if defined(MBEDTLS_AES_ALT) || \ - defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) - if( status == PSA_ERROR_NOT_SUPPORTED && - key_type == PSA_KEY_TYPE_AES && - key_data->len == 24 ) + /* If the operation is not supported, just skip and not fail in case the + * encryption involves a common limitation of cryptography hardwares and + * an alternative implementation. */ + if( status == PSA_ERROR_NOT_SUPPORTED ) { - test_skip( "AES-192 not supported", __LINE__, __FILE__ ); - goto exit; + MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); + MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len ); } -#endif /* AES could be alternatively implemented */ -#if defined(MBEDTLS_GCM_ALT) || \ - defined(MBEDTLS_PSA_ACCEL_ALG_GCM) - if( status == PSA_ERROR_NOT_SUPPORTED && - ( PSA_ALG_AEAD_WITH_TAG_LENGTH( alg, 0 ) == - PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 0 ) ) && - nonce->len != 12 ) - { - test_skip( "AES-GCM with non-12-byte IV is not supported", __LINE__, __FILE__ ); - goto exit; - } -#endif /* AES-GCM could be alternatively implemented */ PSA_ASSERT( status ); ASSERT_COMPARE( expected_result->x, expected_result->len, @@ -4172,28 +4160,14 @@ void aead_decrypt( int key_type_arg, data_t *key_data, output_data, output_size, &output_length ); -#if defined(MBEDTLS_AES_ALT) || \ - defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) - if( status == PSA_ERROR_NOT_SUPPORTED && - key_type == PSA_KEY_TYPE_AES && - key_data->len == 24 ) + /* If the operation is not supported, just skip and not fail in case the + * decryption involves a common limitation of cryptography hardwares and + * an alternative implementation. */ + if( status == PSA_ERROR_NOT_SUPPORTED ) { - test_skip( "AES-192 not supported", __LINE__, __FILE__ ); - goto exit; + MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); + MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len ); } -#endif /* AES could be alternatively implemented */ -#if defined(MBEDTLS_GCM_ALT) || \ - defined(MBEDTLS_PSA_ACCEL_ALG_GCM) - if( status == PSA_ERROR_NOT_SUPPORTED && - ( PSA_ALG_AEAD_WITH_TAG_LENGTH( alg, 0 ) == - PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 0 ) ) && - nonce->len != 12 ) - { - test_skip( "AES-GCM with non-12-byte IV is not supported", __LINE__, __FILE__ ); - goto exit; - } -#endif /* AES-GCM could be alternatively implemented */ TEST_EQUAL( status, expected_result );