From 2091f3afb7309d5788c2dfa79c14fe6c39587f0f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 12 Feb 2021 23:34:01 +0100 Subject: [PATCH 01/23] Fix wrong \file name in Doxygen comments Signed-off-by: Gilles Peskine --- library/md.c | 2 +- tests/src/fake_external_rng_for_test.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/library/md.c b/library/md.c index de77b164b5..a10a835634 100644 --- a/library/md.c +++ b/library/md.c @@ -1,5 +1,5 @@ /** - * \file mbedtls_md.c + * \file md.c * * \brief Generic message digest wrapper for mbed TLS * diff --git a/tests/src/fake_external_rng_for_test.c b/tests/src/fake_external_rng_for_test.c index 98b3fe0610..9c2195bf0c 100644 --- a/tests/src/fake_external_rng_for_test.c +++ b/tests/src/fake_external_rng_for_test.c @@ -1,4 +1,4 @@ -/** \file psa_crypto_helpers.c +/** \file fake_external_rng_for_test.c * * \brief Helper functions to test PSA crypto functionality. */ From 66e7b903ce2b31039bd8b552a0d71436e4037c3a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 12 Feb 2021 23:40:58 +0100 Subject: [PATCH 02/23] Create a separate test module for PSA exercise_key The code will be moved in a subsequent commit. Signed-off-by: Gilles Peskine --- tests/include/test/psa_exercise_key.h | 30 ++++++++++++++++++++++++++ tests/src/psa_exercise_key.c | 31 +++++++++++++++++++++++++++ visualc/VS2010/mbedTLS.vcxproj | 2 ++ 3 files changed, 63 insertions(+) create mode 100644 tests/include/test/psa_exercise_key.h create mode 100644 tests/src/psa_exercise_key.c diff --git a/tests/include/test/psa_exercise_key.h b/tests/include/test/psa_exercise_key.h new file mode 100644 index 0000000000..d4a0ea65f2 --- /dev/null +++ b/tests/include/test/psa_exercise_key.h @@ -0,0 +1,30 @@ +/** Code to exercise a PSA key object, i.e. validate that it seems well-formed + * and can do what it is supposed to do. + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef PSA_EXERCISE_KEY_H +#define PSA_EXERCISE_KEY_H + +#include "test/helpers.h" +#include "test/psa_crypto_helpers.h" + +#include + + +#endif /* PSA_EXERCISE_KEY_H */ diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c new file mode 100644 index 0000000000..78e46d9e6a --- /dev/null +++ b/tests/src/psa_exercise_key.c @@ -0,0 +1,31 @@ +/** Code to exercise a PSA key object, i.e. validate that it seems well-formed + * and can do what it is supposed to do. + */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include + +#if defined(MBEDTLS_PSA_CRYPTO_C) + +#include + + +#endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index da026d953a..36ad7652ec 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -237,6 +237,7 @@ + @@ -357,6 +358,7 @@ + From c18e25f6dfb1e95e9fff9d086a18d455b1d8139d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 12 Feb 2021 23:48:20 +0100 Subject: [PATCH 03/23] Prepare to move exercise_key and friends to their own module Rename functions to mbedtls_test_psa_xxx if they're going to be exported. Declare functions as static if they're aren't meant to be called directly from test code. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_psa_crypto.function | 139 ++++++++++---------- 1 file changed, 71 insertions(+), 68 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 93f41b56de..b172da6a96 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -103,17 +103,11 @@ static const size_t INVALID_EXPORT_LENGTH = ~0U; #endif #if defined(MBEDTLS_PSA_CRYPTO_SE_C) -int lifetime_is_dynamic_secure_element( psa_key_lifetime_t lifetime ) +static int lifetime_is_dynamic_secure_element( psa_key_lifetime_t lifetime ) { return( PSA_KEY_LIFETIME_GET_LOCATION( lifetime ) != PSA_KEY_LOCATION_LOCAL_STORAGE ); } -#else -int lifetime_is_secure_element( psa_key_lifetime_t lifetime ) -{ - (void) lifetime; - return( 0 ); -} #endif /** Test if a buffer contains a constant byte value. @@ -222,7 +216,7 @@ static int construct_fake_rsa_key( unsigned char *buffer, return( len ); } -int check_key_attributes_sanity( mbedtls_svc_key_id_t key ) +static int check_key_attributes_sanity( mbedtls_svc_key_id_t key ) { int ok = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -616,12 +610,13 @@ exit: return( 0 ); } -static int setup_key_derivation_wrap( psa_key_derivation_operation_t* operation, - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - unsigned char* input1, size_t input1_length, - unsigned char* input2, size_t input2_length, - size_t capacity ) +int mbedtls_test_psa_setup_key_derivation_wrap( + psa_key_derivation_operation_t* operation, + mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + unsigned char* input1, size_t input1_length, + unsigned char* input2, size_t input2_length, + size_t capacity ) { PSA_ASSERT( psa_key_derivation_setup( operation, alg ) ); if( PSA_ALG_IS_HKDF( alg ) ) @@ -679,9 +674,10 @@ static int exercise_key_derivation_key( mbedtls_svc_key_id_t key, if( usage & PSA_KEY_USAGE_DERIVE ) { - if( !setup_key_derivation_wrap( &operation, key, alg, - input1, input1_length, - input2, input2_length, capacity ) ) + if( !mbedtls_test_psa_setup_key_derivation_wrap( &operation, key, alg, + input1, input1_length, + input2, input2_length, + capacity ) ) goto exit; PSA_ASSERT( psa_key_derivation_output_bytes( &operation, @@ -698,7 +694,7 @@ exit: /* We need two keys to exercise key agreement. Exercise the * private key against its own public key. */ -static psa_status_t key_agreement_with_self( +psa_status_t mbedtls_test_psa_key_agreement_with_self( psa_key_derivation_operation_t *operation, mbedtls_svc_key_id_t key ) { @@ -738,8 +734,9 @@ exit: /* We need two keys to exercise key agreement. Exercise the * private key against its own public key. */ -static psa_status_t raw_key_agreement_with_self( psa_algorithm_t alg, - mbedtls_svc_key_id_t key ) +psa_status_t mbedtls_test_psa_raw_key_agreement_with_self( + psa_algorithm_t alg, + mbedtls_svc_key_id_t key ) { psa_key_type_t private_key_type; psa_key_type_t public_key_type; @@ -788,7 +785,7 @@ static int exercise_raw_key_agreement_key( mbedtls_svc_key_id_t key, { /* We need two keys to exercise key agreement. Exercise the * private key against its own public key. */ - PSA_ASSERT( raw_key_agreement_with_self( alg, key ) ); + PSA_ASSERT( mbedtls_test_psa_raw_key_agreement_with_self( alg, key ) ); } ok = 1; @@ -809,7 +806,7 @@ static int exercise_key_agreement_key( mbedtls_svc_key_id_t key, /* We need two keys to exercise key agreement. Exercise the * private key against its own public key. */ PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) ); - PSA_ASSERT( key_agreement_with_self( &operation, key ) ); + PSA_ASSERT( mbedtls_test_psa_key_agreement_with_self( &operation, key ) ); PSA_ASSERT( psa_key_derivation_output_bytes( &operation, output, sizeof( output ) ) ); @@ -865,8 +862,9 @@ exit: return( 0 ); } -static int exported_key_sanity_check( psa_key_type_t type, size_t bits, - uint8_t *exported, size_t exported_length ) +int mbedtls_test_psa_exported_key_sanity_check( + psa_key_type_t type, size_t bits, + uint8_t *exported, size_t exported_length ) { if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) ) TEST_EQUAL( exported_length, ( bits + 7 ) / 8 ); @@ -1049,9 +1047,9 @@ static int exercise_export_key( mbedtls_svc_key_id_t key, PSA_ASSERT( psa_export_key( key, exported, exported_size, &exported_length ) ); - ok = exported_key_sanity_check( psa_get_key_type( &attributes ), - psa_get_key_bits( &attributes ), - exported, exported_length ); + ok = mbedtls_test_psa_exported_key_sanity_check( + psa_get_key_type( &attributes ), psa_get_key_bits( &attributes ), + exported, exported_length ); exit: /* @@ -1097,9 +1095,9 @@ static int exercise_export_public_key( mbedtls_svc_key_id_t key ) PSA_ASSERT( psa_export_public_key( key, exported, exported_size, &exported_length ) ); - ok = exported_key_sanity_check( public_type, - psa_get_key_bits( &attributes ), - exported, exported_length ); + ok = mbedtls_test_psa_exported_key_sanity_check( + public_type, psa_get_key_bits( &attributes ), + exported, exported_length ); exit: /* @@ -1139,9 +1137,9 @@ exit: * \retval 0 The key failed the smoke tests. * \retval 1 The key passed the smoke tests. */ -static int exercise_key( mbedtls_svc_key_id_t key, - psa_key_usage_t usage, - psa_algorithm_t alg ) +int mbedtls_test_psa_exercise_key( mbedtls_svc_key_id_t key, + psa_key_usage_t usage, + psa_algorithm_t alg ) { int ok; @@ -1182,8 +1180,8 @@ static int exercise_key( mbedtls_svc_key_id_t key, return( ok ); } -static psa_key_usage_t usage_to_exercise( psa_key_type_t type, - psa_algorithm_t alg ) +psa_key_usage_t mbedtls_test_psa_usage_to_exercise( psa_key_type_t type, + psa_algorithm_t alg ) { if( PSA_ALG_IS_MAC( alg ) || PSA_ALG_IS_SIGN( alg ) ) { @@ -1715,7 +1713,7 @@ void import_and_exercise_key( data_t *data, psa_key_type_t type = type_arg; size_t bits = bits_arg; psa_algorithm_t alg = alg_arg; - psa_key_usage_t usage = usage_to_exercise( type, alg ); + psa_key_usage_t usage = mbedtls_test_psa_usage_to_exercise( type, alg ); psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -1734,7 +1732,7 @@ void import_and_exercise_key( data_t *data, TEST_EQUAL( psa_get_key_bits( &got_attributes ), bits ); /* Do something with the key according to its type and permitted usage. */ - if( ! exercise_key( key, usage, alg ) ) + if( ! mbedtls_test_psa_exercise_key( key, usage, alg ) ) goto exit; PSA_ASSERT( psa_destroy_key( key ) ); @@ -2187,7 +2185,7 @@ void agreement_key_policy( int policy_usage, &key ) ); PSA_ASSERT( psa_key_derivation_setup( &operation, exercise_alg ) ); - status = key_agreement_with_self( &operation, key ); + status = mbedtls_test_psa_key_agreement_with_self( &operation, key ); TEST_EQUAL( status, expected_status ); @@ -2224,9 +2222,9 @@ void key_policy_alg2( int key_type_arg, data_t *key_data, TEST_EQUAL( psa_get_key_algorithm( &got_attributes ), alg ); TEST_EQUAL( psa_get_key_enrollment_algorithm( &got_attributes ), alg2 ); - if( ! exercise_key( key, usage, alg ) ) + if( ! mbedtls_test_psa_exercise_key( key, usage, alg ) ) goto exit; - if( ! exercise_key( key, usage, alg2 ) ) + if( ! mbedtls_test_psa_exercise_key( key, usage, alg2 ) ) goto exit; exit: @@ -2265,7 +2263,7 @@ void raw_agreement_key_policy( int policy_usage, PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, &key ) ); - status = raw_key_agreement_with_self( exercise_alg, key ); + status = mbedtls_test_psa_raw_key_agreement_with_self( exercise_alg, key ); TEST_EQUAL( status, expected_status ); @@ -2348,9 +2346,9 @@ void copy_success( int source_usage_arg, ASSERT_COMPARE( material->x, material->len, export_buffer, length ); } - if( ! exercise_key( target_key, expected_usage, expected_alg ) ) + if( ! mbedtls_test_psa_exercise_key( target_key, expected_usage, expected_alg ) ) goto exit; - if( ! exercise_key( target_key, expected_usage, expected_alg2 ) ) + if( ! mbedtls_test_psa_exercise_key( target_key, expected_usage, expected_alg2 ) ) goto exit; PSA_ASSERT( psa_destroy_key( target_key ) ); @@ -4740,7 +4738,8 @@ void derive_input( int alg_arg, { // When taking a private key as secret input, use key agreement // to add the shared secret to the derivation - TEST_EQUAL( key_agreement_with_self( &operation, keys[i] ), + TEST_EQUAL( mbedtls_test_psa_key_agreement_with_self( + &operation, keys[i] ), expected_statuses[i] ); } else @@ -4815,10 +4814,10 @@ void test_derive_invalid_key_derivation_state( int alg_arg ) &key ) ); /* valid key derivation */ - if( !setup_key_derivation_wrap( &operation, key, alg, - input1, input1_length, - input2, input2_length, - capacity ) ) + if( !mbedtls_test_psa_setup_key_derivation_wrap( &operation, key, alg, + input1, input1_length, + input2, input2_length, + capacity ) ) goto exit; /* state of operation shouldn't allow additional generation */ @@ -5007,10 +5006,10 @@ void derive_full( int alg_arg, PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, &key ) ); - if( !setup_key_derivation_wrap( &operation, key, alg, - input1->x, input1->len, - input2->x, input2->len, - requested_capacity ) ) + if( !mbedtls_test_psa_setup_key_derivation_wrap( &operation, key, alg, + input1->x, input1->len, + input2->x, input2->len, + requested_capacity ) ) goto exit; PSA_ASSERT( psa_key_derivation_get_capacity( &operation, @@ -5076,9 +5075,10 @@ void derive_key_exercise( int alg_arg, &base_key ) ); /* Derive a key. */ - if ( setup_key_derivation_wrap( &operation, base_key, alg, - input1->x, input1->len, - input2->x, input2->len, capacity ) ) + if ( mbedtls_test_psa_setup_key_derivation_wrap( &operation, base_key, alg, + input1->x, input1->len, + input2->x, input2->len, + capacity ) ) goto exit; psa_set_key_usage_flags( &attributes, derived_usage ); @@ -5094,7 +5094,7 @@ void derive_key_exercise( int alg_arg, TEST_EQUAL( psa_get_key_bits( &got_attributes ), derived_bits ); /* Exercise the derived key. */ - if( ! exercise_key( derived_key, derived_usage, derived_alg ) ) + if( ! mbedtls_test_psa_exercise_key( derived_key, derived_usage, derived_alg ) ) goto exit; exit: @@ -5143,9 +5143,10 @@ void derive_key_export( int alg_arg, &base_key ) ); /* Derive some material and output it. */ - if( !setup_key_derivation_wrap( &operation, base_key, alg, - input1->x, input1->len, - input2->x, input2->len, capacity ) ) + if( !mbedtls_test_psa_setup_key_derivation_wrap( &operation, base_key, alg, + input1->x, input1->len, + input2->x, input2->len, + capacity ) ) goto exit; PSA_ASSERT( psa_key_derivation_output_bytes( &operation, @@ -5154,9 +5155,10 @@ void derive_key_export( int alg_arg, PSA_ASSERT( psa_key_derivation_abort( &operation ) ); /* Derive the same output again, but this time store it in key objects. */ - if( !setup_key_derivation_wrap( &operation, base_key, alg, - input1->x, input1->len, - input2->x, input2->len, capacity ) ) + if( !mbedtls_test_psa_setup_key_derivation_wrap( &operation, base_key, alg, + input1->x, input1->len, + input2->x, input2->len, + capacity ) ) goto exit; psa_set_key_usage_flags( &derived_attributes, PSA_KEY_USAGE_EXPORT ); @@ -5217,9 +5219,10 @@ void derive_key( int alg_arg, PSA_ASSERT( psa_import_key( &base_attributes, key_data->x, key_data->len, &base_key ) ); - if( !setup_key_derivation_wrap( &operation, base_key, alg, - input1->x, input1->len, - input2->x, input2->len, SIZE_MAX ) ) + if( !mbedtls_test_psa_setup_key_derivation_wrap( &operation, base_key, alg, + input1->x, input1->len, + input2->x, input2->len, + SIZE_MAX ) ) goto exit; psa_set_key_usage_flags( &derived_attributes, PSA_KEY_USAGE_EXPORT ); @@ -5535,7 +5538,7 @@ void generate_key( int type_arg, TEST_EQUAL( psa_get_key_bits( &got_attributes ), bits ); /* Do something with the key according to its type and permitted usage. */ - if( ! exercise_key( key, usage, alg ) ) + if( ! mbedtls_test_psa_exercise_key( key, usage, alg ) ) goto exit; exit: @@ -5607,7 +5610,7 @@ void generate_key_rsa( int bits_arg, ASSERT_COMPARE( e_read_buffer, e_read_length, e_arg->x, e_arg->len ); /* Do something with the key according to its type and permitted usage. */ - if( ! exercise_key( key, usage, alg ) ) + if( ! mbedtls_test_psa_exercise_key( key, usage, alg ) ) goto exit; /* Export the key and check the public exponent. */ @@ -5783,7 +5786,7 @@ void persistent_key_load_key_from_storage( data_t *data, } /* Do something with the key according to its type and permitted usage. */ - if( ! exercise_key( key, usage_flags, alg ) ) + if( ! mbedtls_test_psa_exercise_key( key, usage_flags, alg ) ) goto exit; exit: From ea38a926c16ea217f2af6b6bedb96aa5d62c76c8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 13 Feb 2021 00:05:16 +0100 Subject: [PATCH 04/23] Remove a redundant export step in import_export exercise_export_key() exports the key and does sanity checks on the result. Here we've already just exported the key, so just run the sanity checks. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_psa_crypto.function | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index b172da6a96..37cc5514a3 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -1607,7 +1607,11 @@ void import_export( data_t *data, goto destroy; } - if( ! exercise_export_key( key, usage_arg ) ) + /* Run sanity checks on the exported key. For non-canonical inputs, + * this validates the canonical representations. For canonical inputs, + * this doesn't directly validate the implementation, but it still helps + * by cross-validating the test data with the sanity check code. */ + if( ! mbedtls_test_psa_exercise_key( key, usage_arg, 0 ) ) goto exit; if( canonical_input ) From 57948369c49f1a78692bdd9494d678c129075d71 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 13 Feb 2021 00:14:28 +0100 Subject: [PATCH 05/23] Create a separate test module for ASN.1 test helper functions The code will be moved in a subsequent commit. Signed-off-by: Gilles Peskine --- tests/include/test/asn1_helpers.h | 26 ++++++++++++++++++++++++++ tests/src/asn1_helpers.c | 25 +++++++++++++++++++++++++ visualc/VS2010/mbedTLS.vcxproj | 2 ++ 3 files changed, 53 insertions(+) create mode 100644 tests/include/test/asn1_helpers.h create mode 100644 tests/src/asn1_helpers.c diff --git a/tests/include/test/asn1_helpers.h b/tests/include/test/asn1_helpers.h new file mode 100644 index 0000000000..ddcc0c9a6b --- /dev/null +++ b/tests/include/test/asn1_helpers.h @@ -0,0 +1,26 @@ +/** Helper functions for tests that manipulate ASN.1 data. + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef ASN1_HELPERS_H +#define ASN1_HELPERS_H + +#include "test/helpers.h" + + +#endif /* ASN1_HELPERS_H */ diff --git a/tests/src/asn1_helpers.c b/tests/src/asn1_helpers.c new file mode 100644 index 0000000000..6ffdca90a4 --- /dev/null +++ b/tests/src/asn1_helpers.c @@ -0,0 +1,25 @@ +/** \file asn1_helpers.c + * + * \brief Helper functions for tests that manipulate ASN.1 data. + */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include + diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index 36ad7652ec..c2051e6d67 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -232,6 +232,7 @@ + @@ -355,6 +356,7 @@ + From 8e94efe4ba7841ca83f85bc363488805e9eb2ec4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 13 Feb 2021 00:25:53 +0100 Subject: [PATCH 06/23] Move asn1_skip_integer to the asn1_helpers module Signed-off-by: Gilles Peskine --- tests/include/test/asn1_helpers.h | 24 +++++++ tests/src/asn1_helpers.c | 49 +++++++++++++++ tests/suites/test_suite_psa_crypto.function | 69 ++++----------------- 3 files changed, 86 insertions(+), 56 deletions(-) diff --git a/tests/include/test/asn1_helpers.h b/tests/include/test/asn1_helpers.h index ddcc0c9a6b..91ae260266 100644 --- a/tests/include/test/asn1_helpers.h +++ b/tests/include/test/asn1_helpers.h @@ -22,5 +22,29 @@ #include "test/helpers.h" +/** Skip past an INTEGER in an ASN.1 buffer. + * + * Mark the current test case as failed in any of the following conditions: + * - The buffer does not start with an ASN.1 INTEGER. + * - The integer's size or parity does not match the constraints expressed + * through \p min_bits, \p max_bits and \p must_be_odd. + * + * \param p Upon entry, `*p` points to the first byte of the + * buffer to parse. + * On successful return, `*p` points to the first byte + * after the parsed INTEGER. + * On failure, `*p` is unspecified. + * \param end The end of the ASN.1 buffer. + * \param min_bits Fail the test case if the integer does not have at + * least this many significant bits. + * \param max_bits Fail the test case if the integer has more than + * this many significant bits. + * \param must_be_odd Fail the test case if the integer is even. + * + * \return \c 0 if the test failed, otherwise 1. + */ +int mbedtls_test_asn1_skip_integer( unsigned char **p, const unsigned char *end, + size_t min_bits, size_t max_bits, + int must_be_odd ); #endif /* ASN1_HELPERS_H */ diff --git a/tests/src/asn1_helpers.c b/tests/src/asn1_helpers.c index 6ffdca90a4..79aa166ce6 100644 --- a/tests/src/asn1_helpers.c +++ b/tests/src/asn1_helpers.c @@ -23,3 +23,52 @@ #include #include +#if defined(MBEDTLS_ASN1_PARSE_C) + +#include + +int mbedtls_test_asn1_skip_integer( unsigned char **p, const unsigned char *end, + size_t min_bits, size_t max_bits, + int must_be_odd ) +{ + size_t len; + size_t actual_bits; + unsigned char msb; + TEST_EQUAL( mbedtls_asn1_get_tag( p, end, &len, + MBEDTLS_ASN1_INTEGER ), + 0 ); + + /* Check if the retrieved length doesn't extend the actual buffer's size. + * It is assumed here, that end >= p, which validates casting to size_t. */ + TEST_ASSERT( len <= (size_t)( end - *p) ); + + /* Tolerate a slight departure from DER encoding: + * - 0 may be represented by an empty string or a 1-byte string. + * - The sign bit may be used as a value bit. */ + if( ( len == 1 && ( *p )[0] == 0 ) || + ( len > 1 && ( *p )[0] == 0 && ( ( *p )[1] & 0x80 ) != 0 ) ) + { + ++( *p ); + --len; + } + if( min_bits == 0 && len == 0 ) + return( 1 ); + msb = ( *p )[0]; + TEST_ASSERT( msb != 0 ); + actual_bits = 8 * ( len - 1 ); + while( msb != 0 ) + { + msb >>= 1; + ++actual_bits; + } + TEST_ASSERT( actual_bits >= min_bits ); + TEST_ASSERT( actual_bits <= max_bits ); + if( must_be_odd ) + TEST_ASSERT( ( ( *p )[len-1] & 1 ) != 0 ); + *p += len; + return( 1 ); +exit: + return( 0 ); +} + +#endif /* MBEDTLS_ASN1_PARSE_C */ diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 37cc5514a3..f0b86476f7 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -12,6 +12,7 @@ #include "psa/crypto.h" #include "psa_crypto_slot_management.h" +#include "test/asn1_helpers.h" #include "test/psa_crypto_helpers.h" /** An invalid export length that will never be set by psa_export_key(). */ @@ -818,50 +819,6 @@ exit: return( ok ); } -int asn1_skip_integer( unsigned char **p, const unsigned char *end, - size_t min_bits, size_t max_bits, - int must_be_odd ) -{ - size_t len; - size_t actual_bits; - unsigned char msb; - TEST_EQUAL( mbedtls_asn1_get_tag( p, end, &len, - MBEDTLS_ASN1_INTEGER ), - 0 ); - - /* Check if the retrieved length doesn't extend the actual buffer's size. - * It is assumed here, that end >= p, which validates casting to size_t. */ - TEST_ASSERT( len <= (size_t)( end - *p) ); - - /* Tolerate a slight departure from DER encoding: - * - 0 may be represented by an empty string or a 1-byte string. - * - The sign bit may be used as a value bit. */ - if( ( len == 1 && ( *p )[0] == 0 ) || - ( len > 1 && ( *p )[0] == 0 && ( ( *p )[1] & 0x80 ) != 0 ) ) - { - ++( *p ); - --len; - } - if( min_bits == 0 && len == 0 ) - return( 1 ); - msb = ( *p )[0]; - TEST_ASSERT( msb != 0 ); - actual_bits = 8 * ( len - 1 ); - while( msb != 0 ) - { - msb >>= 1; - ++actual_bits; - } - TEST_ASSERT( actual_bits >= min_bits ); - TEST_ASSERT( actual_bits <= max_bits ); - if( must_be_odd ) - TEST_ASSERT( ( ( *p )[len-1] & 1 ) != 0 ); - *p += len; - return( 1 ); -exit: - return( 0 ); -} - int mbedtls_test_psa_exported_key_sanity_check( psa_key_type_t type, size_t bits, uint8_t *exported, size_t exported_length ) @@ -913,25 +870,25 @@ int mbedtls_test_psa_exported_key_sanity_check( MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED ), 0 ); TEST_EQUAL( p + len, end ); - if( ! asn1_skip_integer( &p, end, 0, 0, 0 ) ) + if( ! mbedtls_test_asn1_skip_integer( &p, end, 0, 0, 0 ) ) goto exit; - if( ! asn1_skip_integer( &p, end, bits, bits, 1 ) ) + if( ! mbedtls_test_asn1_skip_integer( &p, end, bits, bits, 1 ) ) goto exit; - if( ! asn1_skip_integer( &p, end, 2, bits, 1 ) ) + if( ! mbedtls_test_asn1_skip_integer( &p, end, 2, bits, 1 ) ) goto exit; /* Require d to be at least half the size of n. */ - if( ! asn1_skip_integer( &p, end, bits / 2, bits, 1 ) ) + if( ! mbedtls_test_asn1_skip_integer( &p, end, bits / 2, bits, 1 ) ) goto exit; /* Require p and q to be at most half the size of n, rounded up. */ - if( ! asn1_skip_integer( &p, end, bits / 2, bits / 2 + 1, 1 ) ) + if( ! mbedtls_test_asn1_skip_integer( &p, end, bits / 2, bits / 2 + 1, 1 ) ) goto exit; - if( ! asn1_skip_integer( &p, end, bits / 2, bits / 2 + 1, 1 ) ) + if( ! mbedtls_test_asn1_skip_integer( &p, end, bits / 2, bits / 2 + 1, 1 ) ) goto exit; - if( ! asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) ) + if( ! mbedtls_test_asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) ) goto exit; - if( ! asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) ) + if( ! mbedtls_test_asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) ) goto exit; - if( ! asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) ) + if( ! mbedtls_test_asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) ) goto exit; TEST_EQUAL( p, end ); } @@ -964,9 +921,9 @@ int mbedtls_test_psa_exported_key_sanity_check( MBEDTLS_ASN1_CONSTRUCTED ), 0 ); TEST_EQUAL( p + len, end ); - if( ! asn1_skip_integer( &p, end, bits, bits, 1 ) ) + if( ! mbedtls_test_asn1_skip_integer( &p, end, bits, bits, 1 ) ) goto exit; - if( ! asn1_skip_integer( &p, end, 2, bits, 1 ) ) + if( ! mbedtls_test_asn1_skip_integer( &p, end, 2, bits, 1 ) ) goto exit; TEST_EQUAL( p, end ); } @@ -5632,7 +5589,7 @@ void generate_key_rsa( int bits_arg, TEST_EQUAL( 0, mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED ) ); - TEST_ASSERT( asn1_skip_integer( &p, end, bits, bits, 1 ) ); + TEST_ASSERT( mbedtls_test_asn1_skip_integer( &p, end, bits, bits, 1 ) ); TEST_EQUAL( 0, mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_INTEGER ) ); if( len >= 1 && p[0] == 0 ) From e78b00210a2eb4ca395cd4c1a46e568f0194a4f9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 13 Feb 2021 00:41:11 +0100 Subject: [PATCH 07/23] Move exercise_key and related functions to their own module Move mbedtls_test_psa_exercise_key() (formerly exercise_key()) and related functions to its own module. Export the few auxiliary functions that are also called directly. Signed-off-by: Gilles Peskine --- tests/include/test/psa_exercise_key.h | 138 +++ tests/src/psa_exercise_key.c | 867 ++++++++++++++++- tests/suites/test_suite_psa_crypto.function | 975 +------------------- 3 files changed, 1005 insertions(+), 975 deletions(-) diff --git a/tests/include/test/psa_exercise_key.h b/tests/include/test/psa_exercise_key.h index d4a0ea65f2..8fd152c023 100644 --- a/tests/include/test/psa_exercise_key.h +++ b/tests/include/test/psa_exercise_key.h @@ -26,5 +26,143 @@ #include +/* A hash algorithm that is known to be supported. + * + * This is used in some smoke tests. + */ +#if defined(PSA_WANT_ALG_MD2) +#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_MD2 +#elif defined(PSA_WANT_ALG_MD4) +#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_MD4 +#elif defined(PSA_WANT_ALG_MD5) +#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_MD5 +/* MBEDTLS_RIPEMD160_C omitted. This is necessary for the sake of + * exercise_signature_key() because Mbed TLS doesn't support RIPEMD160 + * in RSA PKCS#1v1.5 signatures. A RIPEMD160-only configuration would be + * implausible anyway. */ +#elif defined(PSA_WANT_ALG_SHA_1) +#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_1 +#elif defined(PSA_WANT_ALG_SHA_256) +#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_256 +#elif defined(PSA_WANT_ALG_SHA_384) +#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_384 +#elif defined(PSA_WANT_ALG_SHA_512) +#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_512 +#elif defined(PSA_WANT_ALG_SHA3_256) +#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA3_256 +#else +#undef KNOWN_SUPPORTED_HASH_ALG +#endif + +/* A block cipher that is known to be supported. + * + * For simplicity's sake, stick to block ciphers with 16-byte blocks. + */ +#if defined(MBEDTLS_AES_C) +#define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_AES +#elif defined(MBEDTLS_ARIA_C) +#define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_ARIA +#elif defined(MBEDTLS_CAMELLIA_C) +#define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_CAMELLIA +#undef KNOWN_SUPPORTED_BLOCK_CIPHER +#endif + +/* A MAC mode that is known to be supported. + * + * It must either be HMAC with #KNOWN_SUPPORTED_HASH_ALG or + * a block cipher-based MAC with #KNOWN_SUPPORTED_BLOCK_CIPHER. + * + * This is used in some smoke tests. + */ +#if defined(KNOWN_SUPPORTED_HASH_ALG) && defined(PSA_WANT_ALG_HMAC) +#define KNOWN_SUPPORTED_MAC_ALG ( PSA_ALG_HMAC( KNOWN_SUPPORTED_HASH_ALG ) ) +#define KNOWN_SUPPORTED_MAC_KEY_TYPE PSA_KEY_TYPE_HMAC +#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CMAC_C) +#define KNOWN_SUPPORTED_MAC_ALG PSA_ALG_CMAC +#define KNOWN_SUPPORTED_MAC_KEY_TYPE KNOWN_SUPPORTED_BLOCK_CIPHER +#else +#undef KNOWN_SUPPORTED_MAC_ALG +#undef KNOWN_SUPPORTED_MAC_KEY_TYPE +#endif + +/* A cipher algorithm and key type that are known to be supported. + * + * This is used in some smoke tests. + */ +#if defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CIPHER_MODE_CTR) +#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_CTR +#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CIPHER_MODE_CBC) +#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_CBC_NO_PADDING +#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CIPHER_MODE_CFB) +#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_CFB +#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CIPHER_MODE_OFB) +#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_OFB +#else +#undef KNOWN_SUPPORTED_BLOCK_CIPHER_ALG +#endif +#if defined(KNOWN_SUPPORTED_BLOCK_CIPHER_ALG) +#define KNOWN_SUPPORTED_CIPHER_ALG KNOWN_SUPPORTED_BLOCK_CIPHER_ALG +#define KNOWN_SUPPORTED_CIPHER_KEY_TYPE KNOWN_SUPPORTED_BLOCK_CIPHER +#elif defined(MBEDTLS_RC4_C) +#define KNOWN_SUPPORTED_CIPHER_ALG PSA_ALG_RC4 +#define KNOWN_SUPPORTED_CIPHER_KEY_TYPE PSA_KEY_TYPE_RC4 +#else +#undef KNOWN_SUPPORTED_CIPHER_ALG +#undef KNOWN_SUPPORTED_CIPHER_KEY_TYPE +#endif + +int mbedtls_test_psa_setup_key_derivation_wrap( + psa_key_derivation_operation_t* operation, + mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + unsigned char* input1, size_t input1_length, + unsigned char* input2, size_t input2_length, + size_t capacity ); + +psa_status_t mbedtls_test_psa_raw_key_agreement_with_self( + psa_algorithm_t alg, + mbedtls_svc_key_id_t key ); + +psa_status_t mbedtls_test_psa_key_agreement_with_self( + psa_key_derivation_operation_t *operation, + mbedtls_svc_key_id_t key ); + +int mbedtls_test_psa_exported_key_sanity_check( + psa_key_type_t type, size_t bits, + uint8_t *exported, size_t exported_length ); + +/** Do smoke tests on a key. + * + * Perform one of each operation indicated by \p alg (decrypt/encrypt, + * sign/verify, or derivation) that is permitted according to \p usage. + * \p usage and \p alg should correspond to the expected policy on the + * key. + * + * Export the key if permitted by \p usage, and check that the output + * looks sensible. If \p usage forbids export, check that + * \p psa_export_key correctly rejects the attempt. If the key is + * asymmetric, also check \p psa_export_public_key. + * + * If the key fails the tests, this function calls the test framework's + * `mbedtls_test_fail` function and returns false. Otherwise this function + * returns true. Therefore it should be used as follows: + * ``` + * if( ! exercise_key( ... ) ) goto exit; + * ``` + * + * \param key The key to exercise. It should be capable of performing + * \p alg. + * \param usage The usage flags to assume. + * \param alg The algorithm to exercise. + * + * \retval 0 The key failed the smoke tests. + * \retval 1 The key passed the smoke tests. + */ +int mbedtls_test_psa_exercise_key( mbedtls_svc_key_id_t key, + psa_key_usage_t usage, + psa_algorithm_t alg ); + +psa_key_usage_t mbedtls_test_psa_usage_to_exercise( psa_key_type_t type, + psa_algorithm_t alg ); #endif /* PSA_EXERCISE_KEY_H */ diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index 78e46d9e6a..79ba32519c 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -21,11 +21,876 @@ #include #include -#include +#include #if defined(MBEDTLS_PSA_CRYPTO_C) +#include #include +#include +#include + +#if defined(MBEDTLS_PSA_CRYPTO_SE_C) +static int lifetime_is_dynamic_secure_element( psa_key_lifetime_t lifetime ) +{ + return( PSA_KEY_LIFETIME_GET_LOCATION( lifetime ) != + PSA_KEY_LOCATION_LOCAL_STORAGE ); +} +#endif + +static int check_key_attributes_sanity( mbedtls_svc_key_id_t key ) +{ + int ok = 0; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_key_lifetime_t lifetime; + mbedtls_svc_key_id_t id; + psa_key_type_t type; + psa_key_type_t bits; + + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + lifetime = psa_get_key_lifetime( &attributes ); + id = psa_get_key_id( &attributes ); + type = psa_get_key_type( &attributes ); + bits = psa_get_key_bits( &attributes ); + + /* Persistence */ + if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) + { + TEST_ASSERT( + ( PSA_KEY_ID_VOLATILE_MIN <= + MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ) && + ( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) <= + PSA_KEY_ID_VOLATILE_MAX ) ); + } + else + { + TEST_ASSERT( + ( PSA_KEY_ID_USER_MIN <= MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ) && + ( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) <= PSA_KEY_ID_USER_MAX ) ); + } +#if defined(MBEDTLS_PSA_CRYPTO_SE_C) + /* randomly-generated 64-bit constant, should never appear in test data */ + psa_key_slot_number_t slot_number = 0xec94d4a5058a1a21; + psa_status_t status = psa_get_key_slot_number( &attributes, &slot_number ); + if( lifetime_is_dynamic_secure_element( lifetime ) ) + { + /* Mbed Crypto currently always exposes the slot number to + * applications. This is not mandated by the PSA specification + * and may change in future versions. */ + TEST_EQUAL( status, 0 ); + TEST_ASSERT( slot_number != 0xec94d4a5058a1a21 ); + } + else + { + TEST_EQUAL( status, PSA_ERROR_INVALID_ARGUMENT ); + } +#endif + + /* Type and size */ + TEST_ASSERT( type != 0 ); + TEST_ASSERT( bits != 0 ); + TEST_ASSERT( bits <= PSA_MAX_KEY_BITS ); + if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) ) + TEST_ASSERT( bits % 8 == 0 ); + + /* MAX macros concerning specific key types */ + if( PSA_KEY_TYPE_IS_ECC( type ) ) + TEST_ASSERT( bits <= PSA_VENDOR_ECC_MAX_CURVE_BITS ); + else if( PSA_KEY_TYPE_IS_RSA( type ) ) + TEST_ASSERT( bits <= PSA_VENDOR_RSA_MAX_KEY_BITS ); + TEST_ASSERT( PSA_BLOCK_CIPHER_BLOCK_LENGTH( type ) <= PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE ); + + ok = 1; + +exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes( &attributes ); + + return( ok ); +} + +static int exercise_mac_key( mbedtls_svc_key_id_t key, + psa_key_usage_t usage, + psa_algorithm_t alg ) +{ + psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; + const unsigned char input[] = "foo"; + unsigned char mac[PSA_MAC_MAX_SIZE] = {0}; + size_t mac_length = sizeof( mac ); + + if( usage & PSA_KEY_USAGE_SIGN_HASH ) + { + PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) ); + PSA_ASSERT( psa_mac_update( &operation, + input, sizeof( input ) ) ); + PSA_ASSERT( psa_mac_sign_finish( &operation, + mac, sizeof( mac ), + &mac_length ) ); + } + + if( usage & PSA_KEY_USAGE_VERIFY_HASH ) + { + psa_status_t verify_status = + ( usage & PSA_KEY_USAGE_SIGN_HASH ? + PSA_SUCCESS : + PSA_ERROR_INVALID_SIGNATURE ); + PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) ); + PSA_ASSERT( psa_mac_update( &operation, + input, sizeof( input ) ) ); + TEST_EQUAL( psa_mac_verify_finish( &operation, mac, mac_length ), + verify_status ); + } + + return( 1 ); + +exit: + psa_mac_abort( &operation ); + return( 0 ); +} + +static int exercise_cipher_key( mbedtls_svc_key_id_t key, + psa_key_usage_t usage, + psa_algorithm_t alg ) +{ + psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; + unsigned char iv[16] = {0}; + size_t iv_length = sizeof( iv ); + const unsigned char plaintext[16] = "Hello, world..."; + unsigned char ciphertext[32] = "(wabblewebblewibblewobblewubble)"; + size_t ciphertext_length = sizeof( ciphertext ); + unsigned char decrypted[sizeof( ciphertext )]; + size_t part_length; + + if( usage & PSA_KEY_USAGE_ENCRYPT ) + { + PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); + PSA_ASSERT( psa_cipher_generate_iv( &operation, + iv, sizeof( iv ), + &iv_length ) ); + PSA_ASSERT( psa_cipher_update( &operation, + plaintext, sizeof( plaintext ), + ciphertext, sizeof( ciphertext ), + &ciphertext_length ) ); + PSA_ASSERT( psa_cipher_finish( &operation, + ciphertext + ciphertext_length, + sizeof( ciphertext ) - ciphertext_length, + &part_length ) ); + ciphertext_length += part_length; + } + + if( usage & PSA_KEY_USAGE_DECRYPT ) + { + psa_status_t status; + int maybe_invalid_padding = 0; + if( ! ( usage & PSA_KEY_USAGE_ENCRYPT ) ) + { + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + /* This should be PSA_CIPHER_GET_IV_SIZE but the API doesn't + * have this macro yet. */ + iv_length = PSA_BLOCK_CIPHER_BLOCK_LENGTH( + psa_get_key_type( &attributes ) ); + maybe_invalid_padding = ! PSA_ALG_IS_STREAM_CIPHER( alg ); + psa_reset_key_attributes( &attributes ); + } + PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) ); + PSA_ASSERT( psa_cipher_set_iv( &operation, + iv, iv_length ) ); + PSA_ASSERT( psa_cipher_update( &operation, + ciphertext, ciphertext_length, + decrypted, sizeof( decrypted ), + &part_length ) ); + status = psa_cipher_finish( &operation, + decrypted + part_length, + sizeof( decrypted ) - part_length, + &part_length ); + /* For a stream cipher, all inputs are valid. For a block cipher, + * if the input is some aribtrary data rather than an actual + ciphertext, a padding error is likely. */ + if( maybe_invalid_padding ) + TEST_ASSERT( status == PSA_SUCCESS || + status == PSA_ERROR_INVALID_PADDING ); + else + PSA_ASSERT( status ); + } + + return( 1 ); + +exit: + psa_cipher_abort( &operation ); + return( 0 ); +} + +static int exercise_aead_key( mbedtls_svc_key_id_t key, + psa_key_usage_t usage, + psa_algorithm_t alg ) +{ + unsigned char nonce[16] = {0}; + size_t nonce_length = sizeof( nonce ); + unsigned char plaintext[16] = "Hello, world..."; + unsigned char ciphertext[48] = "(wabblewebblewibblewobblewubble)"; + size_t ciphertext_length = sizeof( ciphertext ); + size_t plaintext_length = sizeof( ciphertext ); + + /* Default IV length for AES-GCM is 12 bytes */ + if( PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 0 ) == + PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ) ) + { + nonce_length = 12; + } + + if( usage & PSA_KEY_USAGE_ENCRYPT ) + { + PSA_ASSERT( psa_aead_encrypt( key, alg, + nonce, nonce_length, + NULL, 0, + plaintext, sizeof( plaintext ), + ciphertext, sizeof( ciphertext ), + &ciphertext_length ) ); + } + + if( usage & PSA_KEY_USAGE_DECRYPT ) + { + psa_status_t verify_status = + ( usage & PSA_KEY_USAGE_ENCRYPT ? + PSA_SUCCESS : + PSA_ERROR_INVALID_SIGNATURE ); + TEST_EQUAL( psa_aead_decrypt( key, alg, + nonce, nonce_length, + NULL, 0, + ciphertext, ciphertext_length, + plaintext, sizeof( plaintext ), + &plaintext_length ), + verify_status ); + } + + return( 1 ); + +exit: + return( 0 ); +} + +static int exercise_signature_key( mbedtls_svc_key_id_t key, + psa_key_usage_t usage, + psa_algorithm_t alg ) +{ + unsigned char payload[PSA_HASH_MAX_SIZE] = {1}; + size_t payload_length = 16; + unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = {0}; + size_t signature_length = sizeof( signature ); + psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg ); + + /* If the policy allows signing with any hash, just pick one. */ + if( PSA_ALG_IS_HASH_AND_SIGN( alg ) && hash_alg == PSA_ALG_ANY_HASH ) + { +#if defined(KNOWN_SUPPORTED_HASH_ALG) + hash_alg = KNOWN_SUPPORTED_HASH_ALG; + alg ^= PSA_ALG_ANY_HASH ^ hash_alg; +#else + mbedtls_test_fail( "No hash algorithm for hash-and-sign testing", + __LINE__, __FILE__ ); + return( 1 ); +#endif + } + + if( usage & PSA_KEY_USAGE_SIGN_HASH ) + { + /* Some algorithms require the payload to have the size of + * the hash encoded in the algorithm. Use this input size + * even for algorithms that allow other input sizes. */ + if( hash_alg != 0 ) + payload_length = PSA_HASH_LENGTH( hash_alg ); + PSA_ASSERT( psa_sign_hash( key, alg, + payload, payload_length, + signature, sizeof( signature ), + &signature_length ) ); + } + + if( usage & PSA_KEY_USAGE_VERIFY_HASH ) + { + psa_status_t verify_status = + ( usage & PSA_KEY_USAGE_SIGN_HASH ? + PSA_SUCCESS : + PSA_ERROR_INVALID_SIGNATURE ); + TEST_EQUAL( psa_verify_hash( key, alg, + payload, payload_length, + signature, signature_length ), + verify_status ); + } + + return( 1 ); + +exit: + return( 0 ); +} + +static int exercise_asymmetric_encryption_key( mbedtls_svc_key_id_t key, + psa_key_usage_t usage, + psa_algorithm_t alg ) +{ + unsigned char plaintext[256] = "Hello, world..."; + unsigned char ciphertext[256] = "(wabblewebblewibblewobblewubble)"; + size_t ciphertext_length = sizeof( ciphertext ); + size_t plaintext_length = 16; + + if( usage & PSA_KEY_USAGE_ENCRYPT ) + { + PSA_ASSERT( psa_asymmetric_encrypt( key, alg, + plaintext, plaintext_length, + NULL, 0, + ciphertext, sizeof( ciphertext ), + &ciphertext_length ) ); + } + + if( usage & PSA_KEY_USAGE_DECRYPT ) + { + psa_status_t status = + psa_asymmetric_decrypt( key, alg, + ciphertext, ciphertext_length, + NULL, 0, + plaintext, sizeof( plaintext ), + &plaintext_length ); + TEST_ASSERT( status == PSA_SUCCESS || + ( ( usage & PSA_KEY_USAGE_ENCRYPT ) == 0 && + ( status == PSA_ERROR_INVALID_ARGUMENT || + status == PSA_ERROR_INVALID_PADDING ) ) ); + } + + return( 1 ); + +exit: + return( 0 ); +} + +int mbedtls_test_psa_setup_key_derivation_wrap( + psa_key_derivation_operation_t* operation, + mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + unsigned char* input1, size_t input1_length, + unsigned char* input2, size_t input2_length, + size_t capacity ) +{ + PSA_ASSERT( psa_key_derivation_setup( operation, alg ) ); + if( PSA_ALG_IS_HKDF( alg ) ) + { + PSA_ASSERT( psa_key_derivation_input_bytes( operation, + PSA_KEY_DERIVATION_INPUT_SALT, + input1, input1_length ) ); + PSA_ASSERT( psa_key_derivation_input_key( operation, + PSA_KEY_DERIVATION_INPUT_SECRET, + key ) ); + PSA_ASSERT( psa_key_derivation_input_bytes( operation, + PSA_KEY_DERIVATION_INPUT_INFO, + input2, + input2_length ) ); + } + else if( PSA_ALG_IS_TLS12_PRF( alg ) || + PSA_ALG_IS_TLS12_PSK_TO_MS( alg ) ) + { + PSA_ASSERT( psa_key_derivation_input_bytes( operation, + PSA_KEY_DERIVATION_INPUT_SEED, + input1, input1_length ) ); + PSA_ASSERT( psa_key_derivation_input_key( operation, + PSA_KEY_DERIVATION_INPUT_SECRET, + key ) ); + PSA_ASSERT( psa_key_derivation_input_bytes( operation, + PSA_KEY_DERIVATION_INPUT_LABEL, + input2, input2_length ) ); + } + else + { + TEST_ASSERT( ! "Key derivation algorithm not supported" ); + } + + if( capacity != SIZE_MAX ) + PSA_ASSERT( psa_key_derivation_set_capacity( operation, capacity ) ); + + return( 1 ); + +exit: + return( 0 ); +} + + +static int exercise_key_derivation_key( mbedtls_svc_key_id_t key, + psa_key_usage_t usage, + psa_algorithm_t alg ) +{ + psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; + unsigned char input1[] = "Input 1"; + size_t input1_length = sizeof( input1 ); + unsigned char input2[] = "Input 2"; + size_t input2_length = sizeof( input2 ); + unsigned char output[1]; + size_t capacity = sizeof( output ); + + if( usage & PSA_KEY_USAGE_DERIVE ) + { + if( !mbedtls_test_psa_setup_key_derivation_wrap( &operation, key, alg, + input1, input1_length, + input2, input2_length, + capacity ) ) + goto exit; + + PSA_ASSERT( psa_key_derivation_output_bytes( &operation, + output, + capacity ) ); + PSA_ASSERT( psa_key_derivation_abort( &operation ) ); + } + + return( 1 ); + +exit: + return( 0 ); +} + +/* We need two keys to exercise key agreement. Exercise the + * private key against its own public key. */ +psa_status_t mbedtls_test_psa_key_agreement_with_self( + psa_key_derivation_operation_t *operation, + mbedtls_svc_key_id_t key ) +{ + psa_key_type_t private_key_type; + psa_key_type_t public_key_type; + size_t key_bits; + uint8_t *public_key = NULL; + size_t public_key_length; + /* Return GENERIC_ERROR if something other than the final call to + * psa_key_derivation_key_agreement fails. This isn't fully satisfactory, + * but it's good enough: callers will report it as a failed test anyway. */ + psa_status_t status = PSA_ERROR_GENERIC_ERROR; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + private_key_type = psa_get_key_type( &attributes ); + key_bits = psa_get_key_bits( &attributes ); + public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( private_key_type ); + public_key_length = PSA_EXPORT_KEY_OUTPUT_SIZE( public_key_type, key_bits ); + ASSERT_ALLOC( public_key, public_key_length ); + PSA_ASSERT( psa_export_public_key( key, public_key, public_key_length, + &public_key_length ) ); + + status = psa_key_derivation_key_agreement( + operation, PSA_KEY_DERIVATION_INPUT_SECRET, key, + public_key, public_key_length ); +exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes( &attributes ); + + mbedtls_free( public_key ); + return( status ); +} + +/* We need two keys to exercise key agreement. Exercise the + * private key against its own public key. */ +psa_status_t mbedtls_test_psa_raw_key_agreement_with_self( + psa_algorithm_t alg, + mbedtls_svc_key_id_t key ) +{ + psa_key_type_t private_key_type; + psa_key_type_t public_key_type; + size_t key_bits; + uint8_t *public_key = NULL; + size_t public_key_length; + uint8_t output[1024]; + size_t output_length; + /* Return GENERIC_ERROR if something other than the final call to + * psa_key_derivation_key_agreement fails. This isn't fully satisfactory, + * but it's good enough: callers will report it as a failed test anyway. */ + psa_status_t status = PSA_ERROR_GENERIC_ERROR; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + private_key_type = psa_get_key_type( &attributes ); + key_bits = psa_get_key_bits( &attributes ); + public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( private_key_type ); + public_key_length = PSA_EXPORT_KEY_OUTPUT_SIZE( public_key_type, key_bits ); + ASSERT_ALLOC( public_key, public_key_length ); + PSA_ASSERT( psa_export_public_key( key, + public_key, public_key_length, + &public_key_length ) ); + + status = psa_raw_key_agreement( alg, key, + public_key, public_key_length, + output, sizeof( output ), &output_length ); +exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes( &attributes ); + + mbedtls_free( public_key ); + return( status ); +} + +static int exercise_raw_key_agreement_key( mbedtls_svc_key_id_t key, + psa_key_usage_t usage, + psa_algorithm_t alg ) +{ + int ok = 0; + + if( usage & PSA_KEY_USAGE_DERIVE ) + { + /* We need two keys to exercise key agreement. Exercise the + * private key against its own public key. */ + PSA_ASSERT( mbedtls_test_psa_raw_key_agreement_with_self( alg, key ) ); + } + ok = 1; + +exit: + return( ok ); +} + +static int exercise_key_agreement_key( mbedtls_svc_key_id_t key, + psa_key_usage_t usage, + psa_algorithm_t alg ) +{ + psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; + unsigned char output[1]; + int ok = 0; + + if( usage & PSA_KEY_USAGE_DERIVE ) + { + /* We need two keys to exercise key agreement. Exercise the + * private key against its own public key. */ + PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) ); + PSA_ASSERT( mbedtls_test_psa_key_agreement_with_self( &operation, key ) ); + PSA_ASSERT( psa_key_derivation_output_bytes( &operation, + output, + sizeof( output ) ) ); + PSA_ASSERT( psa_key_derivation_abort( &operation ) ); + } + ok = 1; + +exit: + return( ok ); +} + +int mbedtls_test_psa_exported_key_sanity_check( + psa_key_type_t type, size_t bits, + uint8_t *exported, size_t exported_length ) +{ + if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) ) + TEST_EQUAL( exported_length, ( bits + 7 ) / 8 ); + else + TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_OUTPUT_SIZE( type, bits ) ); + +#if defined(MBEDTLS_DES_C) + if( type == PSA_KEY_TYPE_DES ) + { + /* Check the parity bits. */ + unsigned i; + for( i = 0; i < bits / 8; i++ ) + { + unsigned bit_count = 0; + unsigned m; + for( m = 1; m <= 0x100; m <<= 1 ) + { + if( exported[i] & m ) + ++bit_count; + } + TEST_ASSERT( bit_count % 2 != 0 ); + } + } + else +#endif + +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_PARSE_C) + if( type == PSA_KEY_TYPE_RSA_KEY_PAIR ) + { + uint8_t *p = exported; + uint8_t *end = exported + exported_length; + size_t len; + /* RSAPrivateKey ::= SEQUENCE { + * version INTEGER, -- must be 0 + * modulus INTEGER, -- n + * publicExponent INTEGER, -- e + * privateExponent INTEGER, -- d + * prime1 INTEGER, -- p + * prime2 INTEGER, -- q + * exponent1 INTEGER, -- d mod (p-1) + * exponent2 INTEGER, -- d mod (q-1) + * coefficient INTEGER, -- (inverse of q) mod p + * } + */ + TEST_EQUAL( mbedtls_asn1_get_tag( &p, end, &len, + MBEDTLS_ASN1_SEQUENCE | + MBEDTLS_ASN1_CONSTRUCTED ), 0 ); + TEST_EQUAL( p + len, end ); + if( ! mbedtls_test_asn1_skip_integer( &p, end, 0, 0, 0 ) ) + goto exit; + if( ! mbedtls_test_asn1_skip_integer( &p, end, bits, bits, 1 ) ) + goto exit; + if( ! mbedtls_test_asn1_skip_integer( &p, end, 2, bits, 1 ) ) + goto exit; + /* Require d to be at least half the size of n. */ + if( ! mbedtls_test_asn1_skip_integer( &p, end, bits / 2, bits, 1 ) ) + goto exit; + /* Require p and q to be at most half the size of n, rounded up. */ + if( ! mbedtls_test_asn1_skip_integer( &p, end, bits / 2, bits / 2 + 1, 1 ) ) + goto exit; + if( ! mbedtls_test_asn1_skip_integer( &p, end, bits / 2, bits / 2 + 1, 1 ) ) + goto exit; + if( ! mbedtls_test_asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) ) + goto exit; + if( ! mbedtls_test_asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) ) + goto exit; + if( ! mbedtls_test_asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) ) + goto exit; + TEST_EQUAL( p, end ); + } + else +#endif /* MBEDTLS_RSA_C */ + +#if defined(MBEDTLS_ECP_C) + if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) ) + { + /* Just the secret value */ + TEST_EQUAL( exported_length, PSA_BITS_TO_BYTES( bits ) ); + } + else +#endif /* MBEDTLS_ECP_C */ + + if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ) + { + uint8_t *p = exported; + uint8_t *end = exported + exported_length; +#if defined(MBEDTLS_RSA_C) + if( type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ) + { + size_t len; + /* RSAPublicKey ::= SEQUENCE { + * modulus INTEGER, -- n + * publicExponent INTEGER } -- e + */ + TEST_EQUAL( mbedtls_asn1_get_tag( &p, end, &len, + MBEDTLS_ASN1_SEQUENCE | + MBEDTLS_ASN1_CONSTRUCTED ), + 0 ); + TEST_EQUAL( p + len, end ); + if( ! mbedtls_test_asn1_skip_integer( &p, end, bits, bits, 1 ) ) + goto exit; + if( ! mbedtls_test_asn1_skip_integer( &p, end, 2, bits, 1 ) ) + goto exit; + TEST_EQUAL( p, end ); + } + else +#endif /* MBEDTLS_RSA_C */ +#if defined(MBEDTLS_ECP_C) + if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( type ) ) + { + if( PSA_KEY_TYPE_ECC_GET_FAMILY( type ) == PSA_ECC_FAMILY_MONTGOMERY ) + { + /* The representation of an ECC Montgomery public key is + * the raw compressed point */ + TEST_EQUAL( p + PSA_BITS_TO_BYTES( bits ), end ); + } + else + { + /* The representation of an ECC Weierstrass public key is: + * - The byte 0x04; + * - `x_P` as a `ceiling(m/8)`-byte string, big-endian; + * - `y_P` as a `ceiling(m/8)`-byte string, big-endian; + * - where m is the bit size associated with the curve. + */ + TEST_EQUAL( p + 1 + 2 * PSA_BITS_TO_BYTES( bits ), end ); + TEST_EQUAL( p[0], 4 ); + } + } + else +#endif /* MBEDTLS_ECP_C */ + { + char message[47]; + mbedtls_snprintf( message, sizeof( message ), + "No sanity check for public key type=0x%08lx", + (unsigned long) type ); + mbedtls_test_fail( message, __LINE__, __FILE__ ); + (void) p; + (void) end; + return( 0 ); + } + } + else + + { + /* No sanity checks for other types */ + } + + return( 1 ); + +exit: + return( 0 ); +} + +static int exercise_export_key( mbedtls_svc_key_id_t key, + psa_key_usage_t usage ) +{ + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + uint8_t *exported = NULL; + size_t exported_size = 0; + size_t exported_length = 0; + int ok = 0; + + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + + exported_size = PSA_EXPORT_KEY_OUTPUT_SIZE( + psa_get_key_type( &attributes ), + psa_get_key_bits( &attributes ) ); + ASSERT_ALLOC( exported, exported_size ); + + if( ( usage & PSA_KEY_USAGE_EXPORT ) == 0 && + ! PSA_KEY_TYPE_IS_PUBLIC_KEY( psa_get_key_type( &attributes ) ) ) + { + TEST_EQUAL( psa_export_key( key, exported, + exported_size, &exported_length ), + PSA_ERROR_NOT_PERMITTED ); + ok = 1; + goto exit; + } + + PSA_ASSERT( psa_export_key( key, + exported, exported_size, + &exported_length ) ); + ok = mbedtls_test_psa_exported_key_sanity_check( + psa_get_key_type( &attributes ), psa_get_key_bits( &attributes ), + exported, exported_length ); + +exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes( &attributes ); + + mbedtls_free( exported ); + return( ok ); +} + +static int exercise_export_public_key( mbedtls_svc_key_id_t key ) +{ + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_key_type_t public_type; + uint8_t *exported = NULL; + size_t exported_size = 0; + size_t exported_length = 0; + int ok = 0; + + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + if( ! PSA_KEY_TYPE_IS_ASYMMETRIC( psa_get_key_type( &attributes ) ) ) + { + exported_size = PSA_EXPORT_KEY_OUTPUT_SIZE( + psa_get_key_type( &attributes ), + psa_get_key_bits( &attributes ) ); + ASSERT_ALLOC( exported, exported_size ); + + TEST_EQUAL( psa_export_public_key( key, exported, + exported_size, &exported_length ), + PSA_ERROR_INVALID_ARGUMENT ); + ok = 1; + goto exit; + } + + public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( + psa_get_key_type( &attributes ) ); + exported_size = PSA_EXPORT_KEY_OUTPUT_SIZE( public_type, + psa_get_key_bits( &attributes ) ); + ASSERT_ALLOC( exported, exported_size ); + + PSA_ASSERT( psa_export_public_key( key, + exported, exported_size, + &exported_length ) ); + ok = mbedtls_test_psa_exported_key_sanity_check( + public_type, psa_get_key_bits( &attributes ), + exported, exported_length ); + +exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes( &attributes ); + + mbedtls_free( exported ); + return( ok ); +} + +int mbedtls_test_psa_exercise_key( mbedtls_svc_key_id_t key, + psa_key_usage_t usage, + psa_algorithm_t alg ) +{ + int ok; + + if( ! check_key_attributes_sanity( key ) ) + return( 0 ); + + if( alg == 0 ) + ok = 1; /* If no algorihm, do nothing (used for raw data "keys"). */ + else if( PSA_ALG_IS_MAC( alg ) ) + ok = exercise_mac_key( key, usage, alg ); + else if( PSA_ALG_IS_CIPHER( alg ) ) + ok = exercise_cipher_key( key, usage, alg ); + else if( PSA_ALG_IS_AEAD( alg ) ) + ok = exercise_aead_key( key, usage, alg ); + else if( PSA_ALG_IS_SIGN( alg ) ) + ok = exercise_signature_key( key, usage, alg ); + else if( PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ) + ok = exercise_asymmetric_encryption_key( key, usage, alg ); + else if( PSA_ALG_IS_KEY_DERIVATION( alg ) ) + ok = exercise_key_derivation_key( key, usage, alg ); + else if( PSA_ALG_IS_RAW_KEY_AGREEMENT( alg ) ) + ok = exercise_raw_key_agreement_key( key, usage, alg ); + else if( PSA_ALG_IS_KEY_AGREEMENT( alg ) ) + ok = exercise_key_agreement_key( key, usage, alg ); + else + { + char message[40]; + mbedtls_snprintf( message, sizeof( message ), + "No code to exercise alg=0x%08lx", + (unsigned long) alg ); + mbedtls_test_fail( message, __LINE__, __FILE__ ); + ok = 0; + } + + ok = ok && exercise_export_key( key, usage ); + ok = ok && exercise_export_public_key( key ); + + return( ok ); +} + +psa_key_usage_t mbedtls_test_psa_usage_to_exercise( psa_key_type_t type, + psa_algorithm_t alg ) +{ + if( PSA_ALG_IS_MAC( alg ) || PSA_ALG_IS_SIGN( alg ) ) + { + return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ? + PSA_KEY_USAGE_VERIFY_HASH : + PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH ); + } + else if( PSA_ALG_IS_CIPHER( alg ) || PSA_ALG_IS_AEAD( alg ) || + PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ) + { + return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ? + PSA_KEY_USAGE_ENCRYPT : + PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); + } + else if( PSA_ALG_IS_KEY_DERIVATION( alg ) || + PSA_ALG_IS_KEY_AGREEMENT( alg ) ) + { + return( PSA_KEY_USAGE_DERIVE ); + } + else + { + return( 0 ); + } + +} #endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index f0b86476f7..7ae672573e 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -14,103 +14,11 @@ #include "test/asn1_helpers.h" #include "test/psa_crypto_helpers.h" +#include "test/psa_exercise_key.h" /** An invalid export length that will never be set by psa_export_key(). */ static const size_t INVALID_EXPORT_LENGTH = ~0U; -/* A hash algorithm that is known to be supported. - * - * This is used in some smoke tests. - */ -#if defined(PSA_WANT_ALG_MD2) -#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_MD2 -#elif defined(PSA_WANT_ALG_MD4) -#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_MD4 -#elif defined(PSA_WANT_ALG_MD5) -#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_MD5 -/* MBEDTLS_RIPEMD160_C omitted. This is necessary for the sake of - * exercise_signature_key() because Mbed TLS doesn't support RIPEMD160 - * in RSA PKCS#1v1.5 signatures. A RIPEMD160-only configuration would be - * implausible anyway. */ -#elif defined(PSA_WANT_ALG_SHA_1) -#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_1 -#elif defined(PSA_WANT_ALG_SHA_256) -#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_256 -#elif defined(PSA_WANT_ALG_SHA_384) -#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_384 -#elif defined(PSA_WANT_ALG_SHA_512) -#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_512 -#elif defined(PSA_WANT_ALG_SHA3_256) -#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA3_256 -#else -#undef KNOWN_SUPPORTED_HASH_ALG -#endif - -/* A block cipher that is known to be supported. - * - * For simplicity's sake, stick to block ciphers with 16-byte blocks. - */ -#if defined(MBEDTLS_AES_C) -#define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_AES -#elif defined(MBEDTLS_ARIA_C) -#define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_ARIA -#elif defined(MBEDTLS_CAMELLIA_C) -#define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_CAMELLIA -#undef KNOWN_SUPPORTED_BLOCK_CIPHER -#endif - -/* A MAC mode that is known to be supported. - * - * It must either be HMAC with #KNOWN_SUPPORTED_HASH_ALG or - * a block cipher-based MAC with #KNOWN_SUPPORTED_BLOCK_CIPHER. - * - * This is used in some smoke tests. - */ -#if defined(KNOWN_SUPPORTED_HASH_ALG) && defined(PSA_WANT_ALG_HMAC) -#define KNOWN_SUPPORTED_MAC_ALG ( PSA_ALG_HMAC( KNOWN_SUPPORTED_HASH_ALG ) ) -#define KNOWN_SUPPORTED_MAC_KEY_TYPE PSA_KEY_TYPE_HMAC -#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CMAC_C) -#define KNOWN_SUPPORTED_MAC_ALG PSA_ALG_CMAC -#define KNOWN_SUPPORTED_MAC_KEY_TYPE KNOWN_SUPPORTED_BLOCK_CIPHER -#else -#undef KNOWN_SUPPORTED_MAC_ALG -#undef KNOWN_SUPPORTED_MAC_KEY_TYPE -#endif - -/* A cipher algorithm and key type that are known to be supported. - * - * This is used in some smoke tests. - */ -#if defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CIPHER_MODE_CTR) -#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_CTR -#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CIPHER_MODE_CBC) -#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_CBC_NO_PADDING -#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CIPHER_MODE_CFB) -#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_CFB -#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CIPHER_MODE_OFB) -#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_OFB -#else -#undef KNOWN_SUPPORTED_BLOCK_CIPHER_ALG -#endif -#if defined(KNOWN_SUPPORTED_BLOCK_CIPHER_ALG) -#define KNOWN_SUPPORTED_CIPHER_ALG KNOWN_SUPPORTED_BLOCK_CIPHER_ALG -#define KNOWN_SUPPORTED_CIPHER_KEY_TYPE KNOWN_SUPPORTED_BLOCK_CIPHER -#elif defined(MBEDTLS_RC4_C) -#define KNOWN_SUPPORTED_CIPHER_ALG PSA_ALG_RC4 -#define KNOWN_SUPPORTED_CIPHER_KEY_TYPE PSA_KEY_TYPE_RC4 -#else -#undef KNOWN_SUPPORTED_CIPHER_ALG -#undef KNOWN_SUPPORTED_CIPHER_KEY_TYPE -#endif - -#if defined(MBEDTLS_PSA_CRYPTO_SE_C) -static int lifetime_is_dynamic_secure_element( psa_key_lifetime_t lifetime ) -{ - return( PSA_KEY_LIFETIME_GET_LOCATION( lifetime ) != - PSA_KEY_LOCATION_LOCAL_STORAGE ); -} -#endif - /** Test if a buffer contains a constant byte value. * * `mem_is_char(buffer, c, size)` is true after `memset(buffer, c, size)`. @@ -217,80 +125,6 @@ static int construct_fake_rsa_key( unsigned char *buffer, return( len ); } -static int check_key_attributes_sanity( mbedtls_svc_key_id_t key ) -{ - int ok = 0; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_lifetime_t lifetime; - mbedtls_svc_key_id_t id; - psa_key_type_t type; - psa_key_type_t bits; - - PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); - lifetime = psa_get_key_lifetime( &attributes ); - id = psa_get_key_id( &attributes ); - type = psa_get_key_type( &attributes ); - bits = psa_get_key_bits( &attributes ); - - /* Persistence */ - if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) - { - TEST_ASSERT( - ( PSA_KEY_ID_VOLATILE_MIN <= - MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ) && - ( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) <= - PSA_KEY_ID_VOLATILE_MAX ) ); - } - else - { - TEST_ASSERT( - ( PSA_KEY_ID_USER_MIN <= MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ) && - ( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) <= PSA_KEY_ID_USER_MAX ) ); - } -#if defined(MBEDTLS_PSA_CRYPTO_SE_C) - /* randomly-generated 64-bit constant, should never appear in test data */ - psa_key_slot_number_t slot_number = 0xec94d4a5058a1a21; - psa_status_t status = psa_get_key_slot_number( &attributes, &slot_number ); - if( lifetime_is_dynamic_secure_element( lifetime ) ) - { - /* Mbed Crypto currently always exposes the slot number to - * applications. This is not mandated by the PSA specification - * and may change in future versions. */ - TEST_EQUAL( status, 0 ); - TEST_ASSERT( slot_number != 0xec94d4a5058a1a21 ); - } - else - { - TEST_EQUAL( status, PSA_ERROR_INVALID_ARGUMENT ); - } -#endif - - /* Type and size */ - TEST_ASSERT( type != 0 ); - TEST_ASSERT( bits != 0 ); - TEST_ASSERT( bits <= PSA_MAX_KEY_BITS ); - if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) ) - TEST_ASSERT( bits % 8 == 0 ); - - /* MAX macros concerning specific key types */ - if( PSA_KEY_TYPE_IS_ECC( type ) ) - TEST_ASSERT( bits <= PSA_VENDOR_ECC_MAX_CURVE_BITS ); - else if( PSA_KEY_TYPE_IS_RSA( type ) ) - TEST_ASSERT( bits <= PSA_VENDOR_RSA_MAX_KEY_BITS ); - TEST_ASSERT( PSA_BLOCK_CIPHER_BLOCK_LENGTH( type ) <= PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE ); - - ok = 1; - -exit: - /* - * Key attributes may have been returned by psa_get_key_attributes() - * thus reset them as required. - */ - psa_reset_key_attributes( &attributes ); - - return( ok ); -} - int exercise_mac_setup( psa_key_type_t key_type, const unsigned char *key_bytes, size_t key_length, @@ -358,813 +192,6 @@ exit: return( 0 ); } -static int exercise_mac_key( mbedtls_svc_key_id_t key, - psa_key_usage_t usage, - psa_algorithm_t alg ) -{ - psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; - const unsigned char input[] = "foo"; - unsigned char mac[PSA_MAC_MAX_SIZE] = {0}; - size_t mac_length = sizeof( mac ); - - if( usage & PSA_KEY_USAGE_SIGN_HASH ) - { - PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) ); - PSA_ASSERT( psa_mac_update( &operation, - input, sizeof( input ) ) ); - PSA_ASSERT( psa_mac_sign_finish( &operation, - mac, sizeof( mac ), - &mac_length ) ); - } - - if( usage & PSA_KEY_USAGE_VERIFY_HASH ) - { - psa_status_t verify_status = - ( usage & PSA_KEY_USAGE_SIGN_HASH ? - PSA_SUCCESS : - PSA_ERROR_INVALID_SIGNATURE ); - PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) ); - PSA_ASSERT( psa_mac_update( &operation, - input, sizeof( input ) ) ); - TEST_EQUAL( psa_mac_verify_finish( &operation, mac, mac_length ), - verify_status ); - } - - return( 1 ); - -exit: - psa_mac_abort( &operation ); - return( 0 ); -} - -static int exercise_cipher_key( mbedtls_svc_key_id_t key, - psa_key_usage_t usage, - psa_algorithm_t alg ) -{ - psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; - unsigned char iv[16] = {0}; - size_t iv_length = sizeof( iv ); - const unsigned char plaintext[16] = "Hello, world..."; - unsigned char ciphertext[32] = "(wabblewebblewibblewobblewubble)"; - size_t ciphertext_length = sizeof( ciphertext ); - unsigned char decrypted[sizeof( ciphertext )]; - size_t part_length; - - if( usage & PSA_KEY_USAGE_ENCRYPT ) - { - PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); - PSA_ASSERT( psa_cipher_generate_iv( &operation, - iv, sizeof( iv ), - &iv_length ) ); - PSA_ASSERT( psa_cipher_update( &operation, - plaintext, sizeof( plaintext ), - ciphertext, sizeof( ciphertext ), - &ciphertext_length ) ); - PSA_ASSERT( psa_cipher_finish( &operation, - ciphertext + ciphertext_length, - sizeof( ciphertext ) - ciphertext_length, - &part_length ) ); - ciphertext_length += part_length; - } - - if( usage & PSA_KEY_USAGE_DECRYPT ) - { - psa_status_t status; - int maybe_invalid_padding = 0; - if( ! ( usage & PSA_KEY_USAGE_ENCRYPT ) ) - { - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); - /* This should be PSA_CIPHER_GET_IV_SIZE but the API doesn't - * have this macro yet. */ - iv_length = PSA_BLOCK_CIPHER_BLOCK_LENGTH( - psa_get_key_type( &attributes ) ); - maybe_invalid_padding = ! PSA_ALG_IS_STREAM_CIPHER( alg ); - psa_reset_key_attributes( &attributes ); - } - PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) ); - PSA_ASSERT( psa_cipher_set_iv( &operation, - iv, iv_length ) ); - PSA_ASSERT( psa_cipher_update( &operation, - ciphertext, ciphertext_length, - decrypted, sizeof( decrypted ), - &part_length ) ); - status = psa_cipher_finish( &operation, - decrypted + part_length, - sizeof( decrypted ) - part_length, - &part_length ); - /* For a stream cipher, all inputs are valid. For a block cipher, - * if the input is some aribtrary data rather than an actual - ciphertext, a padding error is likely. */ - if( maybe_invalid_padding ) - TEST_ASSERT( status == PSA_SUCCESS || - status == PSA_ERROR_INVALID_PADDING ); - else - PSA_ASSERT( status ); - } - - return( 1 ); - -exit: - psa_cipher_abort( &operation ); - return( 0 ); -} - -static int exercise_aead_key( mbedtls_svc_key_id_t key, - psa_key_usage_t usage, - psa_algorithm_t alg ) -{ - unsigned char nonce[16] = {0}; - size_t nonce_length = sizeof( nonce ); - unsigned char plaintext[16] = "Hello, world..."; - unsigned char ciphertext[48] = "(wabblewebblewibblewobblewubble)"; - size_t ciphertext_length = sizeof( ciphertext ); - size_t plaintext_length = sizeof( ciphertext ); - - /* Default IV length for AES-GCM is 12 bytes */ - if( PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 0 ) == - PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ) ) - { - nonce_length = 12; - } - - if( usage & PSA_KEY_USAGE_ENCRYPT ) - { - PSA_ASSERT( psa_aead_encrypt( key, alg, - nonce, nonce_length, - NULL, 0, - plaintext, sizeof( plaintext ), - ciphertext, sizeof( ciphertext ), - &ciphertext_length ) ); - } - - if( usage & PSA_KEY_USAGE_DECRYPT ) - { - psa_status_t verify_status = - ( usage & PSA_KEY_USAGE_ENCRYPT ? - PSA_SUCCESS : - PSA_ERROR_INVALID_SIGNATURE ); - TEST_EQUAL( psa_aead_decrypt( key, alg, - nonce, nonce_length, - NULL, 0, - ciphertext, ciphertext_length, - plaintext, sizeof( plaintext ), - &plaintext_length ), - verify_status ); - } - - return( 1 ); - -exit: - return( 0 ); -} - -static int exercise_signature_key( mbedtls_svc_key_id_t key, - psa_key_usage_t usage, - psa_algorithm_t alg ) -{ - unsigned char payload[PSA_HASH_MAX_SIZE] = {1}; - size_t payload_length = 16; - unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = {0}; - size_t signature_length = sizeof( signature ); - psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg ); - - /* If the policy allows signing with any hash, just pick one. */ - if( PSA_ALG_IS_HASH_AND_SIGN( alg ) && hash_alg == PSA_ALG_ANY_HASH ) - { -#if defined(KNOWN_SUPPORTED_HASH_ALG) - hash_alg = KNOWN_SUPPORTED_HASH_ALG; - alg ^= PSA_ALG_ANY_HASH ^ hash_alg; -#else - mbedtls_test_fail( "No hash algorithm for hash-and-sign testing", - __LINE__, __FILE__ ); - return( 1 ); -#endif - } - - if( usage & PSA_KEY_USAGE_SIGN_HASH ) - { - /* Some algorithms require the payload to have the size of - * the hash encoded in the algorithm. Use this input size - * even for algorithms that allow other input sizes. */ - if( hash_alg != 0 ) - payload_length = PSA_HASH_LENGTH( hash_alg ); - PSA_ASSERT( psa_sign_hash( key, alg, - payload, payload_length, - signature, sizeof( signature ), - &signature_length ) ); - } - - if( usage & PSA_KEY_USAGE_VERIFY_HASH ) - { - psa_status_t verify_status = - ( usage & PSA_KEY_USAGE_SIGN_HASH ? - PSA_SUCCESS : - PSA_ERROR_INVALID_SIGNATURE ); - TEST_EQUAL( psa_verify_hash( key, alg, - payload, payload_length, - signature, signature_length ), - verify_status ); - } - - return( 1 ); - -exit: - return( 0 ); -} - -static int exercise_asymmetric_encryption_key( mbedtls_svc_key_id_t key, - psa_key_usage_t usage, - psa_algorithm_t alg ) -{ - unsigned char plaintext[256] = "Hello, world..."; - unsigned char ciphertext[256] = "(wabblewebblewibblewobblewubble)"; - size_t ciphertext_length = sizeof( ciphertext ); - size_t plaintext_length = 16; - - if( usage & PSA_KEY_USAGE_ENCRYPT ) - { - PSA_ASSERT( psa_asymmetric_encrypt( key, alg, - plaintext, plaintext_length, - NULL, 0, - ciphertext, sizeof( ciphertext ), - &ciphertext_length ) ); - } - - if( usage & PSA_KEY_USAGE_DECRYPT ) - { - psa_status_t status = - psa_asymmetric_decrypt( key, alg, - ciphertext, ciphertext_length, - NULL, 0, - plaintext, sizeof( plaintext ), - &plaintext_length ); - TEST_ASSERT( status == PSA_SUCCESS || - ( ( usage & PSA_KEY_USAGE_ENCRYPT ) == 0 && - ( status == PSA_ERROR_INVALID_ARGUMENT || - status == PSA_ERROR_INVALID_PADDING ) ) ); - } - - return( 1 ); - -exit: - return( 0 ); -} - -int mbedtls_test_psa_setup_key_derivation_wrap( - psa_key_derivation_operation_t* operation, - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - unsigned char* input1, size_t input1_length, - unsigned char* input2, size_t input2_length, - size_t capacity ) -{ - PSA_ASSERT( psa_key_derivation_setup( operation, alg ) ); - if( PSA_ALG_IS_HKDF( alg ) ) - { - PSA_ASSERT( psa_key_derivation_input_bytes( operation, - PSA_KEY_DERIVATION_INPUT_SALT, - input1, input1_length ) ); - PSA_ASSERT( psa_key_derivation_input_key( operation, - PSA_KEY_DERIVATION_INPUT_SECRET, - key ) ); - PSA_ASSERT( psa_key_derivation_input_bytes( operation, - PSA_KEY_DERIVATION_INPUT_INFO, - input2, - input2_length ) ); - } - else if( PSA_ALG_IS_TLS12_PRF( alg ) || - PSA_ALG_IS_TLS12_PSK_TO_MS( alg ) ) - { - PSA_ASSERT( psa_key_derivation_input_bytes( operation, - PSA_KEY_DERIVATION_INPUT_SEED, - input1, input1_length ) ); - PSA_ASSERT( psa_key_derivation_input_key( operation, - PSA_KEY_DERIVATION_INPUT_SECRET, - key ) ); - PSA_ASSERT( psa_key_derivation_input_bytes( operation, - PSA_KEY_DERIVATION_INPUT_LABEL, - input2, input2_length ) ); - } - else - { - TEST_ASSERT( ! "Key derivation algorithm not supported" ); - } - - if( capacity != SIZE_MAX ) - PSA_ASSERT( psa_key_derivation_set_capacity( operation, capacity ) ); - - return( 1 ); - -exit: - return( 0 ); -} - - -static int exercise_key_derivation_key( mbedtls_svc_key_id_t key, - psa_key_usage_t usage, - psa_algorithm_t alg ) -{ - psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; - unsigned char input1[] = "Input 1"; - size_t input1_length = sizeof( input1 ); - unsigned char input2[] = "Input 2"; - size_t input2_length = sizeof( input2 ); - unsigned char output[1]; - size_t capacity = sizeof( output ); - - if( usage & PSA_KEY_USAGE_DERIVE ) - { - if( !mbedtls_test_psa_setup_key_derivation_wrap( &operation, key, alg, - input1, input1_length, - input2, input2_length, - capacity ) ) - goto exit; - - PSA_ASSERT( psa_key_derivation_output_bytes( &operation, - output, - capacity ) ); - PSA_ASSERT( psa_key_derivation_abort( &operation ) ); - } - - return( 1 ); - -exit: - return( 0 ); -} - -/* We need two keys to exercise key agreement. Exercise the - * private key against its own public key. */ -psa_status_t mbedtls_test_psa_key_agreement_with_self( - psa_key_derivation_operation_t *operation, - mbedtls_svc_key_id_t key ) -{ - psa_key_type_t private_key_type; - psa_key_type_t public_key_type; - size_t key_bits; - uint8_t *public_key = NULL; - size_t public_key_length; - /* Return GENERIC_ERROR if something other than the final call to - * psa_key_derivation_key_agreement fails. This isn't fully satisfactory, - * but it's good enough: callers will report it as a failed test anyway. */ - psa_status_t status = PSA_ERROR_GENERIC_ERROR; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - - PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); - private_key_type = psa_get_key_type( &attributes ); - key_bits = psa_get_key_bits( &attributes ); - public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( private_key_type ); - public_key_length = PSA_EXPORT_KEY_OUTPUT_SIZE( public_key_type, key_bits ); - ASSERT_ALLOC( public_key, public_key_length ); - PSA_ASSERT( psa_export_public_key( key, public_key, public_key_length, - &public_key_length ) ); - - status = psa_key_derivation_key_agreement( - operation, PSA_KEY_DERIVATION_INPUT_SECRET, key, - public_key, public_key_length ); -exit: - /* - * Key attributes may have been returned by psa_get_key_attributes() - * thus reset them as required. - */ - psa_reset_key_attributes( &attributes ); - - mbedtls_free( public_key ); - return( status ); -} - -/* We need two keys to exercise key agreement. Exercise the - * private key against its own public key. */ -psa_status_t mbedtls_test_psa_raw_key_agreement_with_self( - psa_algorithm_t alg, - mbedtls_svc_key_id_t key ) -{ - psa_key_type_t private_key_type; - psa_key_type_t public_key_type; - size_t key_bits; - uint8_t *public_key = NULL; - size_t public_key_length; - uint8_t output[1024]; - size_t output_length; - /* Return GENERIC_ERROR if something other than the final call to - * psa_key_derivation_key_agreement fails. This isn't fully satisfactory, - * but it's good enough: callers will report it as a failed test anyway. */ - psa_status_t status = PSA_ERROR_GENERIC_ERROR; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - - PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); - private_key_type = psa_get_key_type( &attributes ); - key_bits = psa_get_key_bits( &attributes ); - public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( private_key_type ); - public_key_length = PSA_EXPORT_KEY_OUTPUT_SIZE( public_key_type, key_bits ); - ASSERT_ALLOC( public_key, public_key_length ); - PSA_ASSERT( psa_export_public_key( key, - public_key, public_key_length, - &public_key_length ) ); - - status = psa_raw_key_agreement( alg, key, - public_key, public_key_length, - output, sizeof( output ), &output_length ); -exit: - /* - * Key attributes may have been returned by psa_get_key_attributes() - * thus reset them as required. - */ - psa_reset_key_attributes( &attributes ); - - mbedtls_free( public_key ); - return( status ); -} - -static int exercise_raw_key_agreement_key( mbedtls_svc_key_id_t key, - psa_key_usage_t usage, - psa_algorithm_t alg ) -{ - int ok = 0; - - if( usage & PSA_KEY_USAGE_DERIVE ) - { - /* We need two keys to exercise key agreement. Exercise the - * private key against its own public key. */ - PSA_ASSERT( mbedtls_test_psa_raw_key_agreement_with_self( alg, key ) ); - } - ok = 1; - -exit: - return( ok ); -} - -static int exercise_key_agreement_key( mbedtls_svc_key_id_t key, - psa_key_usage_t usage, - psa_algorithm_t alg ) -{ - psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; - unsigned char output[1]; - int ok = 0; - - if( usage & PSA_KEY_USAGE_DERIVE ) - { - /* We need two keys to exercise key agreement. Exercise the - * private key against its own public key. */ - PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) ); - PSA_ASSERT( mbedtls_test_psa_key_agreement_with_self( &operation, key ) ); - PSA_ASSERT( psa_key_derivation_output_bytes( &operation, - output, - sizeof( output ) ) ); - PSA_ASSERT( psa_key_derivation_abort( &operation ) ); - } - ok = 1; - -exit: - return( ok ); -} - -int mbedtls_test_psa_exported_key_sanity_check( - psa_key_type_t type, size_t bits, - uint8_t *exported, size_t exported_length ) -{ - if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) ) - TEST_EQUAL( exported_length, ( bits + 7 ) / 8 ); - else - TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_OUTPUT_SIZE( type, bits ) ); - -#if defined(MBEDTLS_DES_C) - if( type == PSA_KEY_TYPE_DES ) - { - /* Check the parity bits. */ - unsigned i; - for( i = 0; i < bits / 8; i++ ) - { - unsigned bit_count = 0; - unsigned m; - for( m = 1; m <= 0x100; m <<= 1 ) - { - if( exported[i] & m ) - ++bit_count; - } - TEST_ASSERT( bit_count % 2 != 0 ); - } - } - else -#endif - -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_PARSE_C) - if( type == PSA_KEY_TYPE_RSA_KEY_PAIR ) - { - uint8_t *p = exported; - uint8_t *end = exported + exported_length; - size_t len; - /* RSAPrivateKey ::= SEQUENCE { - * version INTEGER, -- must be 0 - * modulus INTEGER, -- n - * publicExponent INTEGER, -- e - * privateExponent INTEGER, -- d - * prime1 INTEGER, -- p - * prime2 INTEGER, -- q - * exponent1 INTEGER, -- d mod (p-1) - * exponent2 INTEGER, -- d mod (q-1) - * coefficient INTEGER, -- (inverse of q) mod p - * } - */ - TEST_EQUAL( mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_SEQUENCE | - MBEDTLS_ASN1_CONSTRUCTED ), 0 ); - TEST_EQUAL( p + len, end ); - if( ! mbedtls_test_asn1_skip_integer( &p, end, 0, 0, 0 ) ) - goto exit; - if( ! mbedtls_test_asn1_skip_integer( &p, end, bits, bits, 1 ) ) - goto exit; - if( ! mbedtls_test_asn1_skip_integer( &p, end, 2, bits, 1 ) ) - goto exit; - /* Require d to be at least half the size of n. */ - if( ! mbedtls_test_asn1_skip_integer( &p, end, bits / 2, bits, 1 ) ) - goto exit; - /* Require p and q to be at most half the size of n, rounded up. */ - if( ! mbedtls_test_asn1_skip_integer( &p, end, bits / 2, bits / 2 + 1, 1 ) ) - goto exit; - if( ! mbedtls_test_asn1_skip_integer( &p, end, bits / 2, bits / 2 + 1, 1 ) ) - goto exit; - if( ! mbedtls_test_asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) ) - goto exit; - if( ! mbedtls_test_asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) ) - goto exit; - if( ! mbedtls_test_asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) ) - goto exit; - TEST_EQUAL( p, end ); - } - else -#endif /* MBEDTLS_RSA_C */ - -#if defined(MBEDTLS_ECP_C) - if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) ) - { - /* Just the secret value */ - TEST_EQUAL( exported_length, PSA_BITS_TO_BYTES( bits ) ); - } - else -#endif /* MBEDTLS_ECP_C */ - - if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ) - { - uint8_t *p = exported; - uint8_t *end = exported + exported_length; -#if defined(MBEDTLS_RSA_C) - if( type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ) - { - size_t len; - /* RSAPublicKey ::= SEQUENCE { - * modulus INTEGER, -- n - * publicExponent INTEGER } -- e - */ - TEST_EQUAL( mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_SEQUENCE | - MBEDTLS_ASN1_CONSTRUCTED ), - 0 ); - TEST_EQUAL( p + len, end ); - if( ! mbedtls_test_asn1_skip_integer( &p, end, bits, bits, 1 ) ) - goto exit; - if( ! mbedtls_test_asn1_skip_integer( &p, end, 2, bits, 1 ) ) - goto exit; - TEST_EQUAL( p, end ); - } - else -#endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_C) - if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( type ) ) - { - if( PSA_KEY_TYPE_ECC_GET_FAMILY( type ) == PSA_ECC_FAMILY_MONTGOMERY ) - { - /* The representation of an ECC Montgomery public key is - * the raw compressed point */ - TEST_EQUAL( p + PSA_BITS_TO_BYTES( bits ), end ); - } - else - { - /* The representation of an ECC Weierstrass public key is: - * - The byte 0x04; - * - `x_P` as a `ceiling(m/8)`-byte string, big-endian; - * - `y_P` as a `ceiling(m/8)`-byte string, big-endian; - * - where m is the bit size associated with the curve. - */ - TEST_EQUAL( p + 1 + 2 * PSA_BITS_TO_BYTES( bits ), end ); - TEST_EQUAL( p[0], 4 ); - } - } - else -#endif /* MBEDTLS_ECP_C */ - { - char message[47]; - mbedtls_snprintf( message, sizeof( message ), - "No sanity check for public key type=0x%08lx", - (unsigned long) type ); - mbedtls_test_fail( message, __LINE__, __FILE__ ); - (void) p; - (void) end; - return( 0 ); - } - } - else - - { - /* No sanity checks for other types */ - } - - return( 1 ); - -exit: - return( 0 ); -} - -static int exercise_export_key( mbedtls_svc_key_id_t key, - psa_key_usage_t usage ) -{ - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - uint8_t *exported = NULL; - size_t exported_size = 0; - size_t exported_length = 0; - int ok = 0; - - PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); - - exported_size = PSA_EXPORT_KEY_OUTPUT_SIZE( - psa_get_key_type( &attributes ), - psa_get_key_bits( &attributes ) ); - ASSERT_ALLOC( exported, exported_size ); - - if( ( usage & PSA_KEY_USAGE_EXPORT ) == 0 && - ! PSA_KEY_TYPE_IS_PUBLIC_KEY( psa_get_key_type( &attributes ) ) ) - { - TEST_EQUAL( psa_export_key( key, exported, - exported_size, &exported_length ), - PSA_ERROR_NOT_PERMITTED ); - ok = 1; - goto exit; - } - - PSA_ASSERT( psa_export_key( key, - exported, exported_size, - &exported_length ) ); - ok = mbedtls_test_psa_exported_key_sanity_check( - psa_get_key_type( &attributes ), psa_get_key_bits( &attributes ), - exported, exported_length ); - -exit: - /* - * Key attributes may have been returned by psa_get_key_attributes() - * thus reset them as required. - */ - psa_reset_key_attributes( &attributes ); - - mbedtls_free( exported ); - return( ok ); -} - -static int exercise_export_public_key( mbedtls_svc_key_id_t key ) -{ - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_type_t public_type; - uint8_t *exported = NULL; - size_t exported_size = 0; - size_t exported_length = 0; - int ok = 0; - - PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); - if( ! PSA_KEY_TYPE_IS_ASYMMETRIC( psa_get_key_type( &attributes ) ) ) - { - exported_size = PSA_EXPORT_KEY_OUTPUT_SIZE( - psa_get_key_type( &attributes ), - psa_get_key_bits( &attributes ) ); - ASSERT_ALLOC( exported, exported_size ); - - TEST_EQUAL( psa_export_public_key( key, exported, - exported_size, &exported_length ), - PSA_ERROR_INVALID_ARGUMENT ); - ok = 1; - goto exit; - } - - public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( - psa_get_key_type( &attributes ) ); - exported_size = PSA_EXPORT_KEY_OUTPUT_SIZE( public_type, - psa_get_key_bits( &attributes ) ); - ASSERT_ALLOC( exported, exported_size ); - - PSA_ASSERT( psa_export_public_key( key, - exported, exported_size, - &exported_length ) ); - ok = mbedtls_test_psa_exported_key_sanity_check( - public_type, psa_get_key_bits( &attributes ), - exported, exported_length ); - -exit: - /* - * Key attributes may have been returned by psa_get_key_attributes() - * thus reset them as required. - */ - psa_reset_key_attributes( &attributes ); - - mbedtls_free( exported ); - return( ok ); -} - -/** Do smoke tests on a key. - * - * Perform one of each operation indicated by \p alg (decrypt/encrypt, - * sign/verify, or derivation) that is permitted according to \p usage. - * \p usage and \p alg should correspond to the expected policy on the - * key. - * - * Export the key if permitted by \p usage, and check that the output - * looks sensible. If \p usage forbids export, check that - * \p psa_export_key correctly rejects the attempt. If the key is - * asymmetric, also check \p psa_export_public_key. - * - * If the key fails the tests, this function calls the test framework's - * `mbedtls_test_fail` function and returns false. Otherwise this function - * returns true. Therefore it should be used as follows: - * ``` - * if( ! exercise_key( ... ) ) goto exit; - * ``` - * - * \param key The key to exercise. It should be capable of performing - * \p alg. - * \param usage The usage flags to assume. - * \param alg The algorithm to exercise. - * - * \retval 0 The key failed the smoke tests. - * \retval 1 The key passed the smoke tests. - */ -int mbedtls_test_psa_exercise_key( mbedtls_svc_key_id_t key, - psa_key_usage_t usage, - psa_algorithm_t alg ) -{ - int ok; - - if( ! check_key_attributes_sanity( key ) ) - return( 0 ); - - if( alg == 0 ) - ok = 1; /* If no algorihm, do nothing (used for raw data "keys"). */ - else if( PSA_ALG_IS_MAC( alg ) ) - ok = exercise_mac_key( key, usage, alg ); - else if( PSA_ALG_IS_CIPHER( alg ) ) - ok = exercise_cipher_key( key, usage, alg ); - else if( PSA_ALG_IS_AEAD( alg ) ) - ok = exercise_aead_key( key, usage, alg ); - else if( PSA_ALG_IS_SIGN( alg ) ) - ok = exercise_signature_key( key, usage, alg ); - else if( PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ) - ok = exercise_asymmetric_encryption_key( key, usage, alg ); - else if( PSA_ALG_IS_KEY_DERIVATION( alg ) ) - ok = exercise_key_derivation_key( key, usage, alg ); - else if( PSA_ALG_IS_RAW_KEY_AGREEMENT( alg ) ) - ok = exercise_raw_key_agreement_key( key, usage, alg ); - else if( PSA_ALG_IS_KEY_AGREEMENT( alg ) ) - ok = exercise_key_agreement_key( key, usage, alg ); - else - { - char message[40]; - mbedtls_snprintf( message, sizeof( message ), - "No code to exercise alg=0x%08lx", - (unsigned long) alg ); - mbedtls_test_fail( message, __LINE__, __FILE__ ); - ok = 0; - } - - ok = ok && exercise_export_key( key, usage ); - ok = ok && exercise_export_public_key( key ); - - return( ok ); -} - -psa_key_usage_t mbedtls_test_psa_usage_to_exercise( psa_key_type_t type, - psa_algorithm_t alg ) -{ - if( PSA_ALG_IS_MAC( alg ) || PSA_ALG_IS_SIGN( alg ) ) - { - return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ? - PSA_KEY_USAGE_VERIFY_HASH : - PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH ); - } - else if( PSA_ALG_IS_CIPHER( alg ) || PSA_ALG_IS_AEAD( alg ) || - PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ) - { - return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ? - PSA_KEY_USAGE_ENCRYPT : - PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); - } - else if( PSA_ALG_IS_KEY_DERIVATION( alg ) || - PSA_ALG_IS_KEY_AGREEMENT( alg ) ) - { - return( PSA_KEY_USAGE_DERIVE ); - } - else - { - return( 0 ); - } - -} - static int test_operations_on_invalid_key( mbedtls_svc_key_id_t key ) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; From e50b578218e3c03ff02acb1eab1cef1ee9d732a4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 14 Feb 2021 01:13:55 +0100 Subject: [PATCH 08/23] Document functions and macros that are now exported Signed-off-by: Gilles Peskine --- tests/include/test/psa_exercise_key.h | 77 +++++++++++++++++++++++++-- 1 file changed, 73 insertions(+), 4 deletions(-) diff --git a/tests/include/test/psa_exercise_key.h b/tests/include/test/psa_exercise_key.h index 8fd152c023..1c7eefcce4 100644 --- a/tests/include/test/psa_exercise_key.h +++ b/tests/include/test/psa_exercise_key.h @@ -26,7 +26,9 @@ #include -/* A hash algorithm that is known to be supported. +/** \def KNOWN_SUPPORTED_HASH_ALG + * + * A hash algorithm that is known to be supported. * * This is used in some smoke tests. */ @@ -54,7 +56,9 @@ #undef KNOWN_SUPPORTED_HASH_ALG #endif -/* A block cipher that is known to be supported. +/** \def KNOWN_SUPPORTED_BLOCK_CIPHER + * + * A block cipher that is known to be supported. * * For simplicity's sake, stick to block ciphers with 16-byte blocks. */ @@ -67,7 +71,9 @@ #undef KNOWN_SUPPORTED_BLOCK_CIPHER #endif -/* A MAC mode that is known to be supported. +/** \def KNOWN_SUPPORTED_MAC_ALG + * + * A MAC mode that is known to be supported. * * It must either be HMAC with #KNOWN_SUPPORTED_HASH_ALG or * a block cipher-based MAC with #KNOWN_SUPPORTED_BLOCK_CIPHER. @@ -85,7 +91,9 @@ #undef KNOWN_SUPPORTED_MAC_KEY_TYPE #endif -/* A cipher algorithm and key type that are known to be supported. +/** \def KNOWN_SUPPORTED_BLOCK_CIPHER_ALG + * + * A cipher algorithm and key type that are known to be supported. * * This is used in some smoke tests. */ @@ -111,6 +119,26 @@ #undef KNOWN_SUPPORTED_CIPHER_KEY_TYPE #endif +/** Convenience function to set up a key derivation. + * + * In case of failure, mark the current test case as failed. + * + * The inputs \p input1 and \p input2 are, in order: + * - HKDF: salt, info. + * - TKS 1.2 PRF, TLS 1.2 PSK-to-MS: seed, label. + * + * \param operation The operation object to use. + * It must be in the initialized state. + * \param key The key to use. + * \param alg The algorithm to use. + * \param input1 The first input to pass. + * \param input1_length The length of \p input1 in bytes. + * \param input1 The first input to pass. + * \param input1_length The length of \p input1 in bytes. + * \param capacity The capacity to set. + * + * \return \c 1 on success, \c 0 on failure. + */ int mbedtls_test_psa_setup_key_derivation_wrap( psa_key_derivation_operation_t* operation, mbedtls_svc_key_id_t key, @@ -119,14 +147,55 @@ int mbedtls_test_psa_setup_key_derivation_wrap( unsigned char* input2, size_t input2_length, size_t capacity ); +/** Perform a key agreement using the given key pair against its public key + * using psa_raw_key_agreement(). + * + * The result is discarded. The purpose of this function is to smoke-test a key. + * + * In case of failure, mark the current test case as failed. + * + * \param alg A key agreement algorithm compatible with \p key. + * \param key A key that allows key agreement with \p alg. + * + * \return \c 1 on success, \c 0 on failure. + */ psa_status_t mbedtls_test_psa_raw_key_agreement_with_self( psa_algorithm_t alg, mbedtls_svc_key_id_t key ); +/** Perform a key agreement using the given key pair against its public key + * using psa_key_derivation_raw_key(). + * + * The result is discarded. The purpose of this function is to smoke-test a key. + * + * In case of failure, mark the current test case as failed. + * + * \param alg A key agreement algorithm compatible with \p key. + * \param key A key that allows key agreement with \p alg. + * + * \return \c 1 on success, \c 0 on failure. + */ psa_status_t mbedtls_test_psa_key_agreement_with_self( psa_key_derivation_operation_t *operation, mbedtls_svc_key_id_t key ); +/** Perform sanity checks on the given key representation. + * + * If any of the checks fail, mark the current test case as failed. + * + * The checks depend on the key type. + * - All types: check the export size against maximum-size macros. + * - DES: parity bits. + * - RSA: check the ASN.1 structure and the size and parity of the integers. + * - ECC private or public key: exact representation length. + * - Montgomery public key: first byte. + * + * \param type The key type. + * \param size The key size in bits. + * \param exported A buffer containing + * + * \return \c 1 if all checks passed, \c 0 on failure. + */ int mbedtls_test_psa_exported_key_sanity_check( psa_key_type_t type, size_t bits, uint8_t *exported, size_t exported_length ); From ad557e58bf2019872b15b782d21bae3073ed9fe1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 14 Feb 2021 01:19:21 +0100 Subject: [PATCH 09/23] exported_key_sanity_check: simplify the logic for public keys Remove a conditional imbrication level. Get rid of some minor overhead for ECC public keys dating back from when they had ASN.1 wrapping. No behavior change. Signed-off-by: Gilles Peskine --- tests/src/psa_exercise_key.c | 94 ++++++++++++++++++------------------ 1 file changed, 46 insertions(+), 48 deletions(-) diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index 79ba32519c..11c6fcdeb8 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -659,66 +659,64 @@ int mbedtls_test_psa_exported_key_sanity_check( else #endif /* MBEDTLS_ECP_C */ - if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ) +#if defined(MBEDTLS_RSA_C) + if( type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ) { uint8_t *p = exported; uint8_t *end = exported + exported_length; -#if defined(MBEDTLS_RSA_C) - if( type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ) - { - size_t len; - /* RSAPublicKey ::= SEQUENCE { - * modulus INTEGER, -- n - * publicExponent INTEGER } -- e - */ - TEST_EQUAL( mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_SEQUENCE | - MBEDTLS_ASN1_CONSTRUCTED ), - 0 ); - TEST_EQUAL( p + len, end ); - if( ! mbedtls_test_asn1_skip_integer( &p, end, bits, bits, 1 ) ) - goto exit; - if( ! mbedtls_test_asn1_skip_integer( &p, end, 2, bits, 1 ) ) - goto exit; - TEST_EQUAL( p, end ); - } - else + size_t len; + /* RSAPublicKey ::= SEQUENCE { + * modulus INTEGER, -- n + * publicExponent INTEGER } -- e + */ + TEST_EQUAL( mbedtls_asn1_get_tag( &p, end, &len, + MBEDTLS_ASN1_SEQUENCE | + MBEDTLS_ASN1_CONSTRUCTED ), + 0 ); + TEST_EQUAL( p + len, end ); + if( ! mbedtls_test_asn1_skip_integer( &p, end, bits, bits, 1 ) ) + goto exit; + if( ! mbedtls_test_asn1_skip_integer( &p, end, 2, bits, 1 ) ) + goto exit; + TEST_EQUAL( p, end ); + } + else #endif /* MBEDTLS_RSA_C */ + #if defined(MBEDTLS_ECP_C) - if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( type ) ) + if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( type ) ) + { + if( PSA_KEY_TYPE_ECC_GET_FAMILY( type ) == PSA_ECC_FAMILY_MONTGOMERY ) { - if( PSA_KEY_TYPE_ECC_GET_FAMILY( type ) == PSA_ECC_FAMILY_MONTGOMERY ) - { - /* The representation of an ECC Montgomery public key is - * the raw compressed point */ - TEST_EQUAL( p + PSA_BITS_TO_BYTES( bits ), end ); - } - else - { - /* The representation of an ECC Weierstrass public key is: - * - The byte 0x04; - * - `x_P` as a `ceiling(m/8)`-byte string, big-endian; - * - `y_P` as a `ceiling(m/8)`-byte string, big-endian; - * - where m is the bit size associated with the curve. - */ - TEST_EQUAL( p + 1 + 2 * PSA_BITS_TO_BYTES( bits ), end ); - TEST_EQUAL( p[0], 4 ); - } + /* The representation of an ECC Montgomery public key is + * the raw compressed point */ + TEST_EQUAL( PSA_BITS_TO_BYTES( bits ), exported_length ); } else -#endif /* MBEDTLS_ECP_C */ { - char message[47]; - mbedtls_snprintf( message, sizeof( message ), - "No sanity check for public key type=0x%08lx", - (unsigned long) type ); - mbedtls_test_fail( message, __LINE__, __FILE__ ); - (void) p; - (void) end; - return( 0 ); + /* The representation of an ECC Weierstrass public key is: + * - The byte 0x04; + * - `x_P` as a `ceiling(m/8)`-byte string, big-endian; + * - `y_P` as a `ceiling(m/8)`-byte string, big-endian; + * - where m is the bit size associated with the curve. + */ + TEST_EQUAL( 1 + 2 * PSA_BITS_TO_BYTES( bits ), exported_length ); + TEST_EQUAL( exported[0], 4 ); } } else +#endif /* MBEDTLS_ECP_C */ + + if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ) + { + char message[47]; + mbedtls_snprintf( message, sizeof( message ), + "No sanity check for public key type=0x%08lx", + (unsigned long) type ); + mbedtls_test_fail( message, __LINE__, __FILE__ ); + return( 0 ); + } + else { /* No sanity checks for other types */ From 5c2665b1646e741d3ced9a111d62c091887cf38f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 14 Feb 2021 01:22:56 +0100 Subject: [PATCH 10/23] Use const pointers on parsing functions The const-ness has to be cast away when calling mbedtls_asn1_xxx parsing functions. This is a known flaw in the mbedtls API (https://github.com/ARMmbed/mbedtls/issues/803). Signed-off-by: Gilles Peskine --- tests/include/test/psa_exercise_key.h | 6 +++--- tests/src/psa_exercise_key.c | 14 +++++++------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/tests/include/test/psa_exercise_key.h b/tests/include/test/psa_exercise_key.h index 1c7eefcce4..1613237380 100644 --- a/tests/include/test/psa_exercise_key.h +++ b/tests/include/test/psa_exercise_key.h @@ -143,8 +143,8 @@ int mbedtls_test_psa_setup_key_derivation_wrap( psa_key_derivation_operation_t* operation, mbedtls_svc_key_id_t key, psa_algorithm_t alg, - unsigned char* input1, size_t input1_length, - unsigned char* input2, size_t input2_length, + const unsigned char* input1, size_t input1_length, + const unsigned char* input2, size_t input2_length, size_t capacity ); /** Perform a key agreement using the given key pair against its public key @@ -198,7 +198,7 @@ psa_status_t mbedtls_test_psa_key_agreement_with_self( */ int mbedtls_test_psa_exported_key_sanity_check( psa_key_type_t type, size_t bits, - uint8_t *exported, size_t exported_length ); + const uint8_t *exported, size_t exported_length ); /** Do smoke tests on a key. * diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index 11c6fcdeb8..74cdc190a8 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -370,8 +370,8 @@ int mbedtls_test_psa_setup_key_derivation_wrap( psa_key_derivation_operation_t* operation, mbedtls_svc_key_id_t key, psa_algorithm_t alg, - unsigned char* input1, size_t input1_length, - unsigned char* input2, size_t input2_length, + const unsigned char* input1, size_t input1_length, + const unsigned char* input2, size_t input2_length, size_t capacity ) { PSA_ASSERT( psa_key_derivation_setup( operation, alg ) ); @@ -576,7 +576,7 @@ exit: int mbedtls_test_psa_exported_key_sanity_check( psa_key_type_t type, size_t bits, - uint8_t *exported, size_t exported_length ) + const uint8_t *exported, size_t exported_length ) { if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) ) TEST_EQUAL( exported_length, ( bits + 7 ) / 8 ); @@ -606,8 +606,8 @@ int mbedtls_test_psa_exported_key_sanity_check( #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_PARSE_C) if( type == PSA_KEY_TYPE_RSA_KEY_PAIR ) { - uint8_t *p = exported; - uint8_t *end = exported + exported_length; + uint8_t *p = (uint8_t*) exported; + const uint8_t *end = exported + exported_length; size_t len; /* RSAPrivateKey ::= SEQUENCE { * version INTEGER, -- must be 0 @@ -662,8 +662,8 @@ int mbedtls_test_psa_exported_key_sanity_check( #if defined(MBEDTLS_RSA_C) if( type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ) { - uint8_t *p = exported; - uint8_t *end = exported + exported_length; + uint8_t *p = (uint8_t*) exported; + const uint8_t *end = exported + exported_length; size_t len; /* RSAPublicKey ::= SEQUENCE { * modulus INTEGER, -- n From cc9db30851dd186d396752f1247b2bf9c167f43b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 14 Feb 2021 01:29:52 +0100 Subject: [PATCH 11/23] exported_key_sanity_check: make checks slightly more systematic Shuffle the logic in mbedtls_test_psa_exported_key_sanity_check() somewhat. The resulting behavior changes are: * Always check the exported length against PSA_EXPORT_KEY_OUTPUT_SIZE, even for unstructured key types. * Always complain if a key type is not explicitly covered, not just for public keys. Signed-off-by: Gilles Peskine --- tests/src/psa_exercise_key.c | 51 ++++++++++++++---------------------- 1 file changed, 20 insertions(+), 31 deletions(-) diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index 74cdc190a8..89936c2f03 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -578,30 +578,11 @@ int mbedtls_test_psa_exported_key_sanity_check( psa_key_type_t type, size_t bits, const uint8_t *exported, size_t exported_length ) { - if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) ) - TEST_EQUAL( exported_length, ( bits + 7 ) / 8 ); - else - TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_OUTPUT_SIZE( type, bits ) ); + TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_OUTPUT_SIZE( type, bits ) ); -#if defined(MBEDTLS_DES_C) - if( type == PSA_KEY_TYPE_DES ) - { - /* Check the parity bits. */ - unsigned i; - for( i = 0; i < bits / 8; i++ ) - { - unsigned bit_count = 0; - unsigned m; - for( m = 1; m <= 0x100; m <<= 1 ) - { - if( exported[i] & m ) - ++bit_count; - } - TEST_ASSERT( bit_count % 2 != 0 ); - } - } + if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) ) + TEST_EQUAL( exported_length, PSA_BITS_TO_BYTES( bits ) ); else -#endif #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_PARSE_C) if( type == PSA_KEY_TYPE_RSA_KEY_PAIR ) @@ -707,20 +688,28 @@ int mbedtls_test_psa_exported_key_sanity_check( else #endif /* MBEDTLS_ECP_C */ - if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ) { - char message[47]; - mbedtls_snprintf( message, sizeof( message ), - "No sanity check for public key type=0x%08lx", - (unsigned long) type ); - mbedtls_test_fail( message, __LINE__, __FILE__ ); - return( 0 ); + TEST_ASSERT( ! "Sanity check not implemented for this key type" ); } - else +#if defined(MBEDTLS_DES_C) + if( type == PSA_KEY_TYPE_DES ) { - /* No sanity checks for other types */ + /* Check the parity bits. */ + unsigned i; + for( i = 0; i < bits / 8; i++ ) + { + unsigned bit_count = 0; + unsigned m; + for( m = 1; m <= 0x100; m <<= 1 ) + { + if( exported[i] & m ) + ++bit_count; + } + TEST_ASSERT( bit_count % 2 != 0 ); + } } +#endif return( 1 ); From 2385f71abd5554c3a683c7111b46e13b4dda1f7d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 14 Feb 2021 01:34:21 +0100 Subject: [PATCH 12/23] Fix and simplify test assertions mbedtls_test_fail does not copy the failure explanation string, so passing a string on the stack doesn't work. This fixes a garbage message that would appear if a test triggered a non-implemented code path. More generally, just use TEST_ASSERT instead of explicitly calling mbedtls_test_fail, since we aren't playing any tricks with the error location. Signed-off-by: Gilles Peskine --- tests/src/psa_exercise_key.c | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index 89936c2f03..479d91db21 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -291,9 +291,7 @@ static int exercise_signature_key( mbedtls_svc_key_id_t key, hash_alg = KNOWN_SUPPORTED_HASH_ALG; alg ^= PSA_ALG_ANY_HASH ^ hash_alg; #else - mbedtls_test_fail( "No hash algorithm for hash-and-sign testing", - __LINE__, __FILE__ ); - return( 1 ); + TEST_ASSERT( ! "No hash algorithm for hash-and-sign testing" ); #endif } @@ -813,7 +811,7 @@ int mbedtls_test_psa_exercise_key( mbedtls_svc_key_id_t key, psa_key_usage_t usage, psa_algorithm_t alg ) { - int ok; + int ok = 0; if( ! check_key_attributes_sanity( key ) ) return( 0 ); @@ -837,18 +835,12 @@ int mbedtls_test_psa_exercise_key( mbedtls_svc_key_id_t key, else if( PSA_ALG_IS_KEY_AGREEMENT( alg ) ) ok = exercise_key_agreement_key( key, usage, alg ); else - { - char message[40]; - mbedtls_snprintf( message, sizeof( message ), - "No code to exercise alg=0x%08lx", - (unsigned long) alg ); - mbedtls_test_fail( message, __LINE__, __FILE__ ); - ok = 0; - } + TEST_ASSERT( ! "No code to exercise this category of algorithm" ); ok = ok && exercise_export_key( key, usage ); ok = ok && exercise_export_public_key( key ); +exit: return( ok ); } From e95a643839cb3ff7f74a525e6ea64dbe9f643491 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 14 Feb 2021 12:40:07 +0100 Subject: [PATCH 13/23] Prepare to move persistent storage cleanup to common code Rename functions to mbedtls_test_xxx and make them non-static if they're going to be exported. Signed-off-by: Gilles Peskine --- ...est_suite_psa_crypto_slot_management.function | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index dbf05d29b2..5a5f933873 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -53,7 +53,7 @@ static mbedtls_svc_key_id_t key_ids_used_in_test[9]; static size_t num_key_ids_used; /* Record a key id as potentially used in a test case. */ -static int test_uses_key_id( mbedtls_svc_key_id_t key_id ) +int mbedtls_test_uses_key_id( mbedtls_svc_key_id_t key_id ) { size_t i; if( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key_id ) > @@ -74,10 +74,10 @@ static int test_uses_key_id( mbedtls_svc_key_id_t key_id ) return( 1 ); } #define TEST_USES_KEY_ID( key_id ) \ - TEST_ASSERT( test_uses_key_id( key_id ) ) + TEST_ASSERT( mbedtls_test_uses_key_id( key_id ) ) /* Destroy all key ids that may have been created by the current test case. */ -static void psa_purge_key_storage( void ) +void mbedtls_test_psa_purge_key_storage( void ) { size_t i; for( i = 0; i < num_key_ids_used; i++ ) @@ -383,7 +383,7 @@ exit: psa_reset_key_attributes( &read_attributes ); PSA_DONE( ); - psa_purge_key_storage( ); + mbedtls_test_psa_purge_key_storage( ); mbedtls_free( reexported ); } /* END_CASE */ @@ -457,7 +457,7 @@ exit: psa_reset_key_attributes( &attributes ); PSA_DONE( ); - psa_purge_key_storage( ); + mbedtls_test_psa_purge_key_storage( ); } /* END_CASE */ @@ -517,7 +517,7 @@ void create_fail( int lifetime_arg, int id_arg, exit: PSA_DONE( ); #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) - psa_purge_key_storage( ); + mbedtls_test_psa_purge_key_storage( ); #endif } /* END_CASE */ @@ -655,7 +655,7 @@ exit: PSA_DONE( ); mbedtls_free( export_buffer ); #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) - psa_purge_key_storage( ); + mbedtls_test_psa_purge_key_storage( ); #endif } /* END_CASE */ @@ -773,7 +773,7 @@ exit: PSA_DONE( ); mbedtls_free( export_buffer ); #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) - psa_purge_key_storage( ); + mbedtls_test_psa_purge_key_storage( ); #endif } /* END_CASE */ From b9ad79417d72b856fb4917c97b2386571946f3a5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 14 Feb 2021 23:16:21 +0100 Subject: [PATCH 14/23] Push back on divergence of duplicated code Persistent storage common code from test_suite_psa_crypto_slot_management.function had been duplicated in test_suite_psa_crypto_se_driver_hal.function and the copy had slightly diverged. Re-align the copy in preparation from moving the code to a common module and using that sole copy in both test suites. Signed-off-by: Gilles Peskine --- ...st_suite_psa_crypto_se_driver_hal.function | 31 ++++++++++++------- 1 file changed, 19 insertions(+), 12 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index fa516c5d00..929ca96bdb 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -767,40 +767,47 @@ exit: return( ok ); } -static mbedtls_svc_key_id_t key_ids_used_in_test[10]; +static mbedtls_svc_key_id_t key_ids_used_in_test[9]; static size_t num_key_ids_used; /* Record a key id as potentially used in a test case. */ -static int test_uses_key_id( mbedtls_svc_key_id_t key_id ) +int mbedtls_test_uses_key_id( mbedtls_svc_key_id_t key_id ) { size_t i; - + if( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key_id ) > + PSA_MAX_PERSISTENT_KEY_IDENTIFIER ) + { + /* Don't touch key id values that designate non-key files. */ + return( 1 ); + } for( i = 0; i < num_key_ids_used ; i++ ) { if( mbedtls_svc_key_id_equal( key_id, key_ids_used_in_test[i] ) ) return( 1 ); } - - if( num_key_ids_used >= ARRAY_LENGTH( key_ids_used_in_test ) ) + if( num_key_ids_used == ARRAY_LENGTH( key_ids_used_in_test ) ) return( 0 ); - key_ids_used_in_test[num_key_ids_used] = key_id; ++num_key_ids_used; - return( 1 ); } - #define TEST_USES_KEY_ID( key_id ) \ - TEST_ASSERT( test_uses_key_id( key_id ) ) + TEST_ASSERT( mbedtls_test_uses_key_id( key_id ) ) -static void psa_purge_storage( void ) +/* Destroy all key ids that may have been created by the current test case. */ +void mbedtls_test_psa_purge_key_storage( void ) { size_t i; - psa_key_location_t location; - for( i = 0; i < num_key_ids_used; i++ ) psa_destroy_persistent_key( key_ids_used_in_test[i] ); num_key_ids_used = 0; +} + +static void psa_purge_storage( void ) +{ + psa_key_location_t location; + + mbedtls_test_psa_purge_key_storage( ); /* Purge the transaction file. */ psa_crypto_stop_transaction( ); From 313ffb8f90a2f484e1e789eef7975a79846237e9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 14 Feb 2021 12:51:14 +0100 Subject: [PATCH 15/23] Move PSA storage cleanup out of the slot_management test suite Merge the two identical definitions of TEST_USES_KEY_ID and mbedtls_test_psa_purge_key_storage from test_suite_psa_crypto_slot_management.function and test_suite_psa_crypto_se_driver_hal.function into a single copy in common test code so that it can be used in all test suites. No semantic change. Signed-off-by: Gilles Peskine --- tests/include/test/psa_crypto_helpers.h | 13 ++++++ tests/src/psa_crypto_helpers.c | 39 ++++++++++++++++ ...st_suite_psa_crypto_se_driver_hal.function | 36 --------------- ..._suite_psa_crypto_slot_management.function | 45 ------------------- 4 files changed, 52 insertions(+), 81 deletions(-) diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index 30bb20f077..571055c2df 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -34,6 +34,19 @@ #include "mbedtls/psa_util.h" #endif +#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) +/* All test functions that create persistent keys must call + * `TEST_USES_KEY_ID( key_id )` before creating a persistent key with this + * identifier, and must call psa_purge_key_storage() in their cleanup + * code. */ +int mbedtls_test_uses_key_id( mbedtls_svc_key_id_t key_id ); +void mbedtls_test_psa_purge_key_storage( void ); +#define TEST_USES_KEY_ID( key_id ) \ + TEST_ASSERT( mbedtls_test_uses_key_id( key_id ) ) +#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ +#define TEST_USES_KEY_ID( key_id ) ( (void) ( key_id ) ) +#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ + #define PSA_INIT( ) PSA_ASSERT( psa_crypto_init( ) ) /** Check for things that have not been cleaned up properly in the diff --git a/tests/src/psa_crypto_helpers.c b/tests/src/psa_crypto_helpers.c index cb79a225c1..69bb8a1d83 100644 --- a/tests/src/psa_crypto_helpers.c +++ b/tests/src/psa_crypto_helpers.c @@ -28,6 +28,45 @@ #include +#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) + +#include + +static mbedtls_svc_key_id_t key_ids_used_in_test[9]; +static size_t num_key_ids_used; + +/* Record a key id as potentially used in a test case. */ +int mbedtls_test_uses_key_id( mbedtls_svc_key_id_t key_id ) +{ + size_t i; + if( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key_id ) > + PSA_MAX_PERSISTENT_KEY_IDENTIFIER ) + { + /* Don't touch key id values that designate non-key files. */ + return( 1 ); + } + for( i = 0; i < num_key_ids_used ; i++ ) + { + if( mbedtls_svc_key_id_equal( key_id, key_ids_used_in_test[i] ) ) + return( 1 ); + } + if( num_key_ids_used == ARRAY_LENGTH( key_ids_used_in_test ) ) + return( 0 ); + key_ids_used_in_test[num_key_ids_used] = key_id; + ++num_key_ids_used; + return( 1 ); +} + +/* Destroy all key ids that may have been created by the current test case. */ +void mbedtls_test_psa_purge_key_storage( void ) +{ + size_t i; + for( i = 0; i < num_key_ids_used; i++ ) + psa_destroy_persistent_key( key_ids_used_in_test[i] ); + num_key_ids_used = 0; +} +#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ + const char *mbedtls_test_helper_is_psa_leaking( void ) { mbedtls_psa_stats_t stats; diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index 929ca96bdb..be7c246e49 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -767,42 +767,6 @@ exit: return( ok ); } -static mbedtls_svc_key_id_t key_ids_used_in_test[9]; -static size_t num_key_ids_used; - -/* Record a key id as potentially used in a test case. */ -int mbedtls_test_uses_key_id( mbedtls_svc_key_id_t key_id ) -{ - size_t i; - if( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key_id ) > - PSA_MAX_PERSISTENT_KEY_IDENTIFIER ) - { - /* Don't touch key id values that designate non-key files. */ - return( 1 ); - } - for( i = 0; i < num_key_ids_used ; i++ ) - { - if( mbedtls_svc_key_id_equal( key_id, key_ids_used_in_test[i] ) ) - return( 1 ); - } - if( num_key_ids_used == ARRAY_LENGTH( key_ids_used_in_test ) ) - return( 0 ); - key_ids_used_in_test[num_key_ids_used] = key_id; - ++num_key_ids_used; - return( 1 ); -} -#define TEST_USES_KEY_ID( key_id ) \ - TEST_ASSERT( mbedtls_test_uses_key_id( key_id ) ) - -/* Destroy all key ids that may have been created by the current test case. */ -void mbedtls_test_psa_purge_key_storage( void ) -{ - size_t i; - for( i = 0; i < num_key_ids_used; i++ ) - psa_destroy_persistent_key( key_ids_used_in_test[i] ); - num_key_ids_used = 0; -} - static void psa_purge_storage( void ) { psa_key_location_t location; diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index 5a5f933873..2be1a73e88 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -43,51 +43,6 @@ typedef enum INVALID_HANDLE_HUGE, } invalid_handle_construction_t; -/* All test functions that create persistent keys must call - * `TEST_USES_KEY_ID( key_id )` before creating a persistent key with this - * identifier, and must call psa_purge_key_storage() in their cleanup - * code. */ - -#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) -static mbedtls_svc_key_id_t key_ids_used_in_test[9]; -static size_t num_key_ids_used; - -/* Record a key id as potentially used in a test case. */ -int mbedtls_test_uses_key_id( mbedtls_svc_key_id_t key_id ) -{ - size_t i; - if( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key_id ) > - PSA_MAX_PERSISTENT_KEY_IDENTIFIER ) - { - /* Don't touch key id values that designate non-key files. */ - return( 1 ); - } - for( i = 0; i < num_key_ids_used ; i++ ) - { - if( mbedtls_svc_key_id_equal( key_id, key_ids_used_in_test[i] ) ) - return( 1 ); - } - if( num_key_ids_used == ARRAY_LENGTH( key_ids_used_in_test ) ) - return( 0 ); - key_ids_used_in_test[num_key_ids_used] = key_id; - ++num_key_ids_used; - return( 1 ); -} -#define TEST_USES_KEY_ID( key_id ) \ - TEST_ASSERT( mbedtls_test_uses_key_id( key_id ) ) - -/* Destroy all key ids that may have been created by the current test case. */ -void mbedtls_test_psa_purge_key_storage( void ) -{ - size_t i; - for( i = 0; i < num_key_ids_used; i++ ) - psa_destroy_persistent_key( key_ids_used_in_test[i] ); - num_key_ids_used = 0; -} -#else -#define TEST_USES_KEY_ID( key_id ) ( (void) ( key_id ) ) -#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ - /** Apply \p invalidate_method to invalidate the specified key: * close it, destroy it, or do nothing; */ From e09ef873640a36057a1e81172061f732a195ddfd Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 14 Feb 2021 13:10:38 +0100 Subject: [PATCH 16/23] Document the newly exported storage cleanup macros and functions Signed-off-by: Gilles Peskine --- tests/include/test/psa_crypto_helpers.h | 40 +++++++++++++++++++++---- tests/src/psa_crypto_helpers.c | 2 -- 2 files changed, 35 insertions(+), 7 deletions(-) diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index 571055c2df..9510c5fbe0 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -35,16 +35,46 @@ #endif #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) -/* All test functions that create persistent keys must call - * `TEST_USES_KEY_ID( key_id )` before creating a persistent key with this - * identifier, and must call psa_purge_key_storage() in their cleanup - * code. */ + +/* Internal function for #TEST_USES_KEY_ID. Return 1 on success, 0 on failure. */ int mbedtls_test_uses_key_id( mbedtls_svc_key_id_t key_id ); + +/** Destroy persistent keys recorded with #TEST_USES_KEY_ID. + */ void mbedtls_test_psa_purge_key_storage( void ); -#define TEST_USES_KEY_ID( key_id ) \ + +/** \def TEST_USES_KEY_ID + * + * Call this macro in a test function before potentially creating a + * persistent key. Test functions that use this mechanism must call + * mbedtls_test_psa_purge_key_storage() in their cleanup code. + * + * This macro records a persistent key identifier as potentially used in the + * current test case. Recorded key identifiers will be cleaned up at the end + * of the test case, even on failure. + * + * This macro has no effect on volatile keys. Therefore, it is safe to call + * this macro in a test function that creates either volatile or persistent + * keys depending on the test data. + * + * This macro currently has no effect on special identifiers + * used to store implementation-specific files. + * + * Calling this macro multiple times on the same key identifier in the same + * test case has no effect. + * + * This macro can fail the test case if there isn't enough memory to + * record the key id. + * + * \param key_id The PSA key identifier to record. + */ +#define TEST_USES_KEY_ID( key_id ) \ TEST_ASSERT( mbedtls_test_uses_key_id( key_id ) ) + #else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ + #define TEST_USES_KEY_ID( key_id ) ( (void) ( key_id ) ) + #endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ #define PSA_INIT( ) PSA_ASSERT( psa_crypto_init( ) ) diff --git a/tests/src/psa_crypto_helpers.c b/tests/src/psa_crypto_helpers.c index 69bb8a1d83..500451eb65 100644 --- a/tests/src/psa_crypto_helpers.c +++ b/tests/src/psa_crypto_helpers.c @@ -35,7 +35,6 @@ static mbedtls_svc_key_id_t key_ids_used_in_test[9]; static size_t num_key_ids_used; -/* Record a key id as potentially used in a test case. */ int mbedtls_test_uses_key_id( mbedtls_svc_key_id_t key_id ) { size_t i; @@ -57,7 +56,6 @@ int mbedtls_test_uses_key_id( mbedtls_svc_key_id_t key_id ) return( 1 ); } -/* Destroy all key ids that may have been created by the current test case. */ void mbedtls_test_psa_purge_key_storage( void ) { size_t i; From aae718cacaeef4be546df10e2ce7f5969a765e1d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 14 Feb 2021 13:46:39 +0100 Subject: [PATCH 17/23] New test helper to purge persistent key from memory Signed-off-by: Gilles Peskine --- tests/include/test/psa_crypto_helpers.h | 5 +++++ tests/src/psa_crypto_helpers.c | 8 ++++++++ .../suites/test_suite_psa_crypto_slot_management.function | 1 + 3 files changed, 14 insertions(+) diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index 9510c5fbe0..3e356f9a8d 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -43,6 +43,11 @@ int mbedtls_test_uses_key_id( mbedtls_svc_key_id_t key_id ); */ void mbedtls_test_psa_purge_key_storage( void ); +/** Purge the in-memory cache of persistent keys recorded with + * #TEST_USES_KEY_ID. + */ +void mbedtls_test_psa_purge_key_cache( void ); + /** \def TEST_USES_KEY_ID * * Call this macro in a test function before potentially creating a diff --git a/tests/src/psa_crypto_helpers.c b/tests/src/psa_crypto_helpers.c index 500451eb65..f2222cb285 100644 --- a/tests/src/psa_crypto_helpers.c +++ b/tests/src/psa_crypto_helpers.c @@ -63,6 +63,14 @@ void mbedtls_test_psa_purge_key_storage( void ) psa_destroy_persistent_key( key_ids_used_in_test[i] ); num_key_ids_used = 0; } + +void mbedtls_test_psa_purge_key_cache( void ) +{ + size_t i; + for( i = 0; i < num_key_ids_used; i++ ) + psa_purge_key( key_ids_used_in_test[i] ); +} + #endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ const char *mbedtls_test_helper_is_psa_leaking( void ) diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index 2be1a73e88..7c55c71e89 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -86,6 +86,7 @@ static int invalidate_psa( invalidate_method_t invalidate_method ) case INVALIDATE_BY_DESTROYING_WITH_SHUTDOWN: case INVALIDATE_BY_PURGING_WITH_SHUTDOWN: /* All keys must have been closed. */ + mbedtls_test_psa_purge_key_cache( ); PSA_DONE( ); break; case INVALIDATE_BY_SHUTDOWN: From 65048ad648cdd7c213ac6da7ebfc2145aa8d228a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 14 Feb 2021 14:08:22 +0100 Subject: [PATCH 18/23] Destroy recorded persistent keys in PSA_DONE() This ensures that test cases won't leave persistent files behind even on failure, provided they use TEST_USES_KEY_ID(). Test cases that don't use this macro are unaffected. Tests that use PSA_DONE() midway and expect persistent keys to survive must use PSA_SESSION_DONE() instead. Signed-off-by: Gilles Peskine --- tests/include/test/psa_crypto_helpers.h | 32 +++++++++++++++++-- ...st_suite_psa_crypto_se_driver_hal.function | 8 ++--- ..._suite_psa_crypto_slot_management.function | 14 +------- 3 files changed, 35 insertions(+), 19 deletions(-) diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index 3e356f9a8d..9881eaebef 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -45,6 +45,9 @@ void mbedtls_test_psa_purge_key_storage( void ); /** Purge the in-memory cache of persistent keys recorded with * #TEST_USES_KEY_ID. + * + * Call this function before calling PSA_DONE() if it's ok for + * persistent keys to still exist at this point. */ void mbedtls_test_psa_purge_key_cache( void ); @@ -79,6 +82,8 @@ void mbedtls_test_psa_purge_key_cache( void ); #else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ #define TEST_USES_KEY_ID( key_id ) ( (void) ( key_id ) ) +#define mbedtls_test_psa_purge_key_storage( ) ( (void) 0 ) +#define mbedtls_test_psa_purge_key_cache( ) ( (void) 0 ) #endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ @@ -108,13 +113,36 @@ const char *mbedtls_test_helper_is_psa_leaking( void ); } \ while( 0 ) -/** Shut down the PSA Crypto subsystem. Expect a clean shutdown, with no slots - * in use. +/** Shut down the PSA Crypto subsystem and destroy persistent keys. + * Expect a clean shutdown, with no slots in use. + * + * If some key slots are still in use, record the test case as failed, + * but continue executing. This macro is suitable (and primarily intended) + * for use in the cleanup section of test functions. + * + * \note Persistent keys must be recorded with #TEST_USES_KEY_ID before + * creating them. */ #define PSA_DONE( ) \ do \ { \ test_fail_if_psa_leaking( __LINE__, __FILE__ ); \ + mbedtls_test_psa_purge_key_storage( ); \ + mbedtls_psa_crypto_free( ); \ + } \ + while( 0 ) + +/** Shut down the PSA Crypto subsystem, allowing persistent keys to survive. + * Expect a clean shutdown, with no slots in use. + * + * If some key slots are still in use, record the test case as failed and + * jump to the `exit` label. + */ +#define PSA_SESSION_DONE( ) \ + do \ + { \ + mbedtls_test_psa_purge_key_cache( ); \ + ASSERT_PSA_PRISTINE( ); \ mbedtls_psa_crypto_free( ); \ } \ while( 0 ) diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index be7c246e49..11b8866a64 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -769,10 +769,10 @@ exit: static void psa_purge_storage( void ) { + /* The generic code in mbedtls_test_psa_purge_key_storage() + * (which is called by PSA_DONE()) doesn't take care of things that are + * specific to dynamic secure elements. */ psa_key_location_t location; - - mbedtls_test_psa_purge_key_storage( ); - /* Purge the transaction file. */ psa_crypto_stop_transaction( ); /* Purge driver persistent data. */ @@ -1496,7 +1496,7 @@ void register_key_smoke_test( int lifetime_arg, PSA_ASSERT( psa_purge_key( id ) ); /* Restart and try again. */ - PSA_DONE( ); + PSA_SESSION_DONE( ); PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); if( ! check_key_attributes( id, &attributes ) ) diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index 7c55c71e89..7d3c7a8383 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -86,8 +86,7 @@ static int invalidate_psa( invalidate_method_t invalidate_method ) case INVALIDATE_BY_DESTROYING_WITH_SHUTDOWN: case INVALIDATE_BY_PURGING_WITH_SHUTDOWN: /* All keys must have been closed. */ - mbedtls_test_psa_purge_key_cache( ); - PSA_DONE( ); + PSA_SESSION_DONE( ); break; case INVALIDATE_BY_SHUTDOWN: /* Some keys may remain behind, and we're testing that this @@ -339,7 +338,6 @@ exit: psa_reset_key_attributes( &read_attributes ); PSA_DONE( ); - mbedtls_test_psa_purge_key_storage( ); mbedtls_free( reexported ); } /* END_CASE */ @@ -413,7 +411,6 @@ exit: psa_reset_key_attributes( &attributes ); PSA_DONE( ); - mbedtls_test_psa_purge_key_storage( ); } /* END_CASE */ @@ -472,9 +469,6 @@ void create_fail( int lifetime_arg, int id_arg, exit: PSA_DONE( ); -#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) - mbedtls_test_psa_purge_key_storage( ); -#endif } /* END_CASE */ @@ -610,9 +604,6 @@ exit: PSA_DONE( ); mbedtls_free( export_buffer ); -#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) - mbedtls_test_psa_purge_key_storage( ); -#endif } /* END_CASE */ @@ -728,9 +719,6 @@ exit: PSA_DONE( ); mbedtls_free( export_buffer ); -#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) - mbedtls_test_psa_purge_key_storage( ); -#endif } /* END_CASE */ From 6e0d5bd00d84944a66353c26cc80b4cce7559337 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 14 Feb 2021 23:45:48 +0100 Subject: [PATCH 19/23] Increment the test step number when invalidating a key This makes failure messages easier to understand. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_psa_crypto_se_driver_hal.function | 2 ++ tests/suites/test_suite_psa_crypto_slot_management.function | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index 11b8866a64..79d658fd0a 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -1467,6 +1467,7 @@ void register_key_smoke_test( int lifetime_arg, ( validate > 0 ? PSA_SUCCESS : PSA_ERROR_NOT_PERMITTED ); } + mbedtls_test_set_step( 1 ); PSA_ASSERT( psa_register_se_driver( MIN_DRIVER_LOCATION, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); @@ -1496,6 +1497,7 @@ void register_key_smoke_test( int lifetime_arg, PSA_ASSERT( psa_purge_key( id ) ); /* Restart and try again. */ + mbedtls_test_set_step( 2 ); PSA_SESSION_DONE( ); PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index 7d3c7a8383..bafb7d8bfe 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -123,6 +123,7 @@ void transient_slot_lifecycle( int owner_id_arg, mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + mbedtls_test_set_step( 1 ); PSA_ASSERT( psa_crypto_init( ) ); /* Import a key. */ @@ -169,6 +170,7 @@ void transient_slot_lifecycle( int owner_id_arg, psa_reset_key_attributes( &attributes ); /* Do something that invalidates the key. */ + mbedtls_test_set_step( 2 ); if( ! invalidate_key( invalidate_method, key ) ) goto exit; if( ! invalidate_psa( invalidate_method ) ) @@ -218,6 +220,7 @@ void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg, TEST_USES_KEY_ID( id ); + mbedtls_test_set_step( 1 ); PSA_ASSERT( psa_crypto_init( ) ); psa_set_key_id( &attributes, id ); @@ -267,6 +270,7 @@ void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg, * Do something that wipes key data in volatile memory or destroy the * key. */ + mbedtls_test_set_step( 2 ); if( ! invalidate_key( invalidate_method, id ) ) goto exit; if( ! invalidate_psa( invalidate_method ) ) From 6b362e6f01557bff5eb798f77ef1c4f0187d51c9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 15 Feb 2021 12:03:16 +0100 Subject: [PATCH 20/23] Fix copypasta for the type of a variable MSVC started (rightfully) complaining after moving the code to a separate .c file. Signed-off-by: Gilles Peskine --- tests/src/psa_exercise_key.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index 479d91db21..9f80d7b65a 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -46,7 +46,7 @@ static int check_key_attributes_sanity( mbedtls_svc_key_id_t key ) psa_key_lifetime_t lifetime; mbedtls_svc_key_id_t id; psa_key_type_t type; - psa_key_type_t bits; + size_t bits; PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); lifetime = psa_get_key_lifetime( &attributes ); From c86a16548c82c345d2784d6b79eecfcef71ce08a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 15 Feb 2021 12:17:00 +0100 Subject: [PATCH 21/23] Don't use STATIC_ASSERT_EXPR on non-GCC-compatible compilers ARRAY_LENGTH has a portable but unsafe implementation, and a non-portable implementation that causes a compile-time error if the macro is accidentally used on a pointer. The safety check was only implemented for __GCC__-defining compilers, but the part that triggered the compile-time error was always used. It turns out that this part triggers a build warning with MSVC (at least with some versions: observed with Visual Studio 2013). ``` C:\builds\workspace\mbed-tls-pr-head_PR-4141-head\src\tests\src\psa_crypto_helpers.c(52): error C2220: warning treated as error - no 'object' file generated [C:\builds\workspace\mbed-tls-pr-head_PR-4141-head\src\mbedtls_test.vcxproj] C:\builds\workspace\mbed-tls-pr-head_PR-4141-head\src\tests\src\psa_crypto_helpers.c(52): warning C4116: unnamed type definition in parentheses [C:\builds\workspace\mbed-tls-pr-head_PR-4141-head\src\mbedtls_test.vcxproj] ``` Since a compile-time error is never triggered when the compile-time check for the argument type is not implemented, just use the unsafe macro directly when there's no safety check. Signed-off-by: Gilles Peskine --- tests/include/test/macros.h | 33 +++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-) diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h index 6930a5dc6e..450bc2cc3b 100644 --- a/tests/include/test/macros.h +++ b/tests/include/test/macros.h @@ -321,40 +321,45 @@ mbedtls_exit( 1 ); \ } +/** \def ARRAY_LENGTH + * Return the number of elements of a static or stack array. + * + * \param array A value of array (not pointer) type. + * + * \return The number of elements of the array. + */ +/* A correct implementation of ARRAY_LENGTH, but which silently gives + * a nonsensical result if called with a pointer rather than an array. */ +#define ARRAY_LENGTH_UNSAFE( array ) \ + ( sizeof( array ) / sizeof( *( array ) ) ) + #if defined(__GNUC__) /* Test if arg and &(arg)[0] have the same type. This is true if arg is * an array but not if it's a pointer. */ #define IS_ARRAY_NOT_POINTER( arg ) \ ( ! __builtin_types_compatible_p( __typeof__( arg ), \ __typeof__( &( arg )[0] ) ) ) -#else -/* On platforms where we don't know how to implement this check, - * omit it. Oh well, a non-portable check is better than nothing. */ -#define IS_ARRAY_NOT_POINTER( arg ) 1 -#endif - /* A compile-time constant with the value 0. If `const_expr` is not a * compile-time constant with a nonzero value, cause a compile-time error. */ #define STATIC_ASSERT_EXPR( const_expr ) \ ( 0 && sizeof( struct { unsigned int STATIC_ASSERT : 1 - 2 * ! ( const_expr ); } ) ) + /* Return the scalar value `value` (possibly promoted). This is a compile-time * constant if `value` is. `condition` must be a compile-time constant. * If `condition` is false, arrange to cause a compile-time error. */ #define STATIC_ASSERT_THEN_RETURN( condition, value ) \ ( STATIC_ASSERT_EXPR( condition ) ? 0 : ( value ) ) -#define ARRAY_LENGTH_UNSAFE( array ) \ - ( sizeof( array ) / sizeof( *( array ) ) ) -/** Return the number of elements of a static or stack array. - * - * \param array A value of array (not pointer) type. - * - * \return The number of elements of the array. - */ #define ARRAY_LENGTH( array ) \ ( STATIC_ASSERT_THEN_RETURN( IS_ARRAY_NOT_POINTER( array ), \ ARRAY_LENGTH_UNSAFE( array ) ) ) +#else +/* If we aren't sure the compiler supports our non-standard tricks, + * fall back to the unsafe implementation. */ +#define ARRAY_LENGTH( array ) ARRAY_LENGTH_UNSAFE( array ) +#endif + /** Return the smaller of two values. * * \param x An integer-valued expression without side effects. From 5a7702e76da7454861d5b9ecbd19da492141ecf2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 23 Feb 2021 13:40:19 +0100 Subject: [PATCH 22/23] Fix some C function documentation in the test framework The primary goal of this commit is to fix various comments where `clang -Wdocumentation` identified a discrepancy between the actual function parameters and the documented parameters. The discrepancies were due to copypasta, formatting issues or documentation that had diverged from the implementation. Signed-off-by: Gilles Peskine --- tests/include/test/psa_exercise_key.h | 16 +++++++++------ tests/suites/host_test.function | 6 ++---- tests/suites/main_test.function | 29 +++++++++++++++++---------- 3 files changed, 30 insertions(+), 21 deletions(-) diff --git a/tests/include/test/psa_exercise_key.h b/tests/include/test/psa_exercise_key.h index 1613237380..57eae58911 100644 --- a/tests/include/test/psa_exercise_key.h +++ b/tests/include/test/psa_exercise_key.h @@ -133,8 +133,8 @@ * \param alg The algorithm to use. * \param input1 The first input to pass. * \param input1_length The length of \p input1 in bytes. - * \param input1 The first input to pass. - * \param input1_length The length of \p input1 in bytes. + * \param input2 The first input to pass. + * \param input2_length The length of \p input2 in bytes. * \param capacity The capacity to set. * * \return \c 1 on success, \c 0 on failure. @@ -170,8 +170,11 @@ psa_status_t mbedtls_test_psa_raw_key_agreement_with_self( * * In case of failure, mark the current test case as failed. * - * \param alg A key agreement algorithm compatible with \p key. - * \param key A key that allows key agreement with \p alg. + * \param operation An operation that has been set up for a key + * agreement algorithm that is compatible with + * \p key. + * \param key A key pair object that is suitable for a key + * agreement with \p operation. * * \return \c 1 on success, \c 0 on failure. */ @@ -191,8 +194,9 @@ psa_status_t mbedtls_test_psa_key_agreement_with_self( * - Montgomery public key: first byte. * * \param type The key type. - * \param size The key size in bits. - * \param exported A buffer containing + * \param bits The key size in bits. + * \param exported A buffer containing the key representation. + * \param exported_length The length of \p exported in bytes. * * \return \c 1 if all checks passed, \c 0 on failure. */ diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function index f4f4f45bdf..d83d751ec6 100644 --- a/tests/suites/host_test.function +++ b/tests/suites/host_test.function @@ -360,8 +360,6 @@ static int test_snprintf( size_t n, const char *ref_buf, int ref_ret ) /** * \brief Tests snprintf implementation. * - * \param none - * * \return 0 for success else 1 */ static int run_test_snprintf( void ) @@ -428,8 +426,8 @@ static void write_outcome_entry( FILE *outcome_file, * \param unmet_dependencies The array of unmet dependencies. * \param missing_unmet_dependencies Non-zero if there was a problem tracking * all unmet dependencies, 0 otherwise. - * \param ret The test dispatch status (DISPATCH_xxx). - * \param mbedtls_test_info A pointer to the test info structure. + * \param ret The test dispatch status (DISPATCH_xxx). + * \param info A pointer to the test info structure. */ static void write_outcome_result( FILE *outcome_file, size_t unmet_dep_count, diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index aa408eaafc..36a7d231e3 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -105,7 +105,7 @@ $expression_code * Identifiers and check code is generated by script: * $generator_script * - * \param exp_id Dependency identifier. + * \param dep_id Dependency identifier. * * \return DEPENDENCY_SUPPORTED if set else DEPENDENCY_NOT_SUPPORTED */ @@ -129,13 +129,17 @@ $dep_check_code /** * \brief Function pointer type for test function wrappers. * + * A test function wrapper decodes the parameters and passes them to the + * underlying test function. Both the wrapper and the underlying function + * return void. Test wrappers assume that they are passed a suitable + * parameter array and do not perform any error detection. * - * \param void ** Pointer to void pointers. Represents an array of test - * function parameters. - * - * \return void + * \param param_array The array of parameters. Each element is a `void *` + * which the wrapper casts to the correct type and + * dereferences. Each wrapper function hard-codes the + * number and types of the parameters. */ -typedef void (*TestWrapper_t)( void ** ); +typedef void (*TestWrapper_t)( void **param_array ); /** @@ -158,8 +162,8 @@ $dispatch_code * parameter failure callback, to be used. Calls to setjmp() * can invalidate the state of any local auto variables. * - * \param fp Function pointer to the test function - * \param params Parameters to pass + * \param fp Function pointer to the test function. + * \param params Parameters to pass to the #TestWrapper_t wrapper function. * */ void execute_function_ptr(TestWrapper_t fp, void **params) @@ -197,7 +201,9 @@ void execute_function_ptr(TestWrapper_t fp, void **params) /** * \brief Dispatches test functions based on function index. * - * \param exp_id Test function index. + * \param func_idx Test function index. + * \param params The array of parameters to pass to the test function. + * It will be decoded by the #TestWrapper_t wrapper function. * * \return DISPATCH_TEST_SUCCESS if found * DISPATCH_TEST_FN_NOT_FOUND if not found @@ -226,9 +232,10 @@ int dispatch_test( size_t func_idx, void ** params ) /** - * \brief Checks if test function is supported + * \brief Checks if test function is supported in this build-time + * configuration. * - * \param exp_id Test function index. + * \param func_idx Test function index. * * \return DISPATCH_TEST_SUCCESS if found * DISPATCH_TEST_FN_NOT_FOUND if not found From f29019f9cc699dfc8f0f03cb3f8c39138f300caf Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 23 Feb 2021 13:44:41 +0100 Subject: [PATCH 23/23] Build tests with -Wdocumentation when using Clang Signed-off-by: Gilles Peskine --- tests/CMakeLists.txt | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index cefc5c929e..e2bc42018a 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -67,6 +67,10 @@ if(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_CLANG) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-unused-function") endif(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_CLANG) +if(CMAKE_COMPILER_IS_CLANG) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wdocumentation -Wno-documentation-deprecated-sync -Wunreachable-code") +endif(CMAKE_COMPILER_IS_CLANG) + if(MSVC) # If a warning level has been defined, suppress all warnings for test code set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /W0")