cipher_encrypt_alg_without_iv: validate size macros independently

Validate the size macros directly from the output length in the test data,
rather than using the value returned by the library. This is equivalent
since the value returned by the library is checked to be identical.

Enforce that SIZE() <= MAX_SIZE(), in addition to length <= SIZE(). This is
stronger than the previous code which merely enforced length <= SIZE() and
length <= MAX_SIZE().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2022-04-20 16:55:03 +02:00
parent 4a83c1047f
commit 5f50420dc8

View File

@ -2611,24 +2611,33 @@ void cipher_encrypt_alg_without_iv( int alg_arg,
PSA_ASSERT( psa_crypto_init( ) ); PSA_ASSERT( psa_crypto_init( ) );
/* Validate size macros */
TEST_ASSERT( expected_output->len <=
PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len ) );
TEST_ASSERT( PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len ) <=
PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) );
/* Set up key and output buffer */
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
psa_set_key_algorithm( &attributes, alg ); psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type ); psa_set_key_type( &attributes, key_type );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
&key ) );
output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len ); output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len );
ASSERT_ALLOC( output, output_buffer_size ); ASSERT_ALLOC( output, output_buffer_size );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, /* set_iv() is not allowed */
&key ) );
PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
TEST_EQUAL( psa_cipher_set_iv( &operation, iv, sizeof( iv ) ), TEST_EQUAL( psa_cipher_set_iv( &operation, iv, sizeof( iv ) ),
PSA_ERROR_BAD_STATE ); PSA_ERROR_BAD_STATE );
/* generate_iv() is not allowed */
PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
TEST_EQUAL( psa_cipher_generate_iv( &operation, iv, sizeof( iv ), TEST_EQUAL( psa_cipher_generate_iv( &operation, iv, sizeof( iv ),
&iv_length ), &iv_length ),
PSA_ERROR_BAD_STATE ); PSA_ERROR_BAD_STATE );
/* One-shot encryption */
PSA_ASSERT( psa_cipher_encrypt( key, alg, input->x, input->len, output, PSA_ASSERT( psa_cipher_encrypt( key, alg, input->x, input->len, output,
output_buffer_size, &output_length ) ); output_buffer_size, &output_length ) );
TEST_ASSERT( output_length <= TEST_ASSERT( output_length <=
@ -2638,8 +2647,10 @@ void cipher_encrypt_alg_without_iv( int alg_arg,
ASSERT_COMPARE( expected_output->x, expected_output->len, ASSERT_COMPARE( expected_output->x, expected_output->len,
output, output_length ); output, output_length );
exit: exit:
mbedtls_free( output ); mbedtls_free( output );
psa_cipher_abort( &operation );
psa_destroy_key( key ); psa_destroy_key( key );
PSA_DONE( ); PSA_DONE( );
} }