Add stub functions so that we can run tests with MBEDTLS_PSA_CRYPTO_CLIENT

When MBEDTLS_PSA_CRYPTO_CLIENT is enabled but MBEDTLS_PSA_CRYPTO_C is disabled, the PSA functions are missing, but there is code in the pk module that call PSA functions. When building such a configuration, let the test code provide stub functions that just return an error. This way, we can link and run programs in this configuration. The programs will fail at runtime if they try to invoke a PSA function, so any testing that involves running PSA functions must still be guarded by MBEDTLS_PSA_CRYPTO_C, not MBEDTLS_PSA_CRYPTO_CLIENT. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-03-29 04:20:12 +00:00 · 2024-02-19 20:29:24 +01:00 · 2024-02-19 20:29:24 +01:00 · 7c5547ccbd
commit 7c5547ccbd
parent a26a1b7acd
2 changed files with 178 additions and 6 deletions
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@ -1265,7 +1265,7 @@ component_build_psa_crypto_spm () {
 # Get a list of library-wise undefined symbols and ensure that they only
 # belong to psa_xxx() functions and not to mbedtls_yyy() ones.
 # This function is a common helper used by both:
-# - component_build_default_psa_crypto_client_without_crypto_provider
+# - component_test_default_psa_crypto_client_without_crypto_provider
 # - component_build_full_psa_crypto_client_without_crypto_provider.
 common_check_mbedtls_missing_symbols() {
    nm library/libmbedcrypto.a | grep ' [TRrDC] ' | grep -Eo '(mbedtls_|psa_).*' | sort -u > sym_def.txt
@ -1276,18 +1276,22 @@ common_check_mbedtls_missing_symbols() {
    rm sym_def.txt sym_undef.txt linking_errors.txt
 }

-component_build_default_psa_crypto_client_without_crypto_provider () {
+component_test_default_psa_crypto_client_without_crypto_provider () {
    msg "build: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT"

    scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
    scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
+    scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C
    scripts/config.py set MBEDTLS_PSA_CRYPTO_CLIENT
+    scripts/config.py unset MBEDTLS_LMS_C

-    make lib
-
-    msg "check: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT"
+    make

+    msg "check missing symbols: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT"
    common_check_mbedtls_missing_symbols
+
+    msg "test: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT"
+    make test
 }

 component_build_full_psa_crypto_client_without_crypto_provider () {
@ -1308,7 +1312,7 @@ component_build_full_psa_crypto_client_without_crypto_provider () {
    # that symbols of interest are there.
    make lib

-    msg "check: full config - PSA_CRYPTO_C"
+    msg "check missing symbols: full config - PSA_CRYPTO_C"

    common_check_mbedtls_missing_symbols

--- a/tests/src/psa_crypto_stubs.c
+++ b/tests/src/psa_crypto_stubs.c
@ -0,0 +1,168 @@
+/** \file psa_crypto_stubs.c
+ *
+ * \brief Stub functions when MBEDTLS_PSA_CRYPTO_CLIENT is enabled but
+ *        MBEDTLS_PSA_CRYPTO_C is disabled.
+ */
+
+/*
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include <psa/crypto.h>
+
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+
+psa_status_t psa_asymmetric_decrypt(mbedtls_svc_key_id_t key,
+                                    psa_algorithm_t alg,
+                                    const uint8_t *input,
+                                    size_t input_length,
+                                    const uint8_t *salt,
+                                    size_t salt_length,
+                                    uint8_t *output,
+                                    size_t output_size,
+                                    size_t *output_length)
+{
+    (void) key;
+    (void) alg;
+    (void) input;
+    (void) input_length;
+    (void) salt;
+    (void) salt_length;
+    (void) output;
+    (void) output_size;
+    (void) output_length;
+    return PSA_ERROR_COMMUNICATION_FAILURE;
+}
+
+psa_status_t psa_asymmetric_encrypt(mbedtls_svc_key_id_t key,
+                                    psa_algorithm_t alg,
+                                    const uint8_t *input,
+                                    size_t input_length,
+                                    const uint8_t *salt,
+                                    size_t salt_length,
+                                    uint8_t *output,
+                                    size_t output_size,
+                                    size_t *output_length)
+{
+    (void) key;
+    (void) alg;
+    (void) input;
+    (void) input_length;
+    (void) salt;
+    (void) salt_length;
+    (void) output;
+    (void) output_size;
+    (void) output_length;
+    return PSA_ERROR_COMMUNICATION_FAILURE;
+}
+
+psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key)
+{
+    (void) key;
+    return PSA_ERROR_COMMUNICATION_FAILURE;
+}
+
+psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key,
+                                   uint8_t *data,
+                                   size_t data_size,
+                                   size_t *data_length)
+{
+    (void) key;
+    (void) data;
+    (void) data_size;
+    (void) data_length;
+    return PSA_ERROR_COMMUNICATION_FAILURE;
+}
+
+psa_status_t psa_get_key_attributes(mbedtls_svc_key_id_t key,
+                                    psa_key_attributes_t *attributes)
+{
+    (void) key;
+    (void) attributes;
+    return PSA_ERROR_COMMUNICATION_FAILURE;
+}
+
+psa_status_t psa_hash_abort(psa_hash_operation_t *operation)
+{
+    (void) operation;
+    return PSA_ERROR_COMMUNICATION_FAILURE;
+}
+
+psa_status_t psa_hash_finish(psa_hash_operation_t *operation,
+                             uint8_t *hash,
+                             size_t hash_size,
+                             size_t *hash_length)
+{
+    (void) operation;
+    (void) hash;
+    (void) hash_size;
+    (void) hash_length;
+    return PSA_ERROR_COMMUNICATION_FAILURE;
+}
+
+psa_status_t psa_hash_setup(psa_hash_operation_t *operation,
+                            psa_algorithm_t alg)
+{
+    (void) operation;
+    (void) alg;
+    return PSA_ERROR_COMMUNICATION_FAILURE;
+}
+
+psa_status_t psa_hash_update(psa_hash_operation_t *operation,
+                             const uint8_t *input,
+                             size_t input_length)
+{
+    (void) operation;
+    (void) input;
+    (void) input_length;
+    return PSA_ERROR_COMMUNICATION_FAILURE;
+}
+
+psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
+                            const uint8_t *data,
+                            size_t data_length,
+                            mbedtls_svc_key_id_t *key)
+{
+    (void) attributes;
+    (void) data;
+    (void) data_length;
+    (void) key;
+    return PSA_ERROR_COMMUNICATION_FAILURE;
+}
+
+psa_status_t psa_sign_hash(mbedtls_svc_key_id_t key,
+                           psa_algorithm_t alg,
+                           const uint8_t *hash,
+                           size_t hash_length,
+                           uint8_t *signature,
+                           size_t signature_size,
+                           size_t *signature_length)
+{
+    (void) key;
+    (void) alg;
+    (void) hash;
+    (void) hash_length;
+    (void) signature;
+    (void) signature_size;
+    (void) signature_length;
+    return PSA_ERROR_COMMUNICATION_FAILURE;
+}
+
+psa_status_t psa_verify_hash(mbedtls_svc_key_id_t key,
+                             psa_algorithm_t alg,
+                             const uint8_t *hash,
+                             size_t hash_length,
+                             const uint8_t *signature,
+                             size_t signature_length)
+{
+    (void) key;
+    (void) alg;
+    (void) hash;
+    (void) hash_length;
+    (void) signature;
+    (void) signature_length;
+    return PSA_ERROR_COMMUNICATION_FAILURE;
+}
+
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT !MBEDTLS_PSA_CRYPTO_C */