Merge pull request #7177 from paul-elliott-arm/interruptible_sign_hash_improve_num_ops_testing
Interruptible sign hash improve num ops testing
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index f340a7f..cfcdac1 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -4561,9 +4561,9 @@
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
interruptible_signverify_hash_edgecase_tests:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b"
-PSA sign/vrfy hash int max ops tests: randomized ECDSA SECP256R1 SHA-256
+PSA sign/vrfy hash int ops tests: randomized ECDSA SECP256R1 SHA-256
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
-interruptible_signverify_hash_maxops_tests:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b"
+interruptible_signverify_hash_ops_tests:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b"
PSA sign message: RSA PKCS#1 v1.5 SHA-256
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index ab39fba..62f2fbf 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -7487,41 +7487,6 @@
TEST_LE_U(signature_size, PSA_SIGNATURE_MAX_SIZE);
ASSERT_ALLOC(signature, signature_size);
- /* --- Ensure changing the max ops mid operation works (operation should
- * complete successfully after setting max ops to unlimited --- */
- psa_interruptible_set_max_ops(1);
-
- PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg,
- input_data->x, input_data->len));
-
- TEST_EQUAL(psa_sign_hash_complete(&sign_operation, signature,
- signature_size,
- &signature_length),
- PSA_OPERATION_INCOMPLETE);
-
- psa_interruptible_set_max_ops(PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED);
-
- PSA_ASSERT(psa_sign_hash_complete(&sign_operation, signature,
- signature_size,
- &signature_length));
-
- PSA_ASSERT(psa_sign_hash_abort(&sign_operation));
-
- psa_interruptible_set_max_ops(1);
-
- PSA_ASSERT(psa_verify_hash_start(&verify_operation, key, alg,
- input_data->x, input_data->len,
- signature, signature_length));
-
- TEST_EQUAL(psa_verify_hash_complete(&verify_operation),
- PSA_OPERATION_INCOMPLETE);
-
- psa_interruptible_set_max_ops(PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED);
-
- PSA_ASSERT(psa_verify_hash_complete(&verify_operation));
-
- PSA_ASSERT(psa_verify_hash_abort(&verify_operation));
-
/* --- Change function inputs mid run, to cause an error (sign only,
* verify passes all inputs to start. --- */
@@ -7602,15 +7567,21 @@
/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */
/**
- * interruptible_signverify_hash_maxops_tests() test intentions:
+ * interruptible_signverify_hash_ops_tests() test intentions:
*
* Note: This test can currently only handle ECDSA.
*
* 1. Test that setting max ops is reflected in both interruptible sign and
* verify hash
+ * 2. Test that changing the value of max_ops to unlimited during an operation
+ * causes that operation to complete in the next call.
+ *
+ * 3. Test that calling get_num_ops() between complete calls gives the same
+ * result as calling get_num_ops() once at the end of the operation.
*/
-void interruptible_signverify_hash_maxops_tests(int key_type_arg,
- data_t *key_data, int alg_arg, data_t *input_data)
+void interruptible_signverify_hash_ops_tests(int key_type_arg,
+ data_t *key_data, int alg_arg,
+ data_t *input_data)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
@@ -7619,6 +7590,10 @@
size_t key_bits;
unsigned char *signature = NULL;
size_t signature_size;
+ size_t signature_length = 0xdeadbeef;
+ uint32_t num_ops = 0;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
psa_sign_hash_interruptible_operation_t sign_operation =
psa_sign_hash_interruptible_operation_init();
psa_verify_hash_interruptible_operation_t verify_operation =
@@ -7667,6 +7642,111 @@
TEST_EQUAL(psa_interruptible_get_max_ops(), 0xbeef);
+ /* --- Ensure changing the max ops mid operation works (operation should
+ * complete successfully after setting max ops to unlimited --- */
+ psa_interruptible_set_max_ops(1);
+
+ PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg,
+ input_data->x, input_data->len));
+
+ TEST_EQUAL(psa_sign_hash_complete(&sign_operation, signature,
+ signature_size,
+ &signature_length),
+ PSA_OPERATION_INCOMPLETE);
+
+ psa_interruptible_set_max_ops(PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED);
+
+ PSA_ASSERT(psa_sign_hash_complete(&sign_operation, signature,
+ signature_size,
+ &signature_length));
+
+ PSA_ASSERT(psa_sign_hash_abort(&sign_operation));
+
+ psa_interruptible_set_max_ops(1);
+
+ PSA_ASSERT(psa_verify_hash_start(&verify_operation, key, alg,
+ input_data->x, input_data->len,
+ signature, signature_length));
+
+ TEST_EQUAL(psa_verify_hash_complete(&verify_operation),
+ PSA_OPERATION_INCOMPLETE);
+
+ psa_interruptible_set_max_ops(PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED);
+
+ PSA_ASSERT(psa_verify_hash_complete(&verify_operation));
+
+ PSA_ASSERT(psa_verify_hash_abort(&verify_operation));
+
+ /* --- Test that not calling get_num_ops inbetween complete calls does not
+ * result in lost ops. ---*/
+
+ psa_interruptible_set_max_ops(1);
+
+ PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg,
+ input_data->x, input_data->len));
+
+ /* Continue performing the signature until complete. */
+ do {
+ status = psa_sign_hash_complete(&sign_operation, signature,
+ signature_size,
+ &signature_length);
+
+ num_ops = psa_sign_hash_get_num_ops(&sign_operation);
+
+ } while (status == PSA_OPERATION_INCOMPLETE);
+
+ PSA_ASSERT(status);
+
+ PSA_ASSERT(psa_sign_hash_abort(&sign_operation));
+
+ PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg,
+ input_data->x, input_data->len));
+
+ /* Continue performing the signature until complete. */
+ do {
+ status = psa_sign_hash_complete(&sign_operation, signature,
+ signature_size,
+ &signature_length);
+ } while (status == PSA_OPERATION_INCOMPLETE);
+
+ PSA_ASSERT(status);
+
+ TEST_EQUAL(num_ops, psa_sign_hash_get_num_ops(&sign_operation));
+
+ PSA_ASSERT(psa_sign_hash_abort(&sign_operation));
+
+ PSA_ASSERT(psa_verify_hash_start(&verify_operation, key, alg,
+ input_data->x, input_data->len,
+ signature, signature_length));
+
+ /* Continue performing the verification until complete. */
+ do {
+ status = psa_verify_hash_complete(&verify_operation);
+
+ num_ops = psa_verify_hash_get_num_ops(&verify_operation);
+
+ } while (status == PSA_OPERATION_INCOMPLETE);
+
+ PSA_ASSERT(status);
+
+ PSA_ASSERT(psa_verify_hash_abort(&verify_operation));
+
+ PSA_ASSERT(psa_verify_hash_start(&verify_operation, key, alg,
+ input_data->x, input_data->len,
+ signature, signature_length));
+
+ /* Continue performing the verification until complete. */
+ do {
+ status = psa_verify_hash_complete(&verify_operation);
+
+ } while (status == PSA_OPERATION_INCOMPLETE);
+
+ PSA_ASSERT(status);
+
+ TEST_EQUAL(num_ops, psa_verify_hash_get_num_ops(&verify_operation));
+
+ PSA_ASSERT(psa_verify_hash_abort(&verify_operation));
+
exit:
/*
* Key attributes may have been returned by psa_get_key_attributes()