test: add new component to test core library without calloc/free

This commit also fixes issues found in test suites
function/data files.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit is contained in:
Valerio Setti 2024-06-25 18:31:36 +02:00
parent 168d24a00d
commit efce6052d8
7 changed files with 114 additions and 13 deletions

View File

@ -64,6 +64,92 @@ component_build_psa_crypto_spm () {
check_renamed_symbols tests/include/spe/crypto_spe.h library/libmbedcrypto.a
}
# The goal of this component is to build a configuration where:
# - test code and libtestdriver1 can make use of calloc/free and
# - core library (including PSA core) cannot use calloc/free.
component_test_psa_crypto_without_heap() {
# Disable PSA features that cannot be accelerated and whose builtin support
# requires calloc/free.
scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
scripts/config.py -f $CRYPTO_CONFIG_H unset-all PSA_WANT_ALG_HKDF*
scripts/config.py -f $CRYPTO_CONFIG_H unset-all PSA_WANT_ALG_PBKDF2*
scripts/config.py -f $CRYPTO_CONFIG_H unset-all PSA_WANT_ALG_TLS12*
# RSA key support requires ASN1 parse/write support for testing, but ASN1
# is disabled below.
scripts/config.py -f $CRYPTO_CONFIG_H unset-all PSA_WANT_KEY_TYPE_RSA_*
scripts/config.py -f $CRYPTO_CONFIG_H unset-all PSA_WANT_ALG_RSA_*
# DES requires built-in support for key generation (parity check) so it
# cannot be accelerated
scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES
# EC-JPAKE use calloc/free in PSA core
scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE
# Accelerate all PSA features (which are still enabled in CRYPTO_CONFIG_H).
PSA_SYM_LIST=$(./scripts/config.py -f $CRYPTO_CONFIG_H get-all-enabled PSA_WANT)
loc_accel_list=$(echo $PSA_SYM_LIST | sed 's/PSA_WANT_//g')
msg "build: libtestdriver1"
helper_libtestdriver1_adjust_config crypto
helper_libtestdriver1_make_drivers "$loc_accel_list"
msg "build: main library"
# Enable fully-static key slots in PSA core.
scripts/config.py set MBEDTLS_PSA_STATIC_KEY_SLOTS
# Prevent PSA core from creating a copy of input/output buffers
scripts/config.py set MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS
# Prevent PSA core from using CTR-DRBG or HMAC-DRBG for random generation.
scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
# Set cmalloc/free as null pointer functions. Calling them would crash
# the program so we can use this as a "sentinel" for being sure no module
# is making use of these functions in the library.
scripts/config.py set MBEDTLS_PLATFORM_MEMORY
scripts/config.py set MBEDTLS_PLATFORM_STD_CALLOC NULL
scripts/config.py set MBEDTLS_PLATFORM_STD_FREE NULL
# Disable all the modules/features that use cmalloc directly
scripts/config.py unset-all MBEDTLS_ASN1_
scripts/config.py unset MBEDTLS_BIGNUM_C
scripts/config.py unset MBEDTLS_CIPHER_C
scripts/config.py unset MBEDTLS_CMAC_C
scripts/config.py unset MBEDTLS_DHM_C
scripts/config.py unset MBEDTLS_ECDSA_C
scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
scripts/config.py unset MBEDTLS_ECP_C
scripts/config.py unset-all MBEDTLS_LMS_
scripts/config.py unset MBEDTLS_MD_C
scripts/config.py unset MBEDTLS_OID_C
scripts/config.py unset-all MBEDTLS_PEM_
scripts/config.py unset MBEDTLS_PKCS7_C
scripts/config.py unset-all MBEDTLS_PK_
scripts/config.py unset MBEDTLS_RSA_C
scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
# Disable all modules that depend on the the previous ones
scripts/config.py unset MBEDTLS_NIST_KW_C
scripts/config.py unset MBEDTLS_ECDH_C
scripts/config.py unset MBEDTLS_ECJPAKE_C
scripts/config.py unset-all MBEDTLS_PKCS1_
scripts/config.py unset-all MBEDTLS_ENTROPY_
scripts/config.py unset-all MBEDTLS_SHA
scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
scripts/config.py unset MBEDTLS_HKDF_C
scripts/config.py unset MBEDTLS_PKCS5_C
scripts/config.py unset MBEDTLS_PKCS12_C
scripts/config.py unset MBEDTLS_HMAC_DRBG_C
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC
helper_libtestdriver1_make_main "$loc_accel_list" lib
msg "build: test suites and helpers"
# Reset cmalloc/free functions to normal operations so that test code can
# freely use them.
scripts/config.py unset MBEDTLS_PLATFORM_MEMORY
scripts/config.py unset MBEDTLS_PLATFORM_STD_CALLOC
scripts/config.py unset MBEDTLS_PLATFORM_STD_FREE
helper_libtestdriver1_make_main "$loc_accel_list" tests
msg "run tests"
make test
}
# Get a list of library-wise undefined symbols and ensure that they only
# belong to psa_xxx() functions and not to mbedtls_yyy() ones.
# This function is a common helper used by both:

View File

@ -7414,9 +7414,11 @@ PSA generate key: raw data, 9 bits: invalid argument
generate_key:PSA_KEY_TYPE_RAW_DATA:9:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT:0
PSA generate key: raw data, (MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8 bits
depends_on:!MBEDTLS_PSA_STATIC_KEY_SLOTS
generate_key:PSA_KEY_TYPE_RAW_DATA:(MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0
PSA generate key: raw data, (2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8 bits
depends_on:!MBEDTLS_PSA_STATIC_KEY_SLOTS
generate_key:PSA_KEY_TYPE_RAW_DATA:(2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0
PSA generate key: raw data, 65528 bits (large key, ok if it fits)

View File

@ -1236,7 +1236,7 @@ static void interruptible_signverify_get_minmax_completes(uint32_t max_ops,
}
#endif /* MBEDTLS_ECP_RESTARTABLE */
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE) && defined(MBEDTLS_ASN1_PARSE_C)
static int rsa_test_e(mbedtls_svc_key_id_t key,
size_t bits,
const data_t *e_arg)
@ -10246,7 +10246,7 @@ void generate_key_custom(int type_arg,
TEST_EQUAL(psa_get_key_type(&got_attributes), type);
TEST_EQUAL(psa_get_key_bits(&got_attributes), bits);
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE) && defined(MBEDTLS_ASN1_PARSE_C)
if (type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
TEST_ASSERT(rsa_test_e(key, bits, custom_data));
}

View File

@ -256,35 +256,35 @@ generate_ec_key through transparent driver: error
generate_ec_key:PSA_ERROR_GENERIC_ERROR:"":PSA_ERROR_GENERIC_ERROR
validate key through transparent driver: good private key
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_STORAGE_C
validate_key:PSA_SUCCESS:PSA_KEY_LOCATION_LOCAL_STORAGE:130:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_SUCCESS
validate key through transparent driver: good public key
depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256
depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_STORAGE_C
validate_key:PSA_SUCCESS:PSA_KEY_LOCATION_LOCAL_STORAGE:131:1:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_SUCCESS
validate key through transparent driver: fallback private key
depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256
depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_STORAGE_C
validate_key:PSA_ERROR_NOT_SUPPORTED:PSA_KEY_LOCATION_LOCAL_STORAGE:132:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_SUCCESS
validate key through transparent driver: fallback public key
depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256
depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_STORAGE_C
validate_key:PSA_ERROR_NOT_SUPPORTED:PSA_KEY_LOCATION_LOCAL_STORAGE:133:1:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_SUCCESS
validate key through transparent driver: error
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:MBEDTLS_PSA_CRYPTO_STORAGE_C
validate_key:PSA_ERROR_GENERIC_ERROR:PSA_KEY_LOCATION_LOCAL_STORAGE:134:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ERROR_GENERIC_ERROR
validate key through opaque driver: good private key
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_STORAGE_C
validate_key:PSA_SUCCESS:PSA_CRYPTO_TEST_DRIVER_LOCATION:130:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_SUCCESS
validate key through opaque driver: good public key
depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256
depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_STORAGE_C
validate_key:PSA_SUCCESS:PSA_CRYPTO_TEST_DRIVER_LOCATION:131:1:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_SUCCESS
validate key through opaque driver: error
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:MBEDTLS_PSA_CRYPTO_STORAGE_C
validate_key:PSA_ERROR_GENERIC_ERROR:PSA_CRYPTO_TEST_DRIVER_LOCATION:134:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ERROR_GENERIC_ERROR
export_key private to public through driver: fake

View File

@ -6,13 +6,14 @@
size_t pake_expected_hit_count = 0;
int pake_in_driver = 0;
#if defined(PSA_WANT_ALG_JPAKE) && \
defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) && \
defined(PSA_WANT_ECC_SECP_R1_256) && defined(PSA_WANT_ALG_SHA_256)
/* The only two JPAKE user/peer identifiers supported for the time being. */
static const uint8_t jpake_server_id[] = { 's', 'e', 'r', 'v', 'e', 'r' };
static const uint8_t jpake_client_id[] = { 'c', 'l', 'i', 'e', 'n', 't' };
#if defined(PSA_WANT_ALG_JPAKE) && \
defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) && \
defined(PSA_WANT_ECC_SECP_R1_256) && defined(PSA_WANT_ALG_SHA_256)
static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
psa_pake_operation_t *server,
psa_pake_operation_t *client,
@ -437,6 +438,11 @@ static int sanity_check_rsa_encryption_result(
mbedtls_mpi_init(&D);
mbedtls_mpi_init(&C);
mbedtls_mpi_init(&X);
#else /* MBEDTLS_BIGNUM_C */
(void) alg;
(void) private_exponent;
(void) input_data;
(void) buf;
#endif /* MBEDTLS_BIGNUM_C */
int ok = 0;

View File

@ -8,6 +8,10 @@
#include "entropy_poll.h"
/* Calculating the minimum allowed entropy size in bytes */
#if !defined(MBEDTLS_ENTROPY_BLOCK_SIZE)
#define MBEDTLS_ENTROPY_BLOCK_SIZE MBEDTLS_ENTROPY_MIN_PLATFORM
#endif
#define MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE MAX(MBEDTLS_ENTROPY_MIN_PLATFORM, \
MBEDTLS_ENTROPY_BLOCK_SIZE)

View File

@ -24,6 +24,9 @@ static int check_stats(void)
exit:
return 0;
}
#if !defined(MBEDTLS_ENTROPY_BLOCK_SIZE)
#define MBEDTLS_ENTROPY_BLOCK_SIZE MBEDTLS_ENTROPY_MIN_PLATFORM
#endif
#define ENTROPY_MIN_NV_SEED_SIZE \
MAX(MBEDTLS_ENTROPY_MIN_PLATFORM, MBEDTLS_ENTROPY_BLOCK_SIZE)