Merge pull request #7177 from paul-elliott-arm/interruptible_sign_hash_improve_num_ops_testing

Interruptible sign hash improve num ops testing
2025-05-09 11:21:21 +08:00 · 2023-03-01 14:59:44 +00:00 · 2023-03-01 14:59:44 +00:00 · ebf2e38662
commit ebf2e38662
parent d1cddff71a c1e0400bac
2 changed files with 120 additions and 40 deletions
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@ -4561,9 +4561,9 @@ PSA sign/vrfy hash int edge case tests: randomized ECDSA SECP256R1 SHA-256
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
 interruptible_signverify_hash_edgecase_tests:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b"
-PSA sign/vrfy hash int max ops tests: randomized ECDSA SECP256R1 SHA-256
+PSA sign/vrfy hash int ops tests: randomized ECDSA SECP256R1 SHA-256
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
-interruptible_signverify_hash_maxops_tests:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b"
+interruptible_signverify_hash_ops_tests:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b"
 PSA sign message: RSA PKCS#1 v1.5 SHA-256
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@ -7487,41 +7487,6 @@ void interruptible_signverify_hash_edgecase_tests(int key_type_arg,
    TEST_LE_U(signature_size, PSA_SIGNATURE_MAX_SIZE);
    ASSERT_ALLOC(signature, signature_size);
    /* --- Ensure changing the max ops mid operation works (operation should
     *     complete successfully after setting max ops to unlimited --- */
    psa_interruptible_set_max_ops(1);
    PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg,
                                   input_data->x, input_data->len));
    TEST_EQUAL(psa_sign_hash_complete(&sign_operation, signature,
                                      signature_size,
                                      &signature_length),
               PSA_OPERATION_INCOMPLETE);
    psa_interruptible_set_max_ops(PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED);
    PSA_ASSERT(psa_sign_hash_complete(&sign_operation, signature,
                                      signature_size,
                                      &signature_length));
    PSA_ASSERT(psa_sign_hash_abort(&sign_operation));
    psa_interruptible_set_max_ops(1);
    PSA_ASSERT(psa_verify_hash_start(&verify_operation, key, alg,
                                     input_data->x, input_data->len,
                                     signature, signature_length));
    TEST_EQUAL(psa_verify_hash_complete(&verify_operation),
               PSA_OPERATION_INCOMPLETE);
    psa_interruptible_set_max_ops(PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED);
    PSA_ASSERT(psa_verify_hash_complete(&verify_operation));
    PSA_ASSERT(psa_verify_hash_abort(&verify_operation));
    /* --- Change function inputs mid run, to cause an error (sign only,
     *     verify passes all inputs to start. --- */
@ -7602,15 +7567,21 @@ exit:
 /* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */
 /**
- * interruptible_signverify_hash_maxops_tests() test intentions:
+ * interruptible_signverify_hash_ops_tests() test intentions:
 *
 * Note: This test can currently only handle ECDSA.
 *
 * 1. Test that setting max ops is reflected in both interruptible sign and
 *    verify hash
 * 2. Test that changing the value of max_ops to unlimited during an operation
 *    causes that operation to complete in the next call.
 *
 * 3. Test that calling get_num_ops() between complete calls gives the same
 *    result as calling get_num_ops() once at the end of the operation.
 */
-void interruptible_signverify_hash_maxops_tests(int key_type_arg,
+void interruptible_signverify_hash_ops_tests(int key_type_arg,
-                                                data_t *key_data, int alg_arg, data_t *input_data)
+                                             data_t *key_data, int alg_arg,
                                             data_t *input_data)
 {
    mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
    psa_key_type_t key_type = key_type_arg;
@ -7619,6 +7590,10 @@ void interruptible_signverify_hash_maxops_tests(int key_type_arg,
    size_t key_bits;
    unsigned char *signature = NULL;
    size_t signature_size;
    size_t signature_length = 0xdeadbeef;
    uint32_t num_ops = 0;
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
    psa_sign_hash_interruptible_operation_t sign_operation =
        psa_sign_hash_interruptible_operation_init();
    psa_verify_hash_interruptible_operation_t verify_operation =
@ -7667,6 +7642,111 @@ void interruptible_signverify_hash_maxops_tests(int key_type_arg,
    TEST_EQUAL(psa_interruptible_get_max_ops(), 0xbeef);
    /* --- Ensure changing the max ops mid operation works (operation should
     *     complete successfully after setting max ops to unlimited --- */
    psa_interruptible_set_max_ops(1);
    PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg,
                                   input_data->x, input_data->len));
    TEST_EQUAL(psa_sign_hash_complete(&sign_operation, signature,
                                      signature_size,
                                      &signature_length),
               PSA_OPERATION_INCOMPLETE);
    psa_interruptible_set_max_ops(PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED);
    PSA_ASSERT(psa_sign_hash_complete(&sign_operation, signature,
                                      signature_size,
                                      &signature_length));
    PSA_ASSERT(psa_sign_hash_abort(&sign_operation));
    psa_interruptible_set_max_ops(1);
    PSA_ASSERT(psa_verify_hash_start(&verify_operation, key, alg,
                                     input_data->x, input_data->len,
                                     signature, signature_length));
    TEST_EQUAL(psa_verify_hash_complete(&verify_operation),
               PSA_OPERATION_INCOMPLETE);
    psa_interruptible_set_max_ops(PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED);
    PSA_ASSERT(psa_verify_hash_complete(&verify_operation));
    PSA_ASSERT(psa_verify_hash_abort(&verify_operation));
    /* --- Test that not calling get_num_ops inbetween complete calls does not
     *     result in lost ops. ---*/
    psa_interruptible_set_max_ops(1);
    PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg,
                                   input_data->x, input_data->len));
    /* Continue performing the signature until complete. */
    do {
        status = psa_sign_hash_complete(&sign_operation, signature,
                                        signature_size,
                                        &signature_length);
        num_ops = psa_sign_hash_get_num_ops(&sign_operation);
    } while (status == PSA_OPERATION_INCOMPLETE);
    PSA_ASSERT(status);
    PSA_ASSERT(psa_sign_hash_abort(&sign_operation));
    PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg,
                                   input_data->x, input_data->len));
    /* Continue performing the signature until complete. */
    do {
        status = psa_sign_hash_complete(&sign_operation, signature,
                                        signature_size,
                                        &signature_length);
    } while (status == PSA_OPERATION_INCOMPLETE);
    PSA_ASSERT(status);
    TEST_EQUAL(num_ops, psa_sign_hash_get_num_ops(&sign_operation));
    PSA_ASSERT(psa_sign_hash_abort(&sign_operation));
    PSA_ASSERT(psa_verify_hash_start(&verify_operation, key, alg,
                                     input_data->x, input_data->len,
                                     signature, signature_length));
    /* Continue performing the verification until complete. */
    do {
        status = psa_verify_hash_complete(&verify_operation);
        num_ops = psa_verify_hash_get_num_ops(&verify_operation);
    } while (status == PSA_OPERATION_INCOMPLETE);
    PSA_ASSERT(status);
    PSA_ASSERT(psa_verify_hash_abort(&verify_operation));
    PSA_ASSERT(psa_verify_hash_start(&verify_operation, key, alg,
                                     input_data->x, input_data->len,
                                     signature, signature_length));
    /* Continue performing the verification until complete. */
    do {
        status = psa_verify_hash_complete(&verify_operation);
    } while (status == PSA_OPERATION_INCOMPLETE);
    PSA_ASSERT(status);
    TEST_EQUAL(num_ops, psa_verify_hash_get_num_ops(&verify_operation));
    PSA_ASSERT(psa_verify_hash_abort(&verify_operation));
 exit:
    /*
     * Key attributes may have been returned by psa_get_key_attributes()