commit f155ab9a9102820d478f8aa375a737a582922916
author Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Thu Oct 13 13:11:52 2022 +0200
committer Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Thu Oct 13 13:20:31 2022 +0200
tree 6bbd302fae9fe9b133f831928a751a56d9277577
parent b63a9ef09f6dd8d03ebcbf4b6c8744ffa90ef877

Abort on errors when we should

We're not strictly required to abort, but at least to leave the context
is an invalid state. For "late" functions like input() and output(),
calling abort() is the easiest way to do that. Do it systematically for
input() and output() by using a wrapper. psa_pake_get_implicit_key() was
already doing it. For "early" function, we can just leave the operation
in its current state which is already invalid.

Restore previous tests about that. Not adding systematic tests, though,
just test the two functions that are the most important, and more likely
to return errors.

Since we now abort in more cases, we need to make sure we don't
invalidate the operation that's going to be re-used later in the test.
For that reason, use a copy of the operation for calls to input() and
output() that are expected to return errors.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

tests/suites/test_suite_psa_crypto.function

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 49887b5..a44c67b 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -8739,6 +8739,7 @@
 {
     psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init();
     psa_pake_operation_t operation = psa_pake_operation_init();
+    psa_pake_operation_t op_copy = psa_pake_operation_init();
     psa_algorithm_t alg = alg_arg;
     psa_pake_primitive_t primitive = primitive_arg;
     psa_key_type_t key_type_pw = key_type_pw_arg;
@@ -8836,18 +8837,23 @@
     /* First round */
     if( input_first )
     {
-        /* Invalid parameters */
-        TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PROOF,
+        /* Invalid parameters (input) */
+        op_copy = operation;
+        TEST_EQUAL( psa_pake_input( &op_copy, PSA_PAKE_STEP_ZK_PROOF,
                                     NULL, 0 ),
                     PSA_ERROR_INVALID_ARGUMENT );
-        TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PROOF + 10,
+        /* Invalid parameters (step) */
+        op_copy = operation;
+        TEST_EQUAL( psa_pake_input( &op_copy, PSA_PAKE_STEP_ZK_PROOF + 10,
                                     output_buffer, size_zk_proof ),
                     PSA_ERROR_INVALID_ARGUMENT );
         /* Invalid first step */
-        TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PROOF,
+        op_copy = operation;
+        TEST_EQUAL( psa_pake_input( &op_copy, PSA_PAKE_STEP_ZK_PROOF,
                                     output_buffer, size_zk_proof ),
                     PSA_ERROR_BAD_STATE );
 
+        /* Possibly valid */
         TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_KEY_SHARE,
                                     output_buffer, size_key_share ),
                     expected_status_input_output);
@@ -8858,22 +8864,32 @@
             TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PUBLIC,
                                     output_buffer, size_zk_public + 1 ),
                         PSA_ERROR_INVALID_ARGUMENT );
+
+            /* The operation's state should be invalidated at this point */
+            TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PUBLIC,
+                                        output_buffer, size_zk_public ),
+                        PSA_ERROR_BAD_STATE );
         }
     }
     else
     {
-        /* Invalid parameters */
-        TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PROOF,
+        /* Invalid parameters (output) */
+        op_copy = operation;
+        TEST_EQUAL( psa_pake_output( &op_copy, PSA_PAKE_STEP_ZK_PROOF,
                                      NULL, 0, NULL ),
                     PSA_ERROR_INVALID_ARGUMENT );
-        TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PROOF + 10,
+        op_copy = operation;
+        /* Invalid parameters (step) */
+        TEST_EQUAL( psa_pake_output( &op_copy, PSA_PAKE_STEP_ZK_PROOF + 10,
                                      output_buffer, buf_size, &output_len ),
                     PSA_ERROR_INVALID_ARGUMENT );
         /* Invalid first step */
-        TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PROOF,
+        op_copy = operation;
+        TEST_EQUAL( psa_pake_output( &op_copy, PSA_PAKE_STEP_ZK_PROOF,
                                      output_buffer, buf_size, &output_len ),
                     PSA_ERROR_BAD_STATE );
 
+        /* Possibly valid */
         TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_KEY_SHARE,
                                      output_buffer, buf_size, &output_len ),
                     expected_status_input_output );
@@ -8886,6 +8902,11 @@
             TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PUBLIC,
                                          output_buffer, size_zk_public - 1, &output_len ),
                         PSA_ERROR_BUFFER_TOO_SMALL );
+
+            /* The operation's state should be invalidated at this point */
+            TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PUBLIC,
+                                         output_buffer, buf_size, &output_len ),
+                        PSA_ERROR_BAD_STATE );
         }
     }