Adapt ssl_decrypt_non_etm_cbc() test for psa crypto and remove redundant test cases

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2026-04-20 22:05:15 +00:00 · 2022-02-02 21:31:04 +01:00 · 2022-02-02 21:31:04 +01:00 · f4facef9ba
commit f4facef9ba
parent b97556e8d1
2 changed files with 58 additions and 257 deletions
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@ -1186,6 +1186,44 @@ int psk_dummy_callback( void *p_info, mbedtls_ssl_context *ssl,
 #define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX
 #endif

+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+static int psa_cipher_encrypt_helper( mbedtls_ssl_transform *transform,
+                    const unsigned char *iv, size_t iv_len,
+                    const unsigned char *input, size_t ilen,
+                    unsigned char *output, size_t *olen )
+{
+    psa_status_t status;
+    psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT;
+    size_t part_len;
+
+    status = psa_cipher_encrypt_setup( &cipher_op,
+                                transform->psa_key_enc, transform->psa_alg );
+
+    if( status != PSA_SUCCESS )
+        return( psa_ssl_status_to_mbedtls( status ) );
+
+    status = psa_cipher_set_iv( &cipher_op, iv, iv_len );
+
+    if( status != PSA_SUCCESS )
+        return( psa_ssl_status_to_mbedtls( status ) );
+
+    status = psa_cipher_update( &cipher_op,
+                        input, ilen, output, ilen, olen );
+
+    if( status != PSA_SUCCESS )
+        return( psa_ssl_status_to_mbedtls( status ) );
+
+    status = psa_cipher_finish( &cipher_op,
+                                output + *olen, ilen - *olen, &part_len );
+
+    if( status != PSA_SUCCESS )
+        return( psa_ssl_status_to_mbedtls( status ) );
+
+    *olen += part_len;
+    return( 0 );
+}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
 static int build_transforms( mbedtls_ssl_transform *t_in,
                             mbedtls_ssl_transform *t_out,
                             int cipher_type, int hash_id,
@ -1440,6 +1478,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in,
    if ( status != PSA_SUCCESS)
    {
        ret = psa_ssl_status_to_mbedtls( status );
+        mbedtls_fprintf( stderr, "mbedtls_ssl_cipher_to_psa: %d\n", (int)status);
        goto cleanup;
    }

@ -3547,7 +3586,7 @@ exit:
 }
 /* END_CASE */

-/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO */
+/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2 */
 void ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac,
                              int length_selector )
 {
@ -3680,10 +3719,16 @@ void ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac,
    /*
     * Encrypt and decrypt the correct record, expecting success
     */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    TEST_EQUAL( 0,  psa_cipher_encrypt_helper(&t0, t0.iv_enc, t0.ivlen,
+                            rec.buf + rec.data_offset, rec.data_len,
+                            rec.buf + rec.data_offset, &olen ) );
+#else
    TEST_EQUAL( 0, mbedtls_cipher_crypt( &t0.cipher_ctx_enc,
                                  t0.iv_enc, t0.ivlen,
                                  rec.buf + rec.data_offset, rec.data_len,
                                  rec.buf + rec.data_offset, &olen ) );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
    rec.data_offset -= t0.ivlen;
    rec.data_len    += t0.ivlen;

@ -3706,10 +3751,16 @@ void ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac,
        rec.buf[i] ^= 0x01;

        /* Encrypt */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+        TEST_EQUAL( 0,  psa_cipher_encrypt_helper(&t0, t0.iv_enc, t0.ivlen,
+                                rec.buf + rec.data_offset, rec.data_len,
+                                rec.buf + rec.data_offset, &olen ) );
+#else
        TEST_EQUAL( 0, mbedtls_cipher_crypt( &t0.cipher_ctx_enc,
                                      t0.iv_enc, t0.ivlen,
                                      rec.buf + rec.data_offset, rec.data_len,
                                      rec.buf + rec.data_offset, &olen ) );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
        rec.data_offset -= t0.ivlen;
        rec.data_len    += t0.ivlen;

@ -3743,10 +3794,16 @@ void ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac,
        memset( buf + buflen - padlen - 1, i, padlen + 1 );

        /* Encrypt */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+        TEST_EQUAL( 0,  psa_cipher_encrypt_helper(&t0, t0.iv_enc, t0.ivlen,
+                                rec.buf + rec.data_offset, rec.data_len,
+                                rec.buf + rec.data_offset, &olen ) );
+#else
        TEST_EQUAL( 0, mbedtls_cipher_crypt( &t0.cipher_ctx_enc,
                                      t0.iv_enc, t0.ivlen,
                                      rec.buf + rec.data_offset, rec.data_len,
                                      rec.buf + rec.data_offset, &olen ) );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
        rec.data_offset -= t0.ivlen;
        rec.data_len    += t0.ivlen;