mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-12 01:14:02 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Move some test helpers out of Mbed TLS

Browse Source 
Everything not TLS-related and not ALT-interface-related has been moved
out of tests/src and tests/include and into the framework, except for
the PSA test wrappers.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
This commit is contained in:
David Horstmann 2024-11-14 12:11:42 +00:00
parent fe4b02cc69
commit 531adafb0a
52 changed files with 0 additions and 10641 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
tests/include/alt-extra/psa/crypto.h
View File

@ -1,7 +0,0 @@
/* The goal of the include/alt-extra directory is to test what happens
* if certain files come _after_ the normal include directory.
* Make sure that if the alt-extra directory comes before the normal
* directory (so we wouldn't be achieving our test objective), the build
* will fail.
*/
#error "The normal include directory must come first in the include path"

6
tests/include/baremetal-override/time.h
View File

@ -1,6 +0,0 @@
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#error "time.h included in a configuration without MBEDTLS_HAVE_TIME"

131
tests/include/spe/crypto_spe.h
View File

@ -1,131 +0,0 @@
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
*/
/**
* \file crypto_spe.h
*
* \brief When Mbed TLS is built with the MBEDTLS_PSA_CRYPTO_SPM option
* enabled, this header is included by all .c files in Mbed TLS that
* use PSA Crypto function names. This avoids duplication of symbols
* between TF-M and Mbed TLS.
*
* \note This file should be included before including any PSA Crypto headers
* from Mbed TLS.
*/
#ifndef CRYPTO_SPE_H
#define CRYPTO_SPE_H
#define PSA_FUNCTION_NAME(x) mbedcrypto__ ## x
#define psa_crypto_init \
PSA_FUNCTION_NAME(psa_crypto_init)
#define psa_key_derivation_get_capacity \
PSA_FUNCTION_NAME(psa_key_derivation_get_capacity)
#define psa_key_derivation_set_capacity \
PSA_FUNCTION_NAME(psa_key_derivation_set_capacity)
#define psa_key_derivation_input_bytes \
PSA_FUNCTION_NAME(psa_key_derivation_input_bytes)
#define psa_key_derivation_output_bytes \
PSA_FUNCTION_NAME(psa_key_derivation_output_bytes)
#define psa_key_derivation_input_key \
PSA_FUNCTION_NAME(psa_key_derivation_input_key)
#define psa_key_derivation_output_key \
PSA_FUNCTION_NAME(psa_key_derivation_output_key)
#define psa_key_derivation_setup \
PSA_FUNCTION_NAME(psa_key_derivation_setup)
#define psa_key_derivation_abort \
PSA_FUNCTION_NAME(psa_key_derivation_abort)
#define psa_key_derivation_key_agreement \
PSA_FUNCTION_NAME(psa_key_derivation_key_agreement)
#define psa_raw_key_agreement \
PSA_FUNCTION_NAME(psa_raw_key_agreement)
#define psa_generate_random \
PSA_FUNCTION_NAME(psa_generate_random)
#define psa_aead_encrypt \
PSA_FUNCTION_NAME(psa_aead_encrypt)
#define psa_aead_decrypt \
PSA_FUNCTION_NAME(psa_aead_decrypt)
#define psa_open_key \
PSA_FUNCTION_NAME(psa_open_key)
#define psa_close_key \
PSA_FUNCTION_NAME(psa_close_key)
#define psa_import_key \
PSA_FUNCTION_NAME(psa_import_key)
#define psa_destroy_key \
PSA_FUNCTION_NAME(psa_destroy_key)
#define psa_get_key_attributes \
PSA_FUNCTION_NAME(psa_get_key_attributes)
#define psa_reset_key_attributes \
PSA_FUNCTION_NAME(psa_reset_key_attributes)
#define psa_export_key \
PSA_FUNCTION_NAME(psa_export_key)
#define psa_export_public_key \
PSA_FUNCTION_NAME(psa_export_public_key)
#define psa_purge_key \
PSA_FUNCTION_NAME(psa_purge_key)
#define psa_copy_key \
PSA_FUNCTION_NAME(psa_copy_key)
#define psa_cipher_operation_init \
PSA_FUNCTION_NAME(psa_cipher_operation_init)
#define psa_cipher_generate_iv \
PSA_FUNCTION_NAME(psa_cipher_generate_iv)
#define psa_cipher_set_iv \
PSA_FUNCTION_NAME(psa_cipher_set_iv)
#define psa_cipher_encrypt_setup \
PSA_FUNCTION_NAME(psa_cipher_encrypt_setup)
#define psa_cipher_decrypt_setup \
PSA_FUNCTION_NAME(psa_cipher_decrypt_setup)
#define psa_cipher_update \
PSA_FUNCTION_NAME(psa_cipher_update)
#define psa_cipher_finish \
PSA_FUNCTION_NAME(psa_cipher_finish)
#define psa_cipher_abort \
PSA_FUNCTION_NAME(psa_cipher_abort)
#define psa_hash_operation_init \
PSA_FUNCTION_NAME(psa_hash_operation_init)
#define psa_hash_setup \
PSA_FUNCTION_NAME(psa_hash_setup)
#define psa_hash_update \
PSA_FUNCTION_NAME(psa_hash_update)
#define psa_hash_finish \
PSA_FUNCTION_NAME(psa_hash_finish)
#define psa_hash_verify \
PSA_FUNCTION_NAME(psa_hash_verify)
#define psa_hash_abort \
PSA_FUNCTION_NAME(psa_hash_abort)
#define psa_hash_clone \
PSA_FUNCTION_NAME(psa_hash_clone)
#define psa_hash_compute \
PSA_FUNCTION_NAME(psa_hash_compute)
#define psa_hash_compare \
PSA_FUNCTION_NAME(psa_hash_compare)
#define psa_mac_operation_init \
PSA_FUNCTION_NAME(psa_mac_operation_init)
#define psa_mac_sign_setup \
PSA_FUNCTION_NAME(psa_mac_sign_setup)
#define psa_mac_verify_setup \
PSA_FUNCTION_NAME(psa_mac_verify_setup)
#define psa_mac_update \
PSA_FUNCTION_NAME(psa_mac_update)
#define psa_mac_sign_finish \
PSA_FUNCTION_NAME(psa_mac_sign_finish)
#define psa_mac_verify_finish \
PSA_FUNCTION_NAME(psa_mac_verify_finish)
#define psa_mac_abort \
PSA_FUNCTION_NAME(psa_mac_abort)
#define psa_sign_hash \
PSA_FUNCTION_NAME(psa_sign_hash)
#define psa_verify_hash \
PSA_FUNCTION_NAME(psa_verify_hash)
#define psa_asymmetric_encrypt \
PSA_FUNCTION_NAME(psa_asymmetric_encrypt)
#define psa_asymmetric_decrypt \
PSA_FUNCTION_NAME(psa_asymmetric_decrypt)
#define psa_generate_key \
PSA_FUNCTION_NAME(psa_generate_key)
#endif /* CRYPTO_SPE_H */

26
tests/include/test/arguments.h
View File

@ -1,26 +0,0 @@
/**
* \file arguments.h
*
* \brief Manipulation of test arguments.
*
* Much of the code is in host_test.function, to be migrated here later.
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef TEST_ARGUMENTS_H
#define TEST_ARGUMENTS_H
#include "mbedtls/build_info.h"
#include <stdint.h>
#include <stdlib.h>
typedef union {
size_t len;
intmax_t sint;
} mbedtls_test_argument_t;
#endif /* TEST_ARGUMENTS_H */

38
tests/include/test/asn1_helpers.h
View File

@ -1,38 +0,0 @@
/** Helper functions for tests that manipulate ASN.1 data.
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef ASN1_HELPERS_H
#define ASN1_HELPERS_H
#include "test/helpers.h"
/** Skip past an INTEGER in an ASN.1 buffer.
*
* Mark the current test case as failed in any of the following conditions:
* - The buffer does not start with an ASN.1 INTEGER.
* - The integer's size or parity does not match the constraints expressed
* through \p min_bits, \p max_bits and \p must_be_odd.
*
* \param p Upon entry, `*p` points to the first byte of the
* buffer to parse.
* On successful return, `*p` points to the first byte
* after the parsed INTEGER.
* On failure, `*p` is unspecified.
* \param end The end of the ASN.1 buffer.
* \param min_bits Fail the test case if the integer does not have at
* least this many significant bits.
* \param max_bits Fail the test case if the integer has more than
* this many significant bits.
* \param must_be_odd Fail the test case if the integer is even.
*
* \return \c 0 if the test failed, otherwise 1.
*/
int mbedtls_test_asn1_skip_integer(unsigned char **p, const unsigned char *end,
size_t min_bits, size_t max_bits,
int must_be_odd);
#endif /* ASN1_HELPERS_H */

94
tests/include/test/bignum_codepath_check.h
View File

@ -1,94 +0,0 @@
/** Support for path tracking in optionally safe bignum functions
*
* The functions are called when an optionally safe path is taken and logs it with a single
* variable. This variable is at any time in one of three states:
* - MBEDTLS_MPI_IS_TEST: No optionally safe path has been taken since the last reset
* - MBEDTLS_MPI_IS_SECRET: Only safe paths were teken since the last reset
* - MBEDTLS_MPI_IS_PUBLIC: At least one unsafe path has been taken since the last reset
*
* Use a simple global variable to track execution path. Making it work with multithreading
* isn't worth the effort as multithreaded tests add little to no value here.
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef BIGNUM_CODEPATH_CHECK_H
#define BIGNUM_CODEPATH_CHECK_H
#include "bignum_core.h"
#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C)
extern int mbedtls_codepath_check;
/**
* \brief Setup the codepath test hooks used by optionally safe bignum functions to signal
* the path taken.
*/
void mbedtls_codepath_test_hooks_setup(void);
/**
* \brief Teardown the codepath test hooks used by optionally safe bignum functions to
* signal the path taken.
*/
void mbedtls_codepath_test_hooks_teardown(void);
/**
* \brief Reset the state of the codepath to the initial state.
*/
static inline void mbedtls_codepath_reset(void)
{
mbedtls_codepath_check = MBEDTLS_MPI_IS_TEST;
}
/** Check the codepath taken and fail if it doesn't match.
*
* When a function returns with an error, it can do so before reaching any interesting codepath. The
* same can happen if a parameter to the function is zero. In these cases we need to allow
* the codepath tracking variable to still have its initial "not set" value.
*
* This macro expands to an instruction, not an expression.
* It may jump to the \c exit label.
*
* \param path The expected codepath.
* This expression may be evaluated multiple times.
* \param ret The expected return value.
* \param E The MPI parameter that can cause shortcuts.
*/
#define ASSERT_BIGNUM_CODEPATH(path, ret, E) \
do { \
if ((ret) != 0 || (E).n == 0) { \
TEST_ASSERT(mbedtls_codepath_check == (path) || \
mbedtls_codepath_check == MBEDTLS_MPI_IS_TEST); \
} else { \
TEST_EQUAL(mbedtls_codepath_check, (path)); \
} \
} while (0)
/** Check the codepath taken and fail if it doesn't match.
*
* When a function returns with an error, it can do so before reaching any interesting codepath. In
* this case we need to allow the codepath tracking variable to still have its
* initial "not set" value.
*
* This macro expands to an instruction, not an expression.
* It may jump to the \c exit label.
*
* \param path The expected codepath.
* This expression may be evaluated multiple times.
* \param ret The expected return value.
*/
#define ASSERT_RSA_CODEPATH(path, ret) \
do { \
if ((ret) != 0) { \
TEST_ASSERT(mbedtls_codepath_check == (path) || \
mbedtls_codepath_check == MBEDTLS_MPI_IS_TEST); \
} else { \
TEST_EQUAL(mbedtls_codepath_check, (path)); \
} \
} while (0)
#endif /* MBEDTLS_TEST_HOOKS && !MBEDTLS_THREADING_C */
#endif /* BIGNUM_CODEPATH_CHECK_H */

98
tests/include/test/bignum_helpers.h
View File

@ -1,98 +0,0 @@
/**
* \file bignum_helpers.h
*
* \brief This file contains the prototypes of helper functions for
* bignum-related testing.
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef TEST_BIGNUM_HELPERS_H
#define TEST_BIGNUM_HELPERS_H
#include <mbedtls/build_info.h>
#if defined(MBEDTLS_BIGNUM_C)
#include <mbedtls/bignum.h>
#include <bignum_mod.h>
/** Allocate and populate a core MPI from a test case argument.
*
* This function allocates exactly as many limbs as necessary to fit
* the length of the input. In other words, it preserves leading zeros.
*
* The limb array is allocated with mbedtls_calloc() and must later be
* freed with mbedtls_free().
*
* \param[in,out] pX The address where a pointer to the allocated limb
* array will be stored.
* \c *pX must be null on entry.
* On exit, \c *pX is null on error or if the number
* of limbs is 0.
* \param[out] plimbs The address where the number of limbs will be stored.
* \param[in] input The test argument to read.
* It is interpreted as a hexadecimal representation
* of a non-negative integer.
*
* \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise.
*/
int mbedtls_test_read_mpi_core(mbedtls_mpi_uint **pX, size_t *plimbs,
const char *input);
/** Read a modulus from a hexadecimal string.
*
* This function allocates exactly as many limbs as necessary to fit
* the length of the input. In other words, it preserves leading zeros.
*
* The limb array is allocated with mbedtls_calloc() and must later be
* freed with mbedtls_free(). You can do that by calling
* mbedtls_test_mpi_mod_modulus_free_with_limbs().
*
* \param[in,out] N A modulus structure. It must be initialized, but
* not set up.
* \param[in] s The null-terminated hexadecimal string to read from.
* \param int_rep The desired representation of residues.
*
* \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise.
*/
int mbedtls_test_read_mpi_modulus(mbedtls_mpi_mod_modulus *N,
const char *s,
mbedtls_mpi_mod_rep_selector int_rep);
/** Free a modulus and its limbs.
*
* \param[in] N A modulus structure such that there is no other
* reference to `N->p`.
*/
void mbedtls_test_mpi_mod_modulus_free_with_limbs(mbedtls_mpi_mod_modulus *N);
/** Read an MPI from a hexadecimal string.
*
* Like mbedtls_mpi_read_string(), but with tighter guarantees around
* edge cases.
*
* - This function guarantees that if \p s begins with '-' then the sign
* bit of the result will be negative, even if the value is 0.
* When this function encounters such a "negative 0", it calls
* mbedtls_test_increment_case_uses_negative_0().
* - The size of the result is exactly the minimum number of limbs needed to fit
* the digits in the input. In particular, this function constructs a bignum
* with 0 limbs for an empty string, and a bignum with leading 0 limbs if the
* string has sufficiently many leading 0 digits. This is important so that
* the "0 (null)" and "0 (1 limb)" and "leading zeros" test cases do what they
* claim.
*
* \param[out] X The MPI object to populate. It must be initialized.
* \param[in] s The null-terminated hexadecimal string to read from.
*
* \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise.
*/
int mbedtls_test_read_mpi(mbedtls_mpi *X, const char *s);
#endif /* MBEDTLS_BIGNUM_C */
#endif /* TEST_BIGNUM_HELPERS_H */

71
tests/include/test/constant_flow.h
View File

@ -1,71 +0,0 @@
/**
* \file constant_flow.h
*
* \brief This file contains tools to ensure tested code has constant flow.
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef TEST_CONSTANT_FLOW_H
#define TEST_CONSTANT_FLOW_H
#include "mbedtls/build_info.h"
/*
* This file defines the two macros
*
* #define TEST_CF_SECRET(ptr, size)
* #define TEST_CF_PUBLIC(ptr, size)
*
* that can be used in tests to mark a memory area as secret (no branch or
* memory access should depend on it) or public (default, only needs to be
* marked explicitly when it was derived from secret data).
*
* Arguments:
* - ptr: a pointer to the memory area to be marked
* - size: the size in bytes of the memory area
*
* Implementation:
* The basic idea is that of ctgrind <https://github.com/agl/ctgrind>: we can
* re-use tools that were designed for checking use of uninitialized memory.
* This file contains two implementations: one based on MemorySanitizer, the
* other on valgrind's memcheck. If none of them is enabled, dummy macros that
* do nothing are defined for convenience.
*
* \note #TEST_CF_SECRET must be called directly from within a .function file,
* not indirectly via a macro defined under tests/include or a function
* under tests/src. This is because we only run Valgrind for constant
* flow on test suites that have greppable annotations inside them (see
* `skip_suites_without_constant_flow` in `tests/scripts/all.sh`).
*/
#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN)
#include <sanitizer/msan_interface.h>
/* Use macros to avoid messing up with origin tracking */
#define TEST_CF_SECRET __msan_allocated_memory
// void __msan_allocated_memory(const volatile void* data, size_t size);
#define TEST_CF_PUBLIC __msan_unpoison
// void __msan_unpoison(const volatile void *a, size_t size);
#elif defined(MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND)
#include <valgrind/memcheck.h>
#define TEST_CF_SECRET VALGRIND_MAKE_MEM_UNDEFINED
// VALGRIND_MAKE_MEM_UNDEFINED(_qzz_addr, _qzz_len)
#define TEST_CF_PUBLIC VALGRIND_MAKE_MEM_DEFINED
// VALGRIND_MAKE_MEM_DEFINED(_qzz_addr, _qzz_len)
#else /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN ||
MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND */
#define TEST_CF_SECRET(ptr, size)
#define TEST_CF_PUBLIC(ptr, size)
#endif /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN ||
MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND */
#endif /* TEST_CONSTANT_FLOW_H */

121
tests/include/test/drivers/aead.h
View File

@ -1,121 +0,0 @@
/*
* Test driver for AEAD driver entry points.
*/
/* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_TEST_DRIVERS_AEAD_H
#define PSA_CRYPTO_TEST_DRIVERS_AEAD_H
#include "mbedtls/build_info.h"
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include <psa/crypto_driver_common.h>
typedef struct {
/* If not PSA_SUCCESS, return this error code instead of processing the
* function call. */
psa_status_t forced_status;
/* Count the amount of times AEAD driver functions are called. */
unsigned long hits_encrypt;
unsigned long hits_decrypt;
unsigned long hits_encrypt_setup;
unsigned long hits_decrypt_setup;
unsigned long hits_set_nonce;
unsigned long hits_set_lengths;
unsigned long hits_update_ad;
unsigned long hits_update;
unsigned long hits_finish;
unsigned long hits_verify;
unsigned long hits_abort;
/* Status returned by the last AEAD driver function call. */
psa_status_t driver_status;
} mbedtls_test_driver_aead_hooks_t;
#define MBEDTLS_TEST_DRIVER_AEAD_INIT { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }
static inline mbedtls_test_driver_aead_hooks_t
mbedtls_test_driver_aead_hooks_init(void)
{
const mbedtls_test_driver_aead_hooks_t v = MBEDTLS_TEST_DRIVER_AEAD_INIT;
return v;
}
extern mbedtls_test_driver_aead_hooks_t mbedtls_test_driver_aead_hooks;
psa_status_t mbedtls_test_transparent_aead_encrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *nonce, size_t nonce_length,
const uint8_t *additional_data, size_t additional_data_length,
const uint8_t *plaintext, size_t plaintext_length,
uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length);
psa_status_t mbedtls_test_transparent_aead_decrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *nonce, size_t nonce_length,
const uint8_t *additional_data, size_t additional_data_length,
const uint8_t *ciphertext, size_t ciphertext_length,
uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length);
psa_status_t mbedtls_test_transparent_aead_encrypt_setup(
mbedtls_transparent_test_driver_aead_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg);
psa_status_t mbedtls_test_transparent_aead_decrypt_setup(
mbedtls_transparent_test_driver_aead_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg);
psa_status_t mbedtls_test_transparent_aead_set_nonce(
mbedtls_transparent_test_driver_aead_operation_t *operation,
const uint8_t *nonce,
size_t nonce_length);
psa_status_t mbedtls_test_transparent_aead_set_lengths(
mbedtls_transparent_test_driver_aead_operation_t *operation,
size_t ad_length,
size_t plaintext_length);
psa_status_t mbedtls_test_transparent_aead_update_ad(
mbedtls_transparent_test_driver_aead_operation_t *operation,
const uint8_t *input,
size_t input_length);
psa_status_t mbedtls_test_transparent_aead_update(
mbedtls_transparent_test_driver_aead_operation_t *operation,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length);
psa_status_t mbedtls_test_transparent_aead_finish(
mbedtls_transparent_test_driver_aead_operation_t *operation,
uint8_t *ciphertext,
size_t ciphertext_size,
size_t *ciphertext_length,
uint8_t *tag,
size_t tag_size,
size_t *tag_length);
psa_status_t mbedtls_test_transparent_aead_verify(
mbedtls_transparent_test_driver_aead_operation_t *operation,
uint8_t *plaintext,
size_t plaintext_size,
size_t *plaintext_length,
const uint8_t *tag,
size_t tag_length);
psa_status_t mbedtls_test_transparent_aead_abort(
mbedtls_transparent_test_driver_aead_operation_t *operation);
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_TEST_DRIVERS_AEAD_H */

67
tests/include/test/drivers/asymmetric_encryption.h
View File

@ -1,67 +0,0 @@
/*
* Test driver for asymmetric encryption.
*/
/* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_TEST_DRIVERS_ASYMMETRIC_ENCRYPTION_H
#define PSA_CRYPTO_TEST_DRIVERS_ASYMMETRIC_ENCRYPTION_H
#include "mbedtls/build_info.h"
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include <psa/crypto_driver_common.h>
#include <psa/crypto.h>
typedef struct {
/* If non-null, on success, copy this to the output. */
void *forced_output;
size_t forced_output_length;
/* If not PSA_SUCCESS, return this error code instead of processing the
* function call. */
psa_status_t forced_status;
/* Count the amount of times one of the asymmetric_encryption driver
functions is called. */
unsigned long hits;
} mbedtls_test_driver_asymmetric_encryption_hooks_t;
#define MBEDTLS_TEST_DRIVER_ASYMMETRIC_ENCRYPTION_INIT { NULL, 0, PSA_SUCCESS, 0 }
static inline mbedtls_test_driver_asymmetric_encryption_hooks_t
mbedtls_test_driver_asymmetric_encryption_hooks_init(void)
{
const mbedtls_test_driver_asymmetric_encryption_hooks_t v =
MBEDTLS_TEST_DRIVER_ASYMMETRIC_ENCRYPTION_INIT;
return v;
}
extern mbedtls_test_driver_asymmetric_encryption_hooks_t
mbedtls_test_driver_asymmetric_encryption_hooks;
psa_status_t mbedtls_test_transparent_asymmetric_encrypt(
const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
size_t input_length, const uint8_t *salt, size_t salt_length,
uint8_t *output, size_t output_size, size_t *output_length);
psa_status_t mbedtls_test_opaque_asymmetric_encrypt(
const psa_key_attributes_t *attributes, const uint8_t *key,
size_t key_length, psa_algorithm_t alg, const uint8_t *input,
size_t input_length, const uint8_t *salt, size_t salt_length,
uint8_t *output, size_t output_size, size_t *output_length);
psa_status_t mbedtls_test_transparent_asymmetric_decrypt(
const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
size_t input_length, const uint8_t *salt, size_t salt_length,
uint8_t *output, size_t output_size, size_t *output_length);
psa_status_t mbedtls_test_opaque_asymmetric_decrypt(
const psa_key_attributes_t *attributes, const uint8_t *key,
size_t key_length, psa_algorithm_t alg, const uint8_t *input,
size_t input_length, const uint8_t *salt, size_t salt_length,
uint8_t *output, size_t output_size, size_t *output_length);
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_TEST_DRIVERS_ASYMMETRIC_ENCRYPTION_H */

136
tests/include/test/drivers/cipher.h
View File

@ -1,136 +0,0 @@
/*
* Test driver for cipher functions
*/
/* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_TEST_DRIVERS_CIPHER_H
#define PSA_CRYPTO_TEST_DRIVERS_CIPHER_H
#include "mbedtls/build_info.h"
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include <psa/crypto_driver_common.h>
#include <psa/crypto.h>
#include "mbedtls/cipher.h"
typedef struct {
/* If non-null, on success, copy this to the output. */
void *forced_output;
size_t forced_output_length;
/* If not PSA_SUCCESS, return this error code instead of processing the
* function call. */
psa_status_t forced_status;
psa_status_t forced_status_encrypt;
psa_status_t forced_status_set_iv;
/* Count the amount of times one of the cipher driver functions is called. */
unsigned long hits;
unsigned long hits_encrypt;
unsigned long hits_set_iv;
} mbedtls_test_driver_cipher_hooks_t;
#define MBEDTLS_TEST_DRIVER_CIPHER_INIT { NULL, 0, \
PSA_SUCCESS, PSA_SUCCESS, PSA_SUCCESS, \
0, 0, 0 }
static inline mbedtls_test_driver_cipher_hooks_t
mbedtls_test_driver_cipher_hooks_init(void)
{
const mbedtls_test_driver_cipher_hooks_t v = MBEDTLS_TEST_DRIVER_CIPHER_INIT;
return v;
}
extern mbedtls_test_driver_cipher_hooks_t mbedtls_test_driver_cipher_hooks;
psa_status_t mbedtls_test_transparent_cipher_encrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg,
const uint8_t *iv, size_t iv_length,
const uint8_t *input, size_t input_length,
uint8_t *output, size_t output_size, size_t *output_length);
psa_status_t mbedtls_test_transparent_cipher_decrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg,
const uint8_t *input, size_t input_length,
uint8_t *output, size_t output_size, size_t *output_length);
psa_status_t mbedtls_test_transparent_cipher_encrypt_setup(
mbedtls_transparent_test_driver_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg);
psa_status_t mbedtls_test_transparent_cipher_decrypt_setup(
mbedtls_transparent_test_driver_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg);
psa_status_t mbedtls_test_transparent_cipher_abort(
mbedtls_transparent_test_driver_cipher_operation_t *operation);
psa_status_t mbedtls_test_transparent_cipher_set_iv(
mbedtls_transparent_test_driver_cipher_operation_t *operation,
const uint8_t *iv, size_t iv_length);
psa_status_t mbedtls_test_transparent_cipher_update(
mbedtls_transparent_test_driver_cipher_operation_t *operation,
const uint8_t *input, size_t input_length,
uint8_t *output, size_t output_size, size_t *output_length);
psa_status_t mbedtls_test_transparent_cipher_finish(
mbedtls_transparent_test_driver_cipher_operation_t *operation,
uint8_t *output, size_t output_size, size_t *output_length);
/*
* opaque versions
*/
psa_status_t mbedtls_test_opaque_cipher_encrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg,
const uint8_t *iv, size_t iv_length,
const uint8_t *input, size_t input_length,
uint8_t *output, size_t output_size, size_t *output_length);
psa_status_t mbedtls_test_opaque_cipher_decrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg,
const uint8_t *input, size_t input_length,
uint8_t *output, size_t output_size, size_t *output_length);
psa_status_t mbedtls_test_opaque_cipher_encrypt_setup(
mbedtls_opaque_test_driver_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg);
psa_status_t mbedtls_test_opaque_cipher_decrypt_setup(
mbedtls_opaque_test_driver_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg);
psa_status_t mbedtls_test_opaque_cipher_abort(
mbedtls_opaque_test_driver_cipher_operation_t *operation);
psa_status_t mbedtls_test_opaque_cipher_set_iv(
mbedtls_opaque_test_driver_cipher_operation_t *operation,
const uint8_t *iv, size_t iv_length);
psa_status_t mbedtls_test_opaque_cipher_update(
mbedtls_opaque_test_driver_cipher_operation_t *operation,
const uint8_t *input, size_t input_length,
uint8_t *output, size_t output_size, size_t *output_length);
psa_status_t mbedtls_test_opaque_cipher_finish(
mbedtls_opaque_test_driver_cipher_operation_t *operation,
uint8_t *output, size_t output_size, size_t *output_length);
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_TEST_DRIVERS_CIPHER_H */

46
tests/include/test/drivers/config_test_driver.h
View File

@ -1,46 +0,0 @@
/*
* Mbed TLS configuration for PSA test driver libraries. It includes:
* . the minimum set of modules needed by the PSA core.
* . the Mbed TLS configuration options that may need to be additionally
* enabled for the purpose of a specific test.
* . the PSA configuration file for the Mbed TLS library and its test drivers.
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_CONFIG_H
#define MBEDTLS_CONFIG_H
#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
#define _CRT_SECURE_NO_DEPRECATE 1
#endif
#define MBEDTLS_PSA_CRYPTO_C
#define MBEDTLS_PSA_CRYPTO_CONFIG
/* PSA core mandatory configuration options */
#define MBEDTLS_CIPHER_C
#define MBEDTLS_AES_C
#define MBEDTLS_SHA256_C
#define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1
#define MBEDTLS_CTR_DRBG_C
#define MBEDTLS_ENTROPY_C
#define MBEDTLS_ENTROPY_FORCE_SHA256
/*
* Configuration options that may need to be additionally enabled for the
* purpose of a specific set of tests.
*/
//#define MBEDTLS_SHA1_C
//#define MBEDTLS_SHA224_C
//#define MBEDTLS_SHA384_C
//#define MBEDTLS_SHA512_C
//#define MBEDTLS_MD_C
//#define MBEDTLS_PEM_PARSE_C
//#define MBEDTLS_BASE64_C
//#define MBEDTLS_THREADING_C
//#define MBEDTLS_THREADING_PTHREAD
#endif /* MBEDTLS_CONFIG_H */

689
tests/include/test/drivers/crypto_config_test_driver_extension.h
View File

@ -1,689 +0,0 @@
/**
* This file is intended to be used to build PSA external test driver
* libraries (libtestdriver1).
*
* It is intended to be appended by the test build system to the
* crypto_config.h file of the Mbed TLS library the test library will be
* linked to (see `tests/Makefile` libtestdriver1 target). This is done in
* order to insert it at the right time: after the main configuration
* (PSA_WANT) but before the logic that determines what built-ins to enable
* based on PSA_WANT and MBEDTLS_PSA_ACCEL macros.
*
* It reverses the PSA_ACCEL_* macros defining the cryptographic operations
* that will be accelerated in the main library:
* - When something is accelerated in the main library, we need it supported
* in libtestdriver1, so we disable the accel macro in order to the built-in
* to be enabled.
* - When something is NOT accelerated in the main library, we don't need it
* in libtestdriver1, so we enable its accel macro in order to the built-in
* to be disabled, to keep libtestdriver1 minimal. (We can't adjust the
* PSA_WANT macros as they need to be the same between libtestdriver1 and
* the main library, since they determine the ABI between the two.)
*/
#include "psa/crypto_legacy.h"
#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
#if defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING)
#undef MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING
#else
#define MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING 1
#endif
#endif
#if defined(PSA_WANT_ALG_CBC_PKCS7)
#if defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7)
#undef MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7
#else
#define MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7 1
#endif
#endif
#if defined(PSA_WANT_ALG_CFB)
#if defined(MBEDTLS_PSA_ACCEL_ALG_CFB)
#undef MBEDTLS_PSA_ACCEL_ALG_CFB
#else
#define MBEDTLS_PSA_ACCEL_ALG_CFB 1
#endif
#endif
#if defined(PSA_WANT_ALG_CMAC)
#if defined(MBEDTLS_PSA_ACCEL_ALG_CMAC)
#undef MBEDTLS_PSA_ACCEL_ALG_CMAC
#else
#define MBEDTLS_PSA_ACCEL_ALG_CMAC 1
#endif
#endif
#if defined(PSA_WANT_ALG_CTR)
#if defined(MBEDTLS_PSA_ACCEL_ALG_CTR)
#undef MBEDTLS_PSA_ACCEL_ALG_CTR
#else
#define MBEDTLS_PSA_ACCEL_ALG_CTR 1
#endif
#endif
#if defined(PSA_WANT_ALG_STREAM_CIPHER)
#if defined(MBEDTLS_PSA_ACCEL_ALG_STREAM_CIPHER)
#undef MBEDTLS_PSA_ACCEL_ALG_STREAM_CIPHER
#else
#define MBEDTLS_PSA_ACCEL_ALG_STREAM_CIPHER 1
#endif
#endif
#if defined(PSA_WANT_ALG_ECB_NO_PADDING)
#if defined(MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING)
#undef MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING
#else
#define MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING 1
#endif
#endif
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
#if defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256)
#undef MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256
#else
#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256 1
#endif
#endif
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
#if defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384)
#undef MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384
#else
#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384 1
#endif
#endif
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
#if defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512)
#undef MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512
#else
#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512 1
#endif
#endif
#if defined(PSA_WANT_ECC_MONTGOMERY_255)
#if defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255)
#undef MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255
#else
#define MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255 1
#endif
#endif
#if defined(PSA_WANT_ECC_MONTGOMERY_448)
#if defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448)
#undef MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448
#else
#define MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448 1
#endif
#endif
#if defined(PSA_WANT_ECC_SECP_K1_192)
#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192)
#undef MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192
#else
#define MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192 1
#endif
#endif
#if defined(PSA_WANT_ECC_SECP_K1_224)
#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224)
#undef MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224
#else
#define MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224 1
#endif
#endif
#if defined(PSA_WANT_ECC_SECP_K1_256)
#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256)
#undef MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256
#else
#define MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256 1
#endif
#endif
#if defined(PSA_WANT_ECC_SECP_R1_192)
#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192)
#undef MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192
#else
#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192 1
#endif
#endif
#if defined(PSA_WANT_ECC_SECP_R1_224)
#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224)
#undef MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224
#else
#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224 1
#endif
#endif
#if defined(PSA_WANT_ECC_SECP_R1_256)
#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256)
#undef MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256
#else
#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256 1
#endif
#endif
#if defined(PSA_WANT_ECC_SECP_R1_384)
#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384)
#undef MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384
#else
#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384 1
#endif
#endif
#if defined(PSA_WANT_ECC_SECP_R1_521)
#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521)
#undef MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521
#else
#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521 1
#endif
#endif
#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)
#if defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)
#undef MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA
#else
#define MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA 1
#endif
#endif
#if defined(PSA_WANT_ALG_ECDSA)
#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA)
#undef MBEDTLS_PSA_ACCEL_ALG_ECDSA
#else
#define MBEDTLS_PSA_ACCEL_ALG_ECDSA 1
#endif
#endif
#if defined(PSA_WANT_ALG_ECDH)
#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDH)
#undef MBEDTLS_PSA_ACCEL_ALG_ECDH
#else
#define MBEDTLS_PSA_ACCEL_ALG_ECDH 1
#endif
#endif
#if defined(PSA_WANT_DH_RFC7919_2048)
#if defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_2048)
#undef MBEDTLS_PSA_ACCEL_DH_RFC7919_2048
#else
#define MBEDTLS_PSA_ACCEL_DH_RFC7919_2048
#endif
#endif
#if defined(PSA_WANT_DH_RFC7919_3072)
#if defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_3072)
#undef MBEDTLS_PSA_ACCEL_DH_RFC7919_3072
#else
#define MBEDTLS_PSA_ACCEL_DH_RFC7919_3072
#endif
#endif
#if defined(PSA_WANT_DH_RFC7919_4096)
#if defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_4096)
#undef MBEDTLS_PSA_ACCEL_DH_RFC7919_4096
#else
#define MBEDTLS_PSA_ACCEL_DH_RFC7919_4096
#endif
#endif
#if defined(PSA_WANT_DH_RFC7919_6144)
#if defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_6144)
#undef MBEDTLS_PSA_ACCEL_DH_RFC7919_6144
#else
#define MBEDTLS_PSA_ACCEL_DH_RFC7919_6144
#endif
#endif
#if defined(PSA_WANT_DH_RFC7919_8192)
#if defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_8192)
#undef MBEDTLS_PSA_ACCEL_DH_RFC7919_8192
#else
#define MBEDTLS_PSA_ACCEL_DH_RFC7919_8192
#endif
#endif
#if defined(PSA_WANT_ALG_FFDH)
#if defined(MBEDTLS_PSA_ACCEL_ALG_FFDH)
#undef MBEDTLS_PSA_ACCEL_ALG_FFDH
#else
#define MBEDTLS_PSA_ACCEL_ALG_FFDH 1
#endif
#endif
#if defined(PSA_WANT_ALG_MD5)
#if defined(MBEDTLS_PSA_ACCEL_ALG_MD5)
#undef MBEDTLS_PSA_ACCEL_ALG_MD5
#else
#define MBEDTLS_PSA_ACCEL_ALG_MD5 1
#endif
#endif
#if defined(PSA_WANT_ALG_OFB)
#if defined(MBEDTLS_PSA_ACCEL_ALG_OFB)
#undef MBEDTLS_PSA_ACCEL_ALG_OFB
#else
#define MBEDTLS_PSA_ACCEL_ALG_OFB 1
#endif
#endif
#if defined(PSA_WANT_ALG_RIPEMD160)
#if defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160)
#undef MBEDTLS_PSA_ACCEL_ALG_RIPEMD160
#else
#define MBEDTLS_PSA_ACCEL_ALG_RIPEMD160 1
#endif
#endif
#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN)
#undef MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN
#else
#define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN 1
#endif
#endif
#if defined(PSA_WANT_ALG_RSA_PSS)
#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS)
#undef MBEDTLS_PSA_ACCEL_ALG_RSA_PSS
#else
#define MBEDTLS_PSA_ACCEL_ALG_RSA_PSS 1
#endif
#endif
#if defined(PSA_WANT_ALG_SHA_1)
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1)
#undef MBEDTLS_PSA_ACCEL_ALG_SHA_1
#else
#define MBEDTLS_PSA_ACCEL_ALG_SHA_1 1
#endif
#endif
#if defined(PSA_WANT_ALG_SHA_224)
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224)
#undef MBEDTLS_PSA_ACCEL_ALG_SHA_224
#else
#define MBEDTLS_PSA_ACCEL_ALG_SHA_224 1
#endif
#endif
#if defined(PSA_WANT_ALG_SHA_256)
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256)
#undef MBEDTLS_PSA_ACCEL_ALG_SHA_256
#else
#define MBEDTLS_PSA_ACCEL_ALG_SHA_256 1
#endif
#endif
#if defined(PSA_WANT_ALG_SHA_384)
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384)
#undef MBEDTLS_PSA_ACCEL_ALG_SHA_384
#else
#define MBEDTLS_PSA_ACCEL_ALG_SHA_384 1
#endif
#endif
#if defined(PSA_WANT_ALG_SHA_512)
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512)
#undef MBEDTLS_PSA_ACCEL_ALG_SHA_512
#else
#define MBEDTLS_PSA_ACCEL_ALG_SHA_512 1
#endif
#endif
#if defined(PSA_WANT_ALG_SHA3_224)
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_224)
#undef MBEDTLS_PSA_ACCEL_ALG_SHA3_224
#else
#define MBEDTLS_PSA_ACCEL_ALG_SHA3_224 1
#endif
#endif
#if defined(PSA_WANT_ALG_SHA3_256)
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_256)
#undef MBEDTLS_PSA_ACCEL_ALG_SHA3_256
#else
#define MBEDTLS_PSA_ACCEL_ALG_SHA3_256 1
#endif
#endif
#if defined(PSA_WANT_ALG_SHA3_384)
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_384)
#undef MBEDTLS_PSA_ACCEL_ALG_SHA3_384
#else
#define MBEDTLS_PSA_ACCEL_ALG_SHA3_384 1
#endif
#endif
#if defined(PSA_WANT_ALG_SHA3_512)
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_512)
#undef MBEDTLS_PSA_ACCEL_ALG_SHA3_512
#else
#define MBEDTLS_PSA_ACCEL_ALG_SHA3_512 1
#endif
#endif
#if defined(PSA_WANT_ALG_XTS)
#if defined(MBEDTLS_PSA_ACCEL_ALG_XTS)
#undef MBEDTLS_PSA_ACCEL_ALG_XTS
#else
#define MBEDTLS_PSA_ACCEL_ALG_XTS 1
#endif
#endif
#if defined(PSA_WANT_ALG_CHACHA20_POLY1305)
#if defined(MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305)
#undef MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305
#else
#define MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 1
#endif
#endif
#if defined(PSA_WANT_ALG_JPAKE)
#if defined(MBEDTLS_PSA_ACCEL_ALG_JPAKE)
#undef MBEDTLS_PSA_ACCEL_ALG_JPAKE
#else
#define MBEDTLS_PSA_ACCEL_ALG_JPAKE 1
#endif
#endif
#if defined(PSA_WANT_KEY_TYPE_AES)
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES)
#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_AES
#else
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_AES 1
#endif
#endif
#if defined(PSA_WANT_KEY_TYPE_ARIA)
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA)
#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA
#else
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA 1
#endif
#endif
#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA)
#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA
#else
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA 1
#endif
#endif
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC)
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC)
#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC
#else
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
#endif
#endif
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT)
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT)
#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT
#else
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
#endif
#endif
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT)
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT)
#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT
#else
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1
#endif
#endif
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE
#else
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
#endif
#endif
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE
#else
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1
#endif
#endif
#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC)
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC)
#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC
#else
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC 1
#endif
#endif
#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT)
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT)
#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT
#else
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT 1
#endif
#endif
#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT)
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT)
#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT
#else
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT 1
#endif
#endif
#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE)
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE)
#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE
#else
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE 1
#endif
#endif
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC)
#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC
#else
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
#endif
#endif
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT)
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_IMPORT)
#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_IMPORT
#else
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1
#endif
#endif
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT)
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_EXPORT)
#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_EXPORT
#else
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1
#endif
#endif
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_GENERATE
#else
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1
#endif
#endif
#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY
#else
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY 1
#endif
#endif
#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY)
#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY
#else
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY 1
#endif
#endif
#if defined(PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY)
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY)
#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY
#else
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY 1
#endif
#endif
#if defined(PSA_WANT_KEY_TYPE_CHACHA20)
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20)
#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20
#else
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 1
#endif
#endif
#if defined(PSA_WANT_ALG_TLS12_PRF)
#if defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF)
#undef MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF
#else
#define MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF 1
#endif
#endif
#if defined(PSA_WANT_ALG_TLS12_PSK_TO_MS)
#if defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS)
#undef MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS
#else
#define MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS 1
#endif
#endif
#if defined(PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS)
#if defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS)
#undef MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS
#else
#define MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS 1
#endif
#endif
#if defined(PSA_WANT_ALG_GCM)
#if defined(MBEDTLS_PSA_ACCEL_ALG_GCM)
#undef MBEDTLS_PSA_ACCEL_ALG_GCM
#else
#define MBEDTLS_PSA_ACCEL_ALG_GCM 1
#endif
#endif
#if defined(PSA_WANT_ALG_CCM)
#if defined(MBEDTLS_PSA_ACCEL_ALG_CCM)
#undef MBEDTLS_PSA_ACCEL_ALG_CCM
#else
#define MBEDTLS_PSA_ACCEL_ALG_CCM 1
#endif
#endif
#if defined(PSA_WANT_ALG_CCM_STAR_NO_TAG)
#if defined(MBEDTLS_PSA_ACCEL_ALG_CCM_STAR_NO_TAG)
#undef MBEDTLS_PSA_ACCEL_ALG_CCM_STAR_NO_TAG
#else
#define MBEDTLS_PSA_ACCEL_ALG_CCM_STAR_NO_TAG 1
#endif
#endif
#if defined(PSA_WANT_ALG_CBC_MAC)
#if defined(MBEDTLS_PSA_ACCEL_ALG_CBC_MAC)
#undef MBEDTLS_PSA_ACCEL_ALG_CBC_MAC
#else
#define MBEDTLS_PSA_ACCEL_ALG_CBC_MAC 1
#endif
#endif
#if defined(PSA_WANT_ALG_HMAC)
#if defined(MBEDTLS_PSA_ACCEL_ALG_HMAC)
#undef MBEDTLS_PSA_ACCEL_ALG_HMAC
#else
#define MBEDTLS_PSA_ACCEL_ALG_HMAC 1
#endif
#endif
#if defined(PSA_WANT_ALG_HKDF)
#if defined(MBEDTLS_PSA_ACCEL_ALG_HKDF)
#undef MBEDTLS_PSA_ACCEL_ALG_HKDF
#else
#define MBEDTLS_PSA_ACCEL_ALG_HKDF 1
#endif
#endif
#if defined(PSA_WANT_ALG_HKDF_EXTRACT)
#if defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT)
#undef MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT
#else
#define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT 1
#endif
#endif
#if defined(PSA_WANT_ALG_HKDF_EXPAND)
#if defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND)
#undef MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND
#else
#define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND 1
#endif
#endif
#if defined(PSA_WANT_ALG_RSA_OAEP)
#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP)
#undef MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP
#else
#define MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP 1
#endif
#endif
#if defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT)
#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT)
#undef MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT
#else
#define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT 1
#endif
#endif
#if defined(PSA_WANT_KEY_TYPE_DERIVE)
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE)
#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE
#else
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE 1
#endif
#endif
#if defined(PSA_WANT_KEY_TYPE_HMAC)
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC)
#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC
#else
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC 1
#endif
#endif
#if defined(PSA_WANT_KEY_TYPE_DES)
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DES)
#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DES
#else
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DES 1
#endif
#endif
#if defined(PSA_WANT_KEY_TYPE_RAW_DATA)
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RAW_DATA)
#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RAW_DATA
#else
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RAW_DATA 1
#endif
#endif

64
tests/include/test/drivers/hash.h
View File

@ -1,64 +0,0 @@
/*
* Test driver for hash driver entry points.
*/
/* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_TEST_DRIVERS_HASH_H
#define PSA_CRYPTO_TEST_DRIVERS_HASH_H
#include "mbedtls/build_info.h"
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include <psa/crypto_driver_common.h>
typedef struct {
/* If not PSA_SUCCESS, return this error code instead of processing the
* function call. */
psa_status_t forced_status;
/* Count the amount of times hash driver entry points are called. */
unsigned long hits;
/* Status returned by the last hash driver entry point call. */
psa_status_t driver_status;
} mbedtls_test_driver_hash_hooks_t;
#define MBEDTLS_TEST_DRIVER_HASH_INIT { 0, 0, 0 }
static inline mbedtls_test_driver_hash_hooks_t
mbedtls_test_driver_hash_hooks_init(void)
{
const mbedtls_test_driver_hash_hooks_t v = MBEDTLS_TEST_DRIVER_HASH_INIT;
return v;
}
extern mbedtls_test_driver_hash_hooks_t mbedtls_test_driver_hash_hooks;
psa_status_t mbedtls_test_transparent_hash_compute(
psa_algorithm_t alg,
const uint8_t *input, size_t input_length,
uint8_t *hash, size_t hash_size, size_t *hash_length);
psa_status_t mbedtls_test_transparent_hash_setup(
mbedtls_transparent_test_driver_hash_operation_t *operation,
psa_algorithm_t alg);
psa_status_t mbedtls_test_transparent_hash_clone(
const mbedtls_transparent_test_driver_hash_operation_t *source_operation,
mbedtls_transparent_test_driver_hash_operation_t *target_operation);
psa_status_t mbedtls_test_transparent_hash_update(
mbedtls_transparent_test_driver_hash_operation_t *operation,
const uint8_t *input,
size_t input_length);
psa_status_t mbedtls_test_transparent_hash_finish(
mbedtls_transparent_test_driver_hash_operation_t *operation,
uint8_t *hash,
size_t hash_size,
size_t *hash_length);
psa_status_t mbedtls_test_transparent_hash_abort(
mbedtls_transparent_test_driver_hash_operation_t *operation);
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_TEST_DRIVERS_HASH_H */

62
tests/include/test/drivers/key_agreement.h
View File

@ -1,62 +0,0 @@
/*
* Test driver for key agreement functions.
*/
/* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_TEST_DRIVERS_KEY_AGREEMENT_H
#define PSA_CRYPTO_TEST_DRIVERS_KEY_AGREEMENT_H
#include "mbedtls/build_info.h"
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include <psa/crypto_driver_common.h>
typedef struct {
/* If non-null, on success, copy this to the output. */
void *forced_output;
size_t forced_output_length;
/* If not PSA_SUCCESS, return this error code instead of processing the
* function call. */
psa_status_t forced_status;
/* Count the amount of times one of the signature driver functions is called. */
unsigned long hits;
} mbedtls_test_driver_key_agreement_hooks_t;
#define MBEDTLS_TEST_DRIVER_KEY_AGREEMENT_INIT { NULL, 0, PSA_SUCCESS, 0 }
static inline mbedtls_test_driver_key_agreement_hooks_t
mbedtls_test_driver_key_agreement_hooks_init(void)
{
const mbedtls_test_driver_key_agreement_hooks_t
v = MBEDTLS_TEST_DRIVER_KEY_AGREEMENT_INIT;
return v;
}
extern mbedtls_test_driver_key_agreement_hooks_t
mbedtls_test_driver_key_agreement_hooks;
psa_status_t mbedtls_test_transparent_key_agreement(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *peer_key,
size_t peer_key_length,
uint8_t *shared_secret,
size_t shared_secret_size,
size_t *shared_secret_length);
psa_status_t mbedtls_test_opaque_key_agreement(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *peer_key,
size_t peer_key_length,
uint8_t *shared_secret,
size_t shared_secret_size,
size_t *shared_secret_length);
#endif /*PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_TEST_DRIVERS_KEY_AGREEMENT_H */

131
tests/include/test/drivers/key_management.h
View File

@ -1,131 +0,0 @@
/*
* Test driver for generating and verifying keys.
*/
/* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H
#define PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H
#include "mbedtls/build_info.h"
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include <psa/crypto_driver_common.h>
#define PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT 0
#define PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT 1
typedef struct {
/* If non-null, on success, copy this to the output. */
void *forced_output;
size_t forced_output_length;
/* If not PSA_SUCCESS, return this error code instead of processing the
* function call. */
psa_status_t forced_status;
/* Count the amount of times one of the key management driver functions
* is called. */
unsigned long hits;
/* Subset of hits which only counts public key export operations */
unsigned long hits_export_public_key;
/* Subset of hits which only counts key generation operations */
unsigned long hits_generate_key;
/* Location of the last key management driver called to import a key. */
psa_key_location_t location;
} mbedtls_test_driver_key_management_hooks_t;
/* The location is initialized to the invalid value 0x800000. Invalid in the
* sense that no PSA specification will assign a meaning to this location
* (stated first in version 1.0.1 of the specification) and that it is not
* used as a location of an opaque test drivers. */
#define MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT { NULL, 0, PSA_SUCCESS, 0, 0, 0, 0x800000 }
static inline mbedtls_test_driver_key_management_hooks_t
mbedtls_test_driver_key_management_hooks_init(void)
{
const mbedtls_test_driver_key_management_hooks_t
v = MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT;
return v;
}
/*
* In order to convert the plain text keys to Opaque, the size of the key is
* padded up by PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE in addition to
* xor mangling the key. The pad prefix needs to be accounted for while
* sizing for the key.
*/
#define PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX 0xBEEFED00U
#define PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE sizeof( \
PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX)
size_t mbedtls_test_opaque_size_function(
const psa_key_type_t key_type,
const size_t key_bits);
extern mbedtls_test_driver_key_management_hooks_t
mbedtls_test_driver_key_management_hooks;
psa_status_t mbedtls_test_transparent_init(void);
void mbedtls_test_transparent_free(void);
psa_status_t mbedtls_test_opaque_init(void);
void mbedtls_test_opaque_free(void);
psa_status_t mbedtls_test_opaque_unwrap_key(
const uint8_t *wrapped_key, size_t wrapped_key_length, uint8_t *key_buffer,
size_t key_buffer_size, size_t *key_buffer_length);
psa_status_t mbedtls_test_transparent_generate_key(
const psa_key_attributes_t *attributes,
uint8_t *key, size_t key_size, size_t *key_length);
psa_status_t mbedtls_test_opaque_generate_key(
const psa_key_attributes_t *attributes,
uint8_t *key, size_t key_size, size_t *key_length);
psa_status_t mbedtls_test_opaque_export_key(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
uint8_t *data, size_t data_size, size_t *data_length);
psa_status_t mbedtls_test_transparent_export_public_key(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
uint8_t *data, size_t data_size, size_t *data_length);
psa_status_t mbedtls_test_opaque_export_public_key(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
uint8_t *data, size_t data_size, size_t *data_length);
psa_status_t mbedtls_test_transparent_import_key(
const psa_key_attributes_t *attributes,
const uint8_t *data,
size_t data_length,
uint8_t *key_buffer,
size_t key_buffer_size,
size_t *key_buffer_length,
size_t *bits);
psa_status_t mbedtls_test_opaque_import_key(
const psa_key_attributes_t *attributes,
const uint8_t *data,
size_t data_length,
uint8_t *key_buffer,
size_t key_buffer_size,
size_t *key_buffer_length,
size_t *bits);
psa_status_t mbedtls_test_opaque_get_builtin_key(
psa_drv_slot_number_t slot_number,
psa_key_attributes_t *attributes,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length);
psa_status_t mbedtls_test_opaque_copy_key(
psa_key_attributes_t *attributes,
const uint8_t *source_key,
size_t source_key_length,
uint8_t *target_key_buffer,
size_t target_key_buffer_size,
size_t *target_key_buffer_length);
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H */

125
tests/include/test/drivers/mac.h
View File

@ -1,125 +0,0 @@
/*
* Test driver for MAC driver entry points.
*/
/* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_TEST_DRIVERS_MAC_H
#define PSA_CRYPTO_TEST_DRIVERS_MAC_H
#include "mbedtls/build_info.h"
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include <psa/crypto_driver_common.h>
typedef struct {
/* If not PSA_SUCCESS, return this error code instead of processing the
* function call. */
psa_status_t forced_status;
/* Count the amount of times MAC driver functions are called. */
unsigned long hits;
/* Status returned by the last MAC driver function call. */
psa_status_t driver_status;
} mbedtls_test_driver_mac_hooks_t;
#define MBEDTLS_TEST_DRIVER_MAC_INIT { 0, 0, 0 }
static inline mbedtls_test_driver_mac_hooks_t
mbedtls_test_driver_mac_hooks_init(void)
{
const mbedtls_test_driver_mac_hooks_t v = MBEDTLS_TEST_DRIVER_MAC_INIT;
return v;
}
extern mbedtls_test_driver_mac_hooks_t mbedtls_test_driver_mac_hooks;
psa_status_t mbedtls_test_transparent_mac_compute(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *mac,
size_t mac_size,
size_t *mac_length);
psa_status_t mbedtls_test_transparent_mac_sign_setup(
mbedtls_transparent_test_driver_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg);
psa_status_t mbedtls_test_transparent_mac_verify_setup(
mbedtls_transparent_test_driver_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg);
psa_status_t mbedtls_test_transparent_mac_update(
mbedtls_transparent_test_driver_mac_operation_t *operation,
const uint8_t *input,
size_t input_length);
psa_status_t mbedtls_test_transparent_mac_sign_finish(
mbedtls_transparent_test_driver_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size,
size_t *mac_length);
psa_status_t mbedtls_test_transparent_mac_verify_finish(
mbedtls_transparent_test_driver_mac_operation_t *operation,
const uint8_t *mac,
size_t mac_length);
psa_status_t mbedtls_test_transparent_mac_abort(
mbedtls_transparent_test_driver_mac_operation_t *operation);
psa_status_t mbedtls_test_opaque_mac_compute(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *mac,
size_t mac_size,
size_t *mac_length);
psa_status_t mbedtls_test_opaque_mac_sign_setup(
mbedtls_opaque_test_driver_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg);
psa_status_t mbedtls_test_opaque_mac_verify_setup(
mbedtls_opaque_test_driver_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg);
psa_status_t mbedtls_test_opaque_mac_update(
mbedtls_opaque_test_driver_mac_operation_t *operation,
const uint8_t *input,
size_t input_length);
psa_status_t mbedtls_test_opaque_mac_sign_finish(
mbedtls_opaque_test_driver_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size,
size_t *mac_length);
psa_status_t mbedtls_test_opaque_mac_verify_finish(
mbedtls_opaque_test_driver_mac_operation_t *operation,
const uint8_t *mac,
size_t mac_length);
psa_status_t mbedtls_test_opaque_mac_abort(
mbedtls_opaque_test_driver_mac_operation_t *operation);
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_TEST_DRIVERS_MAC_H */

75
tests/include/test/drivers/pake.h
View File

@ -1,75 +0,0 @@
/*
* Test driver for PAKE driver entry points.
*/
/* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_TEST_DRIVERS_PAKE_H
#define PSA_CRYPTO_TEST_DRIVERS_PAKE_H
#include "mbedtls/build_info.h"
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include <psa/crypto_driver_common.h>
typedef struct {
/* If not PSA_SUCCESS, return this error code instead of processing the
* function call. */
psa_status_t forced_status;
/* PAKE driver setup is executed on the first call to
pake_output/pake_input (added to distinguish forced statuses). */
psa_status_t forced_setup_status;
/* Count the amount of times PAKE driver functions are called. */
struct {
unsigned long total;
unsigned long setup;
unsigned long input;
unsigned long output;
unsigned long implicit_key;
unsigned long abort;
} hits;
/* Status returned by the last PAKE driver function call. */
psa_status_t driver_status;
/* Output returned by pake_output */
void *forced_output;
size_t forced_output_length;
} mbedtls_test_driver_pake_hooks_t;
#define MBEDTLS_TEST_DRIVER_PAKE_INIT { PSA_SUCCESS, PSA_SUCCESS, { 0, 0, 0, 0, 0, 0 }, PSA_SUCCESS, \
NULL, 0 }
static inline mbedtls_test_driver_pake_hooks_t
mbedtls_test_driver_pake_hooks_init(void)
{
const mbedtls_test_driver_pake_hooks_t v = MBEDTLS_TEST_DRIVER_PAKE_INIT;
return v;
}
extern mbedtls_test_driver_pake_hooks_t mbedtls_test_driver_pake_hooks;
psa_status_t mbedtls_test_transparent_pake_setup(
mbedtls_transparent_test_driver_pake_operation_t *operation,
const psa_crypto_driver_pake_inputs_t *inputs);
psa_status_t mbedtls_test_transparent_pake_output(
mbedtls_transparent_test_driver_pake_operation_t *operation,
psa_crypto_driver_pake_step_t step,
uint8_t *output,
size_t output_size,
size_t *output_length);
psa_status_t mbedtls_test_transparent_pake_input(
mbedtls_transparent_test_driver_pake_operation_t *operation,
psa_crypto_driver_pake_step_t step,
const uint8_t *input,
size_t input_length);
psa_status_t mbedtls_test_transparent_pake_get_implicit_key(
mbedtls_transparent_test_driver_pake_operation_t *operation,
uint8_t *output, size_t output_size, size_t *output_length);
psa_status_t mbedtls_test_transparent_pake_abort(
mbedtls_transparent_test_driver_pake_operation_t *operation);
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_TEST_DRIVERS_PAKE_H */

112
tests/include/test/drivers/signature.h
View File

@ -1,112 +0,0 @@
/*
* Test driver for signature functions.
*/
/* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H
#define PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H
#include "mbedtls/build_info.h"
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include <psa/crypto_driver_common.h>
typedef struct {
/* If non-null, on success, copy this to the output. */
void *forced_output;
size_t forced_output_length;
/* If not PSA_SUCCESS, return this error code instead of processing the
* function call. */
psa_status_t forced_status;
/* Count the amount of times one of the signature driver functions is called. */
unsigned long hits;
} mbedtls_test_driver_signature_hooks_t;
#define MBEDTLS_TEST_DRIVER_SIGNATURE_INIT { NULL, 0, PSA_SUCCESS, 0 }
static inline mbedtls_test_driver_signature_hooks_t
mbedtls_test_driver_signature_hooks_init(void)
{
const mbedtls_test_driver_signature_hooks_t
v = MBEDTLS_TEST_DRIVER_SIGNATURE_INIT;
return v;
}
extern mbedtls_test_driver_signature_hooks_t
mbedtls_test_driver_signature_sign_hooks;
extern mbedtls_test_driver_signature_hooks_t
mbedtls_test_driver_signature_verify_hooks;
psa_status_t mbedtls_test_transparent_signature_sign_message(
const psa_key_attributes_t *attributes,
const uint8_t *key,
size_t key_length,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *signature,
size_t signature_size,
size_t *signature_length);
psa_status_t mbedtls_test_opaque_signature_sign_message(
const psa_key_attributes_t *attributes,
const uint8_t *key,
size_t key_length,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *signature,
size_t signature_size,
size_t *signature_length);
psa_status_t mbedtls_test_transparent_signature_verify_message(
const psa_key_attributes_t *attributes,
const uint8_t *key,
size_t key_length,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
const uint8_t *signature,
size_t signature_length);
psa_status_t mbedtls_test_opaque_signature_verify_message(
const psa_key_attributes_t *attributes,
const uint8_t *key,
size_t key_length,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
const uint8_t *signature,
size_t signature_length);
psa_status_t mbedtls_test_transparent_signature_sign_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg,
const uint8_t *hash, size_t hash_length,
uint8_t *signature, size_t signature_size, size_t *signature_length);
psa_status_t mbedtls_test_opaque_signature_sign_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg,
const uint8_t *hash, size_t hash_length,
uint8_t *signature, size_t signature_size, size_t *signature_length);
psa_status_t mbedtls_test_transparent_signature_verify_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg,
const uint8_t *hash, size_t hash_length,
const uint8_t *signature, size_t signature_length);
psa_status_t mbedtls_test_opaque_signature_verify_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg,
const uint8_t *hash, size_t hash_length,
const uint8_t *signature, size_t signature_length);
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H */

32
tests/include/test/drivers/test_driver.h
View File

@ -1,32 +0,0 @@
/*
* Umbrella include for all of the test driver functionality
*/
/* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_TEST_DRIVER_H
#define PSA_CRYPTO_TEST_DRIVER_H
#if defined(PSA_CRYPTO_DRIVER_TEST)
#ifndef PSA_CRYPTO_DRIVER_PRESENT
#define PSA_CRYPTO_DRIVER_PRESENT
#endif
#ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
#define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
#endif
#define PSA_CRYPTO_TEST_DRIVER_LOCATION 0x7fffff
#include "test/drivers/aead.h"
#include "test/drivers/cipher.h"
#include "test/drivers/hash.h"
#include "test/drivers/mac.h"
#include "test/drivers/key_management.h"
#include "test/drivers/signature.h"
#include "test/drivers/asymmetric_encryption.h"
#include "test/drivers/key_agreement.h"
#include "test/drivers/pake.h"
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_TEST_DRIVER_H */

40
tests/include/test/fake_external_rng_for_test.h
View File

@ -1,40 +0,0 @@
/*
* Insecure but standalone implementation of mbedtls_psa_external_get_random().
* Only for use in tests!
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef FAKE_EXTERNAL_RNG_FOR_TEST_H
#define FAKE_EXTERNAL_RNG_FOR_TEST_H
#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
/** Enable the insecure implementation of mbedtls_psa_external_get_random().
*
* The insecure implementation of mbedtls_psa_external_get_random() is
* disabled by default.
*
* When MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is enabled and the test
* helpers are linked into a program, you must enable this before running any
* code that uses the PSA subsystem to generate random data (including internal
* random generation for purposes such as blinding when the random generation
* is routed through PSA).
*
* You can enable and disable it at any time, regardless of the state
* of the PSA subsystem. You may disable it temporarily to simulate a
* depleted entropy source.
*/
void mbedtls_test_enable_insecure_external_rng(void);
/** Disable the insecure implementation of mbedtls_psa_external_get_random().
*
* See mbedtls_test_enable_insecure_external_rng().
*/
void mbedtls_test_disable_insecure_external_rng(void);
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
#endif /* FAKE_EXTERNAL_RNG_FOR_TEST_H */

404
tests/include/test/helpers.h
View File

@ -1,404 +0,0 @@
/**
* \file helpers.h
*
* \brief This file contains the prototypes of helper functions for the
* purpose of testing.
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef TEST_HELPERS_H
#define TEST_HELPERS_H
/* Most fields of publicly available structs are private and are wrapped with
* MBEDTLS_PRIVATE macro. This define allows tests to access the private fields
* directly (without using the MBEDTLS_PRIVATE wrapper). */
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#include "mbedtls/build_info.h"
#if defined(__SANITIZE_ADDRESS__) /* gcc -fsanitize=address */
# define MBEDTLS_TEST_HAVE_ASAN
#endif
#if defined(__SANITIZE_THREAD__) /* gcc -fsanitize-thread */
# define MBEDTLS_TEST_HAVE_TSAN
#endif
#if defined(__has_feature)
# if __has_feature(address_sanitizer) /* clang -fsanitize=address */
# define MBEDTLS_TEST_HAVE_ASAN
# endif
# if __has_feature(memory_sanitizer) /* clang -fsanitize=memory */
# define MBEDTLS_TEST_HAVE_MSAN
# endif
# if __has_feature(thread_sanitizer) /* clang -fsanitize=thread */
# define MBEDTLS_TEST_HAVE_TSAN
# endif
#endif
#include "test/threading_helpers.h"
#if defined(MBEDTLS_TEST_MUTEX_USAGE)
#include "mbedtls/threading.h"
#endif
#include "mbedtls/platform.h"
#include <stddef.h>
#include <stdint.h>
#if defined(MBEDTLS_BIGNUM_C)
#include "mbedtls/bignum.h"
#endif
/** The type of test case arguments that contain binary data. */
typedef struct data_tag {
uint8_t *x;
uint32_t len;
} data_t;
typedef enum {
MBEDTLS_TEST_RESULT_SUCCESS = 0,
MBEDTLS_TEST_RESULT_FAILED,
MBEDTLS_TEST_RESULT_SKIPPED
} mbedtls_test_result_t;
#define MBEDTLS_TEST_LINE_LENGTH 76
typedef struct {
mbedtls_test_result_t result;
const char *test;
const char *filename;
int line_no;
unsigned long step;
char line1[MBEDTLS_TEST_LINE_LENGTH];
char line2[MBEDTLS_TEST_LINE_LENGTH];
#if defined(MBEDTLS_TEST_MUTEX_USAGE)
const char *mutex_usage_error;
#endif
#if defined(MBEDTLS_BIGNUM_C)
unsigned case_uses_negative_0;
#endif
}
mbedtls_test_info_t;
/**
* \brief Get the current test result status
*
* \return The current test result status
*/
mbedtls_test_result_t mbedtls_test_get_result(void);
/**
* \brief Get the current test name/description
*
* \return The current test name/description
*/
const char *mbedtls_test_get_test(void);
/**
* \brief Get the current test filename
*
* \return The current test filename
*/
const char *mbedtls_get_test_filename(void);
/**
* \brief Get the current test file line number (for failure / skip)
*
* \return The current test file line number (for failure / skip)
*/
int mbedtls_test_get_line_no(void);
/**
* \brief Increment the current test step.
*
* \note It is not recommended for multiple threads to call this
* function concurrently - whilst it is entirely thread safe,
* the order of calls to this function can obviously not be
* ensured, so unexpected results may occur.
*/
void mbedtls_test_increment_step(void);
/**
* \brief Get the current test step
*
* \return The current test step
*/
unsigned long mbedtls_test_get_step(void);
/**
* \brief Get the current test line buffer 1
*
* \param line Buffer of minimum size \c MBEDTLS_TEST_LINE_LENGTH,
* which will have line buffer 1 copied to it.
*/
void mbedtls_test_get_line1(char *line);
/**
* \brief Get the current test line buffer 2
*
* \param line Buffer of minimum size \c MBEDTLS_TEST_LINE_LENGTH,
* which will have line buffer 1 copied to it.
*/
void mbedtls_test_get_line2(char *line);
#if defined(MBEDTLS_TEST_MUTEX_USAGE)
/**
* \brief Get the current mutex usage error message
*
* \return The current mutex error message (may be NULL if no error)
*/
const char *mbedtls_test_get_mutex_usage_error(void);
/**
* \brief Set the current mutex usage error message
*
* \note This will only set the mutex error message if one has not
* already been set, or if we are clearing the message (msg is
* NULL)
*
* \param msg Error message to set (can be NULL to clear)
*/
void mbedtls_test_set_mutex_usage_error(const char *msg);
#endif
#if defined(MBEDTLS_BIGNUM_C)
/**
* \brief Get whether the current test is a bignum test that uses
* negative zero.
*
* \return non zero if the current test uses bignum negative zero.
*/
unsigned mbedtls_test_get_case_uses_negative_0(void);
/**
* \brief Indicate that the current test uses bignum negative zero.
*
* \note This function is called if the current test case had an
* input parsed with mbedtls_test_read_mpi() that is a negative
* 0 (`"-"`, `"-0"`, `"-00"`, etc., constructing a result with
* the sign bit set to -1 and the value being all-limbs-0,
* which is not a valid representation in #mbedtls_mpi but is
* tested for robustness). *
*/
void mbedtls_test_increment_case_uses_negative_0(void);
#endif
int mbedtls_test_platform_setup(void);
void mbedtls_test_platform_teardown(void);
/**
* \brief Record the current test case as a failure.
*
* This function can be called directly however it is usually
* called via macros such as TEST_ASSERT, TEST_EQUAL,
* PSA_ASSERT, etc...
*
* \note If the test case was already marked as failed, calling
* `mbedtls_test_fail( )` again will not overwrite any
* previous information about the failure.
*
* \param test Description of the failure or assertion that failed. This
* MUST be a string literal.
* \param line_no Line number where the failure originated.
* \param filename Filename where the failure originated.
*/
void mbedtls_test_fail(const char *test, int line_no, const char *filename);
/**
* \brief Record the current test case as skipped.
*
* This function can be called directly however it is usually
* called via the TEST_ASSUME macro.
*
* \param test Description of the assumption that caused the test case to
* be skipped. This MUST be a string literal.
* \param line_no Line number where the test case was skipped.
* \param filename Filename where the test case was skipped.
*/
void mbedtls_test_skip(const char *test, int line_no, const char *filename);
/**
* \brief Set the test step number for failure reports.
*
* Call this function to display "step NNN" in addition to the
* line number and file name if a test fails. Typically the
* "step number" is the index of a for loop but it can be
* whatever you want.
*
* \note It is not recommended for multiple threads to call this
* function concurrently - whilst it is entirely thread safe,
* the order of calls to this function can obviously not be
* ensured, so unexpected results may occur.
*
* \param step The step number to report.
*/
void mbedtls_test_set_step(unsigned long step);
/**
* \brief Reset mbedtls_test_info to a ready/starting state.
*/
void mbedtls_test_info_reset(void);
#ifdef MBEDTLS_TEST_MUTEX_USAGE
/**
* \brief Get the test info data mutex.
*
* \note This is designed only to be used by threading_helpers to
* avoid a deadlock, not for general access to this mutex.
*
* \return The test info data mutex.
*/
mbedtls_threading_mutex_t *mbedtls_test_get_info_mutex(void);
#endif /* MBEDTLS_TEST_MUTEX_USAGE */
/**
* \brief Record the current test case as a failure if two integers
* have a different value.
*
* This function is usually called via the macro
* #TEST_EQUAL.
*
* \param test Description of the failure or assertion that failed. This
* MUST be a string literal. This normally has the form
* "EXPR1 == EXPR2" where EXPR1 has the value \p value1
* and EXPR2 has the value \p value2.
* \param line_no Line number where the failure originated.
* \param filename Filename where the failure originated.
* \param value1 The first value to compare.
* \param value2 The second value to compare.
*
* \return \c 1 if the values are equal, otherwise \c 0.
*/
int mbedtls_test_equal(const char *test, int line_no, const char *filename,
unsigned long long value1, unsigned long long value2);
/**
* \brief Record the current test case as a failure based
* on comparing two unsigned integers.
*
* This function is usually called via the macro
* #TEST_LE_U.
*
* \param test Description of the failure or assertion that failed. This
* MUST be a string literal. This normally has the form
* "EXPR1 <= EXPR2" where EXPR1 has the value \p value1
* and EXPR2 has the value \p value2.
* \param line_no Line number where the failure originated.
* \param filename Filename where the failure originated.
* \param value1 The first value to compare.
* \param value2 The second value to compare.
*
* \return \c 1 if \p value1 <= \p value2, otherwise \c 0.
*/
int mbedtls_test_le_u(const char *test, int line_no, const char *filename,
unsigned long long value1, unsigned long long value2);
/**
* \brief Record the current test case as a failure based
* on comparing two signed integers.
*
* This function is usually called via the macro
* #TEST_LE_S.
*
* \param test Description of the failure or assertion that failed. This
* MUST be a string literal. This normally has the form
* "EXPR1 <= EXPR2" where EXPR1 has the value \p value1
* and EXPR2 has the value \p value2.
* \param line_no Line number where the failure originated.
* \param filename Filename where the failure originated.
* \param value1 The first value to compare.
* \param value2 The second value to compare.
*
* \return \c 1 if \p value1 <= \p value2, otherwise \c 0.
*/
int mbedtls_test_le_s(const char *test, int line_no, const char *filename,
long long value1, long long value2);
/**
* \brief This function decodes the hexadecimal representation of
* data.
*
* \note The output buffer can be the same as the input buffer. For
* any other overlapping of the input and output buffers, the
* behavior is undefined.
*
* \param obuf Output buffer.
* \param obufmax Size in number of bytes of \p obuf.
* \param ibuf Input buffer.
* \param len The number of unsigned char written in \p obuf. This must
* not be \c NULL.
*
* \return \c 0 on success.
* \return \c -1 if the output buffer is too small or the input string
* is not a valid hexadecimal representation.
*/
int mbedtls_test_unhexify(unsigned char *obuf, size_t obufmax,
const char *ibuf, size_t *len);
void mbedtls_test_hexify(unsigned char *obuf,
const unsigned char *ibuf,
int len);
/**
* \brief Convert hexadecimal digit to an integer.
*
* \param c The digit to convert (`'0'` to `'9'`, `'A'` to `'F'` or
* `'a'` to `'f'`).
* \param[out] uc On success, the value of the digit (0 to 15).
*
* \return 0 on success, -1 if \p c is not a hexadecimal digit.
*/
int mbedtls_test_ascii2uc(const char c, unsigned char *uc);
/**
* Allocate and zeroize a buffer.
*
* If the size if zero, a pointer to a zeroized 1-byte buffer is returned.
*
* For convenience, dies if allocation fails.
*/
unsigned char *mbedtls_test_zero_alloc(size_t len);
/**
* Allocate and fill a buffer from hex data.
*
* The buffer is sized exactly as needed. This allows to detect buffer
* overruns (including overreads) when running the test suite under valgrind.
*
* If the size if zero, a pointer to a zeroized 1-byte buffer is returned.
*
* For convenience, dies if allocation fails.
*/
unsigned char *mbedtls_test_unhexify_alloc(const char *ibuf, size_t *olen);
int mbedtls_test_hexcmp(uint8_t *a, uint8_t *b,
uint32_t a_len, uint32_t b_len);
#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
#include "test/fake_external_rng_for_test.h"
#endif
#if defined(MBEDTLS_TEST_HOOKS)
/**
* \brief Check that only a pure high-level error code is being combined with
* a pure low-level error code as otherwise the resultant error code
* would be corrupted.
*
* \note Both high-level and low-level error codes cannot be greater than
* zero however can be zero. If one error code is zero then the
* other error code is returned even if both codes are zero.
*
* \note If the check fails, fail the test currently being run.
*/
void mbedtls_test_err_add_check(int high, int low,
const char *file, int line);
#endif
#endif /* TEST_HELPERS_H */

250
tests/include/test/macros.h
View File

@ -1,250 +0,0 @@
/**
* \file macros.h
*
* \brief This file contains generic macros for the purpose of testing.
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef TEST_MACROS_H
#define TEST_MACROS_H
#include "mbedtls/build_info.h"
#include <stdlib.h>
#include "mbedtls/platform.h"
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
#include "mbedtls/memory_buffer_alloc.h"
#endif
#include "common.h"
/**
* \brief This macro tests the expression passed to it as a test step or
* individual test in a test case.
*
* It allows a library function to return a value and return an error
* code that can be tested.
*
* Failing the test means:
* - Mark this test case as failed.
* - Print a message identifying the failure.
* - Jump to the \c exit label.
*
* This macro expands to an instruction, not an expression.
* It may jump to the \c exit label.
*
* \param TEST The test expression to be tested.
*/
#define TEST_ASSERT(TEST) \
do { \
if (!(TEST)) \
{ \
mbedtls_test_fail( #TEST, __LINE__, __FILE__); \
goto exit; \
} \
} while (0)
/** This macro asserts fails the test with given output message.
*
* \param MESSAGE The message to be outputed on assertion
*/
#define TEST_FAIL(MESSAGE) \
do { \
mbedtls_test_fail(MESSAGE, __LINE__, __FILE__); \
goto exit; \
} while (0)
/** Evaluate two integer expressions and fail the test case if they have
* different values.
*
* The two expressions should have the same signedness, otherwise the
* comparison is not meaningful if the signed value is negative.
*
* \param expr1 An integral-typed expression to evaluate.
* \param expr2 Another integral-typed expression to evaluate.
*/
#define TEST_EQUAL(expr1, expr2) \
do { \
if (!mbedtls_test_equal( #expr1 " == " #expr2, __LINE__, __FILE__, \
(unsigned long long) (expr1), (unsigned long long) (expr2))) \
goto exit; \
} while (0)
/** Evaluate two unsigned integer expressions and fail the test case
* if they are not in increasing order (left <= right).
*
* \param expr1 An integral-typed expression to evaluate.
* \param expr2 Another integral-typed expression to evaluate.
*/
#define TEST_LE_U(expr1, expr2) \
do { \
if (!mbedtls_test_le_u( #expr1 " <= " #expr2, __LINE__, __FILE__, \
expr1, expr2)) \
goto exit; \
} while (0)
/** Evaluate two signed integer expressions and fail the test case
* if they are not in increasing order (left <= right).
*
* \param expr1 An integral-typed expression to evaluate.
* \param expr2 Another integral-typed expression to evaluate.
*/
#define TEST_LE_S(expr1, expr2) \
do { \
if (!mbedtls_test_le_s( #expr1 " <= " #expr2, __LINE__, __FILE__, \
expr1, expr2)) \
goto exit; \
} while (0)
/** Allocate memory dynamically and fail the test case if this fails.
* The allocated memory will be filled with zeros.
*
* You must set \p pointer to \c NULL before calling this macro and
* put `mbedtls_free(pointer)` in the test's cleanup code.
*
* If \p item_count is zero, the resulting \p pointer will be \c NULL.
* This is usually what we want in tests since API functions are
* supposed to accept null pointers when a buffer size is zero.
*
* This macro expands to an instruction, not an expression.
* It may jump to the \c exit label.
*
* \param pointer An lvalue where the address of the allocated buffer
* will be stored.
* This expression may be evaluated multiple times.
* \param item_count Number of elements to allocate.
* This expression may be evaluated multiple times.
*
*/
#define TEST_CALLOC(pointer, item_count) \
do { \
TEST_ASSERT((pointer) == NULL); \
if ((item_count) != 0) { \
(pointer) = mbedtls_calloc((item_count), \
sizeof(*(pointer))); \
TEST_ASSERT((pointer) != NULL); \
} \
} while (0)
/** Allocate memory dynamically and fail the test case if this fails.
* The allocated memory will be filled with zeros.
*
* You must set \p pointer to \c NULL before calling this macro and
* put `mbedtls_free(pointer)` in the test's cleanup code.
*
* If \p item_count is zero, the resulting \p pointer will not be \c NULL.
*
* This macro expands to an instruction, not an expression.
* It may jump to the \c exit label.
*
* \param pointer An lvalue where the address of the allocated buffer
* will be stored.
* This expression may be evaluated multiple times.
* \param item_count Number of elements to allocate.
* This expression may be evaluated multiple times.
*
* Note: if passing size 0, mbedtls_calloc may return NULL. In this case,
* we reattempt to allocate with the smallest possible buffer to assure a
* non-NULL pointer.
*/
#define TEST_CALLOC_NONNULL(pointer, item_count) \
do { \
TEST_ASSERT((pointer) == NULL); \
(pointer) = mbedtls_calloc((item_count), \
sizeof(*(pointer))); \
if (((pointer) == NULL) && ((item_count) == 0)) { \
(pointer) = mbedtls_calloc(1, 1); \
} \
TEST_ASSERT((pointer) != NULL); \
} while (0)
/* For backwards compatibility */
#define ASSERT_ALLOC(pointer, item_count) TEST_CALLOC(pointer, item_count)
/** Allocate memory dynamically. If the allocation fails, skip the test case.
*
* This macro behaves like #TEST_CALLOC, except that if the allocation
* fails, it marks the test as skipped rather than failed.
*/
#define TEST_CALLOC_OR_SKIP(pointer, item_count) \
do { \
TEST_ASSERT((pointer) == NULL); \
if ((item_count) != 0) { \
(pointer) = mbedtls_calloc((item_count), \
sizeof(*(pointer))); \
TEST_ASSUME((pointer) != NULL); \
} \
} while (0)
/* For backwards compatibility */
#define ASSERT_ALLOC_WEAK(pointer, item_count) TEST_CALLOC_OR_SKIP(pointer, item_count)
/** Compare two buffers and fail the test case if they differ.
*
* This macro expands to an instruction, not an expression.
* It may jump to the \c exit label.
*
* \param p1 Pointer to the start of the first buffer.
* \param size1 Size of the first buffer in bytes.
* This expression may be evaluated multiple times.
* \param p2 Pointer to the start of the second buffer.
* \param size2 Size of the second buffer in bytes.
* This expression may be evaluated multiple times.
*/
#define TEST_MEMORY_COMPARE(p1, size1, p2, size2) \
do { \
TEST_EQUAL((size1), (size2)); \
if ((size1) != 0) { \
TEST_ASSERT(memcmp((p1), (p2), (size1)) == 0); \
} \
} while (0)
/* For backwards compatibility */
#define ASSERT_COMPARE(p1, size1, p2, size2) TEST_MEMORY_COMPARE(p1, size1, p2, size2)
/**
* \brief This macro tests the expression passed to it and skips the
* running test if it doesn't evaluate to 'true'.
*
* \param TEST The test expression to be tested.
*/
#define TEST_ASSUME(TEST) \
do { \
if (!(TEST)) \
{ \
mbedtls_test_skip( #TEST, __LINE__, __FILE__); \
goto exit; \
} \
} while (0)
#define TEST_HELPER_ASSERT(a) if (!(a)) \
{ \
mbedtls_fprintf(stderr, "Assertion Failed at %s:%d - %s\n", \
__FILE__, __LINE__, #a); \
mbedtls_exit(1); \
}
/** Return the smaller of two values.
*
* \param x An integer-valued expression without side effects.
* \param y An integer-valued expression without side effects.
*
* \return The smaller of \p x and \p y.
*/
#define MIN(x, y) ((x) < (y) ? (x) : (y))
/** Return the larger of two values.
*
* \param x An integer-valued expression without side effects.
* \param y An integer-valued expression without side effects.
*
* \return The larger of \p x and \p y.
*/
#define MAX(x, y) ((x) > (y) ? (x) : (y))
#endif /* TEST_MACROS_H */

108
tests/include/test/memory.h
View File

@ -1,108 +0,0 @@
/**
* \file memory.h
*
* \brief Helper macros and functions related to testing memory management.
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef TEST_MEMORY_H
#define TEST_MEMORY_H
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"
#include "test/helpers.h"
/** \def MBEDTLS_TEST_MEMORY_CAN_POISON
*
* This macro is defined if the tests are compiled with a method to mark
* memory as poisoned, which can be used to enforce some memory access
* policies.
*
* Support for the C11 thread_local keyword is also required.
*
* Currently, only Asan (Address Sanitizer) is supported.
*/
#if defined(MBEDTLS_TEST_HAVE_ASAN) && \
(__STDC_VERSION__ >= 201112L) && \
!defined(PSA_CRYPTO_DRIVER_TEST)
# define MBEDTLS_TEST_MEMORY_CAN_POISON
#endif
/** \def MBEDTLS_TEST_MEMORY_POISON(buf, size)
*
* Poison a memory area so that any attempt to read or write from it will
* cause a runtime failure.
*
* Depending on the implementation, this may poison a few bytes beyond the
* indicated region, but will never poison a separate object on the heap
* or a separate object with more than the alignment of a long long.
*
* The behavior is undefined if any part of the memory area is invalid.
*
* This is a no-op in builds without a poisoning method.
* See #MBEDTLS_TEST_MEMORY_CAN_POISON.
*
* \param buf Pointer to the beginning of the memory area to poison.
* \param size Size of the memory area in bytes.
*/
/** \def MBEDTLS_TEST_MEMORY_UNPOISON(buf, size)
*
* Undo the effect of #MBEDTLS_TEST_MEMORY_POISON.
*
* The behavior is undefined if any part of the memory area is invalid,
* or if the memory area contains a mixture of poisoned and unpoisoned parts.
*
* This is a no-op in builds without a poisoning method.
* See #MBEDTLS_TEST_MEMORY_CAN_POISON.
*
* \param buf Pointer to the beginning of the memory area to unpoison.
* \param size Size of the memory area in bytes.
*/
#if defined(MBEDTLS_TEST_MEMORY_CAN_POISON)
/** Thread-local variable used to enable memory poisoning. This is set and
* unset in the test wrappers so that calls to PSA functions from the library
* do not poison memory.
*/
extern _Thread_local unsigned int mbedtls_test_memory_poisoning_count;
/** Poison a memory area so that any attempt to read or write from it will
* cause a runtime failure.
*
* The behavior is undefined if any part of the memory area is invalid.
*/
void mbedtls_test_memory_poison(const unsigned char *ptr, size_t size);
#define MBEDTLS_TEST_MEMORY_POISON(ptr, size) \
do { \
mbedtls_test_memory_poisoning_count++; \
mbedtls_test_memory_poison(ptr, size); \
} while (0)
/** Undo the effect of mbedtls_test_memory_poison().
*
* This is a no-op if the given area is entirely valid, unpoisoned memory.
*
* The behavior is undefined if any part of the memory area is invalid,
* or if the memory area contains a mixture of poisoned and unpoisoned parts.
*/
void mbedtls_test_memory_unpoison(const unsigned char *ptr, size_t size);
#define MBEDTLS_TEST_MEMORY_UNPOISON(ptr, size) \
do { \
mbedtls_test_memory_unpoison(ptr, size); \
if (mbedtls_test_memory_poisoning_count != 0) { \
mbedtls_test_memory_poisoning_count--; \
} \
} while (0)
#else /* MBEDTLS_TEST_MEMORY_CAN_POISON */
#define MBEDTLS_TEST_MEMORY_POISON(ptr, size) ((void) (ptr), (void) (size))
#define MBEDTLS_TEST_MEMORY_UNPOISON(ptr, size) ((void) (ptr), (void) (size))
#endif /* MBEDTLS_TEST_MEMORY_CAN_POISON */
#endif /* TEST_MEMORY_H */

533
tests/include/test/psa_crypto_helpers.h
View File

@ -1,533 +0,0 @@
/*
* Helper functions for tests that use the PSA Crypto API.
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_HELPERS_H
#define PSA_CRYPTO_HELPERS_H
#include "test/helpers.h"
#if (MBEDTLS_VERSION_MAJOR < 4 && defined(MBEDTLS_PSA_CRYPTO_C)) || \
(MBEDTLS_VERSION_MAJOR >= 4 && defined(MBEDTLS_PSA_CRYPTO_CLIENT))
#include "test/psa_helpers.h"
#include <psa/crypto.h>
#endif
#include <mbedtls/ctr_drbg.h>
#if defined(MBEDTLS_PSA_CRYPTO_C)
/** Initialize the PSA Crypto subsystem. */
#define PSA_INIT() PSA_ASSERT(psa_crypto_init())
/** Shut down the PSA Crypto subsystem and destroy persistent keys.
* Expect a clean shutdown, with no slots in use.
*
* If some key slots are still in use, record the test case as failed,
* but continue executing. This macro is suitable (and primarily intended)
* for use in the cleanup section of test functions.
*
* \note Persistent keys must be recorded with #TEST_USES_KEY_ID before
* creating them.
*/
#define PSA_DONE() \
do \
{ \
mbedtls_test_fail_if_psa_leaking(__LINE__, __FILE__); \
mbedtls_test_psa_purge_key_storage(); \
mbedtls_psa_crypto_free(); \
} \
while (0)
#elif MBEDTLS_VERSION_MAJOR >= 4 && defined(MBEDTLS_PSA_CRYPTO_CLIENT)
#define PSA_INIT() PSA_ASSERT(psa_crypto_init())
#define PSA_DONE() mbedtls_psa_crypto_free();
#else /* MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C */
#define PSA_INIT() ((void) 0)
#define PSA_DONE() ((void) 0)
#endif /* MBEDTLS_PSA_CRYPTO_C */
#if (MBEDTLS_VERSION_MAJOR < 4 && defined(MBEDTLS_PSA_CRYPTO_C)) || \
(MBEDTLS_VERSION_MAJOR >= 4 && defined(MBEDTLS_PSA_CRYPTO_CLIENT))
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
/* Internal function for #TEST_USES_KEY_ID. Return 1 on success, 0 on failure. */
int mbedtls_test_uses_key_id(mbedtls_svc_key_id_t key_id);
/** Destroy persistent keys recorded with #TEST_USES_KEY_ID.
*/
void mbedtls_test_psa_purge_key_storage(void);
/** Purge the in-memory cache of persistent keys recorded with
* #TEST_USES_KEY_ID.
*
* Call this function before calling PSA_DONE() if it's ok for
* persistent keys to still exist at this point.
*/
void mbedtls_test_psa_purge_key_cache(void);
/** \def TEST_USES_KEY_ID
*
* Call this macro in a test function before potentially creating a
* persistent key. Test functions that use this mechanism must call
* mbedtls_test_psa_purge_key_storage() in their cleanup code.
*
* This macro records a persistent key identifier as potentially used in the
* current test case. Recorded key identifiers will be cleaned up at the end
* of the test case, even on failure.
*
* This macro has no effect on volatile keys. Therefore, it is safe to call
* this macro in a test function that creates either volatile or persistent
* keys depending on the test data.
*
* This macro currently has no effect on special identifiers
* used to store implementation-specific files.
*
* Calling this macro multiple times on the same key identifier in the same
* test case has no effect.
*
* This macro can fail the test case if there isn't enough memory to
* record the key id.
*
* \param key_id The PSA key identifier to record.
*/
#define TEST_USES_KEY_ID(key_id) \
TEST_ASSERT(mbedtls_test_uses_key_id(key_id))
#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
#define TEST_USES_KEY_ID(key_id) ((void) (key_id))
#define mbedtls_test_psa_purge_key_storage() ((void) 0)
#define mbedtls_test_psa_purge_key_cache() ((void) 0)
#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
/** Check for things that have not been cleaned up properly in the
* PSA subsystem.
*
* \return NULL if nothing has leaked.
* \return A string literal explaining what has not been cleaned up
* if applicable.
*/
const char *mbedtls_test_helper_is_psa_leaking(void);
/** Check that no PSA Crypto key slots are in use.
*
* If any slots are in use, mark the current test as failed and jump to
* the exit label. This is equivalent to
* `TEST_ASSERT( ! mbedtls_test_helper_is_psa_leaking( ) )`
* but with a more informative message.
*/
#define ASSERT_PSA_PRISTINE() \
do \
{ \
if (mbedtls_test_fail_if_psa_leaking(__LINE__, __FILE__)) \
goto exit; \
} \
while (0)
/** Shut down the PSA Crypto subsystem, allowing persistent keys to survive.
* Expect a clean shutdown, with no slots in use.
*
* If some key slots are still in use, record the test case as failed and
* jump to the `exit` label.
*/
#define PSA_SESSION_DONE() \
do \
{ \
mbedtls_test_psa_purge_key_cache(); \
ASSERT_PSA_PRISTINE(); \
mbedtls_psa_crypto_free(); \
} \
while (0)
#if defined(RECORD_PSA_STATUS_COVERAGE_LOG)
psa_status_t mbedtls_test_record_status(psa_status_t status,
const char *func,
const char *file, int line,
const char *expr);
/** Return value logging wrapper macro.
*
* Evaluate \p expr. Write a line recording its value to the log file
* #STATUS_LOG_FILE_NAME and return the value. The line is a colon-separated
* list of fields:
* ```
* value of expr:string:__FILE__:__LINE__:expr
* ```
*
* The test code does not call this macro explicitly because that would
* be very invasive. Instead, we instrument the source code by defining
* a bunch of wrapper macros like
* ```
* #define psa_crypto_init() RECORD_STATUS("psa_crypto_init", psa_crypto_init())
* ```
* These macro definitions must be present in `instrument_record_status.h`
* when building the test suites.
*
* \param string A string, normally a function name.
* \param expr An expression to evaluate, normally a call of the function
* whose name is in \p string. This expression must return
* a value of type #psa_status_t.
* \return The value of \p expr.
*/
#define RECORD_STATUS(string, expr) \
mbedtls_test_record_status((expr), string, __FILE__, __LINE__, #expr)
#include "instrument_record_status.h"
#endif /* defined(RECORD_PSA_STATUS_COVERAGE_LOG) */
/** Return extended key usage policies.
*
* Do a key policy permission extension on key usage policies always involves
* permissions of other usage policies
* (like PSA_KEY_USAGE_SIGN_HASH involves PSA_KEY_USAGE_SIGN_MESSAGE).
*/
psa_key_usage_t mbedtls_test_update_key_usage_flags(psa_key_usage_t usage_flags);
/** Check that no PSA Crypto key slots are in use.
*
* If any slots are in use, mark the current test as failed.
*
* \return 0 if the key store is empty, 1 otherwise.
*/
int mbedtls_test_fail_if_psa_leaking(int line_no, const char *filename);
#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
/* The #MBEDTLS_PSA_INJECT_ENTROPY feature requires two extra platform
* functions, which must be configured as #MBEDTLS_PLATFORM_NV_SEED_READ_MACRO
* and #MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO. The job of these functions
* is to read and write from the entropy seed file, which is located
* in the PSA ITS file whose uid is #PSA_CRYPTO_ITS_RANDOM_SEED_UID.
* (These could have been provided as library functions, but for historical
* reasons, they weren't, and so each integrator has to provide a copy
* of these functions.)
*
* Provide implementations of these functions for testing. */
int mbedtls_test_inject_entropy_seed_read(unsigned char *buf, size_t len);
int mbedtls_test_inject_entropy_seed_write(unsigned char *buf, size_t len);
/** Make sure that the injected entropy is present.
*
* When MBEDTLS_PSA_INJECT_ENTROPY is enabled, psa_crypto_init()
* will fail if the PSA entropy seed is not present.
* This function must be called at least once in a test suite or other
* program before any call to psa_crypto_init().
* It does not need to be called in each test case.
*
* The test framework calls this function before running any test case.
*
* The few tests that might remove the entropy file must call this function
* in their cleanup.
*/
int mbedtls_test_inject_entropy_restore(void);
#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
/** Parse binary string and convert it to a long integer
*/
uint64_t mbedtls_test_parse_binary_string(data_t *bin_string);
/** Skip a test case if the given key is a 192 bits AES key and the AES
* implementation is at least partially provided by an accelerator or
* alternative implementation.
*
* Call this macro in a test case when a cryptographic operation that may
* involve an AES operation returns a #PSA_ERROR_NOT_SUPPORTED error code.
* The macro call will skip and not fail the test case in case the operation
* involves a 192 bits AES key and the AES implementation is at least
* partially provided by an accelerator or alternative implementation.
*
* Hardware AES implementations not supporting 192 bits keys commonly exist.
* Consequently, PSA test cases aim at not failing when an AES operation with
* a 192 bits key performed by an alternative AES implementation returns
* with the #PSA_ERROR_NOT_SUPPORTED error code. The purpose of this macro
* is to facilitate this and make the test case code more readable.
*
* \param key_type Key type
* \param key_bits Key length in number of bits.
*/
#if defined(MBEDTLS_AES_ALT) || \
defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \
defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES)
#define MBEDTLS_TEST_HAVE_ACCEL_AES 1
#else
#define MBEDTLS_TEST_HAVE_ACCEL_AES 0
#endif
#define MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192(key_type, key_bits) \
do \
{ \
if ((MBEDTLS_TEST_HAVE_ACCEL_AES) && \
((key_type) == PSA_KEY_TYPE_AES) && \
(key_bits == 192)) \
{ \
mbedtls_test_skip("AES-192 not supported", __LINE__, __FILE__); \
goto exit; \
} \
} \
while (0)
/** Skip a test case if a GCM operation with a nonce length different from
* 12 bytes fails and was performed by an accelerator or alternative
* implementation.
*
* Call this macro in a test case when an AEAD cryptography operation that
* may involve the GCM mode returns with a #PSA_ERROR_NOT_SUPPORTED error
* code. The macro call will skip and not fail the test case in case the
* operation involves the GCM mode, a nonce with a length different from
* 12 bytes and the GCM mode implementation is an alternative one.
*
* Hardware GCM implementations not supporting nonce lengths different from
* 12 bytes commonly exist, as supporting a non-12-byte nonce requires
* additional computations involving the GHASH function.
* Consequently, PSA test cases aim at not failing when an AEAD operation in
* GCM mode with a nonce length different from 12 bytes is performed by an
* alternative GCM implementation and returns with a #PSA_ERROR_NOT_SUPPORTED
* error code. The purpose of this macro is to facilitate this check and make
* the test case code more readable.
*
* \param alg The AEAD algorithm.
* \param nonce_length The nonce length in number of bytes.
*/
#if defined(MBEDTLS_GCM_ALT) || \
defined(MBEDTLS_PSA_ACCEL_ALG_GCM)
#define MBEDTLS_TEST_HAVE_ACCEL_GCM 1
#else
#define MBEDTLS_TEST_HAVE_ACCEL_GCM 0
#endif
#define MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE(alg, \
nonce_length) \
do \
{ \
if ((MBEDTLS_TEST_HAVE_ACCEL_GCM) && \
(PSA_ALG_AEAD_WITH_SHORTENED_TAG((alg), 0) == \
PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 0)) && \
((nonce_length) != 12)) \
{ \
mbedtls_test_skip("GCM with non-12-byte IV is not supported", __LINE__, __FILE__); \
goto exit; \
} \
} \
while (0)
#endif /* MBEDTLS_PSA_CRYPTO_CLIENT || MBEDTLS_PSA_CRYPTO_C */
#if MBEDTLS_VERSION_MAJOR >= 4
/* Legacy PSA_INIT() / PSA_DONE() variants from 3.6 */
#define USE_PSA_INIT() PSA_INIT()
#define USE_PSA_DONE() PSA_DONE()
#define MD_PSA_INIT() PSA_INIT()
#define MD_PSA_DONE() PSA_DONE()
#define BLOCK_CIPHER_PSA_INIT() PSA_INIT()
#define BLOCK_CIPHER_PSA_DONE() PSA_DONE()
#define MD_OR_USE_PSA_INIT() PSA_INIT()
#define MD_OR_USE_PSA_DONE() PSA_DONE()
#define AES_PSA_INIT() PSA_INIT()
#define AES_PSA_DONE() PSA_DONE()
#else /* MBEDTLS_VERSION_MAJOR < 4 */
/** \def USE_PSA_INIT
*
* Call this macro to initialize the PSA subsystem if #MBEDTLS_USE_PSA_CRYPTO
* or #MBEDTLS_SSL_PROTO_TLS1_3 (In contrast to TLS 1.2 implementation, the
* TLS 1.3 one uses PSA independently of the definition of
* #MBEDTLS_USE_PSA_CRYPTO) is enabled and do nothing otherwise.
*
* If the initialization fails, mark the test case as failed and jump to the
* \p exit label.
*/
/** \def USE_PSA_DONE
*
* Call this macro at the end of a test case if you called #USE_PSA_INIT.
*
* This is like #PSA_DONE except it does nothing under the same conditions as
* #USE_PSA_INIT.
*/
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#define USE_PSA_INIT() PSA_INIT()
#define USE_PSA_DONE() PSA_DONE()
#elif defined(MBEDTLS_SSL_PROTO_TLS1_3)
/* TLS 1.3 must work without having called psa_crypto_init(), for backward
* compatibility with Mbed TLS <= 3.5 when connecting with a peer that
* supports both TLS 1.2 and TLS 1.3. See mbedtls_ssl_tls13_crypto_init()
* and https://github.com/Mbed-TLS/mbedtls/issues/9072 . */
#define USE_PSA_INIT() ((void) 0)
/* TLS 1.3 may have initialized the PSA subsystem. Shut it down cleanly,
* otherwise Asan and Valgrind would notice a resource leak. */
#define USE_PSA_DONE() PSA_DONE()
#else /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
/* Define empty macros so that we can use them in the preamble and teardown
* of every test function that uses PSA conditionally based on
* MBEDTLS_USE_PSA_CRYPTO. */
#define USE_PSA_INIT() ((void) 0)
#define USE_PSA_DONE() ((void) 0)
#endif /* !MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_SSL_PROTO_TLS1_3 */
/** \def MD_PSA_INIT
*
* Call this macro to initialize the PSA subsystem if MD uses a driver,
* and do nothing otherwise.
*
* If the initialization fails, mark the test case as failed and jump to the
* \p exit label.
*/
/** \def MD_PSA_DONE
*
* Call this macro at the end of a test case if you called #MD_PSA_INIT.
*
* This is like #PSA_DONE except it does nothing under the same conditions as
* #MD_PSA_INIT.
*/
#if defined(MBEDTLS_MD_SOME_PSA)
#define MD_PSA_INIT() PSA_INIT()
#define MD_PSA_DONE() PSA_DONE()
#else /* MBEDTLS_MD_SOME_PSA */
#define MD_PSA_INIT() ((void) 0)
#define MD_PSA_DONE() ((void) 0)
#endif /* MBEDTLS_MD_SOME_PSA */
/** \def BLOCK_CIPHER_PSA_INIT
*
* Call this macro to initialize the PSA subsystem if BLOCK_CIPHER uses a driver,
* and do nothing otherwise.
*
* If the initialization fails, mark the test case as failed and jump to the
* \p exit label.
*/
/** \def BLOCK_CIPHER_PSA_DONE
*
* Call this macro at the end of a test case if you called #BLOCK_CIPHER_PSA_INIT.
*
* This is like #PSA_DONE except it does nothing under the same conditions as
* #BLOCK_CIPHER_PSA_INIT.
*/
#if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA)
#define BLOCK_CIPHER_PSA_INIT() PSA_INIT()
#define BLOCK_CIPHER_PSA_DONE() PSA_DONE()
#else /* MBEDTLS_MD_SOME_PSA */
#define BLOCK_CIPHER_PSA_INIT() ((void) 0)
#define BLOCK_CIPHER_PSA_DONE() ((void) 0)
#endif /* MBEDTLS_MD_SOME_PSA */
/** \def MD_OR_USE_PSA_INIT
*
* Call this macro to initialize the PSA subsystem if MD uses a driver,
* or if #MBEDTLS_USE_PSA_CRYPTO or #MBEDTLS_SSL_PROTO_TLS1_3 is enabled,
* and do nothing otherwise.
*
* If the initialization fails, mark the test case as failed and jump to the
* \p exit label.
*/
/** \def MD_OR_USE_PSA_DONE
*
* Call this macro at the end of a test case if you called #MD_OR_USE_PSA_INIT.
*
* This is like #PSA_DONE except it does nothing under the same conditions as
* #MD_OR_USE_PSA_INIT.
*/
#if defined(MBEDTLS_MD_SOME_PSA)
#define MD_OR_USE_PSA_INIT() PSA_INIT()
#define MD_OR_USE_PSA_DONE() PSA_DONE()
#else
#define MD_OR_USE_PSA_INIT() USE_PSA_INIT()
#define MD_OR_USE_PSA_DONE() USE_PSA_DONE()
#endif
/** \def AES_PSA_INIT
*
* Call this macro to initialize the PSA subsystem if AES_C is not defined,
* so that CTR_DRBG uses PSA implementation to get AES-ECB.
*
* If the initialization fails, mark the test case as failed and jump to the
* \p exit label.
*/
/** \def AES_PSA_DONE
*
* Call this macro at the end of a test case if you called #AES_PSA_INIT.
*
* This is like #PSA_DONE except it does nothing under the same conditions as
* #AES_PSA_INIT.
*/
#if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO)
#define AES_PSA_INIT() PSA_INIT()
#define AES_PSA_DONE() PSA_DONE()
#else /* MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO */
#define AES_PSA_INIT() ((void) 0)
#define AES_PSA_DONE() ((void) 0)
#endif /* MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO */
#endif /* MBEDTLS_VERSION_MAJOR >= 4 */
#if !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) && \
defined(MBEDTLS_CTR_DRBG_C) && \
defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO)
/* When AES_C is not defined and PSA does not have an external RNG,
* then CTR_DRBG uses PSA to perform AES-ECB. In this scenario 1 key
* slot is used internally from PSA to hold the AES key and it should
* not be taken into account when evaluating remaining open slots. */
#define MBEDTLS_TEST_PSA_INTERNAL_KEYS_FOR_DRBG 1
#else
#define MBEDTLS_TEST_PSA_INTERNAL_KEYS_FOR_DRBG 0
#endif
/** The number of volatile keys that PSA crypto uses internally.
*
* We expect that many volatile keys to be in use after a successful
* psa_crypto_init().
*/
#define MBEDTLS_TEST_PSA_INTERNAL_KEYS \
MBEDTLS_TEST_PSA_INTERNAL_KEYS_FOR_DRBG
/* A couple of helper macros to verify if MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE is
* large enough to contain an RSA key pair of the given size. This is meant to be
* used in test cases where MBEDTLS_PSA_STATIC_KEY_SLOTS is enabled. */
#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
#if (MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE >= PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(4096))
#define MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_4096
#endif
#if (MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE >= PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(2048))
#define MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_2048
#endif
#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
/* Helper macro to get the size of the each key slot buffer. */
#if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS)
#define MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE
#else
#define MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE SIZE_MAX
#endif
/* Helper macro for the PK module to check whether MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE
* is large enough to contain 4096-bit RSA key pairs. Of course this check is only
* necessary if PK relies on PSA (i.e. MBEDTLS_USE_PSA_CRYPTO) to store and manage
* the key. */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#if !defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) || \
defined(MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_4096)
#define MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
#endif
#else /* MBEDTLS_USE_PSA_CRYPTO */
#define MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* PSA_CRYPTO_HELPERS_H */

286
tests/include/test/psa_exercise_key.h
View File

@ -1,286 +0,0 @@
/** Code to exercise a PSA key object, i.e. validate that it seems well-formed
* and can do what it is supposed to do.
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_EXERCISE_KEY_H
#define PSA_EXERCISE_KEY_H
#include "test/helpers.h"
#include "test/psa_crypto_helpers.h"
#include <psa/crypto.h>
#if defined(MBEDTLS_PK_C)
#include <mbedtls/pk.h>
#endif
/** \def KNOWN_SUPPORTED_HASH_ALG
*
* A hash algorithm that is known to be supported.
*
* This is used in some smoke tests.
*/
#if defined(PSA_WANT_ALG_SHA_256)
#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_256
#elif defined(PSA_WANT_ALG_SHA_384)
#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_384
#elif defined(PSA_WANT_ALG_SHA_512)
#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_512
#elif defined(PSA_WANT_ALG_SHA3_256)
#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA3_256
#elif defined(PSA_WANT_ALG_SHA_1)
#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_1
#elif defined(PSA_WANT_ALG_MD5)
#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_MD5
/* PSA_WANT_ALG_RIPEMD160 omitted. This is necessary for the sake of
* exercise_signature_key() because Mbed TLS doesn't support RIPEMD160
* in RSA PKCS#1v1.5 signatures. A RIPEMD160-only configuration would be
* implausible anyway. */
#else
#undef KNOWN_SUPPORTED_HASH_ALG
#endif
/** \def KNOWN_SUPPORTED_BLOCK_CIPHER
*
* A block cipher that is known to be supported.
*
* For simplicity's sake, stick to block ciphers with 16-byte blocks.
*/
#if defined(PSA_WANT_KEY_TYPE_AES)
#define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_AES
#elif defined(PSA_WANT_KEY_TYPE_ARIA)
#define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_ARIA
#elif defined(PSA_WANT_KEY_TYPE_CAMELLIA)
#define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_CAMELLIA
#else
#undef KNOWN_SUPPORTED_BLOCK_CIPHER
#endif
/** \def KNOWN_SUPPORTED_MAC_ALG
*
* A MAC mode that is known to be supported.
*
* It must either be HMAC with #KNOWN_SUPPORTED_HASH_ALG or
* a block cipher-based MAC with #KNOWN_SUPPORTED_BLOCK_CIPHER.
*
* This is used in some smoke tests.
*/
#if defined(KNOWN_SUPPORTED_HASH_ALG) && defined(PSA_WANT_ALG_HMAC)
#define KNOWN_SUPPORTED_MAC_ALG (PSA_ALG_HMAC(KNOWN_SUPPORTED_HASH_ALG))
#define KNOWN_SUPPORTED_MAC_KEY_TYPE PSA_KEY_TYPE_HMAC
#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CMAC_C)
#define KNOWN_SUPPORTED_MAC_ALG PSA_ALG_CMAC
#define KNOWN_SUPPORTED_MAC_KEY_TYPE KNOWN_SUPPORTED_BLOCK_CIPHER
#else
#undef KNOWN_SUPPORTED_MAC_ALG
#undef KNOWN_SUPPORTED_MAC_KEY_TYPE
#endif
/** \def KNOWN_SUPPORTED_BLOCK_CIPHER_ALG
*
* A cipher algorithm and key type that are known to be supported.
*
* This is used in some smoke tests.
*/
#if defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(PSA_WANT_ALG_CTR)
#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_CTR
#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(PSA_WANT_ALG_CBC_NO_PADDING)
#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_CBC_NO_PADDING
#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(PSA_WANT_ALG_CFB)
#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_CFB
#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(PSA_WANT_ALG_OFB)
#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_OFB
#else
#undef KNOWN_SUPPORTED_BLOCK_CIPHER_ALG
#endif
#if defined(KNOWN_SUPPORTED_BLOCK_CIPHER_ALG)
#define KNOWN_SUPPORTED_CIPHER_ALG KNOWN_SUPPORTED_BLOCK_CIPHER_ALG
#define KNOWN_SUPPORTED_CIPHER_KEY_TYPE KNOWN_SUPPORTED_BLOCK_CIPHER
#else
#undef KNOWN_SUPPORTED_CIPHER_ALG
#undef KNOWN_SUPPORTED_CIPHER_KEY_TYPE
#endif
/** Convenience function to set up a key derivation.
*
* In case of failure, mark the current test case as failed.
*
* The inputs \p input1 and \p input2 are, in order:
* - HKDF: salt, info.
* - TKS 1.2 PRF, TLS 1.2 PSK-to-MS: seed, label.
* - PBKDF2: input cost, salt.
*
* \param operation The operation object to use.
* It must be in the initialized state.
* \param key The key to use.
* \param alg The algorithm to use.
* \param input1 The first input to pass.
* \param input1_length The length of \p input1 in bytes.
* \param input2 The first input to pass.
* \param input2_length The length of \p input2 in bytes.
* \param capacity The capacity to set.
* \param key_destroyable If set to 1, a failure due to the key not existing
* or the key being destroyed mid-operation will only
* be reported if the error code is unexpected.
*
* \return \c 1 on success, \c 0 on failure.
*/
int mbedtls_test_psa_setup_key_derivation_wrap(
psa_key_derivation_operation_t *operation,
mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
const unsigned char *input1, size_t input1_length,
const unsigned char *input2, size_t input2_length,
size_t capacity, int key_destroyable);
/** Perform a key agreement using the given key pair against its public key
* using psa_raw_key_agreement() and psa_key_agreement().
*
* The result is discarded. The purpose of this function is to smoke-test a key.
*
* In case of failure, mark the current test case as failed.
*
* \param alg A key agreement algorithm compatible with \p key.
* \param key A key that allows key agreement with \p alg.
* \param key_destroyable If set to 1, a failure due to the key not existing
* or the key being destroyed mid-operation will only
* be reported if the error code is unexpected.
*
* \return \c 1 on success, \c 0 on failure.
*/
psa_status_t mbedtls_test_psa_raw_key_agreement_with_self(
psa_algorithm_t alg,
mbedtls_svc_key_id_t key, int key_destroyable);
/** Perform a key agreement using the given key pair against its public key
* using psa_key_derivation_raw_key().
*
* The result is discarded. The purpose of this function is to smoke-test a key.
*
* In case of failure, mark the current test case as failed.
*
* \param operation An operation that has been set up for a key
* agreement algorithm that is compatible with
* \p key.
* \param key A key pair object that is suitable for a key
* agreement with \p operation.
* \param key_destroyable If set to 1, a failure due to the key not existing
* or the key being destroyed mid-operation will only
* be reported if the error code is unexpected.
*
* \return \c 1 on success, \c 0 on failure.
*/
psa_status_t mbedtls_test_psa_key_agreement_with_self(
psa_key_derivation_operation_t *operation,
mbedtls_svc_key_id_t key, int key_destroyable);
/** Perform sanity checks on the given key representation.
*
* If any of the checks fail, mark the current test case as failed.
*
* The checks depend on the key type.
* - All types: check the export size against maximum-size macros.
* - DES: parity bits.
* - RSA: check the ASN.1 structure and the size and parity of the integers.
* - ECC private or public key: exact representation length.
* - Montgomery public key: first byte.
*
* \param type The key type.
* \param bits The key size in bits.
* \param exported A buffer containing the key representation.
* \param exported_length The length of \p exported in bytes.
*
* \return \c 1 if all checks passed, \c 0 on failure.
*/
int mbedtls_test_psa_exported_key_sanity_check(
psa_key_type_t type, size_t bits,
const uint8_t *exported, size_t exported_length);
/** Do smoke tests on a key.
*
* Perform one of each operation indicated by \p alg (decrypt/encrypt,
* sign/verify, or derivation) that is permitted according to \p usage.
* \p usage and \p alg should correspond to the expected policy on the
* key.
*
* Export the key if permitted by \p usage, and check that the output
* looks sensible. If \p usage forbids export, check that
* \p psa_export_key correctly rejects the attempt. If the key is
* asymmetric, also check \p psa_export_public_key.
*
* If the key fails the tests, this function calls the test framework's
* `mbedtls_test_fail` function and returns false. Otherwise this function
* returns true. Therefore it should be used as follows:
* ```
* if( ! exercise_key( ... ) ) goto exit;
* ```
* To use this function for multi-threaded tests where the key
* may be destroyed at any point: call this function with key_destroyable set
* to 1, while another thread calls psa_destroy_key on the same key;
* this will test whether destroying the key in use leads to any corruption.
*
* There cannot be a set of concurrent calls:
* `mbedtls_test_psa_exercise_key(ki,...)` such that each ki is a unique
* persistent key not loaded into any key slot, and i is greater than the
* number of free key slots.
* This is because such scenarios can lead to unsupported
* `PSA_ERROR_INSUFFICIENT_MEMORY` return codes.
*
*
* \param key The key to exercise. It should be capable of performing
* \p alg.
* \param usage The usage flags to assume.
* \param alg The algorithm to exercise.
* \param key_destroyable If set to 1, a failure due to the key not existing
* or the key being destroyed mid-operation will only
* be reported if the error code is unexpected.
*
* \retval 0 The key failed the smoke tests.
* \retval 1 The key passed the smoke tests.
*/
int mbedtls_test_psa_exercise_key(mbedtls_svc_key_id_t key,
psa_key_usage_t usage,
psa_algorithm_t alg,
int key_destroyable);
psa_key_usage_t mbedtls_test_psa_usage_to_exercise(psa_key_type_t type,
psa_algorithm_t alg);
/** Whether the specified algorithm can be exercised.
*
* \note This function is solely based on the algorithm and does not
* consider potential issues with the compatibility of a key.
* The idea is that you already have a key, so you know that the
* key type is supported, and you want to exercise the key but
* only if the algorithm given in its policy is enabled in the
* compile-time configuration.
*
* \note This function currently only supports signature algorithms
* (including wildcards).
* TODO: a more general mechanism, which should be automatically
* generated and possibly available as a library function?
*/
int mbedtls_test_can_exercise_psa_algorithm(psa_algorithm_t alg);
#if defined(MBEDTLS_PK_C)
/** PK-PSA key consistency test.
*
* This function tests that the pk context and the PSA key are
* consistent. At a minimum:
*
* - The two objects must contain keys of the same type,
* or a key pair and a public key of the matching type.
* - The two objects must have the same public key.
*
* \retval 0 The key failed the consistency tests.
* \retval 1 The key passed the consistency tests.
*/
int mbedtls_test_key_consistency_psa_pk(mbedtls_svc_key_id_t psa_key,
const mbedtls_pk_context *pk);
#endif /* MBEDTLS_PK_C */
#endif /* PSA_EXERCISE_KEY_H */

24
tests/include/test/psa_helpers.h
View File

@ -1,24 +0,0 @@
/*
* Helper functions for tests that use any PSA API.
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_HELPERS_H
#define PSA_HELPERS_H
#if defined(MBEDTLS_PSA_CRYPTO_SPM)
#include "spm/psa_defs.h"
#endif
/** Evaluate an expression and fail the test case if it returns an error.
*
* \param expr The expression to evaluate. This is typically a call
* to a \c psa_xxx function that returns a value of type
* #psa_status_t.
*/
#define PSA_ASSERT(expr) TEST_EQUAL((expr), PSA_SUCCESS)
#endif /* PSA_HELPERS_H */

40
tests/include/test/psa_memory_poisoning_wrappers.h
View File

@ -1,40 +0,0 @@
/** Support for memory poisoning wrappers for PSA functions.
*
* The wrappers poison the input and output buffers of each function
* before calling it, to ensure that it does not access the buffers
* except by calling the approved buffer-copying functions.
*
* This header declares support functions. The wrappers themselves are
* decalred in the automatically generated file `test/psa_test_wrappers.h`.
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_MEMORY_POISONING_WRAPPERS_H
#define PSA_MEMORY_POISONING_WRAPPERS_H
#include "psa/crypto.h"
#include "test/memory.h"
#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_TEST_MEMORY_CAN_POISON)
/**
* \brief Setup the memory poisoning test hooks used by
* psa_crypto_copy_input() and psa_crypto_copy_output() for
* memory poisoning.
*/
void mbedtls_poison_test_hooks_setup(void);
/**
* \brief Teardown the memory poisoning test hooks used by
* psa_crypto_copy_input() and psa_crypto_copy_output() for
* memory poisoning.
*/
void mbedtls_poison_test_hooks_teardown(void);
#endif /* MBEDTLS_TEST_HOOKS && MBEDTLS_TEST_MEMORY_CAN_POISON */
#endif /* PSA_MEMORY_POISONING_WRAPPERS_H */

91
tests/include/test/random.h
View File

@ -1,91 +0,0 @@
/**
* \file random.h
*
* \brief This file contains the prototypes of helper functions to generate
* random numbers for the purpose of testing.
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef TEST_RANDOM_H
#define TEST_RANDOM_H
#include "mbedtls/build_info.h"
#include <stddef.h>
#include <stdint.h>
typedef struct {
unsigned char *buf; /* Pointer to a buffer of length bytes. */
size_t length;
/* If fallback_f_rng is NULL, fail after delivering length bytes. */
int (*fallback_f_rng)(void *, unsigned char *, size_t);
void *fallback_p_rng;
} mbedtls_test_rnd_buf_info;
/**
* Info structure for the pseudo random function
*
* Key should be set at the start to a test-unique value.
* Do not forget endianness!
* State( v0, v1 ) should be set to zero.
*/
typedef struct {
uint32_t key[16];
uint32_t v0, v1;
} mbedtls_test_rnd_pseudo_info;
/**
* This function just returns data from rand().
* Although predictable and often similar on multiple
* runs, this does not result in identical random on
* each run. So do not use this if the results of a
* test depend on the random data that is generated.
*
* rng_state shall be NULL.
*/
int mbedtls_test_rnd_std_rand(void *rng_state,
unsigned char *output,
size_t len);
/**
* This function only returns zeros.
*
* \p rng_state shall be \c NULL.
*/
int mbedtls_test_rnd_zero_rand(void *rng_state,
unsigned char *output,
size_t len);
/**
* This function returns random data based on a buffer it receives.
*
* \p rng_state shall be a pointer to a #mbedtls_test_rnd_buf_info structure.
*
* The number of bytes released from the buffer on each call to
* the random function is specified by \p len.
*
* After the buffer is empty, this function will call the fallback RNG in the
* #mbedtls_test_rnd_buf_info structure if there is one, and
* will return #MBEDTLS_ERR_ENTROPY_SOURCE_FAILED otherwise.
*/
int mbedtls_test_rnd_buffer_rand(void *rng_state,
unsigned char *output,
size_t len);
/**
* This function returns random based on a pseudo random function.
* This means the results should be identical on all systems.
* Pseudo random is based on the XTEA encryption algorithm to
* generate pseudorandom.
*
* \p rng_state shall be a pointer to a #mbedtls_test_rnd_pseudo_info structure.
*/
int mbedtls_test_rnd_pseudo_rand(void *rng_state,
unsigned char *output,
size_t len);
#endif /* TEST_RANDOM_H */

112
tests/include/test/threading_helpers.h
View File

@ -1,112 +0,0 @@
/**
* \file threading_helpers.h
*
* \brief This file contains the prototypes of helper functions for the purpose
* of testing threading.
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef THREADING_HELPERS_H
#define THREADING_HELPERS_H
#if defined MBEDTLS_THREADING_C
#include "mbedtls/private_access.h"
#include "mbedtls/build_info.h"
/* Most fields of publicly available structs are private and are wrapped with
* MBEDTLS_PRIVATE macro. This define allows tests to access the private fields
* directly (without using the MBEDTLS_PRIVATE wrapper). */
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#define MBEDTLS_ERR_THREADING_THREAD_ERROR -0x001F
#if defined(MBEDTLS_THREADING_PTHREAD)
#include <pthread.h>
#endif /* MBEDTLS_THREADING_PTHREAD */
#if defined(MBEDTLS_THREADING_ALT)
/* You should define the mbedtls_test_thread_t type in your header */
#include "threading_alt.h"
/**
* \brief Set your alternate threading implementation
* function pointers for test threads. If used, this
* function must be called once in the main thread
* before any other MbedTLS function is called.
*
* \note These functions are part of the testing API only and
* thus not considered part of the public API of
* MbedTLS and thus may change without notice.
*
* \param thread_create The thread create function implementation.
* \param thread_join The thread join function implementation.
*/
void mbedtls_test_thread_set_alt(int (*thread_create)(mbedtls_test_thread_t *thread,
void *(*thread_func)(
void *),
void *thread_data),
int (*thread_join)(mbedtls_test_thread_t *thread));
#else /* MBEDTLS_THREADING_ALT*/
typedef struct mbedtls_test_thread_t {
#if defined(MBEDTLS_THREADING_PTHREAD)
pthread_t MBEDTLS_PRIVATE(thread);
#else /* MBEDTLS_THREADING_PTHREAD */
/* Make sure this struct is always non-empty */
unsigned dummy;
#endif
} mbedtls_test_thread_t;
#endif /* MBEDTLS_THREADING_ALT*/
/**
* \brief The function pointers for thread create and thread
* join.
*
* \note These functions are part of the testing API only
* and thus not considered part of the public API of
* MbedTLS and thus may change without notice.
*
* \note All these functions are expected to work or
* the result will be undefined.
*/
extern int (*mbedtls_test_thread_create)(mbedtls_test_thread_t *thread,
void *(*thread_func)(void *), void *thread_data);
extern int (*mbedtls_test_thread_join)(mbedtls_test_thread_t *thread);
#if defined(MBEDTLS_THREADING_PTHREAD) && defined(MBEDTLS_TEST_HOOKS)
#define MBEDTLS_TEST_MUTEX_USAGE
#endif
#if defined(MBEDTLS_TEST_MUTEX_USAGE)
/**
* Activate the mutex usage verification framework. See threading_helpers.c for
* information.
*/
void mbedtls_test_mutex_usage_init(void);
/**
* Deactivate the mutex usage verification framework. See threading_helpers.c
* for information.
*/
void mbedtls_test_mutex_usage_end(void);
/**
* Call this function after executing a test case to check for mutex usage
* errors.
*/
void mbedtls_test_mutex_usage_check(void);
#endif /* MBEDTLS_TEST_MUTEX_USAGE */
#endif /* MBEDTLS_THREADING_C */
#endif /* THREADING_HELPERS_H */

64
tests/src/asn1_helpers.c
View File

@ -1,64 +0,0 @@
/** \file asn1_helpers.c
*
* \brief Helper functions for tests that manipulate ASN.1 data.
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include <test/helpers.h>
#include <test/macros.h>
#if defined(MBEDTLS_ASN1_PARSE_C)
#include <mbedtls/asn1.h>
#include <test/asn1_helpers.h>
int mbedtls_test_asn1_skip_integer(unsigned char **p, const unsigned char *end,
size_t min_bits, size_t max_bits,
int must_be_odd)
{
size_t len;
size_t actual_bits;
unsigned char msb;
TEST_EQUAL(mbedtls_asn1_get_tag(p, end, &len,
MBEDTLS_ASN1_INTEGER),
0);
/* Check if the retrieved length doesn't extend the actual buffer's size.
* It is assumed here, that end >= p, which validates casting to size_t. */
TEST_ASSERT(len <= (size_t) (end - *p));
/* Tolerate a slight departure from DER encoding:
* - 0 may be represented by an empty string or a 1-byte string.
* - The sign bit may be used as a value bit. */
if ((len == 1 && (*p)[0] == 0) ||
(len > 1 && (*p)[0] == 0 && ((*p)[1] & 0x80) != 0)) {
++(*p);
--len;
}
if (min_bits == 0 && len == 0) {
return 1;
}
msb = (*p)[0];
TEST_ASSERT(msb != 0);
actual_bits = 8 * (len - 1);
while (msb != 0) {
msb >>= 1;
++actual_bits;
}
TEST_ASSERT(actual_bits >= min_bits);
TEST_ASSERT(actual_bits <= max_bits);
if (must_be_odd) {
TEST_ASSERT(((*p)[len-1] & 1) != 0);
}
*p += len;
return 1;
exit:
return 0;
}
#endif /* MBEDTLS_ASN1_PARSE_C */

38
tests/src/bignum_codepath_check.c
View File

@ -1,38 +0,0 @@
/** Support for path tracking in optionally safe bignum functions
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "test/bignum_codepath_check.h"
#include "bignum_core_invasive.h"
#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C)
int mbedtls_codepath_check = MBEDTLS_MPI_IS_TEST;
static void mbedtls_codepath_take_safe(void)
{
if (mbedtls_codepath_check == MBEDTLS_MPI_IS_TEST) {
mbedtls_codepath_check = MBEDTLS_MPI_IS_SECRET;
}
}
static void mbedtls_codepath_take_unsafe(void)
{
mbedtls_codepath_check = MBEDTLS_MPI_IS_PUBLIC;
}
void mbedtls_codepath_test_hooks_setup(void)
{
mbedtls_safe_codepath_hook = mbedtls_codepath_take_safe;
mbedtls_unsafe_codepath_hook = mbedtls_codepath_take_unsafe;
}
void mbedtls_codepath_test_hooks_teardown(void)
{
mbedtls_safe_codepath_hook = NULL;
mbedtls_unsafe_codepath_hook = NULL;
}
#endif /* MBEDTLS_TEST_HOOKS && !MBEDTLS_THREADING_C */

145
tests/src/bignum_helpers.c
View File

@ -1,145 +0,0 @@
/**
* \file bignum_helpers.c
*
* \brief This file contains the prototypes of helper functions for
* bignum-related testing.
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#include <test/bignum_helpers.h>
#if defined(MBEDTLS_BIGNUM_C)
#include <stdlib.h>
#include <string.h>
#include <mbedtls/bignum.h>
#include <bignum_core.h>
#include <bignum_mod.h>
#include <bignum_mod_raw.h>
#include <test/helpers.h>
#include <test/macros.h>
int mbedtls_test_read_mpi_core(mbedtls_mpi_uint **pX, size_t *plimbs,
const char *input)
{
/* Sanity check */
if (*pX != NULL) {
return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
}
size_t hex_len = strlen(input);
size_t byte_len = (hex_len + 1) / 2;
*plimbs = CHARS_TO_LIMBS(byte_len);
/* A core bignum is not allowed to be empty. Forbid it as test data,
* this way static analyzers have a chance of knowing we don't expect
* the bignum functions to support empty inputs. */
if (*plimbs == 0) {
return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
}
*pX = mbedtls_calloc(*plimbs, sizeof(**pX));
if (*pX == NULL) {
return MBEDTLS_ERR_MPI_ALLOC_FAILED;
}
unsigned char *byte_start = (unsigned char *) *pX;
if (byte_len % sizeof(mbedtls_mpi_uint) != 0) {
byte_start += sizeof(mbedtls_mpi_uint) - byte_len % sizeof(mbedtls_mpi_uint);
}
if ((hex_len & 1) != 0) {
/* mbedtls_test_unhexify wants an even number of hex digits */
TEST_ASSERT(mbedtls_test_ascii2uc(*input, byte_start) == 0);
++byte_start;
++input;
--byte_len;
}
TEST_ASSERT(mbedtls_test_unhexify(byte_start,
byte_len,
input,
&byte_len) == 0);
mbedtls_mpi_core_bigendian_to_host(*pX, *plimbs);
return 0;
exit:
mbedtls_free(*pX);
return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
}
#if defined(MBEDTLS_ECP_WITH_MPI_UINT)
int mbedtls_test_read_mpi_modulus(mbedtls_mpi_mod_modulus *N,
const char *s,
mbedtls_mpi_mod_rep_selector int_rep)
{
mbedtls_mpi_uint *p = NULL;
size_t limbs = 0;
if (N->limbs != 0) {
return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
}
int ret = mbedtls_test_read_mpi_core(&p, &limbs, s);
if (ret != 0) {
return ret;
}
switch (int_rep) {
case MBEDTLS_MPI_MOD_REP_MONTGOMERY:
ret = mbedtls_mpi_mod_modulus_setup(N, p, limbs);
break;
case MBEDTLS_MPI_MOD_REP_OPT_RED:
ret = mbedtls_mpi_mod_optred_modulus_setup(N, p, limbs, NULL);
break;
default:
ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
break;
}
if (ret != 0) {
mbedtls_free(p);
}
return ret;
}
void mbedtls_test_mpi_mod_modulus_free_with_limbs(mbedtls_mpi_mod_modulus *N)
{
mbedtls_free((mbedtls_mpi_uint *) N->p);
mbedtls_mpi_mod_modulus_free(N);
}
#endif /* MBEDTLS_ECP_WITH_MPI_UINT */
int mbedtls_test_read_mpi(mbedtls_mpi *X, const char *s)
{
int negative = 0;
/* Always set the sign bit to -1 if the input has a minus sign, even for 0.
* This creates an invalid representation, which mbedtls_mpi_read_string()
* avoids but we want to be able to create that in test data. */
if (s[0] == '-') {
++s;
negative = 1;
}
/* mbedtls_mpi_read_string() currently retains leading zeros.
* It always allocates at least one limb for the value 0. */
if (s[0] == 0) {
mbedtls_mpi_free(X);
return 0;
}
int ret = mbedtls_mpi_read_string(X, 16, s);
if (ret != 0) {
return ret;
}
if (negative) {
if (mbedtls_mpi_cmp_int(X, 0) == 0) {
mbedtls_test_increment_case_uses_negative_0();
}
X->s = -1;
}
return 0;
}
#endif /* MBEDTLS_BIGNUM_C */

203
tests/src/drivers/hash.c
View File

@ -1,203 +0,0 @@
/*
* Test driver for hash entry points.
*/
/* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include <test/helpers.h>
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include "psa_crypto_hash.h"
#include "test/drivers/hash.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
#if MBEDTLS_VERSION_MAJOR < 4
#include "libtestdriver1/library/psa_crypto_hash.h"
#else
#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_hash.h"
#endif
#endif
mbedtls_test_driver_hash_hooks_t
mbedtls_test_driver_hash_hooks = MBEDTLS_TEST_DRIVER_HASH_INIT;
psa_status_t mbedtls_test_transparent_hash_compute(
psa_algorithm_t alg,
const uint8_t *input, size_t input_length,
uint8_t *hash, size_t hash_size, size_t *hash_length)
{
mbedtls_test_driver_hash_hooks.hits++;
if (mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS) {
mbedtls_test_driver_hash_hooks.driver_status =
mbedtls_test_driver_hash_hooks.forced_status;
} else {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
mbedtls_test_driver_hash_hooks.driver_status =
libtestdriver1_mbedtls_psa_hash_compute(
alg, input, input_length,
hash, hash_size, hash_length);
#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
mbedtls_test_driver_hash_hooks.driver_status =
mbedtls_psa_hash_compute(
alg, input, input_length,
hash, hash_size, hash_length);
#else
(void) alg;
(void) input;
(void) input_length;
(void) hash;
(void) hash_size;
(void) hash_length;
mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
return mbedtls_test_driver_hash_hooks.driver_status;
}
psa_status_t mbedtls_test_transparent_hash_setup(
mbedtls_transparent_test_driver_hash_operation_t *operation,
psa_algorithm_t alg)
{
mbedtls_test_driver_hash_hooks.hits++;
if (mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS) {
mbedtls_test_driver_hash_hooks.driver_status =
mbedtls_test_driver_hash_hooks.forced_status;
} else {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
mbedtls_test_driver_hash_hooks.driver_status =
libtestdriver1_mbedtls_psa_hash_setup(operation, alg);
#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
mbedtls_test_driver_hash_hooks.driver_status =
mbedtls_psa_hash_setup(operation, alg);
#else
(void) operation;
(void) alg;
mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
return mbedtls_test_driver_hash_hooks.driver_status;
}
psa_status_t mbedtls_test_transparent_hash_clone(
const mbedtls_transparent_test_driver_hash_operation_t *source_operation,
mbedtls_transparent_test_driver_hash_operation_t *target_operation)
{
mbedtls_test_driver_hash_hooks.hits++;
if (mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS) {
mbedtls_test_driver_hash_hooks.driver_status =
mbedtls_test_driver_hash_hooks.forced_status;
} else {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
mbedtls_test_driver_hash_hooks.driver_status =
libtestdriver1_mbedtls_psa_hash_clone(source_operation,
target_operation);
#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
mbedtls_test_driver_hash_hooks.driver_status =
mbedtls_psa_hash_clone(source_operation, target_operation);
#else
(void) source_operation;
(void) target_operation;
mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
return mbedtls_test_driver_hash_hooks.driver_status;
}
psa_status_t mbedtls_test_transparent_hash_update(
mbedtls_transparent_test_driver_hash_operation_t *operation,
const uint8_t *input,
size_t input_length)
{
mbedtls_test_driver_hash_hooks.hits++;
if (mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS) {
mbedtls_test_driver_hash_hooks.driver_status =
mbedtls_test_driver_hash_hooks.forced_status;
} else {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
mbedtls_test_driver_hash_hooks.driver_status =
libtestdriver1_mbedtls_psa_hash_update(
operation, input, input_length);
#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
mbedtls_test_driver_hash_hooks.driver_status =
mbedtls_psa_hash_update(operation, input, input_length);
#else
(void) operation;
(void) input;
(void) input_length;
mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
return mbedtls_test_driver_hash_hooks.driver_status;
}
psa_status_t mbedtls_test_transparent_hash_finish(
mbedtls_transparent_test_driver_hash_operation_t *operation,
uint8_t *hash,
size_t hash_size,
size_t *hash_length)
{
mbedtls_test_driver_hash_hooks.hits++;
if (mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS) {
mbedtls_test_driver_hash_hooks.driver_status =
mbedtls_test_driver_hash_hooks.forced_status;
} else {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
mbedtls_test_driver_hash_hooks.driver_status =
libtestdriver1_mbedtls_psa_hash_finish(
operation, hash, hash_size, hash_length);
#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
mbedtls_test_driver_hash_hooks.driver_status =
mbedtls_psa_hash_finish(operation, hash, hash_size, hash_length);
#else
(void) operation;
(void) hash;
(void) hash_size;
(void) hash_length;
mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
return mbedtls_test_driver_hash_hooks.driver_status;
}
psa_status_t mbedtls_test_transparent_hash_abort(
mbedtls_transparent_test_driver_hash_operation_t *operation)
{
mbedtls_test_driver_hash_hooks.hits++;
if (mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS) {
mbedtls_test_driver_hash_hooks.driver_status =
mbedtls_test_driver_hash_hooks.forced_status;
} else {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
mbedtls_test_driver_hash_hooks.driver_status =
libtestdriver1_mbedtls_psa_hash_abort(operation);
#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
mbedtls_test_driver_hash_hooks.driver_status =
mbedtls_psa_hash_abort(operation);
#else
(void) operation;
mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
return mbedtls_test_driver_hash_hooks.driver_status;
}
#endif /* PSA_CRYPTO_DRIVER_TEST */

82
tests/src/drivers/platform_builtin_keys.c
View File

@ -1,82 +0,0 @@
/** \file platform_builtin_keys.c
*
* \brief Test driver implementation of the builtin key support
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include <test/helpers.h>
#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
#include <psa/crypto.h>
#include <psa/crypto_extra.h>
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include <test/drivers/test_driver.h>
#endif
typedef struct {
psa_key_id_t builtin_key_id;
psa_key_lifetime_t lifetime;
psa_drv_slot_number_t slot_number;
} mbedtls_psa_builtin_key_description_t;
static const mbedtls_psa_builtin_key_description_t builtin_keys[] = {
#if defined(PSA_CRYPTO_DRIVER_TEST)
/* For testing, assign the AES builtin key slot to the boundary values.
* ECDSA can be exercised on key ID MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1. */
{ MBEDTLS_PSA_KEY_ID_BUILTIN_MIN - 1,
PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION),
PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT },
{ MBEDTLS_PSA_KEY_ID_BUILTIN_MIN,
PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION),
PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT },
{ MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1,
PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION),
PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT },
{ MBEDTLS_PSA_KEY_ID_BUILTIN_MAX - 1,
PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION),
PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT },
{ MBEDTLS_PSA_KEY_ID_BUILTIN_MAX,
PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION),
PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT },
{ MBEDTLS_PSA_KEY_ID_BUILTIN_MAX + 1,
PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION),
PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT },
#else
{ 0, 0, 0 }
#endif
};
psa_status_t mbedtls_psa_platform_get_builtin_key(
mbedtls_svc_key_id_t key_id,
psa_key_lifetime_t *lifetime,
psa_drv_slot_number_t *slot_number)
{
psa_key_id_t app_key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key_id);
const mbedtls_psa_builtin_key_description_t *builtin_key;
for (size_t i = 0;
i < (sizeof(builtin_keys) / sizeof(builtin_keys[0])); i++) {
builtin_key = &builtin_keys[i];
if (builtin_key->builtin_key_id == app_key_id) {
*lifetime = builtin_key->lifetime;
*slot_number = builtin_key->slot_number;
return PSA_SUCCESS;
}
}
return PSA_ERROR_DOES_NOT_EXIST;
}
#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */

466
tests/src/drivers/test_driver_aead.c
View File

@ -1,466 +0,0 @@
/*
* Test driver for AEAD entry points.
*/
/* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include <test/helpers.h>
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include "psa_crypto_aead.h"
#include "psa_crypto_core.h"
#include "test/drivers/aead.h"
#include "mbedtls/constant_time.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
#if MBEDTLS_VERSION_MAJOR < 4
#include "libtestdriver1/library/psa_crypto_aead.h"
#else
#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_aead.h"
#endif
#endif
mbedtls_test_driver_aead_hooks_t
mbedtls_test_driver_aead_hooks = MBEDTLS_TEST_DRIVER_AEAD_INIT;
psa_status_t mbedtls_test_transparent_aead_encrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *nonce, size_t nonce_length,
const uint8_t *additional_data, size_t additional_data_length,
const uint8_t *plaintext, size_t plaintext_length,
uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length)
{
mbedtls_test_driver_aead_hooks.hits_encrypt++;
if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) {
mbedtls_test_driver_aead_hooks.driver_status =
mbedtls_test_driver_aead_hooks.forced_status;
} else {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD)
mbedtls_test_driver_aead_hooks.driver_status =
libtestdriver1_mbedtls_psa_aead_encrypt(
(const libtestdriver1_psa_key_attributes_t *) attributes,
key_buffer, key_buffer_size,
alg,
nonce, nonce_length,
additional_data, additional_data_length,
plaintext, plaintext_length,
ciphertext, ciphertext_size, ciphertext_length);
#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
mbedtls_test_driver_aead_hooks.driver_status =
mbedtls_psa_aead_encrypt(
attributes, key_buffer, key_buffer_size,
alg,
nonce, nonce_length,
additional_data, additional_data_length,
plaintext, plaintext_length,
ciphertext, ciphertext_size, ciphertext_length);
#else
(void) attributes;
(void) key_buffer;
(void) key_buffer_size;
(void) alg;
(void) nonce;
(void) nonce_length;
(void) additional_data;
(void) additional_data_length;
(void) plaintext;
(void) plaintext_length;
(void) ciphertext;
(void) ciphertext_size;
(void) ciphertext_length;
mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
return mbedtls_test_driver_aead_hooks.driver_status;
}
psa_status_t mbedtls_test_transparent_aead_decrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *nonce, size_t nonce_length,
const uint8_t *additional_data, size_t additional_data_length,
const uint8_t *ciphertext, size_t ciphertext_length,
uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length)
{
mbedtls_test_driver_aead_hooks.hits_decrypt++;
if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) {
mbedtls_test_driver_aead_hooks.driver_status =
mbedtls_test_driver_aead_hooks.forced_status;
} else {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD)
mbedtls_test_driver_aead_hooks.driver_status =
libtestdriver1_mbedtls_psa_aead_decrypt(
(const libtestdriver1_psa_key_attributes_t *) attributes,
key_buffer, key_buffer_size,
alg,
nonce, nonce_length,
additional_data, additional_data_length,
ciphertext, ciphertext_length,
plaintext, plaintext_size, plaintext_length);
#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
mbedtls_test_driver_aead_hooks.driver_status =
mbedtls_psa_aead_decrypt(
attributes, key_buffer, key_buffer_size,
alg,
nonce, nonce_length,
additional_data, additional_data_length,
ciphertext, ciphertext_length,
plaintext, plaintext_size, plaintext_length);
#else
(void) attributes;
(void) key_buffer;
(void) key_buffer_size;
(void) alg;
(void) nonce;
(void) nonce_length;
(void) additional_data;
(void) additional_data_length;
(void) ciphertext;
(void) ciphertext_length;
(void) plaintext;
(void) plaintext_size;
(void) plaintext_length;
mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
return mbedtls_test_driver_aead_hooks.driver_status;
}
psa_status_t mbedtls_test_transparent_aead_encrypt_setup(
mbedtls_transparent_test_driver_aead_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg)
{
mbedtls_test_driver_aead_hooks.hits_encrypt_setup++;
if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) {
mbedtls_test_driver_aead_hooks.driver_status =
mbedtls_test_driver_aead_hooks.forced_status;
} else {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD)
mbedtls_test_driver_aead_hooks.driver_status =
libtestdriver1_mbedtls_psa_aead_encrypt_setup(operation,
(const libtestdriver1_psa_key_attributes_t
*) attributes,
key_buffer,
key_buffer_size, alg);
#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
mbedtls_test_driver_aead_hooks.driver_status =
mbedtls_psa_aead_encrypt_setup(operation, attributes, key_buffer,
key_buffer_size, alg);
#else
(void) operation;
(void) attributes;
(void) key_buffer;
(void) key_buffer_size;
(void) alg;
mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
return mbedtls_test_driver_aead_hooks.driver_status;
}
psa_status_t mbedtls_test_transparent_aead_decrypt_setup(
mbedtls_transparent_test_driver_aead_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg)
{
mbedtls_test_driver_aead_hooks.hits_decrypt_setup++;
if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) {
mbedtls_test_driver_aead_hooks.driver_status =
mbedtls_test_driver_aead_hooks.forced_status;
} else {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD)
mbedtls_test_driver_aead_hooks.driver_status =
libtestdriver1_mbedtls_psa_aead_decrypt_setup(operation,
(const libtestdriver1_psa_key_attributes_t
*) attributes,
key_buffer, key_buffer_size, alg);
#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
mbedtls_test_driver_aead_hooks.driver_status =
mbedtls_psa_aead_decrypt_setup(operation, attributes, key_buffer,
key_buffer_size, alg);
#else
(void) operation;
(void) attributes;
(void) key_buffer;
(void) key_buffer_size;
(void) alg;
mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
return mbedtls_test_driver_aead_hooks.driver_status;
}
psa_status_t mbedtls_test_transparent_aead_set_nonce(
mbedtls_transparent_test_driver_aead_operation_t *operation,
const uint8_t *nonce,
size_t nonce_length)
{
mbedtls_test_driver_aead_hooks.hits_set_nonce++;
if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) {
mbedtls_test_driver_aead_hooks.driver_status =
mbedtls_test_driver_aead_hooks.forced_status;
} else {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD)
mbedtls_test_driver_aead_hooks.driver_status =
libtestdriver1_mbedtls_psa_aead_set_nonce(operation, nonce, nonce_length);
#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
mbedtls_test_driver_aead_hooks.driver_status =
mbedtls_psa_aead_set_nonce(operation, nonce, nonce_length);
#else
(void) operation;
(void) nonce;
(void) nonce_length;
mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
return mbedtls_test_driver_aead_hooks.driver_status;
}
psa_status_t mbedtls_test_transparent_aead_set_lengths(
mbedtls_transparent_test_driver_aead_operation_t *operation,
size_t ad_length,
size_t plaintext_length)
{
mbedtls_test_driver_aead_hooks.hits_set_lengths++;
if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) {
mbedtls_test_driver_aead_hooks.driver_status =
mbedtls_test_driver_aead_hooks.forced_status;
} else {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD)
mbedtls_test_driver_aead_hooks.driver_status =
libtestdriver1_mbedtls_psa_aead_set_lengths(operation, ad_length,
plaintext_length);
#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
mbedtls_test_driver_aead_hooks.driver_status =
mbedtls_psa_aead_set_lengths(operation, ad_length,
plaintext_length);
#else
(void) operation;
(void) ad_length;
(void) plaintext_length;
mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
return mbedtls_test_driver_aead_hooks.driver_status;
}
psa_status_t mbedtls_test_transparent_aead_update_ad(
mbedtls_transparent_test_driver_aead_operation_t *operation,
const uint8_t *input,
size_t input_length)
{
mbedtls_test_driver_aead_hooks.hits_update_ad++;
if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) {
mbedtls_test_driver_aead_hooks.driver_status =
mbedtls_test_driver_aead_hooks.forced_status;
} else {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD)
mbedtls_test_driver_aead_hooks.driver_status =
libtestdriver1_mbedtls_psa_aead_update_ad(operation, input, input_length);
#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
mbedtls_test_driver_aead_hooks.driver_status =
mbedtls_psa_aead_update_ad(operation, input, input_length);
#else
(void) operation;
(void) input;
(void) input_length;
mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
return mbedtls_test_driver_aead_hooks.driver_status;
}
psa_status_t mbedtls_test_transparent_aead_update(
mbedtls_transparent_test_driver_aead_operation_t *operation,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length)
{
mbedtls_test_driver_aead_hooks.hits_update++;
if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) {
mbedtls_test_driver_aead_hooks.driver_status =
mbedtls_test_driver_aead_hooks.forced_status;
} else {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD)
mbedtls_test_driver_aead_hooks.driver_status =
libtestdriver1_mbedtls_psa_aead_update(operation, input,
input_length, output,
output_size, output_length);
#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
mbedtls_test_driver_aead_hooks.driver_status =
mbedtls_psa_aead_update(operation, input, input_length, output,
output_size, output_length);
#else
(void) operation;
(void) input;
(void) input_length;
(void) output;
(void) output_size;
(void) output_length;
mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
return mbedtls_test_driver_aead_hooks.driver_status;
}
psa_status_t mbedtls_test_transparent_aead_finish(
mbedtls_transparent_test_driver_aead_operation_t *operation,
uint8_t *ciphertext,
size_t ciphertext_size,
size_t *ciphertext_length,
uint8_t *tag,
size_t tag_size,
size_t *tag_length)
{
mbedtls_test_driver_aead_hooks.hits_finish++;
if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) {
mbedtls_test_driver_aead_hooks.driver_status =
mbedtls_test_driver_aead_hooks.forced_status;
} else {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD)
mbedtls_test_driver_aead_hooks.driver_status =
libtestdriver1_mbedtls_psa_aead_finish(operation, ciphertext,
ciphertext_size, ciphertext_length,
tag, tag_size, tag_length);
#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
mbedtls_test_driver_aead_hooks.driver_status =
mbedtls_psa_aead_finish(operation, ciphertext, ciphertext_size,
ciphertext_length, tag, tag_size,
tag_length);
#else
(void) operation;
(void) ciphertext;
(void) ciphertext_size;
(void) ciphertext_length;
(void) tag;
(void) tag_size;
(void) tag_length;
mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
return mbedtls_test_driver_aead_hooks.driver_status;
}
psa_status_t mbedtls_test_transparent_aead_verify(
mbedtls_transparent_test_driver_aead_operation_t *operation,
uint8_t *plaintext,
size_t plaintext_size,
size_t *plaintext_length,
const uint8_t *tag,
size_t tag_length)
{
mbedtls_test_driver_aead_hooks.hits_verify++;
if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) {
mbedtls_test_driver_aead_hooks.driver_status =
mbedtls_test_driver_aead_hooks.forced_status;
} else {
uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE];
size_t check_tag_length = 0;
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD)
mbedtls_test_driver_aead_hooks.driver_status =
libtestdriver1_mbedtls_psa_aead_finish(operation,
plaintext,
plaintext_size,
plaintext_length,
check_tag,
sizeof(check_tag),
&check_tag_length);
#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
mbedtls_test_driver_aead_hooks.driver_status =
mbedtls_psa_aead_finish(operation,
plaintext,
plaintext_size,
plaintext_length,
check_tag,
sizeof(check_tag),
&check_tag_length);
#else
(void) operation;
(void) plaintext;
(void) plaintext_size;
(void) plaintext_length;
mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
if (mbedtls_test_driver_aead_hooks.driver_status == PSA_SUCCESS) {
if (tag_length != check_tag_length ||
mbedtls_ct_memcmp(tag, check_tag, tag_length)
!= 0) {
mbedtls_test_driver_aead_hooks.driver_status =
PSA_ERROR_INVALID_SIGNATURE;
}
}
mbedtls_platform_zeroize(check_tag, sizeof(check_tag));
}
return mbedtls_test_driver_aead_hooks.driver_status;
}
psa_status_t mbedtls_test_transparent_aead_abort(
mbedtls_transparent_test_driver_aead_operation_t *operation)
{
mbedtls_test_driver_aead_hooks.hits_abort++;
if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) {
mbedtls_test_driver_aead_hooks.driver_status =
mbedtls_test_driver_aead_hooks.forced_status;
} else {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD)
mbedtls_test_driver_aead_hooks.driver_status =
libtestdriver1_mbedtls_psa_aead_abort(operation);
#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
mbedtls_test_driver_aead_hooks.driver_status =
mbedtls_psa_aead_abort(operation);
#else
(void) operation;
mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
return mbedtls_test_driver_aead_hooks.driver_status;
}
#endif /* PSA_CRYPTO_DRIVER_TEST */

185
tests/src/drivers/test_driver_asymmetric_encryption.c
View File

@ -1,185 +0,0 @@
/*
* Test driver for asymmetric encryption.
*/
/* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include <test/helpers.h>
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include "psa/crypto.h"
#include "mbedtls/rsa.h"
#include "psa_crypto_rsa.h"
#include "string.h"
#include "test/drivers/asymmetric_encryption.h"
#include "test/drivers/key_management.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
#if MBEDTLS_VERSION_MAJOR < 4
#include "libtestdriver1/library/psa_crypto_rsa.h"
#else
#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_rsa.h"
#endif
#endif
#define PSA_RSA_KEY_PAIR_MAX_SIZE \
PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS)
mbedtls_test_driver_asymmetric_encryption_hooks_t mbedtls_test_driver_asymmetric_encryption_hooks =
MBEDTLS_TEST_DRIVER_ASYMMETRIC_ENCRYPTION_INIT;
psa_status_t mbedtls_test_transparent_asymmetric_encrypt(
const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
size_t input_length, const uint8_t *salt, size_t salt_length,
uint8_t *output, size_t output_size, size_t *output_length)
{
mbedtls_test_driver_asymmetric_encryption_hooks.hits++;
if (mbedtls_test_driver_asymmetric_encryption_hooks.forced_output != NULL) {
if (output_size < mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length) {
return PSA_ERROR_BUFFER_TOO_SMALL;
}
memcpy(output,
mbedtls_test_driver_asymmetric_encryption_hooks.forced_output,
mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length);
*output_length = mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length;
return mbedtls_test_driver_asymmetric_encryption_hooks.forced_status;
}
if (mbedtls_test_driver_asymmetric_encryption_hooks.forced_status != PSA_SUCCESS) {
return mbedtls_test_driver_asymmetric_encryption_hooks.forced_status;
}
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
return libtestdriver1_mbedtls_psa_asymmetric_encrypt(
(const libtestdriver1_psa_key_attributes_t *) attributes,
key_buffer, key_buffer_size,
alg, input, input_length, salt, salt_length,
output, output_size, output_length);
#else
return mbedtls_psa_asymmetric_encrypt(
attributes, key_buffer, key_buffer_size,
alg, input, input_length, salt, salt_length,
output, output_size, output_length);
#endif
return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t mbedtls_test_transparent_asymmetric_decrypt(
const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
size_t input_length, const uint8_t *salt, size_t salt_length,
uint8_t *output, size_t output_size, size_t *output_length)
{
mbedtls_test_driver_asymmetric_encryption_hooks.hits++;
if (mbedtls_test_driver_asymmetric_encryption_hooks.forced_output != NULL) {
if (output_size < mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length) {
return PSA_ERROR_BUFFER_TOO_SMALL;
}
memcpy(output,
mbedtls_test_driver_asymmetric_encryption_hooks.forced_output,
mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length);
*output_length = mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length;
return mbedtls_test_driver_asymmetric_encryption_hooks.forced_status;
}
if (mbedtls_test_driver_asymmetric_encryption_hooks.forced_status != PSA_SUCCESS) {
return mbedtls_test_driver_asymmetric_encryption_hooks.forced_status;
}
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
return libtestdriver1_mbedtls_psa_asymmetric_decrypt(
(const libtestdriver1_psa_key_attributes_t *) attributes,
key_buffer, key_buffer_size,
alg, input, input_length, salt, salt_length,
output, output_size, output_length);
#else
return mbedtls_psa_asymmetric_decrypt(
attributes, key_buffer, key_buffer_size,
alg, input, input_length, salt, salt_length,
output, output_size, output_length);
#endif
return PSA_ERROR_NOT_SUPPORTED;
}
/*
* opaque versions
*/
psa_status_t mbedtls_test_opaque_asymmetric_encrypt(
const psa_key_attributes_t *attributes, const uint8_t *key,
size_t key_length, psa_algorithm_t alg, const uint8_t *input,
size_t input_length, const uint8_t *salt, size_t salt_length,
uint8_t *output, size_t output_size, size_t *output_length)
{
unsigned char unwrapped_key[PSA_RSA_KEY_PAIR_MAX_SIZE];
size_t unwrapped_key_length;
psa_status_t status;
status = mbedtls_test_opaque_unwrap_key(key, key_length,
unwrapped_key, sizeof(unwrapped_key),
&unwrapped_key_length);
if (status != PSA_SUCCESS) {
return status;
}
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
(defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP) || defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT))
return libtestdriver1_mbedtls_psa_asymmetric_encrypt(
(const libtestdriver1_psa_key_attributes_t *) attributes,
unwrapped_key, unwrapped_key_length,
alg, input, input_length, salt, salt_length,
output, output_size, output_length);
#else
return mbedtls_psa_asymmetric_encrypt(
attributes, unwrapped_key, unwrapped_key_length,
alg, input, input_length, salt, salt_length,
output, output_size, output_length);
#endif
return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t mbedtls_test_opaque_asymmetric_decrypt(
const psa_key_attributes_t *attributes, const uint8_t *key,
size_t key_length, psa_algorithm_t alg, const uint8_t *input,
size_t input_length, const uint8_t *salt, size_t salt_length,
uint8_t *output, size_t output_size, size_t *output_length)
{
unsigned char unwrapped_key[PSA_RSA_KEY_PAIR_MAX_SIZE];
size_t unwrapped_key_length;
psa_status_t status;
status = mbedtls_test_opaque_unwrap_key(key, key_length,
unwrapped_key, sizeof(unwrapped_key),
&unwrapped_key_length);
if (status != PSA_SUCCESS) {
return status;
}
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
(defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP) || defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT))
return libtestdriver1_mbedtls_psa_asymmetric_decrypt(
(const libtestdriver1_psa_key_attributes_t *) attributes,
unwrapped_key, unwrapped_key_length,
alg, input, input_length, salt, salt_length,
output, output_size, output_length);
#else
return mbedtls_psa_asymmetric_decrypt(
attributes, unwrapped_key, unwrapped_key_length,
alg, input, input_length, salt, salt_length,
output, output_size, output_length);
#endif
return PSA_ERROR_NOT_SUPPORTED;
}
#endif /* PSA_CRYPTO_DRIVER_TEST */

436
tests/src/drivers/test_driver_cipher.c
View File

@ -1,436 +0,0 @@
/*
* Test driver for cipher functions.
* Currently only supports multi-part operations using AES-CTR.
*/
/* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include <test/helpers.h>
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include "psa/crypto.h"
#include "psa_crypto_cipher.h"
#include "psa_crypto_core.h"
#include "mbedtls/cipher.h"
#include "test/drivers/cipher.h"
#include "test/random.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
#if MBEDTLS_VERSION_MAJOR < 4
#include "libtestdriver1/library/psa_crypto_cipher.h"
#else
#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_cipher.h"
#endif
#endif
#include <string.h>
mbedtls_test_driver_cipher_hooks_t mbedtls_test_driver_cipher_hooks =
MBEDTLS_TEST_DRIVER_CIPHER_INIT;
psa_status_t mbedtls_test_transparent_cipher_encrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *iv,
size_t iv_length,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length)
{
mbedtls_test_driver_cipher_hooks.hits++;
mbedtls_test_driver_cipher_hooks.hits_encrypt++;
if (mbedtls_test_driver_cipher_hooks.forced_output != NULL) {
if (output_size < mbedtls_test_driver_cipher_hooks.forced_output_length) {
return PSA_ERROR_BUFFER_TOO_SMALL;
}
memcpy(output,
mbedtls_test_driver_cipher_hooks.forced_output,
mbedtls_test_driver_cipher_hooks.forced_output_length);
*output_length = mbedtls_test_driver_cipher_hooks.forced_output_length;
return mbedtls_test_driver_cipher_hooks.forced_status;
}
if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) {
return mbedtls_test_driver_cipher_hooks.forced_status;
}
if (mbedtls_test_driver_cipher_hooks.forced_status_encrypt != PSA_SUCCESS) {
return mbedtls_test_driver_cipher_hooks.forced_status_encrypt;
}
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
return libtestdriver1_mbedtls_psa_cipher_encrypt(
(const libtestdriver1_psa_key_attributes_t *) attributes,
key_buffer, key_buffer_size,
alg, iv, iv_length, input, input_length,
output, output_size, output_length);
#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
return mbedtls_psa_cipher_encrypt(
attributes, key_buffer, key_buffer_size,
alg, iv, iv_length, input, input_length,
output, output_size, output_length);
#endif
return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t mbedtls_test_transparent_cipher_decrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length)
{
mbedtls_test_driver_cipher_hooks.hits++;
if (mbedtls_test_driver_cipher_hooks.forced_output != NULL) {
if (output_size < mbedtls_test_driver_cipher_hooks.forced_output_length) {
return PSA_ERROR_BUFFER_TOO_SMALL;
}
memcpy(output,
mbedtls_test_driver_cipher_hooks.forced_output,
mbedtls_test_driver_cipher_hooks.forced_output_length);
*output_length = mbedtls_test_driver_cipher_hooks.forced_output_length;
return mbedtls_test_driver_cipher_hooks.forced_status;
}
if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) {
return mbedtls_test_driver_cipher_hooks.forced_status;
}
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
return libtestdriver1_mbedtls_psa_cipher_decrypt(
(const libtestdriver1_psa_key_attributes_t *) attributes,
key_buffer, key_buffer_size,
alg, input, input_length,
output, output_size, output_length);
#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
return mbedtls_psa_cipher_decrypt(
attributes, key_buffer, key_buffer_size,
alg, input, input_length,
output, output_size, output_length);
#endif
return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t mbedtls_test_transparent_cipher_encrypt_setup(
mbedtls_transparent_test_driver_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg)
{
mbedtls_test_driver_cipher_hooks.hits++;
/* Wiping the entire struct here, instead of member-by-member. This is
* useful for the test suite, since it gives a chance of catching memory
* corruption errors should the core not have allocated (enough) memory for
* our context struct. */
memset(operation, 0, sizeof(*operation));
if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) {
return mbedtls_test_driver_cipher_hooks.forced_status;
}
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
return libtestdriver1_mbedtls_psa_cipher_encrypt_setup(
operation,
(const libtestdriver1_psa_key_attributes_t *) attributes,
key, key_length, alg);
#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
return mbedtls_psa_cipher_encrypt_setup(
operation, attributes, key, key_length, alg);
#endif
return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t mbedtls_test_transparent_cipher_decrypt_setup(
mbedtls_transparent_test_driver_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg)
{
mbedtls_test_driver_cipher_hooks.hits++;
if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) {
return mbedtls_test_driver_cipher_hooks.forced_status;
}
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
return libtestdriver1_mbedtls_psa_cipher_decrypt_setup(
operation,
(const libtestdriver1_psa_key_attributes_t *) attributes,
key, key_length, alg);
#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
return mbedtls_psa_cipher_decrypt_setup(
operation, attributes, key, key_length, alg);
#endif
return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t mbedtls_test_transparent_cipher_abort(
mbedtls_transparent_test_driver_cipher_operation_t *operation)
{
mbedtls_test_driver_cipher_hooks.hits++;
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
libtestdriver1_mbedtls_psa_cipher_abort(operation);
#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
mbedtls_psa_cipher_abort(operation);
#endif
/* Wiping the entire struct here, instead of member-by-member. This is
* useful for the test suite, since it gives a chance of catching memory
* corruption errors should the core not have allocated (enough) memory for
* our context struct. */
memset(operation, 0, sizeof(*operation));
return mbedtls_test_driver_cipher_hooks.forced_status;
}
psa_status_t mbedtls_test_transparent_cipher_set_iv(
mbedtls_transparent_test_driver_cipher_operation_t *operation,
const uint8_t *iv,
size_t iv_length)
{
mbedtls_test_driver_cipher_hooks.hits++;
mbedtls_test_driver_cipher_hooks.hits_set_iv++;
if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) {
return mbedtls_test_driver_cipher_hooks.forced_status;
}
if (mbedtls_test_driver_cipher_hooks.forced_status_set_iv != PSA_SUCCESS) {
return mbedtls_test_driver_cipher_hooks.forced_status_set_iv;
}
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
return libtestdriver1_mbedtls_psa_cipher_set_iv(
operation, iv, iv_length);
#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
return mbedtls_psa_cipher_set_iv(operation, iv, iv_length);
#endif
return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t mbedtls_test_transparent_cipher_update(
mbedtls_transparent_test_driver_cipher_operation_t *operation,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length)
{
mbedtls_test_driver_cipher_hooks.hits++;
if (mbedtls_test_driver_cipher_hooks.forced_output != NULL) {
if (output_size < mbedtls_test_driver_cipher_hooks.forced_output_length) {
return PSA_ERROR_BUFFER_TOO_SMALL;
}
memcpy(output,
mbedtls_test_driver_cipher_hooks.forced_output,
mbedtls_test_driver_cipher_hooks.forced_output_length);
*output_length = mbedtls_test_driver_cipher_hooks.forced_output_length;
return mbedtls_test_driver_cipher_hooks.forced_status;
}
if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) {
return mbedtls_test_driver_cipher_hooks.forced_status;
}
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
return libtestdriver1_mbedtls_psa_cipher_update(
operation, input, input_length,
output, output_size, output_length);
#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
return mbedtls_psa_cipher_update(
operation, input, input_length,
output, output_size, output_length);
#endif
return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t mbedtls_test_transparent_cipher_finish(
mbedtls_transparent_test_driver_cipher_operation_t *operation,
uint8_t *output,
size_t output_size,
size_t *output_length)
{
mbedtls_test_driver_cipher_hooks.hits++;
if (mbedtls_test_driver_cipher_hooks.forced_output != NULL) {
if (output_size < mbedtls_test_driver_cipher_hooks.forced_output_length) {
return PSA_ERROR_BUFFER_TOO_SMALL;
}
memcpy(output,
mbedtls_test_driver_cipher_hooks.forced_output,
mbedtls_test_driver_cipher_hooks.forced_output_length);
*output_length = mbedtls_test_driver_cipher_hooks.forced_output_length;
return mbedtls_test_driver_cipher_hooks.forced_status;
}
if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) {
return mbedtls_test_driver_cipher_hooks.forced_status;
}
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
return libtestdriver1_mbedtls_psa_cipher_finish(
operation, output, output_size, output_length);
#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
return mbedtls_psa_cipher_finish(
operation, output, output_size, output_length);
#endif
return PSA_ERROR_NOT_SUPPORTED;
}
/*
* opaque versions, to do
*/
psa_status_t mbedtls_test_opaque_cipher_encrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg,
const uint8_t *iv, size_t iv_length,
const uint8_t *input, size_t input_length,
uint8_t *output, size_t output_size, size_t *output_length)
{
(void) attributes;
(void) key;
(void) key_length;
(void) alg;
(void) iv;
(void) iv_length;
(void) input;
(void) input_length;
(void) output;
(void) output_size;
(void) output_length;
return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t mbedtls_test_opaque_cipher_decrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg,
const uint8_t *input, size_t input_length,
uint8_t *output, size_t output_size, size_t *output_length)
{
(void) attributes;
(void) key;
(void) key_length;
(void) alg;
(void) input;
(void) input_length;
(void) output;
(void) output_size;
(void) output_length;
return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t mbedtls_test_opaque_cipher_encrypt_setup(
mbedtls_opaque_test_driver_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg)
{
(void) operation;
(void) attributes;
(void) key;
(void) key_length;
(void) alg;
return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t mbedtls_test_opaque_cipher_decrypt_setup(
mbedtls_opaque_test_driver_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg)
{
(void) operation;
(void) attributes;
(void) key;
(void) key_length;
(void) alg;
return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t mbedtls_test_opaque_cipher_abort(
mbedtls_opaque_test_driver_cipher_operation_t *operation)
{
(void) operation;
return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t mbedtls_test_opaque_cipher_set_iv(
mbedtls_opaque_test_driver_cipher_operation_t *operation,
const uint8_t *iv,
size_t iv_length)
{
(void) operation;
(void) iv;
(void) iv_length;
return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t mbedtls_test_opaque_cipher_update(
mbedtls_opaque_test_driver_cipher_operation_t *operation,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length)
{
(void) operation;
(void) input;
(void) input_length;
(void) output;
(void) output_size;
(void) output_length;
return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t mbedtls_test_opaque_cipher_finish(
mbedtls_opaque_test_driver_cipher_operation_t *operation,
uint8_t *output,
size_t output_size,
size_t *output_length)
{
(void) operation;
(void) output;
(void) output_size;
(void) output_length;
return PSA_ERROR_NOT_SUPPORTED;
}
#endif /* PSA_CRYPTO_DRIVER_TEST */

153
tests/src/drivers/test_driver_key_agreement.c
View File

@ -1,153 +0,0 @@
/*
* Test driver for key agreement functions.
*/
/* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include <test/helpers.h>
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include "psa/crypto.h"
#include "psa_crypto_core.h"
#include "psa_crypto_ecp.h"
#include "psa_crypto_ffdh.h"
#include "test/drivers/key_agreement.h"
#include "test/drivers/test_driver.h"
#include <string.h>
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
#if MBEDTLS_VERSION_MAJOR < 4
#include "libtestdriver1/include/psa/crypto.h"
#include "libtestdriver1/library/psa_crypto_ecp.h"
#include "libtestdriver1/library/psa_crypto_ffdh.h"
#else
#include "libtestdriver1/tf-psa-crypto/include/psa/crypto.h"
#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.h"
#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_ffdh.h"
#endif
#endif
mbedtls_test_driver_key_agreement_hooks_t
mbedtls_test_driver_key_agreement_hooks = MBEDTLS_TEST_DRIVER_KEY_AGREEMENT_INIT;
psa_status_t mbedtls_test_transparent_key_agreement(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *peer_key,
size_t peer_key_length,
uint8_t *shared_secret,
size_t shared_secret_size,
size_t *shared_secret_length)
{
mbedtls_test_driver_key_agreement_hooks.hits++;
if (mbedtls_test_driver_key_agreement_hooks.forced_status != PSA_SUCCESS) {
return mbedtls_test_driver_key_agreement_hooks.forced_status;
}
if (mbedtls_test_driver_key_agreement_hooks.forced_output != NULL) {
if (mbedtls_test_driver_key_agreement_hooks.forced_output_length > shared_secret_size) {
return PSA_ERROR_BUFFER_TOO_SMALL;
}
memcpy(shared_secret, mbedtls_test_driver_key_agreement_hooks.forced_output,
mbedtls_test_driver_key_agreement_hooks.forced_output_length);
*shared_secret_length = mbedtls_test_driver_key_agreement_hooks.forced_output_length;
return PSA_SUCCESS;
}
if (PSA_ALG_IS_ECDH(alg)) {
#if (defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDH))
return libtestdriver1_mbedtls_psa_key_agreement_ecdh(
(const libtestdriver1_psa_key_attributes_t *) attributes,
key_buffer, key_buffer_size,
alg, peer_key, peer_key_length,
shared_secret, shared_secret_size,
shared_secret_length);
#elif defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
return mbedtls_psa_key_agreement_ecdh(
attributes,
key_buffer, key_buffer_size,
alg, peer_key, peer_key_length,
shared_secret, shared_secret_size,
shared_secret_length);
#else
(void) attributes;
(void) key_buffer;
(void) key_buffer_size;
(void) peer_key;
(void) peer_key_length;
(void) shared_secret;
(void) shared_secret_size;
(void) shared_secret_length;
return PSA_ERROR_NOT_SUPPORTED;
#endif
}
if (PSA_ALG_IS_FFDH(alg)) {
#if (defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_FFDH))
return libtestdriver1_mbedtls_psa_ffdh_key_agreement(
(const libtestdriver1_psa_key_attributes_t *) attributes,
peer_key, peer_key_length,
key_buffer, key_buffer_size,
shared_secret, shared_secret_size,
shared_secret_length);
#elif defined(MBEDTLS_PSA_BUILTIN_ALG_FFDH)
return mbedtls_psa_ffdh_key_agreement(
attributes,
peer_key,
peer_key_length,
key_buffer,
key_buffer_size,
shared_secret,
shared_secret_size,
shared_secret_length);
#else
(void) attributes;
(void) key_buffer;
(void) key_buffer_size;
(void) peer_key;
(void) peer_key_length;
(void) shared_secret;
(void) shared_secret_size;
(void) shared_secret_length;
return PSA_ERROR_NOT_SUPPORTED;
#endif
} else {
return PSA_ERROR_INVALID_ARGUMENT;
}
}
psa_status_t mbedtls_test_opaque_key_agreement(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *peer_key,
size_t peer_key_length,
uint8_t *shared_secret,
size_t shared_secret_size,
size_t *shared_secret_length)
{
(void) attributes;
(void) key_buffer;
(void) key_buffer_size;
(void) alg;
(void) peer_key;
(void) peer_key_length;
(void) shared_secret;
(void) shared_secret_size;
(void) shared_secret_length;
return PSA_ERROR_NOT_SUPPORTED;
}
#endif /* PSA_CRYPTO_DRIVER_TEST */

794
tests/src/drivers/test_driver_key_management.c
View File

@ -1,794 +0,0 @@
/*
* Test driver for generating and verifying keys.
* Currently only supports generating and verifying ECC keys.
*/
/* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include <test/helpers.h>
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include "psa/crypto.h"
#include "psa_crypto_core.h"
#include "psa_crypto_ecp.h"
#include "psa_crypto_rsa.h"
#include "psa_crypto_ffdh.h"
#include "mbedtls/ecp.h"
#include "mbedtls/error.h"
#include "test/drivers/key_management.h"
#include "test/drivers/test_driver.h"
#include "test/random.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
#if MBEDTLS_VERSION_MAJOR < 4
#include "libtestdriver1/library/psa_crypto_ecp.h"
#include "libtestdriver1/library/psa_crypto_rsa.h"
#include "libtestdriver1/library/psa_crypto_ffdh.h"
#else
#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.h"
#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_rsa.h"
#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_ffdh.h"
#endif
#endif
#include <string.h>
mbedtls_test_driver_key_management_hooks_t
mbedtls_test_driver_key_management_hooks = MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT;
const uint8_t mbedtls_test_driver_aes_key[16] =
{ 0x36, 0x77, 0x39, 0x7A, 0x24, 0x43, 0x26, 0x46,
0x29, 0x4A, 0x40, 0x4E, 0x63, 0x52, 0x66, 0x55 };
const uint8_t mbedtls_test_driver_ecdsa_key[32] =
{ 0xdc, 0x7d, 0x9d, 0x26, 0xd6, 0x7a, 0x4f, 0x63,
0x2c, 0x34, 0xc2, 0xdc, 0x0b, 0x69, 0x86, 0x18,
0x38, 0x82, 0xc2, 0x06, 0xdf, 0x04, 0xcd, 0xb7,
0xd6, 0x9a, 0xab, 0xe2, 0x8b, 0xe4, 0xf8, 0x1a };
const uint8_t mbedtls_test_driver_ecdsa_pubkey[65] =
{ 0x04,
0x85, 0xf6, 0x4d, 0x89, 0xf0, 0x0b, 0xe6, 0x6c,
0x88, 0xdd, 0x93, 0x7e, 0xfd, 0x6d, 0x7c, 0x44,
0x56, 0x48, 0xdc, 0xb7, 0x01, 0x15, 0x0b, 0x8a,
0x95, 0x09, 0x29, 0x58, 0x50, 0xf4, 0x1c, 0x19,
0x31, 0xe5, 0x71, 0xfb, 0x8f, 0x8c, 0x78, 0x31,
0x7a, 0x20, 0xb3, 0x80, 0xe8, 0x66, 0x58, 0x4b,
0xbc, 0x25, 0x16, 0xc3, 0xd2, 0x70, 0x2d, 0x79,
0x2f, 0x13, 0x1a, 0x92, 0x20, 0x95, 0xfd, 0x6c };
psa_status_t mbedtls_test_transparent_init(void)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
status = libtestdriver1_psa_crypto_init();
if (status != PSA_SUCCESS) {
return status;
}
#endif
(void) status;
return PSA_SUCCESS;
}
void mbedtls_test_transparent_free(void)
{
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
libtestdriver1_mbedtls_psa_crypto_free();
#endif
return;
}
psa_status_t mbedtls_test_opaque_init(void)
{
return PSA_SUCCESS;
}
void mbedtls_test_opaque_free(void)
{
return;
}
/*
* This macro returns the base size for the key context when SE does not
* support storage. It is the size of the metadata that gets added to the
* wrapped key. In its test functionality the metadata is just some padded
* prefixing to the key.
*/
#define TEST_DRIVER_KEY_CONTEXT_BASE_SIZE \
PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE
size_t mbedtls_test_opaque_size_function(
const psa_key_type_t key_type,
const size_t key_bits)
{
size_t key_buffer_size = 0;
key_buffer_size = PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits);
if (key_buffer_size == 0) {
return 0;
}
/* Include spacing for base size overhead over the key size
* */
key_buffer_size += TEST_DRIVER_KEY_CONTEXT_BASE_SIZE;
return key_buffer_size;
}
static size_t mbedtls_test_opaque_get_base_size()
{
return TEST_DRIVER_KEY_CONTEXT_BASE_SIZE;
}
/*
* The wrap function mbedtls_test_opaque_wrap_key pads and wraps the
* clear key. It expects the clear and wrap buffers to be passed in.
* key_length is the size of the clear key to be wrapped.
* wrapped_key_buffer_size is the size of the output buffer wrap_key.
* The argument wrapped_key_buffer_length is filled with the wrapped
* key_size on success.
* */
static psa_status_t mbedtls_test_opaque_wrap_key(
const uint8_t *key,
size_t key_length,
uint8_t *wrapped_key_buffer,
size_t wrapped_key_buffer_size,
size_t *wrapped_key_buffer_length)
{
size_t opaque_key_base_size = mbedtls_test_opaque_get_base_size();
uint64_t prefix = PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX;
if (key_length + opaque_key_base_size > wrapped_key_buffer_size) {
return PSA_ERROR_BUFFER_TOO_SMALL;
}
/* Write in the opaque pad prefix */
memcpy(wrapped_key_buffer, &prefix, opaque_key_base_size);
wrapped_key_buffer += opaque_key_base_size;
*wrapped_key_buffer_length = key_length + opaque_key_base_size;
while (key_length--) {
wrapped_key_buffer[key_length] = key[key_length] ^ 0xFF;
}
return PSA_SUCCESS;
}
/*
* The unwrap function mbedtls_test_opaque_unwrap_key removes a pad prefix
* and unwraps the wrapped key. It expects the clear and wrap buffers to be
* passed in.
* wrapped_key_length is the size of the wrapped key,
* key_buffer_size is the size of the output buffer clear_key.
* The argument key_buffer_length is filled with the unwrapped(clear)
* key_size on success.
* */
psa_status_t mbedtls_test_opaque_unwrap_key(
const uint8_t *wrapped_key,
size_t wrapped_key_length,
uint8_t *key_buffer,
size_t key_buffer_size,
size_t *key_buffer_length)
{
/* Remove the pad prefix from the wrapped key */
size_t opaque_key_base_size = mbedtls_test_opaque_get_base_size();
size_t clear_key_size;
/* Check for underflow */
if (wrapped_key_length < opaque_key_base_size) {
return PSA_ERROR_DATA_CORRUPT;
}
clear_key_size = wrapped_key_length - opaque_key_base_size;
wrapped_key += opaque_key_base_size;
if (clear_key_size > key_buffer_size) {
return PSA_ERROR_BUFFER_TOO_SMALL;
}
*key_buffer_length = clear_key_size;
while (clear_key_size--) {
key_buffer[clear_key_size] = wrapped_key[clear_key_size] ^ 0xFF;
}
return PSA_SUCCESS;
}
psa_status_t mbedtls_test_transparent_generate_key(
const psa_key_attributes_t *attributes,
uint8_t *key, size_t key_size, size_t *key_length)
{
++mbedtls_test_driver_key_management_hooks.hits;
++mbedtls_test_driver_key_management_hooks.hits_generate_key;
if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) {
return mbedtls_test_driver_key_management_hooks.forced_status;
}
if (mbedtls_test_driver_key_management_hooks.forced_output != NULL) {
if (mbedtls_test_driver_key_management_hooks.forced_output_length >
key_size) {
return PSA_ERROR_BUFFER_TOO_SMALL;
}
memcpy(key, mbedtls_test_driver_key_management_hooks.forced_output,
mbedtls_test_driver_key_management_hooks.forced_output_length);
*key_length = mbedtls_test_driver_key_management_hooks.forced_output_length;
return PSA_SUCCESS;
}
if (PSA_KEY_TYPE_IS_ECC(psa_get_key_type(attributes))
&& PSA_KEY_TYPE_IS_KEY_PAIR(psa_get_key_type(attributes))) {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
return libtestdriver1_mbedtls_psa_ecp_generate_key(
(const libtestdriver1_psa_key_attributes_t *) attributes,
key, key_size, key_length);
#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
return mbedtls_psa_ecp_generate_key(
attributes, key, key_size, key_length);
#endif
} else if (psa_get_key_type(attributes) == PSA_KEY_TYPE_RSA_KEY_PAIR) {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
return libtestdriver1_mbedtls_psa_rsa_generate_key(
(const libtestdriver1_psa_key_attributes_t *) attributes,
NULL, 0, /* We don't support custom e in the test driver yet */
key, key_size, key_length);
#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
return mbedtls_psa_rsa_generate_key(
attributes,
NULL, 0, /* We don't support custom e in the test driver yet */
key, key_size, key_length);
#endif
} else if (PSA_KEY_TYPE_IS_DH(psa_get_key_type(attributes))
&& PSA_KEY_TYPE_IS_KEY_PAIR(psa_get_key_type(attributes))) {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE)
return libtestdriver1_mbedtls_psa_ffdh_generate_key(
(const libtestdriver1_psa_key_attributes_t *) attributes,
key, key_size, key_length);
#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR)
return mbedtls_psa_ffdh_generate_key(
attributes, key, key_size, key_length);
#endif
}
(void) attributes;
return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t mbedtls_test_opaque_generate_key(
const psa_key_attributes_t *attributes,
uint8_t *key, size_t key_size, size_t *key_length)
{
(void) attributes;
(void) key;
(void) key_size;
(void) key_length;
return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t mbedtls_test_transparent_import_key(
const psa_key_attributes_t *attributes,
const uint8_t *data,
size_t data_length,
uint8_t *key_buffer,
size_t key_buffer_size,
size_t *key_buffer_length,
size_t *bits)
{
psa_key_type_t type = psa_get_key_type(attributes);
++mbedtls_test_driver_key_management_hooks.hits;
mbedtls_test_driver_key_management_hooks.location = PSA_KEY_LOCATION_LOCAL_STORAGE;
if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) {
return mbedtls_test_driver_key_management_hooks.forced_status;
}
if (PSA_KEY_TYPE_IS_ECC(type)) {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
(defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY))
return libtestdriver1_mbedtls_psa_ecp_import_key(
(const libtestdriver1_psa_key_attributes_t *) attributes,
data, data_length,
key_buffer, key_buffer_size,
key_buffer_length, bits);
#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
return mbedtls_psa_ecp_import_key(
attributes,
data, data_length,
key_buffer, key_buffer_size,
key_buffer_length, bits);
#endif
} else if (PSA_KEY_TYPE_IS_RSA(type)) {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
(defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY))
return libtestdriver1_mbedtls_psa_rsa_import_key(
(const libtestdriver1_psa_key_attributes_t *) attributes,
data, data_length,
key_buffer, key_buffer_size,
key_buffer_length, bits);
#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
return mbedtls_psa_rsa_import_key(
attributes,
data, data_length,
key_buffer, key_buffer_size,
key_buffer_length, bits);
#endif
} else if (PSA_KEY_TYPE_IS_DH(type)) {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
(defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY))
return libtestdriver1_mbedtls_psa_ffdh_import_key(
(const libtestdriver1_psa_key_attributes_t *) attributes,
data, data_length,
key_buffer, key_buffer_size,
key_buffer_length, bits);
#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
return mbedtls_psa_ffdh_import_key(
attributes,
data, data_length,
key_buffer, key_buffer_size,
key_buffer_length, bits);
#endif
}
(void) data;
(void) data_length;
(void) key_buffer;
(void) key_buffer_size;
(void) key_buffer_length;
(void) bits;
(void) type;
return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t mbedtls_test_opaque_import_key(
const psa_key_attributes_t *attributes,
const uint8_t *data,
size_t data_length,
uint8_t *key_buffer,
size_t key_buffer_size,
size_t *key_buffer_length,
size_t *bits)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_type_t type = psa_get_key_type(attributes);
/* This buffer will be used as an intermediate placeholder for
* the clear key till we wrap it */
uint8_t *key_buffer_temp;
++mbedtls_test_driver_key_management_hooks.hits;
mbedtls_test_driver_key_management_hooks.location = PSA_CRYPTO_TEST_DRIVER_LOCATION;
if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) {
return mbedtls_test_driver_key_management_hooks.forced_status;
}
key_buffer_temp = mbedtls_calloc(1, key_buffer_size);
if (key_buffer_temp == NULL) {
return PSA_ERROR_INSUFFICIENT_MEMORY;
}
if (PSA_KEY_TYPE_IS_UNSTRUCTURED(type)) {
*bits = PSA_BYTES_TO_BITS(data_length);
status = psa_validate_unstructured_key_bit_size(type,
*bits);
if (status != PSA_SUCCESS) {
goto exit;
}
if (data_length > key_buffer_size) {
return PSA_ERROR_BUFFER_TOO_SMALL;
}
/* Copy the key material accounting for opaque key padding. */
memcpy(key_buffer_temp, data, data_length);
*key_buffer_length = data_length;
} else if (PSA_KEY_TYPE_IS_ECC(type)) {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
(defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \
defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY))
status = libtestdriver1_mbedtls_psa_ecp_import_key(
(const libtestdriver1_psa_key_attributes_t *) attributes,
data, data_length,
key_buffer_temp, key_buffer_size,
key_buffer_length, bits);
#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
status = mbedtls_psa_ecp_import_key(
attributes,
data, data_length,
key_buffer_temp, key_buffer_size,
key_buffer_length, bits);
#else
status = PSA_ERROR_NOT_SUPPORTED;
#endif
if (status != PSA_SUCCESS) {
goto exit;
}
} else if (PSA_KEY_TYPE_IS_RSA(type)) {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
(defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \
defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY))
status = libtestdriver1_mbedtls_psa_rsa_import_key(
(const libtestdriver1_psa_key_attributes_t *) attributes,
data, data_length,
key_buffer_temp, key_buffer_size,
key_buffer_length, bits);
#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
status = mbedtls_psa_rsa_import_key(
attributes,
data, data_length,
key_buffer_temp, key_buffer_size,
key_buffer_length, bits);
#else
status = PSA_ERROR_NOT_SUPPORTED;
#endif
if (status != PSA_SUCCESS) {
goto exit;
}
} else {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
status = mbedtls_test_opaque_wrap_key(key_buffer_temp, *key_buffer_length,
key_buffer, key_buffer_size, key_buffer_length);
exit:
mbedtls_free(key_buffer_temp);
return status;
}
psa_status_t mbedtls_test_opaque_export_key(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
uint8_t *data, size_t data_size, size_t *data_length)
{
if (key_length == sizeof(psa_drv_slot_number_t)) {
/* Assume this is a builtin key based on the key material length. */
psa_drv_slot_number_t slot_number = *((psa_drv_slot_number_t *) key);
switch (slot_number) {
case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT:
/* This is the ECDSA slot. Verify the key's attributes before
* returning the private key. */
if (psa_get_key_type(attributes) !=
PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) {
return PSA_ERROR_CORRUPTION_DETECTED;
}
if (psa_get_key_bits(attributes) != 256) {
return PSA_ERROR_CORRUPTION_DETECTED;
}
if (psa_get_key_algorithm(attributes) !=
PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)) {
return PSA_ERROR_CORRUPTION_DETECTED;
}
if ((psa_get_key_usage_flags(attributes) &
PSA_KEY_USAGE_EXPORT) == 0) {
return PSA_ERROR_CORRUPTION_DETECTED;
}
if (data_size < sizeof(mbedtls_test_driver_ecdsa_key)) {
return PSA_ERROR_BUFFER_TOO_SMALL;
}
memcpy(data, mbedtls_test_driver_ecdsa_key,
sizeof(mbedtls_test_driver_ecdsa_key));
*data_length = sizeof(mbedtls_test_driver_ecdsa_key);
return PSA_SUCCESS;
case PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT:
/* This is the AES slot. Verify the key's attributes before
* returning the key. */
if (psa_get_key_type(attributes) != PSA_KEY_TYPE_AES) {
return PSA_ERROR_CORRUPTION_DETECTED;
}
if (psa_get_key_bits(attributes) != 128) {
return PSA_ERROR_CORRUPTION_DETECTED;
}
if (psa_get_key_algorithm(attributes) != PSA_ALG_CTR) {
return PSA_ERROR_CORRUPTION_DETECTED;
}
if ((psa_get_key_usage_flags(attributes) &
PSA_KEY_USAGE_EXPORT) == 0) {
return PSA_ERROR_CORRUPTION_DETECTED;
}
if (data_size < sizeof(mbedtls_test_driver_aes_key)) {
return PSA_ERROR_BUFFER_TOO_SMALL;
}
memcpy(data, mbedtls_test_driver_aes_key,
sizeof(mbedtls_test_driver_aes_key));
*data_length = sizeof(mbedtls_test_driver_aes_key);
return PSA_SUCCESS;
default:
return PSA_ERROR_DOES_NOT_EXIST;
}
} else {
/* This buffer will be used as an intermediate placeholder for
* the opaque key till we unwrap the key into key_buffer */
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_type_t type = psa_get_key_type(attributes);
if (PSA_KEY_TYPE_IS_UNSTRUCTURED(type) ||
PSA_KEY_TYPE_IS_RSA(type) ||
PSA_KEY_TYPE_IS_ECC(type)) {
status = mbedtls_test_opaque_unwrap_key(key, key_length,
data, data_size, data_length);
return status;
}
}
return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t mbedtls_test_transparent_export_public_key(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
uint8_t *data, size_t data_size, size_t *data_length)
{
++mbedtls_test_driver_key_management_hooks.hits;
++mbedtls_test_driver_key_management_hooks.hits_export_public_key;
if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) {
return mbedtls_test_driver_key_management_hooks.forced_status;
}
if (mbedtls_test_driver_key_management_hooks.forced_output != NULL) {
if (mbedtls_test_driver_key_management_hooks.forced_output_length >
data_size) {
return PSA_ERROR_BUFFER_TOO_SMALL;
}
memcpy(data, mbedtls_test_driver_key_management_hooks.forced_output,
mbedtls_test_driver_key_management_hooks.forced_output_length);
*data_length = mbedtls_test_driver_key_management_hooks.forced_output_length;
return PSA_SUCCESS;
}
psa_key_type_t key_type = psa_get_key_type(attributes);
if (PSA_KEY_TYPE_IS_ECC(key_type)) {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
(defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT) || \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY))
return libtestdriver1_mbedtls_psa_ecp_export_public_key(
(const libtestdriver1_psa_key_attributes_t *) attributes,
key_buffer, key_buffer_size,
data, data_size, data_length);
#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT) || \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
return mbedtls_psa_ecp_export_public_key(
attributes,
key_buffer, key_buffer_size,
data, data_size, data_length);
#endif
} else if (PSA_KEY_TYPE_IS_RSA(key_type)) {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
(defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY))
return libtestdriver1_mbedtls_psa_rsa_export_public_key(
(const libtestdriver1_psa_key_attributes_t *) attributes,
key_buffer, key_buffer_size,
data, data_size, data_length);
#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
return mbedtls_psa_rsa_export_public_key(
attributes,
key_buffer, key_buffer_size,
data, data_size, data_length);
#endif
} else if (PSA_KEY_TYPE_IS_DH(key_type)) {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
(defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY))
return libtestdriver1_mbedtls_psa_ffdh_export_public_key(
(const libtestdriver1_psa_key_attributes_t *) attributes,
key_buffer, key_buffer_size,
data, data_size, data_length);
#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY)
return mbedtls_psa_ffdh_export_public_key(
attributes,
key_buffer, key_buffer_size,
data, data_size, data_length);
#endif
}
(void) key_buffer;
(void) key_buffer_size;
(void) key_type;
return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t mbedtls_test_opaque_export_public_key(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
uint8_t *data, size_t data_size, size_t *data_length)
{
if (key_length != sizeof(psa_drv_slot_number_t)) {
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_type_t key_type = psa_get_key_type(attributes);
uint8_t *key_buffer_temp;
key_buffer_temp = mbedtls_calloc(1, key_length);
if (key_buffer_temp == NULL) {
return PSA_ERROR_INSUFFICIENT_MEMORY;
}
if (PSA_KEY_TYPE_IS_ECC(key_type)) {
status = mbedtls_test_opaque_unwrap_key(key, key_length,
key_buffer_temp, key_length, data_length);
if (status == PSA_SUCCESS) {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
(defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \
defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY))
status = libtestdriver1_mbedtls_psa_ecp_export_public_key(
(const libtestdriver1_psa_key_attributes_t *) attributes,
key_buffer_temp, *data_length,
data, data_size, data_length);
#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT) || \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
status = mbedtls_psa_ecp_export_public_key(
attributes,
key_buffer_temp, *data_length,
data, data_size, data_length);
#else
status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
} else if (PSA_KEY_TYPE_IS_RSA(key_type)) {
status = mbedtls_test_opaque_unwrap_key(key, key_length,
key_buffer_temp, key_length, data_length);
if (status == PSA_SUCCESS) {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
(defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \
defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY))
status = libtestdriver1_mbedtls_psa_rsa_export_public_key(
(const libtestdriver1_psa_key_attributes_t *) attributes,
key_buffer_temp, *data_length,
data, data_size, data_length);
#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
status = mbedtls_psa_rsa_export_public_key(
attributes,
key_buffer_temp, *data_length,
data, data_size, data_length);
#else
status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
} else {
status = PSA_ERROR_NOT_SUPPORTED;
(void) key;
(void) key_type;
}
mbedtls_free(key_buffer_temp);
return status;
}
/* Assume this is a builtin key based on the key material length. */
psa_drv_slot_number_t slot_number = *((psa_drv_slot_number_t *) key);
switch (slot_number) {
case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT:
/* This is the ECDSA slot. Verify the key's attributes before
* returning the public key. */
if (psa_get_key_type(attributes) !=
PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) {
return PSA_ERROR_CORRUPTION_DETECTED;
}
if (psa_get_key_bits(attributes) != 256) {
return PSA_ERROR_CORRUPTION_DETECTED;
}
if (psa_get_key_algorithm(attributes) !=
PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)) {
return PSA_ERROR_CORRUPTION_DETECTED;
}
if (data_size < sizeof(mbedtls_test_driver_ecdsa_pubkey)) {
return PSA_ERROR_BUFFER_TOO_SMALL;
}
memcpy(data, mbedtls_test_driver_ecdsa_pubkey,
sizeof(mbedtls_test_driver_ecdsa_pubkey));
*data_length = sizeof(mbedtls_test_driver_ecdsa_pubkey);
return PSA_SUCCESS;
default:
return PSA_ERROR_DOES_NOT_EXIST;
}
}
/* The opaque test driver exposes two built-in keys when builtin key support is
* compiled in.
* The key in slot #PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT is an AES-128
* key which allows CTR mode.
* The key in slot #PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT is a secp256r1
* private key which allows ECDSA sign & verify.
* The key buffer format for these is the raw format of psa_drv_slot_number_t
* (i.e. for an actual driver this would mean 'builtin_key_size' =
* sizeof(psa_drv_slot_number_t)).
*/
psa_status_t mbedtls_test_opaque_get_builtin_key(
psa_drv_slot_number_t slot_number,
psa_key_attributes_t *attributes,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length)
{
switch (slot_number) {
case PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT:
psa_set_key_type(attributes, PSA_KEY_TYPE_AES);
psa_set_key_bits(attributes, 128);
psa_set_key_usage_flags(
attributes,
PSA_KEY_USAGE_ENCRYPT |
PSA_KEY_USAGE_DECRYPT |
PSA_KEY_USAGE_EXPORT);
psa_set_key_algorithm(attributes, PSA_ALG_CTR);
if (key_buffer_size < sizeof(psa_drv_slot_number_t)) {
return PSA_ERROR_BUFFER_TOO_SMALL;
}
*((psa_drv_slot_number_t *) key_buffer) =
PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT;
*key_buffer_length = sizeof(psa_drv_slot_number_t);
return PSA_SUCCESS;
case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT:
psa_set_key_type(
attributes,
PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1));
psa_set_key_bits(attributes, 256);
psa_set_key_usage_flags(
attributes,
PSA_KEY_USAGE_SIGN_HASH |
PSA_KEY_USAGE_VERIFY_HASH |
PSA_KEY_USAGE_EXPORT);
psa_set_key_algorithm(
attributes, PSA_ALG_ECDSA(PSA_ALG_ANY_HASH));
if (key_buffer_size < sizeof(psa_drv_slot_number_t)) {
return PSA_ERROR_BUFFER_TOO_SMALL;
}
*((psa_drv_slot_number_t *) key_buffer) =
PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT;
*key_buffer_length = sizeof(psa_drv_slot_number_t);
return PSA_SUCCESS;
default:
return PSA_ERROR_DOES_NOT_EXIST;
}
}
psa_status_t mbedtls_test_opaque_copy_key(
psa_key_attributes_t *attributes,
const uint8_t *source_key, size_t source_key_length,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length)
{
/* This is a case where the opaque test driver emulates an SE without storage.
* With that all key context is stored in the wrapped buffer.
* So no additional house keeping is necessary to reference count the
* copied keys. This could change when the opaque test driver is extended
* to support SE with storage, or to emulate an SE without storage but
* still holding some slot references */
if (source_key_length > key_buffer_size) {
return PSA_ERROR_BUFFER_TOO_SMALL;
}
memcpy(key_buffer, source_key, source_key_length);
*key_buffer_length = source_key_length;
(void) attributes;
return PSA_SUCCESS;
}
#endif /* PSA_CRYPTO_DRIVER_TEST */

426
tests/src/drivers/test_driver_mac.c
View File

@ -1,426 +0,0 @@
/*
* Test driver for MAC entry points.
*/
/* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include <test/helpers.h>
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include "psa_crypto_mac.h"
#include "test/drivers/mac.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
#if MBEDTLS_VERSION_MAJOR < 4
#include "libtestdriver1/library/psa_crypto_mac.h"
#else
#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_mac.h"
#endif
#endif
mbedtls_test_driver_mac_hooks_t mbedtls_test_driver_mac_hooks =
MBEDTLS_TEST_DRIVER_MAC_INIT;
psa_status_t mbedtls_test_transparent_mac_compute(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *mac,
size_t mac_size,
size_t *mac_length)
{
mbedtls_test_driver_mac_hooks.hits++;
if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_test_driver_mac_hooks.forced_status;
} else {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC)
mbedtls_test_driver_mac_hooks.driver_status =
libtestdriver1_mbedtls_psa_mac_compute(
(const libtestdriver1_psa_key_attributes_t *) attributes,
key_buffer, key_buffer_size, alg,
input, input_length,
mac, mac_size, mac_length);
#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_psa_mac_compute(
attributes, key_buffer, key_buffer_size, alg,
input, input_length,
mac, mac_size, mac_length);
#else
(void) attributes;
(void) key_buffer;
(void) key_buffer_size;
(void) alg;
(void) input;
(void) input_length;
(void) mac;
(void) mac_size;
(void) mac_length;
mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
return mbedtls_test_driver_mac_hooks.driver_status;
}
psa_status_t mbedtls_test_transparent_mac_sign_setup(
mbedtls_transparent_test_driver_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg)
{
mbedtls_test_driver_mac_hooks.hits++;
if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_test_driver_mac_hooks.forced_status;
} else {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC)
mbedtls_test_driver_mac_hooks.driver_status =
libtestdriver1_mbedtls_psa_mac_sign_setup(
operation,
(const libtestdriver1_psa_key_attributes_t *) attributes,
key_buffer, key_buffer_size, alg);
#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_psa_mac_sign_setup(
operation, attributes, key_buffer, key_buffer_size, alg);
#else
(void) operation;
(void) attributes;
(void) key_buffer;
(void) key_buffer_size;
(void) alg;
mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
return mbedtls_test_driver_mac_hooks.driver_status;
}
psa_status_t mbedtls_test_transparent_mac_verify_setup(
mbedtls_transparent_test_driver_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg)
{
mbedtls_test_driver_mac_hooks.hits++;
if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_test_driver_mac_hooks.forced_status;
} else {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC)
mbedtls_test_driver_mac_hooks.driver_status =
libtestdriver1_mbedtls_psa_mac_verify_setup(
operation,
(const libtestdriver1_psa_key_attributes_t *) attributes,
key_buffer, key_buffer_size, alg);
#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_psa_mac_verify_setup(
operation, attributes, key_buffer, key_buffer_size, alg);
#else
(void) operation;
(void) attributes;
(void) key_buffer;
(void) key_buffer_size;
(void) alg;
mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
return mbedtls_test_driver_mac_hooks.driver_status;
}
psa_status_t mbedtls_test_transparent_mac_update(
mbedtls_transparent_test_driver_mac_operation_t *operation,
const uint8_t *input,
size_t input_length)
{
mbedtls_test_driver_mac_hooks.hits++;
if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_test_driver_mac_hooks.forced_status;
} else {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC)
mbedtls_test_driver_mac_hooks.driver_status =
libtestdriver1_mbedtls_psa_mac_update(
operation, input, input_length);
#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_psa_mac_update(
operation, input, input_length);
#else
(void) operation;
(void) input;
(void) input_length;
mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
return mbedtls_test_driver_mac_hooks.driver_status;
}
psa_status_t mbedtls_test_transparent_mac_sign_finish(
mbedtls_transparent_test_driver_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size,
size_t *mac_length)
{
mbedtls_test_driver_mac_hooks.hits++;
if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_test_driver_mac_hooks.forced_status;
} else {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC)
mbedtls_test_driver_mac_hooks.driver_status =
libtestdriver1_mbedtls_psa_mac_sign_finish(
operation, mac, mac_size, mac_length);
#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_psa_mac_sign_finish(
operation, mac, mac_size, mac_length);
#else
(void) operation;
(void) mac;
(void) mac_size;
(void) mac_length;
mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
return mbedtls_test_driver_mac_hooks.driver_status;
}
psa_status_t mbedtls_test_transparent_mac_verify_finish(
mbedtls_transparent_test_driver_mac_operation_t *operation,
const uint8_t *mac,
size_t mac_length)
{
mbedtls_test_driver_mac_hooks.hits++;
if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_test_driver_mac_hooks.forced_status;
} else {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC)
mbedtls_test_driver_mac_hooks.driver_status =
libtestdriver1_mbedtls_psa_mac_verify_finish(
operation, mac, mac_length);
#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_psa_mac_verify_finish(
operation, mac, mac_length);
#else
(void) operation;
(void) mac;
(void) mac_length;
mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
return mbedtls_test_driver_mac_hooks.driver_status;
}
psa_status_t mbedtls_test_transparent_mac_abort(
mbedtls_transparent_test_driver_mac_operation_t *operation)
{
mbedtls_test_driver_mac_hooks.hits++;
if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_test_driver_mac_hooks.forced_status;
} else {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC)
mbedtls_test_driver_mac_hooks.driver_status =
libtestdriver1_mbedtls_psa_mac_abort(operation);
#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_psa_mac_abort(operation);
#else
(void) operation;
mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
return mbedtls_test_driver_mac_hooks.driver_status;
}
psa_status_t mbedtls_test_opaque_mac_compute(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *mac,
size_t mac_size,
size_t *mac_length)
{
mbedtls_test_driver_mac_hooks.hits++;
if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_test_driver_mac_hooks.forced_status;
} else {
(void) attributes;
(void) key_buffer;
(void) key_buffer_size;
(void) alg;
(void) input;
(void) input_length;
(void) mac;
(void) mac_size;
(void) mac_length;
mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
}
return mbedtls_test_driver_mac_hooks.driver_status;
}
psa_status_t mbedtls_test_opaque_mac_sign_setup(
mbedtls_opaque_test_driver_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg)
{
mbedtls_test_driver_mac_hooks.hits++;
if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_test_driver_mac_hooks.forced_status;
} else {
(void) operation;
(void) attributes;
(void) key_buffer;
(void) key_buffer_size;
(void) alg;
mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
}
return mbedtls_test_driver_mac_hooks.driver_status;
}
psa_status_t mbedtls_test_opaque_mac_verify_setup(
mbedtls_opaque_test_driver_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg)
{
mbedtls_test_driver_mac_hooks.hits++;
if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_test_driver_mac_hooks.forced_status;
} else {
(void) operation;
(void) attributes;
(void) key_buffer;
(void) key_buffer_size;
(void) alg;
mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
}
return mbedtls_test_driver_mac_hooks.driver_status;
}
psa_status_t mbedtls_test_opaque_mac_update(
mbedtls_opaque_test_driver_mac_operation_t *operation,
const uint8_t *input,
size_t input_length)
{
mbedtls_test_driver_mac_hooks.hits++;
if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_test_driver_mac_hooks.forced_status;
} else {
(void) operation;
(void) input;
(void) input_length;
mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
}
return mbedtls_test_driver_mac_hooks.driver_status;
}
psa_status_t mbedtls_test_opaque_mac_sign_finish(
mbedtls_opaque_test_driver_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size,
size_t *mac_length)
{
mbedtls_test_driver_mac_hooks.hits++;
if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_test_driver_mac_hooks.forced_status;
} else {
(void) operation;
(void) mac;
(void) mac_size;
(void) mac_length;
mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
}
return mbedtls_test_driver_mac_hooks.driver_status;
}
psa_status_t mbedtls_test_opaque_mac_verify_finish(
mbedtls_opaque_test_driver_mac_operation_t *operation,
const uint8_t *mac,
size_t mac_length)
{
mbedtls_test_driver_mac_hooks.hits++;
if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_test_driver_mac_hooks.forced_status;
} else {
(void) operation;
(void) mac;
(void) mac_length;
mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
}
return mbedtls_test_driver_mac_hooks.driver_status;
}
psa_status_t mbedtls_test_opaque_mac_abort(
mbedtls_opaque_test_driver_mac_operation_t *operation)
{
mbedtls_test_driver_mac_hooks.hits++;
if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_test_driver_mac_hooks.forced_status;
} else {
(void) operation;
mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
}
return mbedtls_test_driver_mac_hooks.driver_status;
}
#endif /* PSA_CRYPTO_DRIVER_TEST */

206
tests/src/drivers/test_driver_pake.c
View File

@ -1,206 +0,0 @@
/*
* Test driver for PAKE entry points.
*/
/* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include <test/helpers.h>
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include "psa_crypto_pake.h"
#include "test/drivers/pake.h"
#include "string.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
#if MBEDTLS_VERSION_MAJOR < 4
#include "libtestdriver1/library/psa_crypto_pake.h"
#else
#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_pake.h"
#endif
#endif
mbedtls_test_driver_pake_hooks_t mbedtls_test_driver_pake_hooks =
MBEDTLS_TEST_DRIVER_PAKE_INIT;
psa_status_t mbedtls_test_transparent_pake_setup(
mbedtls_transparent_test_driver_pake_operation_t *operation,
const psa_crypto_driver_pake_inputs_t *inputs)
{
mbedtls_test_driver_pake_hooks.hits.total++;
mbedtls_test_driver_pake_hooks.hits.setup++;
if (mbedtls_test_driver_pake_hooks.forced_setup_status != PSA_SUCCESS) {
mbedtls_test_driver_pake_hooks.driver_status =
mbedtls_test_driver_pake_hooks.forced_setup_status;
} else {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE)
mbedtls_test_driver_pake_hooks.driver_status =
libtestdriver1_mbedtls_psa_pake_setup(
operation, (const libtestdriver1_psa_crypto_driver_pake_inputs_t *) inputs);
#elif defined(MBEDTLS_PSA_BUILTIN_PAKE)
mbedtls_test_driver_pake_hooks.driver_status =
mbedtls_psa_pake_setup(
operation, inputs);
#else
(void) operation;
(void) inputs;
mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
return mbedtls_test_driver_pake_hooks.driver_status;
}
psa_status_t mbedtls_test_transparent_pake_output(
mbedtls_transparent_test_driver_pake_operation_t *operation,
psa_crypto_driver_pake_step_t step,
uint8_t *output,
size_t output_size,
size_t *output_length)
{
mbedtls_test_driver_pake_hooks.hits.total++;
mbedtls_test_driver_pake_hooks.hits.output++;
if (mbedtls_test_driver_pake_hooks.forced_output != NULL) {
if (output_size < mbedtls_test_driver_pake_hooks.forced_output_length) {
return PSA_ERROR_BUFFER_TOO_SMALL;
}
memcpy(output,
mbedtls_test_driver_pake_hooks.forced_output,
mbedtls_test_driver_pake_hooks.forced_output_length);
*output_length = mbedtls_test_driver_pake_hooks.forced_output_length;
return mbedtls_test_driver_pake_hooks.forced_status;
}
if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) {
mbedtls_test_driver_pake_hooks.driver_status =
mbedtls_test_driver_pake_hooks.forced_status;
} else {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE)
mbedtls_test_driver_pake_hooks.driver_status =
libtestdriver1_mbedtls_psa_pake_output(
operation, (libtestdriver1_psa_crypto_driver_pake_step_t) step,
output, output_size, output_length);
#elif defined(MBEDTLS_PSA_BUILTIN_PAKE)
mbedtls_test_driver_pake_hooks.driver_status =
mbedtls_psa_pake_output(
operation, step, output, output_size, output_length);
#else
(void) operation;
(void) step;
(void) output;
(void) output_size;
(void) output_length;
mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
return mbedtls_test_driver_pake_hooks.driver_status;
}
psa_status_t mbedtls_test_transparent_pake_input(
mbedtls_transparent_test_driver_pake_operation_t *operation,
psa_crypto_driver_pake_step_t step,
const uint8_t *input,
size_t input_length)
{
mbedtls_test_driver_pake_hooks.hits.total++;
mbedtls_test_driver_pake_hooks.hits.input++;
if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) {
mbedtls_test_driver_pake_hooks.driver_status =
mbedtls_test_driver_pake_hooks.forced_status;
} else {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE)
mbedtls_test_driver_pake_hooks.driver_status =
libtestdriver1_mbedtls_psa_pake_input(
operation, (libtestdriver1_psa_crypto_driver_pake_step_t) step,
input, input_length);
#elif defined(MBEDTLS_PSA_BUILTIN_PAKE)
mbedtls_test_driver_pake_hooks.driver_status =
mbedtls_psa_pake_input(
operation, step, input, input_length);
#else
(void) operation;
(void) step;
(void) input;
(void) input_length;
mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
return mbedtls_test_driver_pake_hooks.driver_status;
}
psa_status_t mbedtls_test_transparent_pake_get_implicit_key(
mbedtls_transparent_test_driver_pake_operation_t *operation,
uint8_t *output, size_t output_size, size_t *output_length)
{
mbedtls_test_driver_pake_hooks.hits.total++;
mbedtls_test_driver_pake_hooks.hits.implicit_key++;
if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) {
mbedtls_test_driver_pake_hooks.driver_status =
mbedtls_test_driver_pake_hooks.forced_status;
} else {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE)
mbedtls_test_driver_pake_hooks.driver_status =
libtestdriver1_mbedtls_psa_pake_get_implicit_key(
operation, output, output_size, output_length);
#elif defined(MBEDTLS_PSA_BUILTIN_PAKE)
mbedtls_test_driver_pake_hooks.driver_status =
mbedtls_psa_pake_get_implicit_key(
operation, output, output_size, output_length);
#else
(void) operation;
(void) output;
(void) output_size;
(void) output_length;
mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
return mbedtls_test_driver_pake_hooks.driver_status;
}
psa_status_t mbedtls_test_transparent_pake_abort(
mbedtls_transparent_test_driver_pake_operation_t *operation)
{
mbedtls_test_driver_pake_hooks.hits.total++;
mbedtls_test_driver_pake_hooks.hits.abort++;
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE)
mbedtls_test_driver_pake_hooks.driver_status =
libtestdriver1_mbedtls_psa_pake_abort(
operation);
#elif defined(MBEDTLS_PSA_BUILTIN_PAKE)
mbedtls_test_driver_pake_hooks.driver_status =
mbedtls_psa_pake_abort(
operation);
#else
(void) operation;
mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS &&
mbedtls_test_driver_pake_hooks.driver_status == PSA_SUCCESS) {
mbedtls_test_driver_pake_hooks.driver_status =
mbedtls_test_driver_pake_hooks.forced_status;
}
return mbedtls_test_driver_pake_hooks.driver_status;
}
#endif /* PSA_CRYPTO_DRIVER_TEST */

410
tests/src/drivers/test_driver_signature.c
View File

@ -1,410 +0,0 @@
/*
* Test driver for signature functions.
* Currently supports signing and verifying precalculated hashes, using
* only deterministic ECDSA on curves secp256r1, secp384r1 and secp521r1.
*/
/* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include <test/helpers.h>
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include "psa/crypto.h"
#include "psa_crypto_core.h"
#include "psa_crypto_ecp.h"
#include "psa_crypto_hash.h"
#include "psa_crypto_rsa.h"
#include "mbedtls/ecp.h"
#include "test/drivers/hash.h"
#include "test/drivers/signature.h"
#include "test/drivers/hash.h"
#include "mbedtls/ecdsa.h"
#include "test/random.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
#if MBEDTLS_VERSION_MAJOR < 4
#include "libtestdriver1/library/psa_crypto_ecp.h"
#include "libtestdriver1/library/psa_crypto_hash.h"
#include "libtestdriver1/library/psa_crypto_rsa.h"
#else
#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.h"
#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_hash.h"
#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_rsa.h"
#endif
#endif
#include <string.h>
mbedtls_test_driver_signature_hooks_t
mbedtls_test_driver_signature_sign_hooks = MBEDTLS_TEST_DRIVER_SIGNATURE_INIT;
mbedtls_test_driver_signature_hooks_t
mbedtls_test_driver_signature_verify_hooks = MBEDTLS_TEST_DRIVER_SIGNATURE_INIT;
psa_status_t sign_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *hash,
size_t hash_length,
uint8_t *signature,
size_t signature_size,
size_t *signature_length)
{
if (attributes->type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) ||
PSA_ALG_IS_RSA_PSS(alg)) {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
(defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS))
return libtestdriver1_mbedtls_psa_rsa_sign_hash(
(const libtestdriver1_psa_key_attributes_t *) attributes,
key_buffer, key_buffer_size,
alg, hash, hash_length,
signature, signature_size, signature_length);
#elif defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
return mbedtls_psa_rsa_sign_hash(
attributes,
key_buffer, key_buffer_size,
alg, hash, hash_length,
signature, signature_size, signature_length);
#endif
} else {
return PSA_ERROR_INVALID_ARGUMENT;
}
} else if (PSA_KEY_TYPE_IS_ECC(attributes->type)) {
if (PSA_ALG_IS_ECDSA(alg)) {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
(defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA))
return libtestdriver1_mbedtls_psa_ecdsa_sign_hash(
(const libtestdriver1_psa_key_attributes_t *) attributes,
key_buffer, key_buffer_size,
alg, hash, hash_length,
signature, signature_size, signature_length);
#elif defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
return mbedtls_psa_ecdsa_sign_hash(
attributes,
key_buffer, key_buffer_size,
alg, hash, hash_length,
signature, signature_size, signature_length);
#endif
} else {
return PSA_ERROR_INVALID_ARGUMENT;
}
}
(void) attributes;
(void) key_buffer;
(void) key_buffer_size;
(void) alg;
(void) hash;
(void) hash_length;
(void) signature;
(void) signature_size;
(void) signature_length;
return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t verify_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *hash,
size_t hash_length,
const uint8_t *signature,
size_t signature_length)
{
if (PSA_KEY_TYPE_IS_RSA(attributes->type)) {
if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) ||
PSA_ALG_IS_RSA_PSS(alg)) {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
(defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS))
return libtestdriver1_mbedtls_psa_rsa_verify_hash(
(const libtestdriver1_psa_key_attributes_t *) attributes,
key_buffer, key_buffer_size,
alg, hash, hash_length,
signature, signature_length);
#elif defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
return mbedtls_psa_rsa_verify_hash(
attributes,
key_buffer, key_buffer_size,
alg, hash, hash_length,
signature, signature_length);
#endif
} else {
return PSA_ERROR_INVALID_ARGUMENT;
}
} else if (PSA_KEY_TYPE_IS_ECC(attributes->type)) {
if (PSA_ALG_IS_ECDSA(alg)) {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
(defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA))
return libtestdriver1_mbedtls_psa_ecdsa_verify_hash(
(const libtestdriver1_psa_key_attributes_t *) attributes,
key_buffer, key_buffer_size,
alg, hash, hash_length,
signature, signature_length);
#elif defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
return mbedtls_psa_ecdsa_verify_hash(
attributes,
key_buffer, key_buffer_size,
alg, hash, hash_length,
signature, signature_length);
#endif
} else {
return PSA_ERROR_INVALID_ARGUMENT;
}
}
(void) attributes;
(void) key_buffer;
(void) key_buffer_size;
(void) alg;
(void) hash;
(void) hash_length;
(void) signature;
(void) signature_length;
return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t mbedtls_test_transparent_signature_sign_message(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *signature,
size_t signature_size,
size_t *signature_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t hash_length;
uint8_t hash[PSA_HASH_MAX_SIZE];
++mbedtls_test_driver_signature_sign_hooks.hits;
if (mbedtls_test_driver_signature_sign_hooks.forced_status != PSA_SUCCESS) {
return mbedtls_test_driver_signature_sign_hooks.forced_status;
}
if (mbedtls_test_driver_signature_sign_hooks.forced_output != NULL) {
if (mbedtls_test_driver_signature_sign_hooks.forced_output_length > signature_size) {
return PSA_ERROR_BUFFER_TOO_SMALL;
}
memcpy(signature, mbedtls_test_driver_signature_sign_hooks.forced_output,
mbedtls_test_driver_signature_sign_hooks.forced_output_length);
*signature_length = mbedtls_test_driver_signature_sign_hooks.forced_output_length;
return PSA_SUCCESS;
}
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
status = libtestdriver1_mbedtls_psa_hash_compute(
PSA_ALG_SIGN_GET_HASH(alg), input, input_length,
hash, sizeof(hash), &hash_length);
#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
status = mbedtls_psa_hash_compute(
PSA_ALG_SIGN_GET_HASH(alg), input, input_length,
hash, sizeof(hash), &hash_length);
#else
(void) input;
(void) input_length;
status = PSA_ERROR_NOT_SUPPORTED;
#endif
if (status != PSA_SUCCESS) {
return status;
}
return sign_hash(attributes, key_buffer, key_buffer_size,
alg, hash, hash_length,
signature, signature_size, signature_length);
}
psa_status_t mbedtls_test_opaque_signature_sign_message(
const psa_key_attributes_t *attributes,
const uint8_t *key,
size_t key_length,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *signature,
size_t signature_size,
size_t *signature_length)
{
(void) attributes;
(void) key;
(void) key_length;
(void) alg;
(void) input;
(void) input_length;
(void) signature;
(void) signature_size;
(void) signature_length;
return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t mbedtls_test_transparent_signature_verify_message(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
const uint8_t *signature,
size_t signature_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t hash_length;
uint8_t hash[PSA_HASH_MAX_SIZE];
++mbedtls_test_driver_signature_verify_hooks.hits;
if (mbedtls_test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS) {
return mbedtls_test_driver_signature_verify_hooks.forced_status;
}
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
status = libtestdriver1_mbedtls_psa_hash_compute(
PSA_ALG_SIGN_GET_HASH(alg), input, input_length,
hash, sizeof(hash), &hash_length);
#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
status = mbedtls_psa_hash_compute(
PSA_ALG_SIGN_GET_HASH(alg), input, input_length,
hash, sizeof(hash), &hash_length);
#else
(void) input;
(void) input_length;
status = PSA_ERROR_NOT_SUPPORTED;
#endif
if (status != PSA_SUCCESS) {
return status;
}
return verify_hash(attributes, key_buffer, key_buffer_size,
alg, hash, hash_length,
signature, signature_length);
}
psa_status_t mbedtls_test_opaque_signature_verify_message(
const psa_key_attributes_t *attributes,
const uint8_t *key,
size_t key_length,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
const uint8_t *signature,
size_t signature_length)
{
(void) attributes;
(void) key;
(void) key_length;
(void) alg;
(void) input;
(void) input_length;
(void) signature;
(void) signature_length;
return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t mbedtls_test_transparent_signature_sign_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *hash, size_t hash_length,
uint8_t *signature, size_t signature_size, size_t *signature_length)
{
++mbedtls_test_driver_signature_sign_hooks.hits;
if (mbedtls_test_driver_signature_sign_hooks.forced_status != PSA_SUCCESS) {
return mbedtls_test_driver_signature_sign_hooks.forced_status;
}
if (mbedtls_test_driver_signature_sign_hooks.forced_output != NULL) {
if (mbedtls_test_driver_signature_sign_hooks.forced_output_length > signature_size) {
return PSA_ERROR_BUFFER_TOO_SMALL;
}
memcpy(signature, mbedtls_test_driver_signature_sign_hooks.forced_output,
mbedtls_test_driver_signature_sign_hooks.forced_output_length);
*signature_length = mbedtls_test_driver_signature_sign_hooks.forced_output_length;
return PSA_SUCCESS;
}
return sign_hash(attributes, key_buffer, key_buffer_size,
alg, hash, hash_length,
signature, signature_size, signature_length);
}
psa_status_t mbedtls_test_opaque_signature_sign_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg,
const uint8_t *hash, size_t hash_length,
uint8_t *signature, size_t signature_size, size_t *signature_length)
{
(void) attributes;
(void) key;
(void) key_length;
(void) alg;
(void) hash;
(void) hash_length;
(void) signature;
(void) signature_size;
(void) signature_length;
return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t mbedtls_test_transparent_signature_verify_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *hash, size_t hash_length,
const uint8_t *signature, size_t signature_length)
{
++mbedtls_test_driver_signature_verify_hooks.hits;
if (mbedtls_test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS) {
return mbedtls_test_driver_signature_verify_hooks.forced_status;
}
return verify_hash(attributes, key_buffer, key_buffer_size,
alg, hash, hash_length,
signature, signature_length);
}
psa_status_t mbedtls_test_opaque_signature_verify_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg,
const uint8_t *hash, size_t hash_length,
const uint8_t *signature, size_t signature_length)
{
(void) attributes;
(void) key;
(void) key_length;
(void) alg;
(void) hash;
(void) hash_length;
(void) signature;
(void) signature_length;
return PSA_ERROR_NOT_SUPPORTED;
}
#endif /* PSA_CRYPTO_DRIVER_TEST */

45
tests/src/fake_external_rng_for_test.c
View File

@ -1,45 +0,0 @@
/** \file fake_external_rng_for_test.c
*
* \brief Helper functions to test PSA crypto functionality.
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include <test/fake_external_rng_for_test.h>
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
#include <test/random.h>
#include <psa/crypto.h>
static int test_insecure_external_rng_enabled = 0;
void mbedtls_test_enable_insecure_external_rng(void)
{
test_insecure_external_rng_enabled = 1;
}
void mbedtls_test_disable_insecure_external_rng(void)
{
test_insecure_external_rng_enabled = 0;
}
psa_status_t mbedtls_psa_external_get_random(
mbedtls_psa_external_random_context_t *context,
uint8_t *output, size_t output_size, size_t *output_length)
{
(void) context;
if (!test_insecure_external_rng_enabled) {
return PSA_ERROR_INSUFFICIENT_ENTROPY;
}
/* This implementation is for test purposes only!
* Use the libc non-cryptographic random generator. */
mbedtls_test_rnd_std_rand(NULL, output, output_size);
*output_length = output_size;
return PSA_SUCCESS;
}
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */

723
tests/src/helpers.c
View File

@ -1,723 +0,0 @@
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include <test/constant_flow.h>
#include <test/helpers.h>
#include <test/macros.h>
#include <string.h>
#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
#include <psa/crypto.h>
#include <test/psa_crypto_helpers.h>
#endif
#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_PSA_CRYPTO_C)
#include <test/psa_memory_poisoning_wrappers.h>
#endif
#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C)
#include <test/bignum_codepath_check.h>
#endif
#if defined(MBEDTLS_THREADING_C)
#include "mbedtls/threading.h"
#endif
/*----------------------------------------------------------------------------*/
/* Static global variables */
#if defined(MBEDTLS_PLATFORM_C)
static mbedtls_platform_context platform_ctx;
#endif
static mbedtls_test_info_t mbedtls_test_info;
#ifdef MBEDTLS_THREADING_C
mbedtls_threading_mutex_t mbedtls_test_info_mutex;
#endif /* MBEDTLS_THREADING_C */
/*----------------------------------------------------------------------------*/
/* Mbedtls Test Info accessors
*
* NOTE - there are two types of accessors here: public accessors and internal
* accessors. The public accessors have prototypes in helpers.h and lock
* mbedtls_test_info_mutex (if mutexes are enabled). The _internal accessors,
* which are expected to be used from this module *only*, do not lock the mutex.
* These are designed to be called from within public functions which already
* hold the mutex. The main reason for this difference is the need to set
* multiple test data values atomically (without releasing the mutex) to prevent
* race conditions. */
mbedtls_test_result_t mbedtls_test_get_result(void)
{
mbedtls_test_result_t result;
#ifdef MBEDTLS_THREADING_C
mbedtls_mutex_lock(&mbedtls_test_info_mutex);
#endif /* MBEDTLS_THREADING_C */
result = mbedtls_test_info.result;
#ifdef MBEDTLS_THREADING_C
mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
#endif /* MBEDTLS_THREADING_C */
return result;
}
static void mbedtls_test_set_result_internal(mbedtls_test_result_t result, const char *test,
int line_no, const char *filename)
{
/* Internal function only - mbedtls_test_info_mutex should be held prior
* to calling this function. */
mbedtls_test_info.result = result;
mbedtls_test_info.test = test;
mbedtls_test_info.line_no = line_no;
mbedtls_test_info.filename = filename;
}
const char *mbedtls_test_get_test(void)
{
const char *test;
#ifdef MBEDTLS_THREADING_C
mbedtls_mutex_lock(&mbedtls_test_info_mutex);
#endif /* MBEDTLS_THREADING_C */
test = mbedtls_test_info.test;
#ifdef MBEDTLS_THREADING_C
mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
#endif /* MBEDTLS_THREADING_C */
return test;
}
const char *mbedtls_get_test_filename(void)
{
const char *filename;
#ifdef MBEDTLS_THREADING_C
mbedtls_mutex_lock(&mbedtls_test_info_mutex);
#endif /* MBEDTLS_THREADING_C */
/* It should be ok just to pass back the pointer here, as it is going to
* be a pointer into non changing data. */
filename = mbedtls_test_info.filename;
#ifdef MBEDTLS_THREADING_C
mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
#endif /* MBEDTLS_THREADING_C */
return filename;
}
int mbedtls_test_get_line_no(void)
{
int line_no;
#ifdef MBEDTLS_THREADING_C
mbedtls_mutex_lock(&mbedtls_test_info_mutex);
#endif /* MBEDTLS_THREADING_C */
line_no = mbedtls_test_info.line_no;
#ifdef MBEDTLS_THREADING_C
mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
#endif /* MBEDTLS_THREADING_C */
return line_no;
}
void mbedtls_test_increment_step(void)
{
#ifdef MBEDTLS_THREADING_C
mbedtls_mutex_lock(&mbedtls_test_info_mutex);
#endif /* MBEDTLS_THREADING_C */
++mbedtls_test_info.step;
#ifdef MBEDTLS_THREADING_C
mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
#endif /* MBEDTLS_THREADING_C */
}
unsigned long mbedtls_test_get_step(void)
{
unsigned long step;
#ifdef MBEDTLS_THREADING_C
mbedtls_mutex_lock(&mbedtls_test_info_mutex);
#endif /* MBEDTLS_THREADING_C */
step = mbedtls_test_info.step;
#ifdef MBEDTLS_THREADING_C
mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
#endif /* MBEDTLS_THREADING_C */
return step;
}
static void mbedtls_test_reset_step_internal(void)
{
/* Internal function only - mbedtls_test_info_mutex should be held prior
* to calling this function. */
mbedtls_test_info.step = (unsigned long) (-1);
}
void mbedtls_test_set_step(unsigned long step)
{
#ifdef MBEDTLS_THREADING_C
mbedtls_mutex_lock(&mbedtls_test_info_mutex);
#endif /* MBEDTLS_THREADING_C */
mbedtls_test_info.step = step;
#ifdef MBEDTLS_THREADING_C
mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
#endif /* MBEDTLS_THREADING_C */
}
void mbedtls_test_get_line1(char *line)
{
#ifdef MBEDTLS_THREADING_C
mbedtls_mutex_lock(&mbedtls_test_info_mutex);
#endif /* MBEDTLS_THREADING_C */
memcpy(line, mbedtls_test_info.line1, MBEDTLS_TEST_LINE_LENGTH);
#ifdef MBEDTLS_THREADING_C
mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
#endif /* MBEDTLS_THREADING_C */
}
static void mbedtls_test_set_line1_internal(const char *line)
{
/* Internal function only - mbedtls_test_info_mutex should be held prior
* to calling this function. */
if (line == NULL) {
memset(mbedtls_test_info.line1, 0, MBEDTLS_TEST_LINE_LENGTH);
} else {
memcpy(mbedtls_test_info.line1, line, MBEDTLS_TEST_LINE_LENGTH);
}
}
void mbedtls_test_get_line2(char *line)
{
#ifdef MBEDTLS_THREADING_C
mbedtls_mutex_lock(&mbedtls_test_info_mutex);
#endif /* MBEDTLS_THREADING_C */
memcpy(line, mbedtls_test_info.line2, MBEDTLS_TEST_LINE_LENGTH);
#ifdef MBEDTLS_THREADING_C
mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
#endif /* MBEDTLS_THREADING_C */
}
static void mbedtls_test_set_line2_internal(const char *line)
{
/* Internal function only - mbedtls_test_info_mutex should be held prior
* to calling this function. */
if (line == NULL) {
memset(mbedtls_test_info.line2, 0, MBEDTLS_TEST_LINE_LENGTH);
} else {
memcpy(mbedtls_test_info.line2, line, MBEDTLS_TEST_LINE_LENGTH);
}
}
#if defined(MBEDTLS_TEST_MUTEX_USAGE)
const char *mbedtls_test_get_mutex_usage_error(void)
{
const char *usage_error;
#ifdef MBEDTLS_THREADING_C
mbedtls_mutex_lock(&mbedtls_test_info_mutex);
#endif /* MBEDTLS_THREADING_C */
usage_error = mbedtls_test_info.mutex_usage_error;
#ifdef MBEDTLS_THREADING_C
mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
#endif /* MBEDTLS_THREADING_C */
return usage_error;
}
void mbedtls_test_set_mutex_usage_error(const char *msg)
{
#ifdef MBEDTLS_THREADING_C
mbedtls_mutex_lock(&mbedtls_test_info_mutex);
#endif /* MBEDTLS_THREADING_C */
if (mbedtls_test_info.mutex_usage_error == NULL || msg == NULL) {
mbedtls_test_info.mutex_usage_error = msg;
}
#ifdef MBEDTLS_THREADING_C
mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
#endif /* MBEDTLS_THREADING_C */
}
#endif // #if defined(MBEDTLS_TEST_MUTEX_USAGE)
#if defined(MBEDTLS_BIGNUM_C)
unsigned mbedtls_test_get_case_uses_negative_0(void)
{
unsigned test_case_uses_negative_0 = 0;
#ifdef MBEDTLS_THREADING_C
mbedtls_mutex_lock(&mbedtls_test_info_mutex);
#endif /* MBEDTLS_THREADING_C */
test_case_uses_negative_0 = mbedtls_test_info.case_uses_negative_0;
#ifdef MBEDTLS_THREADING_C
mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
#endif /* MBEDTLS_THREADING_C */
return test_case_uses_negative_0;
}
static void mbedtls_test_set_case_uses_negative_0_internal(unsigned uses)
{
/* Internal function only - mbedtls_test_info_mutex should be held prior
* to calling this function. */
mbedtls_test_info.case_uses_negative_0 = uses;
}
void mbedtls_test_increment_case_uses_negative_0(void)
{
#ifdef MBEDTLS_THREADING_C
mbedtls_mutex_lock(&mbedtls_test_info_mutex);
#endif /* MBEDTLS_THREADING_C */
++mbedtls_test_info.case_uses_negative_0;
#ifdef MBEDTLS_THREADING_C
mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
#endif /* MBEDTLS_THREADING_C */
}
#endif /* MBEDTLS_BIGNUM_C */
#ifdef MBEDTLS_TEST_MUTEX_USAGE
mbedtls_threading_mutex_t *mbedtls_test_get_info_mutex(void)
{
return &mbedtls_test_info_mutex;
}
#endif /* MBEDTLS_TEST_MUTEX_USAGE */
/*----------------------------------------------------------------------------*/
/* Helper Functions */
int mbedtls_test_platform_setup(void)
{
int ret = 0;
#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_PSA_CRYPTO_C) \
&& !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) \
&& defined(MBEDTLS_TEST_MEMORY_CAN_POISON)
mbedtls_poison_test_hooks_setup();
#endif
#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
/* Make sure that injected entropy is present. Otherwise
* psa_crypto_init() will fail. This is not necessary for test suites
* that don't use PSA, but it's harmless (except for leaving a file
* behind). */
ret = mbedtls_test_inject_entropy_restore();
if (ret != 0) {
return ret;
}
#endif
#if defined(MBEDTLS_PLATFORM_C)
ret = mbedtls_platform_setup(&platform_ctx);
#endif /* MBEDTLS_PLATFORM_C */
#ifdef MBEDTLS_THREADING_C
mbedtls_mutex_init(&mbedtls_test_info_mutex);
#endif /* MBEDTLS_THREADING_C */
#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C)
mbedtls_codepath_test_hooks_setup();
#endif /* MBEDTLS_TEST_HOOKS && !MBEDTLS_THREADING_C */
return ret;
}
void mbedtls_test_platform_teardown(void)
{
#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_PSA_CRYPTO_C) \
&& !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) \
&& defined(MBEDTLS_TEST_MEMORY_CAN_POISON)
mbedtls_poison_test_hooks_teardown();
#endif
#ifdef MBEDTLS_THREADING_C
mbedtls_mutex_free(&mbedtls_test_info_mutex);
#endif /* MBEDTLS_THREADING_C */
#if defined(MBEDTLS_PLATFORM_C)
mbedtls_platform_teardown(&platform_ctx);
#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C)
mbedtls_codepath_test_hooks_teardown();
#endif /* MBEDTLS_TEST_HOOKS && !MBEDTLS_THREADING_C */
}
int mbedtls_test_ascii2uc(const char c, unsigned char *uc)
{
if ((c >= '0') && (c <= '9')) {
*uc = c - '0';
} else if ((c >= 'a') && (c <= 'f')) {
*uc = c - 'a' + 10;
} else if ((c >= 'A') && (c <= 'F')) {
*uc = c - 'A' + 10;
} else {
return -1;
}
return 0;
}
static void mbedtls_test_fail_internal(const char *test, int line_no, const char *filename)
{
/* Internal function only - mbedtls_test_info_mutex should be held prior
* to calling this function. */
/* Don't use accessor, we already hold mutex. */
if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) {
/* If we have already recorded the test as having failed then don't
* overwrite any previous information about the failure. */
mbedtls_test_set_result_internal(MBEDTLS_TEST_RESULT_FAILED, test, line_no, filename);
}
}
void mbedtls_test_fail(const char *test, int line_no, const char *filename)
{
#ifdef MBEDTLS_THREADING_C
mbedtls_mutex_lock(&mbedtls_test_info_mutex);
#endif /* MBEDTLS_THREADING_C */
mbedtls_test_fail_internal(test, line_no, filename);
#ifdef MBEDTLS_THREADING_C
mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
#endif /* MBEDTLS_THREADING_C */
}
void mbedtls_test_skip(const char *test, int line_no, const char *filename)
{
#ifdef MBEDTLS_THREADING_C
mbedtls_mutex_lock(&mbedtls_test_info_mutex);
#endif /* MBEDTLS_THREADING_C */
mbedtls_test_set_result_internal(MBEDTLS_TEST_RESULT_SKIPPED, test, line_no, filename);
#ifdef MBEDTLS_THREADING_C
mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
#endif /* MBEDTLS_THREADING_C */
}
void mbedtls_test_info_reset(void)
{
#ifdef MBEDTLS_THREADING_C
mbedtls_mutex_lock(&mbedtls_test_info_mutex);
#endif /* MBEDTLS_THREADING_C */
mbedtls_test_set_result_internal(MBEDTLS_TEST_RESULT_SUCCESS, 0, 0, 0);
mbedtls_test_reset_step_internal();
mbedtls_test_set_line1_internal(NULL);
mbedtls_test_set_line2_internal(NULL);
#if defined(MBEDTLS_BIGNUM_C)
mbedtls_test_set_case_uses_negative_0_internal(0);
#endif
#ifdef MBEDTLS_THREADING_C
mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
#endif /* MBEDTLS_THREADING_C */
}
int mbedtls_test_equal(const char *test, int line_no, const char *filename,
unsigned long long value1, unsigned long long value2)
{
TEST_CF_PUBLIC(&value1, sizeof(value1));
TEST_CF_PUBLIC(&value2, sizeof(value2));
if (value1 == value2) {
return 1;
}
#ifdef MBEDTLS_THREADING_C
mbedtls_mutex_lock(&mbedtls_test_info_mutex);
#endif /* MBEDTLS_THREADING_C */
/* Don't use accessor, as we already hold mutex. */
if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) {
/* If we've already recorded the test as having failed then don't
* overwrite any previous information about the failure. */
char buf[MBEDTLS_TEST_LINE_LENGTH];
mbedtls_test_fail_internal(test, line_no, filename);
(void) mbedtls_snprintf(buf, sizeof(buf),
"lhs = 0x%016llx = %lld",
value1, (long long) value1);
mbedtls_test_set_line1_internal(buf);
(void) mbedtls_snprintf(buf, sizeof(buf),
"rhs = 0x%016llx = %lld",
value2, (long long) value2);
mbedtls_test_set_line2_internal(buf);
}
#ifdef MBEDTLS_THREADING_C
mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
#endif /* MBEDTLS_THREADING_C */
return 0;
}
int mbedtls_test_le_u(const char *test, int line_no, const char *filename,
unsigned long long value1, unsigned long long value2)
{
TEST_CF_PUBLIC(&value1, sizeof(value1));
TEST_CF_PUBLIC(&value2, sizeof(value2));
if (value1 <= value2) {
return 1;
}
#ifdef MBEDTLS_THREADING_C
mbedtls_mutex_lock(&mbedtls_test_info_mutex);
#endif /* MBEDTLS_THREADING_C */
/* Don't use accessor, we already hold mutex. */
if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) {
/* If we've already recorded the test as having failed then don't
* overwrite any previous information about the failure. */
char buf[MBEDTLS_TEST_LINE_LENGTH];
mbedtls_test_fail_internal(test, line_no, filename);
(void) mbedtls_snprintf(buf, sizeof(buf),
"lhs = 0x%016llx = %llu",
value1, value1);
mbedtls_test_set_line1_internal(buf);
(void) mbedtls_snprintf(buf, sizeof(buf),
"rhs = 0x%016llx = %llu",
value2, value2);
mbedtls_test_set_line2_internal(buf);
}
#ifdef MBEDTLS_THREADING_C
mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
#endif /* MBEDTLS_THREADING_C */
return 0;
}
int mbedtls_test_le_s(const char *test, int line_no, const char *filename,
long long value1, long long value2)
{
TEST_CF_PUBLIC(&value1, sizeof(value1));
TEST_CF_PUBLIC(&value2, sizeof(value2));
if (value1 <= value2) {
return 1;
}
#ifdef MBEDTLS_THREADING_C
mbedtls_mutex_lock(&mbedtls_test_info_mutex);
#endif /* MBEDTLS_THREADING_C */
/* Don't use accessor, we already hold mutex. */
if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) {
/* If we've already recorded the test as having failed then don't
* overwrite any previous information about the failure. */
char buf[MBEDTLS_TEST_LINE_LENGTH];
mbedtls_test_fail_internal(test, line_no, filename);
(void) mbedtls_snprintf(buf, sizeof(buf),
"lhs = 0x%016llx = %lld",
(unsigned long long) value1, value1);
mbedtls_test_set_line1_internal(buf);
(void) mbedtls_snprintf(buf, sizeof(buf),
"rhs = 0x%016llx = %lld",
(unsigned long long) value2, value2);
mbedtls_test_set_line2_internal(buf);
}
#ifdef MBEDTLS_THREADING_C
mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
#endif /* MBEDTLS_THREADING_C */
return 0;
}
int mbedtls_test_unhexify(unsigned char *obuf,
size_t obufmax,
const char *ibuf,
size_t *len)
{
unsigned char uc, uc2;
*len = strlen(ibuf);
/* Must be even number of bytes. */
if ((*len) & 1) {
return -1;
}
*len /= 2;
if ((*len) > obufmax) {
return -1;
}
while (*ibuf != 0) {
if (mbedtls_test_ascii2uc(*(ibuf++), &uc) != 0) {
return -1;
}
if (mbedtls_test_ascii2uc(*(ibuf++), &uc2) != 0) {
return -1;
}
*(obuf++) = (uc << 4) | uc2;
}
return 0;
}
void mbedtls_test_hexify(unsigned char *obuf,
const unsigned char *ibuf,
int len)
{
unsigned char l, h;
while (len != 0) {
h = *ibuf / 16;
l = *ibuf % 16;
if (h < 10) {
*obuf++ = '0' + h;
} else {
*obuf++ = 'a' + h - 10;
}
if (l < 10) {
*obuf++ = '0' + l;
} else {
*obuf++ = 'a' + l - 10;
}
++ibuf;
len--;
}
}
unsigned char *mbedtls_test_zero_alloc(size_t len)
{
void *p;
size_t actual_len = (len != 0) ? len : 1;
p = mbedtls_calloc(1, actual_len);
TEST_HELPER_ASSERT(p != NULL);
memset(p, 0x00, actual_len);
return p;
}
unsigned char *mbedtls_test_unhexify_alloc(const char *ibuf, size_t *olen)
{
unsigned char *obuf;
size_t len;
*olen = strlen(ibuf) / 2;
if (*olen == 0) {
return mbedtls_test_zero_alloc(*olen);
}
obuf = mbedtls_calloc(1, *olen);
TEST_HELPER_ASSERT(obuf != NULL);
TEST_HELPER_ASSERT(mbedtls_test_unhexify(obuf, *olen, ibuf, &len) == 0);
return obuf;
}
int mbedtls_test_hexcmp(uint8_t *a, uint8_t *b,
uint32_t a_len, uint32_t b_len)
{
int ret = 0;
uint32_t i = 0;
if (a_len != b_len) {
return -1;
}
for (i = 0; i < a_len; i++) {
if (a[i] != b[i]) {
ret = -1;
break;
}
}
return ret;
}
#if defined(MBEDTLS_TEST_HOOKS)
void mbedtls_test_err_add_check(int high, int low,
const char *file, int line)
{
/* Error codes are always negative (a value of zero is a success) however
* their positive opposites can be easier to understand. The following
* examples given in comments have been made positive for ease of
* understanding. The structure of an error code is such:
*
* shhhhhhhhlllllll
*
* s = sign bit.
* h = high level error code (includes high level module ID (bits 12..14)
* and module-dependent error code (bits 7..11)).
* l = low level error code.
*/
if (high > -0x1000 && high != 0) {
/* high < 0001000000000000
* No high level module ID bits are set.
*/
mbedtls_test_fail("'high' is not a high-level error code",
line, file);
} else if (high < -0x7F80) {
/* high > 0111111110000000
* Error code is greater than the largest allowed high level module ID.
*/
mbedtls_test_fail("'high' error code is greater than 15 bits",
line, file);
} else if ((high & 0x7F) != 0) {
/* high & 0000000001111111
* Error code contains low level error code bits.
*/
mbedtls_test_fail("'high' contains a low-level error code",
line, file);
} else if (low < -0x007F) {
/* low > 0000000001111111
* Error code contains high or module level error code bits.
*/
mbedtls_test_fail("'low' error code is greater than 7 bits",
line, file);
} else if (low > 0) {
mbedtls_test_fail("'low' error code is greater than zero",
line, file);
}
}
void (*mbedtls_test_hook_error_add)(int, int, const char *, int);
#endif /* MBEDTLS_TEST_HOOKS */

205
tests/src/psa_crypto_helpers.c
View File

@ -1,205 +0,0 @@
/** \file psa_crypto_helpers.c
*
* \brief Helper functions to test PSA crypto functionality.
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include <test/helpers.h>
#include <test/macros.h>
#include <psa_crypto_slot_management.h>
#include <test/psa_crypto_helpers.h>
#if defined(MBEDTLS_CTR_DRBG_C)
#include <mbedtls/ctr_drbg.h>
#endif
#if defined(MBEDTLS_PSA_CRYPTO_C)
#include <psa/crypto.h>
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
#include <psa_crypto_storage.h>
static mbedtls_svc_key_id_t key_ids_used_in_test[9];
static size_t num_key_ids_used;
int mbedtls_test_uses_key_id(mbedtls_svc_key_id_t key_id)
{
size_t i;
if (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key_id) >
PSA_MAX_PERSISTENT_KEY_IDENTIFIER) {
/* Don't touch key id values that designate non-key files. */
return 1;
}
for (i = 0; i < num_key_ids_used; i++) {
if (mbedtls_svc_key_id_equal(key_id, key_ids_used_in_test[i])) {
return 1;
}
}
if (num_key_ids_used == ARRAY_LENGTH(key_ids_used_in_test)) {
return 0;
}
key_ids_used_in_test[num_key_ids_used] = key_id;
++num_key_ids_used;
return 1;
}
void mbedtls_test_psa_purge_key_storage(void)
{
size_t i;
for (i = 0; i < num_key_ids_used; i++) {
psa_destroy_persistent_key(key_ids_used_in_test[i]);
}
num_key_ids_used = 0;
}
void mbedtls_test_psa_purge_key_cache(void)
{
size_t i;
for (i = 0; i < num_key_ids_used; i++) {
psa_purge_key(key_ids_used_in_test[i]);
}
}
#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
const char *mbedtls_test_helper_is_psa_leaking(void)
{
mbedtls_psa_stats_t stats;
mbedtls_psa_get_stats(&stats);
/* Some volatile slots may be used for internal purposes. Generally
* we'll have exactly MBEDTLS_TEST_PSA_INTERNAL_KEYS at this point,
* but in some cases we might have less, e.g. if a code path calls
* PSA_DONE more than once, or if there has only been a partial or
* failed initialization. */
if (stats.volatile_slots > MBEDTLS_TEST_PSA_INTERNAL_KEYS) {
return "A volatile slot has not been closed properly.";
}
if (stats.persistent_slots != 0) {
return "A persistent slot has not been closed properly.";
}
if (stats.external_slots != 0) {
return "An external slot has not been closed properly.";
}
if (stats.half_filled_slots != 0) {
return "A half-filled slot has not been cleared properly.";
}
if (stats.locked_slots != 0) {
return "Some slots are still marked as locked.";
}
return NULL;
}
#if defined(RECORD_PSA_STATUS_COVERAGE_LOG)
/** Name of the file where return statuses are logged by #RECORD_STATUS. */
#define STATUS_LOG_FILE_NAME "statuses.log"
psa_status_t mbedtls_test_record_status(psa_status_t status,
const char *func,
const char *file, int line,
const char *expr)
{
/* We open the log file on first use.
* We never close the log file, so the record_status feature is not
* compatible with resource leak detectors such as Asan.
*/
static FILE *log;
if (log == NULL) {
log = fopen(STATUS_LOG_FILE_NAME, "a");
}
fprintf(log, "%d:%s:%s:%d:%s\n", (int) status, func, file, line, expr);
return status;
}
#endif /* defined(RECORD_PSA_STATUS_COVERAGE_LOG) */
psa_key_usage_t mbedtls_test_update_key_usage_flags(psa_key_usage_t usage_flags)
{
psa_key_usage_t updated_usage = usage_flags;
if (usage_flags & PSA_KEY_USAGE_SIGN_HASH) {
updated_usage |= PSA_KEY_USAGE_SIGN_MESSAGE;
}
if (usage_flags & PSA_KEY_USAGE_VERIFY_HASH) {
updated_usage |= PSA_KEY_USAGE_VERIFY_MESSAGE;
}
return updated_usage;
}
int mbedtls_test_fail_if_psa_leaking(int line_no, const char *filename)
{
const char *msg = mbedtls_test_helper_is_psa_leaking();
if (msg == NULL) {
return 0;
} else {
mbedtls_test_fail(msg, line_no, filename);
return 1;
}
}
uint64_t mbedtls_test_parse_binary_string(data_t *bin_string)
{
uint64_t result = 0;
TEST_LE_U(bin_string->len, 8);
for (size_t i = 0; i < bin_string->len; i++) {
result = result << 8 | bin_string->x[i];
}
exit:
return result; /* returns 0 if len > 8 */
}
#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
#include <mbedtls/entropy.h>
#include <psa_crypto_its.h>
int mbedtls_test_inject_entropy_seed_read(unsigned char *buf, size_t len)
{
size_t actual_len = 0;
psa_status_t status = psa_its_get(PSA_CRYPTO_ITS_RANDOM_SEED_UID,
0, len, buf, &actual_len);
if (status != 0) {
return MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
}
if (actual_len != len) {
return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
}
return 0;
}
int mbedtls_test_inject_entropy_seed_write(unsigned char *buf, size_t len)
{
psa_status_t status = psa_its_set(PSA_CRYPTO_ITS_RANDOM_SEED_UID,
len, buf, 0);
if (status != 0) {
return MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
}
return 0;
}
int mbedtls_test_inject_entropy_restore(void)
{
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
for (size_t i = 0; i < sizeof(buf); i++) {
buf[i] = (unsigned char) i;
}
psa_status_t status = mbedtls_psa_inject_entropy(buf, sizeof(buf));
/* It's ok if the file was just created, or if it already exists. */
if (status != PSA_SUCCESS && status != PSA_ERROR_NOT_PERMITTED) {
return status;
}
return PSA_SUCCESS;
}
#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
#endif /* MBEDTLS_PSA_CRYPTO_C */

75
tests/src/psa_crypto_stubs.c
View File

@ -1,75 +0,0 @@
/** \file psa_crypto_stubs.c
*
* \brief Stub functions when MBEDTLS_PSA_CRYPTO_CLIENT is enabled but
* MBEDTLS_PSA_CRYPTO_C is disabled.
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include <psa/crypto.h>
#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
psa_status_t psa_generate_random(uint8_t *output,
size_t output_size)
{
(void) output;
(void) output_size;
return PSA_ERROR_COMMUNICATION_FAILURE;
}
psa_status_t psa_export_key(mbedtls_svc_key_id_t key,
uint8_t *data,
size_t data_size,
size_t *data_length)
{
(void) key;
(void) data;
(void) data_size;
(void) data_length;
return PSA_ERROR_COMMUNICATION_FAILURE;
}
psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key,
uint8_t *data,
size_t data_size,
size_t *data_length)
{
(void) key;
(void) data;
(void) data_size;
(void) data_length;
return PSA_ERROR_COMMUNICATION_FAILURE;
}
psa_status_t psa_get_key_attributes(mbedtls_svc_key_id_t key,
psa_key_attributes_t *attributes)
{
(void) key;
(void) attributes;
return PSA_ERROR_COMMUNICATION_FAILURE;
}
psa_status_t psa_hash_abort(psa_hash_operation_t *operation)
{
(void) operation;
return PSA_ERROR_COMMUNICATION_FAILURE;
}
psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
const uint8_t *data,
size_t data_length,
mbedtls_svc_key_id_t *key)
{
(void) attributes;
(void) data;
(void) data_length;
(void) key;
return PSA_ERROR_COMMUNICATION_FAILURE;
}
#endif /* MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C */

1384
tests/src/psa_exercise_key.c
View File

File diff suppressed because it is too large Load Diff

32
tests/src/psa_memory_poisoning_wrappers.c
View File

@ -1,32 +0,0 @@
/** Helper functions for memory poisoning in tests.
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include <test/memory.h>
#include <test/psa_memory_poisoning_wrappers.h>
#include "psa_crypto_invasive.h"
#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_PSA_CRYPTO_C) \
&& defined(MBEDTLS_TEST_MEMORY_CAN_POISON)
void mbedtls_poison_test_hooks_setup(void)
{
psa_input_pre_copy_hook = mbedtls_test_memory_unpoison;
psa_input_post_copy_hook = mbedtls_test_memory_poison;
psa_output_pre_copy_hook = mbedtls_test_memory_unpoison;
psa_output_post_copy_hook = mbedtls_test_memory_poison;
}
void mbedtls_poison_test_hooks_teardown(void)
{
psa_input_pre_copy_hook = NULL;
psa_input_post_copy_hook = NULL;
psa_output_pre_copy_hook = NULL;
psa_output_post_copy_hook = NULL;
}
#endif /* MBEDTLS_TEST_HOOKS && MBEDTLS_PSA_CRYPTO_C &&
MBEDTLS_TEST_MEMORY_CAN_POISON */

136
tests/src/random.c
View File

@ -1,136 +0,0 @@
/**
* \file random.c
*
* \brief This file contains the helper functions to generate random numbers
* for the purpose of testing.
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
* for arc4random_buf() from <stdlib.h>
*/
#if defined(__NetBSD__)
#define _NETBSD_SOURCE 1
#elif defined(__OpenBSD__)
#define _BSD_SOURCE 1
#endif
#include <test/macros.h>
#include <test/random.h>
#include <string.h>
#include <mbedtls/entropy.h>
#include <alignment.h>
int mbedtls_test_rnd_std_rand(void *rng_state,
unsigned char *output,
size_t len)
{
#if !defined(__OpenBSD__) && !defined(__NetBSD__)
size_t i;
if (rng_state != NULL) {
rng_state = NULL;
}
for (i = 0; i < len; ++i) {
output[i] = rand();
}
#else
if (rng_state != NULL) {
rng_state = NULL;
}
arc4random_buf(output, len);
#endif /* !OpenBSD && !NetBSD */
return 0;
}
int mbedtls_test_rnd_zero_rand(void *rng_state,
unsigned char *output,
size_t len)
{
if (rng_state != NULL) {
rng_state = NULL;
}
memset(output, 0, len);
return 0;
}
int mbedtls_test_rnd_buffer_rand(void *rng_state,
unsigned char *output,
size_t len)
{
mbedtls_test_rnd_buf_info *info = (mbedtls_test_rnd_buf_info *) rng_state;
size_t use_len;
if (rng_state == NULL) {
return mbedtls_test_rnd_std_rand(NULL, output, len);
}
use_len = len;
if (len > info->length) {
use_len = info->length;
}
if (use_len) {
memcpy(output, info->buf, use_len);
info->buf += use_len;
info->length -= use_len;
}
if (len - use_len > 0) {
if (info->fallback_f_rng != NULL) {
return info->fallback_f_rng(info->fallback_p_rng,
output + use_len,
len - use_len);
} else {
return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
}
}
return 0;
}
int mbedtls_test_rnd_pseudo_rand(void *rng_state,
unsigned char *output,
size_t len)
{
mbedtls_test_rnd_pseudo_info *info =
(mbedtls_test_rnd_pseudo_info *) rng_state;
uint32_t i, *k, sum, delta = 0x9E3779B9;
unsigned char result[4], *out = output;
if (rng_state == NULL) {
return mbedtls_test_rnd_std_rand(NULL, output, len);
}
k = info->key;
while (len > 0) {
size_t use_len = (len > 4) ? 4 : len;
sum = 0;
for (i = 0; i < 32; i++) {
info->v0 += (((info->v1 << 4) ^ (info->v1 >> 5))
+ info->v1) ^ (sum + k[sum & 3]);
sum += delta;
info->v1 += (((info->v0 << 4) ^ (info->v0 >> 5))
+ info->v0) ^ (sum + k[(sum>>11) & 3]);
}
MBEDTLS_PUT_UINT32_BE(info->v0, result, 0);
memcpy(out, result, use_len);
len -= use_len;
out += 4;
}
return 0;
}

60
tests/src/test_memory.c
View File

@ -1,60 +0,0 @@
/**
* \file memory.c
*
* \brief Helper functions related to testing memory management.
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include <test/helpers.h>
#include <test/macros.h>
#include <test/memory.h>
#if defined(MBEDTLS_TEST_MEMORY_CAN_POISON)
#include <sanitizer/asan_interface.h>
#include <stdint.h>
#endif
#if defined(MBEDTLS_TEST_MEMORY_CAN_POISON)
_Thread_local unsigned int mbedtls_test_memory_poisoning_count = 0;
static void align_for_asan(const unsigned char **p_ptr, size_t *p_size)
{
uintptr_t start = (uintptr_t) *p_ptr;
uintptr_t end = start + (uintptr_t) *p_size;
/* ASan can only poison regions with 8-byte alignment, and only poisons a
* region if it's fully within the requested range. We want to poison the
* whole requested region and don't mind a few extra bytes. Therefore,
* align start down to an 8-byte boundary, and end up to an 8-byte
* boundary. */
start = start & ~(uintptr_t) 7;
end = (end + 7) & ~(uintptr_t) 7;
*p_ptr = (const unsigned char *) start;
*p_size = end - start;
}
void mbedtls_test_memory_poison(const unsigned char *ptr, size_t size)
{
if (mbedtls_test_memory_poisoning_count == 0) {
return;
}
if (size == 0) {
return;
}
align_for_asan(&ptr, &size);
__asan_poison_memory_region(ptr, size);
}
void mbedtls_test_memory_unpoison(const unsigned char *ptr, size_t size)
{
if (size == 0) {
return;
}
align_for_asan(&ptr, &size);
__asan_unpoison_memory_region(ptr, size);
}
#endif /* Memory poisoning */

354
tests/src/threading_helpers.c
View File

@ -1,354 +0,0 @@
/** Mutex usage verification framework. */
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include <test/helpers.h>
#include <test/threading_helpers.h>
#include <test/macros.h>
#include "mbedtls/threading.h"
#if defined(MBEDTLS_THREADING_C)
#if defined(MBEDTLS_THREADING_PTHREAD)
static int threading_thread_create_pthread(mbedtls_test_thread_t *thread, void *(*thread_func)(
void *), void *thread_data)
{
if (thread == NULL || thread_func == NULL) {
return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA;
}
if (pthread_create(&thread->thread, NULL, thread_func, thread_data)) {
return MBEDTLS_ERR_THREADING_THREAD_ERROR;
}
return 0;
}
static int threading_thread_join_pthread(mbedtls_test_thread_t *thread)
{
if (thread == NULL) {
return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA;
}
if (pthread_join(thread->thread, NULL) != 0) {
return MBEDTLS_ERR_THREADING_THREAD_ERROR;
}
return 0;
}
int (*mbedtls_test_thread_create)(mbedtls_test_thread_t *thread, void *(*thread_func)(void *),
void *thread_data) = threading_thread_create_pthread;
int (*mbedtls_test_thread_join)(mbedtls_test_thread_t *thread) = threading_thread_join_pthread;
#endif /* MBEDTLS_THREADING_PTHREAD */
#if defined(MBEDTLS_THREADING_ALT)
static int threading_thread_create_fail(mbedtls_test_thread_t *thread,
void *(*thread_func)(void *),
void *thread_data)
{
(void) thread;
(void) thread_func;
(void) thread_data;
return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA;
}
static int threading_thread_join_fail(mbedtls_test_thread_t *thread)
{
(void) thread;
return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA;
}
int (*mbedtls_test_thread_create)(mbedtls_test_thread_t *thread, void *(*thread_func)(void *),
void *thread_data) = threading_thread_create_fail;
int (*mbedtls_test_thread_join)(mbedtls_test_thread_t *thread) = threading_thread_join_fail;
#endif /* MBEDTLS_THREADING_ALT */
#if defined(MBEDTLS_TEST_MUTEX_USAGE)
#include "mbedtls/threading.h"
/** Mutex usage verification framework.
*
* The mutex usage verification code below aims to detect bad usage of
* Mbed TLS's mutex abstraction layer at runtime. Note that this is solely
* about the use of the mutex itself, not about checking whether the mutex
* correctly protects whatever it is supposed to protect.
*
* The normal usage of a mutex is:
* ```
* digraph mutex_states {
* "UNINITIALIZED"; // the initial state
* "IDLE";
* "FREED";
* "LOCKED";
* "UNINITIALIZED" -> "IDLE" [label="init"];
* "FREED" -> "IDLE" [label="init"];
* "IDLE" -> "LOCKED" [label="lock"];
* "LOCKED" -> "IDLE" [label="unlock"];
* "IDLE" -> "FREED" [label="free"];
* }
* ```
*
* All bad transitions that can be unambiguously detected are reported.
* An attempt to use an uninitialized mutex cannot be detected in general
* since the memory content may happen to denote a valid state. For the same
* reason, a double init cannot be detected.
* All-bits-zero is the state of a freed mutex, which is distinct from an
* initialized mutex, so attempting to use zero-initialized memory as a mutex
* without calling the init function is detected.
*
* The framework attempts to detect missing calls to init and free by counting
* calls to init and free. If there are more calls to init than free, this
* means that a mutex is not being freed somewhere, which is a memory leak
* on platforms where a mutex consumes resources other than the
* mbedtls_threading_mutex_t object itself. If there are more calls to free
* than init, this indicates a missing init, which is likely to be detected
* by an attempt to lock the mutex as well. A limitation of this framework is
* that it cannot detect scenarios where there is exactly the same number of
* calls to init and free but the calls don't match. A bug like this is
* unlikely to happen uniformly throughout the whole test suite though.
*
* If an error is detected, this framework will report what happened and the
* test case will be marked as failed. Unfortunately, the error report cannot
* indicate the exact location of the problematic call. To locate the error,
* use a debugger and set a breakpoint on mbedtls_test_mutex_usage_error().
*/
enum value_of_mutex_state_field {
/* Potential values for the state field of mbedtls_threading_mutex_t.
* Note that MUTEX_FREED must be 0 and MUTEX_IDLE must be 1 for
* compatibility with threading_mutex_init_pthread() and
* threading_mutex_free_pthread(). MUTEX_LOCKED could be any nonzero
* value. */
MUTEX_FREED = 0, //! < Set by mbedtls_test_wrap_mutex_free
MUTEX_IDLE = 1, //! < Set by mbedtls_test_wrap_mutex_init and by mbedtls_test_wrap_mutex_unlock
MUTEX_LOCKED = 2, //! < Set by mbedtls_test_wrap_mutex_lock
};
typedef struct {
void (*init)(mbedtls_threading_mutex_t *);
void (*free)(mbedtls_threading_mutex_t *);
int (*lock)(mbedtls_threading_mutex_t *);
int (*unlock)(mbedtls_threading_mutex_t *);
} mutex_functions_t;
static mutex_functions_t mutex_functions;
/**
* The mutex used to guard live_mutexes below and access to the status variable
* in every mbedtls_threading_mutex_t.
* Note that we are not reporting any errors when locking and unlocking this
* mutex. This is for a couple of reasons:
*
* 1. We have no real way of reporting any errors with this mutex - we cannot
* report it back to the caller, as the failure was not that of the mutex
* passed in. We could fail the test, but again this would indicate a problem
* with the test code that did not exist.
*
* 2. Any failure to lock is unlikely to be intermittent, and will thus not
* give false test results - the overall result would be to turn off the
* testing. This is not a situation that is likely to happen with normal
* testing and we still have TSan to fall back on should this happen.
*/
mbedtls_threading_mutex_t mbedtls_test_mutex_mutex;
/**
* The total number of calls to mbedtls_mutex_init(), minus the total number
* of calls to mbedtls_mutex_free().
*
* Do not read or write without holding mbedtls_test_mutex_mutex (above). Reset
* to 0 after each test case.
*/
static int live_mutexes;
static void mbedtls_test_mutex_usage_error(mbedtls_threading_mutex_t *mutex,
const char *msg)
{
(void) mutex;
mbedtls_test_set_mutex_usage_error(msg);
mbedtls_fprintf(stdout, "[mutex: %s] ", msg);
/* Don't mark the test as failed yet. This way, if the test fails later
* for a functional reason, the test framework will report the message
* and location for this functional reason. If the test passes,
* mbedtls_test_mutex_usage_check() will mark it as failed. */
}
static int mbedtls_test_mutex_can_test(mbedtls_threading_mutex_t *mutex)
{
/* If we attempt to run tests on this mutex then we are going to run into a
* couple of problems:
* 1. If any test on this mutex fails, we are going to deadlock when
* reporting that failure, as we already hold the mutex at that point.
* 2. Given the 'global' position of the initialization and free of this
* mutex, it will be shown as leaked on the first test run. */
if (mutex == mbedtls_test_get_info_mutex()) {
return 0;
}
return 1;
}
static void mbedtls_test_wrap_mutex_init(mbedtls_threading_mutex_t *mutex)
{
mutex_functions.init(mutex);
if (mbedtls_test_mutex_can_test(mutex)) {
if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) {
mutex->state = MUTEX_IDLE;
++live_mutexes;
mutex_functions.unlock(&mbedtls_test_mutex_mutex);
}
}
}
static void mbedtls_test_wrap_mutex_free(mbedtls_threading_mutex_t *mutex)
{
if (mbedtls_test_mutex_can_test(mutex)) {
if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) {
switch (mutex->state) {
case MUTEX_FREED:
mbedtls_test_mutex_usage_error(mutex, "free without init or double free");
break;
case MUTEX_IDLE:
mutex->state = MUTEX_FREED;
--live_mutexes;
break;
case MUTEX_LOCKED:
mbedtls_test_mutex_usage_error(mutex, "free without unlock");
break;
default:
mbedtls_test_mutex_usage_error(mutex, "corrupted state");
break;
}
mutex_functions.unlock(&mbedtls_test_mutex_mutex);
}
}
mutex_functions.free(mutex);
}
static int mbedtls_test_wrap_mutex_lock(mbedtls_threading_mutex_t *mutex)
{
/* Lock the passed in mutex first, so that the only way to change the state
* is to hold the passed in and internal mutex - otherwise we create a race
* condition. */
int ret = mutex_functions.lock(mutex);
if (mbedtls_test_mutex_can_test(mutex)) {
if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) {
switch (mutex->state) {
case MUTEX_FREED:
mbedtls_test_mutex_usage_error(mutex, "lock without init");
break;
case MUTEX_IDLE:
if (ret == 0) {
mutex->state = MUTEX_LOCKED;
}
break;
case MUTEX_LOCKED:
mbedtls_test_mutex_usage_error(mutex, "double lock");
break;
default:
mbedtls_test_mutex_usage_error(mutex, "corrupted state");
break;
}
mutex_functions.unlock(&mbedtls_test_mutex_mutex);
}
}
return ret;
}
static int mbedtls_test_wrap_mutex_unlock(mbedtls_threading_mutex_t *mutex)
{
/* Lock the internal mutex first and change state, so that the only way to
* change the state is to hold the passed in and internal mutex - otherwise
* we create a race condition. */
if (mbedtls_test_mutex_can_test(mutex)) {
if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) {
switch (mutex->state) {
case MUTEX_FREED:
mbedtls_test_mutex_usage_error(mutex, "unlock without init");
break;
case MUTEX_IDLE:
mbedtls_test_mutex_usage_error(mutex, "unlock without lock");
break;
case MUTEX_LOCKED:
mutex->state = MUTEX_IDLE;
break;
default:
mbedtls_test_mutex_usage_error(mutex, "corrupted state");
break;
}
mutex_functions.unlock(&mbedtls_test_mutex_mutex);
}
}
return mutex_functions.unlock(mutex);
}
void mbedtls_test_mutex_usage_init(void)
{
mutex_functions.init = mbedtls_mutex_init;
mutex_functions.free = mbedtls_mutex_free;
mutex_functions.lock = mbedtls_mutex_lock;
mutex_functions.unlock = mbedtls_mutex_unlock;
mbedtls_mutex_init = &mbedtls_test_wrap_mutex_init;
mbedtls_mutex_free = &mbedtls_test_wrap_mutex_free;
mbedtls_mutex_lock = &mbedtls_test_wrap_mutex_lock;
mbedtls_mutex_unlock = &mbedtls_test_wrap_mutex_unlock;
mutex_functions.init(&mbedtls_test_mutex_mutex);
}
void mbedtls_test_mutex_usage_check(void)
{
if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) {
if (live_mutexes != 0) {
/* A positive number (more init than free) means that a mutex resource
* is leaking (on platforms where a mutex consumes more than the
* mbedtls_threading_mutex_t object itself). The (hopefully) rare
* case of a negative number means a missing init somewhere. */
mbedtls_fprintf(stdout, "[mutex: %d leaked] ", live_mutexes);
live_mutexes = 0;
mbedtls_test_set_mutex_usage_error("missing free");
}
if (mbedtls_test_get_mutex_usage_error() != NULL &&
mbedtls_test_get_result() != MBEDTLS_TEST_RESULT_FAILED) {
/* Functionally, the test passed. But there was a mutex usage error,
* so mark the test as failed after all. */
mbedtls_test_fail("Mutex usage error", __LINE__, __FILE__);
}
mbedtls_test_set_mutex_usage_error(NULL);
mutex_functions.unlock(&mbedtls_test_mutex_mutex);
}
}
void mbedtls_test_mutex_usage_end(void)
{
mbedtls_mutex_init = mutex_functions.init;
mbedtls_mutex_free = mutex_functions.free;
mbedtls_mutex_lock = mutex_functions.lock;
mbedtls_mutex_unlock = mutex_functions.unlock;
mutex_functions.free(&mbedtls_test_mutex_mutex);
}
#endif /* MBEDTLS_TEST_MUTEX_USAGE */
#endif /* MBEDTLS_THREADING_C */