diff --git a/CMakeLists.txt b/CMakeLists.txt index e1bfbb53352f..83a61a979bb1 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -301,7 +301,7 @@ add_subdirectory(library) add_subdirectory(pkgconfig) # -# The C files in tests/src directory contain test code shared among test suites +# The C files in framework/tests/src directory contain test code shared among test suites # and programs. This shared test code is compiled and linked to test suites and # programs objects as a set of compiled objects. The compiled objects are NOT # built into a library that the test suite and program objects would link @@ -316,42 +316,42 @@ add_subdirectory(pkgconfig) # if(ENABLE_TESTING OR ENABLE_PROGRAMS) file(GLOB MBEDTLS_TEST_FILES - ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/*.c - ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/drivers/*.c) + ${CMAKE_CURRENT_SOURCE_DIR}/framework/tests/src/*.c + ${CMAKE_CURRENT_SOURCE_DIR}/framework/tests/src/drivers/*.c) add_library(mbedtls_test OBJECT ${MBEDTLS_TEST_FILES}) if(GEN_FILES) add_custom_command( OUTPUT - ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_keys.h + ${CMAKE_CURRENT_SOURCE_DIR}/framework/tests/src/test_keys.h WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/tests COMMAND "${MBEDTLS_PYTHON_EXECUTABLE}" "${CMAKE_CURRENT_SOURCE_DIR}/framework/scripts/generate_test_keys.py" "--output" - "${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_keys.h" + "${CMAKE_CURRENT_SOURCE_DIR}/framework/tests/src/test_keys.h" DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/framework/scripts/generate_test_keys.py ) - add_custom_target(test_keys_header DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_keys.h) + add_custom_target(test_keys_header DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/framework/tests/src/test_keys.h) add_custom_command( OUTPUT - ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_certs.h + ${CMAKE_CURRENT_SOURCE_DIR}/framework/tests/src/test_certs.h WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/tests COMMAND "${MBEDTLS_PYTHON_EXECUTABLE}" "${CMAKE_CURRENT_SOURCE_DIR}/framework/scripts/generate_test_cert_macros.py" "--output" - "${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_certs.h" + "${CMAKE_CURRENT_SOURCE_DIR}/framework/tests/src/test_certs.h" DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/framework/scripts/generate_test_cert_macros.py ) - add_custom_target(test_certs_header DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_certs.h) + add_custom_target(test_certs_header DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/framework/tests/src/test_certs.h) add_dependencies(mbedtls_test test_keys_header test_certs_header) endif() target_include_directories(mbedtls_test - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tests/include + PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/framework/tests/include PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/include PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/drivers/builtin/include @@ -362,10 +362,10 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS) set_target_properties(mbedtls_test PROPERTIES C_STANDARD 11) file(GLOB MBEDTLS_TEST_HELPER_FILES - ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_helpers/*.c) + ${CMAKE_CURRENT_SOURCE_DIR}/framework/tests/src/test_helpers/*.c) add_library(mbedtls_test_helpers OBJECT ${MBEDTLS_TEST_HELPER_FILES}) target_include_directories(mbedtls_test_helpers - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tests/include + PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/framework/tests/include PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/include PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/drivers/builtin/include diff --git a/Makefile b/Makefile index b63880487e28..ce0795186fc9 100644 --- a/Makefile +++ b/Makefile @@ -213,8 +213,8 @@ C_SOURCE_FILES = $(wildcard \ tf-psa-crypto/drivers/*/*/*/*.c \ tf-psa-crypto/drivers/*/*/*/*/*.c \ programs/*/*.[hc] \ - tests/include/*/*.h tests/include/*/*/*.h \ - tests/src/*.c tests/src/*/*.c \ + framework/tests/include/*/*.h framework/tests/include/*/*/*.h \ + framework/tests/src/*.c framework/tests/src/*/*.c \ tests/suites/*.function \ ) # Exuberant-ctags invocation. Other ctags implementations may require different options. @@ -231,5 +231,5 @@ cscope.in.out cscope.po.out cscope.out: $(C_SOURCE_FILES) cscope -bq -u -Iinclude -Ilibrary -Itf-psa-crypto/core \ -Itf-psa-crypto/include \ -Itf-psa-crypto/drivers/builtin/src \ - $(patsubst %,-I%,$(wildcard tf-psa-crypto/drivers/*/include)) -Itests/include $(C_SOURCE_FILES) + $(patsubst %,-I%,$(wildcard tf-psa-crypto/drivers/*/include)) -Iframework/tests/include $(C_SOURCE_FILES) .PHONY: cscope global diff --git a/docs/architecture/psa-crypto-implementation-structure.md b/docs/architecture/psa-crypto-implementation-structure.md index 0954602cb6bb..ada29d175b9b 100644 --- a/docs/architecture/psa-crypto-implementation-structure.md +++ b/docs/architecture/psa-crypto-implementation-structure.md @@ -78,7 +78,7 @@ Summary of files to modify when adding a new algorithm or key type: * [ ] PSA Crypto API draft, if not already done — [PSA standardization](#psa-standardization) * [ ] `include/psa/crypto_values.h` or `include/psa/crypto_extra.h` — [New functions and macros](#new-functions-and-macros) -* [ ] `include/psa/crypto_config.h`, `tests/include/test/drivers/crypto_config_test_driver_extension.h` — [Preprocessor symbols](#preprocessor-symbols) +* [ ] `include/psa/crypto_config.h`, `framework/tests/include/test/drivers/crypto_config_test_driver_extension.h` — [Preprocessor symbols](#preprocessor-symbols) * Occasionally `library/check_crypto_config.h` — [Preprocessor symbols](#preprocessor-symbols) * [ ] `include/mbedtls/config_psa.h` — [Preprocessor symbols](#preprocessor-symbols) * [ ] `library/psa_crypto.c`, `library/psa_crypto_*.[hc]` — [Implementation of the mechanisms](#implementation-of-the-mechanisms) @@ -128,7 +128,7 @@ Each cryptographic mechanism is optional and can be selected by the application * If `MBEDTLS_PSA_CRYPTO_CONFIG` is disabled: based on the available mechanisms in Mbed TLS, deduced from `mbedtls/mbedtls_config.h` by code in `include/mbedtls/config_psa.h`. * if `MBEDTLS_PSA_CRYPTO_CONFIG` is enabled: in the application configuration file `include/psa/crypto_config.h` (or `MBEDTLS_PSA_CRYPTO_CONFIG_FILE`, plus `MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE`), with code in `include/mbedtls/config_psa.h` deducing the necessary underlying `MBEDTLS_xxx` symbols. * For transparent keys (keys that are not in a secure element), the feature is implemented by Mbed TLS if `MBEDTLS_PSA_BUILTIN_ttt_xxx` is defined, and by an accelerator driver if `MBEDTLS_PSA_ACCEL_ttt_xxx` is defined. `MBEDTLS_PSA_BUILTIN_ttt_xxx` constants are set in `include/mbedtls/config_psa.h` based on the application requests `PSA_WANT_ttt_xxx` and the accelerator driver declarations `MBEDTLS_PSA_ACCEL_ttt_xxx`. -* For the testing of the driver dispatch code, `tests/include/test/drivers/crypto_config_test_driver_extension.h` sets additional `MBEDTLS_PSA_ACCEL_xxx` symbols. +* For the testing of the driver dispatch code, `framework/tests/include/test/drivers/crypto_config_test_driver_extension.h` sets additional `MBEDTLS_PSA_ACCEL_xxx` symbols. For more details, see *[Conditional inclusion of cryptographic mechanism through the PSA API in Mbed TLS](../proposed/psa-conditional-inclusion-c.html)*. diff --git a/docs/architecture/psa-shared-memory.md b/docs/architecture/psa-shared-memory.md index 283ffc626522..5f69a7763ff2 100644 --- a/docs/architecture/psa-shared-memory.md +++ b/docs/architecture/psa-shared-memory.md @@ -661,7 +661,7 @@ psa_status_t mem_poison_psa_aead_update(psa_aead_operation_t *operation, #define psa_aead_update(...) mem_poison_psa_aead_update(__VA_ARGS__) ``` -There now exists a more generic mechanism for making exactly this kind of transformation - the PSA test wrappers, which exist in the files `tests/include/test/psa_test_wrappers.h` and `tests/src/psa_test_wrappers.c`. These are wrappers around all PSA functions that allow testing code to be inserted at the start and end of a PSA function call. +There now exists a more generic mechanism for making exactly this kind of transformation - the PSA test wrappers, which exist in the files `framework/tests/include/test/psa_test_wrappers.h` and `framework/tests/src/psa_test_wrappers.c`. These are wrappers around all PSA functions that allow testing code to be inserted at the start and end of a PSA function call. The test wrappers are generated by a script, although they are not automatically generated as part of the build process. Instead, they are checked into source control and must be manually updated when functions change by running `framework/scripts/generate_psa_wrappers.py`. diff --git a/docs/architecture/testing/driver-interface-test-strategy.md b/docs/architecture/testing/driver-interface-test-strategy.md index 5fc5e18e6d15..370eb9db155a 100644 --- a/docs/architecture/testing/driver-interface-test-strategy.md +++ b/docs/architecture/testing/driver-interface-test-strategy.md @@ -132,8 +132,8 @@ The driver interface includes a fallback mechanism so that a driver can reject a We have test drivers that are enabled by `PSA_CRYPTO_DRIVER_TEST` (not present in the usual config files, must be defined on the command line or in a custom -config file). Those test drivers are implemented in `tests/src/drivers/*.c` -and their API is declared in `tests/include/test/drivers/*.h`. +config file). Those test drivers are implemented in `framework/tests/src/drivers/*.c` +and their API is declared in `framework/tests/include/test/drivers/*.h`. We have two test driver registered: `mbedtls_test_opaque_driver` and `mbedtls_test_transparent_driver`. These are described in @@ -212,7 +212,7 @@ desired.) The renaming process for `libtestdriver1` is implemented as a few Perl regexes applied to a copy of the library code, see the `libtestdriver1.a` target in `tests/Makefile`. Another modification that's done to this copy is appending -`tests/include/test/drivers/crypto_config_test_driver_extension.h` to +`framework/tests/include/test/drivers/crypto_config_test_driver_extension.h` to `psa/crypto_config.h`. This file reverses the `ACCEL`/`BUILTIN` macros so that `libtestdriver1` includes as built-in what the main `libmbedcrypto.a` will have accelerated; see that file's initial comment for details. See also diff --git a/docs/psa-driver-example-and-guide.md b/docs/psa-driver-example-and-guide.md index a5e9b16d9999..3dced28b491f 100644 --- a/docs/psa-driver-example-and-guide.md +++ b/docs/psa-driver-example-and-guide.md @@ -43,7 +43,7 @@ There are three deliverables for creating such a driver. These are: - C header files defining the types required by the driver description. The names of these header files are declared in the driver description file. - An object file compiled for the target platform defining the functions required by the driver description. Implementations may allow drivers to be provided as source files and compiled with the core instead of being pre-compiled. -The Mbed TLS driver tests for the aforementioned entry points provide examples of how these deliverables can be implemented. For sample driver description JSON files, see [`mbedtls_test_transparent_driver.json`](https://github.com/Mbed-TLS/mbedtls/blob/development/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json) or [`mbedtls_test_opaque_driver.json`](https://github.com/Mbed-TLS/mbedtls/blob/development/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json). The header file required by the driver description is [`test_driver.h`](https://github.com/Mbed-TLS/mbedtls/blob/development/tests/include/test/drivers/test_driver.h). As Mbed TLS tests are built from source, there is no object file for the test driver. However, the source for the test driver can be found under `tests/src/drivers`. +The Mbed TLS driver tests for the aforementioned entry points provide examples of how these deliverables can be implemented. For sample driver description JSON files, see [`mbedtls_test_transparent_driver.json`](https://github.com/Mbed-TLS/mbedtls/blob/development/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json) or [`mbedtls_test_opaque_driver.json`](https://github.com/Mbed-TLS/mbedtls/blob/development/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json). The header file required by the driver description is [`test_driver.h`](https://github.com/Mbed-TLS/mbedtls/blob/development/tests/include/test/drivers/test_driver.h). As Mbed TLS tests are built from source, there is no object file for the test driver. However, the source for the test driver can be found under `framework/tests/src/drivers`. ### Process for Entry Points where auto-generation is not implemented diff --git a/framework b/framework index 9eeacb7125d6..bde4a56a2570 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 9eeacb7125d6630a11e29d8a7aab5873b3638b6d +Subproject commit bde4a56a25702af4a5b6ae1548db6295a53a3243 diff --git a/programs/Makefile b/programs/Makefile index 1f2d7198c86b..464f4f90d5ef 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -1,4 +1,4 @@ -MBEDTLS_TEST_PATH = ../tests +MBEDTLS_TEST_PATH = ../framework/tests include ../scripts/common.make ifeq ($(shell uname -s),Linux) diff --git a/programs/aes/CMakeLists.txt b/programs/aes/CMakeLists.txt index ccb8db564f2c..dd8d75757864 100644 --- a/programs/aes/CMakeLists.txt +++ b/programs/aes/CMakeLists.txt @@ -5,7 +5,7 @@ set(executables foreach(exe IN LISTS executables) add_executable(${exe} ${exe}.c $) target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT}) - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) + target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include) endforeach() install(TARGETS ${executables} diff --git a/programs/cipher/CMakeLists.txt b/programs/cipher/CMakeLists.txt index e925524f68c1..238b228f3814 100644 --- a/programs/cipher/CMakeLists.txt +++ b/programs/cipher/CMakeLists.txt @@ -5,7 +5,7 @@ set(executables foreach(exe IN LISTS executables) add_executable(${exe} ${exe}.c $) target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT}) - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) + target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include) endforeach() install(TARGETS ${executables} diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt index c389029bca93..d274aab08376 100644 --- a/programs/fuzz/CMakeLists.txt +++ b/programs/fuzz/CMakeLists.txt @@ -38,7 +38,7 @@ foreach(exe IN LISTS executables_no_common_c executables_with_common_c) endif() add_executable(${exe} ${exe_sources}) - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) + target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include) if (NOT FUZZINGENGINE_LIB) target_link_libraries(${exe} ${libs}) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index 828e5184a67b..d60208c9673b 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -1,4 +1,4 @@ -MBEDTLS_TEST_PATH:=../../tests +MBEDTLS_TEST_PATH:=../../framework/tests MBEDTLS_PATH := ../.. include ../../scripts/common.make diff --git a/programs/hash/CMakeLists.txt b/programs/hash/CMakeLists.txt index fcacf3ba4f3b..7f85056fb2d7 100644 --- a/programs/hash/CMakeLists.txt +++ b/programs/hash/CMakeLists.txt @@ -7,7 +7,7 @@ set(executables foreach(exe IN LISTS executables) add_executable(${exe} ${exe}.c $) target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT}) - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) + target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include) endforeach() install(TARGETS ${executables} diff --git a/programs/pkey/CMakeLists.txt b/programs/pkey/CMakeLists.txt index cd0387a882b7..2e21a7d8e31e 100644 --- a/programs/pkey/CMakeLists.txt +++ b/programs/pkey/CMakeLists.txt @@ -6,7 +6,7 @@ set(executables_mbedtls foreach(exe IN LISTS executables_mbedtls) add_executable(${exe} ${exe}.c $) target_link_libraries(${exe} ${mbedtls_target} ${CMAKE_THREAD_LIBS_INIT}) - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) + target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include) endforeach() set(executables_mbedcrypto @@ -33,7 +33,7 @@ set(executables_mbedcrypto foreach(exe IN LISTS executables_mbedcrypto) add_executable(${exe} ${exe}.c $) target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT}) - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) + target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include) endforeach() install(TARGETS ${executables_mbedtls} ${executables_mbedcrypto} diff --git a/programs/psa/CMakeLists.txt b/programs/psa/CMakeLists.txt index c0843e1233c2..d94c5b15a357 100644 --- a/programs/psa/CMakeLists.txt +++ b/programs/psa/CMakeLists.txt @@ -29,7 +29,7 @@ endif() foreach(exe IN LISTS executables) add_executable(${exe} ${exe}.c $) target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT}) - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) + target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include) endforeach() target_include_directories(psa_constant_names PRIVATE ${CMAKE_CURRENT_BINARY_DIR}) diff --git a/programs/random/CMakeLists.txt b/programs/random/CMakeLists.txt index 59403953541a..1870d1079018 100644 --- a/programs/random/CMakeLists.txt +++ b/programs/random/CMakeLists.txt @@ -6,7 +6,7 @@ set(executables foreach(exe IN LISTS executables) add_executable(${exe} ${exe}.c $) target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT}) - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) + target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include) endforeach() install(TARGETS ${executables} diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt index ec2c86fb4adc..5cdc0857b96a 100644 --- a/programs/ssl/CMakeLists.txt +++ b/programs/ssl/CMakeLists.txt @@ -39,7 +39,7 @@ foreach(exe IN LISTS executables) add_executable(${exe} ${exe}.c $ ${extra_sources}) target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT}) - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) + target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include) if(exe STREQUAL "ssl_client2" OR exe STREQUAL "ssl_server2") if(GEN_FILES) add_dependencies(${exe} generate_query_config_c) @@ -51,7 +51,7 @@ endforeach() if(THREADS_FOUND) add_executable(ssl_pthread_server ssl_pthread_server.c $) - target_include_directories(ssl_pthread_server PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) + target_include_directories(ssl_pthread_server PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include) target_link_libraries(ssl_pthread_server ${libs} ${CMAKE_THREAD_LIBS_INIT}) list(APPEND executables ssl_pthread_server) endif(THREADS_FOUND) diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt index 0c9b11a4b02a..48dfce5fab66 100644 --- a/programs/test/CMakeLists.txt +++ b/programs/test/CMakeLists.txt @@ -79,7 +79,7 @@ foreach(exe IN LISTS executables_libs executables_mbedcrypto) add_executable(${exe} ${exe}.c $ ${extra_sources}) target_include_directories(${exe} - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) + PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../library ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/core) diff --git a/programs/test/metatest.c b/programs/test/metatest.c index c52e579661d9..c14021d34dd4 100644 --- a/programs/test/metatest.c +++ b/programs/test/metatest.c @@ -261,7 +261,7 @@ void mutex_lock_not_initialized(const char *name) mbedtls_threading_mutex_t mutex; memset(&mutex, 0, sizeof(mutex)); /* This mutex usage error is detected by our test framework's mutex usage - * verification framework. See tests/src/threading_helpers.c. Other + * verification framework. See framework/tests/src/threading_helpers.c. Other * threading implementations (e.g. pthread without our instrumentation) * might consider this normal usage. */ TEST_ASSERT(mbedtls_mutex_lock(&mutex) == 0); @@ -277,7 +277,7 @@ void mutex_unlock_not_initialized(const char *name) mbedtls_threading_mutex_t mutex; memset(&mutex, 0, sizeof(mutex)); /* This mutex usage error is detected by our test framework's mutex usage - * verification framework. See tests/src/threading_helpers.c. Other + * verification framework. See framework/tests/src/threading_helpers.c. Other * threading implementations (e.g. pthread without our instrumentation) * might consider this normal usage. */ TEST_ASSERT(mbedtls_mutex_unlock(&mutex) == 0); @@ -293,7 +293,7 @@ void mutex_free_not_initialized(const char *name) mbedtls_threading_mutex_t mutex; memset(&mutex, 0, sizeof(mutex)); /* This mutex usage error is detected by our test framework's mutex usage - * verification framework. See tests/src/threading_helpers.c. Other + * verification framework. See framework/tests/src/threading_helpers.c. Other * threading implementations (e.g. pthread without our instrumentation) * might consider this normal usage. */ mbedtls_mutex_free(&mutex); @@ -307,7 +307,7 @@ void mutex_double_init(const char *name) mbedtls_threading_mutex_t mutex; mbedtls_mutex_init(&mutex); /* This mutex usage error is detected by our test framework's mutex usage - * verification framework. See tests/src/threading_helpers.c. Other + * verification framework. See framework/tests/src/threading_helpers.c. Other * threading implementations (e.g. pthread without our instrumentation) * might consider this normal usage. */ mbedtls_mutex_init(&mutex); @@ -323,7 +323,7 @@ void mutex_double_free(const char *name) mbedtls_mutex_init(&mutex); mbedtls_mutex_free(&mutex); /* This mutex usage error is detected by our test framework's mutex usage - * verification framework. See tests/src/threading_helpers.c. Other + * verification framework. See framework/tests/src/threading_helpers.c. Other * threading implementations (e.g. pthread without our instrumentation) * might consider this normal usage. */ mbedtls_mutex_free(&mutex); @@ -338,7 +338,7 @@ void mutex_leak(const char *name) mbedtls_mutex_init(&mutex); #endif /* This mutex usage error is detected by our test framework's mutex usage - * verification framework. See tests/src/threading_helpers.c. Other + * verification framework. See framework/tests/src/threading_helpers.c. Other * threading implementations (e.g. pthread without our instrumentation) * might consider this normal usage. */ } @@ -361,7 +361,7 @@ typedef struct { * - "msan": triggers MSan (Memory Sanitizer). * - "pthread": requires MBEDTLS_THREADING_PTHREAD and MBEDTLS_TEST_HOOKS, * which enables MBEDTLS_TEST_MUTEX_USAGE internally in the test - * framework (see tests/src/threading_helpers.c). + * framework (see framework/tests/src/threading_helpers.c). */ const char *platform; diff --git a/programs/util/CMakeLists.txt b/programs/util/CMakeLists.txt index cb6bc3d2d2b0..dbe44f895e06 100644 --- a/programs/util/CMakeLists.txt +++ b/programs/util/CMakeLists.txt @@ -10,7 +10,7 @@ set(executables foreach(exe IN LISTS executables) add_executable(${exe} ${exe}.c $) target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT}) - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) + target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include) endforeach() install(TARGETS ${executables} diff --git a/programs/x509/CMakeLists.txt b/programs/x509/CMakeLists.txt index 43437f070b1c..044128bb62c3 100644 --- a/programs/x509/CMakeLists.txt +++ b/programs/x509/CMakeLists.txt @@ -14,7 +14,7 @@ set(executables foreach(exe IN LISTS executables) add_executable(${exe} ${exe}.c $) target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT}) - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) + target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include) endforeach() target_link_libraries(cert_app ${mbedtls_target}) diff --git a/scripts/common.make b/scripts/common.make index d102a97a5699..d0bee337bd74 100644 --- a/scripts/common.make +++ b/scripts/common.make @@ -27,7 +27,7 @@ LOCAL_CFLAGS = $(WARNING_CFLAGS) -I$(MBEDTLS_TEST_PATH)/include \ -I$(MBEDTLS_PATH)/include -I$(MBEDTLS_PATH)/tf-psa-crypto/include \ -I$(MBEDTLS_PATH)/tf-psa-crypto/drivers/builtin/include \ -D_FILE_OFFSET_BITS=64 -LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) -I$(MBEDTLS_PATH)/include -I$(MBEDTLS_PATH)/tests/include -D_FILE_OFFSET_BITS=64 +LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) -I$(MBEDTLS_PATH)/include -I$(MBEDTLS_PATH)/framework/tests/include -D_FILE_OFFSET_BITS=64 ifdef PSASIM LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \ diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl index d48b2b26cf03..3b89734ccb75 100755 --- a/scripts/generate_visualc_files.pl +++ b/scripts/generate_visualc_files.pl @@ -28,10 +28,10 @@ my $tls_source_dir = 'library'; my $crypto_core_source_dir = 'tf-psa-crypto/core'; my $crypto_source_dir = 'tf-psa-crypto/drivers/builtin/src'; -my $test_source_dir = 'tests/src'; -my $test_header_dir = 'tests/include/test'; -my $test_drivers_header_dir = 'tests/include/test/drivers'; -my $test_drivers_source_dir = 'tests/src/drivers'; +my $test_source_dir = 'framework/tests/src'; +my $test_header_dir = 'framework/tests/include/test'; +my $test_drivers_header_dir = 'framework/tests/include/test/drivers'; +my $test_drivers_source_dir = 'framework/tests/src/drivers'; my @thirdparty_header_dirs = qw( tf-psa-crypto/drivers/everest/include/everest @@ -53,7 +53,7 @@ tf-psa-crypto/drivers/everest/include/everest tf-psa-crypto/drivers/everest/include/everest/vs2013 tf-psa-crypto/drivers/everest/include/everest/kremlib - tests/include + framework/tests/include ); my $include_directories = join(';', map {"../../$_"} @include_directories); diff --git a/scripts/make_generated_files.bat b/scripts/make_generated_files.bat index b03bce2ade5d..80054c615243 100644 --- a/scripts/make_generated_files.bat +++ b/scripts/make_generated_files.bat @@ -14,5 +14,5 @@ python framework\scripts\generate_bignum_tests.py || exit /b 1 python framework\scripts\generate_config_tests.py || exit /b 1 python framework\scripts\generate_ecp_tests.py || exit /b 1 python framework\scripts\generate_psa_tests.py || exit /b 1 -python framework\scripts\generate_test_keys.py --output tests\src\test_keys.h || exit /b 1 -python framework\scripts\generate_test_cert_macros.py --output tests\src\test_certs.h || exit /b 1 +python framework\scripts\generate_test_keys.py --output framework\tests\src\test_keys.h || exit /b 1 +python framework\scripts\generate_test_cert_macros.py --output framework\tests\src\test_certs.h || exit /b 1 diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index fd15a5f25f3e..dfb8b65b0dca 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -285,12 +285,12 @@ function(add_test_suite suite_name) $) add_dependencies(test_suite_${data_name} ${dependency}) target_link_libraries(test_suite_${data_name} ${libs}) - # Include test-specific header files from ./include and private header - # files (used by some invasive tests) from ../library. Public header - # files are automatically included because the library targets declare - # them as PUBLIC. + # Include test-specific header files from framework/tests/include and + # private header files (used by some invasive tests) from ../library. + # Public header files are automatically included because the library + # targets declare them as PUBLIC. target_include_directories(test_suite_${data_name} - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include + PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../framework/tests/include PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../library PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/core PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/drivers/builtin/src) diff --git a/tests/Makefile b/tests/Makefile index 95cd4613e4d3..b3cc48786936 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -1,4 +1,4 @@ -MBEDTLS_TEST_PATH = . +MBEDTLS_TEST_PATH = ../framework/tests include ../scripts/common.make # Set this to -v to see the details of failing test cases @@ -54,7 +54,7 @@ endif GENERATED_DATA_FILES += $(GENERATED_PSA_DATA_FILES) GENERATED_FILES = $(GENERATED_DATA_FILES) -GENERATED_FILES += src/test_keys.h src/test_certs.h +GENERATED_FILES += ../framework/tests/src/test_keys.h ../framework/tests/src/test_certs.h .PHONY: generated_files generated_files: $(GENERATED_FILES) @@ -148,32 +148,32 @@ all: $(BINARIES) mbedtls_test: $(MBEDTLS_TEST_OBJS) -src/test_certs.h: ../framework/scripts/generate_test_cert_macros.py \ +../framework/tests/src/test_certs.h: ../framework/scripts/generate_test_cert_macros.py \ $($(PYTHON) ../framework/scripts/generate_test_cert_macros.py --list-dependencies) $(PYTHON) ../framework/scripts/generate_test_cert_macros.py --output $@ -src/test_keys.h: ../framework/scripts/generate_test_keys.py +../framework/tests/src/test_keys.h: ../framework/scripts/generate_test_keys.py $(PYTHON) ../framework/scripts/generate_test_keys.py --output $@ -TEST_OBJS_DEPS = $(wildcard include/test/*.h include/test/*/*.h) +TEST_OBJS_DEPS = $(wildcard ../framework/tests/include/test/*.h include/test/*/*.h) ifdef RECORD_PSA_STATUS_COVERAGE_LOG # Explicitly depend on this header because on a clean copy of the source tree, # it doesn't exist yet and must be generated as part of the build, and # therefore the wildcard enumeration above doesn't include it. -TEST_OBJS_DEPS += include/test/instrument_record_status.h +TEST_OBJS_DEPS += ../framework/tests/include/test/instrument_record_status.h endif -TEST_OBJS_DEPS += src/test_certs.h src/test_keys.h +TEST_OBJS_DEPS += ../framework/tests/src/test_certs.h ../framework/tests/src/test_keys.h # Rule to compile common test C files in src folder -src/%.o : src/%.c $(TEST_OBJS_DEPS) +../framework/tests/src/%.o : ../framework/tests/src/%.c $(TEST_OBJS_DEPS) echo " CC $<" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $< -src/drivers/%.o : src/drivers/%.c +../framework/tests/src/drivers/%.o : ../framework/tests/src/drivers/%.c echo " CC $<" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $< -src/test_helpers/%.o : src/test_helpers/%.c +../framework/tests/src/test_helpers/%.o : ../framework/tests/src/test_helpers/%.c echo " CC $<" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $< @@ -216,8 +216,8 @@ ifndef WINDOWS rm -rf $(BINARIES) *.c *.datax rm -f src/*.o src/drivers/*.o src/test_helpers/*.o src/libmbed* src/test_keys.h src/test_certs.h rm -f src/test_keys.h src/test_certs.h - rm -f include/test/instrument_record_status.h - rm -f include/alt-extra/*/*_alt.h + rm -f ../framework/tests/include/test/instrument_record_status.h + rm -f ../framework/tests/include/alt-extra/*/*_alt.h rm -rf libtestdriver1 rm -rf libpsaclient libpsaserver rm -f ../library/libtestdriver1.a @@ -231,7 +231,7 @@ else if exist src/test_certs.h del /Q /F src/test_cers.h if exist src/test_helpers/*.o del /Q /F src/test_helpers/*.o if exist src/libmbed* del /Q /F src/libmed* - if exist include/test/instrument_record_status.h del /Q /F include/test/instrument_record_status.h + if exist ../framework/tests/include/test/instrument_record_status.h del /Q /F include/test/instrument_record_status.h endif # Test suites caught by SKIP_TEST_SUITES are built but not executed. @@ -241,11 +241,11 @@ check: $(BINARIES) test: check # Generate variants of some headers for testing -include/alt-extra/%_alt.h: ../include/%.h +../framework/tests/include/alt-extra/%_alt.h: ../include/%.h perl -p -e 's/^(# *(define|ifndef) +\w+_)H\b/$${1}ALT_H/' $< >$@ -include/alt-extra/%_alt.h: ../tf-psa-crypto/include/%.h +../framework/tests/include/alt-extra/%_alt.h: ../tf-psa-crypto/include/%.h perl -p -e 's/^(# *(define|ifndef) +\w+_)H\b/$${1}ALT_H/' $< >$@ -include/alt-extra/%_alt.h: ../tf-psa-crypto/drivers/builtin/include/%.h +../framework/tests/include/alt-extra/%_alt.h: ../tf-psa-crypto/drivers/builtin/include/%.h perl -p -e 's/^(# *(define|ifndef) +\w+_)H\b/$${1}ALT_H/' $< >$@ # Generate test library @@ -286,16 +286,16 @@ libtestdriver1.a: cp -Rf ../scripts ./libtestdriver1 # Set the test driver base (minimal) configuration. - cp ./include/test/drivers/config_test_driver.h ./libtestdriver1/include/mbedtls/mbedtls_config.h + cp ./../framework/tests/include/test/drivers/config_test_driver.h ./libtestdriver1/include/mbedtls/mbedtls_config.h # Set the PSA cryptography configuration for the test library. # It is set from the copied include/psa/crypto_config.h of the Mbed TLS # library the test library is intended to be linked with extended by - # ./include/test/drivers/crypto_config_test_driver_extension.h to + # ./../framework/tests/include/test/drivers/crypto_config_test_driver_extension.h to # mirror the PSA_ACCEL_* macros. mv ./libtestdriver1/tf-psa-crypto/include/psa/crypto_config.h ./libtestdriver1/tf-psa-crypto/include/psa/crypto_config.h.bak head -n -1 ./libtestdriver1/tf-psa-crypto/include/psa/crypto_config.h.bak > ./libtestdriver1/tf-psa-crypto/include/psa/crypto_config.h - cat ./include/test/drivers/crypto_config_test_driver_extension.h >> ./libtestdriver1/tf-psa-crypto/include/psa/crypto_config.h + cat ./../framework/tests/include/test/drivers/crypto_config_test_driver_extension.h >> ./libtestdriver1/tf-psa-crypto/include/psa/crypto_config.h echo "#endif /* PSA_CRYPTO_CONFIG_H */" >> ./libtestdriver1/tf-psa-crypto/include/psa/crypto_config.h # Prefix MBEDTLS_* PSA_* symbols with LIBTESTDRIVER1_ as well as @@ -312,7 +312,7 @@ libtestdriver1.a: cp ./libtestdriver1/library/libmbedcrypto.a ../library/libtestdriver1.a ifdef RECORD_PSA_STATUS_COVERAGE_LOG -include/test/instrument_record_status.h: ../tf-psa-crypto/include/psa/crypto.h Makefile +../framework/tests/include/test/instrument_record_status.h: ../tf-psa-crypto/include/psa/crypto.h Makefile echo " Gen $@" sed <../tf-psa-crypto/include/psa/crypto.h >$@ -n 's/^psa_status_t \([A-Za-z0-9_]*\)(.*/#define \1(...) RECORD_STATUS("\1", \1(__VA_ARGS__))/p' endif diff --git a/tests/include/alt-extra/psa/crypto.h b/tests/include/alt-extra/psa/crypto.h deleted file mode 100644 index 005f3aeea0ca..000000000000 --- a/tests/include/alt-extra/psa/crypto.h +++ /dev/null @@ -1,7 +0,0 @@ -/* The goal of the include/alt-extra directory is to test what happens - * if certain files come _after_ the normal include directory. - * Make sure that if the alt-extra directory comes before the normal - * directory (so we wouldn't be achieving our test objective), the build - * will fail. - */ -#error "The normal include directory must come first in the include path" diff --git a/tests/include/baremetal-override/time.h b/tests/include/baremetal-override/time.h deleted file mode 100644 index 0a44275e765a..000000000000 --- a/tests/include/baremetal-override/time.h +++ /dev/null @@ -1,6 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#error "time.h included in a configuration without MBEDTLS_HAVE_TIME" diff --git a/tests/include/spe/crypto_spe.h b/tests/include/spe/crypto_spe.h deleted file mode 100644 index fdf3a2db5a3f..000000000000 --- a/tests/include/spe/crypto_spe.h +++ /dev/null @@ -1,131 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - * - */ - -/** - * \file crypto_spe.h - * - * \brief When Mbed TLS is built with the MBEDTLS_PSA_CRYPTO_SPM option - * enabled, this header is included by all .c files in Mbed TLS that - * use PSA Crypto function names. This avoids duplication of symbols - * between TF-M and Mbed TLS. - * - * \note This file should be included before including any PSA Crypto headers - * from Mbed TLS. - */ - -#ifndef CRYPTO_SPE_H -#define CRYPTO_SPE_H - -#define PSA_FUNCTION_NAME(x) mbedcrypto__ ## x - -#define psa_crypto_init \ - PSA_FUNCTION_NAME(psa_crypto_init) -#define psa_key_derivation_get_capacity \ - PSA_FUNCTION_NAME(psa_key_derivation_get_capacity) -#define psa_key_derivation_set_capacity \ - PSA_FUNCTION_NAME(psa_key_derivation_set_capacity) -#define psa_key_derivation_input_bytes \ - PSA_FUNCTION_NAME(psa_key_derivation_input_bytes) -#define psa_key_derivation_output_bytes \ - PSA_FUNCTION_NAME(psa_key_derivation_output_bytes) -#define psa_key_derivation_input_key \ - PSA_FUNCTION_NAME(psa_key_derivation_input_key) -#define psa_key_derivation_output_key \ - PSA_FUNCTION_NAME(psa_key_derivation_output_key) -#define psa_key_derivation_setup \ - PSA_FUNCTION_NAME(psa_key_derivation_setup) -#define psa_key_derivation_abort \ - PSA_FUNCTION_NAME(psa_key_derivation_abort) -#define psa_key_derivation_key_agreement \ - PSA_FUNCTION_NAME(psa_key_derivation_key_agreement) -#define psa_raw_key_agreement \ - PSA_FUNCTION_NAME(psa_raw_key_agreement) -#define psa_generate_random \ - PSA_FUNCTION_NAME(psa_generate_random) -#define psa_aead_encrypt \ - PSA_FUNCTION_NAME(psa_aead_encrypt) -#define psa_aead_decrypt \ - PSA_FUNCTION_NAME(psa_aead_decrypt) -#define psa_open_key \ - PSA_FUNCTION_NAME(psa_open_key) -#define psa_close_key \ - PSA_FUNCTION_NAME(psa_close_key) -#define psa_import_key \ - PSA_FUNCTION_NAME(psa_import_key) -#define psa_destroy_key \ - PSA_FUNCTION_NAME(psa_destroy_key) -#define psa_get_key_attributes \ - PSA_FUNCTION_NAME(psa_get_key_attributes) -#define psa_reset_key_attributes \ - PSA_FUNCTION_NAME(psa_reset_key_attributes) -#define psa_export_key \ - PSA_FUNCTION_NAME(psa_export_key) -#define psa_export_public_key \ - PSA_FUNCTION_NAME(psa_export_public_key) -#define psa_purge_key \ - PSA_FUNCTION_NAME(psa_purge_key) -#define psa_copy_key \ - PSA_FUNCTION_NAME(psa_copy_key) -#define psa_cipher_operation_init \ - PSA_FUNCTION_NAME(psa_cipher_operation_init) -#define psa_cipher_generate_iv \ - PSA_FUNCTION_NAME(psa_cipher_generate_iv) -#define psa_cipher_set_iv \ - PSA_FUNCTION_NAME(psa_cipher_set_iv) -#define psa_cipher_encrypt_setup \ - PSA_FUNCTION_NAME(psa_cipher_encrypt_setup) -#define psa_cipher_decrypt_setup \ - PSA_FUNCTION_NAME(psa_cipher_decrypt_setup) -#define psa_cipher_update \ - PSA_FUNCTION_NAME(psa_cipher_update) -#define psa_cipher_finish \ - PSA_FUNCTION_NAME(psa_cipher_finish) -#define psa_cipher_abort \ - PSA_FUNCTION_NAME(psa_cipher_abort) -#define psa_hash_operation_init \ - PSA_FUNCTION_NAME(psa_hash_operation_init) -#define psa_hash_setup \ - PSA_FUNCTION_NAME(psa_hash_setup) -#define psa_hash_update \ - PSA_FUNCTION_NAME(psa_hash_update) -#define psa_hash_finish \ - PSA_FUNCTION_NAME(psa_hash_finish) -#define psa_hash_verify \ - PSA_FUNCTION_NAME(psa_hash_verify) -#define psa_hash_abort \ - PSA_FUNCTION_NAME(psa_hash_abort) -#define psa_hash_clone \ - PSA_FUNCTION_NAME(psa_hash_clone) -#define psa_hash_compute \ - PSA_FUNCTION_NAME(psa_hash_compute) -#define psa_hash_compare \ - PSA_FUNCTION_NAME(psa_hash_compare) -#define psa_mac_operation_init \ - PSA_FUNCTION_NAME(psa_mac_operation_init) -#define psa_mac_sign_setup \ - PSA_FUNCTION_NAME(psa_mac_sign_setup) -#define psa_mac_verify_setup \ - PSA_FUNCTION_NAME(psa_mac_verify_setup) -#define psa_mac_update \ - PSA_FUNCTION_NAME(psa_mac_update) -#define psa_mac_sign_finish \ - PSA_FUNCTION_NAME(psa_mac_sign_finish) -#define psa_mac_verify_finish \ - PSA_FUNCTION_NAME(psa_mac_verify_finish) -#define psa_mac_abort \ - PSA_FUNCTION_NAME(psa_mac_abort) -#define psa_sign_hash \ - PSA_FUNCTION_NAME(psa_sign_hash) -#define psa_verify_hash \ - PSA_FUNCTION_NAME(psa_verify_hash) -#define psa_asymmetric_encrypt \ - PSA_FUNCTION_NAME(psa_asymmetric_encrypt) -#define psa_asymmetric_decrypt \ - PSA_FUNCTION_NAME(psa_asymmetric_decrypt) -#define psa_generate_key \ - PSA_FUNCTION_NAME(psa_generate_key) - -#endif /* CRYPTO_SPE_H */ diff --git a/tests/include/test/arguments.h b/tests/include/test/arguments.h deleted file mode 100644 index 6d267b660e2f..000000000000 --- a/tests/include/test/arguments.h +++ /dev/null @@ -1,26 +0,0 @@ -/** - * \file arguments.h - * - * \brief Manipulation of test arguments. - * - * Much of the code is in host_test.function, to be migrated here later. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef TEST_ARGUMENTS_H -#define TEST_ARGUMENTS_H - -#include "mbedtls/build_info.h" -#include -#include - -typedef union { - size_t len; - intmax_t sint; -} mbedtls_test_argument_t; - -#endif /* TEST_ARGUMENTS_H */ diff --git a/tests/include/test/asn1_helpers.h b/tests/include/test/asn1_helpers.h deleted file mode 100644 index 2eb91712820c..000000000000 --- a/tests/include/test/asn1_helpers.h +++ /dev/null @@ -1,38 +0,0 @@ -/** Helper functions for tests that manipulate ASN.1 data. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef ASN1_HELPERS_H -#define ASN1_HELPERS_H - -#include "test/helpers.h" - -/** Skip past an INTEGER in an ASN.1 buffer. - * - * Mark the current test case as failed in any of the following conditions: - * - The buffer does not start with an ASN.1 INTEGER. - * - The integer's size or parity does not match the constraints expressed - * through \p min_bits, \p max_bits and \p must_be_odd. - * - * \param p Upon entry, `*p` points to the first byte of the - * buffer to parse. - * On successful return, `*p` points to the first byte - * after the parsed INTEGER. - * On failure, `*p` is unspecified. - * \param end The end of the ASN.1 buffer. - * \param min_bits Fail the test case if the integer does not have at - * least this many significant bits. - * \param max_bits Fail the test case if the integer has more than - * this many significant bits. - * \param must_be_odd Fail the test case if the integer is even. - * - * \return \c 0 if the test failed, otherwise 1. - */ -int mbedtls_test_asn1_skip_integer(unsigned char **p, const unsigned char *end, - size_t min_bits, size_t max_bits, - int must_be_odd); - -#endif /* ASN1_HELPERS_H */ diff --git a/tests/include/test/bignum_helpers.h b/tests/include/test/bignum_helpers.h deleted file mode 100644 index a5e49cbe576e..000000000000 --- a/tests/include/test/bignum_helpers.h +++ /dev/null @@ -1,98 +0,0 @@ -/** - * \file bignum_helpers.h - * - * \brief This file contains the prototypes of helper functions for - * bignum-related testing. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef TEST_BIGNUM_HELPERS_H -#define TEST_BIGNUM_HELPERS_H - -#include - -#if defined(MBEDTLS_BIGNUM_C) - -#include -#include - -/** Allocate and populate a core MPI from a test case argument. - * - * This function allocates exactly as many limbs as necessary to fit - * the length of the input. In other words, it preserves leading zeros. - * - * The limb array is allocated with mbedtls_calloc() and must later be - * freed with mbedtls_free(). - * - * \param[in,out] pX The address where a pointer to the allocated limb - * array will be stored. - * \c *pX must be null on entry. - * On exit, \c *pX is null on error or if the number - * of limbs is 0. - * \param[out] plimbs The address where the number of limbs will be stored. - * \param[in] input The test argument to read. - * It is interpreted as a hexadecimal representation - * of a non-negative integer. - * - * \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise. - */ -int mbedtls_test_read_mpi_core(mbedtls_mpi_uint **pX, size_t *plimbs, - const char *input); - -/** Read a modulus from a hexadecimal string. - * - * This function allocates exactly as many limbs as necessary to fit - * the length of the input. In other words, it preserves leading zeros. - * - * The limb array is allocated with mbedtls_calloc() and must later be - * freed with mbedtls_free(). You can do that by calling - * mbedtls_test_mpi_mod_modulus_free_with_limbs(). - * - * \param[in,out] N A modulus structure. It must be initialized, but - * not set up. - * \param[in] s The null-terminated hexadecimal string to read from. - * \param int_rep The desired representation of residues. - * - * \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise. - */ -int mbedtls_test_read_mpi_modulus(mbedtls_mpi_mod_modulus *N, - const char *s, - mbedtls_mpi_mod_rep_selector int_rep); - -/** Free a modulus and its limbs. - * - * \param[in] N A modulus structure such that there is no other - * reference to `N->p`. - */ -void mbedtls_test_mpi_mod_modulus_free_with_limbs(mbedtls_mpi_mod_modulus *N); - -/** Read an MPI from a hexadecimal string. - * - * Like mbedtls_mpi_read_string(), but with tighter guarantees around - * edge cases. - * - * - This function guarantees that if \p s begins with '-' then the sign - * bit of the result will be negative, even if the value is 0. - * When this function encounters such a "negative 0", it calls - * mbedtls_test_increment_case_uses_negative_0(). - * - The size of the result is exactly the minimum number of limbs needed to fit - * the digits in the input. In particular, this function constructs a bignum - * with 0 limbs for an empty string, and a bignum with leading 0 limbs if the - * string has sufficiently many leading 0 digits. This is important so that - * the "0 (null)" and "0 (1 limb)" and "leading zeros" test cases do what they - * claim. - * - * \param[out] X The MPI object to populate. It must be initialized. - * \param[in] s The null-terminated hexadecimal string to read from. - * - * \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise. - */ -int mbedtls_test_read_mpi(mbedtls_mpi *X, const char *s); - -#endif /* MBEDTLS_BIGNUM_C */ - -#endif /* TEST_BIGNUM_HELPERS_H */ diff --git a/tests/include/test/certs.h b/tests/include/test/certs.h deleted file mode 100644 index db69536a6f29..000000000000 --- a/tests/include/test/certs.h +++ /dev/null @@ -1,234 +0,0 @@ -/** - * \file certs.h - * - * \brief Sample certificates and DHM parameters for testing - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#ifndef MBEDTLS_CERTS_H -#define MBEDTLS_CERTS_H - -#include "mbedtls/build_info.h" - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* List of all PEM-encoded CA certificates, terminated by NULL; - * PEM encoded if MBEDTLS_PEM_PARSE_C is enabled, DER encoded - * otherwise. */ -extern const char *mbedtls_test_cas[]; -extern const size_t mbedtls_test_cas_len[]; - -/* List of all DER-encoded CA certificates, terminated by NULL */ -extern const unsigned char *mbedtls_test_cas_der[]; -extern const size_t mbedtls_test_cas_der_len[]; - -#if defined(MBEDTLS_PEM_PARSE_C) -/* Concatenation of all CA certificates in PEM format if available */ -extern const char mbedtls_test_cas_pem[]; -extern const size_t mbedtls_test_cas_pem_len; -#endif /* MBEDTLS_PEM_PARSE_C */ - -/* - * CA test certificates - */ - -extern const char mbedtls_test_ca_crt_ec_pem[]; -extern const char mbedtls_test_ca_key_ec_pem[]; -extern const char mbedtls_test_ca_pwd_ec_pem[]; -extern const char mbedtls_test_ca_key_rsa_pem[]; -extern const char mbedtls_test_ca_pwd_rsa_pem[]; -extern const char mbedtls_test_ca_crt_rsa_sha1_pem[]; -extern const char mbedtls_test_ca_crt_rsa_sha256_pem[]; - -extern const unsigned char mbedtls_test_ca_crt_ec_der[]; -extern const unsigned char mbedtls_test_ca_key_ec_der[]; -extern const unsigned char mbedtls_test_ca_key_rsa_der[]; -extern const unsigned char mbedtls_test_ca_crt_rsa_sha1_der[]; -extern const unsigned char mbedtls_test_ca_crt_rsa_sha256_der[]; - -extern const size_t mbedtls_test_ca_crt_ec_pem_len; -extern const size_t mbedtls_test_ca_key_ec_pem_len; -extern const size_t mbedtls_test_ca_pwd_ec_pem_len; -extern const size_t mbedtls_test_ca_key_rsa_pem_len; -extern const size_t mbedtls_test_ca_pwd_rsa_pem_len; -extern const size_t mbedtls_test_ca_crt_rsa_sha1_pem_len; -extern const size_t mbedtls_test_ca_crt_rsa_sha256_pem_len; - -extern const size_t mbedtls_test_ca_crt_ec_der_len; -extern const size_t mbedtls_test_ca_key_ec_der_len; -extern const size_t mbedtls_test_ca_pwd_ec_der_len; -extern const size_t mbedtls_test_ca_key_rsa_der_len; -extern const size_t mbedtls_test_ca_pwd_rsa_der_len; -extern const size_t mbedtls_test_ca_crt_rsa_sha1_der_len; -extern const size_t mbedtls_test_ca_crt_rsa_sha256_der_len; - -/* Config-dependent dispatch between PEM and DER encoding - * (PEM if enabled, otherwise DER) */ - -extern const char mbedtls_test_ca_crt_ec[]; -extern const char mbedtls_test_ca_key_ec[]; -extern const char mbedtls_test_ca_pwd_ec[]; -extern const char mbedtls_test_ca_key_rsa[]; -extern const char mbedtls_test_ca_pwd_rsa[]; -extern const char mbedtls_test_ca_crt_rsa_sha1[]; -extern const char mbedtls_test_ca_crt_rsa_sha256[]; - -extern const size_t mbedtls_test_ca_crt_ec_len; -extern const size_t mbedtls_test_ca_key_ec_len; -extern const size_t mbedtls_test_ca_pwd_ec_len; -extern const size_t mbedtls_test_ca_key_rsa_len; -extern const size_t mbedtls_test_ca_pwd_rsa_len; -extern const size_t mbedtls_test_ca_crt_rsa_sha1_len; -extern const size_t mbedtls_test_ca_crt_rsa_sha256_len; - -/* Config-dependent dispatch between SHA-1 and SHA-256 - * (SHA-256 if enabled, otherwise SHA-1) */ - -extern const char mbedtls_test_ca_crt_rsa[]; -extern const size_t mbedtls_test_ca_crt_rsa_len; - -/* Config-dependent dispatch between EC and RSA - * (RSA if enabled, otherwise EC) */ - -extern const char *mbedtls_test_ca_crt; -extern const char *mbedtls_test_ca_key; -extern const char *mbedtls_test_ca_pwd; -extern const size_t mbedtls_test_ca_crt_len; -extern const size_t mbedtls_test_ca_key_len; -extern const size_t mbedtls_test_ca_pwd_len; - -/* - * Server test certificates - */ - -extern const char mbedtls_test_srv_crt_ec_pem[]; -extern const char mbedtls_test_srv_key_ec_pem[]; -extern const char mbedtls_test_srv_pwd_ec_pem[]; -extern const char mbedtls_test_srv_key_rsa_pem[]; -extern const char mbedtls_test_srv_pwd_rsa_pem[]; -extern const char mbedtls_test_srv_crt_rsa_sha1_pem[]; -extern const char mbedtls_test_srv_crt_rsa_sha256_pem[]; - -extern const unsigned char mbedtls_test_srv_crt_ec_der[]; -extern const unsigned char mbedtls_test_srv_key_ec_der[]; -extern const unsigned char mbedtls_test_srv_key_rsa_der[]; -extern const unsigned char mbedtls_test_srv_crt_rsa_sha1_der[]; -extern const unsigned char mbedtls_test_srv_crt_rsa_sha256_der[]; - -extern const size_t mbedtls_test_srv_crt_ec_pem_len; -extern const size_t mbedtls_test_srv_key_ec_pem_len; -extern const size_t mbedtls_test_srv_pwd_ec_pem_len; -extern const size_t mbedtls_test_srv_key_rsa_pem_len; -extern const size_t mbedtls_test_srv_pwd_rsa_pem_len; -extern const size_t mbedtls_test_srv_crt_rsa_sha1_pem_len; -extern const size_t mbedtls_test_srv_crt_rsa_sha256_pem_len; - -extern const size_t mbedtls_test_srv_crt_ec_der_len; -extern const size_t mbedtls_test_srv_key_ec_der_len; -extern const size_t mbedtls_test_srv_pwd_ec_der_len; -extern const size_t mbedtls_test_srv_key_rsa_der_len; -extern const size_t mbedtls_test_srv_pwd_rsa_der_len; -extern const size_t mbedtls_test_srv_crt_rsa_sha1_der_len; -extern const size_t mbedtls_test_srv_crt_rsa_sha256_der_len; - -/* Config-dependent dispatch between PEM and DER encoding - * (PEM if enabled, otherwise DER) */ - -extern const char mbedtls_test_srv_crt_ec[]; -extern const char mbedtls_test_srv_key_ec[]; -extern const char mbedtls_test_srv_pwd_ec[]; -extern const char mbedtls_test_srv_key_rsa[]; -extern const char mbedtls_test_srv_pwd_rsa[]; -extern const char mbedtls_test_srv_crt_rsa_sha1[]; -extern const char mbedtls_test_srv_crt_rsa_sha256[]; - -extern const size_t mbedtls_test_srv_crt_ec_len; -extern const size_t mbedtls_test_srv_key_ec_len; -extern const size_t mbedtls_test_srv_pwd_ec_len; -extern const size_t mbedtls_test_srv_key_rsa_len; -extern const size_t mbedtls_test_srv_pwd_rsa_len; -extern const size_t mbedtls_test_srv_crt_rsa_sha1_len; -extern const size_t mbedtls_test_srv_crt_rsa_sha256_len; - -/* Config-dependent dispatch between SHA-1 and SHA-256 - * (SHA-256 if enabled, otherwise SHA-1) */ - -extern const char mbedtls_test_srv_crt_rsa[]; -extern const size_t mbedtls_test_srv_crt_rsa_len; - -/* Config-dependent dispatch between EC and RSA - * (RSA if enabled, otherwise EC) */ - -extern const char *mbedtls_test_srv_crt; -extern const char *mbedtls_test_srv_key; -extern const char *mbedtls_test_srv_pwd; -extern const size_t mbedtls_test_srv_crt_len; -extern const size_t mbedtls_test_srv_key_len; -extern const size_t mbedtls_test_srv_pwd_len; - -/* - * Client test certificates - */ - -extern const char mbedtls_test_cli_crt_ec_pem[]; -extern const char mbedtls_test_cli_key_ec_pem[]; -extern const char mbedtls_test_cli_pwd_ec_pem[]; -extern const char mbedtls_test_cli_key_rsa_pem[]; -extern const char mbedtls_test_cli_pwd_rsa_pem[]; -extern const char mbedtls_test_cli_crt_rsa_pem[]; - -extern const unsigned char mbedtls_test_cli_crt_ec_der[]; -extern const unsigned char mbedtls_test_cli_key_ec_der[]; -extern const unsigned char mbedtls_test_cli_key_rsa_der[]; -extern const unsigned char mbedtls_test_cli_crt_rsa_der[]; - -extern const size_t mbedtls_test_cli_crt_ec_pem_len; -extern const size_t mbedtls_test_cli_key_ec_pem_len; -extern const size_t mbedtls_test_cli_pwd_ec_pem_len; -extern const size_t mbedtls_test_cli_key_rsa_pem_len; -extern const size_t mbedtls_test_cli_pwd_rsa_pem_len; -extern const size_t mbedtls_test_cli_crt_rsa_pem_len; - -extern const size_t mbedtls_test_cli_crt_ec_der_len; -extern const size_t mbedtls_test_cli_key_ec_der_len; -extern const size_t mbedtls_test_cli_key_rsa_der_len; -extern const size_t mbedtls_test_cli_crt_rsa_der_len; - -/* Config-dependent dispatch between PEM and DER encoding - * (PEM if enabled, otherwise DER) */ - -extern const char mbedtls_test_cli_crt_ec[]; -extern const char mbedtls_test_cli_key_ec[]; -extern const char mbedtls_test_cli_pwd_ec[]; -extern const char mbedtls_test_cli_key_rsa[]; -extern const char mbedtls_test_cli_pwd_rsa[]; -extern const char mbedtls_test_cli_crt_rsa[]; - -extern const size_t mbedtls_test_cli_crt_ec_len; -extern const size_t mbedtls_test_cli_key_ec_len; -extern const size_t mbedtls_test_cli_pwd_ec_len; -extern const size_t mbedtls_test_cli_key_rsa_len; -extern const size_t mbedtls_test_cli_pwd_rsa_len; -extern const size_t mbedtls_test_cli_crt_rsa_len; - -/* Config-dependent dispatch between EC and RSA - * (RSA if enabled, otherwise EC) */ - -extern const char *mbedtls_test_cli_crt; -extern const char *mbedtls_test_cli_key; -extern const char *mbedtls_test_cli_pwd; -extern const size_t mbedtls_test_cli_crt_len; -extern const size_t mbedtls_test_cli_key_len; -extern const size_t mbedtls_test_cli_pwd_len; - -#ifdef __cplusplus -} -#endif - -#endif /* certs.h */ diff --git a/tests/include/test/constant_flow.h b/tests/include/test/constant_flow.h deleted file mode 100644 index c5658eb408b0..000000000000 --- a/tests/include/test/constant_flow.h +++ /dev/null @@ -1,71 +0,0 @@ -/** - * \file constant_flow.h - * - * \brief This file contains tools to ensure tested code has constant flow. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef TEST_CONSTANT_FLOW_H -#define TEST_CONSTANT_FLOW_H - -#include "mbedtls/build_info.h" - -/* - * This file defines the two macros - * - * #define TEST_CF_SECRET(ptr, size) - * #define TEST_CF_PUBLIC(ptr, size) - * - * that can be used in tests to mark a memory area as secret (no branch or - * memory access should depend on it) or public (default, only needs to be - * marked explicitly when it was derived from secret data). - * - * Arguments: - * - ptr: a pointer to the memory area to be marked - * - size: the size in bytes of the memory area - * - * Implementation: - * The basic idea is that of ctgrind : we can - * re-use tools that were designed for checking use of uninitialized memory. - * This file contains two implementations: one based on MemorySanitizer, the - * other on valgrind's memcheck. If none of them is enabled, dummy macros that - * do nothing are defined for convenience. - * - * \note #TEST_CF_SECRET must be called directly from within a .function file, - * not indirectly via a macro defined under tests/include or a function - * under tests/src. This is because we only run Valgrind for constant - * flow on test suites that have greppable annotations inside them (see - * `skip_suites_without_constant_flow` in `tests/scripts/all.sh`). - */ - -#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) -#include - -/* Use macros to avoid messing up with origin tracking */ -#define TEST_CF_SECRET __msan_allocated_memory -// void __msan_allocated_memory(const volatile void* data, size_t size); -#define TEST_CF_PUBLIC __msan_unpoison -// void __msan_unpoison(const volatile void *a, size_t size); - -#elif defined(MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND) -#include - -#define TEST_CF_SECRET VALGRIND_MAKE_MEM_UNDEFINED -// VALGRIND_MAKE_MEM_UNDEFINED(_qzz_addr, _qzz_len) -#define TEST_CF_PUBLIC VALGRIND_MAKE_MEM_DEFINED -// VALGRIND_MAKE_MEM_DEFINED(_qzz_addr, _qzz_len) - -#else /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN || - MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND */ - -#define TEST_CF_SECRET(ptr, size) -#define TEST_CF_PUBLIC(ptr, size) - -#endif /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN || - MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND */ - -#endif /* TEST_CONSTANT_FLOW_H */ diff --git a/tests/include/test/drivers/aead.h b/tests/include/test/drivers/aead.h deleted file mode 100644 index a033e399d069..000000000000 --- a/tests/include/test/drivers/aead.h +++ /dev/null @@ -1,121 +0,0 @@ -/* - * Test driver for AEAD driver entry points. - */ -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef PSA_CRYPTO_TEST_DRIVERS_AEAD_H -#define PSA_CRYPTO_TEST_DRIVERS_AEAD_H - -#include "mbedtls/build_info.h" - -#if defined(PSA_CRYPTO_DRIVER_TEST) -#include - -typedef struct { - /* If not PSA_SUCCESS, return this error code instead of processing the - * function call. */ - psa_status_t forced_status; - /* Count the amount of times AEAD driver functions are called. */ - unsigned long hits_encrypt; - unsigned long hits_decrypt; - unsigned long hits_encrypt_setup; - unsigned long hits_decrypt_setup; - unsigned long hits_set_nonce; - unsigned long hits_set_lengths; - unsigned long hits_update_ad; - unsigned long hits_update; - unsigned long hits_finish; - unsigned long hits_verify; - unsigned long hits_abort; - - /* Status returned by the last AEAD driver function call. */ - psa_status_t driver_status; -} mbedtls_test_driver_aead_hooks_t; - -#define MBEDTLS_TEST_DRIVER_AEAD_INIT { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 } -static inline mbedtls_test_driver_aead_hooks_t -mbedtls_test_driver_aead_hooks_init(void) -{ - const mbedtls_test_driver_aead_hooks_t v = MBEDTLS_TEST_DRIVER_AEAD_INIT; - return v; -} - -extern mbedtls_test_driver_aead_hooks_t mbedtls_test_driver_aead_hooks; - -psa_status_t mbedtls_test_transparent_aead_encrypt( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *nonce, size_t nonce_length, - const uint8_t *additional_data, size_t additional_data_length, - const uint8_t *plaintext, size_t plaintext_length, - uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length); - -psa_status_t mbedtls_test_transparent_aead_decrypt( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *nonce, size_t nonce_length, - const uint8_t *additional_data, size_t additional_data_length, - const uint8_t *ciphertext, size_t ciphertext_length, - uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length); - -psa_status_t mbedtls_test_transparent_aead_encrypt_setup( - mbedtls_transparent_test_driver_aead_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg); - -psa_status_t mbedtls_test_transparent_aead_decrypt_setup( - mbedtls_transparent_test_driver_aead_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg); - -psa_status_t mbedtls_test_transparent_aead_set_nonce( - mbedtls_transparent_test_driver_aead_operation_t *operation, - const uint8_t *nonce, - size_t nonce_length); - -psa_status_t mbedtls_test_transparent_aead_set_lengths( - mbedtls_transparent_test_driver_aead_operation_t *operation, - size_t ad_length, - size_t plaintext_length); - -psa_status_t mbedtls_test_transparent_aead_update_ad( - mbedtls_transparent_test_driver_aead_operation_t *operation, - const uint8_t *input, - size_t input_length); - -psa_status_t mbedtls_test_transparent_aead_update( - mbedtls_transparent_test_driver_aead_operation_t *operation, - const uint8_t *input, - size_t input_length, - uint8_t *output, - size_t output_size, - size_t *output_length); - -psa_status_t mbedtls_test_transparent_aead_finish( - mbedtls_transparent_test_driver_aead_operation_t *operation, - uint8_t *ciphertext, - size_t ciphertext_size, - size_t *ciphertext_length, - uint8_t *tag, - size_t tag_size, - size_t *tag_length); - -psa_status_t mbedtls_test_transparent_aead_verify( - mbedtls_transparent_test_driver_aead_operation_t *operation, - uint8_t *plaintext, - size_t plaintext_size, - size_t *plaintext_length, - const uint8_t *tag, - size_t tag_length); - -psa_status_t mbedtls_test_transparent_aead_abort( - mbedtls_transparent_test_driver_aead_operation_t *operation); - -#endif /* PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_TEST_DRIVERS_AEAD_H */ diff --git a/tests/include/test/drivers/asymmetric_encryption.h b/tests/include/test/drivers/asymmetric_encryption.h deleted file mode 100644 index 0ac77087df97..000000000000 --- a/tests/include/test/drivers/asymmetric_encryption.h +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Test driver for asymmetric encryption. - */ -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef PSA_CRYPTO_TEST_DRIVERS_ASYMMETRIC_ENCRYPTION_H -#define PSA_CRYPTO_TEST_DRIVERS_ASYMMETRIC_ENCRYPTION_H - -#include "mbedtls/build_info.h" - -#if defined(PSA_CRYPTO_DRIVER_TEST) -#include -#include - -typedef struct { - /* If non-null, on success, copy this to the output. */ - void *forced_output; - size_t forced_output_length; - /* If not PSA_SUCCESS, return this error code instead of processing the - * function call. */ - psa_status_t forced_status; - /* Count the amount of times one of the asymmetric_encryption driver - functions is called. */ - unsigned long hits; -} mbedtls_test_driver_asymmetric_encryption_hooks_t; - -#define MBEDTLS_TEST_DRIVER_ASYMMETRIC_ENCRYPTION_INIT { NULL, 0, PSA_SUCCESS, 0 } - -static inline mbedtls_test_driver_asymmetric_encryption_hooks_t -mbedtls_test_driver_asymmetric_encryption_hooks_init(void) -{ - const mbedtls_test_driver_asymmetric_encryption_hooks_t v = - MBEDTLS_TEST_DRIVER_ASYMMETRIC_ENCRYPTION_INIT; - return v; -} - -extern mbedtls_test_driver_asymmetric_encryption_hooks_t - mbedtls_test_driver_asymmetric_encryption_hooks; - -psa_status_t mbedtls_test_transparent_asymmetric_encrypt( - const psa_key_attributes_t *attributes, const uint8_t *key_buffer, - size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input, - size_t input_length, const uint8_t *salt, size_t salt_length, - uint8_t *output, size_t output_size, size_t *output_length); - -psa_status_t mbedtls_test_opaque_asymmetric_encrypt( - const psa_key_attributes_t *attributes, const uint8_t *key, - size_t key_length, psa_algorithm_t alg, const uint8_t *input, - size_t input_length, const uint8_t *salt, size_t salt_length, - uint8_t *output, size_t output_size, size_t *output_length); - -psa_status_t mbedtls_test_transparent_asymmetric_decrypt( - const psa_key_attributes_t *attributes, const uint8_t *key_buffer, - size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input, - size_t input_length, const uint8_t *salt, size_t salt_length, - uint8_t *output, size_t output_size, size_t *output_length); - -psa_status_t mbedtls_test_opaque_asymmetric_decrypt( - const psa_key_attributes_t *attributes, const uint8_t *key, - size_t key_length, psa_algorithm_t alg, const uint8_t *input, - size_t input_length, const uint8_t *salt, size_t salt_length, - uint8_t *output, size_t output_size, size_t *output_length); - -#endif /* PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_TEST_DRIVERS_ASYMMETRIC_ENCRYPTION_H */ diff --git a/tests/include/test/drivers/cipher.h b/tests/include/test/drivers/cipher.h deleted file mode 100644 index 2fe47e4d7a41..000000000000 --- a/tests/include/test/drivers/cipher.h +++ /dev/null @@ -1,136 +0,0 @@ -/* - * Test driver for cipher functions - */ -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef PSA_CRYPTO_TEST_DRIVERS_CIPHER_H -#define PSA_CRYPTO_TEST_DRIVERS_CIPHER_H - -#include "mbedtls/build_info.h" - -#if defined(PSA_CRYPTO_DRIVER_TEST) -#include -#include - -#include "mbedtls/cipher.h" - -typedef struct { - /* If non-null, on success, copy this to the output. */ - void *forced_output; - size_t forced_output_length; - /* If not PSA_SUCCESS, return this error code instead of processing the - * function call. */ - psa_status_t forced_status; - psa_status_t forced_status_encrypt; - psa_status_t forced_status_set_iv; - /* Count the amount of times one of the cipher driver functions is called. */ - unsigned long hits; - unsigned long hits_encrypt; - unsigned long hits_set_iv; -} mbedtls_test_driver_cipher_hooks_t; - -#define MBEDTLS_TEST_DRIVER_CIPHER_INIT { NULL, 0, \ - PSA_SUCCESS, PSA_SUCCESS, PSA_SUCCESS, \ - 0, 0, 0 } -static inline mbedtls_test_driver_cipher_hooks_t -mbedtls_test_driver_cipher_hooks_init(void) -{ - const mbedtls_test_driver_cipher_hooks_t v = MBEDTLS_TEST_DRIVER_CIPHER_INIT; - return v; -} - -extern mbedtls_test_driver_cipher_hooks_t mbedtls_test_driver_cipher_hooks; - -psa_status_t mbedtls_test_transparent_cipher_encrypt( - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg, - const uint8_t *iv, size_t iv_length, - const uint8_t *input, size_t input_length, - uint8_t *output, size_t output_size, size_t *output_length); - -psa_status_t mbedtls_test_transparent_cipher_decrypt( - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg, - const uint8_t *input, size_t input_length, - uint8_t *output, size_t output_size, size_t *output_length); - -psa_status_t mbedtls_test_transparent_cipher_encrypt_setup( - mbedtls_transparent_test_driver_cipher_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg); - -psa_status_t mbedtls_test_transparent_cipher_decrypt_setup( - mbedtls_transparent_test_driver_cipher_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg); - -psa_status_t mbedtls_test_transparent_cipher_abort( - mbedtls_transparent_test_driver_cipher_operation_t *operation); - -psa_status_t mbedtls_test_transparent_cipher_set_iv( - mbedtls_transparent_test_driver_cipher_operation_t *operation, - const uint8_t *iv, size_t iv_length); - -psa_status_t mbedtls_test_transparent_cipher_update( - mbedtls_transparent_test_driver_cipher_operation_t *operation, - const uint8_t *input, size_t input_length, - uint8_t *output, size_t output_size, size_t *output_length); - -psa_status_t mbedtls_test_transparent_cipher_finish( - mbedtls_transparent_test_driver_cipher_operation_t *operation, - uint8_t *output, size_t output_size, size_t *output_length); - -/* - * opaque versions - */ -psa_status_t mbedtls_test_opaque_cipher_encrypt( - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg, - const uint8_t *iv, size_t iv_length, - const uint8_t *input, size_t input_length, - uint8_t *output, size_t output_size, size_t *output_length); - -psa_status_t mbedtls_test_opaque_cipher_decrypt( - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg, - const uint8_t *input, size_t input_length, - uint8_t *output, size_t output_size, size_t *output_length); - -psa_status_t mbedtls_test_opaque_cipher_encrypt_setup( - mbedtls_opaque_test_driver_cipher_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg); - -psa_status_t mbedtls_test_opaque_cipher_decrypt_setup( - mbedtls_opaque_test_driver_cipher_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg); - -psa_status_t mbedtls_test_opaque_cipher_abort( - mbedtls_opaque_test_driver_cipher_operation_t *operation); - -psa_status_t mbedtls_test_opaque_cipher_set_iv( - mbedtls_opaque_test_driver_cipher_operation_t *operation, - const uint8_t *iv, size_t iv_length); - -psa_status_t mbedtls_test_opaque_cipher_update( - mbedtls_opaque_test_driver_cipher_operation_t *operation, - const uint8_t *input, size_t input_length, - uint8_t *output, size_t output_size, size_t *output_length); - -psa_status_t mbedtls_test_opaque_cipher_finish( - mbedtls_opaque_test_driver_cipher_operation_t *operation, - uint8_t *output, size_t output_size, size_t *output_length); - -#endif /* PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_TEST_DRIVERS_CIPHER_H */ diff --git a/tests/include/test/drivers/config_test_driver.h b/tests/include/test/drivers/config_test_driver.h deleted file mode 100644 index ec8bcb613574..000000000000 --- a/tests/include/test/drivers/config_test_driver.h +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Mbed TLS configuration for PSA test driver libraries. It includes: - * . the minimum set of modules needed by the PSA core. - * . the Mbed TLS configuration options that may need to be additionally - * enabled for the purpose of a specific test. - * . the PSA configuration file for the Mbed TLS library and its test drivers. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef MBEDTLS_CONFIG_H -#define MBEDTLS_CONFIG_H - -#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) -#define _CRT_SECURE_NO_DEPRECATE 1 -#endif - -#define MBEDTLS_PSA_CRYPTO_C -#define MBEDTLS_PSA_CRYPTO_CONFIG - -/* PSA core mandatory configuration options */ -#define MBEDTLS_CIPHER_C -#define MBEDTLS_AES_C -#define MBEDTLS_SHA256_C -#define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1 -#define MBEDTLS_CTR_DRBG_C -#define MBEDTLS_ENTROPY_C -#define MBEDTLS_ENTROPY_FORCE_SHA256 - -/* - * Configuration options that may need to be additionally enabled for the - * purpose of a specific set of tests. - */ -//#define MBEDTLS_SHA1_C -//#define MBEDTLS_SHA224_C -//#define MBEDTLS_SHA384_C -//#define MBEDTLS_SHA512_C -//#define MBEDTLS_MD_C -//#define MBEDTLS_PEM_PARSE_C -//#define MBEDTLS_BASE64_C -//#define MBEDTLS_THREADING_C -//#define MBEDTLS_THREADING_PTHREAD - -#endif /* MBEDTLS_CONFIG_H */ diff --git a/tests/include/test/drivers/crypto_config_test_driver_extension.h b/tests/include/test/drivers/crypto_config_test_driver_extension.h deleted file mode 100644 index 66378e7def05..000000000000 --- a/tests/include/test/drivers/crypto_config_test_driver_extension.h +++ /dev/null @@ -1,689 +0,0 @@ -/** - * This file is intended to be used to build PSA external test driver - * libraries (libtestdriver1). - * - * It is intended to be appended by the test build system to the - * crypto_config.h file of the Mbed TLS library the test library will be - * linked to (see `tests/Makefile` libtestdriver1 target). This is done in - * order to insert it at the right time: after the main configuration - * (PSA_WANT) but before the logic that determines what built-ins to enable - * based on PSA_WANT and MBEDTLS_PSA_ACCEL macros. - * - * It reverses the PSA_ACCEL_* macros defining the cryptographic operations - * that will be accelerated in the main library: - * - When something is accelerated in the main library, we need it supported - * in libtestdriver1, so we disable the accel macro in order to the built-in - * to be enabled. - * - When something is NOT accelerated in the main library, we don't need it - * in libtestdriver1, so we enable its accel macro in order to the built-in - * to be disabled, to keep libtestdriver1 minimal. (We can't adjust the - * PSA_WANT macros as they need to be the same between libtestdriver1 and - * the main library, since they determine the ABI between the two.) - */ - -#include "psa/crypto_legacy.h" - -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) -#if defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING) -#undef MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING -#else -#define MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_CBC_PKCS7) -#if defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7) -#undef MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7 -#else -#define MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_CFB) -#if defined(MBEDTLS_PSA_ACCEL_ALG_CFB) -#undef MBEDTLS_PSA_ACCEL_ALG_CFB -#else -#define MBEDTLS_PSA_ACCEL_ALG_CFB 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_CMAC) -#if defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) -#undef MBEDTLS_PSA_ACCEL_ALG_CMAC -#else -#define MBEDTLS_PSA_ACCEL_ALG_CMAC 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_CTR) -#if defined(MBEDTLS_PSA_ACCEL_ALG_CTR) -#undef MBEDTLS_PSA_ACCEL_ALG_CTR -#else -#define MBEDTLS_PSA_ACCEL_ALG_CTR 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_STREAM_CIPHER) -#if defined(MBEDTLS_PSA_ACCEL_ALG_STREAM_CIPHER) -#undef MBEDTLS_PSA_ACCEL_ALG_STREAM_CIPHER -#else -#define MBEDTLS_PSA_ACCEL_ALG_STREAM_CIPHER 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_ECB_NO_PADDING) -#if defined(MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING) -#undef MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING -#else -#define MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING 1 -#endif -#endif - -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) -#if defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256) -#undef MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256 -#else -#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256 1 -#endif -#endif - -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) -#if defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384) -#undef MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384 -#else -#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384 1 -#endif -#endif - -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) -#if defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512) -#undef MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512 -#else -#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512 1 -#endif -#endif - -#if defined(PSA_WANT_ECC_MONTGOMERY_255) -#if defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255) -#undef MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255 -#else -#define MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255 1 -#endif -#endif - -#if defined(PSA_WANT_ECC_MONTGOMERY_448) -#if defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448) -#undef MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448 -#else -#define MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448 1 -#endif -#endif - -#if defined(PSA_WANT_ECC_SECP_K1_192) -#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192) -#undef MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192 -#else -#define MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192 1 -#endif -#endif - -#if defined(PSA_WANT_ECC_SECP_K1_224) -#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224) -#undef MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224 -#else -#define MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224 1 -#endif -#endif - -#if defined(PSA_WANT_ECC_SECP_K1_256) -#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256) -#undef MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256 -#else -#define MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256 1 -#endif -#endif - -#if defined(PSA_WANT_ECC_SECP_R1_192) -#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192) -#undef MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192 -#else -#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192 1 -#endif -#endif - -#if defined(PSA_WANT_ECC_SECP_R1_224) -#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224) -#undef MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224 -#else -#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224 1 -#endif -#endif - -#if defined(PSA_WANT_ECC_SECP_R1_256) -#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256) -#undef MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256 -#else -#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256 1 -#endif -#endif - -#if defined(PSA_WANT_ECC_SECP_R1_384) -#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384) -#undef MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384 -#else -#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384 1 -#endif -#endif - -#if defined(PSA_WANT_ECC_SECP_R1_521) -#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521) -#undef MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521 -#else -#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) -#if defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) -#undef MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA -#else -#define MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_ECDSA) -#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) -#undef MBEDTLS_PSA_ACCEL_ALG_ECDSA -#else -#define MBEDTLS_PSA_ACCEL_ALG_ECDSA 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_ECDH) -#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDH) -#undef MBEDTLS_PSA_ACCEL_ALG_ECDH -#else -#define MBEDTLS_PSA_ACCEL_ALG_ECDH 1 -#endif -#endif - -#if defined(PSA_WANT_DH_RFC7919_2048) -#if defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_2048) -#undef MBEDTLS_PSA_ACCEL_DH_RFC7919_2048 -#else -#define MBEDTLS_PSA_ACCEL_DH_RFC7919_2048 -#endif -#endif - -#if defined(PSA_WANT_DH_RFC7919_3072) -#if defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_3072) -#undef MBEDTLS_PSA_ACCEL_DH_RFC7919_3072 -#else -#define MBEDTLS_PSA_ACCEL_DH_RFC7919_3072 -#endif -#endif - -#if defined(PSA_WANT_DH_RFC7919_4096) -#if defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_4096) -#undef MBEDTLS_PSA_ACCEL_DH_RFC7919_4096 -#else -#define MBEDTLS_PSA_ACCEL_DH_RFC7919_4096 -#endif -#endif - -#if defined(PSA_WANT_DH_RFC7919_6144) -#if defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_6144) -#undef MBEDTLS_PSA_ACCEL_DH_RFC7919_6144 -#else -#define MBEDTLS_PSA_ACCEL_DH_RFC7919_6144 -#endif -#endif - -#if defined(PSA_WANT_DH_RFC7919_8192) -#if defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_8192) -#undef MBEDTLS_PSA_ACCEL_DH_RFC7919_8192 -#else -#define MBEDTLS_PSA_ACCEL_DH_RFC7919_8192 -#endif -#endif - -#if defined(PSA_WANT_ALG_FFDH) -#if defined(MBEDTLS_PSA_ACCEL_ALG_FFDH) -#undef MBEDTLS_PSA_ACCEL_ALG_FFDH -#else -#define MBEDTLS_PSA_ACCEL_ALG_FFDH 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_MD5) -#if defined(MBEDTLS_PSA_ACCEL_ALG_MD5) -#undef MBEDTLS_PSA_ACCEL_ALG_MD5 -#else -#define MBEDTLS_PSA_ACCEL_ALG_MD5 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_OFB) -#if defined(MBEDTLS_PSA_ACCEL_ALG_OFB) -#undef MBEDTLS_PSA_ACCEL_ALG_OFB -#else -#define MBEDTLS_PSA_ACCEL_ALG_OFB 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_RIPEMD160) -#if defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160) -#undef MBEDTLS_PSA_ACCEL_ALG_RIPEMD160 -#else -#define MBEDTLS_PSA_ACCEL_ALG_RIPEMD160 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) -#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) -#undef MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN -#else -#define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_RSA_PSS) -#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) -#undef MBEDTLS_PSA_ACCEL_ALG_RSA_PSS -#else -#define MBEDTLS_PSA_ACCEL_ALG_RSA_PSS 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_SHA_1) -#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1) -#undef MBEDTLS_PSA_ACCEL_ALG_SHA_1 -#else -#define MBEDTLS_PSA_ACCEL_ALG_SHA_1 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_SHA_224) -#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224) -#undef MBEDTLS_PSA_ACCEL_ALG_SHA_224 -#else -#define MBEDTLS_PSA_ACCEL_ALG_SHA_224 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_SHA_256) -#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256) -#undef MBEDTLS_PSA_ACCEL_ALG_SHA_256 -#else -#define MBEDTLS_PSA_ACCEL_ALG_SHA_256 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_SHA_384) -#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384) -#undef MBEDTLS_PSA_ACCEL_ALG_SHA_384 -#else -#define MBEDTLS_PSA_ACCEL_ALG_SHA_384 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_SHA_512) -#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512) -#undef MBEDTLS_PSA_ACCEL_ALG_SHA_512 -#else -#define MBEDTLS_PSA_ACCEL_ALG_SHA_512 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_SHA3_224) -#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_224) -#undef MBEDTLS_PSA_ACCEL_ALG_SHA3_224 -#else -#define MBEDTLS_PSA_ACCEL_ALG_SHA3_224 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_SHA3_256) -#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_256) -#undef MBEDTLS_PSA_ACCEL_ALG_SHA3_256 -#else -#define MBEDTLS_PSA_ACCEL_ALG_SHA3_256 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_SHA3_384) -#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_384) -#undef MBEDTLS_PSA_ACCEL_ALG_SHA3_384 -#else -#define MBEDTLS_PSA_ACCEL_ALG_SHA3_384 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_SHA3_512) -#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_512) -#undef MBEDTLS_PSA_ACCEL_ALG_SHA3_512 -#else -#define MBEDTLS_PSA_ACCEL_ALG_SHA3_512 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_XTS) -#if defined(MBEDTLS_PSA_ACCEL_ALG_XTS) -#undef MBEDTLS_PSA_ACCEL_ALG_XTS -#else -#define MBEDTLS_PSA_ACCEL_ALG_XTS 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_CHACHA20_POLY1305) -#if defined(MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305) -#undef MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 -#else -#define MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_JPAKE) -#if defined(MBEDTLS_PSA_ACCEL_ALG_JPAKE) -#undef MBEDTLS_PSA_ACCEL_ALG_JPAKE -#else -#define MBEDTLS_PSA_ACCEL_ALG_JPAKE 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_AES) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_AES -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_AES 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_ARIA) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_IMPORT) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_IMPORT -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_EXPORT) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_EXPORT -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_GENERATE) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_GENERATE -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_CHACHA20) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 1 -#endif -#endif - - -#if defined(PSA_WANT_ALG_TLS12_PRF) -#if defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF) -#undef MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF -#else -#define MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_TLS12_PSK_TO_MS) -#if defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS) -#undef MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS -#else -#define MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS) -#if defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS) -#undef MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS -#else -#define MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_GCM) -#if defined(MBEDTLS_PSA_ACCEL_ALG_GCM) -#undef MBEDTLS_PSA_ACCEL_ALG_GCM -#else -#define MBEDTLS_PSA_ACCEL_ALG_GCM 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_CCM) -#if defined(MBEDTLS_PSA_ACCEL_ALG_CCM) -#undef MBEDTLS_PSA_ACCEL_ALG_CCM -#else -#define MBEDTLS_PSA_ACCEL_ALG_CCM 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_CCM_STAR_NO_TAG) -#if defined(MBEDTLS_PSA_ACCEL_ALG_CCM_STAR_NO_TAG) -#undef MBEDTLS_PSA_ACCEL_ALG_CCM_STAR_NO_TAG -#else -#define MBEDTLS_PSA_ACCEL_ALG_CCM_STAR_NO_TAG 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_CBC_MAC) -#if defined(MBEDTLS_PSA_ACCEL_ALG_CBC_MAC) -#undef MBEDTLS_PSA_ACCEL_ALG_CBC_MAC -#else -#define MBEDTLS_PSA_ACCEL_ALG_CBC_MAC 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_HMAC) -#if defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) -#undef MBEDTLS_PSA_ACCEL_ALG_HMAC -#else -#define MBEDTLS_PSA_ACCEL_ALG_HMAC 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_HKDF) -#if defined(MBEDTLS_PSA_ACCEL_ALG_HKDF) -#undef MBEDTLS_PSA_ACCEL_ALG_HKDF -#else -#define MBEDTLS_PSA_ACCEL_ALG_HKDF 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_HKDF_EXTRACT) -#if defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT) -#undef MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT -#else -#define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_HKDF_EXPAND) -#if defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND) -#undef MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND -#else -#define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_RSA_OAEP) -#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP) -#undef MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP -#else -#define MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT) -#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT) -#undef MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT -#else -#define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_DERIVE) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_HMAC) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_DES) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DES) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DES -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DES 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_RAW_DATA) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RAW_DATA) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RAW_DATA -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RAW_DATA 1 -#endif -#endif diff --git a/tests/include/test/drivers/hash.h b/tests/include/test/drivers/hash.h deleted file mode 100644 index ad48c45d5239..000000000000 --- a/tests/include/test/drivers/hash.h +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Test driver for hash driver entry points. - */ -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef PSA_CRYPTO_TEST_DRIVERS_HASH_H -#define PSA_CRYPTO_TEST_DRIVERS_HASH_H - -#include "mbedtls/build_info.h" - -#if defined(PSA_CRYPTO_DRIVER_TEST) -#include - -typedef struct { - /* If not PSA_SUCCESS, return this error code instead of processing the - * function call. */ - psa_status_t forced_status; - /* Count the amount of times hash driver entry points are called. */ - unsigned long hits; - /* Status returned by the last hash driver entry point call. */ - psa_status_t driver_status; -} mbedtls_test_driver_hash_hooks_t; - -#define MBEDTLS_TEST_DRIVER_HASH_INIT { 0, 0, 0 } -static inline mbedtls_test_driver_hash_hooks_t -mbedtls_test_driver_hash_hooks_init(void) -{ - const mbedtls_test_driver_hash_hooks_t v = MBEDTLS_TEST_DRIVER_HASH_INIT; - return v; -} - -extern mbedtls_test_driver_hash_hooks_t mbedtls_test_driver_hash_hooks; - -psa_status_t mbedtls_test_transparent_hash_compute( - psa_algorithm_t alg, - const uint8_t *input, size_t input_length, - uint8_t *hash, size_t hash_size, size_t *hash_length); - -psa_status_t mbedtls_test_transparent_hash_setup( - mbedtls_transparent_test_driver_hash_operation_t *operation, - psa_algorithm_t alg); - -psa_status_t mbedtls_test_transparent_hash_clone( - const mbedtls_transparent_test_driver_hash_operation_t *source_operation, - mbedtls_transparent_test_driver_hash_operation_t *target_operation); - -psa_status_t mbedtls_test_transparent_hash_update( - mbedtls_transparent_test_driver_hash_operation_t *operation, - const uint8_t *input, - size_t input_length); - -psa_status_t mbedtls_test_transparent_hash_finish( - mbedtls_transparent_test_driver_hash_operation_t *operation, - uint8_t *hash, - size_t hash_size, - size_t *hash_length); - -psa_status_t mbedtls_test_transparent_hash_abort( - mbedtls_transparent_test_driver_hash_operation_t *operation); - -#endif /* PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_TEST_DRIVERS_HASH_H */ diff --git a/tests/include/test/drivers/key_agreement.h b/tests/include/test/drivers/key_agreement.h deleted file mode 100644 index ca82b3ad96f6..000000000000 --- a/tests/include/test/drivers/key_agreement.h +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Test driver for key agreement functions. - */ -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef PSA_CRYPTO_TEST_DRIVERS_KEY_AGREEMENT_H -#define PSA_CRYPTO_TEST_DRIVERS_KEY_AGREEMENT_H - -#include "mbedtls/build_info.h" - -#if defined(PSA_CRYPTO_DRIVER_TEST) -#include - -typedef struct { - /* If non-null, on success, copy this to the output. */ - void *forced_output; - size_t forced_output_length; - /* If not PSA_SUCCESS, return this error code instead of processing the - * function call. */ - psa_status_t forced_status; - /* Count the amount of times one of the signature driver functions is called. */ - unsigned long hits; -} mbedtls_test_driver_key_agreement_hooks_t; - -#define MBEDTLS_TEST_DRIVER_KEY_AGREEMENT_INIT { NULL, 0, PSA_SUCCESS, 0 } -static inline mbedtls_test_driver_key_agreement_hooks_t -mbedtls_test_driver_key_agreement_hooks_init(void) -{ - const mbedtls_test_driver_key_agreement_hooks_t - v = MBEDTLS_TEST_DRIVER_KEY_AGREEMENT_INIT; - return v; -} - -extern mbedtls_test_driver_key_agreement_hooks_t - mbedtls_test_driver_key_agreement_hooks; - -psa_status_t mbedtls_test_transparent_key_agreement( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *peer_key, - size_t peer_key_length, - uint8_t *shared_secret, - size_t shared_secret_size, - size_t *shared_secret_length); - -psa_status_t mbedtls_test_opaque_key_agreement( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *peer_key, - size_t peer_key_length, - uint8_t *shared_secret, - size_t shared_secret_size, - size_t *shared_secret_length); - -#endif /*PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_TEST_DRIVERS_KEY_AGREEMENT_H */ diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h deleted file mode 100644 index 1d9bc4398598..000000000000 --- a/tests/include/test/drivers/key_management.h +++ /dev/null @@ -1,131 +0,0 @@ -/* - * Test driver for generating and verifying keys. - */ -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H -#define PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H - -#include "mbedtls/build_info.h" - -#if defined(PSA_CRYPTO_DRIVER_TEST) -#include - -#define PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT 0 -#define PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT 1 - -typedef struct { - /* If non-null, on success, copy this to the output. */ - void *forced_output; - size_t forced_output_length; - /* If not PSA_SUCCESS, return this error code instead of processing the - * function call. */ - psa_status_t forced_status; - /* Count the amount of times one of the key management driver functions - * is called. */ - unsigned long hits; - /* Subset of hits which only counts public key export operations */ - unsigned long hits_export_public_key; - /* Subset of hits which only counts key generation operations */ - unsigned long hits_generate_key; - /* Location of the last key management driver called to import a key. */ - psa_key_location_t location; -} mbedtls_test_driver_key_management_hooks_t; - -/* The location is initialized to the invalid value 0x800000. Invalid in the - * sense that no PSA specification will assign a meaning to this location - * (stated first in version 1.0.1 of the specification) and that it is not - * used as a location of an opaque test drivers. */ -#define MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT { NULL, 0, PSA_SUCCESS, 0, 0, 0, 0x800000 } -static inline mbedtls_test_driver_key_management_hooks_t -mbedtls_test_driver_key_management_hooks_init(void) -{ - const mbedtls_test_driver_key_management_hooks_t - v = MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT; - return v; -} - -/* - * In order to convert the plain text keys to Opaque, the size of the key is - * padded up by PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE in addition to - * xor mangling the key. The pad prefix needs to be accounted for while - * sizing for the key. - */ -#define PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX 0xBEEFED00U -#define PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE sizeof( \ - PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX) - -size_t mbedtls_test_opaque_size_function( - const psa_key_type_t key_type, - const size_t key_bits); - -extern mbedtls_test_driver_key_management_hooks_t - mbedtls_test_driver_key_management_hooks; - -psa_status_t mbedtls_test_transparent_init(void); -void mbedtls_test_transparent_free(void); -psa_status_t mbedtls_test_opaque_init(void); -void mbedtls_test_opaque_free(void); - -psa_status_t mbedtls_test_opaque_unwrap_key( - const uint8_t *wrapped_key, size_t wrapped_key_length, uint8_t *key_buffer, - size_t key_buffer_size, size_t *key_buffer_length); - -psa_status_t mbedtls_test_transparent_generate_key( - const psa_key_attributes_t *attributes, - uint8_t *key, size_t key_size, size_t *key_length); - -psa_status_t mbedtls_test_opaque_generate_key( - const psa_key_attributes_t *attributes, - uint8_t *key, size_t key_size, size_t *key_length); - -psa_status_t mbedtls_test_opaque_export_key( - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - uint8_t *data, size_t data_size, size_t *data_length); - -psa_status_t mbedtls_test_transparent_export_public_key( - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - uint8_t *data, size_t data_size, size_t *data_length); - -psa_status_t mbedtls_test_opaque_export_public_key( - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - uint8_t *data, size_t data_size, size_t *data_length); - -psa_status_t mbedtls_test_transparent_import_key( - const psa_key_attributes_t *attributes, - const uint8_t *data, - size_t data_length, - uint8_t *key_buffer, - size_t key_buffer_size, - size_t *key_buffer_length, - size_t *bits); - -psa_status_t mbedtls_test_opaque_import_key( - const psa_key_attributes_t *attributes, - const uint8_t *data, - size_t data_length, - uint8_t *key_buffer, - size_t key_buffer_size, - size_t *key_buffer_length, - size_t *bits); - -psa_status_t mbedtls_test_opaque_get_builtin_key( - psa_drv_slot_number_t slot_number, - psa_key_attributes_t *attributes, - uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length); - -psa_status_t mbedtls_test_opaque_copy_key( - psa_key_attributes_t *attributes, - const uint8_t *source_key, - size_t source_key_length, - uint8_t *target_key_buffer, - size_t target_key_buffer_size, - size_t *target_key_buffer_length); - -#endif /* PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H */ diff --git a/tests/include/test/drivers/mac.h b/tests/include/test/drivers/mac.h deleted file mode 100644 index d92eff903884..000000000000 --- a/tests/include/test/drivers/mac.h +++ /dev/null @@ -1,125 +0,0 @@ -/* - * Test driver for MAC driver entry points. - */ -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef PSA_CRYPTO_TEST_DRIVERS_MAC_H -#define PSA_CRYPTO_TEST_DRIVERS_MAC_H - -#include "mbedtls/build_info.h" - -#if defined(PSA_CRYPTO_DRIVER_TEST) -#include - -typedef struct { - /* If not PSA_SUCCESS, return this error code instead of processing the - * function call. */ - psa_status_t forced_status; - /* Count the amount of times MAC driver functions are called. */ - unsigned long hits; - /* Status returned by the last MAC driver function call. */ - psa_status_t driver_status; -} mbedtls_test_driver_mac_hooks_t; - -#define MBEDTLS_TEST_DRIVER_MAC_INIT { 0, 0, 0 } -static inline mbedtls_test_driver_mac_hooks_t -mbedtls_test_driver_mac_hooks_init(void) -{ - const mbedtls_test_driver_mac_hooks_t v = MBEDTLS_TEST_DRIVER_MAC_INIT; - return v; -} - -extern mbedtls_test_driver_mac_hooks_t mbedtls_test_driver_mac_hooks; - -psa_status_t mbedtls_test_transparent_mac_compute( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *mac, - size_t mac_size, - size_t *mac_length); - -psa_status_t mbedtls_test_transparent_mac_sign_setup( - mbedtls_transparent_test_driver_mac_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg); - -psa_status_t mbedtls_test_transparent_mac_verify_setup( - mbedtls_transparent_test_driver_mac_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg); - -psa_status_t mbedtls_test_transparent_mac_update( - mbedtls_transparent_test_driver_mac_operation_t *operation, - const uint8_t *input, - size_t input_length); - -psa_status_t mbedtls_test_transparent_mac_sign_finish( - mbedtls_transparent_test_driver_mac_operation_t *operation, - uint8_t *mac, - size_t mac_size, - size_t *mac_length); - -psa_status_t mbedtls_test_transparent_mac_verify_finish( - mbedtls_transparent_test_driver_mac_operation_t *operation, - const uint8_t *mac, - size_t mac_length); - -psa_status_t mbedtls_test_transparent_mac_abort( - mbedtls_transparent_test_driver_mac_operation_t *operation); - -psa_status_t mbedtls_test_opaque_mac_compute( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *mac, - size_t mac_size, - size_t *mac_length); - -psa_status_t mbedtls_test_opaque_mac_sign_setup( - mbedtls_opaque_test_driver_mac_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg); - -psa_status_t mbedtls_test_opaque_mac_verify_setup( - mbedtls_opaque_test_driver_mac_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg); - -psa_status_t mbedtls_test_opaque_mac_update( - mbedtls_opaque_test_driver_mac_operation_t *operation, - const uint8_t *input, - size_t input_length); - -psa_status_t mbedtls_test_opaque_mac_sign_finish( - mbedtls_opaque_test_driver_mac_operation_t *operation, - uint8_t *mac, - size_t mac_size, - size_t *mac_length); - -psa_status_t mbedtls_test_opaque_mac_verify_finish( - mbedtls_opaque_test_driver_mac_operation_t *operation, - const uint8_t *mac, - size_t mac_length); - -psa_status_t mbedtls_test_opaque_mac_abort( - mbedtls_opaque_test_driver_mac_operation_t *operation); - -#endif /* PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_TEST_DRIVERS_MAC_H */ diff --git a/tests/include/test/drivers/pake.h b/tests/include/test/drivers/pake.h deleted file mode 100644 index d292ca0daf5f..000000000000 --- a/tests/include/test/drivers/pake.h +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Test driver for PAKE driver entry points. - */ -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef PSA_CRYPTO_TEST_DRIVERS_PAKE_H -#define PSA_CRYPTO_TEST_DRIVERS_PAKE_H - -#include "mbedtls/build_info.h" - -#if defined(PSA_CRYPTO_DRIVER_TEST) -#include - -typedef struct { - /* If not PSA_SUCCESS, return this error code instead of processing the - * function call. */ - psa_status_t forced_status; - /* PAKE driver setup is executed on the first call to - pake_output/pake_input (added to distinguish forced statuses). */ - psa_status_t forced_setup_status; - /* Count the amount of times PAKE driver functions are called. */ - struct { - unsigned long total; - unsigned long setup; - unsigned long input; - unsigned long output; - unsigned long implicit_key; - unsigned long abort; - } hits; - /* Status returned by the last PAKE driver function call. */ - psa_status_t driver_status; - /* Output returned by pake_output */ - void *forced_output; - size_t forced_output_length; -} mbedtls_test_driver_pake_hooks_t; - -#define MBEDTLS_TEST_DRIVER_PAKE_INIT { PSA_SUCCESS, PSA_SUCCESS, { 0, 0, 0, 0, 0, 0 }, PSA_SUCCESS, \ - NULL, 0 } -static inline mbedtls_test_driver_pake_hooks_t -mbedtls_test_driver_pake_hooks_init(void) -{ - const mbedtls_test_driver_pake_hooks_t v = MBEDTLS_TEST_DRIVER_PAKE_INIT; - return v; -} - -extern mbedtls_test_driver_pake_hooks_t mbedtls_test_driver_pake_hooks; - -psa_status_t mbedtls_test_transparent_pake_setup( - mbedtls_transparent_test_driver_pake_operation_t *operation, - const psa_crypto_driver_pake_inputs_t *inputs); - -psa_status_t mbedtls_test_transparent_pake_output( - mbedtls_transparent_test_driver_pake_operation_t *operation, - psa_crypto_driver_pake_step_t step, - uint8_t *output, - size_t output_size, - size_t *output_length); - -psa_status_t mbedtls_test_transparent_pake_input( - mbedtls_transparent_test_driver_pake_operation_t *operation, - psa_crypto_driver_pake_step_t step, - const uint8_t *input, - size_t input_length); - -psa_status_t mbedtls_test_transparent_pake_get_implicit_key( - mbedtls_transparent_test_driver_pake_operation_t *operation, - uint8_t *output, size_t output_size, size_t *output_length); - -psa_status_t mbedtls_test_transparent_pake_abort( - mbedtls_transparent_test_driver_pake_operation_t *operation); - -#endif /* PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_TEST_DRIVERS_PAKE_H */ diff --git a/tests/include/test/drivers/signature.h b/tests/include/test/drivers/signature.h deleted file mode 100644 index 8c5703edf958..000000000000 --- a/tests/include/test/drivers/signature.h +++ /dev/null @@ -1,112 +0,0 @@ -/* - * Test driver for signature functions. - */ -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H -#define PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H - -#include "mbedtls/build_info.h" - -#if defined(PSA_CRYPTO_DRIVER_TEST) -#include - -typedef struct { - /* If non-null, on success, copy this to the output. */ - void *forced_output; - size_t forced_output_length; - /* If not PSA_SUCCESS, return this error code instead of processing the - * function call. */ - psa_status_t forced_status; - /* Count the amount of times one of the signature driver functions is called. */ - unsigned long hits; -} mbedtls_test_driver_signature_hooks_t; - -#define MBEDTLS_TEST_DRIVER_SIGNATURE_INIT { NULL, 0, PSA_SUCCESS, 0 } -static inline mbedtls_test_driver_signature_hooks_t -mbedtls_test_driver_signature_hooks_init(void) -{ - const mbedtls_test_driver_signature_hooks_t - v = MBEDTLS_TEST_DRIVER_SIGNATURE_INIT; - return v; -} - -extern mbedtls_test_driver_signature_hooks_t - mbedtls_test_driver_signature_sign_hooks; -extern mbedtls_test_driver_signature_hooks_t - mbedtls_test_driver_signature_verify_hooks; - -psa_status_t mbedtls_test_transparent_signature_sign_message( - const psa_key_attributes_t *attributes, - const uint8_t *key, - size_t key_length, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *signature, - size_t signature_size, - size_t *signature_length); - -psa_status_t mbedtls_test_opaque_signature_sign_message( - const psa_key_attributes_t *attributes, - const uint8_t *key, - size_t key_length, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *signature, - size_t signature_size, - size_t *signature_length); - -psa_status_t mbedtls_test_transparent_signature_verify_message( - const psa_key_attributes_t *attributes, - const uint8_t *key, - size_t key_length, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - const uint8_t *signature, - size_t signature_length); - -psa_status_t mbedtls_test_opaque_signature_verify_message( - const psa_key_attributes_t *attributes, - const uint8_t *key, - size_t key_length, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - const uint8_t *signature, - size_t signature_length); - -psa_status_t mbedtls_test_transparent_signature_sign_hash( - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg, - const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, size_t *signature_length); - -psa_status_t mbedtls_test_opaque_signature_sign_hash( - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg, - const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, size_t *signature_length); - -psa_status_t mbedtls_test_transparent_signature_verify_hash( - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg, - const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length); - -psa_status_t mbedtls_test_opaque_signature_verify_hash( - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg, - const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length); - -#endif /* PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H */ diff --git a/tests/include/test/drivers/test_driver.h b/tests/include/test/drivers/test_driver.h deleted file mode 100644 index 74605d6b8246..000000000000 --- a/tests/include/test/drivers/test_driver.h +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Umbrella include for all of the test driver functionality - */ -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef PSA_CRYPTO_TEST_DRIVER_H -#define PSA_CRYPTO_TEST_DRIVER_H - -#if defined(PSA_CRYPTO_DRIVER_TEST) -#ifndef PSA_CRYPTO_DRIVER_PRESENT -#define PSA_CRYPTO_DRIVER_PRESENT -#endif -#ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT -#define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT -#endif - -#define PSA_CRYPTO_TEST_DRIVER_LOCATION 0x7fffff - -#include "test/drivers/aead.h" -#include "test/drivers/cipher.h" -#include "test/drivers/hash.h" -#include "test/drivers/mac.h" -#include "test/drivers/key_management.h" -#include "test/drivers/signature.h" -#include "test/drivers/asymmetric_encryption.h" -#include "test/drivers/key_agreement.h" -#include "test/drivers/pake.h" - -#endif /* PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_TEST_DRIVER_H */ diff --git a/tests/include/test/fake_external_rng_for_test.h b/tests/include/test/fake_external_rng_for_test.h deleted file mode 100644 index e3e331d55230..000000000000 --- a/tests/include/test/fake_external_rng_for_test.h +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Insecure but standalone implementation of mbedtls_psa_external_get_random(). - * Only for use in tests! - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef FAKE_EXTERNAL_RNG_FOR_TEST_H -#define FAKE_EXTERNAL_RNG_FOR_TEST_H - -#include "mbedtls/build_info.h" - -#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) -/** Enable the insecure implementation of mbedtls_psa_external_get_random(). - * - * The insecure implementation of mbedtls_psa_external_get_random() is - * disabled by default. - * - * When MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is enabled and the test - * helpers are linked into a program, you must enable this before running any - * code that uses the PSA subsystem to generate random data (including internal - * random generation for purposes such as blinding when the random generation - * is routed through PSA). - * - * You can enable and disable it at any time, regardless of the state - * of the PSA subsystem. You may disable it temporarily to simulate a - * depleted entropy source. - */ -void mbedtls_test_enable_insecure_external_rng(void); - -/** Disable the insecure implementation of mbedtls_psa_external_get_random(). - * - * See mbedtls_test_enable_insecure_external_rng(). - */ -void mbedtls_test_disable_insecure_external_rng(void); -#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ - -#endif /* FAKE_EXTERNAL_RNG_FOR_TEST_H */ diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h deleted file mode 100644 index d08100f15877..000000000000 --- a/tests/include/test/helpers.h +++ /dev/null @@ -1,404 +0,0 @@ -/** - * \file helpers.h - * - * \brief This file contains the prototypes of helper functions for the - * purpose of testing. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef TEST_HELPERS_H -#define TEST_HELPERS_H - -/* Most fields of publicly available structs are private and are wrapped with - * MBEDTLS_PRIVATE macro. This define allows tests to access the private fields - * directly (without using the MBEDTLS_PRIVATE wrapper). */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - -#include "mbedtls/build_info.h" - -#if defined(__SANITIZE_ADDRESS__) /* gcc -fsanitize=address */ -# define MBEDTLS_TEST_HAVE_ASAN -#endif -#if defined(__SANITIZE_THREAD__) /* gcc -fsanitize-thread */ -# define MBEDTLS_TEST_HAVE_TSAN -#endif - -#if defined(__has_feature) -# if __has_feature(address_sanitizer) /* clang -fsanitize=address */ -# define MBEDTLS_TEST_HAVE_ASAN -# endif -# if __has_feature(memory_sanitizer) /* clang -fsanitize=memory */ -# define MBEDTLS_TEST_HAVE_MSAN -# endif -# if __has_feature(thread_sanitizer) /* clang -fsanitize=thread */ -# define MBEDTLS_TEST_HAVE_TSAN -# endif -#endif - -#include "test/threading_helpers.h" - -#if defined(MBEDTLS_TEST_MUTEX_USAGE) -#include "mbedtls/threading.h" -#endif - -#include "mbedtls/platform.h" - -#include -#include - -#if defined(MBEDTLS_BIGNUM_C) -#include "mbedtls/bignum.h" -#endif - -/** The type of test case arguments that contain binary data. */ -typedef struct data_tag { - uint8_t *x; - uint32_t len; -} data_t; - -typedef enum { - MBEDTLS_TEST_RESULT_SUCCESS = 0, - MBEDTLS_TEST_RESULT_FAILED, - MBEDTLS_TEST_RESULT_SKIPPED -} mbedtls_test_result_t; - -#define MBEDTLS_TEST_LINE_LENGTH 76 - -typedef struct { - mbedtls_test_result_t result; - const char *test; - const char *filename; - int line_no; - unsigned long step; - char line1[MBEDTLS_TEST_LINE_LENGTH]; - char line2[MBEDTLS_TEST_LINE_LENGTH]; -#if defined(MBEDTLS_TEST_MUTEX_USAGE) - const char *mutex_usage_error; -#endif -#if defined(MBEDTLS_BIGNUM_C) - unsigned case_uses_negative_0; -#endif -} -mbedtls_test_info_t; - -/** - * \brief Get the current test result status - * - * \return The current test result status - */ -mbedtls_test_result_t mbedtls_test_get_result(void); - -/** - * \brief Get the current test name/description - * - * \return The current test name/description - */ -const char *mbedtls_test_get_test(void); - -/** - * \brief Get the current test filename - * - * \return The current test filename - */ -const char *mbedtls_get_test_filename(void); - -/** - * \brief Get the current test file line number (for failure / skip) - * - * \return The current test file line number (for failure / skip) - */ -int mbedtls_test_get_line_no(void); - -/** - * \brief Increment the current test step. - * - * \note It is not recommended for multiple threads to call this - * function concurrently - whilst it is entirely thread safe, - * the order of calls to this function can obviously not be - * ensured, so unexpected results may occur. - */ -void mbedtls_test_increment_step(void); - -/** - * \brief Get the current test step - * - * \return The current test step - */ -unsigned long mbedtls_test_get_step(void); - -/** - * \brief Get the current test line buffer 1 - * - * \param line Buffer of minimum size \c MBEDTLS_TEST_LINE_LENGTH, - * which will have line buffer 1 copied to it. - */ -void mbedtls_test_get_line1(char *line); - -/** - * \brief Get the current test line buffer 2 - * - * \param line Buffer of minimum size \c MBEDTLS_TEST_LINE_LENGTH, - * which will have line buffer 1 copied to it. - */ -void mbedtls_test_get_line2(char *line); - -#if defined(MBEDTLS_TEST_MUTEX_USAGE) -/** - * \brief Get the current mutex usage error message - * - * \return The current mutex error message (may be NULL if no error) - */ -const char *mbedtls_test_get_mutex_usage_error(void); - -/** - * \brief Set the current mutex usage error message - * - * \note This will only set the mutex error message if one has not - * already been set, or if we are clearing the message (msg is - * NULL) - * - * \param msg Error message to set (can be NULL to clear) - */ -void mbedtls_test_set_mutex_usage_error(const char *msg); -#endif - -#if defined(MBEDTLS_BIGNUM_C) - -/** - * \brief Get whether the current test is a bignum test that uses - * negative zero. - * - * \return non zero if the current test uses bignum negative zero. - */ -unsigned mbedtls_test_get_case_uses_negative_0(void); - -/** - * \brief Indicate that the current test uses bignum negative zero. - * - * \note This function is called if the current test case had an - * input parsed with mbedtls_test_read_mpi() that is a negative - * 0 (`"-"`, `"-0"`, `"-00"`, etc., constructing a result with - * the sign bit set to -1 and the value being all-limbs-0, - * which is not a valid representation in #mbedtls_mpi but is - * tested for robustness). * - */ -void mbedtls_test_increment_case_uses_negative_0(void); -#endif - -int mbedtls_test_platform_setup(void); -void mbedtls_test_platform_teardown(void); - -/** - * \brief Record the current test case as a failure. - * - * This function can be called directly however it is usually - * called via macros such as TEST_ASSERT, TEST_EQUAL, - * PSA_ASSERT, etc... - * - * \note If the test case was already marked as failed, calling - * `mbedtls_test_fail( )` again will not overwrite any - * previous information about the failure. - * - * \param test Description of the failure or assertion that failed. This - * MUST be a string literal. - * \param line_no Line number where the failure originated. - * \param filename Filename where the failure originated. - */ -void mbedtls_test_fail(const char *test, int line_no, const char *filename); - -/** - * \brief Record the current test case as skipped. - * - * This function can be called directly however it is usually - * called via the TEST_ASSUME macro. - * - * \param test Description of the assumption that caused the test case to - * be skipped. This MUST be a string literal. - * \param line_no Line number where the test case was skipped. - * \param filename Filename where the test case was skipped. - */ -void mbedtls_test_skip(const char *test, int line_no, const char *filename); - -/** - * \brief Set the test step number for failure reports. - * - * Call this function to display "step NNN" in addition to the - * line number and file name if a test fails. Typically the - * "step number" is the index of a for loop but it can be - * whatever you want. - * - * \note It is not recommended for multiple threads to call this - * function concurrently - whilst it is entirely thread safe, - * the order of calls to this function can obviously not be - * ensured, so unexpected results may occur. - * - * \param step The step number to report. - */ -void mbedtls_test_set_step(unsigned long step); - -/** - * \brief Reset mbedtls_test_info to a ready/starting state. - */ -void mbedtls_test_info_reset(void); - -#ifdef MBEDTLS_TEST_MUTEX_USAGE -/** - * \brief Get the test info data mutex. - * - * \note This is designed only to be used by threading_helpers to - * avoid a deadlock, not for general access to this mutex. - * - * \return The test info data mutex. - */ -mbedtls_threading_mutex_t *mbedtls_test_get_info_mutex(void); - -#endif /* MBEDTLS_TEST_MUTEX_USAGE */ - -/** - * \brief Record the current test case as a failure if two integers - * have a different value. - * - * This function is usually called via the macro - * #TEST_EQUAL. - * - * \param test Description of the failure or assertion that failed. This - * MUST be a string literal. This normally has the form - * "EXPR1 == EXPR2" where EXPR1 has the value \p value1 - * and EXPR2 has the value \p value2. - * \param line_no Line number where the failure originated. - * \param filename Filename where the failure originated. - * \param value1 The first value to compare. - * \param value2 The second value to compare. - * - * \return \c 1 if the values are equal, otherwise \c 0. - */ -int mbedtls_test_equal(const char *test, int line_no, const char *filename, - unsigned long long value1, unsigned long long value2); - -/** - * \brief Record the current test case as a failure based - * on comparing two unsigned integers. - * - * This function is usually called via the macro - * #TEST_LE_U. - * - * \param test Description of the failure or assertion that failed. This - * MUST be a string literal. This normally has the form - * "EXPR1 <= EXPR2" where EXPR1 has the value \p value1 - * and EXPR2 has the value \p value2. - * \param line_no Line number where the failure originated. - * \param filename Filename where the failure originated. - * \param value1 The first value to compare. - * \param value2 The second value to compare. - * - * \return \c 1 if \p value1 <= \p value2, otherwise \c 0. - */ -int mbedtls_test_le_u(const char *test, int line_no, const char *filename, - unsigned long long value1, unsigned long long value2); - -/** - * \brief Record the current test case as a failure based - * on comparing two signed integers. - * - * This function is usually called via the macro - * #TEST_LE_S. - * - * \param test Description of the failure or assertion that failed. This - * MUST be a string literal. This normally has the form - * "EXPR1 <= EXPR2" where EXPR1 has the value \p value1 - * and EXPR2 has the value \p value2. - * \param line_no Line number where the failure originated. - * \param filename Filename where the failure originated. - * \param value1 The first value to compare. - * \param value2 The second value to compare. - * - * \return \c 1 if \p value1 <= \p value2, otherwise \c 0. - */ -int mbedtls_test_le_s(const char *test, int line_no, const char *filename, - long long value1, long long value2); - -/** - * \brief This function decodes the hexadecimal representation of - * data. - * - * \note The output buffer can be the same as the input buffer. For - * any other overlapping of the input and output buffers, the - * behavior is undefined. - * - * \param obuf Output buffer. - * \param obufmax Size in number of bytes of \p obuf. - * \param ibuf Input buffer. - * \param len The number of unsigned char written in \p obuf. This must - * not be \c NULL. - * - * \return \c 0 on success. - * \return \c -1 if the output buffer is too small or the input string - * is not a valid hexadecimal representation. - */ -int mbedtls_test_unhexify(unsigned char *obuf, size_t obufmax, - const char *ibuf, size_t *len); - -void mbedtls_test_hexify(unsigned char *obuf, - const unsigned char *ibuf, - int len); - -/** - * \brief Convert hexadecimal digit to an integer. - * - * \param c The digit to convert (`'0'` to `'9'`, `'A'` to `'F'` or - * `'a'` to `'f'`). - * \param[out] uc On success, the value of the digit (0 to 15). - * - * \return 0 on success, -1 if \p c is not a hexadecimal digit. - */ -int mbedtls_test_ascii2uc(const char c, unsigned char *uc); - -/** - * Allocate and zeroize a buffer. - * - * If the size if zero, a pointer to a zeroized 1-byte buffer is returned. - * - * For convenience, dies if allocation fails. - */ -unsigned char *mbedtls_test_zero_alloc(size_t len); - -/** - * Allocate and fill a buffer from hex data. - * - * The buffer is sized exactly as needed. This allows to detect buffer - * overruns (including overreads) when running the test suite under valgrind. - * - * If the size if zero, a pointer to a zeroized 1-byte buffer is returned. - * - * For convenience, dies if allocation fails. - */ -unsigned char *mbedtls_test_unhexify_alloc(const char *ibuf, size_t *olen); - -int mbedtls_test_hexcmp(uint8_t *a, uint8_t *b, - uint32_t a_len, uint32_t b_len); - -#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) -#include "test/fake_external_rng_for_test.h" -#endif - -#if defined(MBEDTLS_TEST_HOOKS) -/** - * \brief Check that only a pure high-level error code is being combined with - * a pure low-level error code as otherwise the resultant error code - * would be corrupted. - * - * \note Both high-level and low-level error codes cannot be greater than - * zero however can be zero. If one error code is zero then the - * other error code is returned even if both codes are zero. - * - * \note If the check fails, fail the test currently being run. - */ -void mbedtls_test_err_add_check(int high, int low, - const char *file, int line); -#endif - -#endif /* TEST_HELPERS_H */ diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h deleted file mode 100644 index a73e06fca8cd..000000000000 --- a/tests/include/test/macros.h +++ /dev/null @@ -1,250 +0,0 @@ -/** - * \file macros.h - * - * \brief This file contains generic macros for the purpose of testing. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef TEST_MACROS_H -#define TEST_MACROS_H - -#include "mbedtls/build_info.h" - -#include - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) -#include "mbedtls/memory_buffer_alloc.h" -#endif -#include "common.h" - -/** - * \brief This macro tests the expression passed to it as a test step or - * individual test in a test case. - * - * It allows a library function to return a value and return an error - * code that can be tested. - * - * Failing the test means: - * - Mark this test case as failed. - * - Print a message identifying the failure. - * - Jump to the \c exit label. - * - * This macro expands to an instruction, not an expression. - * It may jump to the \c exit label. - * - * \param TEST The test expression to be tested. - */ -#define TEST_ASSERT(TEST) \ - do { \ - if (!(TEST)) \ - { \ - mbedtls_test_fail( #TEST, __LINE__, __FILE__); \ - goto exit; \ - } \ - } while (0) - -/** This macro asserts fails the test with given output message. - * - * \param MESSAGE The message to be outputed on assertion - */ -#define TEST_FAIL(MESSAGE) \ - do { \ - mbedtls_test_fail(MESSAGE, __LINE__, __FILE__); \ - goto exit; \ - } while (0) - -/** Evaluate two integer expressions and fail the test case if they have - * different values. - * - * The two expressions should have the same signedness, otherwise the - * comparison is not meaningful if the signed value is negative. - * - * \param expr1 An integral-typed expression to evaluate. - * \param expr2 Another integral-typed expression to evaluate. - */ -#define TEST_EQUAL(expr1, expr2) \ - do { \ - if (!mbedtls_test_equal( #expr1 " == " #expr2, __LINE__, __FILE__, \ - (unsigned long long) (expr1), (unsigned long long) (expr2))) \ - goto exit; \ - } while (0) - -/** Evaluate two unsigned integer expressions and fail the test case - * if they are not in increasing order (left <= right). - * - * \param expr1 An integral-typed expression to evaluate. - * \param expr2 Another integral-typed expression to evaluate. - */ -#define TEST_LE_U(expr1, expr2) \ - do { \ - if (!mbedtls_test_le_u( #expr1 " <= " #expr2, __LINE__, __FILE__, \ - expr1, expr2)) \ - goto exit; \ - } while (0) - -/** Evaluate two signed integer expressions and fail the test case - * if they are not in increasing order (left <= right). - * - * \param expr1 An integral-typed expression to evaluate. - * \param expr2 Another integral-typed expression to evaluate. - */ -#define TEST_LE_S(expr1, expr2) \ - do { \ - if (!mbedtls_test_le_s( #expr1 " <= " #expr2, __LINE__, __FILE__, \ - expr1, expr2)) \ - goto exit; \ - } while (0) - -/** Allocate memory dynamically and fail the test case if this fails. - * The allocated memory will be filled with zeros. - * - * You must set \p pointer to \c NULL before calling this macro and - * put `mbedtls_free(pointer)` in the test's cleanup code. - * - * If \p item_count is zero, the resulting \p pointer will be \c NULL. - * This is usually what we want in tests since API functions are - * supposed to accept null pointers when a buffer size is zero. - * - * This macro expands to an instruction, not an expression. - * It may jump to the \c exit label. - * - * \param pointer An lvalue where the address of the allocated buffer - * will be stored. - * This expression may be evaluated multiple times. - * \param item_count Number of elements to allocate. - * This expression may be evaluated multiple times. - * - */ -#define TEST_CALLOC(pointer, item_count) \ - do { \ - TEST_ASSERT((pointer) == NULL); \ - if ((item_count) != 0) { \ - (pointer) = mbedtls_calloc((item_count), \ - sizeof(*(pointer))); \ - TEST_ASSERT((pointer) != NULL); \ - } \ - } while (0) - -/** Allocate memory dynamically and fail the test case if this fails. - * The allocated memory will be filled with zeros. - * - * You must set \p pointer to \c NULL before calling this macro and - * put `mbedtls_free(pointer)` in the test's cleanup code. - * - * If \p item_count is zero, the resulting \p pointer will not be \c NULL. - * - * This macro expands to an instruction, not an expression. - * It may jump to the \c exit label. - * - * \param pointer An lvalue where the address of the allocated buffer - * will be stored. - * This expression may be evaluated multiple times. - * \param item_count Number of elements to allocate. - * This expression may be evaluated multiple times. - * - * Note: if passing size 0, mbedtls_calloc may return NULL. In this case, - * we reattempt to allocate with the smallest possible buffer to assure a - * non-NULL pointer. - */ -#define TEST_CALLOC_NONNULL(pointer, item_count) \ - do { \ - TEST_ASSERT((pointer) == NULL); \ - (pointer) = mbedtls_calloc((item_count), \ - sizeof(*(pointer))); \ - if (((pointer) == NULL) && ((item_count) == 0)) { \ - (pointer) = mbedtls_calloc(1, 1); \ - } \ - TEST_ASSERT((pointer) != NULL); \ - } while (0) - -/* For backwards compatibility */ -#define ASSERT_ALLOC(pointer, item_count) TEST_CALLOC(pointer, item_count) - -/** Allocate memory dynamically. If the allocation fails, skip the test case. - * - * This macro behaves like #TEST_CALLOC, except that if the allocation - * fails, it marks the test as skipped rather than failed. - */ -#define TEST_CALLOC_OR_SKIP(pointer, item_count) \ - do { \ - TEST_ASSERT((pointer) == NULL); \ - if ((item_count) != 0) { \ - (pointer) = mbedtls_calloc((item_count), \ - sizeof(*(pointer))); \ - TEST_ASSUME((pointer) != NULL); \ - } \ - } while (0) - -/* For backwards compatibility */ -#define ASSERT_ALLOC_WEAK(pointer, item_count) TEST_CALLOC_OR_SKIP(pointer, item_count) - -/** Compare two buffers and fail the test case if they differ. - * - * This macro expands to an instruction, not an expression. - * It may jump to the \c exit label. - * - * \param p1 Pointer to the start of the first buffer. - * \param size1 Size of the first buffer in bytes. - * This expression may be evaluated multiple times. - * \param p2 Pointer to the start of the second buffer. - * \param size2 Size of the second buffer in bytes. - * This expression may be evaluated multiple times. - */ -#define TEST_MEMORY_COMPARE(p1, size1, p2, size2) \ - do { \ - TEST_EQUAL((size1), (size2)); \ - if ((size1) != 0) { \ - TEST_ASSERT(memcmp((p1), (p2), (size1)) == 0); \ - } \ - } while (0) - -/* For backwards compatibility */ -#define ASSERT_COMPARE(p1, size1, p2, size2) TEST_MEMORY_COMPARE(p1, size1, p2, size2) - -/** - * \brief This macro tests the expression passed to it and skips the - * running test if it doesn't evaluate to 'true'. - * - * \param TEST The test expression to be tested. - */ -#define TEST_ASSUME(TEST) \ - do { \ - if (!(TEST)) \ - { \ - mbedtls_test_skip( #TEST, __LINE__, __FILE__); \ - goto exit; \ - } \ - } while (0) - -#define TEST_HELPER_ASSERT(a) if (!(a)) \ - { \ - mbedtls_fprintf(stderr, "Assertion Failed at %s:%d - %s\n", \ - __FILE__, __LINE__, #a); \ - mbedtls_exit(1); \ - } - -/** Return the smaller of two values. - * - * \param x An integer-valued expression without side effects. - * \param y An integer-valued expression without side effects. - * - * \return The smaller of \p x and \p y. - */ -#define MIN(x, y) ((x) < (y) ? (x) : (y)) - -/** Return the larger of two values. - * - * \param x An integer-valued expression without side effects. - * \param y An integer-valued expression without side effects. - * - * \return The larger of \p x and \p y. - */ -#define MAX(x, y) ((x) > (y) ? (x) : (y)) - -#endif /* TEST_MACROS_H */ diff --git a/tests/include/test/memory.h b/tests/include/test/memory.h deleted file mode 100644 index 940d9e6baa0f..000000000000 --- a/tests/include/test/memory.h +++ /dev/null @@ -1,108 +0,0 @@ -/** - * \file memory.h - * - * \brief Helper macros and functions related to testing memory management. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef TEST_MEMORY_H -#define TEST_MEMORY_H - -#include "mbedtls/build_info.h" -#include "mbedtls/platform.h" -#include "test/helpers.h" - -/** \def MBEDTLS_TEST_MEMORY_CAN_POISON - * - * This macro is defined if the tests are compiled with a method to mark - * memory as poisoned, which can be used to enforce some memory access - * policies. - * - * Support for the C11 thread_local keyword is also required. - * - * Currently, only Asan (Address Sanitizer) is supported. - */ -#if defined(MBEDTLS_TEST_HAVE_ASAN) && \ - (__STDC_VERSION__ >= 201112L) && \ - !defined(PSA_CRYPTO_DRIVER_TEST) -# define MBEDTLS_TEST_MEMORY_CAN_POISON -#endif - -/** \def MBEDTLS_TEST_MEMORY_POISON(buf, size) - * - * Poison a memory area so that any attempt to read or write from it will - * cause a runtime failure. - * - * Depending on the implementation, this may poison a few bytes beyond the - * indicated region, but will never poison a separate object on the heap - * or a separate object with more than the alignment of a long long. - * - * The behavior is undefined if any part of the memory area is invalid. - * - * This is a no-op in builds without a poisoning method. - * See #MBEDTLS_TEST_MEMORY_CAN_POISON. - * - * \param buf Pointer to the beginning of the memory area to poison. - * \param size Size of the memory area in bytes. - */ - -/** \def MBEDTLS_TEST_MEMORY_UNPOISON(buf, size) - * - * Undo the effect of #MBEDTLS_TEST_MEMORY_POISON. - * - * The behavior is undefined if any part of the memory area is invalid, - * or if the memory area contains a mixture of poisoned and unpoisoned parts. - * - * This is a no-op in builds without a poisoning method. - * See #MBEDTLS_TEST_MEMORY_CAN_POISON. - * - * \param buf Pointer to the beginning of the memory area to unpoison. - * \param size Size of the memory area in bytes. - */ - -#if defined(MBEDTLS_TEST_MEMORY_CAN_POISON) - -/** Thread-local variable used to enable memory poisoning. This is set and - * unset in the test wrappers so that calls to PSA functions from the library - * do not poison memory. - */ -extern _Thread_local unsigned int mbedtls_test_memory_poisoning_count; - -/** Poison a memory area so that any attempt to read or write from it will - * cause a runtime failure. - * - * The behavior is undefined if any part of the memory area is invalid. - */ -void mbedtls_test_memory_poison(const unsigned char *ptr, size_t size); -#define MBEDTLS_TEST_MEMORY_POISON(ptr, size) \ - do { \ - mbedtls_test_memory_poisoning_count++; \ - mbedtls_test_memory_poison(ptr, size); \ - } while (0) - -/** Undo the effect of mbedtls_test_memory_poison(). - * - * This is a no-op if the given area is entirely valid, unpoisoned memory. - * - * The behavior is undefined if any part of the memory area is invalid, - * or if the memory area contains a mixture of poisoned and unpoisoned parts. - */ -void mbedtls_test_memory_unpoison(const unsigned char *ptr, size_t size); -#define MBEDTLS_TEST_MEMORY_UNPOISON(ptr, size) \ - do { \ - mbedtls_test_memory_unpoison(ptr, size); \ - if (mbedtls_test_memory_poisoning_count != 0) { \ - mbedtls_test_memory_poisoning_count--; \ - } \ - } while (0) - -#else /* MBEDTLS_TEST_MEMORY_CAN_POISON */ -#define MBEDTLS_TEST_MEMORY_POISON(ptr, size) ((void) (ptr), (void) (size)) -#define MBEDTLS_TEST_MEMORY_UNPOISON(ptr, size) ((void) (ptr), (void) (size)) -#endif /* MBEDTLS_TEST_MEMORY_CAN_POISON */ - -#endif /* TEST_MEMORY_H */ diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h deleted file mode 100644 index ea6e8c52dc7d..000000000000 --- a/tests/include/test/psa_crypto_helpers.h +++ /dev/null @@ -1,443 +0,0 @@ -/* - * Helper functions for tests that use the PSA Crypto API. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef PSA_CRYPTO_HELPERS_H -#define PSA_CRYPTO_HELPERS_H - -#include "test/helpers.h" - -#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) -#include "test/psa_helpers.h" -#include -#endif - -#if defined(MBEDTLS_PSA_CRYPTO_C) -/** Initialize the PSA Crypto subsystem. */ -#define PSA_INIT() PSA_ASSERT(psa_crypto_init()) - -/** Shut down the PSA Crypto subsystem and destroy persistent keys. - * Expect a clean shutdown, with no slots in use. - * - * If some key slots are still in use, record the test case as failed, - * but continue executing. This macro is suitable (and primarily intended) - * for use in the cleanup section of test functions. - * - * \note Persistent keys must be recorded with #TEST_USES_KEY_ID before - * creating them. - */ -#define PSA_DONE() \ - do \ - { \ - mbedtls_test_fail_if_psa_leaking(__LINE__, __FILE__); \ - mbedtls_test_psa_purge_key_storage(); \ - mbedtls_psa_crypto_free(); \ - } \ - while (0) -#elif defined(MBEDTLS_PSA_CRYPTO_CLIENT) /* MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C */ -#define PSA_INIT() PSA_ASSERT(psa_crypto_init()) -#define PSA_DONE() mbedtls_psa_crypto_free(); -#else /* MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C */ -#define PSA_INIT() ((void) 0) -#define PSA_DONE() ((void) 0) -#endif /* MBEDTLS_PSA_CRYPTO_C */ - -#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) - -#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) - -/* Internal function for #TEST_USES_KEY_ID. Return 1 on success, 0 on failure. */ -int mbedtls_test_uses_key_id(mbedtls_svc_key_id_t key_id); - -/** Destroy persistent keys recorded with #TEST_USES_KEY_ID. - */ -void mbedtls_test_psa_purge_key_storage(void); - -/** Purge the in-memory cache of persistent keys recorded with - * #TEST_USES_KEY_ID. - * - * Call this function before calling PSA_DONE() if it's ok for - * persistent keys to still exist at this point. - */ -void mbedtls_test_psa_purge_key_cache(void); - -/** \def TEST_USES_KEY_ID - * - * Call this macro in a test function before potentially creating a - * persistent key. Test functions that use this mechanism must call - * mbedtls_test_psa_purge_key_storage() in their cleanup code. - * - * This macro records a persistent key identifier as potentially used in the - * current test case. Recorded key identifiers will be cleaned up at the end - * of the test case, even on failure. - * - * This macro has no effect on volatile keys. Therefore, it is safe to call - * this macro in a test function that creates either volatile or persistent - * keys depending on the test data. - * - * This macro currently has no effect on special identifiers - * used to store implementation-specific files. - * - * Calling this macro multiple times on the same key identifier in the same - * test case has no effect. - * - * This macro can fail the test case if there isn't enough memory to - * record the key id. - * - * \param key_id The PSA key identifier to record. - */ -#define TEST_USES_KEY_ID(key_id) \ - TEST_ASSERT(mbedtls_test_uses_key_id(key_id)) - -#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ - -#define TEST_USES_KEY_ID(key_id) ((void) (key_id)) -#define mbedtls_test_psa_purge_key_storage() ((void) 0) -#define mbedtls_test_psa_purge_key_cache() ((void) 0) - -#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ - -/** Check for things that have not been cleaned up properly in the - * PSA subsystem. - * - * \return NULL if nothing has leaked. - * \return A string literal explaining what has not been cleaned up - * if applicable. - */ -const char *mbedtls_test_helper_is_psa_leaking(void); - -/** Check that no PSA Crypto key slots are in use. - * - * If any slots are in use, mark the current test as failed and jump to - * the exit label. This is equivalent to - * `TEST_ASSERT( ! mbedtls_test_helper_is_psa_leaking( ) )` - * but with a more informative message. - */ -#define ASSERT_PSA_PRISTINE() \ - do \ - { \ - if (mbedtls_test_fail_if_psa_leaking(__LINE__, __FILE__)) \ - goto exit; \ - } \ - while (0) - -/** Shut down the PSA Crypto subsystem, allowing persistent keys to survive. - * Expect a clean shutdown, with no slots in use. - * - * If some key slots are still in use, record the test case as failed and - * jump to the `exit` label. - */ -#define PSA_SESSION_DONE() \ - do \ - { \ - mbedtls_test_psa_purge_key_cache(); \ - ASSERT_PSA_PRISTINE(); \ - mbedtls_psa_crypto_free(); \ - } \ - while (0) - - - -#if defined(RECORD_PSA_STATUS_COVERAGE_LOG) -psa_status_t mbedtls_test_record_status(psa_status_t status, - const char *func, - const char *file, int line, - const char *expr); - -/** Return value logging wrapper macro. - * - * Evaluate \p expr. Write a line recording its value to the log file - * #STATUS_LOG_FILE_NAME and return the value. The line is a colon-separated - * list of fields: - * ``` - * value of expr:string:__FILE__:__LINE__:expr - * ``` - * - * The test code does not call this macro explicitly because that would - * be very invasive. Instead, we instrument the source code by defining - * a bunch of wrapper macros like - * ``` - * #define psa_crypto_init() RECORD_STATUS("psa_crypto_init", psa_crypto_init()) - * ``` - * These macro definitions must be present in `instrument_record_status.h` - * when building the test suites. - * - * \param string A string, normally a function name. - * \param expr An expression to evaluate, normally a call of the function - * whose name is in \p string. This expression must return - * a value of type #psa_status_t. - * \return The value of \p expr. - */ -#define RECORD_STATUS(string, expr) \ - mbedtls_test_record_status((expr), string, __FILE__, __LINE__, #expr) - -#include "instrument_record_status.h" - -#endif /* defined(RECORD_PSA_STATUS_COVERAGE_LOG) */ - -/** Return extended key usage policies. - * - * Do a key policy permission extension on key usage policies always involves - * permissions of other usage policies - * (like PSA_KEY_USAGE_SIGN_HASH involves PSA_KEY_USAGE_SIGN_MESSAGE). - */ -psa_key_usage_t mbedtls_test_update_key_usage_flags(psa_key_usage_t usage_flags); - -/** Check that no PSA Crypto key slots are in use. - * - * If any slots are in use, mark the current test as failed. - * - * \return 0 if the key store is empty, 1 otherwise. - */ -int mbedtls_test_fail_if_psa_leaking(int line_no, const char *filename); - - - -#if defined(MBEDTLS_PSA_INJECT_ENTROPY) -/* The #MBEDTLS_PSA_INJECT_ENTROPY feature requires two extra platform - * functions, which must be configured as #MBEDTLS_PLATFORM_NV_SEED_READ_MACRO - * and #MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO. The job of these functions - * is to read and write from the entropy seed file, which is located - * in the PSA ITS file whose uid is #PSA_CRYPTO_ITS_RANDOM_SEED_UID. - * (These could have been provided as library functions, but for historical - * reasons, they weren't, and so each integrator has to provide a copy - * of these functions.) - * - * Provide implementations of these functions for testing. */ -int mbedtls_test_inject_entropy_seed_read(unsigned char *buf, size_t len); -int mbedtls_test_inject_entropy_seed_write(unsigned char *buf, size_t len); - - -/** Make sure that the injected entropy is present. - * - * When MBEDTLS_PSA_INJECT_ENTROPY is enabled, psa_crypto_init() - * will fail if the PSA entropy seed is not present. - * This function must be called at least once in a test suite or other - * program before any call to psa_crypto_init(). - * It does not need to be called in each test case. - * - * The test framework calls this function before running any test case. - * - * The few tests that might remove the entropy file must call this function - * in their cleanup. - */ -int mbedtls_test_inject_entropy_restore(void); -#endif /* MBEDTLS_PSA_INJECT_ENTROPY */ - -/** Parse binary string and convert it to a long integer - */ -uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); - -/** Skip a test case if the given key is a 192 bits AES key and the AES - * implementation is at least partially provided by an accelerator or - * alternative implementation. - * - * Call this macro in a test case when a cryptographic operation that may - * involve an AES operation returns a #PSA_ERROR_NOT_SUPPORTED error code. - * The macro call will skip and not fail the test case in case the operation - * involves a 192 bits AES key and the AES implementation is at least - * partially provided by an accelerator or alternative implementation. - * - * Hardware AES implementations not supporting 192 bits keys commonly exist. - * Consequently, PSA test cases aim at not failing when an AES operation with - * a 192 bits key performed by an alternative AES implementation returns - * with the #PSA_ERROR_NOT_SUPPORTED error code. The purpose of this macro - * is to facilitate this and make the test case code more readable. - * - * \param key_type Key type - * \param key_bits Key length in number of bits. - */ -#if defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) -#define MBEDTLS_TEST_HAVE_ALT_AES 1 -#else -#define MBEDTLS_TEST_HAVE_ALT_AES 0 -#endif - -#define MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192(key_type, key_bits) \ - do \ - { \ - if ((MBEDTLS_TEST_HAVE_ALT_AES) && \ - ((key_type) == PSA_KEY_TYPE_AES) && \ - (key_bits == 192)) \ - { \ - mbedtls_test_skip("AES-192 not supported", __LINE__, __FILE__); \ - goto exit; \ - } \ - } \ - while (0) - -/** Skip a test case if a GCM operation with a nonce length different from - * 12 bytes fails and was performed by an accelerator or alternative - * implementation. - * - * Call this macro in a test case when an AEAD cryptography operation that - * may involve the GCM mode returns with a #PSA_ERROR_NOT_SUPPORTED error - * code. The macro call will skip and not fail the test case in case the - * operation involves the GCM mode, a nonce with a length different from - * 12 bytes and the GCM mode implementation is an alternative one. - * - * Hardware GCM implementations not supporting nonce lengths different from - * 12 bytes commonly exist, as supporting a non-12-byte nonce requires - * additional computations involving the GHASH function. - * Consequently, PSA test cases aim at not failing when an AEAD operation in - * GCM mode with a nonce length different from 12 bytes is performed by an - * alternative GCM implementation and returns with a #PSA_ERROR_NOT_SUPPORTED - * error code. The purpose of this macro is to facilitate this check and make - * the test case code more readable. - * - * \param alg The AEAD algorithm. - * \param nonce_length The nonce length in number of bytes. - */ - -#if defined(MBEDTLS_PSA_ACCEL_ALG_GCM) -#define MBEDTLS_TEST_HAVE_ACCEL_GCM 1 -#else -#define MBEDTLS_TEST_HAVE_ACCEL_GCM 0 -#endif - -#define MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE(alg, \ - nonce_length) \ - do \ - { \ - if ((MBEDTLS_TEST_HAVE_ACCEL_GCM) && \ - (PSA_ALG_AEAD_WITH_SHORTENED_TAG((alg), 0) == \ - PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 0)) && \ - ((nonce_length) != 12)) \ - { \ - mbedtls_test_skip("GCM with non-12-byte IV is not supported", __LINE__, __FILE__); \ - goto exit; \ - } \ - } \ - while (0) - -#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ - -/** \def USE_PSA_INIT - * - * Call this macro to initialize the PSA subsystem if #MBEDTLS_USE_PSA_CRYPTO - * or #MBEDTLS_SSL_PROTO_TLS1_3 (In contrast to TLS 1.2 implementation, the - * TLS 1.3 one uses PSA independently of the definition of - * #MBEDTLS_USE_PSA_CRYPTO) is enabled and do nothing otherwise. - * - * If the initialization fails, mark the test case as failed and jump to the - * \p exit label. - */ -/** \def USE_PSA_DONE - * - * Call this macro at the end of a test case if you called #USE_PSA_INIT. - * - * This is like #PSA_DONE except it does nothing under the same conditions as - * #USE_PSA_INIT. - */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) -#define USE_PSA_INIT() PSA_INIT() -#define USE_PSA_DONE() PSA_DONE() -#else /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ -/* Define empty macros so that we can use them in the preamble and teardown - * of every test function that uses PSA conditionally based on - * MBEDTLS_USE_PSA_CRYPTO. */ -#define USE_PSA_INIT() ((void) 0) -#define USE_PSA_DONE() ((void) 0) -#endif /* !MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_SSL_PROTO_TLS1_3 */ - -/** \def MD_PSA_INIT - * - * Call this macro to initialize the PSA subsystem if MD uses a driver, - * and do nothing otherwise. - * - * If the initialization fails, mark the test case as failed and jump to the - * \p exit label. - */ -/** \def MD_PSA_DONE - * - * Call this macro at the end of a test case if you called #MD_PSA_INIT. - * - * This is like #PSA_DONE except it does nothing under the same conditions as - * #MD_PSA_INIT. - */ -#if defined(MBEDTLS_MD_SOME_PSA) -#define MD_PSA_INIT() PSA_INIT() -#define MD_PSA_DONE() PSA_DONE() -#else /* MBEDTLS_MD_SOME_PSA */ -#define MD_PSA_INIT() ((void) 0) -#define MD_PSA_DONE() ((void) 0) -#endif /* MBEDTLS_MD_SOME_PSA */ - -/** \def BLOCK_CIPHER_PSA_INIT - * - * Call this macro to initialize the PSA subsystem if BLOCK_CIPHER uses a driver, - * and do nothing otherwise. - * - * If the initialization fails, mark the test case as failed and jump to the - * \p exit label. - */ -/** \def BLOCK_CIPHER_PSA_DONE - * - * Call this macro at the end of a test case if you called #BLOCK_CIPHER_PSA_INIT. - * - * This is like #PSA_DONE except it does nothing under the same conditions as - * #BLOCK_CIPHER_PSA_INIT. - */ -#if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA) -#define BLOCK_CIPHER_PSA_INIT() PSA_INIT() -#define BLOCK_CIPHER_PSA_DONE() PSA_DONE() -#else /* MBEDTLS_MD_SOME_PSA */ -#define BLOCK_CIPHER_PSA_INIT() ((void) 0) -#define BLOCK_CIPHER_PSA_DONE() ((void) 0) -#endif /* MBEDTLS_MD_SOME_PSA */ - - -/** \def MD_OR_USE_PSA_INIT - * - * Call this macro to initialize the PSA subsystem if MD uses a driver, - * or if #MBEDTLS_USE_PSA_CRYPTO or #MBEDTLS_SSL_PROTO_TLS1_3 is enabled, - * and do nothing otherwise. - * - * If the initialization fails, mark the test case as failed and jump to the - * \p exit label. - */ -/** \def MD_OR_USE_PSA_DONE - * - * Call this macro at the end of a test case if you called #MD_OR_USE_PSA_INIT. - * - * This is like #PSA_DONE except it does nothing under the same conditions as - * #MD_OR_USE_PSA_INIT. - */ -#if defined(MBEDTLS_MD_SOME_PSA) || \ - defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) -#define MD_OR_USE_PSA_INIT() PSA_INIT() -#define MD_OR_USE_PSA_DONE() PSA_DONE() -#else -#define MD_OR_USE_PSA_INIT() ((void) 0) -#define MD_OR_USE_PSA_DONE() ((void) 0) -#endif - -/** \def AES_PSA_INIT - * - * Call this macro to initialize the PSA subsystem if AES_C is not defined, - * so that CTR_DRBG uses PSA implementation to get AES-ECB. - * - * If the initialization fails, mark the test case as failed and jump to the - * \p exit label. - */ -/** \def AES_PSA_DONE - * - * Call this macro at the end of a test case if you called #AES_PSA_INIT. - * - * This is like #PSA_DONE except it does nothing under the same conditions as - * #AES_PSA_INIT. - */ -#if defined(MBEDTLS_AES_C) -#define AES_PSA_INIT() ((void) 0) -#define AES_PSA_DONE() ((void) 0) -#else /* MBEDTLS_AES_C */ -#define AES_PSA_INIT() PSA_INIT() -#define AES_PSA_DONE() PSA_DONE() -#endif /* MBEDTLS_AES_C */ - -#endif /* PSA_CRYPTO_HELPERS_H */ diff --git a/tests/include/test/psa_exercise_key.h b/tests/include/test/psa_exercise_key.h deleted file mode 100644 index f6be3073ac13..000000000000 --- a/tests/include/test/psa_exercise_key.h +++ /dev/null @@ -1,286 +0,0 @@ -/** Code to exercise a PSA key object, i.e. validate that it seems well-formed - * and can do what it is supposed to do. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef PSA_EXERCISE_KEY_H -#define PSA_EXERCISE_KEY_H - -#include "test/helpers.h" -#include "test/psa_crypto_helpers.h" - -#include - -#if defined(MBEDTLS_PK_C) -#include -#endif - -/** \def KNOWN_SUPPORTED_HASH_ALG - * - * A hash algorithm that is known to be supported. - * - * This is used in some smoke tests. - */ -#if defined(PSA_WANT_ALG_SHA_256) -#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_256 -#elif defined(PSA_WANT_ALG_SHA_384) -#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_384 -#elif defined(PSA_WANT_ALG_SHA_512) -#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_512 -#elif defined(PSA_WANT_ALG_SHA3_256) -#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA3_256 -#elif defined(PSA_WANT_ALG_SHA_1) -#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_1 -#elif defined(PSA_WANT_ALG_MD5) -#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_MD5 -/* PSA_WANT_ALG_RIPEMD160 omitted. This is necessary for the sake of - * exercise_signature_key() because Mbed TLS doesn't support RIPEMD160 - * in RSA PKCS#1v1.5 signatures. A RIPEMD160-only configuration would be - * implausible anyway. */ -#else -#undef KNOWN_SUPPORTED_HASH_ALG -#endif - -/** \def KNOWN_SUPPORTED_BLOCK_CIPHER - * - * A block cipher that is known to be supported. - * - * For simplicity's sake, stick to block ciphers with 16-byte blocks. - */ -#if defined(PSA_WANT_KEY_TYPE_AES) -#define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_AES -#elif defined(PSA_WANT_KEY_TYPE_ARIA) -#define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_ARIA -#elif defined(PSA_WANT_KEY_TYPE_CAMELLIA) -#define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_CAMELLIA -#else -#undef KNOWN_SUPPORTED_BLOCK_CIPHER -#endif - -/** \def KNOWN_SUPPORTED_MAC_ALG - * - * A MAC mode that is known to be supported. - * - * It must either be HMAC with #KNOWN_SUPPORTED_HASH_ALG or - * a block cipher-based MAC with #KNOWN_SUPPORTED_BLOCK_CIPHER. - * - * This is used in some smoke tests. - */ -#if defined(KNOWN_SUPPORTED_HASH_ALG) && defined(PSA_WANT_ALG_HMAC) -#define KNOWN_SUPPORTED_MAC_ALG (PSA_ALG_HMAC(KNOWN_SUPPORTED_HASH_ALG)) -#define KNOWN_SUPPORTED_MAC_KEY_TYPE PSA_KEY_TYPE_HMAC -#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CMAC_C) -#define KNOWN_SUPPORTED_MAC_ALG PSA_ALG_CMAC -#define KNOWN_SUPPORTED_MAC_KEY_TYPE KNOWN_SUPPORTED_BLOCK_CIPHER -#else -#undef KNOWN_SUPPORTED_MAC_ALG -#undef KNOWN_SUPPORTED_MAC_KEY_TYPE -#endif - -/** \def KNOWN_SUPPORTED_BLOCK_CIPHER_ALG - * - * A cipher algorithm and key type that are known to be supported. - * - * This is used in some smoke tests. - */ -#if defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(PSA_WANT_ALG_CTR) -#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_CTR -#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(PSA_WANT_ALG_CBC_NO_PADDING) -#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_CBC_NO_PADDING -#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(PSA_WANT_ALG_CFB) -#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_CFB -#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(PSA_WANT_ALG_OFB) -#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_OFB -#else -#undef KNOWN_SUPPORTED_BLOCK_CIPHER_ALG -#endif -#if defined(KNOWN_SUPPORTED_BLOCK_CIPHER_ALG) -#define KNOWN_SUPPORTED_CIPHER_ALG KNOWN_SUPPORTED_BLOCK_CIPHER_ALG -#define KNOWN_SUPPORTED_CIPHER_KEY_TYPE KNOWN_SUPPORTED_BLOCK_CIPHER -#else -#undef KNOWN_SUPPORTED_CIPHER_ALG -#undef KNOWN_SUPPORTED_CIPHER_KEY_TYPE -#endif - -/** Convenience function to set up a key derivation. - * - * In case of failure, mark the current test case as failed. - * - * The inputs \p input1 and \p input2 are, in order: - * - HKDF: salt, info. - * - TKS 1.2 PRF, TLS 1.2 PSK-to-MS: seed, label. - * - PBKDF2: input cost, salt. - * - * \param operation The operation object to use. - * It must be in the initialized state. - * \param key The key to use. - * \param alg The algorithm to use. - * \param input1 The first input to pass. - * \param input1_length The length of \p input1 in bytes. - * \param input2 The first input to pass. - * \param input2_length The length of \p input2 in bytes. - * \param capacity The capacity to set. - * \param key_destroyable If set to 1, a failure due to the key not existing - * or the key being destroyed mid-operation will only - * be reported if the error code is unexpected. - * - * \return \c 1 on success, \c 0 on failure. - */ -int mbedtls_test_psa_setup_key_derivation_wrap( - psa_key_derivation_operation_t *operation, - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const unsigned char *input1, size_t input1_length, - const unsigned char *input2, size_t input2_length, - size_t capacity, int key_destroyable); - -/** Perform a key agreement using the given key pair against its public key - * using psa_raw_key_agreement(). - * - * The result is discarded. The purpose of this function is to smoke-test a key. - * - * In case of failure, mark the current test case as failed. - * - * \param alg A key agreement algorithm compatible with \p key. - * \param key A key that allows key agreement with \p alg. - * \param key_destroyable If set to 1, a failure due to the key not existing - * or the key being destroyed mid-operation will only - * be reported if the error code is unexpected. - * - * \return \c 1 on success, \c 0 on failure. - */ -psa_status_t mbedtls_test_psa_raw_key_agreement_with_self( - psa_algorithm_t alg, - mbedtls_svc_key_id_t key, int key_destroyable); - -/** Perform a key agreement using the given key pair against its public key - * using psa_key_derivation_raw_key(). - * - * The result is discarded. The purpose of this function is to smoke-test a key. - * - * In case of failure, mark the current test case as failed. - * - * \param operation An operation that has been set up for a key - * agreement algorithm that is compatible with - * \p key. - * \param key A key pair object that is suitable for a key - * agreement with \p operation. - * \param key_destroyable If set to 1, a failure due to the key not existing - * or the key being destroyed mid-operation will only - * be reported if the error code is unexpected. - * - * \return \c 1 on success, \c 0 on failure. - */ -psa_status_t mbedtls_test_psa_key_agreement_with_self( - psa_key_derivation_operation_t *operation, - mbedtls_svc_key_id_t key, int key_destroyable); - -/** Perform sanity checks on the given key representation. - * - * If any of the checks fail, mark the current test case as failed. - * - * The checks depend on the key type. - * - All types: check the export size against maximum-size macros. - * - DES: parity bits. - * - RSA: check the ASN.1 structure and the size and parity of the integers. - * - ECC private or public key: exact representation length. - * - Montgomery public key: first byte. - * - * \param type The key type. - * \param bits The key size in bits. - * \param exported A buffer containing the key representation. - * \param exported_length The length of \p exported in bytes. - * - * \return \c 1 if all checks passed, \c 0 on failure. - */ -int mbedtls_test_psa_exported_key_sanity_check( - psa_key_type_t type, size_t bits, - const uint8_t *exported, size_t exported_length); - -/** Do smoke tests on a key. - * - * Perform one of each operation indicated by \p alg (decrypt/encrypt, - * sign/verify, or derivation) that is permitted according to \p usage. - * \p usage and \p alg should correspond to the expected policy on the - * key. - * - * Export the key if permitted by \p usage, and check that the output - * looks sensible. If \p usage forbids export, check that - * \p psa_export_key correctly rejects the attempt. If the key is - * asymmetric, also check \p psa_export_public_key. - * - * If the key fails the tests, this function calls the test framework's - * `mbedtls_test_fail` function and returns false. Otherwise this function - * returns true. Therefore it should be used as follows: - * ``` - * if( ! exercise_key( ... ) ) goto exit; - * ``` - * To use this function for multi-threaded tests where the key - * may be destroyed at any point: call this function with key_destroyable set - * to 1, while another thread calls psa_destroy_key on the same key; - * this will test whether destroying the key in use leads to any corruption. - * - * There cannot be a set of concurrent calls: - * `mbedtls_test_psa_exercise_key(ki,...)` such that each ki is a unique - * persistent key not loaded into any key slot, and i is greater than the - * number of free key slots. - * This is because such scenarios can lead to unsupported - * `PSA_ERROR_INSUFFICIENT_MEMORY` return codes. - * - * - * \param key The key to exercise. It should be capable of performing - * \p alg. - * \param usage The usage flags to assume. - * \param alg The algorithm to exercise. - * \param key_destroyable If set to 1, a failure due to the key not existing - * or the key being destroyed mid-operation will only - * be reported if the error code is unexpected. - * - * \retval 0 The key failed the smoke tests. - * \retval 1 The key passed the smoke tests. - */ -int mbedtls_test_psa_exercise_key(mbedtls_svc_key_id_t key, - psa_key_usage_t usage, - psa_algorithm_t alg, - int key_destroyable); - -psa_key_usage_t mbedtls_test_psa_usage_to_exercise(psa_key_type_t type, - psa_algorithm_t alg); - -/** Whether the specified algorithm can be exercised. - * - * \note This function is solely based on the algorithm and does not - * consider potential issues with the compatibility of a key. - * The idea is that you already have a key, so you know that the - * key type is supported, and you want to exercise the key but - * only if the algorithm given in its policy is enabled in the - * compile-time configuration. - * - * \note This function currently only supports signature algorithms - * (including wildcards). - * TODO: a more general mechanism, which should be automatically - * generated and possibly available as a library function? - */ -int mbedtls_test_can_exercise_psa_algorithm(psa_algorithm_t alg); - -#if defined(MBEDTLS_PK_C) -/** PK-PSA key consistency test. - * - * This function tests that the pk context and the PSA key are - * consistent. At a minimum: - * - * - The two objects must contain keys of the same type, - * or a key pair and a public key of the matching type. - * - The two objects must have the same public key. - * - * \retval 0 The key failed the consistency tests. - * \retval 1 The key passed the consistency tests. - */ -int mbedtls_test_key_consistency_psa_pk(mbedtls_svc_key_id_t psa_key, - const mbedtls_pk_context *pk); -#endif /* MBEDTLS_PK_C */ - -#endif /* PSA_EXERCISE_KEY_H */ diff --git a/tests/include/test/psa_helpers.h b/tests/include/test/psa_helpers.h deleted file mode 100644 index b61718939e76..000000000000 --- a/tests/include/test/psa_helpers.h +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Helper functions for tests that use any PSA API. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef PSA_HELPERS_H -#define PSA_HELPERS_H - -#if defined(MBEDTLS_PSA_CRYPTO_SPM) -#include "spm/psa_defs.h" -#endif - -/** Evaluate an expression and fail the test case if it returns an error. - * - * \param expr The expression to evaluate. This is typically a call - * to a \c psa_xxx function that returns a value of type - * #psa_status_t. - */ -#define PSA_ASSERT(expr) TEST_EQUAL((expr), PSA_SUCCESS) - -#endif /* PSA_HELPERS_H */ diff --git a/tests/include/test/psa_memory_poisoning_wrappers.h b/tests/include/test/psa_memory_poisoning_wrappers.h deleted file mode 100644 index 3f30b65c0471..000000000000 --- a/tests/include/test/psa_memory_poisoning_wrappers.h +++ /dev/null @@ -1,40 +0,0 @@ -/** Support for memory poisoning wrappers for PSA functions. - * - * The wrappers poison the input and output buffers of each function - * before calling it, to ensure that it does not access the buffers - * except by calling the approved buffer-copying functions. - * - * This header declares support functions. The wrappers themselves are - * decalred in the automatically generated file `test/psa_test_wrappers.h`. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef PSA_MEMORY_POISONING_WRAPPERS_H -#define PSA_MEMORY_POISONING_WRAPPERS_H - -#include "psa/crypto.h" - -#include "test/memory.h" - -#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_TEST_MEMORY_CAN_POISON) - -/** - * \brief Setup the memory poisoning test hooks used by - * psa_crypto_copy_input() and psa_crypto_copy_output() for - * memory poisoning. - */ -void mbedtls_poison_test_hooks_setup(void); - -/** - * \brief Teardown the memory poisoning test hooks used by - * psa_crypto_copy_input() and psa_crypto_copy_output() for - * memory poisoning. - */ -void mbedtls_poison_test_hooks_teardown(void); - -#endif /* MBEDTLS_TEST_HOOKS && MBEDTLS_TEST_MEMORY_CAN_POISON */ - -#endif /* PSA_MEMORY_POISONING_WRAPPERS_H */ diff --git a/tests/include/test/psa_test_wrappers.h b/tests/include/test/psa_test_wrappers.h deleted file mode 100644 index e6d712bd6349..000000000000 --- a/tests/include/test/psa_test_wrappers.h +++ /dev/null @@ -1,771 +0,0 @@ -/* Automatically generated by generate_psa_wrappers.py, do not edit! */ - -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef TEST_PSA_TEST_WRAPPERS_H -#define TEST_PSA_TEST_WRAPPERS_H - -#ifdef __cplusplus -extern "C" { -#endif - -#include - -#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_TEST_HOOKS) && \ - !defined(RECORD_PSA_STATUS_COVERAGE_LOG) - -#include - -#include -#include -#include - -#if defined(MBEDTLS_PSA_INJECT_ENTROPY) -psa_status_t mbedtls_test_wrap_mbedtls_psa_inject_entropy( - const uint8_t *arg0_seed, - size_t arg1_seed_size); -#define mbedtls_psa_inject_entropy(arg0_seed, arg1_seed_size) \ - mbedtls_test_wrap_mbedtls_psa_inject_entropy(arg0_seed, arg1_seed_size) -#endif /* defined(MBEDTLS_PSA_INJECT_ENTROPY) */ - -#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS) -psa_status_t mbedtls_test_wrap_mbedtls_psa_platform_get_builtin_key( - mbedtls_svc_key_id_t arg0_key_id, - psa_key_lifetime_t *arg1_lifetime, - psa_drv_slot_number_t *arg2_slot_number); -#define mbedtls_psa_platform_get_builtin_key(arg0_key_id, arg1_lifetime, arg2_slot_number) \ - mbedtls_test_wrap_mbedtls_psa_platform_get_builtin_key(arg0_key_id, arg1_lifetime, arg2_slot_number) -#endif /* defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS) */ - -#if defined(MBEDTLS_PSA_CRYPTO_SE_C) -psa_status_t mbedtls_test_wrap_mbedtls_psa_register_se_key( - const psa_key_attributes_t *arg0_attributes); -#define mbedtls_psa_register_se_key(arg0_attributes) \ - mbedtls_test_wrap_mbedtls_psa_register_se_key(arg0_attributes) -#endif /* defined(MBEDTLS_PSA_CRYPTO_SE_C) */ - -psa_status_t mbedtls_test_wrap_psa_aead_abort( - psa_aead_operation_t *arg0_operation); -#define psa_aead_abort(arg0_operation) \ - mbedtls_test_wrap_psa_aead_abort(arg0_operation) - -psa_status_t mbedtls_test_wrap_psa_aead_decrypt( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_nonce, - size_t arg3_nonce_length, - const uint8_t *arg4_additional_data, - size_t arg5_additional_data_length, - const uint8_t *arg6_ciphertext, - size_t arg7_ciphertext_length, - uint8_t *arg8_plaintext, - size_t arg9_plaintext_size, - size_t *arg10_plaintext_length); -#define psa_aead_decrypt(arg0_key, arg1_alg, arg2_nonce, arg3_nonce_length, arg4_additional_data, arg5_additional_data_length, arg6_ciphertext, arg7_ciphertext_length, arg8_plaintext, arg9_plaintext_size, arg10_plaintext_length) \ - mbedtls_test_wrap_psa_aead_decrypt(arg0_key, arg1_alg, arg2_nonce, arg3_nonce_length, arg4_additional_data, arg5_additional_data_length, arg6_ciphertext, arg7_ciphertext_length, arg8_plaintext, arg9_plaintext_size, arg10_plaintext_length) - -psa_status_t mbedtls_test_wrap_psa_aead_decrypt_setup( - psa_aead_operation_t *arg0_operation, - mbedtls_svc_key_id_t arg1_key, - psa_algorithm_t arg2_alg); -#define psa_aead_decrypt_setup(arg0_operation, arg1_key, arg2_alg) \ - mbedtls_test_wrap_psa_aead_decrypt_setup(arg0_operation, arg1_key, arg2_alg) - -psa_status_t mbedtls_test_wrap_psa_aead_encrypt( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_nonce, - size_t arg3_nonce_length, - const uint8_t *arg4_additional_data, - size_t arg5_additional_data_length, - const uint8_t *arg6_plaintext, - size_t arg7_plaintext_length, - uint8_t *arg8_ciphertext, - size_t arg9_ciphertext_size, - size_t *arg10_ciphertext_length); -#define psa_aead_encrypt(arg0_key, arg1_alg, arg2_nonce, arg3_nonce_length, arg4_additional_data, arg5_additional_data_length, arg6_plaintext, arg7_plaintext_length, arg8_ciphertext, arg9_ciphertext_size, arg10_ciphertext_length) \ - mbedtls_test_wrap_psa_aead_encrypt(arg0_key, arg1_alg, arg2_nonce, arg3_nonce_length, arg4_additional_data, arg5_additional_data_length, arg6_plaintext, arg7_plaintext_length, arg8_ciphertext, arg9_ciphertext_size, arg10_ciphertext_length) - -psa_status_t mbedtls_test_wrap_psa_aead_encrypt_setup( - psa_aead_operation_t *arg0_operation, - mbedtls_svc_key_id_t arg1_key, - psa_algorithm_t arg2_alg); -#define psa_aead_encrypt_setup(arg0_operation, arg1_key, arg2_alg) \ - mbedtls_test_wrap_psa_aead_encrypt_setup(arg0_operation, arg1_key, arg2_alg) - -psa_status_t mbedtls_test_wrap_psa_aead_finish( - psa_aead_operation_t *arg0_operation, - uint8_t *arg1_ciphertext, - size_t arg2_ciphertext_size, - size_t *arg3_ciphertext_length, - uint8_t *arg4_tag, - size_t arg5_tag_size, - size_t *arg6_tag_length); -#define psa_aead_finish(arg0_operation, arg1_ciphertext, arg2_ciphertext_size, arg3_ciphertext_length, arg4_tag, arg5_tag_size, arg6_tag_length) \ - mbedtls_test_wrap_psa_aead_finish(arg0_operation, arg1_ciphertext, arg2_ciphertext_size, arg3_ciphertext_length, arg4_tag, arg5_tag_size, arg6_tag_length) - -psa_status_t mbedtls_test_wrap_psa_aead_generate_nonce( - psa_aead_operation_t *arg0_operation, - uint8_t *arg1_nonce, - size_t arg2_nonce_size, - size_t *arg3_nonce_length); -#define psa_aead_generate_nonce(arg0_operation, arg1_nonce, arg2_nonce_size, arg3_nonce_length) \ - mbedtls_test_wrap_psa_aead_generate_nonce(arg0_operation, arg1_nonce, arg2_nonce_size, arg3_nonce_length) - -psa_status_t mbedtls_test_wrap_psa_aead_set_lengths( - psa_aead_operation_t *arg0_operation, - size_t arg1_ad_length, - size_t arg2_plaintext_length); -#define psa_aead_set_lengths(arg0_operation, arg1_ad_length, arg2_plaintext_length) \ - mbedtls_test_wrap_psa_aead_set_lengths(arg0_operation, arg1_ad_length, arg2_plaintext_length) - -psa_status_t mbedtls_test_wrap_psa_aead_set_nonce( - psa_aead_operation_t *arg0_operation, - const uint8_t *arg1_nonce, - size_t arg2_nonce_length); -#define psa_aead_set_nonce(arg0_operation, arg1_nonce, arg2_nonce_length) \ - mbedtls_test_wrap_psa_aead_set_nonce(arg0_operation, arg1_nonce, arg2_nonce_length) - -psa_status_t mbedtls_test_wrap_psa_aead_update( - psa_aead_operation_t *arg0_operation, - const uint8_t *arg1_input, - size_t arg2_input_length, - uint8_t *arg3_output, - size_t arg4_output_size, - size_t *arg5_output_length); -#define psa_aead_update(arg0_operation, arg1_input, arg2_input_length, arg3_output, arg4_output_size, arg5_output_length) \ - mbedtls_test_wrap_psa_aead_update(arg0_operation, arg1_input, arg2_input_length, arg3_output, arg4_output_size, arg5_output_length) - -psa_status_t mbedtls_test_wrap_psa_aead_update_ad( - psa_aead_operation_t *arg0_operation, - const uint8_t *arg1_input, - size_t arg2_input_length); -#define psa_aead_update_ad(arg0_operation, arg1_input, arg2_input_length) \ - mbedtls_test_wrap_psa_aead_update_ad(arg0_operation, arg1_input, arg2_input_length) - -psa_status_t mbedtls_test_wrap_psa_aead_verify( - psa_aead_operation_t *arg0_operation, - uint8_t *arg1_plaintext, - size_t arg2_plaintext_size, - size_t *arg3_plaintext_length, - const uint8_t *arg4_tag, - size_t arg5_tag_length); -#define psa_aead_verify(arg0_operation, arg1_plaintext, arg2_plaintext_size, arg3_plaintext_length, arg4_tag, arg5_tag_length) \ - mbedtls_test_wrap_psa_aead_verify(arg0_operation, arg1_plaintext, arg2_plaintext_size, arg3_plaintext_length, arg4_tag, arg5_tag_length) - -psa_status_t mbedtls_test_wrap_psa_asymmetric_decrypt( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_input, - size_t arg3_input_length, - const uint8_t *arg4_salt, - size_t arg5_salt_length, - uint8_t *arg6_output, - size_t arg7_output_size, - size_t *arg8_output_length); -#define psa_asymmetric_decrypt(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_salt, arg5_salt_length, arg6_output, arg7_output_size, arg8_output_length) \ - mbedtls_test_wrap_psa_asymmetric_decrypt(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_salt, arg5_salt_length, arg6_output, arg7_output_size, arg8_output_length) - -psa_status_t mbedtls_test_wrap_psa_asymmetric_encrypt( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_input, - size_t arg3_input_length, - const uint8_t *arg4_salt, - size_t arg5_salt_length, - uint8_t *arg6_output, - size_t arg7_output_size, - size_t *arg8_output_length); -#define psa_asymmetric_encrypt(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_salt, arg5_salt_length, arg6_output, arg7_output_size, arg8_output_length) \ - mbedtls_test_wrap_psa_asymmetric_encrypt(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_salt, arg5_salt_length, arg6_output, arg7_output_size, arg8_output_length) - -psa_status_t mbedtls_test_wrap_psa_cipher_abort( - psa_cipher_operation_t *arg0_operation); -#define psa_cipher_abort(arg0_operation) \ - mbedtls_test_wrap_psa_cipher_abort(arg0_operation) - -psa_status_t mbedtls_test_wrap_psa_cipher_decrypt( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_input, - size_t arg3_input_length, - uint8_t *arg4_output, - size_t arg5_output_size, - size_t *arg6_output_length); -#define psa_cipher_decrypt(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_output, arg5_output_size, arg6_output_length) \ - mbedtls_test_wrap_psa_cipher_decrypt(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_output, arg5_output_size, arg6_output_length) - -psa_status_t mbedtls_test_wrap_psa_cipher_decrypt_setup( - psa_cipher_operation_t *arg0_operation, - mbedtls_svc_key_id_t arg1_key, - psa_algorithm_t arg2_alg); -#define psa_cipher_decrypt_setup(arg0_operation, arg1_key, arg2_alg) \ - mbedtls_test_wrap_psa_cipher_decrypt_setup(arg0_operation, arg1_key, arg2_alg) - -psa_status_t mbedtls_test_wrap_psa_cipher_encrypt( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_input, - size_t arg3_input_length, - uint8_t *arg4_output, - size_t arg5_output_size, - size_t *arg6_output_length); -#define psa_cipher_encrypt(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_output, arg5_output_size, arg6_output_length) \ - mbedtls_test_wrap_psa_cipher_encrypt(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_output, arg5_output_size, arg6_output_length) - -psa_status_t mbedtls_test_wrap_psa_cipher_encrypt_setup( - psa_cipher_operation_t *arg0_operation, - mbedtls_svc_key_id_t arg1_key, - psa_algorithm_t arg2_alg); -#define psa_cipher_encrypt_setup(arg0_operation, arg1_key, arg2_alg) \ - mbedtls_test_wrap_psa_cipher_encrypt_setup(arg0_operation, arg1_key, arg2_alg) - -psa_status_t mbedtls_test_wrap_psa_cipher_finish( - psa_cipher_operation_t *arg0_operation, - uint8_t *arg1_output, - size_t arg2_output_size, - size_t *arg3_output_length); -#define psa_cipher_finish(arg0_operation, arg1_output, arg2_output_size, arg3_output_length) \ - mbedtls_test_wrap_psa_cipher_finish(arg0_operation, arg1_output, arg2_output_size, arg3_output_length) - -psa_status_t mbedtls_test_wrap_psa_cipher_generate_iv( - psa_cipher_operation_t *arg0_operation, - uint8_t *arg1_iv, - size_t arg2_iv_size, - size_t *arg3_iv_length); -#define psa_cipher_generate_iv(arg0_operation, arg1_iv, arg2_iv_size, arg3_iv_length) \ - mbedtls_test_wrap_psa_cipher_generate_iv(arg0_operation, arg1_iv, arg2_iv_size, arg3_iv_length) - -psa_status_t mbedtls_test_wrap_psa_cipher_set_iv( - psa_cipher_operation_t *arg0_operation, - const uint8_t *arg1_iv, - size_t arg2_iv_length); -#define psa_cipher_set_iv(arg0_operation, arg1_iv, arg2_iv_length) \ - mbedtls_test_wrap_psa_cipher_set_iv(arg0_operation, arg1_iv, arg2_iv_length) - -psa_status_t mbedtls_test_wrap_psa_cipher_update( - psa_cipher_operation_t *arg0_operation, - const uint8_t *arg1_input, - size_t arg2_input_length, - uint8_t *arg3_output, - size_t arg4_output_size, - size_t *arg5_output_length); -#define psa_cipher_update(arg0_operation, arg1_input, arg2_input_length, arg3_output, arg4_output_size, arg5_output_length) \ - mbedtls_test_wrap_psa_cipher_update(arg0_operation, arg1_input, arg2_input_length, arg3_output, arg4_output_size, arg5_output_length) - -psa_status_t mbedtls_test_wrap_psa_copy_key( - mbedtls_svc_key_id_t arg0_source_key, - const psa_key_attributes_t *arg1_attributes, - mbedtls_svc_key_id_t *arg2_target_key); -#define psa_copy_key(arg0_source_key, arg1_attributes, arg2_target_key) \ - mbedtls_test_wrap_psa_copy_key(arg0_source_key, arg1_attributes, arg2_target_key) - -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_cipher_suite( - const psa_crypto_driver_pake_inputs_t *arg0_inputs, - psa_pake_cipher_suite_t *arg1_cipher_suite); -#define psa_crypto_driver_pake_get_cipher_suite(arg0_inputs, arg1_cipher_suite) \ - mbedtls_test_wrap_psa_crypto_driver_pake_get_cipher_suite(arg0_inputs, arg1_cipher_suite) -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_password( - const psa_crypto_driver_pake_inputs_t *arg0_inputs, - uint8_t *arg1_buffer, - size_t arg2_buffer_size, - size_t *arg3_buffer_length); -#define psa_crypto_driver_pake_get_password(arg0_inputs, arg1_buffer, arg2_buffer_size, arg3_buffer_length) \ - mbedtls_test_wrap_psa_crypto_driver_pake_get_password(arg0_inputs, arg1_buffer, arg2_buffer_size, arg3_buffer_length) -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_password_len( - const psa_crypto_driver_pake_inputs_t *arg0_inputs, - size_t *arg1_password_len); -#define psa_crypto_driver_pake_get_password_len(arg0_inputs, arg1_password_len) \ - mbedtls_test_wrap_psa_crypto_driver_pake_get_password_len(arg0_inputs, arg1_password_len) -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_peer( - const psa_crypto_driver_pake_inputs_t *arg0_inputs, - uint8_t *arg1_peer_id, - size_t arg2_peer_id_size, - size_t *arg3_peer_id_length); -#define psa_crypto_driver_pake_get_peer(arg0_inputs, arg1_peer_id, arg2_peer_id_size, arg3_peer_id_length) \ - mbedtls_test_wrap_psa_crypto_driver_pake_get_peer(arg0_inputs, arg1_peer_id, arg2_peer_id_size, arg3_peer_id_length) -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_peer_len( - const psa_crypto_driver_pake_inputs_t *arg0_inputs, - size_t *arg1_peer_len); -#define psa_crypto_driver_pake_get_peer_len(arg0_inputs, arg1_peer_len) \ - mbedtls_test_wrap_psa_crypto_driver_pake_get_peer_len(arg0_inputs, arg1_peer_len) -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_user( - const psa_crypto_driver_pake_inputs_t *arg0_inputs, - uint8_t *arg1_user_id, - size_t arg2_user_id_size, - size_t *arg3_user_id_len); -#define psa_crypto_driver_pake_get_user(arg0_inputs, arg1_user_id, arg2_user_id_size, arg3_user_id_len) \ - mbedtls_test_wrap_psa_crypto_driver_pake_get_user(arg0_inputs, arg1_user_id, arg2_user_id_size, arg3_user_id_len) -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_user_len( - const psa_crypto_driver_pake_inputs_t *arg0_inputs, - size_t *arg1_user_len); -#define psa_crypto_driver_pake_get_user_len(arg0_inputs, arg1_user_len) \ - mbedtls_test_wrap_psa_crypto_driver_pake_get_user_len(arg0_inputs, arg1_user_len) -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -psa_status_t mbedtls_test_wrap_psa_crypto_init(void); -#define psa_crypto_init() \ - mbedtls_test_wrap_psa_crypto_init() - -psa_status_t mbedtls_test_wrap_psa_destroy_key( - mbedtls_svc_key_id_t arg0_key); -#define psa_destroy_key(arg0_key) \ - mbedtls_test_wrap_psa_destroy_key(arg0_key) - -psa_status_t mbedtls_test_wrap_psa_export_key( - mbedtls_svc_key_id_t arg0_key, - uint8_t *arg1_data, - size_t arg2_data_size, - size_t *arg3_data_length); -#define psa_export_key(arg0_key, arg1_data, arg2_data_size, arg3_data_length) \ - mbedtls_test_wrap_psa_export_key(arg0_key, arg1_data, arg2_data_size, arg3_data_length) - -psa_status_t mbedtls_test_wrap_psa_export_public_key( - mbedtls_svc_key_id_t arg0_key, - uint8_t *arg1_data, - size_t arg2_data_size, - size_t *arg3_data_length); -#define psa_export_public_key(arg0_key, arg1_data, arg2_data_size, arg3_data_length) \ - mbedtls_test_wrap_psa_export_public_key(arg0_key, arg1_data, arg2_data_size, arg3_data_length) - -psa_status_t mbedtls_test_wrap_psa_generate_key( - const psa_key_attributes_t *arg0_attributes, - mbedtls_svc_key_id_t *arg1_key); -#define psa_generate_key(arg0_attributes, arg1_key) \ - mbedtls_test_wrap_psa_generate_key(arg0_attributes, arg1_key) - -psa_status_t mbedtls_test_wrap_psa_generate_key_ext( - const psa_key_attributes_t *arg0_attributes, - const psa_key_production_parameters_t *arg1_params, - size_t arg2_params_data_length, - mbedtls_svc_key_id_t *arg3_key); -#define psa_generate_key_ext(arg0_attributes, arg1_params, arg2_params_data_length, arg3_key) \ - mbedtls_test_wrap_psa_generate_key_ext(arg0_attributes, arg1_params, arg2_params_data_length, arg3_key) - -psa_status_t mbedtls_test_wrap_psa_generate_random( - uint8_t *arg0_output, - size_t arg1_output_size); -#define psa_generate_random(arg0_output, arg1_output_size) \ - mbedtls_test_wrap_psa_generate_random(arg0_output, arg1_output_size) - -psa_status_t mbedtls_test_wrap_psa_get_key_attributes( - mbedtls_svc_key_id_t arg0_key, - psa_key_attributes_t *arg1_attributes); -#define psa_get_key_attributes(arg0_key, arg1_attributes) \ - mbedtls_test_wrap_psa_get_key_attributes(arg0_key, arg1_attributes) - -psa_status_t mbedtls_test_wrap_psa_hash_abort( - psa_hash_operation_t *arg0_operation); -#define psa_hash_abort(arg0_operation) \ - mbedtls_test_wrap_psa_hash_abort(arg0_operation) - -psa_status_t mbedtls_test_wrap_psa_hash_clone( - const psa_hash_operation_t *arg0_source_operation, - psa_hash_operation_t *arg1_target_operation); -#define psa_hash_clone(arg0_source_operation, arg1_target_operation) \ - mbedtls_test_wrap_psa_hash_clone(arg0_source_operation, arg1_target_operation) - -psa_status_t mbedtls_test_wrap_psa_hash_compare( - psa_algorithm_t arg0_alg, - const uint8_t *arg1_input, - size_t arg2_input_length, - const uint8_t *arg3_hash, - size_t arg4_hash_length); -#define psa_hash_compare(arg0_alg, arg1_input, arg2_input_length, arg3_hash, arg4_hash_length) \ - mbedtls_test_wrap_psa_hash_compare(arg0_alg, arg1_input, arg2_input_length, arg3_hash, arg4_hash_length) - -psa_status_t mbedtls_test_wrap_psa_hash_compute( - psa_algorithm_t arg0_alg, - const uint8_t *arg1_input, - size_t arg2_input_length, - uint8_t *arg3_hash, - size_t arg4_hash_size, - size_t *arg5_hash_length); -#define psa_hash_compute(arg0_alg, arg1_input, arg2_input_length, arg3_hash, arg4_hash_size, arg5_hash_length) \ - mbedtls_test_wrap_psa_hash_compute(arg0_alg, arg1_input, arg2_input_length, arg3_hash, arg4_hash_size, arg5_hash_length) - -psa_status_t mbedtls_test_wrap_psa_hash_finish( - psa_hash_operation_t *arg0_operation, - uint8_t *arg1_hash, - size_t arg2_hash_size, - size_t *arg3_hash_length); -#define psa_hash_finish(arg0_operation, arg1_hash, arg2_hash_size, arg3_hash_length) \ - mbedtls_test_wrap_psa_hash_finish(arg0_operation, arg1_hash, arg2_hash_size, arg3_hash_length) - -psa_status_t mbedtls_test_wrap_psa_hash_setup( - psa_hash_operation_t *arg0_operation, - psa_algorithm_t arg1_alg); -#define psa_hash_setup(arg0_operation, arg1_alg) \ - mbedtls_test_wrap_psa_hash_setup(arg0_operation, arg1_alg) - -psa_status_t mbedtls_test_wrap_psa_hash_update( - psa_hash_operation_t *arg0_operation, - const uint8_t *arg1_input, - size_t arg2_input_length); -#define psa_hash_update(arg0_operation, arg1_input, arg2_input_length) \ - mbedtls_test_wrap_psa_hash_update(arg0_operation, arg1_input, arg2_input_length) - -psa_status_t mbedtls_test_wrap_psa_hash_verify( - psa_hash_operation_t *arg0_operation, - const uint8_t *arg1_hash, - size_t arg2_hash_length); -#define psa_hash_verify(arg0_operation, arg1_hash, arg2_hash_length) \ - mbedtls_test_wrap_psa_hash_verify(arg0_operation, arg1_hash, arg2_hash_length) - -psa_status_t mbedtls_test_wrap_psa_import_key( - const psa_key_attributes_t *arg0_attributes, - const uint8_t *arg1_data, - size_t arg2_data_length, - mbedtls_svc_key_id_t *arg3_key); -#define psa_import_key(arg0_attributes, arg1_data, arg2_data_length, arg3_key) \ - mbedtls_test_wrap_psa_import_key(arg0_attributes, arg1_data, arg2_data_length, arg3_key) - -psa_status_t mbedtls_test_wrap_psa_key_derivation_abort( - psa_key_derivation_operation_t *arg0_operation); -#define psa_key_derivation_abort(arg0_operation) \ - mbedtls_test_wrap_psa_key_derivation_abort(arg0_operation) - -psa_status_t mbedtls_test_wrap_psa_key_derivation_get_capacity( - const psa_key_derivation_operation_t *arg0_operation, - size_t *arg1_capacity); -#define psa_key_derivation_get_capacity(arg0_operation, arg1_capacity) \ - mbedtls_test_wrap_psa_key_derivation_get_capacity(arg0_operation, arg1_capacity) - -psa_status_t mbedtls_test_wrap_psa_key_derivation_input_bytes( - psa_key_derivation_operation_t *arg0_operation, - psa_key_derivation_step_t arg1_step, - const uint8_t *arg2_data, - size_t arg3_data_length); -#define psa_key_derivation_input_bytes(arg0_operation, arg1_step, arg2_data, arg3_data_length) \ - mbedtls_test_wrap_psa_key_derivation_input_bytes(arg0_operation, arg1_step, arg2_data, arg3_data_length) - -psa_status_t mbedtls_test_wrap_psa_key_derivation_input_integer( - psa_key_derivation_operation_t *arg0_operation, - psa_key_derivation_step_t arg1_step, - uint64_t arg2_value); -#define psa_key_derivation_input_integer(arg0_operation, arg1_step, arg2_value) \ - mbedtls_test_wrap_psa_key_derivation_input_integer(arg0_operation, arg1_step, arg2_value) - -psa_status_t mbedtls_test_wrap_psa_key_derivation_input_key( - psa_key_derivation_operation_t *arg0_operation, - psa_key_derivation_step_t arg1_step, - mbedtls_svc_key_id_t arg2_key); -#define psa_key_derivation_input_key(arg0_operation, arg1_step, arg2_key) \ - mbedtls_test_wrap_psa_key_derivation_input_key(arg0_operation, arg1_step, arg2_key) - -psa_status_t mbedtls_test_wrap_psa_key_derivation_key_agreement( - psa_key_derivation_operation_t *arg0_operation, - psa_key_derivation_step_t arg1_step, - mbedtls_svc_key_id_t arg2_private_key, - const uint8_t *arg3_peer_key, - size_t arg4_peer_key_length); -#define psa_key_derivation_key_agreement(arg0_operation, arg1_step, arg2_private_key, arg3_peer_key, arg4_peer_key_length) \ - mbedtls_test_wrap_psa_key_derivation_key_agreement(arg0_operation, arg1_step, arg2_private_key, arg3_peer_key, arg4_peer_key_length) - -psa_status_t mbedtls_test_wrap_psa_key_derivation_output_bytes( - psa_key_derivation_operation_t *arg0_operation, - uint8_t *arg1_output, - size_t arg2_output_length); -#define psa_key_derivation_output_bytes(arg0_operation, arg1_output, arg2_output_length) \ - mbedtls_test_wrap_psa_key_derivation_output_bytes(arg0_operation, arg1_output, arg2_output_length) - -psa_status_t mbedtls_test_wrap_psa_key_derivation_output_key( - const psa_key_attributes_t *arg0_attributes, - psa_key_derivation_operation_t *arg1_operation, - mbedtls_svc_key_id_t *arg2_key); -#define psa_key_derivation_output_key(arg0_attributes, arg1_operation, arg2_key) \ - mbedtls_test_wrap_psa_key_derivation_output_key(arg0_attributes, arg1_operation, arg2_key) - -psa_status_t mbedtls_test_wrap_psa_key_derivation_output_key_ext( - const psa_key_attributes_t *arg0_attributes, - psa_key_derivation_operation_t *arg1_operation, - const psa_key_production_parameters_t *arg2_params, - size_t arg3_params_data_length, - mbedtls_svc_key_id_t *arg4_key); -#define psa_key_derivation_output_key_ext(arg0_attributes, arg1_operation, arg2_params, arg3_params_data_length, arg4_key) \ - mbedtls_test_wrap_psa_key_derivation_output_key_ext(arg0_attributes, arg1_operation, arg2_params, arg3_params_data_length, arg4_key) - -psa_status_t mbedtls_test_wrap_psa_key_derivation_set_capacity( - psa_key_derivation_operation_t *arg0_operation, - size_t arg1_capacity); -#define psa_key_derivation_set_capacity(arg0_operation, arg1_capacity) \ - mbedtls_test_wrap_psa_key_derivation_set_capacity(arg0_operation, arg1_capacity) - -psa_status_t mbedtls_test_wrap_psa_key_derivation_setup( - psa_key_derivation_operation_t *arg0_operation, - psa_algorithm_t arg1_alg); -#define psa_key_derivation_setup(arg0_operation, arg1_alg) \ - mbedtls_test_wrap_psa_key_derivation_setup(arg0_operation, arg1_alg) - -psa_status_t mbedtls_test_wrap_psa_mac_abort( - psa_mac_operation_t *arg0_operation); -#define psa_mac_abort(arg0_operation) \ - mbedtls_test_wrap_psa_mac_abort(arg0_operation) - -psa_status_t mbedtls_test_wrap_psa_mac_compute( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_input, - size_t arg3_input_length, - uint8_t *arg4_mac, - size_t arg5_mac_size, - size_t *arg6_mac_length); -#define psa_mac_compute(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_mac, arg5_mac_size, arg6_mac_length) \ - mbedtls_test_wrap_psa_mac_compute(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_mac, arg5_mac_size, arg6_mac_length) - -psa_status_t mbedtls_test_wrap_psa_mac_sign_finish( - psa_mac_operation_t *arg0_operation, - uint8_t *arg1_mac, - size_t arg2_mac_size, - size_t *arg3_mac_length); -#define psa_mac_sign_finish(arg0_operation, arg1_mac, arg2_mac_size, arg3_mac_length) \ - mbedtls_test_wrap_psa_mac_sign_finish(arg0_operation, arg1_mac, arg2_mac_size, arg3_mac_length) - -psa_status_t mbedtls_test_wrap_psa_mac_sign_setup( - psa_mac_operation_t *arg0_operation, - mbedtls_svc_key_id_t arg1_key, - psa_algorithm_t arg2_alg); -#define psa_mac_sign_setup(arg0_operation, arg1_key, arg2_alg) \ - mbedtls_test_wrap_psa_mac_sign_setup(arg0_operation, arg1_key, arg2_alg) - -psa_status_t mbedtls_test_wrap_psa_mac_update( - psa_mac_operation_t *arg0_operation, - const uint8_t *arg1_input, - size_t arg2_input_length); -#define psa_mac_update(arg0_operation, arg1_input, arg2_input_length) \ - mbedtls_test_wrap_psa_mac_update(arg0_operation, arg1_input, arg2_input_length) - -psa_status_t mbedtls_test_wrap_psa_mac_verify( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_input, - size_t arg3_input_length, - const uint8_t *arg4_mac, - size_t arg5_mac_length); -#define psa_mac_verify(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_mac, arg5_mac_length) \ - mbedtls_test_wrap_psa_mac_verify(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_mac, arg5_mac_length) - -psa_status_t mbedtls_test_wrap_psa_mac_verify_finish( - psa_mac_operation_t *arg0_operation, - const uint8_t *arg1_mac, - size_t arg2_mac_length); -#define psa_mac_verify_finish(arg0_operation, arg1_mac, arg2_mac_length) \ - mbedtls_test_wrap_psa_mac_verify_finish(arg0_operation, arg1_mac, arg2_mac_length) - -psa_status_t mbedtls_test_wrap_psa_mac_verify_setup( - psa_mac_operation_t *arg0_operation, - mbedtls_svc_key_id_t arg1_key, - psa_algorithm_t arg2_alg); -#define psa_mac_verify_setup(arg0_operation, arg1_key, arg2_alg) \ - mbedtls_test_wrap_psa_mac_verify_setup(arg0_operation, arg1_key, arg2_alg) - -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_pake_abort( - psa_pake_operation_t *arg0_operation); -#define psa_pake_abort(arg0_operation) \ - mbedtls_test_wrap_psa_pake_abort(arg0_operation) -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_pake_get_implicit_key( - psa_pake_operation_t *arg0_operation, - psa_key_derivation_operation_t *arg1_output); -#define psa_pake_get_implicit_key(arg0_operation, arg1_output) \ - mbedtls_test_wrap_psa_pake_get_implicit_key(arg0_operation, arg1_output) -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_pake_input( - psa_pake_operation_t *arg0_operation, - psa_pake_step_t arg1_step, - const uint8_t *arg2_input, - size_t arg3_input_length); -#define psa_pake_input(arg0_operation, arg1_step, arg2_input, arg3_input_length) \ - mbedtls_test_wrap_psa_pake_input(arg0_operation, arg1_step, arg2_input, arg3_input_length) -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_pake_output( - psa_pake_operation_t *arg0_operation, - psa_pake_step_t arg1_step, - uint8_t *arg2_output, - size_t arg3_output_size, - size_t *arg4_output_length); -#define psa_pake_output(arg0_operation, arg1_step, arg2_output, arg3_output_size, arg4_output_length) \ - mbedtls_test_wrap_psa_pake_output(arg0_operation, arg1_step, arg2_output, arg3_output_size, arg4_output_length) -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_pake_set_password_key( - psa_pake_operation_t *arg0_operation, - mbedtls_svc_key_id_t arg1_password); -#define psa_pake_set_password_key(arg0_operation, arg1_password) \ - mbedtls_test_wrap_psa_pake_set_password_key(arg0_operation, arg1_password) -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_pake_set_peer( - psa_pake_operation_t *arg0_operation, - const uint8_t *arg1_peer_id, - size_t arg2_peer_id_len); -#define psa_pake_set_peer(arg0_operation, arg1_peer_id, arg2_peer_id_len) \ - mbedtls_test_wrap_psa_pake_set_peer(arg0_operation, arg1_peer_id, arg2_peer_id_len) -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_pake_set_role( - psa_pake_operation_t *arg0_operation, - psa_pake_role_t arg1_role); -#define psa_pake_set_role(arg0_operation, arg1_role) \ - mbedtls_test_wrap_psa_pake_set_role(arg0_operation, arg1_role) -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_pake_set_user( - psa_pake_operation_t *arg0_operation, - const uint8_t *arg1_user_id, - size_t arg2_user_id_len); -#define psa_pake_set_user(arg0_operation, arg1_user_id, arg2_user_id_len) \ - mbedtls_test_wrap_psa_pake_set_user(arg0_operation, arg1_user_id, arg2_user_id_len) -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_pake_setup( - psa_pake_operation_t *arg0_operation, - const psa_pake_cipher_suite_t *arg1_cipher_suite); -#define psa_pake_setup(arg0_operation, arg1_cipher_suite) \ - mbedtls_test_wrap_psa_pake_setup(arg0_operation, arg1_cipher_suite) -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -psa_status_t mbedtls_test_wrap_psa_purge_key( - mbedtls_svc_key_id_t arg0_key); -#define psa_purge_key(arg0_key) \ - mbedtls_test_wrap_psa_purge_key(arg0_key) - -psa_status_t mbedtls_test_wrap_psa_raw_key_agreement( - psa_algorithm_t arg0_alg, - mbedtls_svc_key_id_t arg1_private_key, - const uint8_t *arg2_peer_key, - size_t arg3_peer_key_length, - uint8_t *arg4_output, - size_t arg5_output_size, - size_t *arg6_output_length); -#define psa_raw_key_agreement(arg0_alg, arg1_private_key, arg2_peer_key, arg3_peer_key_length, arg4_output, arg5_output_size, arg6_output_length) \ - mbedtls_test_wrap_psa_raw_key_agreement(arg0_alg, arg1_private_key, arg2_peer_key, arg3_peer_key_length, arg4_output, arg5_output_size, arg6_output_length) - -psa_status_t mbedtls_test_wrap_psa_sign_hash( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_hash, - size_t arg3_hash_length, - uint8_t *arg4_signature, - size_t arg5_signature_size, - size_t *arg6_signature_length); -#define psa_sign_hash(arg0_key, arg1_alg, arg2_hash, arg3_hash_length, arg4_signature, arg5_signature_size, arg6_signature_length) \ - mbedtls_test_wrap_psa_sign_hash(arg0_key, arg1_alg, arg2_hash, arg3_hash_length, arg4_signature, arg5_signature_size, arg6_signature_length) - -psa_status_t mbedtls_test_wrap_psa_sign_hash_abort( - psa_sign_hash_interruptible_operation_t *arg0_operation); -#define psa_sign_hash_abort(arg0_operation) \ - mbedtls_test_wrap_psa_sign_hash_abort(arg0_operation) - -psa_status_t mbedtls_test_wrap_psa_sign_hash_complete( - psa_sign_hash_interruptible_operation_t *arg0_operation, - uint8_t *arg1_signature, - size_t arg2_signature_size, - size_t *arg3_signature_length); -#define psa_sign_hash_complete(arg0_operation, arg1_signature, arg2_signature_size, arg3_signature_length) \ - mbedtls_test_wrap_psa_sign_hash_complete(arg0_operation, arg1_signature, arg2_signature_size, arg3_signature_length) - -psa_status_t mbedtls_test_wrap_psa_sign_hash_start( - psa_sign_hash_interruptible_operation_t *arg0_operation, - mbedtls_svc_key_id_t arg1_key, - psa_algorithm_t arg2_alg, - const uint8_t *arg3_hash, - size_t arg4_hash_length); -#define psa_sign_hash_start(arg0_operation, arg1_key, arg2_alg, arg3_hash, arg4_hash_length) \ - mbedtls_test_wrap_psa_sign_hash_start(arg0_operation, arg1_key, arg2_alg, arg3_hash, arg4_hash_length) - -psa_status_t mbedtls_test_wrap_psa_sign_message( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_input, - size_t arg3_input_length, - uint8_t *arg4_signature, - size_t arg5_signature_size, - size_t *arg6_signature_length); -#define psa_sign_message(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_signature, arg5_signature_size, arg6_signature_length) \ - mbedtls_test_wrap_psa_sign_message(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_signature, arg5_signature_size, arg6_signature_length) - -psa_status_t mbedtls_test_wrap_psa_verify_hash( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_hash, - size_t arg3_hash_length, - const uint8_t *arg4_signature, - size_t arg5_signature_length); -#define psa_verify_hash(arg0_key, arg1_alg, arg2_hash, arg3_hash_length, arg4_signature, arg5_signature_length) \ - mbedtls_test_wrap_psa_verify_hash(arg0_key, arg1_alg, arg2_hash, arg3_hash_length, arg4_signature, arg5_signature_length) - -psa_status_t mbedtls_test_wrap_psa_verify_hash_abort( - psa_verify_hash_interruptible_operation_t *arg0_operation); -#define psa_verify_hash_abort(arg0_operation) \ - mbedtls_test_wrap_psa_verify_hash_abort(arg0_operation) - -psa_status_t mbedtls_test_wrap_psa_verify_hash_complete( - psa_verify_hash_interruptible_operation_t *arg0_operation); -#define psa_verify_hash_complete(arg0_operation) \ - mbedtls_test_wrap_psa_verify_hash_complete(arg0_operation) - -psa_status_t mbedtls_test_wrap_psa_verify_hash_start( - psa_verify_hash_interruptible_operation_t *arg0_operation, - mbedtls_svc_key_id_t arg1_key, - psa_algorithm_t arg2_alg, - const uint8_t *arg3_hash, - size_t arg4_hash_length, - const uint8_t *arg5_signature, - size_t arg6_signature_length); -#define psa_verify_hash_start(arg0_operation, arg1_key, arg2_alg, arg3_hash, arg4_hash_length, arg5_signature, arg6_signature_length) \ - mbedtls_test_wrap_psa_verify_hash_start(arg0_operation, arg1_key, arg2_alg, arg3_hash, arg4_hash_length, arg5_signature, arg6_signature_length) - -psa_status_t mbedtls_test_wrap_psa_verify_message( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_input, - size_t arg3_input_length, - const uint8_t *arg4_signature, - size_t arg5_signature_length); -#define psa_verify_message(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_signature, arg5_signature_length) \ - mbedtls_test_wrap_psa_verify_message(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_signature, arg5_signature_length) - -#endif /* defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_TEST_HOOKS) && \ - !defined(RECORD_PSA_STATUS_COVERAGE_LOG) */ - -#ifdef __cplusplus -} -#endif - -#endif /* TEST_PSA_TEST_WRAPPERS_H */ - -/* End of automatically generated file. */ diff --git a/tests/include/test/random.h b/tests/include/test/random.h deleted file mode 100644 index 6304e05d7fa8..000000000000 --- a/tests/include/test/random.h +++ /dev/null @@ -1,91 +0,0 @@ -/** - * \file random.h - * - * \brief This file contains the prototypes of helper functions to generate - * random numbers for the purpose of testing. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef TEST_RANDOM_H -#define TEST_RANDOM_H - -#include "mbedtls/build_info.h" - -#include -#include - -typedef struct { - unsigned char *buf; /* Pointer to a buffer of length bytes. */ - size_t length; - /* If fallback_f_rng is NULL, fail after delivering length bytes. */ - int (*fallback_f_rng)(void *, unsigned char *, size_t); - void *fallback_p_rng; -} mbedtls_test_rnd_buf_info; - -/** - * Info structure for the pseudo random function - * - * Key should be set at the start to a test-unique value. - * Do not forget endianness! - * State( v0, v1 ) should be set to zero. - */ -typedef struct { - uint32_t key[16]; - uint32_t v0, v1; -} mbedtls_test_rnd_pseudo_info; - -/** - * This function just returns data from rand(). - * Although predictable and often similar on multiple - * runs, this does not result in identical random on - * each run. So do not use this if the results of a - * test depend on the random data that is generated. - * - * rng_state shall be NULL. - */ -int mbedtls_test_rnd_std_rand(void *rng_state, - unsigned char *output, - size_t len); - -/** - * This function only returns zeros. - * - * \p rng_state shall be \c NULL. - */ -int mbedtls_test_rnd_zero_rand(void *rng_state, - unsigned char *output, - size_t len); - -/** - * This function returns random data based on a buffer it receives. - * - * \p rng_state shall be a pointer to a #mbedtls_test_rnd_buf_info structure. - * - * The number of bytes released from the buffer on each call to - * the random function is specified by \p len. - * - * After the buffer is empty, this function will call the fallback RNG in the - * #mbedtls_test_rnd_buf_info structure if there is one, and - * will return #MBEDTLS_ERR_ENTROPY_SOURCE_FAILED otherwise. - */ -int mbedtls_test_rnd_buffer_rand(void *rng_state, - unsigned char *output, - size_t len); - -/** - * This function returns random based on a pseudo random function. - * This means the results should be identical on all systems. - * Pseudo random is based on the XTEA encryption algorithm to - * generate pseudorandom. - * - * \p rng_state shall be a pointer to a #mbedtls_test_rnd_pseudo_info structure. - */ -int mbedtls_test_rnd_pseudo_rand(void *rng_state, - unsigned char *output, - size_t len); - -#endif /* TEST_RANDOM_H */ diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h deleted file mode 100644 index a3750cb86425..000000000000 --- a/tests/include/test/ssl_helpers.h +++ /dev/null @@ -1,664 +0,0 @@ -/** \file ssl_helpers.h - * - * \brief This file contains helper functions to set up a TLS connection. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef SSL_HELPERS_H -#define SSL_HELPERS_H - -#include "mbedtls/build_info.h" - -#include - -#include -#include -#include -#include - -#if defined(MBEDTLS_SSL_TLS_C) -#include -#include -#include - -#include "test/certs.h" - -#if defined(MBEDTLS_SSL_CACHE_C) -#include "mbedtls/ssl_cache.h" -#endif - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ - psa_to_ssl_errors, \ - psa_generic_status_to_mbedtls) -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) -#if defined(MBEDTLS_SSL_HAVE_AES) -#if defined(MBEDTLS_SSL_HAVE_GCM) -#if defined(PSA_WANT_ALG_SHA_384) -#define MBEDTLS_TEST_HAS_TLS1_3_AES_256_GCM_SHA384 -#endif -#if defined(PSA_WANT_ALG_SHA_256) -#define MBEDTLS_TEST_HAS_TLS1_3_AES_128_GCM_SHA256 -#endif -#endif /* MBEDTLS_SSL_HAVE_GCM */ -#if defined(MBEDTLS_SSL_HAVE_CCM) && defined(PSA_WANT_ALG_SHA_256) -#define MBEDTLS_TEST_HAS_TLS1_3_AES_128_CCM_SHA256 -#define MBEDTLS_TEST_HAS_TLS1_3_AES_128_CCM_8_SHA256 -#endif -#endif /* MBEDTLS_SSL_HAVE_AES */ -#if defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) && defined(PSA_WANT_ALG_SHA_256) -#define MBEDTLS_TEST_HAS_TLS1_3_CHACHA20_POLY1305_SHA256 -#endif - -#if defined(MBEDTLS_TEST_HAS_TLS1_3_AES_256_GCM_SHA384) || \ - defined(MBEDTLS_TEST_HAS_TLS1_3_AES_128_GCM_SHA256) || \ - defined(MBEDTLS_TEST_HAS_TLS1_3_AES_128_CCM_SHA256) || \ - defined(MBEDTLS_TEST_HAS_TLS1_3_AES_128_CCM_8_SHA256) || \ - defined(MBEDTLS_TEST_HAS_TLS1_3_CHACHA20_POLY1305_SHA256) -#define MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE -#endif - -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) -#define MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -#endif -enum { -#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ - tls13_label_ ## name, - MBEDTLS_SSL_TLS1_3_LABEL_LIST -#undef MBEDTLS_SSL_TLS1_3_LABEL -}; - -#if defined(MBEDTLS_SSL_ALPN) -#define MBEDTLS_TEST_MAX_ALPN_LIST_SIZE 10 -#endif - -typedef struct mbedtls_test_ssl_log_pattern { - const char *pattern; - size_t counter; -} mbedtls_test_ssl_log_pattern; - -typedef struct mbedtls_test_handshake_test_options { - const char *cipher; - uint16_t *group_list; - mbedtls_ssl_protocol_version client_min_version; - mbedtls_ssl_protocol_version client_max_version; - mbedtls_ssl_protocol_version server_min_version; - mbedtls_ssl_protocol_version server_max_version; - mbedtls_ssl_protocol_version expected_negotiated_version; - int expected_handshake_result; - int expected_ciphersuite; - int pk_alg; - int opaque_alg; - int opaque_alg2; - int opaque_usage; - data_t *psk_str; - int dtls; - int srv_auth_mode; - int serialize; - int mfl; - int cli_msg_len; - int srv_msg_len; - int expected_cli_fragments; - int expected_srv_fragments; - int renegotiate; - int legacy_renegotiation; - void *srv_log_obj; - void *cli_log_obj; - void (*srv_log_fun)(void *, int, const char *, int, const char *); - void (*cli_log_fun)(void *, int, const char *, int, const char *); - int resize_buffers; - int early_data; - int max_early_data_size; -#if defined(MBEDTLS_SSL_CACHE_C) - mbedtls_ssl_cache_context *cache; -#endif -#if defined(MBEDTLS_SSL_ALPN) - const char *alpn_list[MBEDTLS_TEST_MAX_ALPN_LIST_SIZE]; -#endif -} mbedtls_test_handshake_test_options; - -/* - * Buffer structure for custom I/O callbacks. - */ -typedef struct mbedtls_test_ssl_buffer { - size_t start; - size_t content_length; - size_t capacity; - unsigned char *buffer; -} mbedtls_test_ssl_buffer; - -/* - * Context for a message metadata queue (fifo) that is on top of the ring buffer. - */ -typedef struct mbedtls_test_ssl_message_queue { - size_t *messages; - int pos; - int num; - int capacity; -} mbedtls_test_ssl_message_queue; - -/* - * Context for the I/O callbacks simulating network connection. - */ - -#define MBEDTLS_MOCK_SOCKET_CONNECTED 1 - -typedef struct mbedtls_test_mock_socket { - int status; - mbedtls_test_ssl_buffer *input; - mbedtls_test_ssl_buffer *output; - struct mbedtls_test_mock_socket *peer; -} mbedtls_test_mock_socket; - -/* Errors used in the message socket mocks */ - -#define MBEDTLS_TEST_ERROR_CONTEXT_ERROR -55 -#define MBEDTLS_TEST_ERROR_SEND_FAILED -66 -#define MBEDTLS_TEST_ERROR_RECV_FAILED -77 - -/* - * Structure used as an addon, or a wrapper, around the mocked sockets. - * Contains an input queue, to which the other socket pushes metadata, - * and an output queue, to which this one pushes metadata. This context is - * considered as an owner of the input queue only, which is initialized and - * freed in the respective setup and free calls. - */ -typedef struct mbedtls_test_message_socket_context { - mbedtls_test_ssl_message_queue *queue_input; - mbedtls_test_ssl_message_queue *queue_output; - mbedtls_test_mock_socket *socket; -} mbedtls_test_message_socket_context; - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - -/* - * Structure with endpoint's certificates for SSL communication tests. - */ -typedef struct mbedtls_test_ssl_endpoint_certificate { - mbedtls_x509_crt *ca_cert; - mbedtls_x509_crt *cert; - mbedtls_pk_context *pkey; -} mbedtls_test_ssl_endpoint_certificate; - -/* - * Endpoint structure for SSL communication tests. - */ -typedef struct mbedtls_test_ssl_endpoint { - const char *name; - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - mbedtls_test_mock_socket socket; - mbedtls_test_ssl_endpoint_certificate cert; -} mbedtls_test_ssl_endpoint; - -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -/* - * Random number generator aimed for TLS unitary tests. Its main purpose is to - * simplify the set-up of a random number generator for TLS - * unitary tests: no need to set up a good entropy source for example. - */ -int mbedtls_test_random(void *p_rng, unsigned char *output, size_t output_len); - -/* - * This function can be passed to mbedtls to receive output logs from it. In - * this case, it will count the instances of a mbedtls_test_ssl_log_pattern - * in the received logged messages. - */ -void mbedtls_test_ssl_log_analyzer(void *ctx, int level, - const char *file, int line, - const char *str); - -void mbedtls_test_init_handshake_options( - mbedtls_test_handshake_test_options *opts); - -void mbedtls_test_free_handshake_options( - mbedtls_test_handshake_test_options *opts); - -/* - * Initialises \p buf. After calling this function it is safe to call - * `mbedtls_test_ssl_buffer_free()` on \p buf. - */ -void mbedtls_test_ssl_buffer_init(mbedtls_test_ssl_buffer *buf); - -/* - * Sets up \p buf. After calling this function it is safe to call - * `mbedtls_test_ssl_buffer_put()` and `mbedtls_test_ssl_buffer_get()` - * on \p buf. - */ -int mbedtls_test_ssl_buffer_setup(mbedtls_test_ssl_buffer *buf, - size_t capacity); - -void mbedtls_test_ssl_buffer_free(mbedtls_test_ssl_buffer *buf); - -/* - * Puts \p input_len bytes from the \p input buffer into the ring buffer \p buf. - * - * \p buf must have been initialized and set up by calling - * `mbedtls_test_ssl_buffer_init()` and `mbedtls_test_ssl_buffer_setup()`. - * - * \retval \p input_len, if the data fits. - * \retval 0 <= value < \p input_len, if the data does not fit. - * \retval -1, if \p buf is NULL, it hasn't been set up or \p input_len is not - * zero and \p input is NULL. - */ -int mbedtls_test_ssl_buffer_put(mbedtls_test_ssl_buffer *buf, - const unsigned char *input, size_t input_len); - -/* - * Gets \p output_len bytes from the ring buffer \p buf into the - * \p output buffer. The output buffer can be NULL, in this case a part of the - * ring buffer will be dropped, if the requested length is available. - * - * \p buf must have been initialized and set up by calling - * `mbedtls_test_ssl_buffer_init()` and `mbedtls_test_ssl_buffer_setup()`. - * - * \retval \p output_len, if the data is available. - * \retval 0 <= value < \p output_len, if the data is not available. - * \retval -1, if \buf is NULL or it hasn't been set up. - */ -int mbedtls_test_ssl_buffer_get(mbedtls_test_ssl_buffer *buf, - unsigned char *output, size_t output_len); - -/* - * Errors used in the message transport mock tests - */ - #define MBEDTLS_TEST_ERROR_ARG_NULL -11 - #define MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED -44 - -/* - * Setup and free functions for the message metadata queue. - * - * \p capacity describes the number of message metadata chunks that can be held - * within the queue. - * - * \retval 0, if a metadata queue of a given length can be allocated. - * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation failed. - */ -int mbedtls_test_ssl_message_queue_setup( - mbedtls_test_ssl_message_queue *queue, size_t capacity); - -void mbedtls_test_ssl_message_queue_free( - mbedtls_test_ssl_message_queue *queue); - -/* - * Push message length information onto the message metadata queue. - * This will become the last element to leave it (fifo). - * - * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null. - * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the queue is full. - * \retval \p len, if the push was successful. - */ -int mbedtls_test_ssl_message_queue_push_info( - mbedtls_test_ssl_message_queue *queue, size_t len); - -/* - * Pop information about the next message length from the queue. This will be - * the oldest inserted message length(fifo). \p msg_len can be null, in which - * case the data will be popped from the queue but not copied anywhere. - * - * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null. - * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty. - * \retval message length, if the pop was successful, up to the given - \p buf_len. - */ -int mbedtls_test_ssl_message_queue_pop_info( - mbedtls_test_ssl_message_queue *queue, size_t buf_len); - -/* - * Setup and teardown functions for mock sockets. - */ -void mbedtls_test_mock_socket_init(mbedtls_test_mock_socket *socket); - -/* - * Closes the socket \p socket. - * - * \p socket must have been previously initialized by calling - * mbedtls_test_mock_socket_init(). - * - * This function frees all allocated resources and both sockets are aware of the - * new connection state. - * - * That is, this function does not simulate half-open TCP connections and the - * phenomenon that when closing a UDP connection the peer is not aware of the - * connection having been closed. - */ -void mbedtls_test_mock_socket_close(mbedtls_test_mock_socket *socket); - -/* - * Establishes a connection between \p peer1 and \p peer2. - * - * \p peer1 and \p peer2 must have been previously initialized by calling - * mbedtls_test_mock_socket_init(). - * - * The capacities of the internal buffers are set to \p bufsize. Setting this to - * the correct value allows for simulation of MTU, sanity testing the mock - * implementation and mocking TCP connections with lower memory cost. - */ -int mbedtls_test_mock_socket_connect(mbedtls_test_mock_socket *peer1, - mbedtls_test_mock_socket *peer2, - size_t bufsize); - - -/* - * Callbacks for simulating blocking I/O over connection-oriented transport. - */ -int mbedtls_test_mock_tcp_send_b(void *ctx, - const unsigned char *buf, size_t len); - -int mbedtls_test_mock_tcp_recv_b(void *ctx, unsigned char *buf, size_t len); - -/* - * Callbacks for simulating non-blocking I/O over connection-oriented transport. - */ -int mbedtls_test_mock_tcp_send_nb(void *ctx, - const unsigned char *buf, size_t len); - -int mbedtls_test_mock_tcp_recv_nb(void *ctx, unsigned char *buf, size_t len); - -void mbedtls_test_message_socket_init( - mbedtls_test_message_socket_context *ctx); - -/* - * Setup a given message socket context including initialization of - * input/output queues to a chosen capacity of messages. Also set the - * corresponding mock socket. - * - * \retval 0, if everything succeeds. - * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation of a message - * queue failed. - */ -int mbedtls_test_message_socket_setup( - mbedtls_test_ssl_message_queue *queue_input, - mbedtls_test_ssl_message_queue *queue_output, - size_t queue_capacity, - mbedtls_test_mock_socket *socket, - mbedtls_test_message_socket_context *ctx); - -/* - * Close a given message socket context, along with the socket itself. Free the - * memory allocated by the input queue. - */ -void mbedtls_test_message_socket_close( - mbedtls_test_message_socket_context *ctx); - -/* - * Send one message through a given message socket context. - * - * \retval \p len, if everything succeeds. - * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context - * elements or the context itself is null. - * \retval MBEDTLS_TEST_ERROR_SEND_FAILED if - * mbedtls_test_mock_tcp_send_b failed. - * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the output queue is full. - * - * This function will also return any error from - * mbedtls_test_ssl_message_queue_push_info. - */ -int mbedtls_test_mock_tcp_send_msg(void *ctx, - const unsigned char *buf, size_t len); - -/* - * Receive one message from a given message socket context and return message - * length or an error. - * - * \retval message length, if everything succeeds. - * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context - * elements or the context itself is null. - * \retval MBEDTLS_TEST_ERROR_RECV_FAILED if - * mbedtls_test_mock_tcp_recv_b failed. - * - * This function will also return any error other than - * MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED from test_ssl_message_queue_peek_info. - */ -int mbedtls_test_mock_tcp_recv_msg(void *ctx, - unsigned char *buf, size_t buf_len); - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - -/* - * Initializes \p ep_cert structure and assigns it to endpoint - * represented by \p ep. - * - * \retval 0 on success, otherwise error code. - */ -int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, - int pk_alg, - int opaque_alg, int opaque_alg2, - int opaque_usage); - -/* - * Initializes \p ep structure. It is important to call - * `mbedtls_test_ssl_endpoint_free()` after calling this function - * even if it fails. - * - * \p endpoint_type must be set as MBEDTLS_SSL_IS_SERVER or - * MBEDTLS_SSL_IS_CLIENT. - * \p pk_alg the algorithm to use, currently only MBEDTLS_PK_RSA and - * MBEDTLS_PK_ECDSA are supported. - * \p dtls_context - in case of DTLS - this is the context handling metadata. - * \p input_queue - used only in case of DTLS. - * \p output_queue - used only in case of DTLS. - * - * \retval 0 on success, otherwise error code. - */ -int mbedtls_test_ssl_endpoint_init( - mbedtls_test_ssl_endpoint *ep, int endpoint_type, - mbedtls_test_handshake_test_options *options, - mbedtls_test_message_socket_context *dtls_context, - mbedtls_test_ssl_message_queue *input_queue, - mbedtls_test_ssl_message_queue *output_queue); - -/* - * Deinitializes endpoint represented by \p ep. - */ -void mbedtls_test_ssl_endpoint_free( - mbedtls_test_ssl_endpoint *ep, - mbedtls_test_message_socket_context *context); - -/* - * This function moves ssl handshake from \p ssl to prescribed \p state. - * /p second_ssl is used as second endpoint and their sockets have to be - * connected before calling this function. - * - * \retval 0 on success, otherwise error code. - */ -int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl, - mbedtls_ssl_context *second_ssl, - int state); - -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -/* - * Helper function setting up inverse record transformations - * using given cipher, hash, EtM mode, authentication tag length, - * and version. - */ -#define CHK(x) \ - do \ - { \ - if (!(x)) \ - { \ - ret = -1; \ - goto cleanup; \ - } \ - } while (0) - -#if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX -#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_IN_LEN_MAX -#else -#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - defined(MBEDTLS_SSL_HAVE_CBC) && defined(MBEDTLS_SSL_HAVE_AES) -int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform, - const unsigned char *iv, - size_t iv_len, - const unsigned char *input, - size_t ilen, - unsigned char *output, - size_t *olen); -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_HAVE_CBC && - MBEDTLS_SSL_HAVE_AES */ - -int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, - mbedtls_ssl_transform *t_out, - int cipher_type, int hash_id, - int etm, int tag_mode, - mbedtls_ssl_protocol_version tls_version, - size_t cid0_len, - size_t cid1_len); - -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) -/** - * \param[in,out] record The record to prepare. - * It must contain the data to MAC at offset - * `record->data_offset`, of length - * `record->data_length`. - * On success, write the MAC immediately - * after the data and increment - * `record->data_length` accordingly. - * \param[in,out] transform_out The out transform, typically prepared by - * mbedtls_test_ssl_build_transforms(). - * Its HMAC context may be used. Other than that - * it is treated as an input parameter. - * - * \return 0 on success, an `MBEDTLS_ERR_xxx` error code - * or -1 on error. - */ -int mbedtls_test_ssl_prepare_record_mac(mbedtls_record *record, - mbedtls_ssl_transform *transform_out); -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ - -/* - * Populate a session structure for serialization tests. - * Choose dummy values, mostly non-0 to distinguish from the init default. - */ -int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, - int ticket_len, - int endpoint_type, - const char *crt_file); - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) -int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session, - int ticket_len, - int endpoint_type); -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - -/* - * Perform data exchanging between \p ssl_1 and \p ssl_2 and check if the - * message was sent in the correct number of fragments. - * - * /p ssl_1 and /p ssl_2 Endpoints represented by mbedtls_ssl_context. Both - * of them must be initialized and connected - * beforehand. - * /p msg_len_1 and /p msg_len_2 specify the size of the message to send. - * /p expected_fragments_1 and /p expected_fragments_2 determine in how many - * fragments the message should be sent. - * expected_fragments is 0: can be used for DTLS testing while the message - * size is larger than MFL. In that case the message - * cannot be fragmented and sent to the second - * endpoint. - * This value can be used for negative tests. - * expected_fragments is 1: can be used for TLS/DTLS testing while the - * message size is below MFL - * expected_fragments > 1: can be used for TLS testing while the message - * size is larger than MFL - * - * \retval 0 on success, otherwise error code. - */ -int mbedtls_test_ssl_exchange_data( - mbedtls_ssl_context *ssl_1, - int msg_len_1, const int expected_fragments_1, - mbedtls_ssl_context *ssl_2, - int msg_len_2, const int expected_fragments_2); - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -void mbedtls_test_ssl_perform_handshake( - mbedtls_test_handshake_test_options *options); -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(MBEDTLS_TEST_HOOKS) -/* - * Tweak vector lengths in a TLS 1.3 Certificate message - * - * \param[in] buf Buffer containing the Certificate message to tweak - * \param[in]]out] end End of the buffer to parse - * \param tweak Tweak identifier (from 1 to the number of tweaks). - * \param[out] expected_result Error code expected from the parsing function - * \param[out] args Arguments of the MBEDTLS_SSL_CHK_BUF_READ_PTR call that - * is expected to fail. All zeroes if no - * MBEDTLS_SSL_CHK_BUF_READ_PTR failure is expected. - */ -int mbedtls_test_tweak_tls13_certificate_msg_vector_len( - unsigned char *buf, unsigned char **end, int tweak, - int *expected_result, mbedtls_ssl_chk_buf_ptr_args *args); -#endif /* MBEDTLS_TEST_HOOKS */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -int mbedtls_test_ticket_write( - void *p_ticket, const mbedtls_ssl_session *session, - unsigned char *start, const unsigned char *end, - size_t *tlen, uint32_t *ticket_lifetime); - -int mbedtls_test_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, - unsigned char *buf, size_t len); -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_SRV_C) && \ - defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) && \ - defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -int mbedtls_test_get_tls13_ticket( - mbedtls_test_handshake_test_options *client_options, - mbedtls_test_handshake_test_options *server_options, - mbedtls_ssl_session *session); -#endif - -#define ECJPAKE_TEST_PWD "bla" - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#define ECJPAKE_TEST_SET_PASSWORD(exp_ret_val) \ - ret = (use_opaque_arg) ? \ - mbedtls_ssl_set_hs_ecjpake_password_opaque(&ssl, pwd_slot) : \ - mbedtls_ssl_set_hs_ecjpake_password(&ssl, pwd_string, pwd_len); \ - TEST_EQUAL(ret, exp_ret_val) -#else -#define ECJPAKE_TEST_SET_PASSWORD(exp_ret_val) \ - ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl, \ - pwd_string, pwd_len); \ - TEST_EQUAL(ret, exp_ret_val) -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#define TEST_AVAILABLE_ECC(tls_id_, group_id_, psa_family_, psa_bits_) \ - TEST_EQUAL(mbedtls_ssl_get_ecp_group_id_from_tls_id(tls_id_), \ - group_id_); \ - TEST_EQUAL(mbedtls_ssl_get_tls_id_from_ecp_group_id(group_id_), \ - tls_id_); \ - TEST_EQUAL(mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id_, \ - &psa_type, &psa_bits), PSA_SUCCESS); \ - TEST_EQUAL(psa_family_, PSA_KEY_TYPE_ECC_GET_FAMILY(psa_type)); \ - TEST_EQUAL(psa_bits_, psa_bits); - -#define TEST_UNAVAILABLE_ECC(tls_id_, group_id_, psa_family_, psa_bits_) \ - TEST_EQUAL(mbedtls_ssl_get_ecp_group_id_from_tls_id(tls_id_), \ - MBEDTLS_ECP_DP_NONE); \ - TEST_EQUAL(mbedtls_ssl_get_tls_id_from_ecp_group_id(group_id_), \ - 0); \ - TEST_EQUAL(mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id_, \ - &psa_type, &psa_bits), \ - PSA_ERROR_NOT_SUPPORTED); - -#endif /* MBEDTLS_SSL_TLS_C */ - -#endif /* SSL_HELPERS_H */ diff --git a/tests/include/test/threading_helpers.h b/tests/include/test/threading_helpers.h deleted file mode 100644 index 79bc6c0ded86..000000000000 --- a/tests/include/test/threading_helpers.h +++ /dev/null @@ -1,112 +0,0 @@ -/** - * \file threading_helpers.h - * - * \brief This file contains the prototypes of helper functions for the purpose - * of testing threading. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef THREADING_HELPERS_H -#define THREADING_HELPERS_H - -#if defined MBEDTLS_THREADING_C - -#include "mbedtls/private_access.h" -#include "mbedtls/build_info.h" - -/* Most fields of publicly available structs are private and are wrapped with - * MBEDTLS_PRIVATE macro. This define allows tests to access the private fields - * directly (without using the MBEDTLS_PRIVATE wrapper). */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - -#define MBEDTLS_ERR_THREADING_THREAD_ERROR -0x001F - -#if defined(MBEDTLS_THREADING_PTHREAD) -#include -#endif /* MBEDTLS_THREADING_PTHREAD */ - -#if defined(MBEDTLS_THREADING_ALT) -/* You should define the mbedtls_test_thread_t type in your header */ -#include "threading_alt.h" - -/** - * \brief Set your alternate threading implementation - * function pointers for test threads. If used, this - * function must be called once in the main thread - * before any other MbedTLS function is called. - * - * \note These functions are part of the testing API only and - * thus not considered part of the public API of - * MbedTLS and thus may change without notice. - * - * \param thread_create The thread create function implementation. - * \param thread_join The thread join function implementation. - - */ -void mbedtls_test_thread_set_alt(int (*thread_create)(mbedtls_test_thread_t *thread, - void *(*thread_func)( - void *), - void *thread_data), - int (*thread_join)(mbedtls_test_thread_t *thread)); - -#else /* MBEDTLS_THREADING_ALT*/ - -typedef struct mbedtls_test_thread_t { - -#if defined(MBEDTLS_THREADING_PTHREAD) - pthread_t MBEDTLS_PRIVATE(thread); -#else /* MBEDTLS_THREADING_PTHREAD */ - /* Make sure this struct is always non-empty */ - unsigned dummy; -#endif - -} mbedtls_test_thread_t; - -#endif /* MBEDTLS_THREADING_ALT*/ - -/** - * \brief The function pointers for thread create and thread - * join. - * - * \note These functions are part of the testing API only - * and thus not considered part of the public API of - * MbedTLS and thus may change without notice. - * - * \note All these functions are expected to work or - * the result will be undefined. - */ -extern int (*mbedtls_test_thread_create)(mbedtls_test_thread_t *thread, - void *(*thread_func)(void *), void *thread_data); -extern int (*mbedtls_test_thread_join)(mbedtls_test_thread_t *thread); - -#if defined(MBEDTLS_THREADING_PTHREAD) && defined(MBEDTLS_TEST_HOOKS) -#define MBEDTLS_TEST_MUTEX_USAGE -#endif - -#if defined(MBEDTLS_TEST_MUTEX_USAGE) -/** - * Activate the mutex usage verification framework. See threading_helpers.c for - * information. - */ -void mbedtls_test_mutex_usage_init(void); - -/** - * Deactivate the mutex usage verification framework. See threading_helpers.c - * for information. - */ -void mbedtls_test_mutex_usage_end(void); - -/** - * Call this function after executing a test case to check for mutex usage - * errors. - */ -void mbedtls_test_mutex_usage_check(void); -#endif /* MBEDTLS_TEST_MUTEX_USAGE */ - -#endif /* MBEDTLS_THREADING_C */ - -#endif /* THREADING_HELPERS_H */ diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index b2f6bf2a4aca..dfcd434b2566 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -146,7 +146,7 @@ pre_initialize_variables () { PSA_CORE_PATH='core' BUILTIN_SRC_PATH='drivers/builtin/src' fi - CONFIG_TEST_DRIVER_H='tests/include/test/drivers/config_test_driver.h' + CONFIG_TEST_DRIVER_H='framework/tests/include/test/drivers/config_test_driver.h' # Files that are clobbered by some jobs will be backed up. Use a different # suffix from auxiliary scripts so that all.sh and auxiliary scripts can @@ -912,7 +912,7 @@ clang_version() { # being accelerated. You may need to also disable modules that depend # on them or options that are not supported with drivers. # 2d. On top of psa/crypto_config.h, the driver library uses its own config -# file: tests/include/test/drivers/config_test_driver.h. You usually +# file: framework/tests/include/test/drivers/config_test_driver.h. You usually # don't need to edit it: using loc_extra_list (see below) is preferred. # However, when there's no PSA symbol for what you want to enable, # calling scripts/config.py on this file remains the only option. @@ -984,7 +984,7 @@ helper_libtestdriver1_make_main() { # we need flags both with and without the LIBTESTDRIVER1_ prefix loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" "$@" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../framework/tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" "$@" } # Set some default values $CONFIG_H in order to build server or client sides @@ -1415,12 +1415,12 @@ component_build_psa_crypto_spm () { # We can only compile, not link, since our test and sample programs # aren't equipped for the modified names used when MBEDTLS_PSA_CRYPTO_SPM # is active. - make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/spe' lib + make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../framework/tests/include/spe' lib # Check that if a symbol is renamed by crypto_spe.h, the non-renamed # version is not present. echo "Checking for renamed symbols in the library" - check_renamed_symbols tests/include/spe/crypto_spe.h library/libmbedcrypto.a + check_renamed_symbols framework/tests/include/spe/crypto_spe.h library/libmbedcrypto.a } component_test_no_rsa_key_pair_generation() { @@ -2078,7 +2078,7 @@ component_test_full_cmake_clang () { skip_suites_without_constant_flow () { # Skip the test suites that don't have any constant-flow annotations. # This will need to be adjusted if we ever start declaring things as - # secret from macros or functions inside tests/include or tests/src. + # secret from macros or functions inside framework/tests/include or framework/tests/src. SKIP_TEST_SUITES=$( git -C tests/suites grep -L TEST_CF_ 'test_suite_*.function' | sed 's/test_suite_//; s/\.function$//' | @@ -2324,7 +2324,7 @@ component_test_crypto_for_psa_service () { component_build_crypto_baremetal () { msg "build: make, crypto only, baremetal config" scripts/config.py crypto_baremetal - make CFLAGS="-O1 -Werror -I$PWD/tests/include/baremetal-override/" + make CFLAGS="-O1 -Werror -I$PWD/framework/tests/include/baremetal-override/" are_empty_libraries library/libmbedx509.* library/libmbedtls.* } support_build_crypto_baremetal () { @@ -2334,7 +2334,7 @@ support_build_crypto_baremetal () { component_build_baremetal () { msg "build: make, baremetal config" scripts/config.py baremetal - make CFLAGS="-O1 -Werror -I$PWD/tests/include/baremetal-override/" + make CFLAGS="-O1 -Werror -I$PWD/framework/tests/include/baremetal-override/" } support_build_baremetal () { # Older Glibc versions include time.h from other headers such as stdlib.h, @@ -3307,7 +3307,7 @@ component_test_tfm_config_p256m_driver_accel_ec () { common_tfm_config # Build crypto library - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../tests/include/spe" LDFLAGS="$ASAN_CFLAGS" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../framework/tests/include/spe" LDFLAGS="$ASAN_CFLAGS" # Make sure any built-in EC alg was not re-enabled by accident (additive config) not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o @@ -3341,7 +3341,7 @@ component_test_tfm_config() { echo "#undef MBEDTLS_PSA_P256M_DRIVER_ENABLED" >> "$CONFIG_H" msg "build: TF-M config" - make CFLAGS='-Werror -Wall -Wextra -I../tests/include/spe' tests + make CFLAGS='-Werror -Wall -Wextra -I../framework/tests/include/spe' tests # Check that p256m was not built not grep p256_ecdsa_ library/libmbedcrypto.a @@ -4056,7 +4056,7 @@ component_build_tfm_armcc() { cp configs/config-tfm.h "$CONFIG_H" msg "build: TF-M config, armclang armv7-m thumb2" - armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused -I../tests/include/spe" + armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused -I../framework/tests/include/spe" } component_build_tfm() { @@ -4068,11 +4068,11 @@ component_build_tfm() { cp configs/config-tfm.h "$CONFIG_H" msg "build: TF-M config, clang, armv7-m thumb2" - make lib CC="clang" CFLAGS="--target=arm-linux-gnueabihf -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused -I../tests/include/spe" + make lib CC="clang" CFLAGS="--target=arm-linux-gnueabihf -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused -I../framework/tests/include/spe" msg "build: TF-M config, gcc native build" make clean - make lib CC="gcc" CFLAGS="-Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wformat-signedness -Wlogical-op -I../tests/include/spe" + make lib CC="gcc" CFLAGS="-Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wformat-signedness -Wlogical-op -I../framework/tests/include/spe" } # Test that the given .o file builds with all (valid) combinations of the given options. @@ -5021,7 +5021,7 @@ component_test_psa_crypto_drivers () { scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST_ALL" loc_cflags="${loc_cflags} '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'" - loc_cflags="${loc_cflags} -I../tests/include -O2" + loc_cflags="${loc_cflags} -I../framework/tests/include -O2" make CC=$ASAN_CC CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" @@ -5148,13 +5148,13 @@ component_build_psa_alt_headers () { # Generate alternative versions of the substitutable headers with the # same content except different include guards. - make -C tests include/alt-extra/psa/crypto_platform_alt.h include/alt-extra/psa/crypto_struct_alt.h + make -C tests ../framework/tests/include/alt-extra/psa/crypto_platform_alt.h ../framework/tests/include/alt-extra/psa/crypto_struct_alt.h # Build the library and some programs. # Don't build the fuzzers to avoid having to go through hoops to set # a correct include path for programs/fuzz/Makefile. - make CFLAGS="-I ../tests/include/alt-extra -DMBEDTLS_PSA_CRYPTO_PLATFORM_FILE='\"psa/crypto_platform_alt.h\"' -DMBEDTLS_PSA_CRYPTO_STRUCT_FILE='\"psa/crypto_struct_alt.h\"'" lib - make -C programs -o fuzz CFLAGS="-I ../tests/include/alt-extra -DMBEDTLS_PSA_CRYPTO_PLATFORM_FILE='\"psa/crypto_platform_alt.h\"' -DMBEDTLS_PSA_CRYPTO_STRUCT_FILE='\"psa/crypto_struct_alt.h\"'" + make CFLAGS="-I ../framework/tests/include/alt-extra -DMBEDTLS_PSA_CRYPTO_PLATFORM_FILE='\"psa/crypto_platform_alt.h\"' -DMBEDTLS_PSA_CRYPTO_STRUCT_FILE='\"psa/crypto_struct_alt.h\"'" lib + make -C programs -o fuzz CFLAGS="-I ../framework/tests/include/alt-extra -DMBEDTLS_PSA_CRYPTO_PLATFORM_FILE='\"psa/crypto_platform_alt.h\"' -DMBEDTLS_PSA_CRYPTO_STRUCT_FILE='\"psa/crypto_struct_alt.h\"'" # Check that we're getting the alternative include guards and not the # original include guards. diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh index 56d4884c50a8..9eb07feddb22 100755 --- a/tests/scripts/check-generated-files.sh +++ b/tests/scripts/check-generated-files.sh @@ -139,7 +139,7 @@ check framework/scripts/generate_bignum_tests.py $(framework/scripts/generate_bi check framework/scripts/generate_config_tests.py $(framework/scripts/generate_config_tests.py --list) check framework/scripts/generate_ecp_tests.py $(framework/scripts/generate_ecp_tests.py --list) check framework/scripts/generate_psa_tests.py $(framework/scripts/generate_psa_tests.py --list) -check framework/scripts/generate_test_keys.py tests/src/test_keys.h +check framework/scripts/generate_test_keys.py framework/tests/src/test_keys.h check scripts/generate_driver_wrappers.py ${crypto_core_dir}/psa_crypto_driver_wrappers.h \ ${crypto_core_dir}/psa_crypto_driver_wrappers_no_static.c @@ -149,7 +149,7 @@ if in_mbedtls_repo; then check scripts/generate_query_config.pl programs/test/query_config.c check scripts/generate_features.pl ${builtin_drivers_dir}/version_features.c check scripts/generate_ssl_debug_helpers.py library/ssl_debug_helpers_generated.c - check framework/scripts/generate_test_cert_macros.py tests/src/test_certs.h + check framework/scripts/generate_test_cert_macros.py framework/tests/src/test_certs.h # generate_visualc_files enumerates source files (library/*.c). It doesn't # care about their content, but the files must exist. So it must run after # the step that creates or updates these files. @@ -159,4 +159,4 @@ fi # Generated files that are present in the repository even in the development # branch. (This is intended to be temporary, until the generator scripts are # fully reviewed and the build scripts support a generated header file.) -check framework/scripts/generate_psa_wrappers.py tests/include/test/psa_test_wrappers.h tests/src/psa_test_wrappers.c +check framework/scripts/generate_psa_wrappers.py framework/tests/include/test/psa_test_wrappers.h framework/tests/src/psa_test_wrappers.c diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py index 4f503e4e7a3f..3ac4d45a2277 100755 --- a/tests/scripts/check_names.py +++ b/tests/scripts/check_names.py @@ -247,7 +247,7 @@ def comprehensive_parse(self): "library/*.h", "tf-psa-crypto/core/*.h", "tf-psa-crypto/drivers/builtin/src/*.h", - "tests/include/test/drivers/*.h", + "framework/tests/include/test/drivers/*.h", ]) all_macros["private"] = self.parse_macros([ "library/*.c", diff --git a/tests/src/asn1_helpers.c b/tests/src/asn1_helpers.c deleted file mode 100644 index c8df1995e313..000000000000 --- a/tests/src/asn1_helpers.c +++ /dev/null @@ -1,62 +0,0 @@ -/** \file asn1_helpers.c - * - * \brief Helper functions for tests that manipulate ASN.1 data. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include -#include - -#if defined(MBEDTLS_ASN1_PARSE_C) - -#include - -int mbedtls_test_asn1_skip_integer(unsigned char **p, const unsigned char *end, - size_t min_bits, size_t max_bits, - int must_be_odd) -{ - size_t len; - size_t actual_bits; - unsigned char msb; - TEST_EQUAL(mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_INTEGER), - 0); - - /* Check if the retrieved length doesn't extend the actual buffer's size. - * It is assumed here, that end >= p, which validates casting to size_t. */ - TEST_ASSERT(len <= (size_t) (end - *p)); - - /* Tolerate a slight departure from DER encoding: - * - 0 may be represented by an empty string or a 1-byte string. - * - The sign bit may be used as a value bit. */ - if ((len == 1 && (*p)[0] == 0) || - (len > 1 && (*p)[0] == 0 && ((*p)[1] & 0x80) != 0)) { - ++(*p); - --len; - } - if (min_bits == 0 && len == 0) { - return 1; - } - msb = (*p)[0]; - TEST_ASSERT(msb != 0); - actual_bits = 8 * (len - 1); - while (msb != 0) { - msb >>= 1; - ++actual_bits; - } - TEST_ASSERT(actual_bits >= min_bits); - TEST_ASSERT(actual_bits <= max_bits); - if (must_be_odd) { - TEST_ASSERT(((*p)[len-1] & 1) != 0); - } - *p += len; - return 1; -exit: - return 0; -} - -#endif /* MBEDTLS_ASN1_PARSE_C */ diff --git a/tests/src/bignum_helpers.c b/tests/src/bignum_helpers.c deleted file mode 100644 index 913f5e3870a7..000000000000 --- a/tests/src/bignum_helpers.c +++ /dev/null @@ -1,145 +0,0 @@ -/** - * \file bignum_helpers.c - * - * \brief This file contains the prototypes of helper functions for - * bignum-related testing. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_ALLOW_PRIVATE_ACCESS -#include - -#if defined(MBEDTLS_BIGNUM_C) - -#include -#include - -#include -#include -#include -#include - -#include -#include - -int mbedtls_test_read_mpi_core(mbedtls_mpi_uint **pX, size_t *plimbs, - const char *input) -{ - /* Sanity check */ - if (*pX != NULL) { - return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; - } - - size_t hex_len = strlen(input); - size_t byte_len = (hex_len + 1) / 2; - *plimbs = CHARS_TO_LIMBS(byte_len); - - /* A core bignum is not allowed to be empty. Forbid it as test data, - * this way static analyzers have a chance of knowing we don't expect - * the bignum functions to support empty inputs. */ - if (*plimbs == 0) { - return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; - } - - *pX = mbedtls_calloc(*plimbs, sizeof(**pX)); - if (*pX == NULL) { - return MBEDTLS_ERR_MPI_ALLOC_FAILED; - } - - unsigned char *byte_start = (unsigned char *) *pX; - if (byte_len % sizeof(mbedtls_mpi_uint) != 0) { - byte_start += sizeof(mbedtls_mpi_uint) - byte_len % sizeof(mbedtls_mpi_uint); - } - if ((hex_len & 1) != 0) { - /* mbedtls_test_unhexify wants an even number of hex digits */ - TEST_ASSERT(mbedtls_test_ascii2uc(*input, byte_start) == 0); - ++byte_start; - ++input; - --byte_len; - } - TEST_ASSERT(mbedtls_test_unhexify(byte_start, - byte_len, - input, - &byte_len) == 0); - - mbedtls_mpi_core_bigendian_to_host(*pX, *plimbs); - return 0; - -exit: - mbedtls_free(*pX); - return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; -} - -#if defined(MBEDTLS_ECP_WITH_MPI_UINT) -int mbedtls_test_read_mpi_modulus(mbedtls_mpi_mod_modulus *N, - const char *s, - mbedtls_mpi_mod_rep_selector int_rep) -{ - mbedtls_mpi_uint *p = NULL; - size_t limbs = 0; - if (N->limbs != 0) { - return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; - } - int ret = mbedtls_test_read_mpi_core(&p, &limbs, s); - if (ret != 0) { - return ret; - } - - switch (int_rep) { - case MBEDTLS_MPI_MOD_REP_MONTGOMERY: - ret = mbedtls_mpi_mod_modulus_setup(N, p, limbs); - break; - case MBEDTLS_MPI_MOD_REP_OPT_RED: - ret = mbedtls_mpi_mod_optred_modulus_setup(N, p, limbs, NULL); - break; - default: - ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; - break; - } - if (ret != 0) { - mbedtls_free(p); - } - return ret; -} - -void mbedtls_test_mpi_mod_modulus_free_with_limbs(mbedtls_mpi_mod_modulus *N) -{ - mbedtls_free((mbedtls_mpi_uint *) N->p); - mbedtls_mpi_mod_modulus_free(N); -} -#endif /* MBEDTLS_ECP_WITH_MPI_UINT */ - -int mbedtls_test_read_mpi(mbedtls_mpi *X, const char *s) -{ - int negative = 0; - /* Always set the sign bit to -1 if the input has a minus sign, even for 0. - * This creates an invalid representation, which mbedtls_mpi_read_string() - * avoids but we want to be able to create that in test data. */ - if (s[0] == '-') { - ++s; - negative = 1; - } - /* mbedtls_mpi_read_string() currently retains leading zeros. - * It always allocates at least one limb for the value 0. */ - if (s[0] == 0) { - mbedtls_mpi_free(X); - return 0; - } - int ret = mbedtls_mpi_read_string(X, 16, s); - if (ret != 0) { - return ret; - } - if (negative) { - if (mbedtls_mpi_cmp_int(X, 0) == 0) { - mbedtls_test_increment_case_uses_negative_0(); - } - X->s = -1; - } - return 0; -} - -#endif /* MBEDTLS_BIGNUM_C */ diff --git a/tests/src/certs.c b/tests/src/certs.c deleted file mode 100644 index 56c56b5d6144..000000000000 --- a/tests/src/certs.c +++ /dev/null @@ -1,480 +0,0 @@ -/* - * X.509 test certificates - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "common.h" - -#include - -#include "mbedtls/build_info.h" - -#include "mbedtls/pk.h" - -#include "test_certs.h" - -/* - * - * Test certificates and keys as C variables - * - */ - -/* - * CA - */ - -const char mbedtls_test_ca_crt_ec_pem[] = TEST_CA_CRT_EC_PEM; -const char mbedtls_test_ca_key_ec_pem[] = TEST_CA_KEY_EC_PEM; -const char mbedtls_test_ca_pwd_ec_pem[] = TEST_CA_PWD_EC_PEM; -const char mbedtls_test_ca_key_rsa_pem[] = TEST_CA_KEY_RSA_PEM; -const char mbedtls_test_ca_pwd_rsa_pem[] = TEST_CA_PWD_RSA_PEM; -const char mbedtls_test_ca_crt_rsa_sha1_pem[] = TEST_CA_CRT_RSA_SHA1_PEM; -const char mbedtls_test_ca_crt_rsa_sha256_pem[] = TEST_CA_CRT_RSA_SHA256_PEM; - -const unsigned char mbedtls_test_ca_crt_ec_der[] = TEST_CA_CRT_EC_DER; -const unsigned char mbedtls_test_ca_key_ec_der[] = TEST_CA_KEY_EC_DER; -const unsigned char mbedtls_test_ca_key_rsa_der[] = TEST_CA_KEY_RSA_DER; -const unsigned char mbedtls_test_ca_crt_rsa_sha1_der[] = - TEST_CA_CRT_RSA_SHA1_DER; -const unsigned char mbedtls_test_ca_crt_rsa_sha256_der[] = - TEST_CA_CRT_RSA_SHA256_DER; - -const size_t mbedtls_test_ca_crt_ec_pem_len = - sizeof(mbedtls_test_ca_crt_ec_pem); -const size_t mbedtls_test_ca_key_ec_pem_len = - sizeof(mbedtls_test_ca_key_ec_pem); -const size_t mbedtls_test_ca_pwd_ec_pem_len = - sizeof(mbedtls_test_ca_pwd_ec_pem) - 1; -const size_t mbedtls_test_ca_key_rsa_pem_len = - sizeof(mbedtls_test_ca_key_rsa_pem); -const size_t mbedtls_test_ca_pwd_rsa_pem_len = - sizeof(mbedtls_test_ca_pwd_rsa_pem) - 1; -const size_t mbedtls_test_ca_crt_rsa_sha1_pem_len = - sizeof(mbedtls_test_ca_crt_rsa_sha1_pem); -const size_t mbedtls_test_ca_crt_rsa_sha256_pem_len = - sizeof(mbedtls_test_ca_crt_rsa_sha256_pem); - -const size_t mbedtls_test_ca_crt_ec_der_len = - sizeof(mbedtls_test_ca_crt_ec_der); -const size_t mbedtls_test_ca_key_ec_der_len = - sizeof(mbedtls_test_ca_key_ec_der); -const size_t mbedtls_test_ca_pwd_ec_der_len = 0; -const size_t mbedtls_test_ca_key_rsa_der_len = - sizeof(mbedtls_test_ca_key_rsa_der); -const size_t mbedtls_test_ca_pwd_rsa_der_len = 0; -const size_t mbedtls_test_ca_crt_rsa_sha1_der_len = - sizeof(mbedtls_test_ca_crt_rsa_sha1_der); -const size_t mbedtls_test_ca_crt_rsa_sha256_der_len = - sizeof(mbedtls_test_ca_crt_rsa_sha256_der); - -/* - * Server - */ - -const char mbedtls_test_srv_crt_ec_pem[] = TEST_SRV_CRT_EC_PEM; -const char mbedtls_test_srv_key_ec_pem[] = TEST_SRV_KEY_EC_PEM; -const char mbedtls_test_srv_pwd_ec_pem[] = ""; -const char mbedtls_test_srv_key_rsa_pem[] = TEST_SRV_KEY_RSA_PEM; -const char mbedtls_test_srv_pwd_rsa_pem[] = ""; -const char mbedtls_test_srv_crt_rsa_sha1_pem[] = TEST_SRV_CRT_RSA_SHA1_PEM; -const char mbedtls_test_srv_crt_rsa_sha256_pem[] = TEST_SRV_CRT_RSA_SHA256_PEM; - -const unsigned char mbedtls_test_srv_crt_ec_der[] = TEST_SRV_CRT_EC_DER; -const unsigned char mbedtls_test_srv_key_ec_der[] = TEST_SRV_KEY_EC_DER; -const unsigned char mbedtls_test_srv_key_rsa_der[] = TEST_SRV_KEY_RSA_DER; -const unsigned char mbedtls_test_srv_crt_rsa_sha1_der[] = - TEST_SRV_CRT_RSA_SHA1_DER; -const unsigned char mbedtls_test_srv_crt_rsa_sha256_der[] = - TEST_SRV_CRT_RSA_SHA256_DER; - -const size_t mbedtls_test_srv_crt_ec_pem_len = - sizeof(mbedtls_test_srv_crt_ec_pem); -const size_t mbedtls_test_srv_key_ec_pem_len = - sizeof(mbedtls_test_srv_key_ec_pem); -const size_t mbedtls_test_srv_pwd_ec_pem_len = - sizeof(mbedtls_test_srv_pwd_ec_pem) - 1; -const size_t mbedtls_test_srv_key_rsa_pem_len = - sizeof(mbedtls_test_srv_key_rsa_pem); -const size_t mbedtls_test_srv_pwd_rsa_pem_len = - sizeof(mbedtls_test_srv_pwd_rsa_pem) - 1; -const size_t mbedtls_test_srv_crt_rsa_sha1_pem_len = - sizeof(mbedtls_test_srv_crt_rsa_sha1_pem); -const size_t mbedtls_test_srv_crt_rsa_sha256_pem_len = - sizeof(mbedtls_test_srv_crt_rsa_sha256_pem); - -const size_t mbedtls_test_srv_crt_ec_der_len = - sizeof(mbedtls_test_srv_crt_ec_der); -const size_t mbedtls_test_srv_key_ec_der_len = - sizeof(mbedtls_test_srv_key_ec_der); -const size_t mbedtls_test_srv_pwd_ec_der_len = 0; -const size_t mbedtls_test_srv_key_rsa_der_len = - sizeof(mbedtls_test_srv_key_rsa_der); -const size_t mbedtls_test_srv_pwd_rsa_der_len = 0; -const size_t mbedtls_test_srv_crt_rsa_sha1_der_len = - sizeof(mbedtls_test_srv_crt_rsa_sha1_der); -const size_t mbedtls_test_srv_crt_rsa_sha256_der_len = - sizeof(mbedtls_test_srv_crt_rsa_sha256_der); - -/* - * Client - */ - -const char mbedtls_test_cli_crt_ec_pem[] = TEST_CLI_CRT_EC_PEM; -const char mbedtls_test_cli_key_ec_pem[] = TEST_CLI_KEY_EC_PEM; -const char mbedtls_test_cli_pwd_ec_pem[] = ""; -const char mbedtls_test_cli_key_rsa_pem[] = TEST_CLI_KEY_RSA_PEM; -const char mbedtls_test_cli_pwd_rsa_pem[] = ""; -const char mbedtls_test_cli_crt_rsa_pem[] = TEST_CLI_CRT_RSA_PEM; - -const unsigned char mbedtls_test_cli_crt_ec_der[] = TEST_CLI_CRT_EC_DER; -const unsigned char mbedtls_test_cli_key_ec_der[] = TEST_CLI_KEY_EC_DER; -const unsigned char mbedtls_test_cli_key_rsa_der[] = TEST_CLI_KEY_RSA_DER; -const unsigned char mbedtls_test_cli_crt_rsa_der[] = TEST_CLI_CRT_RSA_DER; - -const size_t mbedtls_test_cli_crt_ec_pem_len = - sizeof(mbedtls_test_cli_crt_ec_pem); -const size_t mbedtls_test_cli_key_ec_pem_len = - sizeof(mbedtls_test_cli_key_ec_pem); -const size_t mbedtls_test_cli_pwd_ec_pem_len = - sizeof(mbedtls_test_cli_pwd_ec_pem) - 1; -const size_t mbedtls_test_cli_key_rsa_pem_len = - sizeof(mbedtls_test_cli_key_rsa_pem); -const size_t mbedtls_test_cli_pwd_rsa_pem_len = - sizeof(mbedtls_test_cli_pwd_rsa_pem) - 1; -const size_t mbedtls_test_cli_crt_rsa_pem_len = - sizeof(mbedtls_test_cli_crt_rsa_pem); - -const size_t mbedtls_test_cli_crt_ec_der_len = - sizeof(mbedtls_test_cli_crt_ec_der); -const size_t mbedtls_test_cli_key_ec_der_len = - sizeof(mbedtls_test_cli_key_ec_der); -const size_t mbedtls_test_cli_key_rsa_der_len = - sizeof(mbedtls_test_cli_key_rsa_der); -const size_t mbedtls_test_cli_crt_rsa_der_len = - sizeof(mbedtls_test_cli_crt_rsa_der); - -/* - * - * Definitions of test CRTs without specification of all parameters, choosing - * them automatically according to the config. For example, mbedtls_test_ca_crt - * is one of mbedtls_test_ca_crt_{rsa|ec}_{sha1|sha256}_{pem|der}. - * - */ - -/* - * Dispatch between PEM and DER according to config - */ - -#if defined(MBEDTLS_PEM_PARSE_C) - -/* PEM encoded test CA certificates and keys */ - -#define TEST_CA_KEY_RSA TEST_CA_KEY_RSA_PEM -#define TEST_CA_PWD_RSA TEST_CA_PWD_RSA_PEM -#define TEST_CA_CRT_RSA_SHA256 TEST_CA_CRT_RSA_SHA256_PEM -#define TEST_CA_CRT_RSA_SHA1 TEST_CA_CRT_RSA_SHA1_PEM -#define TEST_CA_KEY_EC TEST_CA_KEY_EC_PEM -#define TEST_CA_PWD_EC TEST_CA_PWD_EC_PEM -#define TEST_CA_CRT_EC TEST_CA_CRT_EC_PEM - -/* PEM encoded test server certificates and keys */ - -#define TEST_SRV_KEY_RSA TEST_SRV_KEY_RSA_PEM -#define TEST_SRV_PWD_RSA "" -#define TEST_SRV_CRT_RSA_SHA256 TEST_SRV_CRT_RSA_SHA256_PEM -#define TEST_SRV_CRT_RSA_SHA1 TEST_SRV_CRT_RSA_SHA1_PEM -#define TEST_SRV_KEY_EC TEST_SRV_KEY_EC_PEM -#define TEST_SRV_PWD_EC "" -#define TEST_SRV_CRT_EC TEST_SRV_CRT_EC_PEM - -/* PEM encoded test client certificates and keys */ - -#define TEST_CLI_KEY_RSA TEST_CLI_KEY_RSA_PEM -#define TEST_CLI_PWD_RSA "" -#define TEST_CLI_CRT_RSA TEST_CLI_CRT_RSA_PEM -#define TEST_CLI_KEY_EC TEST_CLI_KEY_EC_PEM -#define TEST_CLI_PWD_EC "" -#define TEST_CLI_CRT_EC TEST_CLI_CRT_EC_PEM - -#else /* MBEDTLS_PEM_PARSE_C */ - -/* DER encoded test CA certificates and keys */ - -#define TEST_CA_KEY_RSA TEST_CA_KEY_RSA_DER -#define TEST_CA_PWD_RSA "" -#define TEST_CA_CRT_RSA_SHA256 TEST_CA_CRT_RSA_SHA256_DER -#define TEST_CA_CRT_RSA_SHA1 TEST_CA_CRT_RSA_SHA1_DER -#define TEST_CA_KEY_EC TEST_CA_KEY_EC_DER -#define TEST_CA_PWD_EC "" -#define TEST_CA_CRT_EC TEST_CA_CRT_EC_DER - -/* DER encoded test server certificates and keys */ - -#define TEST_SRV_KEY_RSA TEST_SRV_KEY_RSA_DER -#define TEST_SRV_PWD_RSA "" -#define TEST_SRV_CRT_RSA_SHA256 TEST_SRV_CRT_RSA_SHA256_DER -#define TEST_SRV_CRT_RSA_SHA1 TEST_SRV_CRT_RSA_SHA1_DER -#define TEST_SRV_KEY_EC TEST_SRV_KEY_EC_DER -#define TEST_SRV_PWD_EC "" -#define TEST_SRV_CRT_EC TEST_SRV_CRT_EC_DER - -/* DER encoded test client certificates and keys */ - -#define TEST_CLI_KEY_RSA TEST_CLI_KEY_RSA_DER -#define TEST_CLI_PWD_RSA "" -#define TEST_CLI_CRT_RSA TEST_CLI_CRT_RSA_DER -#define TEST_CLI_KEY_EC TEST_CLI_KEY_EC_DER -#define TEST_CLI_PWD_EC "" -#define TEST_CLI_CRT_EC TEST_CLI_CRT_EC_DER - -#endif /* MBEDTLS_PEM_PARSE_C */ - -const char mbedtls_test_ca_key_rsa[] = TEST_CA_KEY_RSA; -const char mbedtls_test_ca_pwd_rsa[] = TEST_CA_PWD_RSA; -const char mbedtls_test_ca_crt_rsa_sha256[] = TEST_CA_CRT_RSA_SHA256; -const char mbedtls_test_ca_crt_rsa_sha1[] = TEST_CA_CRT_RSA_SHA1; -const char mbedtls_test_ca_key_ec[] = TEST_CA_KEY_EC; -const char mbedtls_test_ca_pwd_ec[] = TEST_CA_PWD_EC; -const char mbedtls_test_ca_crt_ec[] = TEST_CA_CRT_EC; - -const char mbedtls_test_srv_key_rsa[] = TEST_SRV_KEY_RSA; -const char mbedtls_test_srv_pwd_rsa[] = TEST_SRV_PWD_RSA; -const char mbedtls_test_srv_crt_rsa_sha256[] = TEST_SRV_CRT_RSA_SHA256; -const char mbedtls_test_srv_crt_rsa_sha1[] = TEST_SRV_CRT_RSA_SHA1; -const char mbedtls_test_srv_key_ec[] = TEST_SRV_KEY_EC; -const char mbedtls_test_srv_pwd_ec[] = TEST_SRV_PWD_EC; -const char mbedtls_test_srv_crt_ec[] = TEST_SRV_CRT_EC; - -const char mbedtls_test_cli_key_rsa[] = TEST_CLI_KEY_RSA; -const char mbedtls_test_cli_pwd_rsa[] = TEST_CLI_PWD_RSA; -const char mbedtls_test_cli_crt_rsa[] = TEST_CLI_CRT_RSA; -const char mbedtls_test_cli_key_ec[] = TEST_CLI_KEY_EC; -const char mbedtls_test_cli_pwd_ec[] = TEST_CLI_PWD_EC; -const char mbedtls_test_cli_crt_ec[] = TEST_CLI_CRT_EC; - -const size_t mbedtls_test_ca_key_rsa_len = - sizeof(mbedtls_test_ca_key_rsa); -const size_t mbedtls_test_ca_pwd_rsa_len = - sizeof(mbedtls_test_ca_pwd_rsa) - 1; -const size_t mbedtls_test_ca_crt_rsa_sha256_len = - sizeof(mbedtls_test_ca_crt_rsa_sha256); -const size_t mbedtls_test_ca_crt_rsa_sha1_len = - sizeof(mbedtls_test_ca_crt_rsa_sha1); -const size_t mbedtls_test_ca_key_ec_len = - sizeof(mbedtls_test_ca_key_ec); -const size_t mbedtls_test_ca_pwd_ec_len = - sizeof(mbedtls_test_ca_pwd_ec) - 1; -const size_t mbedtls_test_ca_crt_ec_len = - sizeof(mbedtls_test_ca_crt_ec); - -const size_t mbedtls_test_srv_key_rsa_len = - sizeof(mbedtls_test_srv_key_rsa); -const size_t mbedtls_test_srv_pwd_rsa_len = - sizeof(mbedtls_test_srv_pwd_rsa) -1; -const size_t mbedtls_test_srv_crt_rsa_sha256_len = - sizeof(mbedtls_test_srv_crt_rsa_sha256); -const size_t mbedtls_test_srv_crt_rsa_sha1_len = - sizeof(mbedtls_test_srv_crt_rsa_sha1); -const size_t mbedtls_test_srv_key_ec_len = - sizeof(mbedtls_test_srv_key_ec); -const size_t mbedtls_test_srv_pwd_ec_len = - sizeof(mbedtls_test_srv_pwd_ec) - 1; -const size_t mbedtls_test_srv_crt_ec_len = - sizeof(mbedtls_test_srv_crt_ec); - -const size_t mbedtls_test_cli_key_rsa_len = - sizeof(mbedtls_test_cli_key_rsa); -const size_t mbedtls_test_cli_pwd_rsa_len = - sizeof(mbedtls_test_cli_pwd_rsa) - 1; -const size_t mbedtls_test_cli_crt_rsa_len = - sizeof(mbedtls_test_cli_crt_rsa); -const size_t mbedtls_test_cli_key_ec_len = - sizeof(mbedtls_test_cli_key_ec); -const size_t mbedtls_test_cli_pwd_ec_len = - sizeof(mbedtls_test_cli_pwd_ec) - 1; -const size_t mbedtls_test_cli_crt_ec_len = - sizeof(mbedtls_test_cli_crt_ec); - -/* - * Dispatch between SHA-1 and SHA-256 - */ - -#if defined(PSA_WANT_ALG_SHA_256) -#define TEST_CA_CRT_RSA TEST_CA_CRT_RSA_SHA256 -#define TEST_SRV_CRT_RSA TEST_SRV_CRT_RSA_SHA256 -#else -#define TEST_CA_CRT_RSA TEST_CA_CRT_RSA_SHA1 -#define TEST_SRV_CRT_RSA TEST_SRV_CRT_RSA_SHA1 -#endif /* PSA_WANT_ALG_SHA_256 */ - -const char mbedtls_test_ca_crt_rsa[] = TEST_CA_CRT_RSA; -const char mbedtls_test_srv_crt_rsa[] = TEST_SRV_CRT_RSA; - -const size_t mbedtls_test_ca_crt_rsa_len = - sizeof(mbedtls_test_ca_crt_rsa); -const size_t mbedtls_test_srv_crt_rsa_len = - sizeof(mbedtls_test_srv_crt_rsa); - -/* - * Dispatch between RSA and EC - */ - -#if defined(MBEDTLS_RSA_C) - -#define TEST_CA_KEY TEST_CA_KEY_RSA -#define TEST_CA_PWD TEST_CA_PWD_RSA -#define TEST_CA_CRT TEST_CA_CRT_RSA - -#define TEST_SRV_KEY TEST_SRV_KEY_RSA -#define TEST_SRV_PWD TEST_SRV_PWD_RSA -#define TEST_SRV_CRT TEST_SRV_CRT_RSA - -#define TEST_CLI_KEY TEST_CLI_KEY_RSA -#define TEST_CLI_PWD TEST_CLI_PWD_RSA -#define TEST_CLI_CRT TEST_CLI_CRT_RSA - -#else /* no RSA, so assume ECDSA */ - -#define TEST_CA_KEY TEST_CA_KEY_EC -#define TEST_CA_PWD TEST_CA_PWD_EC -#define TEST_CA_CRT TEST_CA_CRT_EC - -#define TEST_SRV_KEY TEST_SRV_KEY_EC -#define TEST_SRV_PWD TEST_SRV_PWD_EC -#define TEST_SRV_CRT TEST_SRV_CRT_EC - -#define TEST_CLI_KEY TEST_CLI_KEY_EC -#define TEST_CLI_PWD TEST_CLI_PWD_EC -#define TEST_CLI_CRT TEST_CLI_CRT_EC -#endif /* MBEDTLS_RSA_C */ - -/* API stability forces us to declare - * mbedtls_test_{ca|srv|cli}_{key|pwd|crt} - * as pointers. */ -static const char test_ca_key[] = TEST_CA_KEY; -static const char test_ca_pwd[] = TEST_CA_PWD; -static const char test_ca_crt[] = TEST_CA_CRT; - -static const char test_srv_key[] = TEST_SRV_KEY; -static const char test_srv_pwd[] = TEST_SRV_PWD; -static const char test_srv_crt[] = TEST_SRV_CRT; - -static const char test_cli_key[] = TEST_CLI_KEY; -static const char test_cli_pwd[] = TEST_CLI_PWD; -static const char test_cli_crt[] = TEST_CLI_CRT; - -const char *mbedtls_test_ca_key = test_ca_key; -const char *mbedtls_test_ca_pwd = test_ca_pwd; -const char *mbedtls_test_ca_crt = test_ca_crt; - -const char *mbedtls_test_srv_key = test_srv_key; -const char *mbedtls_test_srv_pwd = test_srv_pwd; -const char *mbedtls_test_srv_crt = test_srv_crt; - -const char *mbedtls_test_cli_key = test_cli_key; -const char *mbedtls_test_cli_pwd = test_cli_pwd; -const char *mbedtls_test_cli_crt = test_cli_crt; - -const size_t mbedtls_test_ca_key_len = - sizeof(test_ca_key); -const size_t mbedtls_test_ca_pwd_len = - sizeof(test_ca_pwd) - 1; -const size_t mbedtls_test_ca_crt_len = - sizeof(test_ca_crt); - -const size_t mbedtls_test_srv_key_len = - sizeof(test_srv_key); -const size_t mbedtls_test_srv_pwd_len = - sizeof(test_srv_pwd) - 1; -const size_t mbedtls_test_srv_crt_len = - sizeof(test_srv_crt); - -const size_t mbedtls_test_cli_key_len = - sizeof(test_cli_key); -const size_t mbedtls_test_cli_pwd_len = - sizeof(test_cli_pwd) - 1; -const size_t mbedtls_test_cli_crt_len = - sizeof(test_cli_crt); - -/* - * - * Lists of certificates - * - */ - -/* List of CAs in PEM or DER, depending on config */ -const char *mbedtls_test_cas[] = { -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_MD_CAN_SHA1) - mbedtls_test_ca_crt_rsa_sha1, -#endif -#if defined(MBEDTLS_RSA_C) && defined(PSA_WANT_ALG_SHA_256) - mbedtls_test_ca_crt_rsa_sha256, -#endif -#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) - mbedtls_test_ca_crt_ec, -#endif - NULL -}; -const size_t mbedtls_test_cas_len[] = { -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_MD_CAN_SHA1) - sizeof(mbedtls_test_ca_crt_rsa_sha1), -#endif -#if defined(MBEDTLS_RSA_C) && defined(PSA_WANT_ALG_SHA_256) - sizeof(mbedtls_test_ca_crt_rsa_sha256), -#endif -#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) - sizeof(mbedtls_test_ca_crt_ec), -#endif - 0 -}; - -/* List of all available CA certificates in DER format */ -const unsigned char *mbedtls_test_cas_der[] = { -#if defined(MBEDTLS_RSA_C) -#if defined(PSA_WANT_ALG_SHA_256) - mbedtls_test_ca_crt_rsa_sha256_der, -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(MBEDTLS_MD_CAN_SHA1) - mbedtls_test_ca_crt_rsa_sha1_der, -#endif /* MBEDTLS_MD_CAN_SHA1 */ -#endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) - mbedtls_test_ca_crt_ec_der, -#endif /* MBEDTLS_PK_CAN_ECDSA_SOME */ - NULL -}; - -const size_t mbedtls_test_cas_der_len[] = { -#if defined(MBEDTLS_RSA_C) -#if defined(PSA_WANT_ALG_SHA_256) - sizeof(mbedtls_test_ca_crt_rsa_sha256_der), -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(MBEDTLS_MD_CAN_SHA1) - sizeof(mbedtls_test_ca_crt_rsa_sha1_der), -#endif /* MBEDTLS_MD_CAN_SHA1 */ -#endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) - sizeof(mbedtls_test_ca_crt_ec_der), -#endif /* MBEDTLS_PK_CAN_ECDSA_SOME */ - 0 -}; - -/* Concatenation of all available CA certificates in PEM format */ -#if defined(MBEDTLS_PEM_PARSE_C) -const char mbedtls_test_cas_pem[] = -#if defined(MBEDTLS_RSA_C) -#if defined(PSA_WANT_ALG_SHA_256) - TEST_CA_CRT_RSA_SHA256_PEM -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(MBEDTLS_MD_CAN_SHA1) - TEST_CA_CRT_RSA_SHA1_PEM -#endif /* MBEDTLS_MD_CAN_SHA1 */ -#endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) - TEST_CA_CRT_EC_PEM -#endif /* MBEDTLS_PK_CAN_ECDSA_SOME */ - ""; -const size_t mbedtls_test_cas_pem_len = sizeof(mbedtls_test_cas_pem); -#endif /* MBEDTLS_PEM_PARSE_C */ diff --git a/tests/src/drivers/hash.c b/tests/src/drivers/hash.c deleted file mode 100644 index 2416ba812309..000000000000 --- a/tests/src/drivers/hash.c +++ /dev/null @@ -1,199 +0,0 @@ -/* - * Test driver for hash entry points. - */ -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include - -#if defined(PSA_CRYPTO_DRIVER_TEST) -#include "psa_crypto_hash.h" - -#include "test/drivers/hash.h" - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) -#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_hash.h" -#endif - -mbedtls_test_driver_hash_hooks_t - mbedtls_test_driver_hash_hooks = MBEDTLS_TEST_DRIVER_HASH_INIT; - -psa_status_t mbedtls_test_transparent_hash_compute( - psa_algorithm_t alg, - const uint8_t *input, size_t input_length, - uint8_t *hash, size_t hash_size, size_t *hash_length) -{ - mbedtls_test_driver_hash_hooks.hits++; - - if (mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_hash_hooks.driver_status = - mbedtls_test_driver_hash_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) - mbedtls_test_driver_hash_hooks.driver_status = - libtestdriver1_mbedtls_psa_hash_compute( - alg, input, input_length, - hash, hash_size, hash_length); -#elif defined(MBEDTLS_PSA_BUILTIN_HASH) - mbedtls_test_driver_hash_hooks.driver_status = - mbedtls_psa_hash_compute( - alg, input, input_length, - hash, hash_size, hash_length); -#else - (void) alg; - (void) input; - (void) input_length; - (void) hash; - (void) hash_size; - (void) hash_length; - mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_hash_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_hash_setup( - mbedtls_transparent_test_driver_hash_operation_t *operation, - psa_algorithm_t alg) -{ - mbedtls_test_driver_hash_hooks.hits++; - - if (mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_hash_hooks.driver_status = - mbedtls_test_driver_hash_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) - mbedtls_test_driver_hash_hooks.driver_status = - libtestdriver1_mbedtls_psa_hash_setup(operation, alg); -#elif defined(MBEDTLS_PSA_BUILTIN_HASH) - mbedtls_test_driver_hash_hooks.driver_status = - mbedtls_psa_hash_setup(operation, alg); -#else - (void) operation; - (void) alg; - mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_hash_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_hash_clone( - const mbedtls_transparent_test_driver_hash_operation_t *source_operation, - mbedtls_transparent_test_driver_hash_operation_t *target_operation) -{ - mbedtls_test_driver_hash_hooks.hits++; - - if (mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_hash_hooks.driver_status = - mbedtls_test_driver_hash_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) - mbedtls_test_driver_hash_hooks.driver_status = - libtestdriver1_mbedtls_psa_hash_clone(source_operation, - target_operation); -#elif defined(MBEDTLS_PSA_BUILTIN_HASH) - mbedtls_test_driver_hash_hooks.driver_status = - mbedtls_psa_hash_clone(source_operation, target_operation); -#else - (void) source_operation; - (void) target_operation; - mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_hash_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_hash_update( - mbedtls_transparent_test_driver_hash_operation_t *operation, - const uint8_t *input, - size_t input_length) -{ - mbedtls_test_driver_hash_hooks.hits++; - - if (mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_hash_hooks.driver_status = - mbedtls_test_driver_hash_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) - mbedtls_test_driver_hash_hooks.driver_status = - libtestdriver1_mbedtls_psa_hash_update( - operation, input, input_length); -#elif defined(MBEDTLS_PSA_BUILTIN_HASH) - mbedtls_test_driver_hash_hooks.driver_status = - mbedtls_psa_hash_update(operation, input, input_length); -#else - (void) operation; - (void) input; - (void) input_length; - mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_hash_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_hash_finish( - mbedtls_transparent_test_driver_hash_operation_t *operation, - uint8_t *hash, - size_t hash_size, - size_t *hash_length) -{ - mbedtls_test_driver_hash_hooks.hits++; - - if (mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_hash_hooks.driver_status = - mbedtls_test_driver_hash_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) - mbedtls_test_driver_hash_hooks.driver_status = - libtestdriver1_mbedtls_psa_hash_finish( - operation, hash, hash_size, hash_length); -#elif defined(MBEDTLS_PSA_BUILTIN_HASH) - mbedtls_test_driver_hash_hooks.driver_status = - mbedtls_psa_hash_finish(operation, hash, hash_size, hash_length); -#else - (void) operation; - (void) hash; - (void) hash_size; - (void) hash_length; - mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_hash_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_hash_abort( - mbedtls_transparent_test_driver_hash_operation_t *operation) -{ - mbedtls_test_driver_hash_hooks.hits++; - - if (mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_hash_hooks.driver_status = - mbedtls_test_driver_hash_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) - mbedtls_test_driver_hash_hooks.driver_status = - libtestdriver1_mbedtls_psa_hash_abort(operation); -#elif defined(MBEDTLS_PSA_BUILTIN_HASH) - mbedtls_test_driver_hash_hooks.driver_status = - mbedtls_psa_hash_abort(operation); -#else - (void) operation; - mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_hash_hooks.driver_status; -} -#endif /* PSA_CRYPTO_DRIVER_TEST */ diff --git a/tests/src/drivers/platform_builtin_keys.c b/tests/src/drivers/platform_builtin_keys.c deleted file mode 100644 index 01fc050bbb83..000000000000 --- a/tests/src/drivers/platform_builtin_keys.c +++ /dev/null @@ -1,78 +0,0 @@ -/** \file platform_builtin_keys.c - * - * \brief Test driver implementation of the builtin key support - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include - -#include -#include - -#if defined(PSA_CRYPTO_DRIVER_TEST) -#include -#endif - -typedef struct { - psa_key_id_t builtin_key_id; - psa_key_lifetime_t lifetime; - psa_drv_slot_number_t slot_number; -} mbedtls_psa_builtin_key_description_t; - -static const mbedtls_psa_builtin_key_description_t builtin_keys[] = { -#if defined(PSA_CRYPTO_DRIVER_TEST) - /* For testing, assign the AES builtin key slot to the boundary values. - * ECDSA can be exercised on key ID MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1. */ - { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN - 1, - PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( - PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION), - PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT }, - { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN, - PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( - PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION), - PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT }, - { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1, - PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( - PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION), - PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT }, - { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX - 1, - PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( - PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION), - PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT }, - { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX, - PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( - PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION), - PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT }, - { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX + 1, - PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( - PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION), - PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT }, -#else - { 0, 0, 0 } -#endif -}; - -psa_status_t mbedtls_psa_platform_get_builtin_key( - mbedtls_svc_key_id_t key_id, - psa_key_lifetime_t *lifetime, - psa_drv_slot_number_t *slot_number) -{ - psa_key_id_t app_key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key_id); - const mbedtls_psa_builtin_key_description_t *builtin_key; - - for (size_t i = 0; - i < (sizeof(builtin_keys) / sizeof(builtin_keys[0])); i++) { - builtin_key = &builtin_keys[i]; - if (builtin_key->builtin_key_id == app_key_id) { - *lifetime = builtin_key->lifetime; - *slot_number = builtin_key->slot_number; - return PSA_SUCCESS; - } - } - - return PSA_ERROR_DOES_NOT_EXIST; -} diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c deleted file mode 100644 index 080b4dba8126..000000000000 --- a/tests/src/drivers/test_driver_aead.c +++ /dev/null @@ -1,462 +0,0 @@ -/* - * Test driver for AEAD entry points. - */ -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include - -#if defined(PSA_CRYPTO_DRIVER_TEST) -#include "psa_crypto_aead.h" -#include "psa_crypto_core.h" - -#include "test/drivers/aead.h" - -#include "mbedtls/constant_time.h" - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) -#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_aead.h" -#endif - -mbedtls_test_driver_aead_hooks_t - mbedtls_test_driver_aead_hooks = MBEDTLS_TEST_DRIVER_AEAD_INIT; - -psa_status_t mbedtls_test_transparent_aead_encrypt( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *nonce, size_t nonce_length, - const uint8_t *additional_data, size_t additional_data_length, - const uint8_t *plaintext, size_t plaintext_length, - uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length) -{ - mbedtls_test_driver_aead_hooks.hits_encrypt++; - - if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_test_driver_aead_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) - mbedtls_test_driver_aead_hooks.driver_status = - libtestdriver1_mbedtls_psa_aead_encrypt( - (const libtestdriver1_psa_key_attributes_t *) attributes, - key_buffer, key_buffer_size, - alg, - nonce, nonce_length, - additional_data, additional_data_length, - plaintext, plaintext_length, - ciphertext, ciphertext_size, ciphertext_length); -#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_psa_aead_encrypt( - attributes, key_buffer, key_buffer_size, - alg, - nonce, nonce_length, - additional_data, additional_data_length, - plaintext, plaintext_length, - ciphertext, ciphertext_size, ciphertext_length); -#else - (void) attributes; - (void) key_buffer; - (void) key_buffer_size; - (void) alg; - (void) nonce; - (void) nonce_length; - (void) additional_data; - (void) additional_data_length; - (void) plaintext; - (void) plaintext_length; - (void) ciphertext; - (void) ciphertext_size; - (void) ciphertext_length; - mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_aead_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_aead_decrypt( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *nonce, size_t nonce_length, - const uint8_t *additional_data, size_t additional_data_length, - const uint8_t *ciphertext, size_t ciphertext_length, - uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length) -{ - mbedtls_test_driver_aead_hooks.hits_decrypt++; - - if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_test_driver_aead_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) - mbedtls_test_driver_aead_hooks.driver_status = - libtestdriver1_mbedtls_psa_aead_decrypt( - (const libtestdriver1_psa_key_attributes_t *) attributes, - key_buffer, key_buffer_size, - alg, - nonce, nonce_length, - additional_data, additional_data_length, - ciphertext, ciphertext_length, - plaintext, plaintext_size, plaintext_length); -#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_psa_aead_decrypt( - attributes, key_buffer, key_buffer_size, - alg, - nonce, nonce_length, - additional_data, additional_data_length, - ciphertext, ciphertext_length, - plaintext, plaintext_size, plaintext_length); -#else - (void) attributes; - (void) key_buffer; - (void) key_buffer_size; - (void) alg; - (void) nonce; - (void) nonce_length; - (void) additional_data; - (void) additional_data_length; - (void) ciphertext; - (void) ciphertext_length; - (void) plaintext; - (void) plaintext_size; - (void) plaintext_length; - mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_aead_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_aead_encrypt_setup( - mbedtls_transparent_test_driver_aead_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg) -{ - mbedtls_test_driver_aead_hooks.hits_encrypt_setup++; - - if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_test_driver_aead_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) - mbedtls_test_driver_aead_hooks.driver_status = - libtestdriver1_mbedtls_psa_aead_encrypt_setup(operation, - (const libtestdriver1_psa_key_attributes_t - *) attributes, - key_buffer, - key_buffer_size, alg); -#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_psa_aead_encrypt_setup(operation, attributes, key_buffer, - key_buffer_size, alg); -#else - (void) operation; - (void) attributes; - (void) key_buffer; - (void) key_buffer_size; - (void) alg; - mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_aead_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_aead_decrypt_setup( - mbedtls_transparent_test_driver_aead_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg) -{ - mbedtls_test_driver_aead_hooks.hits_decrypt_setup++; - - if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_test_driver_aead_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) - mbedtls_test_driver_aead_hooks.driver_status = - libtestdriver1_mbedtls_psa_aead_decrypt_setup(operation, - (const libtestdriver1_psa_key_attributes_t - *) attributes, - key_buffer, key_buffer_size, alg); -#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_psa_aead_decrypt_setup(operation, attributes, key_buffer, - key_buffer_size, alg); -#else - (void) operation; - (void) attributes; - (void) key_buffer; - (void) key_buffer_size; - (void) alg; - mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_aead_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_aead_set_nonce( - mbedtls_transparent_test_driver_aead_operation_t *operation, - const uint8_t *nonce, - size_t nonce_length) -{ - mbedtls_test_driver_aead_hooks.hits_set_nonce++; - - if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_test_driver_aead_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) - mbedtls_test_driver_aead_hooks.driver_status = - libtestdriver1_mbedtls_psa_aead_set_nonce(operation, nonce, nonce_length); -#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_psa_aead_set_nonce(operation, nonce, nonce_length); -#else - (void) operation; - (void) nonce; - (void) nonce_length; - mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_aead_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_aead_set_lengths( - mbedtls_transparent_test_driver_aead_operation_t *operation, - size_t ad_length, - size_t plaintext_length) -{ - mbedtls_test_driver_aead_hooks.hits_set_lengths++; - - if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_test_driver_aead_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) - mbedtls_test_driver_aead_hooks.driver_status = - libtestdriver1_mbedtls_psa_aead_set_lengths(operation, ad_length, - plaintext_length); -#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_psa_aead_set_lengths(operation, ad_length, - plaintext_length); -#else - (void) operation; - (void) ad_length; - (void) plaintext_length; - mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_aead_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_aead_update_ad( - mbedtls_transparent_test_driver_aead_operation_t *operation, - const uint8_t *input, - size_t input_length) -{ - mbedtls_test_driver_aead_hooks.hits_update_ad++; - - if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_test_driver_aead_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) - mbedtls_test_driver_aead_hooks.driver_status = - libtestdriver1_mbedtls_psa_aead_update_ad(operation, input, input_length); -#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_psa_aead_update_ad(operation, input, input_length); -#else - (void) operation; - (void) input; - (void) input_length; - mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_aead_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_aead_update( - mbedtls_transparent_test_driver_aead_operation_t *operation, - const uint8_t *input, - size_t input_length, - uint8_t *output, - size_t output_size, - size_t *output_length) -{ - mbedtls_test_driver_aead_hooks.hits_update++; - - if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_test_driver_aead_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) - mbedtls_test_driver_aead_hooks.driver_status = - libtestdriver1_mbedtls_psa_aead_update(operation, input, - input_length, output, - output_size, output_length); -#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_psa_aead_update(operation, input, input_length, output, - output_size, output_length); -#else - (void) operation; - (void) input; - (void) input_length; - (void) output; - (void) output_size; - (void) output_length; - mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_aead_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_aead_finish( - mbedtls_transparent_test_driver_aead_operation_t *operation, - uint8_t *ciphertext, - size_t ciphertext_size, - size_t *ciphertext_length, - uint8_t *tag, - size_t tag_size, - size_t *tag_length) -{ - mbedtls_test_driver_aead_hooks.hits_finish++; - - if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_test_driver_aead_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) - mbedtls_test_driver_aead_hooks.driver_status = - libtestdriver1_mbedtls_psa_aead_finish(operation, ciphertext, - ciphertext_size, ciphertext_length, - tag, tag_size, tag_length); -#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_psa_aead_finish(operation, ciphertext, ciphertext_size, - ciphertext_length, tag, tag_size, - tag_length); -#else - (void) operation; - (void) ciphertext; - (void) ciphertext_size; - (void) ciphertext_length; - (void) tag; - (void) tag_size; - (void) tag_length; - mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_aead_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_aead_verify( - mbedtls_transparent_test_driver_aead_operation_t *operation, - uint8_t *plaintext, - size_t plaintext_size, - size_t *plaintext_length, - const uint8_t *tag, - size_t tag_length) -{ - mbedtls_test_driver_aead_hooks.hits_verify++; - - if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_test_driver_aead_hooks.forced_status; - } else { - uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE]; - size_t check_tag_length = 0; - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) - mbedtls_test_driver_aead_hooks.driver_status = - libtestdriver1_mbedtls_psa_aead_finish(operation, - plaintext, - plaintext_size, - plaintext_length, - check_tag, - sizeof(check_tag), - &check_tag_length); -#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_psa_aead_finish(operation, - plaintext, - plaintext_size, - plaintext_length, - check_tag, - sizeof(check_tag), - &check_tag_length); -#else - (void) operation; - (void) plaintext; - (void) plaintext_size; - (void) plaintext_length; - mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - - if (mbedtls_test_driver_aead_hooks.driver_status == PSA_SUCCESS) { - if (tag_length != check_tag_length || - mbedtls_ct_memcmp(tag, check_tag, tag_length) - != 0) { - mbedtls_test_driver_aead_hooks.driver_status = - PSA_ERROR_INVALID_SIGNATURE; - } - } - - mbedtls_platform_zeroize(check_tag, sizeof(check_tag)); - } - - return mbedtls_test_driver_aead_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_aead_abort( - mbedtls_transparent_test_driver_aead_operation_t *operation) -{ - mbedtls_test_driver_aead_hooks.hits_abort++; - - if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_test_driver_aead_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) - mbedtls_test_driver_aead_hooks.driver_status = - libtestdriver1_mbedtls_psa_aead_abort(operation); -#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_psa_aead_abort(operation); -#else - (void) operation; - mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_aead_hooks.driver_status; -} - -#endif /* PSA_CRYPTO_DRIVER_TEST */ diff --git a/tests/src/drivers/test_driver_asymmetric_encryption.c b/tests/src/drivers/test_driver_asymmetric_encryption.c deleted file mode 100644 index 55e09b2f3480..000000000000 --- a/tests/src/drivers/test_driver_asymmetric_encryption.c +++ /dev/null @@ -1,181 +0,0 @@ -/* - * Test driver for asymmetric encryption. - */ -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include - -#if defined(PSA_CRYPTO_DRIVER_TEST) -#include "psa/crypto.h" -#include "mbedtls/rsa.h" -#include "psa_crypto_rsa.h" -#include "string.h" -#include "test/drivers/asymmetric_encryption.h" -#include "test/drivers/key_management.h" - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) -#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_rsa.h" -#endif - -#define PSA_RSA_KEY_PAIR_MAX_SIZE \ - PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) - -mbedtls_test_driver_asymmetric_encryption_hooks_t mbedtls_test_driver_asymmetric_encryption_hooks = - MBEDTLS_TEST_DRIVER_ASYMMETRIC_ENCRYPTION_INIT; - -psa_status_t mbedtls_test_transparent_asymmetric_encrypt( - const psa_key_attributes_t *attributes, const uint8_t *key_buffer, - size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input, - size_t input_length, const uint8_t *salt, size_t salt_length, - uint8_t *output, size_t output_size, size_t *output_length) -{ - mbedtls_test_driver_asymmetric_encryption_hooks.hits++; - - if (mbedtls_test_driver_asymmetric_encryption_hooks.forced_output != NULL) { - if (output_size < mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - - memcpy(output, - mbedtls_test_driver_asymmetric_encryption_hooks.forced_output, - mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length); - *output_length = mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length; - - return mbedtls_test_driver_asymmetric_encryption_hooks.forced_status; - } - - if (mbedtls_test_driver_asymmetric_encryption_hooks.forced_status != PSA_SUCCESS) { - return mbedtls_test_driver_asymmetric_encryption_hooks.forced_status; - } - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) - return libtestdriver1_mbedtls_psa_asymmetric_encrypt( - (const libtestdriver1_psa_key_attributes_t *) attributes, - key_buffer, key_buffer_size, - alg, input, input_length, salt, salt_length, - output, output_size, output_length); -#else - return mbedtls_psa_asymmetric_encrypt( - attributes, key_buffer, key_buffer_size, - alg, input, input_length, salt, salt_length, - output, output_size, output_length); -#endif - - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_transparent_asymmetric_decrypt( - const psa_key_attributes_t *attributes, const uint8_t *key_buffer, - size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input, - size_t input_length, const uint8_t *salt, size_t salt_length, - uint8_t *output, size_t output_size, size_t *output_length) -{ - mbedtls_test_driver_asymmetric_encryption_hooks.hits++; - - if (mbedtls_test_driver_asymmetric_encryption_hooks.forced_output != NULL) { - if (output_size < mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - - memcpy(output, - mbedtls_test_driver_asymmetric_encryption_hooks.forced_output, - mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length); - *output_length = mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length; - - return mbedtls_test_driver_asymmetric_encryption_hooks.forced_status; - } - - if (mbedtls_test_driver_asymmetric_encryption_hooks.forced_status != PSA_SUCCESS) { - return mbedtls_test_driver_asymmetric_encryption_hooks.forced_status; - } - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) - return libtestdriver1_mbedtls_psa_asymmetric_decrypt( - (const libtestdriver1_psa_key_attributes_t *) attributes, - key_buffer, key_buffer_size, - alg, input, input_length, salt, salt_length, - output, output_size, output_length); -#else - return mbedtls_psa_asymmetric_decrypt( - attributes, key_buffer, key_buffer_size, - alg, input, input_length, salt, salt_length, - output, output_size, output_length); -#endif - - return PSA_ERROR_NOT_SUPPORTED; -} - -/* - * opaque versions - */ -psa_status_t mbedtls_test_opaque_asymmetric_encrypt( - const psa_key_attributes_t *attributes, const uint8_t *key, - size_t key_length, psa_algorithm_t alg, const uint8_t *input, - size_t input_length, const uint8_t *salt, size_t salt_length, - uint8_t *output, size_t output_size, size_t *output_length) -{ - unsigned char unwrapped_key[PSA_RSA_KEY_PAIR_MAX_SIZE]; - size_t unwrapped_key_length; - psa_status_t status; - - status = mbedtls_test_opaque_unwrap_key(key, key_length, - unwrapped_key, sizeof(unwrapped_key), - &unwrapped_key_length); - if (status != PSA_SUCCESS) { - return status; - } - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - (defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP) || defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT)) - return libtestdriver1_mbedtls_psa_asymmetric_encrypt( - (const libtestdriver1_psa_key_attributes_t *) attributes, - unwrapped_key, unwrapped_key_length, - alg, input, input_length, salt, salt_length, - output, output_size, output_length); -#else - return mbedtls_psa_asymmetric_encrypt( - attributes, unwrapped_key, unwrapped_key_length, - alg, input, input_length, salt, salt_length, - output, output_size, output_length); -#endif - - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_opaque_asymmetric_decrypt( - const psa_key_attributes_t *attributes, const uint8_t *key, - size_t key_length, psa_algorithm_t alg, const uint8_t *input, - size_t input_length, const uint8_t *salt, size_t salt_length, - uint8_t *output, size_t output_size, size_t *output_length) -{ - unsigned char unwrapped_key[PSA_RSA_KEY_PAIR_MAX_SIZE]; - size_t unwrapped_key_length; - psa_status_t status; - - status = mbedtls_test_opaque_unwrap_key(key, key_length, - unwrapped_key, sizeof(unwrapped_key), - &unwrapped_key_length); - if (status != PSA_SUCCESS) { - return status; - } - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - (defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP) || defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT)) - return libtestdriver1_mbedtls_psa_asymmetric_decrypt( - (const libtestdriver1_psa_key_attributes_t *) attributes, - unwrapped_key, unwrapped_key_length, - alg, input, input_length, salt, salt_length, - output, output_size, output_length); -#else - return mbedtls_psa_asymmetric_decrypt( - attributes, unwrapped_key, unwrapped_key_length, - alg, input, input_length, salt, salt_length, - output, output_size, output_length); -#endif - - return PSA_ERROR_NOT_SUPPORTED; -} - -#endif /* PSA_CRYPTO_DRIVER_TEST */ diff --git a/tests/src/drivers/test_driver_cipher.c b/tests/src/drivers/test_driver_cipher.c deleted file mode 100644 index ace0ed313dbe..000000000000 --- a/tests/src/drivers/test_driver_cipher.c +++ /dev/null @@ -1,432 +0,0 @@ -/* - * Test driver for cipher functions. - * Currently only supports multi-part operations using AES-CTR. - */ -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include - -#if defined(PSA_CRYPTO_DRIVER_TEST) -#include "psa/crypto.h" -#include "psa_crypto_cipher.h" -#include "psa_crypto_core.h" -#include "mbedtls/cipher.h" - -#include "test/drivers/cipher.h" - -#include "test/random.h" - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) -#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_cipher.h" -#endif - -#include - -mbedtls_test_driver_cipher_hooks_t mbedtls_test_driver_cipher_hooks = - MBEDTLS_TEST_DRIVER_CIPHER_INIT; - -psa_status_t mbedtls_test_transparent_cipher_encrypt( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *iv, - size_t iv_length, - const uint8_t *input, - size_t input_length, - uint8_t *output, - size_t output_size, - size_t *output_length) -{ - mbedtls_test_driver_cipher_hooks.hits++; - mbedtls_test_driver_cipher_hooks.hits_encrypt++; - - if (mbedtls_test_driver_cipher_hooks.forced_output != NULL) { - if (output_size < mbedtls_test_driver_cipher_hooks.forced_output_length) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - - memcpy(output, - mbedtls_test_driver_cipher_hooks.forced_output, - mbedtls_test_driver_cipher_hooks.forced_output_length); - *output_length = mbedtls_test_driver_cipher_hooks.forced_output_length; - - return mbedtls_test_driver_cipher_hooks.forced_status; - } - - if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) { - return mbedtls_test_driver_cipher_hooks.forced_status; - } - if (mbedtls_test_driver_cipher_hooks.forced_status_encrypt != PSA_SUCCESS) { - return mbedtls_test_driver_cipher_hooks.forced_status_encrypt; - } - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) - return libtestdriver1_mbedtls_psa_cipher_encrypt( - (const libtestdriver1_psa_key_attributes_t *) attributes, - key_buffer, key_buffer_size, - alg, iv, iv_length, input, input_length, - output, output_size, output_length); -#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) - return mbedtls_psa_cipher_encrypt( - attributes, key_buffer, key_buffer_size, - alg, iv, iv_length, input, input_length, - output, output_size, output_length); -#endif - - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_transparent_cipher_decrypt( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *output, - size_t output_size, - size_t *output_length) -{ - mbedtls_test_driver_cipher_hooks.hits++; - - if (mbedtls_test_driver_cipher_hooks.forced_output != NULL) { - if (output_size < mbedtls_test_driver_cipher_hooks.forced_output_length) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - - memcpy(output, - mbedtls_test_driver_cipher_hooks.forced_output, - mbedtls_test_driver_cipher_hooks.forced_output_length); - *output_length = mbedtls_test_driver_cipher_hooks.forced_output_length; - - return mbedtls_test_driver_cipher_hooks.forced_status; - } - - if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) { - return mbedtls_test_driver_cipher_hooks.forced_status; - } - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) - return libtestdriver1_mbedtls_psa_cipher_decrypt( - (const libtestdriver1_psa_key_attributes_t *) attributes, - key_buffer, key_buffer_size, - alg, input, input_length, - output, output_size, output_length); -#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) - return mbedtls_psa_cipher_decrypt( - attributes, key_buffer, key_buffer_size, - alg, input, input_length, - output, output_size, output_length); -#endif - - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_transparent_cipher_encrypt_setup( - mbedtls_transparent_test_driver_cipher_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg) -{ - mbedtls_test_driver_cipher_hooks.hits++; - - /* Wiping the entire struct here, instead of member-by-member. This is - * useful for the test suite, since it gives a chance of catching memory - * corruption errors should the core not have allocated (enough) memory for - * our context struct. */ - memset(operation, 0, sizeof(*operation)); - - if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) { - return mbedtls_test_driver_cipher_hooks.forced_status; - } - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) - return libtestdriver1_mbedtls_psa_cipher_encrypt_setup( - operation, - (const libtestdriver1_psa_key_attributes_t *) attributes, - key, key_length, alg); -#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) - return mbedtls_psa_cipher_encrypt_setup( - operation, attributes, key, key_length, alg); -#endif - - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_transparent_cipher_decrypt_setup( - mbedtls_transparent_test_driver_cipher_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg) -{ - mbedtls_test_driver_cipher_hooks.hits++; - - if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) { - return mbedtls_test_driver_cipher_hooks.forced_status; - } - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) - return libtestdriver1_mbedtls_psa_cipher_decrypt_setup( - operation, - (const libtestdriver1_psa_key_attributes_t *) attributes, - key, key_length, alg); -#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) - return mbedtls_psa_cipher_decrypt_setup( - operation, attributes, key, key_length, alg); -#endif - - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_transparent_cipher_abort( - mbedtls_transparent_test_driver_cipher_operation_t *operation) -{ - mbedtls_test_driver_cipher_hooks.hits++; - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) - libtestdriver1_mbedtls_psa_cipher_abort(operation); -#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) - mbedtls_psa_cipher_abort(operation); -#endif - - /* Wiping the entire struct here, instead of member-by-member. This is - * useful for the test suite, since it gives a chance of catching memory - * corruption errors should the core not have allocated (enough) memory for - * our context struct. */ - memset(operation, 0, sizeof(*operation)); - - return mbedtls_test_driver_cipher_hooks.forced_status; -} - -psa_status_t mbedtls_test_transparent_cipher_set_iv( - mbedtls_transparent_test_driver_cipher_operation_t *operation, - const uint8_t *iv, - size_t iv_length) -{ - mbedtls_test_driver_cipher_hooks.hits++; - mbedtls_test_driver_cipher_hooks.hits_set_iv++; - - if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) { - return mbedtls_test_driver_cipher_hooks.forced_status; - } - if (mbedtls_test_driver_cipher_hooks.forced_status_set_iv != PSA_SUCCESS) { - return mbedtls_test_driver_cipher_hooks.forced_status_set_iv; - } - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) - return libtestdriver1_mbedtls_psa_cipher_set_iv( - operation, iv, iv_length); -#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) - return mbedtls_psa_cipher_set_iv(operation, iv, iv_length); -#endif - - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_transparent_cipher_update( - mbedtls_transparent_test_driver_cipher_operation_t *operation, - const uint8_t *input, - size_t input_length, - uint8_t *output, - size_t output_size, - size_t *output_length) -{ - mbedtls_test_driver_cipher_hooks.hits++; - - if (mbedtls_test_driver_cipher_hooks.forced_output != NULL) { - if (output_size < mbedtls_test_driver_cipher_hooks.forced_output_length) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - - memcpy(output, - mbedtls_test_driver_cipher_hooks.forced_output, - mbedtls_test_driver_cipher_hooks.forced_output_length); - *output_length = mbedtls_test_driver_cipher_hooks.forced_output_length; - - return mbedtls_test_driver_cipher_hooks.forced_status; - } - - if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) { - return mbedtls_test_driver_cipher_hooks.forced_status; - } - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) - return libtestdriver1_mbedtls_psa_cipher_update( - operation, input, input_length, - output, output_size, output_length); -#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) - return mbedtls_psa_cipher_update( - operation, input, input_length, - output, output_size, output_length); -#endif - - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_transparent_cipher_finish( - mbedtls_transparent_test_driver_cipher_operation_t *operation, - uint8_t *output, - size_t output_size, - size_t *output_length) -{ - mbedtls_test_driver_cipher_hooks.hits++; - - if (mbedtls_test_driver_cipher_hooks.forced_output != NULL) { - if (output_size < mbedtls_test_driver_cipher_hooks.forced_output_length) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - - memcpy(output, - mbedtls_test_driver_cipher_hooks.forced_output, - mbedtls_test_driver_cipher_hooks.forced_output_length); - *output_length = mbedtls_test_driver_cipher_hooks.forced_output_length; - - return mbedtls_test_driver_cipher_hooks.forced_status; - } - - if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) { - return mbedtls_test_driver_cipher_hooks.forced_status; - } - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) - return libtestdriver1_mbedtls_psa_cipher_finish( - operation, output, output_size, output_length); -#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) - return mbedtls_psa_cipher_finish( - operation, output, output_size, output_length); -#endif - - return PSA_ERROR_NOT_SUPPORTED; -} - -/* - * opaque versions, to do - */ -psa_status_t mbedtls_test_opaque_cipher_encrypt( - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg, - const uint8_t *iv, size_t iv_length, - const uint8_t *input, size_t input_length, - uint8_t *output, size_t output_size, size_t *output_length) -{ - (void) attributes; - (void) key; - (void) key_length; - (void) alg; - (void) iv; - (void) iv_length; - (void) input; - (void) input_length; - (void) output; - (void) output_size; - (void) output_length; - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_opaque_cipher_decrypt( - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg, - const uint8_t *input, size_t input_length, - uint8_t *output, size_t output_size, size_t *output_length) -{ - (void) attributes; - (void) key; - (void) key_length; - (void) alg; - (void) input; - (void) input_length; - (void) output; - (void) output_size; - (void) output_length; - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_opaque_cipher_encrypt_setup( - mbedtls_opaque_test_driver_cipher_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg) -{ - (void) operation; - (void) attributes; - (void) key; - (void) key_length; - (void) alg; - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_opaque_cipher_decrypt_setup( - mbedtls_opaque_test_driver_cipher_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg) -{ - (void) operation; - (void) attributes; - (void) key; - (void) key_length; - (void) alg; - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_opaque_cipher_abort( - mbedtls_opaque_test_driver_cipher_operation_t *operation) -{ - (void) operation; - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_opaque_cipher_set_iv( - mbedtls_opaque_test_driver_cipher_operation_t *operation, - const uint8_t *iv, - size_t iv_length) -{ - (void) operation; - (void) iv; - (void) iv_length; - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_opaque_cipher_update( - mbedtls_opaque_test_driver_cipher_operation_t *operation, - const uint8_t *input, - size_t input_length, - uint8_t *output, - size_t output_size, - size_t *output_length) -{ - (void) operation; - (void) input; - (void) input_length; - (void) output; - (void) output_size; - (void) output_length; - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_opaque_cipher_finish( - mbedtls_opaque_test_driver_cipher_operation_t *operation, - uint8_t *output, - size_t output_size, - size_t *output_length) -{ - (void) operation; - (void) output; - (void) output_size; - (void) output_length; - return PSA_ERROR_NOT_SUPPORTED; -} -#endif /* PSA_CRYPTO_DRIVER_TEST */ diff --git a/tests/src/drivers/test_driver_key_agreement.c b/tests/src/drivers/test_driver_key_agreement.c deleted file mode 100644 index 8a8e3a8074ff..000000000000 --- a/tests/src/drivers/test_driver_key_agreement.c +++ /dev/null @@ -1,147 +0,0 @@ -/* - * Test driver for key agreement functions. - */ -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include - -#if defined(PSA_CRYPTO_DRIVER_TEST) - -#include "psa/crypto.h" -#include "psa_crypto_core.h" -#include "psa_crypto_ecp.h" -#include "psa_crypto_ffdh.h" - -#include "test/drivers/key_agreement.h" -#include "test/drivers/test_driver.h" - -#include - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) -#include "libtestdriver1/tf-psa-crypto/include/psa/crypto.h" -#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_ecp.h" -#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_ffdh.h" -#endif - -mbedtls_test_driver_key_agreement_hooks_t - mbedtls_test_driver_key_agreement_hooks = MBEDTLS_TEST_DRIVER_KEY_AGREEMENT_INIT; - -psa_status_t mbedtls_test_transparent_key_agreement( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *peer_key, - size_t peer_key_length, - uint8_t *shared_secret, - size_t shared_secret_size, - size_t *shared_secret_length) -{ - mbedtls_test_driver_key_agreement_hooks.hits++; - - if (mbedtls_test_driver_key_agreement_hooks.forced_status != PSA_SUCCESS) { - return mbedtls_test_driver_key_agreement_hooks.forced_status; - } - - if (mbedtls_test_driver_key_agreement_hooks.forced_output != NULL) { - if (mbedtls_test_driver_key_agreement_hooks.forced_output_length > shared_secret_size) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - - memcpy(shared_secret, mbedtls_test_driver_key_agreement_hooks.forced_output, - mbedtls_test_driver_key_agreement_hooks.forced_output_length); - *shared_secret_length = mbedtls_test_driver_key_agreement_hooks.forced_output_length; - - return PSA_SUCCESS; - } - - if (PSA_ALG_IS_ECDH(alg)) { -#if (defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDH)) - return libtestdriver1_mbedtls_psa_key_agreement_ecdh( - (const libtestdriver1_psa_key_attributes_t *) attributes, - key_buffer, key_buffer_size, - alg, peer_key, peer_key_length, - shared_secret, shared_secret_size, - shared_secret_length); -#elif defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) - return mbedtls_psa_key_agreement_ecdh( - attributes, - key_buffer, key_buffer_size, - alg, peer_key, peer_key_length, - shared_secret, shared_secret_size, - shared_secret_length); -#else - (void) attributes; - (void) key_buffer; - (void) key_buffer_size; - (void) peer_key; - (void) peer_key_length; - (void) shared_secret; - (void) shared_secret_size; - (void) shared_secret_length; - return PSA_ERROR_NOT_SUPPORTED; -#endif - } - if (PSA_ALG_IS_FFDH(alg)) { -#if (defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_FFDH)) - return libtestdriver1_mbedtls_psa_ffdh_key_agreement( - (const libtestdriver1_psa_key_attributes_t *) attributes, - peer_key, peer_key_length, - key_buffer, key_buffer_size, - shared_secret, shared_secret_size, - shared_secret_length); -#elif defined(MBEDTLS_PSA_BUILTIN_ALG_FFDH) - return mbedtls_psa_ffdh_key_agreement( - attributes, - peer_key, - peer_key_length, - key_buffer, - key_buffer_size, - shared_secret, - shared_secret_size, - shared_secret_length); -#else - (void) attributes; - (void) key_buffer; - (void) key_buffer_size; - (void) peer_key; - (void) peer_key_length; - (void) shared_secret; - (void) shared_secret_size; - (void) shared_secret_length; - return PSA_ERROR_NOT_SUPPORTED; -#endif - } else { - return PSA_ERROR_INVALID_ARGUMENT; - } - -} - -psa_status_t mbedtls_test_opaque_key_agreement( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *peer_key, - size_t peer_key_length, - uint8_t *shared_secret, - size_t shared_secret_size, - size_t *shared_secret_length) -{ - (void) attributes; - (void) key_buffer; - (void) key_buffer_size; - (void) alg; - (void) peer_key; - (void) peer_key_length; - (void) shared_secret; - (void) shared_secret_size; - (void) shared_secret_length; - return PSA_ERROR_NOT_SUPPORTED; -} - -#endif /* PSA_CRYPTO_DRIVER_TEST */ diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c deleted file mode 100644 index c0869f1291b7..000000000000 --- a/tests/src/drivers/test_driver_key_management.c +++ /dev/null @@ -1,788 +0,0 @@ -/* - * Test driver for generating and verifying keys. - * Currently only supports generating and verifying ECC keys. - */ -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include - -#if defined(PSA_CRYPTO_DRIVER_TEST) -#include "psa/crypto.h" -#include "psa_crypto_core.h" -#include "psa_crypto_ecp.h" -#include "psa_crypto_rsa.h" -#include "psa_crypto_ffdh.h" -#include "mbedtls/ecp.h" -#include "mbedtls/error.h" - -#include "test/drivers/key_management.h" -#include "test/drivers/test_driver.h" - -#include "test/random.h" - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) -#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_ecp.h" -#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_rsa.h" -#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_ffdh.h" -#endif - -#include - -mbedtls_test_driver_key_management_hooks_t - mbedtls_test_driver_key_management_hooks = MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT; - -const uint8_t mbedtls_test_driver_aes_key[16] = -{ 0x36, 0x77, 0x39, 0x7A, 0x24, 0x43, 0x26, 0x46, - 0x29, 0x4A, 0x40, 0x4E, 0x63, 0x52, 0x66, 0x55 }; -const uint8_t mbedtls_test_driver_ecdsa_key[32] = -{ 0xdc, 0x7d, 0x9d, 0x26, 0xd6, 0x7a, 0x4f, 0x63, - 0x2c, 0x34, 0xc2, 0xdc, 0x0b, 0x69, 0x86, 0x18, - 0x38, 0x82, 0xc2, 0x06, 0xdf, 0x04, 0xcd, 0xb7, - 0xd6, 0x9a, 0xab, 0xe2, 0x8b, 0xe4, 0xf8, 0x1a }; -const uint8_t mbedtls_test_driver_ecdsa_pubkey[65] = -{ 0x04, - 0x85, 0xf6, 0x4d, 0x89, 0xf0, 0x0b, 0xe6, 0x6c, - 0x88, 0xdd, 0x93, 0x7e, 0xfd, 0x6d, 0x7c, 0x44, - 0x56, 0x48, 0xdc, 0xb7, 0x01, 0x15, 0x0b, 0x8a, - 0x95, 0x09, 0x29, 0x58, 0x50, 0xf4, 0x1c, 0x19, - 0x31, 0xe5, 0x71, 0xfb, 0x8f, 0x8c, 0x78, 0x31, - 0x7a, 0x20, 0xb3, 0x80, 0xe8, 0x66, 0x58, 0x4b, - 0xbc, 0x25, 0x16, 0xc3, 0xd2, 0x70, 0x2d, 0x79, - 0x2f, 0x13, 0x1a, 0x92, 0x20, 0x95, 0xfd, 0x6c }; - -psa_status_t mbedtls_test_transparent_init(void) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) - status = libtestdriver1_psa_crypto_init(); - if (status != PSA_SUCCESS) { - return status; - } -#endif - - (void) status; - return PSA_SUCCESS; -} - -void mbedtls_test_transparent_free(void) -{ -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) - libtestdriver1_mbedtls_psa_crypto_free(); -#endif - - return; -} - -psa_status_t mbedtls_test_opaque_init(void) -{ - return PSA_SUCCESS; -} - -void mbedtls_test_opaque_free(void) -{ - return; -} - -/* - * This macro returns the base size for the key context when SE does not - * support storage. It is the size of the metadata that gets added to the - * wrapped key. In its test functionality the metadata is just some padded - * prefixing to the key. - */ -#define TEST_DRIVER_KEY_CONTEXT_BASE_SIZE \ - PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE - - -size_t mbedtls_test_opaque_size_function( - const psa_key_type_t key_type, - const size_t key_bits) -{ - size_t key_buffer_size = 0; - - key_buffer_size = PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits); - if (key_buffer_size == 0) { - return 0; - } - /* Include spacing for base size overhead over the key size - * */ - key_buffer_size += TEST_DRIVER_KEY_CONTEXT_BASE_SIZE; - return key_buffer_size; -} - -static size_t mbedtls_test_opaque_get_base_size() -{ - return TEST_DRIVER_KEY_CONTEXT_BASE_SIZE; -} - -/* - * The wrap function mbedtls_test_opaque_wrap_key pads and wraps the - * clear key. It expects the clear and wrap buffers to be passed in. - * key_length is the size of the clear key to be wrapped. - * wrapped_key_buffer_size is the size of the output buffer wrap_key. - * The argument wrapped_key_buffer_length is filled with the wrapped - * key_size on success. - * */ -static psa_status_t mbedtls_test_opaque_wrap_key( - const uint8_t *key, - size_t key_length, - uint8_t *wrapped_key_buffer, - size_t wrapped_key_buffer_size, - size_t *wrapped_key_buffer_length) -{ - size_t opaque_key_base_size = mbedtls_test_opaque_get_base_size(); - uint64_t prefix = PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX; - - if (key_length + opaque_key_base_size > wrapped_key_buffer_size) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - - /* Write in the opaque pad prefix */ - memcpy(wrapped_key_buffer, &prefix, opaque_key_base_size); - wrapped_key_buffer += opaque_key_base_size; - *wrapped_key_buffer_length = key_length + opaque_key_base_size; - - while (key_length--) { - wrapped_key_buffer[key_length] = key[key_length] ^ 0xFF; - } - return PSA_SUCCESS; -} - -/* - * The unwrap function mbedtls_test_opaque_unwrap_key removes a pad prefix - * and unwraps the wrapped key. It expects the clear and wrap buffers to be - * passed in. - * wrapped_key_length is the size of the wrapped key, - * key_buffer_size is the size of the output buffer clear_key. - * The argument key_buffer_length is filled with the unwrapped(clear) - * key_size on success. - * */ -psa_status_t mbedtls_test_opaque_unwrap_key( - const uint8_t *wrapped_key, - size_t wrapped_key_length, - uint8_t *key_buffer, - size_t key_buffer_size, - size_t *key_buffer_length) -{ - /* Remove the pad prefix from the wrapped key */ - size_t opaque_key_base_size = mbedtls_test_opaque_get_base_size(); - size_t clear_key_size; - - /* Check for underflow */ - if (wrapped_key_length < opaque_key_base_size) { - return PSA_ERROR_DATA_CORRUPT; - } - clear_key_size = wrapped_key_length - opaque_key_base_size; - - wrapped_key += opaque_key_base_size; - if (clear_key_size > key_buffer_size) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - - *key_buffer_length = clear_key_size; - while (clear_key_size--) { - key_buffer[clear_key_size] = wrapped_key[clear_key_size] ^ 0xFF; - } - return PSA_SUCCESS; -} - -psa_status_t mbedtls_test_transparent_generate_key( - const psa_key_attributes_t *attributes, - uint8_t *key, size_t key_size, size_t *key_length) -{ - ++mbedtls_test_driver_key_management_hooks.hits; - ++mbedtls_test_driver_key_management_hooks.hits_generate_key; - - if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) { - return mbedtls_test_driver_key_management_hooks.forced_status; - } - - if (mbedtls_test_driver_key_management_hooks.forced_output != NULL) { - if (mbedtls_test_driver_key_management_hooks.forced_output_length > - key_size) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - memcpy(key, mbedtls_test_driver_key_management_hooks.forced_output, - mbedtls_test_driver_key_management_hooks.forced_output_length); - *key_length = mbedtls_test_driver_key_management_hooks.forced_output_length; - return PSA_SUCCESS; - } - - if (PSA_KEY_TYPE_IS_ECC(psa_get_key_type(attributes)) - && PSA_KEY_TYPE_IS_KEY_PAIR(psa_get_key_type(attributes))) { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE) - return libtestdriver1_mbedtls_psa_ecp_generate_key( - (const libtestdriver1_psa_key_attributes_t *) attributes, - key, key_size, key_length); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE) - return mbedtls_psa_ecp_generate_key( - attributes, key, key_size, key_length); -#endif - } else if (psa_get_key_type(attributes) == PSA_KEY_TYPE_RSA_KEY_PAIR) { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE) - return libtestdriver1_mbedtls_psa_rsa_generate_key( - (const libtestdriver1_psa_key_attributes_t *) attributes, - NULL, 0, /* We don't support custom e in the test driver yet */ - key, key_size, key_length); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE) - return mbedtls_psa_rsa_generate_key( - attributes, - NULL, 0, /* We don't support custom e in the test driver yet */ - key, key_size, key_length); -#endif - } else if (PSA_KEY_TYPE_IS_DH(psa_get_key_type(attributes)) - && PSA_KEY_TYPE_IS_KEY_PAIR(psa_get_key_type(attributes))) { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE) - return libtestdriver1_mbedtls_psa_ffdh_generate_key( - (const libtestdriver1_psa_key_attributes_t *) attributes, - key, key_size, key_length); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) - return mbedtls_psa_ffdh_generate_key( - attributes, key, key_size, key_length); -#endif - } - - (void) attributes; - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_opaque_generate_key( - const psa_key_attributes_t *attributes, - uint8_t *key, size_t key_size, size_t *key_length) -{ - (void) attributes; - (void) key; - (void) key_size; - (void) key_length; - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_transparent_import_key( - const psa_key_attributes_t *attributes, - const uint8_t *data, - size_t data_length, - uint8_t *key_buffer, - size_t key_buffer_size, - size_t *key_buffer_length, - size_t *bits) -{ - psa_key_type_t type = psa_get_key_type(attributes); - - ++mbedtls_test_driver_key_management_hooks.hits; - mbedtls_test_driver_key_management_hooks.location = PSA_KEY_LOCATION_LOCAL_STORAGE; - - if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) { - return mbedtls_test_driver_key_management_hooks.forced_status; - } - - if (PSA_KEY_TYPE_IS_ECC(type)) { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)) - return libtestdriver1_mbedtls_psa_ecp_import_key( - (const libtestdriver1_psa_key_attributes_t *) attributes, - data, data_length, - key_buffer, key_buffer_size, - key_buffer_length, bits); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) - return mbedtls_psa_ecp_import_key( - attributes, - data, data_length, - key_buffer, key_buffer_size, - key_buffer_length, bits); -#endif - } else if (PSA_KEY_TYPE_IS_RSA(type)) { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)) - return libtestdriver1_mbedtls_psa_rsa_import_key( - (const libtestdriver1_psa_key_attributes_t *) attributes, - data, data_length, - key_buffer, key_buffer_size, - key_buffer_length, bits); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) - return mbedtls_psa_rsa_import_key( - attributes, - data, data_length, - key_buffer, key_buffer_size, - key_buffer_length, bits); -#endif - } else if (PSA_KEY_TYPE_IS_DH(type)) { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY)) - return libtestdriver1_mbedtls_psa_ffdh_import_key( - (const libtestdriver1_psa_key_attributes_t *) attributes, - data, data_length, - key_buffer, key_buffer_size, - key_buffer_length, bits); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) - return mbedtls_psa_ffdh_import_key( - attributes, - data, data_length, - key_buffer, key_buffer_size, - key_buffer_length, bits); -#endif - } - (void) data; - (void) data_length; - (void) key_buffer; - (void) key_buffer_size; - (void) key_buffer_length; - (void) bits; - (void) type; - - return PSA_ERROR_NOT_SUPPORTED; -} - - -psa_status_t mbedtls_test_opaque_import_key( - const psa_key_attributes_t *attributes, - const uint8_t *data, - size_t data_length, - uint8_t *key_buffer, - size_t key_buffer_size, - size_t *key_buffer_length, - size_t *bits) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_type_t type = psa_get_key_type(attributes); - /* This buffer will be used as an intermediate placeholder for - * the clear key till we wrap it */ - uint8_t *key_buffer_temp; - - ++mbedtls_test_driver_key_management_hooks.hits; - mbedtls_test_driver_key_management_hooks.location = PSA_CRYPTO_TEST_DRIVER_LOCATION; - - if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) { - return mbedtls_test_driver_key_management_hooks.forced_status; - } - - key_buffer_temp = mbedtls_calloc(1, key_buffer_size); - if (key_buffer_temp == NULL) { - return PSA_ERROR_INSUFFICIENT_MEMORY; - } - - if (PSA_KEY_TYPE_IS_UNSTRUCTURED(type)) { - *bits = PSA_BYTES_TO_BITS(data_length); - - status = psa_validate_unstructured_key_bit_size(type, - *bits); - if (status != PSA_SUCCESS) { - goto exit; - } - - if (data_length > key_buffer_size) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - - /* Copy the key material accounting for opaque key padding. */ - memcpy(key_buffer_temp, data, data_length); - *key_buffer_length = data_length; - } else if (PSA_KEY_TYPE_IS_ECC(type)) { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - (defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)) - status = libtestdriver1_mbedtls_psa_ecp_import_key( - (const libtestdriver1_psa_key_attributes_t *) attributes, - data, data_length, - key_buffer_temp, key_buffer_size, - key_buffer_length, bits); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) - status = mbedtls_psa_ecp_import_key( - attributes, - data, data_length, - key_buffer_temp, key_buffer_size, - key_buffer_length, bits); -#else - status = PSA_ERROR_NOT_SUPPORTED; -#endif - if (status != PSA_SUCCESS) { - goto exit; - } - } else if (PSA_KEY_TYPE_IS_RSA(type)) { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - (defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY)) - status = libtestdriver1_mbedtls_psa_rsa_import_key( - (const libtestdriver1_psa_key_attributes_t *) attributes, - data, data_length, - key_buffer_temp, key_buffer_size, - key_buffer_length, bits); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) - status = mbedtls_psa_rsa_import_key( - attributes, - data, data_length, - key_buffer_temp, key_buffer_size, - key_buffer_length, bits); -#else - status = PSA_ERROR_NOT_SUPPORTED; -#endif - if (status != PSA_SUCCESS) { - goto exit; - } - } else { - status = PSA_ERROR_INVALID_ARGUMENT; - goto exit; - } - - status = mbedtls_test_opaque_wrap_key(key_buffer_temp, *key_buffer_length, - key_buffer, key_buffer_size, key_buffer_length); -exit: - mbedtls_free(key_buffer_temp); - return status; -} - -psa_status_t mbedtls_test_opaque_export_key( - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - uint8_t *data, size_t data_size, size_t *data_length) -{ - if (key_length == sizeof(psa_drv_slot_number_t)) { - /* Assume this is a builtin key based on the key material length. */ - psa_drv_slot_number_t slot_number = *((psa_drv_slot_number_t *) key); - - switch (slot_number) { - case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT: - /* This is the ECDSA slot. Verify the key's attributes before - * returning the private key. */ - if (psa_get_key_type(attributes) != - PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) { - return PSA_ERROR_CORRUPTION_DETECTED; - } - if (psa_get_key_bits(attributes) != 256) { - return PSA_ERROR_CORRUPTION_DETECTED; - } - if (psa_get_key_algorithm(attributes) != - PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)) { - return PSA_ERROR_CORRUPTION_DETECTED; - } - if ((psa_get_key_usage_flags(attributes) & - PSA_KEY_USAGE_EXPORT) == 0) { - return PSA_ERROR_CORRUPTION_DETECTED; - } - - if (data_size < sizeof(mbedtls_test_driver_ecdsa_key)) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - - memcpy(data, mbedtls_test_driver_ecdsa_key, - sizeof(mbedtls_test_driver_ecdsa_key)); - *data_length = sizeof(mbedtls_test_driver_ecdsa_key); - return PSA_SUCCESS; - - case PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT: - /* This is the AES slot. Verify the key's attributes before - * returning the key. */ - if (psa_get_key_type(attributes) != PSA_KEY_TYPE_AES) { - return PSA_ERROR_CORRUPTION_DETECTED; - } - if (psa_get_key_bits(attributes) != 128) { - return PSA_ERROR_CORRUPTION_DETECTED; - } - if (psa_get_key_algorithm(attributes) != PSA_ALG_CTR) { - return PSA_ERROR_CORRUPTION_DETECTED; - } - if ((psa_get_key_usage_flags(attributes) & - PSA_KEY_USAGE_EXPORT) == 0) { - return PSA_ERROR_CORRUPTION_DETECTED; - } - - if (data_size < sizeof(mbedtls_test_driver_aes_key)) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - - memcpy(data, mbedtls_test_driver_aes_key, - sizeof(mbedtls_test_driver_aes_key)); - *data_length = sizeof(mbedtls_test_driver_aes_key); - return PSA_SUCCESS; - - default: - return PSA_ERROR_DOES_NOT_EXIST; - } - } else { - /* This buffer will be used as an intermediate placeholder for - * the opaque key till we unwrap the key into key_buffer */ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_type_t type = psa_get_key_type(attributes); - - if (PSA_KEY_TYPE_IS_UNSTRUCTURED(type) || - PSA_KEY_TYPE_IS_RSA(type) || - PSA_KEY_TYPE_IS_ECC(type)) { - status = mbedtls_test_opaque_unwrap_key(key, key_length, - data, data_size, data_length); - return status; - } - } - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_transparent_export_public_key( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - uint8_t *data, size_t data_size, size_t *data_length) -{ - ++mbedtls_test_driver_key_management_hooks.hits; - ++mbedtls_test_driver_key_management_hooks.hits_export_public_key; - - if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) { - return mbedtls_test_driver_key_management_hooks.forced_status; - } - - if (mbedtls_test_driver_key_management_hooks.forced_output != NULL) { - if (mbedtls_test_driver_key_management_hooks.forced_output_length > - data_size) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - memcpy(data, mbedtls_test_driver_key_management_hooks.forced_output, - mbedtls_test_driver_key_management_hooks.forced_output_length); - *data_length = mbedtls_test_driver_key_management_hooks.forced_output_length; - return PSA_SUCCESS; - } - - psa_key_type_t key_type = psa_get_key_type(attributes); - - if (PSA_KEY_TYPE_IS_ECC(key_type)) { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT) || \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)) - return libtestdriver1_mbedtls_psa_ecp_export_public_key( - (const libtestdriver1_psa_key_attributes_t *) attributes, - key_buffer, key_buffer_size, - data, data_size, data_length); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) - return mbedtls_psa_ecp_export_public_key( - attributes, - key_buffer, key_buffer_size, - data, data_size, data_length); -#endif - } else if (PSA_KEY_TYPE_IS_RSA(key_type)) { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)) - return libtestdriver1_mbedtls_psa_rsa_export_public_key( - (const libtestdriver1_psa_key_attributes_t *) attributes, - key_buffer, key_buffer_size, - data, data_size, data_length); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) - return mbedtls_psa_rsa_export_public_key( - attributes, - key_buffer, key_buffer_size, - data, data_size, data_length); -#endif - } else if (PSA_KEY_TYPE_IS_DH(key_type)) { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY)) - return libtestdriver1_mbedtls_psa_ffdh_export_public_key( - (const libtestdriver1_psa_key_attributes_t *) attributes, - key_buffer, key_buffer_size, - data, data_size, data_length); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) - return mbedtls_psa_ffdh_export_public_key( - attributes, - key_buffer, key_buffer_size, - data, data_size, data_length); -#endif - } - - (void) key_buffer; - (void) key_buffer_size; - (void) key_type; - - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_opaque_export_public_key( - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - uint8_t *data, size_t data_size, size_t *data_length) -{ - if (key_length != sizeof(psa_drv_slot_number_t)) { - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_type_t key_type = psa_get_key_type(attributes); - uint8_t *key_buffer_temp; - - key_buffer_temp = mbedtls_calloc(1, key_length); - if (key_buffer_temp == NULL) { - return PSA_ERROR_INSUFFICIENT_MEMORY; - } - - if (PSA_KEY_TYPE_IS_ECC(key_type)) { - status = mbedtls_test_opaque_unwrap_key(key, key_length, - key_buffer_temp, key_length, data_length); - if (status == PSA_SUCCESS) { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - (defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)) - status = libtestdriver1_mbedtls_psa_ecp_export_public_key( - (const libtestdriver1_psa_key_attributes_t *) attributes, - key_buffer_temp, *data_length, - data, data_size, data_length); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) - status = mbedtls_psa_ecp_export_public_key( - attributes, - key_buffer_temp, *data_length, - data, data_size, data_length); -#else - status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - } else if (PSA_KEY_TYPE_IS_RSA(key_type)) { - status = mbedtls_test_opaque_unwrap_key(key, key_length, - key_buffer_temp, key_length, data_length); - if (status == PSA_SUCCESS) { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - (defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY)) - status = libtestdriver1_mbedtls_psa_rsa_export_public_key( - (const libtestdriver1_psa_key_attributes_t *) attributes, - key_buffer_temp, *data_length, - data, data_size, data_length); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) - status = mbedtls_psa_rsa_export_public_key( - attributes, - key_buffer_temp, *data_length, - data, data_size, data_length); -#else - status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - } else { - status = PSA_ERROR_NOT_SUPPORTED; - (void) key; - (void) key_type; - } - mbedtls_free(key_buffer_temp); - return status; - } - - /* Assume this is a builtin key based on the key material length. */ - psa_drv_slot_number_t slot_number = *((psa_drv_slot_number_t *) key); - switch (slot_number) { - case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT: - /* This is the ECDSA slot. Verify the key's attributes before - * returning the public key. */ - if (psa_get_key_type(attributes) != - PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) { - return PSA_ERROR_CORRUPTION_DETECTED; - } - if (psa_get_key_bits(attributes) != 256) { - return PSA_ERROR_CORRUPTION_DETECTED; - } - if (psa_get_key_algorithm(attributes) != - PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)) { - return PSA_ERROR_CORRUPTION_DETECTED; - } - - if (data_size < sizeof(mbedtls_test_driver_ecdsa_pubkey)) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - - memcpy(data, mbedtls_test_driver_ecdsa_pubkey, - sizeof(mbedtls_test_driver_ecdsa_pubkey)); - *data_length = sizeof(mbedtls_test_driver_ecdsa_pubkey); - return PSA_SUCCESS; - - default: - return PSA_ERROR_DOES_NOT_EXIST; - } -} - -/* The opaque test driver exposes two built-in keys when builtin key support is - * compiled in. - * The key in slot #PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT is an AES-128 - * key which allows CTR mode. - * The key in slot #PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT is a secp256r1 - * private key which allows ECDSA sign & verify. - * The key buffer format for these is the raw format of psa_drv_slot_number_t - * (i.e. for an actual driver this would mean 'builtin_key_size' = - * sizeof(psa_drv_slot_number_t)). - */ -psa_status_t mbedtls_test_opaque_get_builtin_key( - psa_drv_slot_number_t slot_number, - psa_key_attributes_t *attributes, - uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length) -{ - switch (slot_number) { - case PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT: - psa_set_key_type(attributes, PSA_KEY_TYPE_AES); - psa_set_key_bits(attributes, 128); - psa_set_key_usage_flags( - attributes, - PSA_KEY_USAGE_ENCRYPT | - PSA_KEY_USAGE_DECRYPT | - PSA_KEY_USAGE_EXPORT); - psa_set_key_algorithm(attributes, PSA_ALG_CTR); - - if (key_buffer_size < sizeof(psa_drv_slot_number_t)) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - - *((psa_drv_slot_number_t *) key_buffer) = - PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT; - *key_buffer_length = sizeof(psa_drv_slot_number_t); - return PSA_SUCCESS; - case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT: - psa_set_key_type( - attributes, - PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)); - psa_set_key_bits(attributes, 256); - psa_set_key_usage_flags( - attributes, - PSA_KEY_USAGE_SIGN_HASH | - PSA_KEY_USAGE_VERIFY_HASH | - PSA_KEY_USAGE_EXPORT); - psa_set_key_algorithm( - attributes, PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)); - - if (key_buffer_size < sizeof(psa_drv_slot_number_t)) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - - *((psa_drv_slot_number_t *) key_buffer) = - PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT; - *key_buffer_length = sizeof(psa_drv_slot_number_t); - return PSA_SUCCESS; - default: - return PSA_ERROR_DOES_NOT_EXIST; - } -} - -psa_status_t mbedtls_test_opaque_copy_key( - psa_key_attributes_t *attributes, - const uint8_t *source_key, size_t source_key_length, - uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length) -{ - /* This is a case where the opaque test driver emulates an SE without storage. - * With that all key context is stored in the wrapped buffer. - * So no additional house keeping is necessary to reference count the - * copied keys. This could change when the opaque test driver is extended - * to support SE with storage, or to emulate an SE without storage but - * still holding some slot references */ - if (source_key_length > key_buffer_size) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - - memcpy(key_buffer, source_key, source_key_length); - *key_buffer_length = source_key_length; - (void) attributes; - return PSA_SUCCESS; -} - -#endif /* PSA_CRYPTO_DRIVER_TEST */ diff --git a/tests/src/drivers/test_driver_mac.c b/tests/src/drivers/test_driver_mac.c deleted file mode 100644 index de43e49074b4..000000000000 --- a/tests/src/drivers/test_driver_mac.c +++ /dev/null @@ -1,422 +0,0 @@ -/* - * Test driver for MAC entry points. - */ -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include - -#if defined(PSA_CRYPTO_DRIVER_TEST) -#include "psa_crypto_mac.h" - -#include "test/drivers/mac.h" - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) -#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_mac.h" -#endif - -mbedtls_test_driver_mac_hooks_t mbedtls_test_driver_mac_hooks = - MBEDTLS_TEST_DRIVER_MAC_INIT; - -psa_status_t mbedtls_test_transparent_mac_compute( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *mac, - size_t mac_size, - size_t *mac_length) -{ - mbedtls_test_driver_mac_hooks.hits++; - - if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_test_driver_mac_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC) - mbedtls_test_driver_mac_hooks.driver_status = - libtestdriver1_mbedtls_psa_mac_compute( - (const libtestdriver1_psa_key_attributes_t *) attributes, - key_buffer, key_buffer_size, alg, - input, input_length, - mac, mac_size, mac_length); -#elif defined(MBEDTLS_PSA_BUILTIN_MAC) - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_psa_mac_compute( - attributes, key_buffer, key_buffer_size, alg, - input, input_length, - mac, mac_size, mac_length); -#else - (void) attributes; - (void) key_buffer; - (void) key_buffer_size; - (void) alg; - (void) input; - (void) input_length; - (void) mac; - (void) mac_size; - (void) mac_length; - mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_mac_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_mac_sign_setup( - mbedtls_transparent_test_driver_mac_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg) -{ - mbedtls_test_driver_mac_hooks.hits++; - - if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_test_driver_mac_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC) - mbedtls_test_driver_mac_hooks.driver_status = - libtestdriver1_mbedtls_psa_mac_sign_setup( - operation, - (const libtestdriver1_psa_key_attributes_t *) attributes, - key_buffer, key_buffer_size, alg); -#elif defined(MBEDTLS_PSA_BUILTIN_MAC) - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_psa_mac_sign_setup( - operation, attributes, key_buffer, key_buffer_size, alg); -#else - (void) operation; - (void) attributes; - (void) key_buffer; - (void) key_buffer_size; - (void) alg; - mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_mac_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_mac_verify_setup( - mbedtls_transparent_test_driver_mac_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg) -{ - mbedtls_test_driver_mac_hooks.hits++; - - if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_test_driver_mac_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC) - mbedtls_test_driver_mac_hooks.driver_status = - libtestdriver1_mbedtls_psa_mac_verify_setup( - operation, - (const libtestdriver1_psa_key_attributes_t *) attributes, - key_buffer, key_buffer_size, alg); -#elif defined(MBEDTLS_PSA_BUILTIN_MAC) - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_psa_mac_verify_setup( - operation, attributes, key_buffer, key_buffer_size, alg); -#else - (void) operation; - (void) attributes; - (void) key_buffer; - (void) key_buffer_size; - (void) alg; - mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_mac_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_mac_update( - mbedtls_transparent_test_driver_mac_operation_t *operation, - const uint8_t *input, - size_t input_length) -{ - mbedtls_test_driver_mac_hooks.hits++; - - if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_test_driver_mac_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC) - mbedtls_test_driver_mac_hooks.driver_status = - libtestdriver1_mbedtls_psa_mac_update( - operation, input, input_length); -#elif defined(MBEDTLS_PSA_BUILTIN_MAC) - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_psa_mac_update( - operation, input, input_length); -#else - (void) operation; - (void) input; - (void) input_length; - mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_mac_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_mac_sign_finish( - mbedtls_transparent_test_driver_mac_operation_t *operation, - uint8_t *mac, - size_t mac_size, - size_t *mac_length) -{ - mbedtls_test_driver_mac_hooks.hits++; - - if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_test_driver_mac_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC) - mbedtls_test_driver_mac_hooks.driver_status = - libtestdriver1_mbedtls_psa_mac_sign_finish( - operation, mac, mac_size, mac_length); -#elif defined(MBEDTLS_PSA_BUILTIN_MAC) - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_psa_mac_sign_finish( - operation, mac, mac_size, mac_length); -#else - (void) operation; - (void) mac; - (void) mac_size; - (void) mac_length; - mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_mac_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_mac_verify_finish( - mbedtls_transparent_test_driver_mac_operation_t *operation, - const uint8_t *mac, - size_t mac_length) -{ - mbedtls_test_driver_mac_hooks.hits++; - - if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_test_driver_mac_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC) - mbedtls_test_driver_mac_hooks.driver_status = - libtestdriver1_mbedtls_psa_mac_verify_finish( - operation, mac, mac_length); -#elif defined(MBEDTLS_PSA_BUILTIN_MAC) - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_psa_mac_verify_finish( - operation, mac, mac_length); -#else - (void) operation; - (void) mac; - (void) mac_length; - mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_mac_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_mac_abort( - mbedtls_transparent_test_driver_mac_operation_t *operation) -{ - mbedtls_test_driver_mac_hooks.hits++; - - if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_test_driver_mac_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC) - mbedtls_test_driver_mac_hooks.driver_status = - libtestdriver1_mbedtls_psa_mac_abort(operation); -#elif defined(MBEDTLS_PSA_BUILTIN_MAC) - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_psa_mac_abort(operation); -#else - (void) operation; - mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_mac_hooks.driver_status; -} - -psa_status_t mbedtls_test_opaque_mac_compute( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *mac, - size_t mac_size, - size_t *mac_length) -{ - mbedtls_test_driver_mac_hooks.hits++; - - if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_test_driver_mac_hooks.forced_status; - } else { - (void) attributes; - (void) key_buffer; - (void) key_buffer_size; - (void) alg; - (void) input; - (void) input_length; - (void) mac; - (void) mac_size; - (void) mac_length; - mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; - } - - return mbedtls_test_driver_mac_hooks.driver_status; -} - -psa_status_t mbedtls_test_opaque_mac_sign_setup( - mbedtls_opaque_test_driver_mac_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg) -{ - mbedtls_test_driver_mac_hooks.hits++; - - if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_test_driver_mac_hooks.forced_status; - } else { - (void) operation; - (void) attributes; - (void) key_buffer; - (void) key_buffer_size; - (void) alg; - mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; - } - - return mbedtls_test_driver_mac_hooks.driver_status; -} - -psa_status_t mbedtls_test_opaque_mac_verify_setup( - mbedtls_opaque_test_driver_mac_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg) -{ - mbedtls_test_driver_mac_hooks.hits++; - - if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_test_driver_mac_hooks.forced_status; - } else { - (void) operation; - (void) attributes; - (void) key_buffer; - (void) key_buffer_size; - (void) alg; - mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; - } - - return mbedtls_test_driver_mac_hooks.driver_status; -} - -psa_status_t mbedtls_test_opaque_mac_update( - mbedtls_opaque_test_driver_mac_operation_t *operation, - const uint8_t *input, - size_t input_length) -{ - mbedtls_test_driver_mac_hooks.hits++; - - if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_test_driver_mac_hooks.forced_status; - } else { - (void) operation; - (void) input; - (void) input_length; - mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; - } - - return mbedtls_test_driver_mac_hooks.driver_status; -} - -psa_status_t mbedtls_test_opaque_mac_sign_finish( - mbedtls_opaque_test_driver_mac_operation_t *operation, - uint8_t *mac, - size_t mac_size, - size_t *mac_length) -{ - mbedtls_test_driver_mac_hooks.hits++; - - if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_test_driver_mac_hooks.forced_status; - } else { - (void) operation; - (void) mac; - (void) mac_size; - (void) mac_length; - mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; - } - - return mbedtls_test_driver_mac_hooks.driver_status; -} - -psa_status_t mbedtls_test_opaque_mac_verify_finish( - mbedtls_opaque_test_driver_mac_operation_t *operation, - const uint8_t *mac, - size_t mac_length) -{ - mbedtls_test_driver_mac_hooks.hits++; - - if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_test_driver_mac_hooks.forced_status; - } else { - (void) operation; - (void) mac; - (void) mac_length; - mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; - } - - return mbedtls_test_driver_mac_hooks.driver_status; -} - -psa_status_t mbedtls_test_opaque_mac_abort( - mbedtls_opaque_test_driver_mac_operation_t *operation) -{ - mbedtls_test_driver_mac_hooks.hits++; - - if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_test_driver_mac_hooks.forced_status; - } else { - (void) operation; - mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; - } - - return mbedtls_test_driver_mac_hooks.driver_status; -} - -#endif /* PSA_CRYPTO_DRIVER_TEST */ diff --git a/tests/src/drivers/test_driver_pake.c b/tests/src/drivers/test_driver_pake.c deleted file mode 100644 index 963110109af0..000000000000 --- a/tests/src/drivers/test_driver_pake.c +++ /dev/null @@ -1,202 +0,0 @@ -/* - * Test driver for PAKE entry points. - */ -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include - -#if defined(PSA_CRYPTO_DRIVER_TEST) -#include "psa_crypto_pake.h" - -#include "test/drivers/pake.h" -#include "string.h" - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) -#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_pake.h" -#endif - -mbedtls_test_driver_pake_hooks_t mbedtls_test_driver_pake_hooks = - MBEDTLS_TEST_DRIVER_PAKE_INIT; - - -psa_status_t mbedtls_test_transparent_pake_setup( - mbedtls_transparent_test_driver_pake_operation_t *operation, - const psa_crypto_driver_pake_inputs_t *inputs) -{ - mbedtls_test_driver_pake_hooks.hits.total++; - mbedtls_test_driver_pake_hooks.hits.setup++; - - if (mbedtls_test_driver_pake_hooks.forced_setup_status != PSA_SUCCESS) { - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_test_driver_pake_hooks.forced_setup_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - libtestdriver1_mbedtls_psa_pake_setup( - operation, (const libtestdriver1_psa_crypto_driver_pake_inputs_t *) inputs); -#elif defined(MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_psa_pake_setup( - operation, inputs); -#else - (void) operation; - (void) inputs; - mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_pake_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_pake_output( - mbedtls_transparent_test_driver_pake_operation_t *operation, - psa_crypto_driver_pake_step_t step, - uint8_t *output, - size_t output_size, - size_t *output_length) -{ - mbedtls_test_driver_pake_hooks.hits.total++; - mbedtls_test_driver_pake_hooks.hits.output++; - - if (mbedtls_test_driver_pake_hooks.forced_output != NULL) { - if (output_size < mbedtls_test_driver_pake_hooks.forced_output_length) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - - memcpy(output, - mbedtls_test_driver_pake_hooks.forced_output, - mbedtls_test_driver_pake_hooks.forced_output_length); - *output_length = mbedtls_test_driver_pake_hooks.forced_output_length; - - return mbedtls_test_driver_pake_hooks.forced_status; - } - - if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_test_driver_pake_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - libtestdriver1_mbedtls_psa_pake_output( - operation, (libtestdriver1_psa_crypto_driver_pake_step_t) step, - output, output_size, output_length); -#elif defined(MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_psa_pake_output( - operation, step, output, output_size, output_length); -#else - (void) operation; - (void) step; - (void) output; - (void) output_size; - (void) output_length; - mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_pake_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_pake_input( - mbedtls_transparent_test_driver_pake_operation_t *operation, - psa_crypto_driver_pake_step_t step, - const uint8_t *input, - size_t input_length) -{ - mbedtls_test_driver_pake_hooks.hits.total++; - mbedtls_test_driver_pake_hooks.hits.input++; - - if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_test_driver_pake_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - libtestdriver1_mbedtls_psa_pake_input( - operation, (libtestdriver1_psa_crypto_driver_pake_step_t) step, - input, input_length); -#elif defined(MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_psa_pake_input( - operation, step, input, input_length); -#else - (void) operation; - (void) step; - (void) input; - (void) input_length; - mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_pake_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_pake_get_implicit_key( - mbedtls_transparent_test_driver_pake_operation_t *operation, - uint8_t *output, size_t output_size, size_t *output_length) -{ - mbedtls_test_driver_pake_hooks.hits.total++; - mbedtls_test_driver_pake_hooks.hits.implicit_key++; - - if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_test_driver_pake_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - libtestdriver1_mbedtls_psa_pake_get_implicit_key( - operation, output, output_size, output_length); -#elif defined(MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_psa_pake_get_implicit_key( - operation, output, output_size, output_length); -#else - (void) operation; - (void) output; - (void) output_size; - (void) output_length; - mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_pake_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_pake_abort( - mbedtls_transparent_test_driver_pake_operation_t *operation) -{ - mbedtls_test_driver_pake_hooks.hits.total++; - mbedtls_test_driver_pake_hooks.hits.abort++; - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - libtestdriver1_mbedtls_psa_pake_abort( - operation); -#elif defined(MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_psa_pake_abort( - operation); -#else - (void) operation; - mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - - - if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS && - mbedtls_test_driver_pake_hooks.driver_status == PSA_SUCCESS) { - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_test_driver_pake_hooks.forced_status; - } - - - return mbedtls_test_driver_pake_hooks.driver_status; -} - -#endif /* PSA_CRYPTO_DRIVER_TEST */ diff --git a/tests/src/drivers/test_driver_signature.c b/tests/src/drivers/test_driver_signature.c deleted file mode 100644 index 02c6298a29eb..000000000000 --- a/tests/src/drivers/test_driver_signature.c +++ /dev/null @@ -1,404 +0,0 @@ -/* - * Test driver for signature functions. - * Currently supports signing and verifying precalculated hashes, using - * only deterministic ECDSA on curves secp256r1, secp384r1 and secp521r1. - */ -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include - -#if defined(PSA_CRYPTO_DRIVER_TEST) -#include "psa/crypto.h" -#include "psa_crypto_core.h" -#include "psa_crypto_ecp.h" -#include "psa_crypto_hash.h" -#include "psa_crypto_rsa.h" -#include "mbedtls/ecp.h" - -#include "test/drivers/hash.h" -#include "test/drivers/signature.h" -#include "test/drivers/hash.h" - -#include "mbedtls/ecdsa.h" - -#include "test/random.h" - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) -#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_ecp.h" -#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_hash.h" -#include "libtestdriver1/tf-psa-crypto/core/psa_crypto_rsa.h" -#endif - -#include - -mbedtls_test_driver_signature_hooks_t - mbedtls_test_driver_signature_sign_hooks = MBEDTLS_TEST_DRIVER_SIGNATURE_INIT; -mbedtls_test_driver_signature_hooks_t - mbedtls_test_driver_signature_verify_hooks = MBEDTLS_TEST_DRIVER_SIGNATURE_INIT; - -psa_status_t sign_hash( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *hash, - size_t hash_length, - uint8_t *signature, - size_t signature_size, - size_t *signature_length) -{ - if (attributes->type == PSA_KEY_TYPE_RSA_KEY_PAIR) { - if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) || - PSA_ALG_IS_RSA_PSS(alg)) { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)) - return libtestdriver1_mbedtls_psa_rsa_sign_hash( - (const libtestdriver1_psa_key_attributes_t *) attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_size, signature_length); -#elif defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) - return mbedtls_psa_rsa_sign_hash( - attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_size, signature_length); -#endif - } else { - return PSA_ERROR_INVALID_ARGUMENT; - } - } else if (PSA_KEY_TYPE_IS_ECC(attributes->type)) { - if (PSA_ALG_IS_ECDSA(alg)) { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) - return libtestdriver1_mbedtls_psa_ecdsa_sign_hash( - (const libtestdriver1_psa_key_attributes_t *) attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_size, signature_length); -#elif defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) - return mbedtls_psa_ecdsa_sign_hash( - attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_size, signature_length); -#endif - } else { - return PSA_ERROR_INVALID_ARGUMENT; - } - } - - (void) attributes; - (void) key_buffer; - (void) key_buffer_size; - (void) alg; - (void) hash; - (void) hash_length; - (void) signature; - (void) signature_size; - (void) signature_length; - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t verify_hash( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *hash, - size_t hash_length, - const uint8_t *signature, - size_t signature_length) -{ - if (PSA_KEY_TYPE_IS_RSA(attributes->type)) { - if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) || - PSA_ALG_IS_RSA_PSS(alg)) { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)) - return libtestdriver1_mbedtls_psa_rsa_verify_hash( - (const libtestdriver1_psa_key_attributes_t *) attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_length); -#elif defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) - return mbedtls_psa_rsa_verify_hash( - attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_length); -#endif - } else { - return PSA_ERROR_INVALID_ARGUMENT; - } - } else if (PSA_KEY_TYPE_IS_ECC(attributes->type)) { - if (PSA_ALG_IS_ECDSA(alg)) { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) - return libtestdriver1_mbedtls_psa_ecdsa_verify_hash( - (const libtestdriver1_psa_key_attributes_t *) attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_length); -#elif defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) - return mbedtls_psa_ecdsa_verify_hash( - attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_length); -#endif - } else { - return PSA_ERROR_INVALID_ARGUMENT; - } - } - - (void) attributes; - (void) key_buffer; - (void) key_buffer_size; - (void) alg; - (void) hash; - (void) hash_length; - (void) signature; - (void) signature_length; - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_transparent_signature_sign_message( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *signature, - size_t signature_size, - size_t *signature_length) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t hash_length; - uint8_t hash[PSA_HASH_MAX_SIZE]; - - ++mbedtls_test_driver_signature_sign_hooks.hits; - - if (mbedtls_test_driver_signature_sign_hooks.forced_status != PSA_SUCCESS) { - return mbedtls_test_driver_signature_sign_hooks.forced_status; - } - - if (mbedtls_test_driver_signature_sign_hooks.forced_output != NULL) { - if (mbedtls_test_driver_signature_sign_hooks.forced_output_length > signature_size) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - - memcpy(signature, mbedtls_test_driver_signature_sign_hooks.forced_output, - mbedtls_test_driver_signature_sign_hooks.forced_output_length); - *signature_length = mbedtls_test_driver_signature_sign_hooks.forced_output_length; - - return PSA_SUCCESS; - } - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) - status = libtestdriver1_mbedtls_psa_hash_compute( - PSA_ALG_SIGN_GET_HASH(alg), input, input_length, - hash, sizeof(hash), &hash_length); -#elif defined(MBEDTLS_PSA_BUILTIN_HASH) - status = mbedtls_psa_hash_compute( - PSA_ALG_SIGN_GET_HASH(alg), input, input_length, - hash, sizeof(hash), &hash_length); -#else - (void) input; - (void) input_length; - status = PSA_ERROR_NOT_SUPPORTED; -#endif - if (status != PSA_SUCCESS) { - return status; - } - - return sign_hash(attributes, key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_size, signature_length); -} - -psa_status_t mbedtls_test_opaque_signature_sign_message( - const psa_key_attributes_t *attributes, - const uint8_t *key, - size_t key_length, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *signature, - size_t signature_size, - size_t *signature_length) -{ - (void) attributes; - (void) key; - (void) key_length; - (void) alg; - (void) input; - (void) input_length; - (void) signature; - (void) signature_size; - (void) signature_length; - - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_transparent_signature_verify_message( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - const uint8_t *signature, - size_t signature_length) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t hash_length; - uint8_t hash[PSA_HASH_MAX_SIZE]; - - ++mbedtls_test_driver_signature_verify_hooks.hits; - - if (mbedtls_test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS) { - return mbedtls_test_driver_signature_verify_hooks.forced_status; - } - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) - status = libtestdriver1_mbedtls_psa_hash_compute( - PSA_ALG_SIGN_GET_HASH(alg), input, input_length, - hash, sizeof(hash), &hash_length); -#elif defined(MBEDTLS_PSA_BUILTIN_HASH) - status = mbedtls_psa_hash_compute( - PSA_ALG_SIGN_GET_HASH(alg), input, input_length, - hash, sizeof(hash), &hash_length); -#else - (void) input; - (void) input_length; - status = PSA_ERROR_NOT_SUPPORTED; -#endif - if (status != PSA_SUCCESS) { - return status; - } - - return verify_hash(attributes, key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_length); -} - -psa_status_t mbedtls_test_opaque_signature_verify_message( - const psa_key_attributes_t *attributes, - const uint8_t *key, - size_t key_length, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - const uint8_t *signature, - size_t signature_length) -{ - (void) attributes; - (void) key; - (void) key_length; - (void) alg; - (void) input; - (void) input_length; - (void) signature; - (void) signature_length; - - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_transparent_signature_sign_hash( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, size_t *signature_length) -{ - ++mbedtls_test_driver_signature_sign_hooks.hits; - - if (mbedtls_test_driver_signature_sign_hooks.forced_status != PSA_SUCCESS) { - return mbedtls_test_driver_signature_sign_hooks.forced_status; - } - - if (mbedtls_test_driver_signature_sign_hooks.forced_output != NULL) { - if (mbedtls_test_driver_signature_sign_hooks.forced_output_length > signature_size) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - memcpy(signature, mbedtls_test_driver_signature_sign_hooks.forced_output, - mbedtls_test_driver_signature_sign_hooks.forced_output_length); - *signature_length = mbedtls_test_driver_signature_sign_hooks.forced_output_length; - return PSA_SUCCESS; - } - - return sign_hash(attributes, key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_size, signature_length); -} - -psa_status_t mbedtls_test_opaque_signature_sign_hash( - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg, - const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, size_t *signature_length) -{ - (void) attributes; - (void) key; - (void) key_length; - (void) alg; - (void) hash; - (void) hash_length; - (void) signature; - (void) signature_size; - (void) signature_length; - - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_transparent_signature_verify_hash( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length) -{ - ++mbedtls_test_driver_signature_verify_hooks.hits; - - if (mbedtls_test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS) { - return mbedtls_test_driver_signature_verify_hooks.forced_status; - } - - return verify_hash(attributes, key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_length); -} - -psa_status_t mbedtls_test_opaque_signature_verify_hash( - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg, - const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length) -{ - (void) attributes; - (void) key; - (void) key_length; - (void) alg; - (void) hash; - (void) hash_length; - (void) signature; - (void) signature_length; - return PSA_ERROR_NOT_SUPPORTED; -} - -#endif /* PSA_CRYPTO_DRIVER_TEST */ diff --git a/tests/src/fake_external_rng_for_test.c b/tests/src/fake_external_rng_for_test.c deleted file mode 100644 index c0bfde51aa0c..000000000000 --- a/tests/src/fake_external_rng_for_test.c +++ /dev/null @@ -1,45 +0,0 @@ -/** \file fake_external_rng_for_test.c - * - * \brief Helper functions to test PSA crypto functionality. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include - -#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) -#include -#include - -static int test_insecure_external_rng_enabled = 0; - -void mbedtls_test_enable_insecure_external_rng(void) -{ - test_insecure_external_rng_enabled = 1; -} - -void mbedtls_test_disable_insecure_external_rng(void) -{ - test_insecure_external_rng_enabled = 0; -} - -psa_status_t mbedtls_psa_external_get_random( - mbedtls_psa_external_random_context_t *context, - uint8_t *output, size_t output_size, size_t *output_length) -{ - (void) context; - - if (!test_insecure_external_rng_enabled) { - return PSA_ERROR_INSUFFICIENT_ENTROPY; - } - - /* This implementation is for test purposes only! - * Use the libc non-cryptographic random generator. */ - mbedtls_test_rnd_std_rand(NULL, output, output_size); - *output_length = output_size; - return PSA_SUCCESS; -} -#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ diff --git a/tests/src/helpers.c b/tests/src/helpers.c deleted file mode 100644 index 065d17d3e05b..000000000000 --- a/tests/src/helpers.c +++ /dev/null @@ -1,708 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include -#include -#include -#include - -#if defined(MBEDTLS_PSA_INJECT_ENTROPY) -#include -#include -#endif - -#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_PSA_CRYPTO_C) -#include -#endif -#if defined(MBEDTLS_THREADING_C) -#include "mbedtls/threading.h" -#endif - -/*----------------------------------------------------------------------------*/ -/* Static global variables */ - -#if defined(MBEDTLS_PLATFORM_C) -static mbedtls_platform_context platform_ctx; -#endif - -static mbedtls_test_info_t mbedtls_test_info; - -#ifdef MBEDTLS_THREADING_C -mbedtls_threading_mutex_t mbedtls_test_info_mutex; -#endif /* MBEDTLS_THREADING_C */ - -/*----------------------------------------------------------------------------*/ -/* Mbedtls Test Info accessors - * - * NOTE - there are two types of accessors here: public accessors and internal - * accessors. The public accessors have prototypes in helpers.h and lock - * mbedtls_test_info_mutex (if mutexes are enabled). The _internal accessors, - * which are expected to be used from this module *only*, do not lock the mutex. - * These are designed to be called from within public functions which already - * hold the mutex. The main reason for this difference is the need to set - * multiple test data values atomically (without releasing the mutex) to prevent - * race conditions. */ - -mbedtls_test_result_t mbedtls_test_get_result(void) -{ - mbedtls_test_result_t result; - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - result = mbedtls_test_info.result; - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - return result; -} - -static void mbedtls_test_set_result_internal(mbedtls_test_result_t result, const char *test, - int line_no, const char *filename) -{ - /* Internal function only - mbedtls_test_info_mutex should be held prior - * to calling this function. */ - - mbedtls_test_info.result = result; - mbedtls_test_info.test = test; - mbedtls_test_info.line_no = line_no; - mbedtls_test_info.filename = filename; -} - -const char *mbedtls_test_get_test(void) -{ - const char *test; - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - test = mbedtls_test_info.test; - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - return test; -} -const char *mbedtls_get_test_filename(void) -{ - const char *filename; - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - /* It should be ok just to pass back the pointer here, as it is going to - * be a pointer into non changing data. */ - filename = mbedtls_test_info.filename; - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - return filename; -} - -int mbedtls_test_get_line_no(void) -{ - int line_no; - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - line_no = mbedtls_test_info.line_no; - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - return line_no; -} - -void mbedtls_test_increment_step(void) -{ -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - ++mbedtls_test_info.step; - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ -} - -unsigned long mbedtls_test_get_step(void) -{ - unsigned long step; - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - step = mbedtls_test_info.step; - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - return step; -} - -static void mbedtls_test_reset_step_internal(void) -{ - /* Internal function only - mbedtls_test_info_mutex should be held prior - * to calling this function. */ - - mbedtls_test_info.step = (unsigned long) (-1); -} - -void mbedtls_test_set_step(unsigned long step) -{ -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - mbedtls_test_info.step = step; - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ -} - -void mbedtls_test_get_line1(char *line) -{ -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - memcpy(line, mbedtls_test_info.line1, MBEDTLS_TEST_LINE_LENGTH); - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ -} - -static void mbedtls_test_set_line1_internal(const char *line) -{ - /* Internal function only - mbedtls_test_info_mutex should be held prior - * to calling this function. */ - - if (line == NULL) { - memset(mbedtls_test_info.line1, 0, MBEDTLS_TEST_LINE_LENGTH); - } else { - memcpy(mbedtls_test_info.line1, line, MBEDTLS_TEST_LINE_LENGTH); - } -} - -void mbedtls_test_get_line2(char *line) -{ -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - memcpy(line, mbedtls_test_info.line2, MBEDTLS_TEST_LINE_LENGTH); - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ -} - -static void mbedtls_test_set_line2_internal(const char *line) -{ - /* Internal function only - mbedtls_test_info_mutex should be held prior - * to calling this function. */ - - if (line == NULL) { - memset(mbedtls_test_info.line2, 0, MBEDTLS_TEST_LINE_LENGTH); - } else { - memcpy(mbedtls_test_info.line2, line, MBEDTLS_TEST_LINE_LENGTH); - } -} - - -#if defined(MBEDTLS_TEST_MUTEX_USAGE) -const char *mbedtls_test_get_mutex_usage_error(void) -{ - const char *usage_error; - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - usage_error = mbedtls_test_info.mutex_usage_error; - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - return usage_error; -} - -void mbedtls_test_set_mutex_usage_error(const char *msg) -{ -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - if (mbedtls_test_info.mutex_usage_error == NULL || msg == NULL) { - mbedtls_test_info.mutex_usage_error = msg; - } - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ -} -#endif // #if defined(MBEDTLS_TEST_MUTEX_USAGE) - -#if defined(MBEDTLS_BIGNUM_C) - -unsigned mbedtls_test_get_case_uses_negative_0(void) -{ - unsigned test_case_uses_negative_0 = 0; -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - test_case_uses_negative_0 = mbedtls_test_info.case_uses_negative_0; - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - return test_case_uses_negative_0; -} - -static void mbedtls_test_set_case_uses_negative_0_internal(unsigned uses) -{ - /* Internal function only - mbedtls_test_info_mutex should be held prior - * to calling this function. */ - - mbedtls_test_info.case_uses_negative_0 = uses; -} - -void mbedtls_test_increment_case_uses_negative_0(void) -{ -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - ++mbedtls_test_info.case_uses_negative_0; - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ -} - -#endif /* MBEDTLS_BIGNUM_C */ - -#ifdef MBEDTLS_TEST_MUTEX_USAGE -mbedtls_threading_mutex_t *mbedtls_test_get_info_mutex(void) -{ - return &mbedtls_test_info_mutex; -} - -#endif /* MBEDTLS_TEST_MUTEX_USAGE */ - -/*----------------------------------------------------------------------------*/ -/* Helper Functions */ - -int mbedtls_test_platform_setup(void) -{ - int ret = 0; - -#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_PSA_CRYPTO_C) \ - && !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) \ - && defined(MBEDTLS_TEST_MEMORY_CAN_POISON) - mbedtls_poison_test_hooks_setup(); -#endif - -#if defined(MBEDTLS_PSA_INJECT_ENTROPY) - /* Make sure that injected entropy is present. Otherwise - * psa_crypto_init() will fail. This is not necessary for test suites - * that don't use PSA, but it's harmless (except for leaving a file - * behind). */ - ret = mbedtls_test_inject_entropy_restore(); - if (ret != 0) { - return ret; - } -#endif - -#if defined(MBEDTLS_PLATFORM_C) - ret = mbedtls_platform_setup(&platform_ctx); -#endif /* MBEDTLS_PLATFORM_C */ - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_init(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - return ret; -} - -void mbedtls_test_platform_teardown(void) -{ -#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_PSA_CRYPTO_C) \ - && !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) \ - && defined(MBEDTLS_TEST_MEMORY_CAN_POISON) - mbedtls_poison_test_hooks_teardown(); -#endif -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_free(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - -#if defined(MBEDTLS_PLATFORM_C) - mbedtls_platform_teardown(&platform_ctx); -#endif /* MBEDTLS_PLATFORM_C */ -} - -int mbedtls_test_ascii2uc(const char c, unsigned char *uc) -{ - if ((c >= '0') && (c <= '9')) { - *uc = c - '0'; - } else if ((c >= 'a') && (c <= 'f')) { - *uc = c - 'a' + 10; - } else if ((c >= 'A') && (c <= 'F')) { - *uc = c - 'A' + 10; - } else { - return -1; - } - - return 0; -} - -static void mbedtls_test_fail_internal(const char *test, int line_no, const char *filename) -{ - /* Internal function only - mbedtls_test_info_mutex should be held prior - * to calling this function. */ - - /* Don't use accessor, we already hold mutex. */ - if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) { - /* If we have already recorded the test as having failed then don't - * overwrite any previous information about the failure. */ - mbedtls_test_set_result_internal(MBEDTLS_TEST_RESULT_FAILED, test, line_no, filename); - } -} - -void mbedtls_test_fail(const char *test, int line_no, const char *filename) -{ -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - mbedtls_test_fail_internal(test, line_no, filename); - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ -} - -void mbedtls_test_skip(const char *test, int line_no, const char *filename) -{ -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - mbedtls_test_set_result_internal(MBEDTLS_TEST_RESULT_SKIPPED, test, line_no, filename); - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ -} - -void mbedtls_test_info_reset(void) -{ -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - mbedtls_test_set_result_internal(MBEDTLS_TEST_RESULT_SUCCESS, 0, 0, 0); - mbedtls_test_reset_step_internal(); - mbedtls_test_set_line1_internal(NULL); - mbedtls_test_set_line2_internal(NULL); - -#if defined(MBEDTLS_BIGNUM_C) - mbedtls_test_set_case_uses_negative_0_internal(0); -#endif - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ -} - -int mbedtls_test_equal(const char *test, int line_no, const char *filename, - unsigned long long value1, unsigned long long value2) -{ - TEST_CF_PUBLIC(&value1, sizeof(value1)); - TEST_CF_PUBLIC(&value2, sizeof(value2)); - - if (value1 == value2) { - return 1; - } - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - /* Don't use accessor, as we already hold mutex. */ - if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) { - /* If we've already recorded the test as having failed then don't - * overwrite any previous information about the failure. */ - - char buf[MBEDTLS_TEST_LINE_LENGTH]; - mbedtls_test_fail_internal(test, line_no, filename); - (void) mbedtls_snprintf(buf, sizeof(buf), - "lhs = 0x%016llx = %lld", - value1, (long long) value1); - mbedtls_test_set_line1_internal(buf); - (void) mbedtls_snprintf(buf, sizeof(buf), - "rhs = 0x%016llx = %lld", - value2, (long long) value2); - mbedtls_test_set_line2_internal(buf); - } - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - return 0; -} - -int mbedtls_test_le_u(const char *test, int line_no, const char *filename, - unsigned long long value1, unsigned long long value2) -{ - TEST_CF_PUBLIC(&value1, sizeof(value1)); - TEST_CF_PUBLIC(&value2, sizeof(value2)); - - if (value1 <= value2) { - return 1; - } - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - /* Don't use accessor, we already hold mutex. */ - if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) { - /* If we've already recorded the test as having failed then don't - * overwrite any previous information about the failure. */ - - char buf[MBEDTLS_TEST_LINE_LENGTH]; - mbedtls_test_fail_internal(test, line_no, filename); - (void) mbedtls_snprintf(buf, sizeof(buf), - "lhs = 0x%016llx = %llu", - value1, value1); - mbedtls_test_set_line1_internal(buf); - (void) mbedtls_snprintf(buf, sizeof(buf), - "rhs = 0x%016llx = %llu", - value2, value2); - mbedtls_test_set_line2_internal(buf); - } - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - return 0; -} - -int mbedtls_test_le_s(const char *test, int line_no, const char *filename, - long long value1, long long value2) -{ - TEST_CF_PUBLIC(&value1, sizeof(value1)); - TEST_CF_PUBLIC(&value2, sizeof(value2)); - - if (value1 <= value2) { - return 1; - } - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - /* Don't use accessor, we already hold mutex. */ - if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) { - /* If we've already recorded the test as having failed then don't - * overwrite any previous information about the failure. */ - - char buf[MBEDTLS_TEST_LINE_LENGTH]; - mbedtls_test_fail_internal(test, line_no, filename); - (void) mbedtls_snprintf(buf, sizeof(buf), - "lhs = 0x%016llx = %lld", - (unsigned long long) value1, value1); - mbedtls_test_set_line1_internal(buf); - (void) mbedtls_snprintf(buf, sizeof(buf), - "rhs = 0x%016llx = %lld", - (unsigned long long) value2, value2); - mbedtls_test_set_line2_internal(buf); - } - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - return 0; -} - -int mbedtls_test_unhexify(unsigned char *obuf, - size_t obufmax, - const char *ibuf, - size_t *len) -{ - unsigned char uc, uc2; - - *len = strlen(ibuf); - - /* Must be even number of bytes. */ - if ((*len) & 1) { - return -1; - } - *len /= 2; - - if ((*len) > obufmax) { - return -1; - } - - while (*ibuf != 0) { - if (mbedtls_test_ascii2uc(*(ibuf++), &uc) != 0) { - return -1; - } - - if (mbedtls_test_ascii2uc(*(ibuf++), &uc2) != 0) { - return -1; - } - - *(obuf++) = (uc << 4) | uc2; - } - - return 0; -} - -void mbedtls_test_hexify(unsigned char *obuf, - const unsigned char *ibuf, - int len) -{ - unsigned char l, h; - - while (len != 0) { - h = *ibuf / 16; - l = *ibuf % 16; - - if (h < 10) { - *obuf++ = '0' + h; - } else { - *obuf++ = 'a' + h - 10; - } - - if (l < 10) { - *obuf++ = '0' + l; - } else { - *obuf++ = 'a' + l - 10; - } - - ++ibuf; - len--; - } -} - -unsigned char *mbedtls_test_zero_alloc(size_t len) -{ - void *p; - size_t actual_len = (len != 0) ? len : 1; - - p = mbedtls_calloc(1, actual_len); - TEST_HELPER_ASSERT(p != NULL); - - memset(p, 0x00, actual_len); - - return p; -} - -unsigned char *mbedtls_test_unhexify_alloc(const char *ibuf, size_t *olen) -{ - unsigned char *obuf; - size_t len; - - *olen = strlen(ibuf) / 2; - - if (*olen == 0) { - return mbedtls_test_zero_alloc(*olen); - } - - obuf = mbedtls_calloc(1, *olen); - TEST_HELPER_ASSERT(obuf != NULL); - TEST_HELPER_ASSERT(mbedtls_test_unhexify(obuf, *olen, ibuf, &len) == 0); - - return obuf; -} - -int mbedtls_test_hexcmp(uint8_t *a, uint8_t *b, - uint32_t a_len, uint32_t b_len) -{ - int ret = 0; - uint32_t i = 0; - - if (a_len != b_len) { - return -1; - } - - for (i = 0; i < a_len; i++) { - if (a[i] != b[i]) { - ret = -1; - break; - } - } - return ret; -} - -#if defined(MBEDTLS_TEST_HOOKS) -void mbedtls_test_err_add_check(int high, int low, - const char *file, int line) -{ - /* Error codes are always negative (a value of zero is a success) however - * their positive opposites can be easier to understand. The following - * examples given in comments have been made positive for ease of - * understanding. The structure of an error code is such: - * - * shhhhhhhhlllllll - * - * s = sign bit. - * h = high level error code (includes high level module ID (bits 12..14) - * and module-dependent error code (bits 7..11)). - * l = low level error code. - */ - if (high > -0x1000 && high != 0) { - /* high < 0001000000000000 - * No high level module ID bits are set. - */ - mbedtls_test_fail("'high' is not a high-level error code", - line, file); - } else if (high < -0x7F80) { - /* high > 0111111110000000 - * Error code is greater than the largest allowed high level module ID. - */ - mbedtls_test_fail("'high' error code is greater than 15 bits", - line, file); - } else if ((high & 0x7F) != 0) { - /* high & 0000000001111111 - * Error code contains low level error code bits. - */ - mbedtls_test_fail("'high' contains a low-level error code", - line, file); - } else if (low < -0x007F) { - /* low > 0000000001111111 - * Error code contains high or module level error code bits. - */ - mbedtls_test_fail("'low' error code is greater than 7 bits", - line, file); - } else if (low > 0) { - mbedtls_test_fail("'low' error code is greater than zero", - line, file); - } -} -#endif /* MBEDTLS_TEST_HOOKS */ diff --git a/tests/src/psa_crypto_helpers.c b/tests/src/psa_crypto_helpers.c deleted file mode 100644 index e1ea2b5c8186..000000000000 --- a/tests/src/psa_crypto_helpers.c +++ /dev/null @@ -1,207 +0,0 @@ -/** \file psa_crypto_helpers.c - * - * \brief Helper functions to test PSA crypto functionality. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include -#include -#include -#include - -#if defined(MBEDTLS_PSA_CRYPTO_C) - -#include - -#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) - -#include - -static mbedtls_svc_key_id_t key_ids_used_in_test[9]; -static size_t num_key_ids_used; - -int mbedtls_test_uses_key_id(mbedtls_svc_key_id_t key_id) -{ - size_t i; - if (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key_id) > - PSA_MAX_PERSISTENT_KEY_IDENTIFIER) { - /* Don't touch key id values that designate non-key files. */ - return 1; - } - for (i = 0; i < num_key_ids_used; i++) { - if (mbedtls_svc_key_id_equal(key_id, key_ids_used_in_test[i])) { - return 1; - } - } - if (num_key_ids_used == ARRAY_LENGTH(key_ids_used_in_test)) { - return 0; - } - key_ids_used_in_test[num_key_ids_used] = key_id; - ++num_key_ids_used; - return 1; -} - -void mbedtls_test_psa_purge_key_storage(void) -{ - size_t i; - for (i = 0; i < num_key_ids_used; i++) { - psa_destroy_persistent_key(key_ids_used_in_test[i]); - } - num_key_ids_used = 0; -} - -void mbedtls_test_psa_purge_key_cache(void) -{ - size_t i; - for (i = 0; i < num_key_ids_used; i++) { - psa_purge_key(key_ids_used_in_test[i]); - } -} - -#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ - -const char *mbedtls_test_helper_is_psa_leaking(void) -{ - mbedtls_psa_stats_t stats; - - mbedtls_psa_get_stats(&stats); - -#if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C) && \ - !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) - /* When AES_C is not defined and PSA does not have an external RNG, - * then CTR_DRBG uses PSA to perform AES-ECB. In this scenario 1 key - * slot is used internally from PSA to hold the AES key and it should - * not be taken into account when evaluating remaining open slots. */ - if (stats.volatile_slots > 1) { - return "A volatile slot has not been closed properly."; - } -#else - if (stats.volatile_slots != 0) { - return "A volatile slot has not been closed properly."; - } -#endif - if (stats.persistent_slots != 0) { - return "A persistent slot has not been closed properly."; - } - if (stats.external_slots != 0) { - return "An external slot has not been closed properly."; - } - if (stats.half_filled_slots != 0) { - return "A half-filled slot has not been cleared properly."; - } - if (stats.locked_slots != 0) { - return "Some slots are still marked as locked."; - } - - return NULL; -} - -#if defined(RECORD_PSA_STATUS_COVERAGE_LOG) -/** Name of the file where return statuses are logged by #RECORD_STATUS. */ -#define STATUS_LOG_FILE_NAME "statuses.log" - -psa_status_t mbedtls_test_record_status(psa_status_t status, - const char *func, - const char *file, int line, - const char *expr) -{ - /* We open the log file on first use. - * We never close the log file, so the record_status feature is not - * compatible with resource leak detectors such as Asan. - */ - static FILE *log; - if (log == NULL) { - log = fopen(STATUS_LOG_FILE_NAME, "a"); - } - fprintf(log, "%d:%s:%s:%d:%s\n", (int) status, func, file, line, expr); - return status; -} -#endif /* defined(RECORD_PSA_STATUS_COVERAGE_LOG) */ - -psa_key_usage_t mbedtls_test_update_key_usage_flags(psa_key_usage_t usage_flags) -{ - psa_key_usage_t updated_usage = usage_flags; - - if (usage_flags & PSA_KEY_USAGE_SIGN_HASH) { - updated_usage |= PSA_KEY_USAGE_SIGN_MESSAGE; - } - - if (usage_flags & PSA_KEY_USAGE_VERIFY_HASH) { - updated_usage |= PSA_KEY_USAGE_VERIFY_MESSAGE; - } - - return updated_usage; -} - -int mbedtls_test_fail_if_psa_leaking(int line_no, const char *filename) -{ - const char *msg = mbedtls_test_helper_is_psa_leaking(); - if (msg == NULL) { - return 0; - } else { - mbedtls_test_fail(msg, line_no, filename); - return 1; - } -} - -uint64_t mbedtls_test_parse_binary_string(data_t *bin_string) -{ - uint64_t result = 0; - TEST_LE_U(bin_string->len, 8); - for (size_t i = 0; i < bin_string->len; i++) { - result = result << 8 | bin_string->x[i]; - } -exit: - return result; /* returns 0 if len > 8 */ -} - -#if defined(MBEDTLS_PSA_INJECT_ENTROPY) - -#include -#include - -int mbedtls_test_inject_entropy_seed_read(unsigned char *buf, size_t len) -{ - size_t actual_len = 0; - psa_status_t status = psa_its_get(PSA_CRYPTO_ITS_RANDOM_SEED_UID, - 0, len, buf, &actual_len); - if (status != 0) { - return MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR; - } - if (actual_len != len) { - return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; - } - return 0; -} - -int mbedtls_test_inject_entropy_seed_write(unsigned char *buf, size_t len) -{ - psa_status_t status = psa_its_set(PSA_CRYPTO_ITS_RANDOM_SEED_UID, - len, buf, 0); - if (status != 0) { - return MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR; - } - return 0; -} - -int mbedtls_test_inject_entropy_restore(void) -{ - unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE]; - for (size_t i = 0; i < sizeof(buf); i++) { - buf[i] = (unsigned char) i; - } - psa_status_t status = mbedtls_psa_inject_entropy(buf, sizeof(buf)); - /* It's ok if the file was just created, or if it already exists. */ - if (status != PSA_SUCCESS && status != PSA_ERROR_NOT_PERMITTED) { - return status; - } - return PSA_SUCCESS; -} - -#endif /* MBEDTLS_PSA_INJECT_ENTROPY */ - -#endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/tests/src/psa_crypto_stubs.c b/tests/src/psa_crypto_stubs.c deleted file mode 100644 index 81d7f4b32877..000000000000 --- a/tests/src/psa_crypto_stubs.c +++ /dev/null @@ -1,75 +0,0 @@ -/** \file psa_crypto_stubs.c - * - * \brief Stub functions when MBEDTLS_PSA_CRYPTO_CLIENT is enabled but - * MBEDTLS_PSA_CRYPTO_C is disabled. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include - -#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C) - -psa_status_t psa_generate_random(uint8_t *output, - size_t output_size) -{ - (void) output; - (void) output_size; - - return PSA_ERROR_COMMUNICATION_FAILURE; -} - -psa_status_t psa_export_key(mbedtls_svc_key_id_t key, - uint8_t *data, - size_t data_size, - size_t *data_length) -{ - (void) key; - (void) data; - (void) data_size; - (void) data_length; - return PSA_ERROR_COMMUNICATION_FAILURE; -} - -psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key, - uint8_t *data, - size_t data_size, - size_t *data_length) -{ - (void) key; - (void) data; - (void) data_size; - (void) data_length; - return PSA_ERROR_COMMUNICATION_FAILURE; -} - -psa_status_t psa_get_key_attributes(mbedtls_svc_key_id_t key, - psa_key_attributes_t *attributes) -{ - (void) key; - (void) attributes; - return PSA_ERROR_COMMUNICATION_FAILURE; -} - -psa_status_t psa_hash_abort(psa_hash_operation_t *operation) -{ - (void) operation; - return PSA_ERROR_COMMUNICATION_FAILURE; -} - -psa_status_t psa_import_key(const psa_key_attributes_t *attributes, - const uint8_t *data, - size_t data_length, - mbedtls_svc_key_id_t *key) -{ - (void) attributes; - (void) data; - (void) data_length; - (void) key; - return PSA_ERROR_COMMUNICATION_FAILURE; -} - -#endif /* MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C */ diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c deleted file mode 100644 index b2232764a765..000000000000 --- a/tests/src/psa_exercise_key.c +++ /dev/null @@ -1,1335 +0,0 @@ -/** Code to exercise a PSA key object, i.e. validate that it seems well-formed - * and can do what it is supposed to do. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include -#include -#include - -#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) - -#include -#include - -#include -#include -#include - -#if defined(MBEDTLS_PK_C) -#include -#endif -#if defined(MBEDTLS_ECP_C) -#include -#endif -#if defined(MBEDTLS_RSA_C) -#include -#endif - -#if defined(MBEDTLS_PSA_CRYPTO_SE_C) -static int lifetime_is_dynamic_secure_element(psa_key_lifetime_t lifetime) -{ - return PSA_KEY_LIFETIME_GET_LOCATION(lifetime) != - PSA_KEY_LOCATION_LOCAL_STORAGE; -} -#endif - -static int check_key_attributes_sanity(mbedtls_svc_key_id_t key, - int key_destroyable) -{ - int ok = 0; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_lifetime_t lifetime; - mbedtls_svc_key_id_t id; - psa_key_type_t type; - size_t bits; - psa_status_t status = psa_get_key_attributes(key, &attributes); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - psa_reset_key_attributes(&attributes); - return 1; - } - PSA_ASSERT(status); - lifetime = psa_get_key_lifetime(&attributes); - id = psa_get_key_id(&attributes); - type = psa_get_key_type(&attributes); - bits = psa_get_key_bits(&attributes); - - /* Persistence */ - if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)) { - TEST_ASSERT( - (PSA_KEY_ID_VOLATILE_MIN <= - MBEDTLS_SVC_KEY_ID_GET_KEY_ID(id)) && - (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(id) <= - PSA_KEY_ID_VOLATILE_MAX)); - } else { - TEST_ASSERT( - (PSA_KEY_ID_USER_MIN <= MBEDTLS_SVC_KEY_ID_GET_KEY_ID(id)) && - (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(id) <= PSA_KEY_ID_USER_MAX)); - } -#if defined(MBEDTLS_PSA_CRYPTO_SE_C) - /* MBEDTLS_PSA_CRYPTO_SE_C does not support thread safety. */ - if (key_destroyable == 0) { - /* randomly-generated 64-bit constant, should never appear in test data */ - psa_key_slot_number_t slot_number = 0xec94d4a5058a1a21; - status = psa_get_key_slot_number(&attributes, &slot_number); - if (lifetime_is_dynamic_secure_element(lifetime)) { - /* Mbed TLS currently always exposes the slot number to - * applications. This is not mandated by the PSA specification - * and may change in future versions. */ - TEST_EQUAL(status, 0); - TEST_ASSERT(slot_number != 0xec94d4a5058a1a21); - } else { - TEST_EQUAL(status, PSA_ERROR_INVALID_ARGUMENT); - } - } -#endif - - /* Type and size */ - TEST_ASSERT(type != 0); - TEST_ASSERT(bits != 0); - TEST_ASSERT(bits <= PSA_MAX_KEY_BITS); - if (PSA_KEY_TYPE_IS_UNSTRUCTURED(type)) { - TEST_ASSERT(bits % 8 == 0); - } - - /* MAX macros concerning specific key types */ - if (PSA_KEY_TYPE_IS_ECC(type)) { - TEST_ASSERT(bits <= PSA_VENDOR_ECC_MAX_CURVE_BITS); - } else if (PSA_KEY_TYPE_IS_RSA(type)) { - TEST_ASSERT(bits <= PSA_VENDOR_RSA_MAX_KEY_BITS); - } - TEST_ASSERT(PSA_BLOCK_CIPHER_BLOCK_LENGTH(type) <= PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE); - - ok = 1; - -exit: - /* - * Key attributes may have been returned by psa_get_key_attributes() - * thus reset them as required. - */ - psa_reset_key_attributes(&attributes); - - return ok; -} - -static int exercise_mac_key(mbedtls_svc_key_id_t key, - psa_key_usage_t usage, - psa_algorithm_t alg, - int key_destroyable) -{ - psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; - const unsigned char input[] = "foo"; - unsigned char mac[PSA_MAC_MAX_SIZE] = { 0 }; - size_t mac_length = sizeof(mac); - psa_status_t status = PSA_SUCCESS; - /* Convert wildcard algorithm to exercisable algorithm */ - if (alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) { - alg = PSA_ALG_TRUNCATED_MAC(alg, PSA_MAC_TRUNCATED_LENGTH(alg)); - } - - if (usage & PSA_KEY_USAGE_SIGN_HASH) { - status = psa_mac_sign_setup(&operation, key, alg); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - PSA_ASSERT(psa_mac_abort(&operation)); - return 1; - } - PSA_ASSERT(status); - PSA_ASSERT(psa_mac_update(&operation, - input, sizeof(input))); - PSA_ASSERT(psa_mac_sign_finish(&operation, - mac, sizeof(mac), - &mac_length)); - } - - if (usage & PSA_KEY_USAGE_VERIFY_HASH) { - psa_status_t verify_status = - (usage & PSA_KEY_USAGE_SIGN_HASH ? - PSA_SUCCESS : - PSA_ERROR_INVALID_SIGNATURE); - status = psa_mac_verify_setup(&operation, key, alg); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - PSA_ASSERT(psa_mac_abort(&operation)); - return 1; - } - PSA_ASSERT(status); - PSA_ASSERT(psa_mac_update(&operation, - input, sizeof(input))); - TEST_EQUAL(psa_mac_verify_finish(&operation, mac, mac_length), - verify_status); - } - - return 1; - -exit: - psa_mac_abort(&operation); - return 0; -} - -static int exercise_cipher_key(mbedtls_svc_key_id_t key, - psa_key_usage_t usage, - psa_algorithm_t alg, - int key_destroyable) -{ - psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; - unsigned char iv[PSA_CIPHER_IV_MAX_SIZE] = { 0 }; - size_t iv_length; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_type_t key_type; - const unsigned char plaintext[16] = "Hello, world..."; - unsigned char ciphertext[32] = "(wabblewebblewibblewobblewubble)"; - size_t ciphertext_length = sizeof(ciphertext); - unsigned char decrypted[sizeof(ciphertext)]; - size_t part_length; - psa_status_t status = PSA_SUCCESS; - - PSA_ASSERT(psa_get_key_attributes(key, &attributes)); - key_type = psa_get_key_type(&attributes); - iv_length = PSA_CIPHER_IV_LENGTH(key_type, alg); - - if (usage & PSA_KEY_USAGE_ENCRYPT) { - status = psa_cipher_encrypt_setup(&operation, key, alg); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - PSA_ASSERT(psa_cipher_abort(&operation)); - return 1; - } - PSA_ASSERT(status); - if (iv_length != 0) { - PSA_ASSERT(psa_cipher_generate_iv(&operation, - iv, sizeof(iv), - &iv_length)); - } - PSA_ASSERT(psa_cipher_update(&operation, - plaintext, sizeof(plaintext), - ciphertext, sizeof(ciphertext), - &ciphertext_length)); - PSA_ASSERT(psa_cipher_finish(&operation, - ciphertext + ciphertext_length, - sizeof(ciphertext) - ciphertext_length, - &part_length)); - ciphertext_length += part_length; - } - - if (usage & PSA_KEY_USAGE_DECRYPT) { - int maybe_invalid_padding = 0; - if (!(usage & PSA_KEY_USAGE_ENCRYPT)) { - maybe_invalid_padding = !PSA_ALG_IS_STREAM_CIPHER(alg); - } - status = psa_cipher_decrypt_setup(&operation, key, alg); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - PSA_ASSERT(psa_cipher_abort(&operation)); - return 1; - } - PSA_ASSERT(status); - if (iv_length != 0) { - PSA_ASSERT(psa_cipher_set_iv(&operation, - iv, iv_length)); - } - PSA_ASSERT(psa_cipher_update(&operation, - ciphertext, ciphertext_length, - decrypted, sizeof(decrypted), - &part_length)); - status = psa_cipher_finish(&operation, - decrypted + part_length, - sizeof(decrypted) - part_length, - &part_length); - /* For a stream cipher, all inputs are valid. For a block cipher, - * if the input is some arbitrary data rather than an actual - ciphertext, a padding error is likely. */ - if (maybe_invalid_padding) { - TEST_ASSERT(status == PSA_SUCCESS || - status == PSA_ERROR_INVALID_PADDING); - } else { - PSA_ASSERT(status); - } - } - - return 1; - -exit: - psa_cipher_abort(&operation); - psa_reset_key_attributes(&attributes); - return 0; -} - -static int exercise_aead_key(mbedtls_svc_key_id_t key, - psa_key_usage_t usage, - psa_algorithm_t alg, - int key_destroyable) -{ - unsigned char nonce[PSA_AEAD_NONCE_MAX_SIZE] = { 0 }; - size_t nonce_length; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_type_t key_type; - unsigned char plaintext[16] = "Hello, world..."; - unsigned char ciphertext[48] = "(wabblewebblewibblewobblewubble)"; - size_t ciphertext_length = sizeof(ciphertext); - size_t plaintext_length = sizeof(ciphertext); - psa_status_t status = PSA_SUCCESS; - - /* Convert wildcard algorithm to exercisable algorithm */ - if (alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) { - alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg, PSA_ALG_AEAD_GET_TAG_LENGTH(alg)); - } - - PSA_ASSERT(psa_get_key_attributes(key, &attributes)); - key_type = psa_get_key_type(&attributes); - nonce_length = PSA_AEAD_NONCE_LENGTH(key_type, alg); - - if (usage & PSA_KEY_USAGE_ENCRYPT) { - status = psa_aead_encrypt(key, alg, - nonce, nonce_length, - NULL, 0, - plaintext, sizeof(plaintext), - ciphertext, sizeof(ciphertext), - &ciphertext_length); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - return 1; - } - PSA_ASSERT(status); - } - - if (usage & PSA_KEY_USAGE_DECRYPT) { - psa_status_t verify_status = - (usage & PSA_KEY_USAGE_ENCRYPT ? - PSA_SUCCESS : - PSA_ERROR_INVALID_SIGNATURE); - status = psa_aead_decrypt(key, alg, - nonce, nonce_length, - NULL, 0, - ciphertext, ciphertext_length, - plaintext, sizeof(plaintext), - &plaintext_length); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - return 1; - } - TEST_ASSERT(status == verify_status); - } - - return 1; - -exit: - psa_reset_key_attributes(&attributes); - return 0; -} - -static int can_sign_or_verify_message(psa_key_usage_t usage, - psa_algorithm_t alg) -{ - /* Sign-the-unspecified-hash algorithms can only be used with - * {sign,verify}_hash, not with {sign,verify}_message. */ - if (alg == PSA_ALG_ECDSA_ANY || alg == PSA_ALG_RSA_PKCS1V15_SIGN_RAW) { - return 0; - } - return usage & (PSA_KEY_USAGE_SIGN_MESSAGE | - PSA_KEY_USAGE_VERIFY_MESSAGE); -} - -static int exercise_signature_key(mbedtls_svc_key_id_t key, - psa_key_usage_t usage, - psa_algorithm_t alg, - int key_destroyable) -{ - /* If the policy allows signing with any hash, just pick one. */ - psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg); - if (PSA_ALG_IS_SIGN_HASH(alg) && hash_alg == PSA_ALG_ANY_HASH && - usage & (PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | - PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE)) { -#if defined(KNOWN_SUPPORTED_HASH_ALG) - hash_alg = KNOWN_SUPPORTED_HASH_ALG; - alg ^= PSA_ALG_ANY_HASH ^ hash_alg; -#else - TEST_FAIL("No hash algorithm for hash-and-sign testing"); -#endif - } - psa_status_t status = PSA_SUCCESS; - - if (usage & (PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH) && - PSA_ALG_IS_SIGN_HASH(alg)) { - unsigned char payload[PSA_HASH_MAX_SIZE] = { 1 }; - size_t payload_length = 16; - unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = { 0 }; - size_t signature_length = sizeof(signature); - - /* Some algorithms require the payload to have the size of - * the hash encoded in the algorithm. Use this input size - * even for algorithms that allow other input sizes. */ - if (hash_alg != 0) { - payload_length = PSA_HASH_LENGTH(hash_alg); - } - - if (usage & PSA_KEY_USAGE_SIGN_HASH) { - status = psa_sign_hash(key, alg, - payload, payload_length, - signature, sizeof(signature), - &signature_length); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - return 1; - } - PSA_ASSERT(status); - } - - if (usage & PSA_KEY_USAGE_VERIFY_HASH) { - psa_status_t verify_status = - (usage & PSA_KEY_USAGE_SIGN_HASH ? - PSA_SUCCESS : - PSA_ERROR_INVALID_SIGNATURE); - status = psa_verify_hash(key, alg, - payload, payload_length, - signature, signature_length); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - return 1; - } - TEST_ASSERT(status == verify_status); - } - } - - if (can_sign_or_verify_message(usage, alg)) { - unsigned char message[256] = "Hello, world..."; - unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = { 0 }; - size_t message_length = 16; - size_t signature_length = sizeof(signature); - - if (usage & PSA_KEY_USAGE_SIGN_MESSAGE) { - status = psa_sign_message(key, alg, - message, message_length, - signature, sizeof(signature), - &signature_length); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - return 1; - } - PSA_ASSERT(status); - } - - if (usage & PSA_KEY_USAGE_VERIFY_MESSAGE) { - psa_status_t verify_status = - (usage & PSA_KEY_USAGE_SIGN_MESSAGE ? - PSA_SUCCESS : - PSA_ERROR_INVALID_SIGNATURE); - status = psa_verify_message(key, alg, - message, message_length, - signature, signature_length); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - return 1; - } - TEST_ASSERT(status == verify_status); - } - } - - return 1; - -exit: - return 0; -} - -static int exercise_asymmetric_encryption_key(mbedtls_svc_key_id_t key, - psa_key_usage_t usage, - psa_algorithm_t alg, - int key_destroyable) -{ - unsigned char plaintext[PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE] = - "Hello, world..."; - unsigned char ciphertext[PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE] = - "(wabblewebblewibblewobblewubble)"; - size_t ciphertext_length = sizeof(ciphertext); - size_t plaintext_length = 16; - psa_status_t status = PSA_SUCCESS; - if (usage & PSA_KEY_USAGE_ENCRYPT) { - status = psa_asymmetric_encrypt(key, alg, - plaintext, plaintext_length, - NULL, 0, - ciphertext, sizeof(ciphertext), - &ciphertext_length); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - return 1; - } - PSA_ASSERT(status); - } - - if (usage & PSA_KEY_USAGE_DECRYPT) { - status = psa_asymmetric_decrypt(key, alg, - ciphertext, ciphertext_length, - NULL, 0, - plaintext, sizeof(plaintext), - &plaintext_length); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - return 1; - } - TEST_ASSERT(status == PSA_SUCCESS || - ((usage & PSA_KEY_USAGE_ENCRYPT) == 0 && - (status == PSA_ERROR_INVALID_ARGUMENT || - status == PSA_ERROR_INVALID_PADDING))); - } - - return 1; - -exit: - return 0; -} - -int mbedtls_test_psa_setup_key_derivation_wrap( - psa_key_derivation_operation_t *operation, - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const unsigned char *input1, size_t input1_length, - const unsigned char *input2, size_t input2_length, - size_t capacity, int key_destroyable) -{ - PSA_ASSERT(psa_key_derivation_setup(operation, alg)); - psa_status_t status = PSA_SUCCESS; - if (PSA_ALG_IS_HKDF(alg)) { - PSA_ASSERT(psa_key_derivation_input_bytes(operation, - PSA_KEY_DERIVATION_INPUT_SALT, - input1, input1_length)); - status = psa_key_derivation_input_key(operation, - PSA_KEY_DERIVATION_INPUT_SECRET, - key); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - return 1; - } - PSA_ASSERT(status); - PSA_ASSERT(psa_key_derivation_input_bytes(operation, - PSA_KEY_DERIVATION_INPUT_INFO, - input2, - input2_length)); - } else if (PSA_ALG_IS_HKDF_EXTRACT(alg)) { - PSA_ASSERT(psa_key_derivation_input_bytes(operation, - PSA_KEY_DERIVATION_INPUT_SALT, - input1, input1_length)); - status = psa_key_derivation_input_key(operation, - PSA_KEY_DERIVATION_INPUT_SECRET, - key); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - return 1; - } - PSA_ASSERT(status); - } else if (PSA_ALG_IS_HKDF_EXPAND(alg)) { - status = psa_key_derivation_input_key(operation, - PSA_KEY_DERIVATION_INPUT_SECRET, - key); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - return 1; - } - PSA_ASSERT(status); - PSA_ASSERT(psa_key_derivation_input_bytes(operation, - PSA_KEY_DERIVATION_INPUT_INFO, - input2, - input2_length)); - } else if (PSA_ALG_IS_TLS12_PRF(alg) || - PSA_ALG_IS_TLS12_PSK_TO_MS(alg)) { - PSA_ASSERT(psa_key_derivation_input_bytes(operation, - PSA_KEY_DERIVATION_INPUT_SEED, - input1, input1_length)); - status = psa_key_derivation_input_key(operation, - PSA_KEY_DERIVATION_INPUT_SECRET, - key); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - return 1; - } - PSA_ASSERT(status); - PSA_ASSERT(psa_key_derivation_input_bytes(operation, - PSA_KEY_DERIVATION_INPUT_LABEL, - input2, input2_length)); - } else if (PSA_ALG_IS_PBKDF2(alg)) { - PSA_ASSERT(psa_key_derivation_input_integer(operation, - PSA_KEY_DERIVATION_INPUT_COST, - 1U)); - PSA_ASSERT(psa_key_derivation_input_bytes(operation, - PSA_KEY_DERIVATION_INPUT_SALT, - input2, - input2_length)); - status = psa_key_derivation_input_key(operation, - PSA_KEY_DERIVATION_INPUT_PASSWORD, - key); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - return 1; - } - PSA_ASSERT(status); - } else if (alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) { - PSA_ASSERT(psa_key_derivation_input_bytes(operation, - PSA_KEY_DERIVATION_INPUT_SECRET, - input1, input1_length)); - } else { - TEST_FAIL("Key derivation algorithm not supported"); - } - - if (capacity != SIZE_MAX) { - PSA_ASSERT(psa_key_derivation_set_capacity(operation, capacity)); - } - - return 1; - -exit: - return 0; -} - - -static int exercise_key_derivation_key(mbedtls_svc_key_id_t key, - psa_key_usage_t usage, - psa_algorithm_t alg, - int key_destroyable) -{ - psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; - unsigned char input1[] = "Input 1"; - size_t input1_length = sizeof(input1); - unsigned char input2[] = "Input 2"; - size_t input2_length = sizeof(input2); - unsigned char output[1]; - size_t capacity = sizeof(output); - - if (usage & PSA_KEY_USAGE_DERIVE) { - if (!mbedtls_test_psa_setup_key_derivation_wrap(&operation, key, alg, - input1, input1_length, - input2, input2_length, - capacity, key_destroyable)) { - goto exit; - } - - psa_status_t status = psa_key_derivation_output_bytes(&operation, - output, - capacity); - if (key_destroyable && status == PSA_ERROR_BAD_STATE) { - /* The key has been destroyed. */ - PSA_ASSERT(psa_key_derivation_abort(&operation)); - } else { - PSA_ASSERT(status); - PSA_ASSERT(psa_key_derivation_abort(&operation)); - } - } - - return 1; - -exit: - return 0; -} - -/* We need two keys to exercise key agreement. Exercise the - * private key against its own public key. */ -psa_status_t mbedtls_test_psa_key_agreement_with_self( - psa_key_derivation_operation_t *operation, - mbedtls_svc_key_id_t key, int key_destroyable) -{ - psa_key_type_t private_key_type; - psa_key_type_t public_key_type; - size_t key_bits; - uint8_t *public_key = NULL; - size_t public_key_length; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - - psa_status_t status = psa_get_key_attributes(key, &attributes); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - psa_reset_key_attributes(&attributes); - return PSA_SUCCESS; - } - PSA_ASSERT(status); - - private_key_type = psa_get_key_type(&attributes); - key_bits = psa_get_key_bits(&attributes); - public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(private_key_type); - public_key_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_key_type, key_bits); - TEST_CALLOC(public_key, public_key_length); - status = psa_export_public_key(key, public_key, public_key_length, - &public_key_length); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - status = PSA_SUCCESS; - goto exit; - } - PSA_ASSERT(status); - - status = psa_key_derivation_key_agreement( - operation, PSA_KEY_DERIVATION_INPUT_SECRET, key, - public_key, public_key_length); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - status = PSA_SUCCESS; - goto exit; - } -exit: - /* - * Key attributes may have been returned by psa_get_key_attributes() - * thus reset them as required. - */ - psa_reset_key_attributes(&attributes); - - mbedtls_free(public_key); - return status; -} - -/* We need two keys to exercise key agreement. Exercise the - * private key against its own public key. */ -psa_status_t mbedtls_test_psa_raw_key_agreement_with_self( - psa_algorithm_t alg, - mbedtls_svc_key_id_t key, - int key_destroyable) -{ - psa_key_type_t private_key_type; - psa_key_type_t public_key_type; - size_t key_bits; - uint8_t *public_key = NULL; - size_t public_key_length; - uint8_t output[1024]; - size_t output_length; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - - psa_status_t status = psa_get_key_attributes(key, &attributes); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - psa_reset_key_attributes(&attributes); - return PSA_SUCCESS; - } - PSA_ASSERT(status); - - private_key_type = psa_get_key_type(&attributes); - key_bits = psa_get_key_bits(&attributes); - public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(private_key_type); - public_key_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_key_type, key_bits); - TEST_CALLOC(public_key, public_key_length); - status = psa_export_public_key(key, - public_key, public_key_length, - &public_key_length); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - status = PSA_SUCCESS; - goto exit; - } - PSA_ASSERT(status); - - status = psa_raw_key_agreement(alg, key, - public_key, public_key_length, - output, sizeof(output), &output_length); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - status = PSA_SUCCESS; - goto exit; - } - if (status == PSA_SUCCESS) { - TEST_ASSERT(output_length <= - PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(private_key_type, - key_bits)); - TEST_ASSERT(output_length <= - PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE); - } - -exit: - /* - * Key attributes may have been returned by psa_get_key_attributes() - * thus reset them as required. - */ - psa_reset_key_attributes(&attributes); - - mbedtls_free(public_key); - return status; -} - -static int exercise_raw_key_agreement_key(mbedtls_svc_key_id_t key, - psa_key_usage_t usage, - psa_algorithm_t alg, - int key_destroyable) -{ - int ok = 0; - - if (usage & PSA_KEY_USAGE_DERIVE) { - /* We need two keys to exercise key agreement. Exercise the - * private key against its own public key. */ - PSA_ASSERT(mbedtls_test_psa_raw_key_agreement_with_self(alg, key, - key_destroyable)); - } - ok = 1; - -exit: - return ok; -} - -static int exercise_key_agreement_key(mbedtls_svc_key_id_t key, - psa_key_usage_t usage, - psa_algorithm_t alg, - int key_destroyable) -{ - psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; - unsigned char input[1] = { 0 }; - unsigned char output[1]; - int ok = 0; - psa_algorithm_t kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF(alg); - psa_status_t expected_key_agreement_status = PSA_SUCCESS; - - if (usage & PSA_KEY_USAGE_DERIVE) { - /* We need two keys to exercise key agreement. Exercise the - * private key against its own public key. */ - PSA_ASSERT(psa_key_derivation_setup(&operation, alg)); - if (PSA_ALG_IS_TLS12_PRF(kdf_alg) || - PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg)) { - PSA_ASSERT(psa_key_derivation_input_bytes( - &operation, PSA_KEY_DERIVATION_INPUT_SEED, - input, sizeof(input))); - } - - if (PSA_ALG_IS_HKDF_EXTRACT(kdf_alg)) { - PSA_ASSERT(psa_key_derivation_input_bytes( - &operation, PSA_KEY_DERIVATION_INPUT_SALT, - input, sizeof(input))); - } - - /* For HKDF_EXPAND input secret may fail as secret size may not match - to expected PRK size. In practice it means that key bits must match - hash length. Otherwise test should fail with INVALID_ARGUMENT. */ - if (PSA_ALG_IS_HKDF_EXPAND(kdf_alg)) { - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_status_t status = psa_get_key_attributes(key, &attributes); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - ok = 1; - } - PSA_ASSERT(status); - size_t key_bits = psa_get_key_bits(&attributes); - psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH(kdf_alg); - - if (PSA_BITS_TO_BYTES(key_bits) != PSA_HASH_LENGTH(hash_alg)) { - expected_key_agreement_status = PSA_ERROR_INVALID_ARGUMENT; - } - } - - TEST_EQUAL(mbedtls_test_psa_key_agreement_with_self(&operation, key, - key_destroyable), - expected_key_agreement_status); - - if (expected_key_agreement_status != PSA_SUCCESS) { - return 1; - } - - if (PSA_ALG_IS_TLS12_PRF(kdf_alg) || - PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg)) { - PSA_ASSERT(psa_key_derivation_input_bytes( - &operation, PSA_KEY_DERIVATION_INPUT_LABEL, - input, sizeof(input))); - } else if (PSA_ALG_IS_HKDF(kdf_alg) || PSA_ALG_IS_HKDF_EXPAND(kdf_alg)) { - PSA_ASSERT(psa_key_derivation_input_bytes( - &operation, PSA_KEY_DERIVATION_INPUT_INFO, - input, sizeof(input))); - } - PSA_ASSERT(psa_key_derivation_output_bytes(&operation, - output, - sizeof(output))); - PSA_ASSERT(psa_key_derivation_abort(&operation)); - } - ok = 1; - -exit: - return ok; -} - -int mbedtls_test_psa_exported_key_sanity_check( - psa_key_type_t type, size_t bits, - const uint8_t *exported, size_t exported_length) -{ - TEST_ASSERT(exported_length <= PSA_EXPORT_KEY_OUTPUT_SIZE(type, bits)); - - if (PSA_KEY_TYPE_IS_UNSTRUCTURED(type)) { - TEST_EQUAL(exported_length, PSA_BITS_TO_BYTES(bits)); - } else - -#if defined(MBEDTLS_ASN1_PARSE_C) - if (type == PSA_KEY_TYPE_RSA_KEY_PAIR) { - uint8_t *p = (uint8_t *) exported; - const uint8_t *end = exported + exported_length; - size_t len; - /* RSAPrivateKey ::= SEQUENCE { - * version INTEGER, -- must be 0 - * modulus INTEGER, -- n - * publicExponent INTEGER, -- e - * privateExponent INTEGER, -- d - * prime1 INTEGER, -- p - * prime2 INTEGER, -- q - * exponent1 INTEGER, -- d mod (p-1) - * exponent2 INTEGER, -- d mod (q-1) - * coefficient INTEGER, -- (inverse of q) mod p - * } - */ - TEST_EQUAL(mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_SEQUENCE | - MBEDTLS_ASN1_CONSTRUCTED), 0); - TEST_EQUAL(len, end - p); - if (!mbedtls_test_asn1_skip_integer(&p, end, 0, 0, 0)) { - goto exit; - } - if (!mbedtls_test_asn1_skip_integer(&p, end, bits, bits, 1)) { - goto exit; - } - if (!mbedtls_test_asn1_skip_integer(&p, end, 2, bits, 1)) { - goto exit; - } - /* Require d to be at least half the size of n. */ - if (!mbedtls_test_asn1_skip_integer(&p, end, bits / 2, bits, 1)) { - goto exit; - } - /* Require p and q to be at most half the size of n, rounded up. */ - if (!mbedtls_test_asn1_skip_integer(&p, end, bits / 2, bits / 2 + 1, 1)) { - goto exit; - } - if (!mbedtls_test_asn1_skip_integer(&p, end, bits / 2, bits / 2 + 1, 1)) { - goto exit; - } - if (!mbedtls_test_asn1_skip_integer(&p, end, 1, bits / 2 + 1, 0)) { - goto exit; - } - if (!mbedtls_test_asn1_skip_integer(&p, end, 1, bits / 2 + 1, 0)) { - goto exit; - } - if (!mbedtls_test_asn1_skip_integer(&p, end, 1, bits / 2 + 1, 0)) { - goto exit; - } - TEST_EQUAL(p - end, 0); - - TEST_ASSERT(exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE); - } else -#endif /* MBEDTLS_ASN1_PARSE_C */ - - if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) { - /* Just the secret value */ - TEST_EQUAL(exported_length, PSA_BITS_TO_BYTES(bits)); - - TEST_ASSERT(exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE); - } else - -#if defined(MBEDTLS_ASN1_PARSE_C) - if (type == PSA_KEY_TYPE_RSA_PUBLIC_KEY) { - uint8_t *p = (uint8_t *) exported; - const uint8_t *end = exported + exported_length; - size_t len; - /* RSAPublicKey ::= SEQUENCE { - * modulus INTEGER, -- n - * publicExponent INTEGER } -- e - */ - TEST_EQUAL(mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_SEQUENCE | - MBEDTLS_ASN1_CONSTRUCTED), - 0); - TEST_EQUAL(len, end - p); - if (!mbedtls_test_asn1_skip_integer(&p, end, bits, bits, 1)) { - goto exit; - } - if (!mbedtls_test_asn1_skip_integer(&p, end, 2, bits, 1)) { - goto exit; - } - TEST_EQUAL(p - end, 0); - - - TEST_ASSERT(exported_length <= - PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(type, bits)); - TEST_ASSERT(exported_length <= - PSA_EXPORT_PUBLIC_KEY_MAX_SIZE); - } else -#endif /* MBEDTLS_ASN1_PARSE_C */ - - if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type)) { - - TEST_ASSERT(exported_length <= - PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(type, bits)); - TEST_ASSERT(exported_length <= - PSA_EXPORT_PUBLIC_KEY_MAX_SIZE); - - if (PSA_KEY_TYPE_ECC_GET_FAMILY(type) == PSA_ECC_FAMILY_MONTGOMERY) { - /* The representation of an ECC Montgomery public key is - * the raw compressed point */ - TEST_EQUAL(PSA_BITS_TO_BYTES(bits), exported_length); - } else if (PSA_KEY_TYPE_ECC_GET_FAMILY(type) == PSA_ECC_FAMILY_TWISTED_EDWARDS) { - /* The representation of an ECC Edwards public key is - * the raw compressed point */ - TEST_EQUAL(PSA_BITS_TO_BYTES(bits + 1), exported_length); - } else { - /* The representation of an ECC Weierstrass public key is: - * - The byte 0x04; - * - `x_P` as a `ceiling(m/8)`-byte string, big-endian; - * - `y_P` as a `ceiling(m/8)`-byte string, big-endian; - * - where m is the bit size associated with the curve. - */ - TEST_EQUAL(1 + 2 * PSA_BITS_TO_BYTES(bits), exported_length); - TEST_EQUAL(exported[0], 4); - } - } else - if (PSA_KEY_TYPE_IS_DH_PUBLIC_KEY(type) || PSA_KEY_TYPE_IS_DH_KEY_PAIR(type)) { - TEST_ASSERT(exported_length == - PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(type, bits)); - TEST_ASSERT(exported_length <= - PSA_EXPORT_PUBLIC_KEY_MAX_SIZE); - } else { - (void) exported; - TEST_FAIL("Sanity check not implemented for this key type"); - } - -#if defined(MBEDTLS_DES_C) - if (type == PSA_KEY_TYPE_DES) { - /* Check the parity bits. */ - unsigned i; - for (i = 0; i < bits / 8; i++) { - unsigned bit_count = 0; - unsigned m; - for (m = 1; m <= 0x100; m <<= 1) { - if (exported[i] & m) { - ++bit_count; - } - } - TEST_ASSERT(bit_count % 2 != 0); - } - } -#endif - - return 1; - -exit: - return 0; -} - -static int exercise_export_key(mbedtls_svc_key_id_t key, - psa_key_usage_t usage, - int key_destroyable) -{ - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - uint8_t *exported = NULL; - size_t exported_size = 0; - size_t exported_length = 0; - int ok = 0; - - psa_status_t status = psa_get_key_attributes(key, &attributes); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - psa_reset_key_attributes(&attributes); - return 1; - } - PSA_ASSERT(status); - - exported_size = PSA_EXPORT_KEY_OUTPUT_SIZE( - psa_get_key_type(&attributes), - psa_get_key_bits(&attributes)); - TEST_CALLOC(exported, exported_size); - - status = psa_export_key(key, exported, exported_size, &exported_length); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - ok = 1; - goto exit; - } else if ((usage & PSA_KEY_USAGE_EXPORT) == 0 && - !PSA_KEY_TYPE_IS_PUBLIC_KEY(psa_get_key_type(&attributes))) { - TEST_EQUAL(status, PSA_ERROR_NOT_PERMITTED); - ok = 1; - goto exit; - } - PSA_ASSERT(status); - ok = mbedtls_test_psa_exported_key_sanity_check( - psa_get_key_type(&attributes), psa_get_key_bits(&attributes), - exported, exported_length); - -exit: - /* - * Key attributes may have been returned by psa_get_key_attributes() - * thus reset them as required. - */ - psa_reset_key_attributes(&attributes); - - mbedtls_free(exported); - return ok; -} - -static int exercise_export_public_key(mbedtls_svc_key_id_t key, - int key_destroyable) -{ - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_type_t public_type; - uint8_t *exported = NULL; - size_t exported_size = 0; - size_t exported_length = 0; - int ok = 0; - - psa_status_t status = psa_get_key_attributes(key, &attributes); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - psa_reset_key_attributes(&attributes); - return 1; - } - PSA_ASSERT(status); - if (!PSA_KEY_TYPE_IS_ASYMMETRIC(psa_get_key_type(&attributes))) { - exported_size = PSA_EXPORT_KEY_OUTPUT_SIZE( - psa_get_key_type(&attributes), - psa_get_key_bits(&attributes)); - TEST_CALLOC(exported, exported_size); - - status = psa_export_public_key(key, exported, - exported_size, &exported_length); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - ok = 1; - goto exit; - } - TEST_EQUAL(status, PSA_ERROR_INVALID_ARGUMENT); - ok = 1; - goto exit; - } - - public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( - psa_get_key_type(&attributes)); - exported_size = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_type, - psa_get_key_bits(&attributes)); - TEST_CALLOC(exported, exported_size); - - status = psa_export_public_key(key, exported, - exported_size, &exported_length); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - ok = 1; - goto exit; - } - PSA_ASSERT(status); - ok = mbedtls_test_psa_exported_key_sanity_check( - public_type, psa_get_key_bits(&attributes), - exported, exported_length); - -exit: - /* - * Key attributes may have been returned by psa_get_key_attributes() - * thus reset them as required. - */ - psa_reset_key_attributes(&attributes); - - mbedtls_free(exported); - return ok; -} - -int mbedtls_test_psa_exercise_key(mbedtls_svc_key_id_t key, - psa_key_usage_t usage, - psa_algorithm_t alg, - int key_destroyable) -{ - int ok = 0; - - if (!check_key_attributes_sanity(key, key_destroyable)) { - return 0; - } - - if (alg == 0) { - ok = 1; /* If no algorithm, do nothing (used for raw data "keys"). */ - } else if (PSA_ALG_IS_MAC(alg)) { - ok = exercise_mac_key(key, usage, alg, key_destroyable); - } else if (PSA_ALG_IS_CIPHER(alg)) { - ok = exercise_cipher_key(key, usage, alg, key_destroyable); - } else if (PSA_ALG_IS_AEAD(alg)) { - ok = exercise_aead_key(key, usage, alg, key_destroyable); - } else if (PSA_ALG_IS_SIGN(alg)) { - ok = exercise_signature_key(key, usage, alg, key_destroyable); - } else if (PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg)) { - ok = exercise_asymmetric_encryption_key(key, usage, alg, - key_destroyable); - } else if (PSA_ALG_IS_KEY_DERIVATION(alg)) { - ok = exercise_key_derivation_key(key, usage, alg, key_destroyable); - } else if (PSA_ALG_IS_RAW_KEY_AGREEMENT(alg)) { - ok = exercise_raw_key_agreement_key(key, usage, alg, key_destroyable); - } else if (PSA_ALG_IS_KEY_AGREEMENT(alg)) { - ok = exercise_key_agreement_key(key, usage, alg, key_destroyable); - } else { - TEST_FAIL("No code to exercise this category of algorithm"); - } - - ok = ok && exercise_export_key(key, - usage, - key_destroyable); - ok = ok && exercise_export_public_key(key, - key_destroyable); - -exit: - return ok; -} - -psa_key_usage_t mbedtls_test_psa_usage_to_exercise(psa_key_type_t type, - psa_algorithm_t alg) -{ - if (PSA_ALG_IS_MAC(alg) || PSA_ALG_IS_SIGN(alg)) { - if (PSA_ALG_IS_SIGN_HASH(alg)) { - if (PSA_ALG_SIGN_GET_HASH(alg)) { - return PSA_KEY_TYPE_IS_PUBLIC_KEY(type) ? - PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE : - PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | - PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE; - } - } else if (PSA_ALG_IS_SIGN_MESSAGE(alg)) { - return PSA_KEY_TYPE_IS_PUBLIC_KEY(type) ? - PSA_KEY_USAGE_VERIFY_MESSAGE : - PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE; - } - - return PSA_KEY_TYPE_IS_PUBLIC_KEY(type) ? - PSA_KEY_USAGE_VERIFY_HASH : - PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH; - } else if (PSA_ALG_IS_CIPHER(alg) || PSA_ALG_IS_AEAD(alg) || - PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg)) { - return PSA_KEY_TYPE_IS_PUBLIC_KEY(type) ? - PSA_KEY_USAGE_ENCRYPT : - PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT; - } else if (PSA_ALG_IS_KEY_DERIVATION(alg) || - PSA_ALG_IS_KEY_AGREEMENT(alg)) { - return PSA_KEY_USAGE_DERIVE; - } else { - return 0; - } - -} - -int mbedtls_test_can_exercise_psa_algorithm(psa_algorithm_t alg) -{ - /* Reject algorithms that we know are not supported. Default to - * attempting exercise, so that if an algorithm is missing from this - * function, the result will be a test failure and not silently - * omitting exercise. */ -#if !defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT) - if (alg == PSA_ALG_RSA_PKCS1V15_CRYPT) { - return 0; - } -#endif -#if !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) - if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg)) { - return 0; - } -#endif -#if !defined(PSA_WANT_ALG_RSA_PSS) - if (PSA_ALG_IS_RSA_PSS_STANDARD_SALT(alg)) { - return 0; - } -#endif -#if !defined(PSA_WANT_ALG_RSA_PSS_ANY_SALT) - if (PSA_ALG_IS_RSA_PSS_ANY_SALT(alg)) { - return 0; - } -#endif -#if !defined(PSA_WANT_ALG_ECDSA) - if (PSA_ALG_IS_ECDSA(alg)) { - return 0; - } -#endif -#if !defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) - if (PSA_ALG_IS_DETERMINISTIC_ECDSA(alg)) { - return 0; - } -#endif -#if !defined(PSA_WANT_ALG_ECDH) - if (PSA_ALG_IS_ECDH(alg)) { - return 0; - } -#endif - (void) alg; - return 1; -} - -#if defined(MBEDTLS_PK_C) -int mbedtls_test_key_consistency_psa_pk(mbedtls_svc_key_id_t psa_key, - const mbedtls_pk_context *pk) -{ - psa_key_attributes_t psa_attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_attributes_t pk_attributes = PSA_KEY_ATTRIBUTES_INIT; - int ok = 0; - - PSA_ASSERT(psa_get_key_attributes(psa_key, &psa_attributes)); - psa_key_type_t psa_type = psa_get_key_type(&psa_attributes); - mbedtls_pk_type_t pk_type = mbedtls_pk_get_type(pk); - - TEST_ASSERT(PSA_KEY_TYPE_IS_PUBLIC_KEY(psa_type) || - PSA_KEY_TYPE_IS_KEY_PAIR(psa_type)); - TEST_EQUAL(psa_get_key_bits(&psa_attributes), mbedtls_pk_get_bitlen(pk)); - - uint8_t pk_public_buffer[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; - const uint8_t *pk_public = NULL; - size_t pk_public_length = 0; - - switch (pk_type) { -#if defined(MBEDTLS_RSA_C) - case MBEDTLS_PK_RSA: - TEST_ASSERT(PSA_KEY_TYPE_IS_RSA(psa_type)); - const mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*pk); - uint8_t *const end = pk_public_buffer + sizeof(pk_public_buffer); - uint8_t *cursor = end; - TEST_LE_U(1, mbedtls_rsa_write_pubkey(rsa, - pk_public_buffer, &cursor)); - pk_public = cursor; - pk_public_length = end - pk_public; - break; -#endif - -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - case MBEDTLS_PK_ECKEY: - case MBEDTLS_PK_ECKEY_DH: - case MBEDTLS_PK_ECDSA: - TEST_ASSERT(PSA_KEY_TYPE_IS_ECC(psa_type)); - TEST_EQUAL(PSA_KEY_TYPE_ECC_GET_FAMILY(psa_type), pk->ec_family); - pk_public = pk->pub_raw; - pk_public_length = pk->pub_raw_len; - break; -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ - -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && !defined(MBEDTLS_PK_USE_PSA_EC_DATA) - case MBEDTLS_PK_ECKEY: - case MBEDTLS_PK_ECKEY_DH: - case MBEDTLS_PK_ECDSA: - TEST_ASSERT(PSA_KEY_TYPE_IS_ECC(psa_get_key_type(&psa_attributes))); - const mbedtls_ecp_keypair *ec = mbedtls_pk_ec_ro(*pk); - TEST_EQUAL(mbedtls_ecp_write_public_key( - ec, MBEDTLS_ECP_PF_UNCOMPRESSED, &pk_public_length, - pk_public_buffer, sizeof(pk_public_buffer)), 0); - pk_public = pk_public_buffer; - break; -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS && !MBEDTLS_PK_USE_PSA_EC_DATA */ - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - case MBEDTLS_PK_OPAQUE: - PSA_ASSERT(psa_get_key_attributes(pk->priv_id, &pk_attributes)); - psa_key_type_t pk_psa_type = psa_get_key_type(&pk_attributes); - TEST_EQUAL(PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(psa_type), - PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(pk_psa_type)); - PSA_ASSERT(psa_export_public_key(psa_key, - pk_public_buffer, - sizeof(pk_public_buffer), - &pk_public_length)); - pk_public = pk_public_buffer; - break; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - default: - TEST_FAIL("pk type not supported"); - } - - uint8_t psa_public[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; - size_t psa_public_length = 0; - PSA_ASSERT(psa_export_public_key(psa_key, - psa_public, sizeof(psa_public), - &psa_public_length)); - TEST_MEMORY_COMPARE(pk_public, pk_public_length, - psa_public, psa_public_length); - - ok = 1; - -exit: - psa_reset_key_attributes(&psa_attributes); - psa_reset_key_attributes(&pk_attributes); - return ok; -} -#endif /* MBEDTLS_PK_C */ - -#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ diff --git a/tests/src/psa_memory_poisoning_wrappers.c b/tests/src/psa_memory_poisoning_wrappers.c deleted file mode 100644 index 05cba18ee754..000000000000 --- a/tests/src/psa_memory_poisoning_wrappers.c +++ /dev/null @@ -1,31 +0,0 @@ -/** Helper functions for memory poisoning in tests. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#include "test/memory.h" - -#include "psa_crypto_invasive.h" - -#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_PSA_CRYPTO_C) \ - && defined(MBEDTLS_TEST_MEMORY_CAN_POISON) - -void mbedtls_poison_test_hooks_setup(void) -{ - psa_input_pre_copy_hook = mbedtls_test_memory_unpoison; - psa_input_post_copy_hook = mbedtls_test_memory_poison; - psa_output_pre_copy_hook = mbedtls_test_memory_unpoison; - psa_output_post_copy_hook = mbedtls_test_memory_poison; -} - -void mbedtls_poison_test_hooks_teardown(void) -{ - psa_input_pre_copy_hook = NULL; - psa_input_post_copy_hook = NULL; - psa_output_pre_copy_hook = NULL; - psa_output_post_copy_hook = NULL; -} - -#endif /* MBEDTLS_TEST_HOOKS && MBEDTLS_PSA_CRYPTO_C && - MBEDTLS_TEST_MEMORY_CAN_POISON */ diff --git a/tests/src/psa_test_wrappers.c b/tests/src/psa_test_wrappers.c deleted file mode 100644 index 24e05c8c6a5c..000000000000 --- a/tests/src/psa_test_wrappers.c +++ /dev/null @@ -1,1353 +0,0 @@ -/* Automatically generated by generate_psa_wrappers.py, do not edit! */ - -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include - -#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_TEST_HOOKS) && \ - !defined(RECORD_PSA_STATUS_COVERAGE_LOG) - -#include - -#include -#include -#include - -/* Wrapper for mbedtls_psa_inject_entropy */ -#if defined(MBEDTLS_PSA_INJECT_ENTROPY) -psa_status_t mbedtls_test_wrap_mbedtls_psa_inject_entropy( - const uint8_t *arg0_seed, - size_t arg1_seed_size) -{ - psa_status_t status = (mbedtls_psa_inject_entropy)(arg0_seed, arg1_seed_size); - return status; -} -#endif /* defined(MBEDTLS_PSA_INJECT_ENTROPY) */ - -/* Wrapper for mbedtls_psa_platform_get_builtin_key */ -#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS) -psa_status_t mbedtls_test_wrap_mbedtls_psa_platform_get_builtin_key( - mbedtls_svc_key_id_t arg0_key_id, - psa_key_lifetime_t *arg1_lifetime, - psa_drv_slot_number_t *arg2_slot_number) -{ - psa_status_t status = (mbedtls_psa_platform_get_builtin_key)(arg0_key_id, arg1_lifetime, arg2_slot_number); - return status; -} -#endif /* defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS) */ - -/* Wrapper for mbedtls_psa_register_se_key */ -#if defined(MBEDTLS_PSA_CRYPTO_SE_C) -psa_status_t mbedtls_test_wrap_mbedtls_psa_register_se_key( - const psa_key_attributes_t *arg0_attributes) -{ - psa_status_t status = (mbedtls_psa_register_se_key)(arg0_attributes); - return status; -} -#endif /* defined(MBEDTLS_PSA_CRYPTO_SE_C) */ - -/* Wrapper for psa_aead_abort */ -psa_status_t mbedtls_test_wrap_psa_aead_abort( - psa_aead_operation_t *arg0_operation) -{ - psa_status_t status = (psa_aead_abort)(arg0_operation); - return status; -} - -/* Wrapper for psa_aead_decrypt */ -psa_status_t mbedtls_test_wrap_psa_aead_decrypt( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_nonce, - size_t arg3_nonce_length, - const uint8_t *arg4_additional_data, - size_t arg5_additional_data_length, - const uint8_t *arg6_ciphertext, - size_t arg7_ciphertext_length, - uint8_t *arg8_plaintext, - size_t arg9_plaintext_size, - size_t *arg10_plaintext_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg2_nonce, arg3_nonce_length); - MBEDTLS_TEST_MEMORY_POISON(arg4_additional_data, arg5_additional_data_length); - MBEDTLS_TEST_MEMORY_POISON(arg6_ciphertext, arg7_ciphertext_length); - MBEDTLS_TEST_MEMORY_POISON(arg8_plaintext, arg9_plaintext_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_aead_decrypt)(arg0_key, arg1_alg, arg2_nonce, arg3_nonce_length, arg4_additional_data, arg5_additional_data_length, arg6_ciphertext, arg7_ciphertext_length, arg8_plaintext, arg9_plaintext_size, arg10_plaintext_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg2_nonce, arg3_nonce_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg4_additional_data, arg5_additional_data_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg6_ciphertext, arg7_ciphertext_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg8_plaintext, arg9_plaintext_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_aead_decrypt_setup */ -psa_status_t mbedtls_test_wrap_psa_aead_decrypt_setup( - psa_aead_operation_t *arg0_operation, - mbedtls_svc_key_id_t arg1_key, - psa_algorithm_t arg2_alg) -{ - psa_status_t status = (psa_aead_decrypt_setup)(arg0_operation, arg1_key, arg2_alg); - return status; -} - -/* Wrapper for psa_aead_encrypt */ -psa_status_t mbedtls_test_wrap_psa_aead_encrypt( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_nonce, - size_t arg3_nonce_length, - const uint8_t *arg4_additional_data, - size_t arg5_additional_data_length, - const uint8_t *arg6_plaintext, - size_t arg7_plaintext_length, - uint8_t *arg8_ciphertext, - size_t arg9_ciphertext_size, - size_t *arg10_ciphertext_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg2_nonce, arg3_nonce_length); - MBEDTLS_TEST_MEMORY_POISON(arg4_additional_data, arg5_additional_data_length); - MBEDTLS_TEST_MEMORY_POISON(arg6_plaintext, arg7_plaintext_length); - MBEDTLS_TEST_MEMORY_POISON(arg8_ciphertext, arg9_ciphertext_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_aead_encrypt)(arg0_key, arg1_alg, arg2_nonce, arg3_nonce_length, arg4_additional_data, arg5_additional_data_length, arg6_plaintext, arg7_plaintext_length, arg8_ciphertext, arg9_ciphertext_size, arg10_ciphertext_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg2_nonce, arg3_nonce_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg4_additional_data, arg5_additional_data_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg6_plaintext, arg7_plaintext_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg8_ciphertext, arg9_ciphertext_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_aead_encrypt_setup */ -psa_status_t mbedtls_test_wrap_psa_aead_encrypt_setup( - psa_aead_operation_t *arg0_operation, - mbedtls_svc_key_id_t arg1_key, - psa_algorithm_t arg2_alg) -{ - psa_status_t status = (psa_aead_encrypt_setup)(arg0_operation, arg1_key, arg2_alg); - return status; -} - -/* Wrapper for psa_aead_finish */ -psa_status_t mbedtls_test_wrap_psa_aead_finish( - psa_aead_operation_t *arg0_operation, - uint8_t *arg1_ciphertext, - size_t arg2_ciphertext_size, - size_t *arg3_ciphertext_length, - uint8_t *arg4_tag, - size_t arg5_tag_size, - size_t *arg6_tag_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_ciphertext, arg2_ciphertext_size); - MBEDTLS_TEST_MEMORY_POISON(arg4_tag, arg5_tag_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_aead_finish)(arg0_operation, arg1_ciphertext, arg2_ciphertext_size, arg3_ciphertext_length, arg4_tag, arg5_tag_size, arg6_tag_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_ciphertext, arg2_ciphertext_size); - MBEDTLS_TEST_MEMORY_UNPOISON(arg4_tag, arg5_tag_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_aead_generate_nonce */ -psa_status_t mbedtls_test_wrap_psa_aead_generate_nonce( - psa_aead_operation_t *arg0_operation, - uint8_t *arg1_nonce, - size_t arg2_nonce_size, - size_t *arg3_nonce_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_nonce, arg2_nonce_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_aead_generate_nonce)(arg0_operation, arg1_nonce, arg2_nonce_size, arg3_nonce_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_nonce, arg2_nonce_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_aead_set_lengths */ -psa_status_t mbedtls_test_wrap_psa_aead_set_lengths( - psa_aead_operation_t *arg0_operation, - size_t arg1_ad_length, - size_t arg2_plaintext_length) -{ - psa_status_t status = (psa_aead_set_lengths)(arg0_operation, arg1_ad_length, arg2_plaintext_length); - return status; -} - -/* Wrapper for psa_aead_set_nonce */ -psa_status_t mbedtls_test_wrap_psa_aead_set_nonce( - psa_aead_operation_t *arg0_operation, - const uint8_t *arg1_nonce, - size_t arg2_nonce_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_nonce, arg2_nonce_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_aead_set_nonce)(arg0_operation, arg1_nonce, arg2_nonce_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_nonce, arg2_nonce_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_aead_update */ -psa_status_t mbedtls_test_wrap_psa_aead_update( - psa_aead_operation_t *arg0_operation, - const uint8_t *arg1_input, - size_t arg2_input_length, - uint8_t *arg3_output, - size_t arg4_output_size, - size_t *arg5_output_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_input, arg2_input_length); - MBEDTLS_TEST_MEMORY_POISON(arg3_output, arg4_output_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_aead_update)(arg0_operation, arg1_input, arg2_input_length, arg3_output, arg4_output_size, arg5_output_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_input, arg2_input_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg3_output, arg4_output_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_aead_update_ad */ -psa_status_t mbedtls_test_wrap_psa_aead_update_ad( - psa_aead_operation_t *arg0_operation, - const uint8_t *arg1_input, - size_t arg2_input_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_input, arg2_input_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_aead_update_ad)(arg0_operation, arg1_input, arg2_input_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_input, arg2_input_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_aead_verify */ -psa_status_t mbedtls_test_wrap_psa_aead_verify( - psa_aead_operation_t *arg0_operation, - uint8_t *arg1_plaintext, - size_t arg2_plaintext_size, - size_t *arg3_plaintext_length, - const uint8_t *arg4_tag, - size_t arg5_tag_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_plaintext, arg2_plaintext_size); - MBEDTLS_TEST_MEMORY_POISON(arg4_tag, arg5_tag_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_aead_verify)(arg0_operation, arg1_plaintext, arg2_plaintext_size, arg3_plaintext_length, arg4_tag, arg5_tag_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_plaintext, arg2_plaintext_size); - MBEDTLS_TEST_MEMORY_UNPOISON(arg4_tag, arg5_tag_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_asymmetric_decrypt */ -psa_status_t mbedtls_test_wrap_psa_asymmetric_decrypt( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_input, - size_t arg3_input_length, - const uint8_t *arg4_salt, - size_t arg5_salt_length, - uint8_t *arg6_output, - size_t arg7_output_size, - size_t *arg8_output_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg2_input, arg3_input_length); - MBEDTLS_TEST_MEMORY_POISON(arg4_salt, arg5_salt_length); - MBEDTLS_TEST_MEMORY_POISON(arg6_output, arg7_output_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_asymmetric_decrypt)(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_salt, arg5_salt_length, arg6_output, arg7_output_size, arg8_output_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg2_input, arg3_input_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg4_salt, arg5_salt_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg6_output, arg7_output_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_asymmetric_encrypt */ -psa_status_t mbedtls_test_wrap_psa_asymmetric_encrypt( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_input, - size_t arg3_input_length, - const uint8_t *arg4_salt, - size_t arg5_salt_length, - uint8_t *arg6_output, - size_t arg7_output_size, - size_t *arg8_output_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg2_input, arg3_input_length); - MBEDTLS_TEST_MEMORY_POISON(arg4_salt, arg5_salt_length); - MBEDTLS_TEST_MEMORY_POISON(arg6_output, arg7_output_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_asymmetric_encrypt)(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_salt, arg5_salt_length, arg6_output, arg7_output_size, arg8_output_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg2_input, arg3_input_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg4_salt, arg5_salt_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg6_output, arg7_output_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_cipher_abort */ -psa_status_t mbedtls_test_wrap_psa_cipher_abort( - psa_cipher_operation_t *arg0_operation) -{ - psa_status_t status = (psa_cipher_abort)(arg0_operation); - return status; -} - -/* Wrapper for psa_cipher_decrypt */ -psa_status_t mbedtls_test_wrap_psa_cipher_decrypt( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_input, - size_t arg3_input_length, - uint8_t *arg4_output, - size_t arg5_output_size, - size_t *arg6_output_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg2_input, arg3_input_length); - MBEDTLS_TEST_MEMORY_POISON(arg4_output, arg5_output_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_cipher_decrypt)(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_output, arg5_output_size, arg6_output_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg2_input, arg3_input_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg4_output, arg5_output_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_cipher_decrypt_setup */ -psa_status_t mbedtls_test_wrap_psa_cipher_decrypt_setup( - psa_cipher_operation_t *arg0_operation, - mbedtls_svc_key_id_t arg1_key, - psa_algorithm_t arg2_alg) -{ - psa_status_t status = (psa_cipher_decrypt_setup)(arg0_operation, arg1_key, arg2_alg); - return status; -} - -/* Wrapper for psa_cipher_encrypt */ -psa_status_t mbedtls_test_wrap_psa_cipher_encrypt( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_input, - size_t arg3_input_length, - uint8_t *arg4_output, - size_t arg5_output_size, - size_t *arg6_output_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg2_input, arg3_input_length); - MBEDTLS_TEST_MEMORY_POISON(arg4_output, arg5_output_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_cipher_encrypt)(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_output, arg5_output_size, arg6_output_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg2_input, arg3_input_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg4_output, arg5_output_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_cipher_encrypt_setup */ -psa_status_t mbedtls_test_wrap_psa_cipher_encrypt_setup( - psa_cipher_operation_t *arg0_operation, - mbedtls_svc_key_id_t arg1_key, - psa_algorithm_t arg2_alg) -{ - psa_status_t status = (psa_cipher_encrypt_setup)(arg0_operation, arg1_key, arg2_alg); - return status; -} - -/* Wrapper for psa_cipher_finish */ -psa_status_t mbedtls_test_wrap_psa_cipher_finish( - psa_cipher_operation_t *arg0_operation, - uint8_t *arg1_output, - size_t arg2_output_size, - size_t *arg3_output_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_output, arg2_output_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_cipher_finish)(arg0_operation, arg1_output, arg2_output_size, arg3_output_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_output, arg2_output_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_cipher_generate_iv */ -psa_status_t mbedtls_test_wrap_psa_cipher_generate_iv( - psa_cipher_operation_t *arg0_operation, - uint8_t *arg1_iv, - size_t arg2_iv_size, - size_t *arg3_iv_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_iv, arg2_iv_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_cipher_generate_iv)(arg0_operation, arg1_iv, arg2_iv_size, arg3_iv_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_iv, arg2_iv_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_cipher_set_iv */ -psa_status_t mbedtls_test_wrap_psa_cipher_set_iv( - psa_cipher_operation_t *arg0_operation, - const uint8_t *arg1_iv, - size_t arg2_iv_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_iv, arg2_iv_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_cipher_set_iv)(arg0_operation, arg1_iv, arg2_iv_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_iv, arg2_iv_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_cipher_update */ -psa_status_t mbedtls_test_wrap_psa_cipher_update( - psa_cipher_operation_t *arg0_operation, - const uint8_t *arg1_input, - size_t arg2_input_length, - uint8_t *arg3_output, - size_t arg4_output_size, - size_t *arg5_output_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_input, arg2_input_length); - MBEDTLS_TEST_MEMORY_POISON(arg3_output, arg4_output_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_cipher_update)(arg0_operation, arg1_input, arg2_input_length, arg3_output, arg4_output_size, arg5_output_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_input, arg2_input_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg3_output, arg4_output_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_copy_key */ -psa_status_t mbedtls_test_wrap_psa_copy_key( - mbedtls_svc_key_id_t arg0_source_key, - const psa_key_attributes_t *arg1_attributes, - mbedtls_svc_key_id_t *arg2_target_key) -{ - psa_status_t status = (psa_copy_key)(arg0_source_key, arg1_attributes, arg2_target_key); - return status; -} - -/* Wrapper for psa_crypto_driver_pake_get_cipher_suite */ -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_cipher_suite( - const psa_crypto_driver_pake_inputs_t *arg0_inputs, - psa_pake_cipher_suite_t *arg1_cipher_suite) -{ - psa_status_t status = (psa_crypto_driver_pake_get_cipher_suite)(arg0_inputs, arg1_cipher_suite); - return status; -} -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -/* Wrapper for psa_crypto_driver_pake_get_password */ -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_password( - const psa_crypto_driver_pake_inputs_t *arg0_inputs, - uint8_t *arg1_buffer, - size_t arg2_buffer_size, - size_t *arg3_buffer_length) -{ - psa_status_t status = (psa_crypto_driver_pake_get_password)(arg0_inputs, arg1_buffer, arg2_buffer_size, arg3_buffer_length); - return status; -} -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -/* Wrapper for psa_crypto_driver_pake_get_password_len */ -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_password_len( - const psa_crypto_driver_pake_inputs_t *arg0_inputs, - size_t *arg1_password_len) -{ - psa_status_t status = (psa_crypto_driver_pake_get_password_len)(arg0_inputs, arg1_password_len); - return status; -} -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -/* Wrapper for psa_crypto_driver_pake_get_peer */ -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_peer( - const psa_crypto_driver_pake_inputs_t *arg0_inputs, - uint8_t *arg1_peer_id, - size_t arg2_peer_id_size, - size_t *arg3_peer_id_length) -{ - psa_status_t status = (psa_crypto_driver_pake_get_peer)(arg0_inputs, arg1_peer_id, arg2_peer_id_size, arg3_peer_id_length); - return status; -} -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -/* Wrapper for psa_crypto_driver_pake_get_peer_len */ -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_peer_len( - const psa_crypto_driver_pake_inputs_t *arg0_inputs, - size_t *arg1_peer_len) -{ - psa_status_t status = (psa_crypto_driver_pake_get_peer_len)(arg0_inputs, arg1_peer_len); - return status; -} -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -/* Wrapper for psa_crypto_driver_pake_get_user */ -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_user( - const psa_crypto_driver_pake_inputs_t *arg0_inputs, - uint8_t *arg1_user_id, - size_t arg2_user_id_size, - size_t *arg3_user_id_len) -{ - psa_status_t status = (psa_crypto_driver_pake_get_user)(arg0_inputs, arg1_user_id, arg2_user_id_size, arg3_user_id_len); - return status; -} -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -/* Wrapper for psa_crypto_driver_pake_get_user_len */ -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_user_len( - const psa_crypto_driver_pake_inputs_t *arg0_inputs, - size_t *arg1_user_len) -{ - psa_status_t status = (psa_crypto_driver_pake_get_user_len)(arg0_inputs, arg1_user_len); - return status; -} -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -/* Wrapper for psa_crypto_init */ -psa_status_t mbedtls_test_wrap_psa_crypto_init(void) -{ - psa_status_t status = (psa_crypto_init)(); - return status; -} - -/* Wrapper for psa_destroy_key */ -psa_status_t mbedtls_test_wrap_psa_destroy_key( - mbedtls_svc_key_id_t arg0_key) -{ - psa_status_t status = (psa_destroy_key)(arg0_key); - return status; -} - -/* Wrapper for psa_export_key */ -psa_status_t mbedtls_test_wrap_psa_export_key( - mbedtls_svc_key_id_t arg0_key, - uint8_t *arg1_data, - size_t arg2_data_size, - size_t *arg3_data_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_data, arg2_data_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_export_key)(arg0_key, arg1_data, arg2_data_size, arg3_data_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_data, arg2_data_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_export_public_key */ -psa_status_t mbedtls_test_wrap_psa_export_public_key( - mbedtls_svc_key_id_t arg0_key, - uint8_t *arg1_data, - size_t arg2_data_size, - size_t *arg3_data_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_data, arg2_data_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_export_public_key)(arg0_key, arg1_data, arg2_data_size, arg3_data_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_data, arg2_data_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_generate_key */ -psa_status_t mbedtls_test_wrap_psa_generate_key( - const psa_key_attributes_t *arg0_attributes, - mbedtls_svc_key_id_t *arg1_key) -{ - psa_status_t status = (psa_generate_key)(arg0_attributes, arg1_key); - return status; -} - -/* Wrapper for psa_generate_key_ext */ -psa_status_t mbedtls_test_wrap_psa_generate_key_ext( - const psa_key_attributes_t *arg0_attributes, - const psa_key_production_parameters_t *arg1_params, - size_t arg2_params_data_length, - mbedtls_svc_key_id_t *arg3_key) -{ - psa_status_t status = (psa_generate_key_ext)(arg0_attributes, arg1_params, arg2_params_data_length, arg3_key); - return status; -} - -/* Wrapper for psa_generate_random */ -psa_status_t mbedtls_test_wrap_psa_generate_random( - uint8_t *arg0_output, - size_t arg1_output_size) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg0_output, arg1_output_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_generate_random)(arg0_output, arg1_output_size); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg0_output, arg1_output_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_get_key_attributes */ -psa_status_t mbedtls_test_wrap_psa_get_key_attributes( - mbedtls_svc_key_id_t arg0_key, - psa_key_attributes_t *arg1_attributes) -{ - psa_status_t status = (psa_get_key_attributes)(arg0_key, arg1_attributes); - return status; -} - -/* Wrapper for psa_hash_abort */ -psa_status_t mbedtls_test_wrap_psa_hash_abort( - psa_hash_operation_t *arg0_operation) -{ - psa_status_t status = (psa_hash_abort)(arg0_operation); - return status; -} - -/* Wrapper for psa_hash_clone */ -psa_status_t mbedtls_test_wrap_psa_hash_clone( - const psa_hash_operation_t *arg0_source_operation, - psa_hash_operation_t *arg1_target_operation) -{ - psa_status_t status = (psa_hash_clone)(arg0_source_operation, arg1_target_operation); - return status; -} - -/* Wrapper for psa_hash_compare */ -psa_status_t mbedtls_test_wrap_psa_hash_compare( - psa_algorithm_t arg0_alg, - const uint8_t *arg1_input, - size_t arg2_input_length, - const uint8_t *arg3_hash, - size_t arg4_hash_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_input, arg2_input_length); - MBEDTLS_TEST_MEMORY_POISON(arg3_hash, arg4_hash_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_hash_compare)(arg0_alg, arg1_input, arg2_input_length, arg3_hash, arg4_hash_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_input, arg2_input_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg3_hash, arg4_hash_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_hash_compute */ -psa_status_t mbedtls_test_wrap_psa_hash_compute( - psa_algorithm_t arg0_alg, - const uint8_t *arg1_input, - size_t arg2_input_length, - uint8_t *arg3_hash, - size_t arg4_hash_size, - size_t *arg5_hash_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_input, arg2_input_length); - MBEDTLS_TEST_MEMORY_POISON(arg3_hash, arg4_hash_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_hash_compute)(arg0_alg, arg1_input, arg2_input_length, arg3_hash, arg4_hash_size, arg5_hash_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_input, arg2_input_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg3_hash, arg4_hash_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_hash_finish */ -psa_status_t mbedtls_test_wrap_psa_hash_finish( - psa_hash_operation_t *arg0_operation, - uint8_t *arg1_hash, - size_t arg2_hash_size, - size_t *arg3_hash_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_hash, arg2_hash_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_hash_finish)(arg0_operation, arg1_hash, arg2_hash_size, arg3_hash_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_hash, arg2_hash_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_hash_setup */ -psa_status_t mbedtls_test_wrap_psa_hash_setup( - psa_hash_operation_t *arg0_operation, - psa_algorithm_t arg1_alg) -{ - psa_status_t status = (psa_hash_setup)(arg0_operation, arg1_alg); - return status; -} - -/* Wrapper for psa_hash_update */ -psa_status_t mbedtls_test_wrap_psa_hash_update( - psa_hash_operation_t *arg0_operation, - const uint8_t *arg1_input, - size_t arg2_input_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_input, arg2_input_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_hash_update)(arg0_operation, arg1_input, arg2_input_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_input, arg2_input_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_hash_verify */ -psa_status_t mbedtls_test_wrap_psa_hash_verify( - psa_hash_operation_t *arg0_operation, - const uint8_t *arg1_hash, - size_t arg2_hash_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_hash, arg2_hash_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_hash_verify)(arg0_operation, arg1_hash, arg2_hash_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_hash, arg2_hash_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_import_key */ -psa_status_t mbedtls_test_wrap_psa_import_key( - const psa_key_attributes_t *arg0_attributes, - const uint8_t *arg1_data, - size_t arg2_data_length, - mbedtls_svc_key_id_t *arg3_key) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_data, arg2_data_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_import_key)(arg0_attributes, arg1_data, arg2_data_length, arg3_key); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_data, arg2_data_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_key_derivation_abort */ -psa_status_t mbedtls_test_wrap_psa_key_derivation_abort( - psa_key_derivation_operation_t *arg0_operation) -{ - psa_status_t status = (psa_key_derivation_abort)(arg0_operation); - return status; -} - -/* Wrapper for psa_key_derivation_get_capacity */ -psa_status_t mbedtls_test_wrap_psa_key_derivation_get_capacity( - const psa_key_derivation_operation_t *arg0_operation, - size_t *arg1_capacity) -{ - psa_status_t status = (psa_key_derivation_get_capacity)(arg0_operation, arg1_capacity); - return status; -} - -/* Wrapper for psa_key_derivation_input_bytes */ -psa_status_t mbedtls_test_wrap_psa_key_derivation_input_bytes( - psa_key_derivation_operation_t *arg0_operation, - psa_key_derivation_step_t arg1_step, - const uint8_t *arg2_data, - size_t arg3_data_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg2_data, arg3_data_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_key_derivation_input_bytes)(arg0_operation, arg1_step, arg2_data, arg3_data_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg2_data, arg3_data_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_key_derivation_input_integer */ -psa_status_t mbedtls_test_wrap_psa_key_derivation_input_integer( - psa_key_derivation_operation_t *arg0_operation, - psa_key_derivation_step_t arg1_step, - uint64_t arg2_value) -{ - psa_status_t status = (psa_key_derivation_input_integer)(arg0_operation, arg1_step, arg2_value); - return status; -} - -/* Wrapper for psa_key_derivation_input_key */ -psa_status_t mbedtls_test_wrap_psa_key_derivation_input_key( - psa_key_derivation_operation_t *arg0_operation, - psa_key_derivation_step_t arg1_step, - mbedtls_svc_key_id_t arg2_key) -{ - psa_status_t status = (psa_key_derivation_input_key)(arg0_operation, arg1_step, arg2_key); - return status; -} - -/* Wrapper for psa_key_derivation_key_agreement */ -psa_status_t mbedtls_test_wrap_psa_key_derivation_key_agreement( - psa_key_derivation_operation_t *arg0_operation, - psa_key_derivation_step_t arg1_step, - mbedtls_svc_key_id_t arg2_private_key, - const uint8_t *arg3_peer_key, - size_t arg4_peer_key_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg3_peer_key, arg4_peer_key_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_key_derivation_key_agreement)(arg0_operation, arg1_step, arg2_private_key, arg3_peer_key, arg4_peer_key_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg3_peer_key, arg4_peer_key_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_key_derivation_output_bytes */ -psa_status_t mbedtls_test_wrap_psa_key_derivation_output_bytes( - psa_key_derivation_operation_t *arg0_operation, - uint8_t *arg1_output, - size_t arg2_output_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_output, arg2_output_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_key_derivation_output_bytes)(arg0_operation, arg1_output, arg2_output_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_output, arg2_output_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_key_derivation_output_key */ -psa_status_t mbedtls_test_wrap_psa_key_derivation_output_key( - const psa_key_attributes_t *arg0_attributes, - psa_key_derivation_operation_t *arg1_operation, - mbedtls_svc_key_id_t *arg2_key) -{ - psa_status_t status = (psa_key_derivation_output_key)(arg0_attributes, arg1_operation, arg2_key); - return status; -} - -/* Wrapper for psa_key_derivation_output_key_ext */ -psa_status_t mbedtls_test_wrap_psa_key_derivation_output_key_ext( - const psa_key_attributes_t *arg0_attributes, - psa_key_derivation_operation_t *arg1_operation, - const psa_key_production_parameters_t *arg2_params, - size_t arg3_params_data_length, - mbedtls_svc_key_id_t *arg4_key) -{ - psa_status_t status = (psa_key_derivation_output_key_ext)(arg0_attributes, arg1_operation, arg2_params, arg3_params_data_length, arg4_key); - return status; -} - -/* Wrapper for psa_key_derivation_set_capacity */ -psa_status_t mbedtls_test_wrap_psa_key_derivation_set_capacity( - psa_key_derivation_operation_t *arg0_operation, - size_t arg1_capacity) -{ - psa_status_t status = (psa_key_derivation_set_capacity)(arg0_operation, arg1_capacity); - return status; -} - -/* Wrapper for psa_key_derivation_setup */ -psa_status_t mbedtls_test_wrap_psa_key_derivation_setup( - psa_key_derivation_operation_t *arg0_operation, - psa_algorithm_t arg1_alg) -{ - psa_status_t status = (psa_key_derivation_setup)(arg0_operation, arg1_alg); - return status; -} - -/* Wrapper for psa_mac_abort */ -psa_status_t mbedtls_test_wrap_psa_mac_abort( - psa_mac_operation_t *arg0_operation) -{ - psa_status_t status = (psa_mac_abort)(arg0_operation); - return status; -} - -/* Wrapper for psa_mac_compute */ -psa_status_t mbedtls_test_wrap_psa_mac_compute( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_input, - size_t arg3_input_length, - uint8_t *arg4_mac, - size_t arg5_mac_size, - size_t *arg6_mac_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg2_input, arg3_input_length); - MBEDTLS_TEST_MEMORY_POISON(arg4_mac, arg5_mac_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_mac_compute)(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_mac, arg5_mac_size, arg6_mac_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg2_input, arg3_input_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg4_mac, arg5_mac_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_mac_sign_finish */ -psa_status_t mbedtls_test_wrap_psa_mac_sign_finish( - psa_mac_operation_t *arg0_operation, - uint8_t *arg1_mac, - size_t arg2_mac_size, - size_t *arg3_mac_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_mac, arg2_mac_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_mac_sign_finish)(arg0_operation, arg1_mac, arg2_mac_size, arg3_mac_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_mac, arg2_mac_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_mac_sign_setup */ -psa_status_t mbedtls_test_wrap_psa_mac_sign_setup( - psa_mac_operation_t *arg0_operation, - mbedtls_svc_key_id_t arg1_key, - psa_algorithm_t arg2_alg) -{ - psa_status_t status = (psa_mac_sign_setup)(arg0_operation, arg1_key, arg2_alg); - return status; -} - -/* Wrapper for psa_mac_update */ -psa_status_t mbedtls_test_wrap_psa_mac_update( - psa_mac_operation_t *arg0_operation, - const uint8_t *arg1_input, - size_t arg2_input_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_input, arg2_input_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_mac_update)(arg0_operation, arg1_input, arg2_input_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_input, arg2_input_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_mac_verify */ -psa_status_t mbedtls_test_wrap_psa_mac_verify( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_input, - size_t arg3_input_length, - const uint8_t *arg4_mac, - size_t arg5_mac_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg2_input, arg3_input_length); - MBEDTLS_TEST_MEMORY_POISON(arg4_mac, arg5_mac_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_mac_verify)(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_mac, arg5_mac_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg2_input, arg3_input_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg4_mac, arg5_mac_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_mac_verify_finish */ -psa_status_t mbedtls_test_wrap_psa_mac_verify_finish( - psa_mac_operation_t *arg0_operation, - const uint8_t *arg1_mac, - size_t arg2_mac_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_mac, arg2_mac_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_mac_verify_finish)(arg0_operation, arg1_mac, arg2_mac_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_mac, arg2_mac_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_mac_verify_setup */ -psa_status_t mbedtls_test_wrap_psa_mac_verify_setup( - psa_mac_operation_t *arg0_operation, - mbedtls_svc_key_id_t arg1_key, - psa_algorithm_t arg2_alg) -{ - psa_status_t status = (psa_mac_verify_setup)(arg0_operation, arg1_key, arg2_alg); - return status; -} - -/* Wrapper for psa_pake_abort */ -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_pake_abort( - psa_pake_operation_t *arg0_operation) -{ - psa_status_t status = (psa_pake_abort)(arg0_operation); - return status; -} -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -/* Wrapper for psa_pake_get_implicit_key */ -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_pake_get_implicit_key( - psa_pake_operation_t *arg0_operation, - psa_key_derivation_operation_t *arg1_output) -{ - psa_status_t status = (psa_pake_get_implicit_key)(arg0_operation, arg1_output); - return status; -} -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -/* Wrapper for psa_pake_input */ -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_pake_input( - psa_pake_operation_t *arg0_operation, - psa_pake_step_t arg1_step, - const uint8_t *arg2_input, - size_t arg3_input_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg2_input, arg3_input_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_pake_input)(arg0_operation, arg1_step, arg2_input, arg3_input_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg2_input, arg3_input_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -/* Wrapper for psa_pake_output */ -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_pake_output( - psa_pake_operation_t *arg0_operation, - psa_pake_step_t arg1_step, - uint8_t *arg2_output, - size_t arg3_output_size, - size_t *arg4_output_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg2_output, arg3_output_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_pake_output)(arg0_operation, arg1_step, arg2_output, arg3_output_size, arg4_output_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg2_output, arg3_output_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -/* Wrapper for psa_pake_set_password_key */ -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_pake_set_password_key( - psa_pake_operation_t *arg0_operation, - mbedtls_svc_key_id_t arg1_password) -{ - psa_status_t status = (psa_pake_set_password_key)(arg0_operation, arg1_password); - return status; -} -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -/* Wrapper for psa_pake_set_peer */ -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_pake_set_peer( - psa_pake_operation_t *arg0_operation, - const uint8_t *arg1_peer_id, - size_t arg2_peer_id_len) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_peer_id, arg2_peer_id_len); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_pake_set_peer)(arg0_operation, arg1_peer_id, arg2_peer_id_len); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_peer_id, arg2_peer_id_len); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -/* Wrapper for psa_pake_set_role */ -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_pake_set_role( - psa_pake_operation_t *arg0_operation, - psa_pake_role_t arg1_role) -{ - psa_status_t status = (psa_pake_set_role)(arg0_operation, arg1_role); - return status; -} -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -/* Wrapper for psa_pake_set_user */ -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_pake_set_user( - psa_pake_operation_t *arg0_operation, - const uint8_t *arg1_user_id, - size_t arg2_user_id_len) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_user_id, arg2_user_id_len); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_pake_set_user)(arg0_operation, arg1_user_id, arg2_user_id_len); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_user_id, arg2_user_id_len); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -/* Wrapper for psa_pake_setup */ -#if defined(PSA_WANT_ALG_SOME_PAKE) -psa_status_t mbedtls_test_wrap_psa_pake_setup( - psa_pake_operation_t *arg0_operation, - const psa_pake_cipher_suite_t *arg1_cipher_suite) -{ - psa_status_t status = (psa_pake_setup)(arg0_operation, arg1_cipher_suite); - return status; -} -#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ - -/* Wrapper for psa_purge_key */ -psa_status_t mbedtls_test_wrap_psa_purge_key( - mbedtls_svc_key_id_t arg0_key) -{ - psa_status_t status = (psa_purge_key)(arg0_key); - return status; -} - -/* Wrapper for psa_raw_key_agreement */ -psa_status_t mbedtls_test_wrap_psa_raw_key_agreement( - psa_algorithm_t arg0_alg, - mbedtls_svc_key_id_t arg1_private_key, - const uint8_t *arg2_peer_key, - size_t arg3_peer_key_length, - uint8_t *arg4_output, - size_t arg5_output_size, - size_t *arg6_output_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg2_peer_key, arg3_peer_key_length); - MBEDTLS_TEST_MEMORY_POISON(arg4_output, arg5_output_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_raw_key_agreement)(arg0_alg, arg1_private_key, arg2_peer_key, arg3_peer_key_length, arg4_output, arg5_output_size, arg6_output_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg2_peer_key, arg3_peer_key_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg4_output, arg5_output_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_sign_hash */ -psa_status_t mbedtls_test_wrap_psa_sign_hash( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_hash, - size_t arg3_hash_length, - uint8_t *arg4_signature, - size_t arg5_signature_size, - size_t *arg6_signature_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg2_hash, arg3_hash_length); - MBEDTLS_TEST_MEMORY_POISON(arg4_signature, arg5_signature_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_sign_hash)(arg0_key, arg1_alg, arg2_hash, arg3_hash_length, arg4_signature, arg5_signature_size, arg6_signature_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg2_hash, arg3_hash_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg4_signature, arg5_signature_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_sign_hash_abort */ -psa_status_t mbedtls_test_wrap_psa_sign_hash_abort( - psa_sign_hash_interruptible_operation_t *arg0_operation) -{ - psa_status_t status = (psa_sign_hash_abort)(arg0_operation); - return status; -} - -/* Wrapper for psa_sign_hash_complete */ -psa_status_t mbedtls_test_wrap_psa_sign_hash_complete( - psa_sign_hash_interruptible_operation_t *arg0_operation, - uint8_t *arg1_signature, - size_t arg2_signature_size, - size_t *arg3_signature_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg1_signature, arg2_signature_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_sign_hash_complete)(arg0_operation, arg1_signature, arg2_signature_size, arg3_signature_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg1_signature, arg2_signature_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_sign_hash_start */ -psa_status_t mbedtls_test_wrap_psa_sign_hash_start( - psa_sign_hash_interruptible_operation_t *arg0_operation, - mbedtls_svc_key_id_t arg1_key, - psa_algorithm_t arg2_alg, - const uint8_t *arg3_hash, - size_t arg4_hash_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg3_hash, arg4_hash_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_sign_hash_start)(arg0_operation, arg1_key, arg2_alg, arg3_hash, arg4_hash_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg3_hash, arg4_hash_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_sign_message */ -psa_status_t mbedtls_test_wrap_psa_sign_message( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_input, - size_t arg3_input_length, - uint8_t *arg4_signature, - size_t arg5_signature_size, - size_t *arg6_signature_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg2_input, arg3_input_length); - MBEDTLS_TEST_MEMORY_POISON(arg4_signature, arg5_signature_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_sign_message)(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_signature, arg5_signature_size, arg6_signature_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg2_input, arg3_input_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg4_signature, arg5_signature_size); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_verify_hash */ -psa_status_t mbedtls_test_wrap_psa_verify_hash( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_hash, - size_t arg3_hash_length, - const uint8_t *arg4_signature, - size_t arg5_signature_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg2_hash, arg3_hash_length); - MBEDTLS_TEST_MEMORY_POISON(arg4_signature, arg5_signature_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_verify_hash)(arg0_key, arg1_alg, arg2_hash, arg3_hash_length, arg4_signature, arg5_signature_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg2_hash, arg3_hash_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg4_signature, arg5_signature_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_verify_hash_abort */ -psa_status_t mbedtls_test_wrap_psa_verify_hash_abort( - psa_verify_hash_interruptible_operation_t *arg0_operation) -{ - psa_status_t status = (psa_verify_hash_abort)(arg0_operation); - return status; -} - -/* Wrapper for psa_verify_hash_complete */ -psa_status_t mbedtls_test_wrap_psa_verify_hash_complete( - psa_verify_hash_interruptible_operation_t *arg0_operation) -{ - psa_status_t status = (psa_verify_hash_complete)(arg0_operation); - return status; -} - -/* Wrapper for psa_verify_hash_start */ -psa_status_t mbedtls_test_wrap_psa_verify_hash_start( - psa_verify_hash_interruptible_operation_t *arg0_operation, - mbedtls_svc_key_id_t arg1_key, - psa_algorithm_t arg2_alg, - const uint8_t *arg3_hash, - size_t arg4_hash_length, - const uint8_t *arg5_signature, - size_t arg6_signature_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg3_hash, arg4_hash_length); - MBEDTLS_TEST_MEMORY_POISON(arg5_signature, arg6_signature_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_verify_hash_start)(arg0_operation, arg1_key, arg2_alg, arg3_hash, arg4_hash_length, arg5_signature, arg6_signature_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg3_hash, arg4_hash_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg5_signature, arg6_signature_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -/* Wrapper for psa_verify_message */ -psa_status_t mbedtls_test_wrap_psa_verify_message( - mbedtls_svc_key_id_t arg0_key, - psa_algorithm_t arg1_alg, - const uint8_t *arg2_input, - size_t arg3_input_length, - const uint8_t *arg4_signature, - size_t arg5_signature_length) -{ -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_POISON(arg2_input, arg3_input_length); - MBEDTLS_TEST_MEMORY_POISON(arg4_signature, arg5_signature_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - psa_status_t status = (psa_verify_message)(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_signature, arg5_signature_length); -#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) - MBEDTLS_TEST_MEMORY_UNPOISON(arg2_input, arg3_input_length); - MBEDTLS_TEST_MEMORY_UNPOISON(arg4_signature, arg5_signature_length); -#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ - return status; -} - -#endif /* defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_TEST_HOOKS) && \ - !defined(RECORD_PSA_STATUS_COVERAGE_LOG) */ - -/* End of automatically generated file. */ diff --git a/tests/src/random.c b/tests/src/random.c deleted file mode 100644 index d041f36a1f46..000000000000 --- a/tests/src/random.c +++ /dev/null @@ -1,136 +0,0 @@ -/** - * \file random.c - * - * \brief This file contains the helper functions to generate random numbers - * for the purpose of testing. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/* - * for arc4random_buf() from - */ -#if defined(__NetBSD__) -#define _NETBSD_SOURCE 1 -#elif defined(__OpenBSD__) -#define _BSD_SOURCE 1 -#endif - -#include -#include -#include - -#include -#include - -int mbedtls_test_rnd_std_rand(void *rng_state, - unsigned char *output, - size_t len) -{ -#if !defined(__OpenBSD__) && !defined(__NetBSD__) - size_t i; - - if (rng_state != NULL) { - rng_state = NULL; - } - - for (i = 0; i < len; ++i) { - output[i] = rand(); - } -#else - if (rng_state != NULL) { - rng_state = NULL; - } - - arc4random_buf(output, len); -#endif /* !OpenBSD && !NetBSD */ - - return 0; -} - -int mbedtls_test_rnd_zero_rand(void *rng_state, - unsigned char *output, - size_t len) -{ - if (rng_state != NULL) { - rng_state = NULL; - } - - memset(output, 0, len); - - return 0; -} - -int mbedtls_test_rnd_buffer_rand(void *rng_state, - unsigned char *output, - size_t len) -{ - mbedtls_test_rnd_buf_info *info = (mbedtls_test_rnd_buf_info *) rng_state; - size_t use_len; - - if (rng_state == NULL) { - return mbedtls_test_rnd_std_rand(NULL, output, len); - } - - use_len = len; - if (len > info->length) { - use_len = info->length; - } - - if (use_len) { - memcpy(output, info->buf, use_len); - info->buf += use_len; - info->length -= use_len; - } - - if (len - use_len > 0) { - if (info->fallback_f_rng != NULL) { - return info->fallback_f_rng(info->fallback_p_rng, - output + use_len, - len - use_len); - } else { - return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; - } - } - - return 0; -} - -int mbedtls_test_rnd_pseudo_rand(void *rng_state, - unsigned char *output, - size_t len) -{ - mbedtls_test_rnd_pseudo_info *info = - (mbedtls_test_rnd_pseudo_info *) rng_state; - uint32_t i, *k, sum, delta = 0x9E3779B9; - unsigned char result[4], *out = output; - - if (rng_state == NULL) { - return mbedtls_test_rnd_std_rand(NULL, output, len); - } - - k = info->key; - - while (len > 0) { - size_t use_len = (len > 4) ? 4 : len; - sum = 0; - - for (i = 0; i < 32; i++) { - info->v0 += (((info->v1 << 4) ^ (info->v1 >> 5)) - + info->v1) ^ (sum + k[sum & 3]); - sum += delta; - info->v1 += (((info->v0 << 4) ^ (info->v0 >> 5)) - + info->v0) ^ (sum + k[(sum>>11) & 3]); - } - - MBEDTLS_PUT_UINT32_BE(info->v0, result, 0); - memcpy(out, result, use_len); - len -= use_len; - out += 4; - } - - return 0; -} diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c deleted file mode 100644 index 255849fdc2db..000000000000 --- a/tests/src/test_helpers/ssl_helpers.c +++ /dev/null @@ -1,2575 +0,0 @@ -/** \file ssl_helpers.c - * - * \brief Helper functions to set up a TLS connection. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include -#include "mbedtls/psa_util.h" - -#if defined(MBEDTLS_SSL_TLS_C) -int mbedtls_test_random(void *p_rng, unsigned char *output, size_t output_len) -{ - (void) p_rng; - for (size_t i = 0; i < output_len; i++) { - output[i] = rand(); - } - - return 0; -} - -void mbedtls_test_ssl_log_analyzer(void *ctx, int level, - const char *file, int line, - const char *str) -{ - mbedtls_test_ssl_log_pattern *p = (mbedtls_test_ssl_log_pattern *) ctx; - - (void) level; - (void) line; - (void) file; - - if (NULL != p && - NULL != p->pattern && - NULL != strstr(str, p->pattern)) { - p->counter++; - } -} - -void mbedtls_test_init_handshake_options( - mbedtls_test_handshake_test_options *opts) -{ -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - static int rng_seed = 0xBEEF; - - srand(rng_seed); - rng_seed += 0xD0; -#endif - - memset(opts, 0, sizeof(*opts)); - - opts->cipher = ""; - opts->client_min_version = MBEDTLS_SSL_VERSION_UNKNOWN; - opts->client_max_version = MBEDTLS_SSL_VERSION_UNKNOWN; - opts->server_min_version = MBEDTLS_SSL_VERSION_UNKNOWN; - opts->server_max_version = MBEDTLS_SSL_VERSION_UNKNOWN; - opts->expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_3; - opts->pk_alg = MBEDTLS_PK_RSA; - opts->srv_auth_mode = MBEDTLS_SSL_VERIFY_NONE; - opts->mfl = MBEDTLS_SSL_MAX_FRAG_LEN_NONE; - opts->cli_msg_len = 100; - opts->srv_msg_len = 100; - opts->expected_cli_fragments = 1; - opts->expected_srv_fragments = 1; - opts->legacy_renegotiation = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION; - opts->resize_buffers = 1; - opts->early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; - opts->max_early_data_size = -1; -#if defined(MBEDTLS_SSL_CACHE_C) - TEST_CALLOC(opts->cache, 1); - mbedtls_ssl_cache_init(opts->cache); -#if defined(MBEDTLS_HAVE_TIME) - TEST_EQUAL(mbedtls_ssl_cache_get_timeout(opts->cache), - MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT); -#endif -exit: - return; -#endif -} - -void mbedtls_test_free_handshake_options( - mbedtls_test_handshake_test_options *opts) -{ -#if defined(MBEDTLS_SSL_CACHE_C) - mbedtls_ssl_cache_free(opts->cache); - mbedtls_free(opts->cache); -#else - (void) opts; -#endif -} - -#if defined(MBEDTLS_TEST_HOOKS) -static void set_chk_buf_ptr_args( - mbedtls_ssl_chk_buf_ptr_args *args, - unsigned char *cur, unsigned char *end, size_t need) -{ - args->cur = cur; - args->end = end; - args->need = need; -} - -static void reset_chk_buf_ptr_args(mbedtls_ssl_chk_buf_ptr_args *args) -{ - memset(args, 0, sizeof(*args)); -} -#endif /* MBEDTLS_TEST_HOOKS */ - -void mbedtls_test_ssl_buffer_init(mbedtls_test_ssl_buffer *buf) -{ - memset(buf, 0, sizeof(*buf)); -} - -int mbedtls_test_ssl_buffer_setup(mbedtls_test_ssl_buffer *buf, - size_t capacity) -{ - buf->buffer = (unsigned char *) mbedtls_calloc(capacity, - sizeof(unsigned char)); - if (NULL == buf->buffer) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - buf->capacity = capacity; - - return 0; -} - -void mbedtls_test_ssl_buffer_free(mbedtls_test_ssl_buffer *buf) -{ - if (buf->buffer != NULL) { - mbedtls_free(buf->buffer); - } - - memset(buf, 0, sizeof(*buf)); -} - -int mbedtls_test_ssl_buffer_put(mbedtls_test_ssl_buffer *buf, - const unsigned char *input, size_t input_len) -{ - size_t overflow = 0; - - if ((buf == NULL) || (buf->buffer == NULL)) { - return -1; - } - - /* Reduce input_len to a number that fits in the buffer. */ - if ((buf->content_length + input_len) > buf->capacity) { - input_len = buf->capacity - buf->content_length; - } - - if (input == NULL) { - return (input_len == 0) ? 0 : -1; - } - - /* Check if the buffer has not come full circle and free space is not in - * the middle */ - if (buf->start + buf->content_length < buf->capacity) { - - /* Calculate the number of bytes that need to be placed at lower memory - * address */ - if (buf->start + buf->content_length + input_len - > buf->capacity) { - overflow = (buf->start + buf->content_length + input_len) - % buf->capacity; - } - - memcpy(buf->buffer + buf->start + buf->content_length, input, - input_len - overflow); - memcpy(buf->buffer, input + input_len - overflow, overflow); - - } else { - /* The buffer has come full circle and free space is in the middle */ - memcpy(buf->buffer + buf->start + buf->content_length - buf->capacity, - input, input_len); - } - - buf->content_length += input_len; - return (input_len > INT_MAX) ? INT_MAX : (int) input_len; -} - -int mbedtls_test_ssl_buffer_get(mbedtls_test_ssl_buffer *buf, - unsigned char *output, size_t output_len) -{ - size_t overflow = 0; - - if ((buf == NULL) || (buf->buffer == NULL)) { - return -1; - } - - if (output == NULL && output_len == 0) { - return 0; - } - - if (buf->content_length < output_len) { - output_len = buf->content_length; - } - - /* Calculate the number of bytes that need to be drawn from lower memory - * address */ - if (buf->start + output_len > buf->capacity) { - overflow = (buf->start + output_len) % buf->capacity; - } - - if (output != NULL) { - memcpy(output, buf->buffer + buf->start, output_len - overflow); - memcpy(output + output_len - overflow, buf->buffer, overflow); - } - - buf->content_length -= output_len; - buf->start = (buf->start + output_len) % buf->capacity; - - return (output_len > INT_MAX) ? INT_MAX : (int) output_len; -} - -int mbedtls_test_ssl_message_queue_setup( - mbedtls_test_ssl_message_queue *queue, size_t capacity) -{ - queue->messages = (size_t *) mbedtls_calloc(capacity, sizeof(size_t)); - if (NULL == queue->messages) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - queue->capacity = (capacity > INT_MAX) ? INT_MAX : (int) capacity; - queue->pos = 0; - queue->num = 0; - - return 0; -} - -void mbedtls_test_ssl_message_queue_free( - mbedtls_test_ssl_message_queue *queue) -{ - if (queue == NULL) { - return; - } - - if (queue->messages != NULL) { - mbedtls_free(queue->messages); - } - - memset(queue, 0, sizeof(*queue)); -} - -int mbedtls_test_ssl_message_queue_push_info( - mbedtls_test_ssl_message_queue *queue, size_t len) -{ - int place; - if (queue == NULL) { - return MBEDTLS_TEST_ERROR_ARG_NULL; - } - - if (queue->num >= queue->capacity) { - return MBEDTLS_ERR_SSL_WANT_WRITE; - } - - place = (queue->pos + queue->num) % queue->capacity; - queue->messages[place] = len; - queue->num++; - return (len > INT_MAX) ? INT_MAX : (int) len; -} - -int mbedtls_test_ssl_message_queue_pop_info( - mbedtls_test_ssl_message_queue *queue, size_t buf_len) -{ - size_t message_length; - if (queue == NULL) { - return MBEDTLS_TEST_ERROR_ARG_NULL; - } - if (queue->num == 0) { - return MBEDTLS_ERR_SSL_WANT_READ; - } - - message_length = queue->messages[queue->pos]; - queue->messages[queue->pos] = 0; - queue->num--; - queue->pos++; - queue->pos %= queue->capacity; - if (queue->pos < 0) { - queue->pos += queue->capacity; - } - - return (message_length > INT_MAX && buf_len > INT_MAX) ? INT_MAX : - (message_length > buf_len) ? (int) buf_len : (int) message_length; -} - -/* - * Take a peek on the info about the next message length from the queue. - * This will be the oldest inserted message length(fifo). - * - * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null. - * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty. - * \retval 0, if the peek was successful. - * \retval MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED, if the given buffer length is - * too small to fit the message. In this case the \p msg_len will be - * set to the full message length so that the - * caller knows what portion of the message can be dropped. - */ -static int test_ssl_message_queue_peek_info( - mbedtls_test_ssl_message_queue *queue, - size_t buf_len, size_t *msg_len) -{ - if (queue == NULL || msg_len == NULL) { - return MBEDTLS_TEST_ERROR_ARG_NULL; - } - if (queue->num == 0) { - return MBEDTLS_ERR_SSL_WANT_READ; - } - - *msg_len = queue->messages[queue->pos]; - return (*msg_len > buf_len) ? MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED : 0; -} - -void mbedtls_test_mock_socket_init(mbedtls_test_mock_socket *socket) -{ - memset(socket, 0, sizeof(*socket)); -} - -void mbedtls_test_mock_socket_close(mbedtls_test_mock_socket *socket) -{ - if (socket == NULL) { - return; - } - - if (socket->input != NULL) { - mbedtls_test_ssl_buffer_free(socket->input); - mbedtls_free(socket->input); - } - - if (socket->output != NULL) { - mbedtls_test_ssl_buffer_free(socket->output); - mbedtls_free(socket->output); - } - - if (socket->peer != NULL) { - memset(socket->peer, 0, sizeof(*socket->peer)); - } - - memset(socket, 0, sizeof(*socket)); -} - -int mbedtls_test_mock_socket_connect(mbedtls_test_mock_socket *peer1, - mbedtls_test_mock_socket *peer2, - size_t bufsize) -{ - int ret = -1; - - peer1->output = - (mbedtls_test_ssl_buffer *) mbedtls_calloc( - 1, sizeof(mbedtls_test_ssl_buffer)); - if (peer1->output == NULL) { - ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; - goto exit; - } - mbedtls_test_ssl_buffer_init(peer1->output); - if (0 != (ret = mbedtls_test_ssl_buffer_setup(peer1->output, bufsize))) { - goto exit; - } - - peer2->output = - (mbedtls_test_ssl_buffer *) mbedtls_calloc( - 1, sizeof(mbedtls_test_ssl_buffer)); - if (peer2->output == NULL) { - ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; - goto exit; - } - mbedtls_test_ssl_buffer_init(peer2->output); - if (0 != (ret = mbedtls_test_ssl_buffer_setup(peer2->output, bufsize))) { - goto exit; - } - - peer1->peer = peer2; - peer2->peer = peer1; - peer1->input = peer2->output; - peer2->input = peer1->output; - - peer1->status = peer2->status = MBEDTLS_MOCK_SOCKET_CONNECTED; - ret = 0; - -exit: - - if (ret != 0) { - mbedtls_test_mock_socket_close(peer1); - mbedtls_test_mock_socket_close(peer2); - } - - return ret; -} - -int mbedtls_test_mock_tcp_send_b(void *ctx, - const unsigned char *buf, size_t len) -{ - mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; - - if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { - return -1; - } - - return mbedtls_test_ssl_buffer_put(socket->output, buf, len); -} - -int mbedtls_test_mock_tcp_recv_b(void *ctx, unsigned char *buf, size_t len) -{ - mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; - - if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { - return -1; - } - - return mbedtls_test_ssl_buffer_get(socket->input, buf, len); -} - -int mbedtls_test_mock_tcp_send_nb(void *ctx, - const unsigned char *buf, size_t len) -{ - mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; - - if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { - return -1; - } - - if (socket->output->capacity == socket->output->content_length) { - return MBEDTLS_ERR_SSL_WANT_WRITE; - } - - return mbedtls_test_ssl_buffer_put(socket->output, buf, len); -} - -int mbedtls_test_mock_tcp_recv_nb(void *ctx, unsigned char *buf, size_t len) -{ - mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; - - if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { - return -1; - } - - if (socket->input->content_length == 0) { - return MBEDTLS_ERR_SSL_WANT_READ; - } - - return mbedtls_test_ssl_buffer_get(socket->input, buf, len); -} - -void mbedtls_test_message_socket_init( - mbedtls_test_message_socket_context *ctx) -{ - ctx->queue_input = NULL; - ctx->queue_output = NULL; - ctx->socket = NULL; -} - -int mbedtls_test_message_socket_setup( - mbedtls_test_ssl_message_queue *queue_input, - mbedtls_test_ssl_message_queue *queue_output, - size_t queue_capacity, - mbedtls_test_mock_socket *socket, - mbedtls_test_message_socket_context *ctx) -{ - int ret = mbedtls_test_ssl_message_queue_setup(queue_input, queue_capacity); - if (ret != 0) { - return ret; - } - ctx->queue_input = queue_input; - ctx->queue_output = queue_output; - ctx->socket = socket; - mbedtls_test_mock_socket_init(socket); - - return 0; -} - -void mbedtls_test_message_socket_close( - mbedtls_test_message_socket_context *ctx) -{ - if (ctx == NULL) { - return; - } - - mbedtls_test_ssl_message_queue_free(ctx->queue_input); - mbedtls_test_mock_socket_close(ctx->socket); - memset(ctx, 0, sizeof(*ctx)); -} - -int mbedtls_test_mock_tcp_send_msg(void *ctx, - const unsigned char *buf, size_t len) -{ - mbedtls_test_ssl_message_queue *queue; - mbedtls_test_mock_socket *socket; - mbedtls_test_message_socket_context *context = - (mbedtls_test_message_socket_context *) ctx; - - if (context == NULL || context->socket == NULL - || context->queue_output == NULL) { - return MBEDTLS_TEST_ERROR_CONTEXT_ERROR; - } - - queue = context->queue_output; - socket = context->socket; - - if (queue->num >= queue->capacity) { - return MBEDTLS_ERR_SSL_WANT_WRITE; - } - - if (mbedtls_test_mock_tcp_send_b(socket, buf, len) != (int) len) { - return MBEDTLS_TEST_ERROR_SEND_FAILED; - } - - return mbedtls_test_ssl_message_queue_push_info(queue, len); -} - -int mbedtls_test_mock_tcp_recv_msg(void *ctx, - unsigned char *buf, size_t buf_len) -{ - mbedtls_test_ssl_message_queue *queue; - mbedtls_test_mock_socket *socket; - mbedtls_test_message_socket_context *context = - (mbedtls_test_message_socket_context *) ctx; - size_t drop_len = 0; - size_t msg_len; - int ret; - - if (context == NULL || context->socket == NULL - || context->queue_input == NULL) { - return MBEDTLS_TEST_ERROR_CONTEXT_ERROR; - } - - queue = context->queue_input; - socket = context->socket; - - /* Peek first, so that in case of a socket error the data remains in - * the queue. */ - ret = test_ssl_message_queue_peek_info(queue, buf_len, &msg_len); - if (ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED) { - /* Calculate how much to drop */ - drop_len = msg_len - buf_len; - - /* Set the requested message len to be buffer length */ - msg_len = buf_len; - } else if (ret != 0) { - return ret; - } - - if (mbedtls_test_mock_tcp_recv_b(socket, buf, msg_len) != (int) msg_len) { - return MBEDTLS_TEST_ERROR_RECV_FAILED; - } - - if (ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED) { - /* Drop the remaining part of the message */ - if (mbedtls_test_mock_tcp_recv_b(socket, NULL, drop_len) != - (int) drop_len) { - /* Inconsistent state - part of the message was read, - * and a part couldn't. Not much we can do here, but it should not - * happen in test environment, unless forced manually. */ - } - } - mbedtls_test_ssl_message_queue_pop_info(queue, buf_len); - - return (msg_len > INT_MAX) ? INT_MAX : (int) msg_len; -} - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - -/* - * Deinitializes certificates from endpoint represented by \p ep. - */ -static void test_ssl_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep) -{ - mbedtls_test_ssl_endpoint_certificate *cert = &(ep->cert); - if (cert != NULL) { - if (cert->ca_cert != NULL) { - mbedtls_x509_crt_free(cert->ca_cert); - mbedtls_free(cert->ca_cert); - cert->ca_cert = NULL; - } - if (cert->cert != NULL) { - mbedtls_x509_crt_free(cert->cert); - mbedtls_free(cert->cert); - cert->cert = NULL; - } - if (cert->pkey != NULL) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if (mbedtls_pk_get_type(cert->pkey) == MBEDTLS_PK_OPAQUE) { - psa_destroy_key(cert->pkey->priv_id); - } -#endif - mbedtls_pk_free(cert->pkey); - mbedtls_free(cert->pkey); - cert->pkey = NULL; - } - } -} - -int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, - int pk_alg, - int opaque_alg, int opaque_alg2, - int opaque_usage) -{ - int i = 0; - int ret = -1; - mbedtls_test_ssl_endpoint_certificate *cert = NULL; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; -#endif - - if (ep == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - cert = &(ep->cert); - TEST_CALLOC(cert->ca_cert, 1); - TEST_CALLOC(cert->cert, 1); - TEST_CALLOC(cert->pkey, 1); - - mbedtls_x509_crt_init(cert->ca_cert); - mbedtls_x509_crt_init(cert->cert); - mbedtls_pk_init(cert->pkey); - - /* Load the trusted CA */ - - for (i = 0; mbedtls_test_cas_der[i] != NULL; i++) { - ret = mbedtls_x509_crt_parse_der( - cert->ca_cert, - (const unsigned char *) mbedtls_test_cas_der[i], - mbedtls_test_cas_der_len[i]); - TEST_ASSERT(ret == 0); - } - - /* Load own certificate and private key */ - - if (ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER) { - if (pk_alg == MBEDTLS_PK_RSA) { - ret = mbedtls_x509_crt_parse( - cert->cert, - (const unsigned char *) mbedtls_test_srv_crt_rsa_sha256_der, - mbedtls_test_srv_crt_rsa_sha256_der_len); - TEST_ASSERT(ret == 0); - - ret = mbedtls_pk_parse_key( - cert->pkey, - (const unsigned char *) mbedtls_test_srv_key_rsa_der, - mbedtls_test_srv_key_rsa_der_len, NULL, 0, - mbedtls_test_rnd_std_rand, NULL); - TEST_ASSERT(ret == 0); - } else { - ret = mbedtls_x509_crt_parse( - cert->cert, - (const unsigned char *) mbedtls_test_srv_crt_ec_der, - mbedtls_test_srv_crt_ec_der_len); - TEST_ASSERT(ret == 0); - - ret = mbedtls_pk_parse_key( - cert->pkey, - (const unsigned char *) mbedtls_test_srv_key_ec_der, - mbedtls_test_srv_key_ec_der_len, NULL, 0, - mbedtls_test_rnd_std_rand, NULL); - TEST_ASSERT(ret == 0); - } - } else { - if (pk_alg == MBEDTLS_PK_RSA) { - ret = mbedtls_x509_crt_parse( - cert->cert, - (const unsigned char *) mbedtls_test_cli_crt_rsa_der, - mbedtls_test_cli_crt_rsa_der_len); - TEST_ASSERT(ret == 0); - - ret = mbedtls_pk_parse_key( - cert->pkey, - (const unsigned char *) mbedtls_test_cli_key_rsa_der, - mbedtls_test_cli_key_rsa_der_len, NULL, 0, - mbedtls_test_rnd_std_rand, NULL); - TEST_ASSERT(ret == 0); - } else { - ret = mbedtls_x509_crt_parse( - cert->cert, - (const unsigned char *) mbedtls_test_cli_crt_ec_der, - mbedtls_test_cli_crt_ec_len); - TEST_ASSERT(ret == 0); - - ret = mbedtls_pk_parse_key( - cert->pkey, - (const unsigned char *) mbedtls_test_cli_key_ec_der, - mbedtls_test_cli_key_ec_der_len, NULL, 0, - mbedtls_test_rnd_std_rand, NULL); - TEST_ASSERT(ret == 0); - } - } - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if (opaque_alg != 0) { - psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; - /* Use a fake key usage to get a successful initial guess for the PSA attributes. */ - TEST_EQUAL(mbedtls_pk_get_psa_attributes(cert->pkey, PSA_KEY_USAGE_SIGN_HASH, - &key_attr), 0); - /* Then manually usage, alg and alg2 as requested by the test. */ - psa_set_key_usage_flags(&key_attr, opaque_usage); - psa_set_key_algorithm(&key_attr, opaque_alg); - if (opaque_alg2 != PSA_ALG_NONE) { - psa_set_key_enrollment_algorithm(&key_attr, opaque_alg2); - } - TEST_EQUAL(mbedtls_pk_import_into_psa(cert->pkey, &key_attr, &key_slot), 0); - mbedtls_pk_free(cert->pkey); - mbedtls_pk_init(cert->pkey); - TEST_EQUAL(mbedtls_pk_setup_opaque(cert->pkey, key_slot), 0); - } -#else - (void) opaque_alg; - (void) opaque_alg2; - (void) opaque_usage; -#endif - - mbedtls_ssl_conf_ca_chain(&(ep->conf), cert->ca_cert, NULL); - - ret = mbedtls_ssl_conf_own_cert(&(ep->conf), cert->cert, - cert->pkey); - TEST_ASSERT(ret == 0); - TEST_ASSERT(ep->conf.key_cert != NULL); - - ret = mbedtls_ssl_conf_own_cert(&(ep->conf), NULL, NULL); - TEST_ASSERT(ret == 0); - TEST_ASSERT(ep->conf.key_cert == NULL); - - ret = mbedtls_ssl_conf_own_cert(&(ep->conf), cert->cert, - cert->pkey); - TEST_ASSERT(ret == 0); - -exit: - if (ret != 0) { - test_ssl_endpoint_certificate_free(ep); - } - - return ret; -} - -int mbedtls_test_ssl_endpoint_init( - mbedtls_test_ssl_endpoint *ep, int endpoint_type, - mbedtls_test_handshake_test_options *options, - mbedtls_test_message_socket_context *dtls_context, - mbedtls_test_ssl_message_queue *input_queue, - mbedtls_test_ssl_message_queue *output_queue) -{ - int ret = -1; - uintptr_t user_data_n; - - if (dtls_context != NULL && - (input_queue == NULL || output_queue == NULL)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - - } - - if (ep == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - memset(ep, 0, sizeof(*ep)); - - ep->name = (endpoint_type == MBEDTLS_SSL_IS_SERVER) ? "Server" : "Client"; - - mbedtls_ssl_init(&(ep->ssl)); - mbedtls_ssl_config_init(&(ep->conf)); - mbedtls_ssl_conf_rng(&(ep->conf), mbedtls_test_random, NULL); - - TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&ep->conf) == NULL); - TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), 0); - TEST_ASSERT(mbedtls_ssl_get_user_data_p(&ep->ssl) == NULL); - TEST_EQUAL(mbedtls_ssl_get_user_data_n(&ep->ssl), 0); - - (void) mbedtls_test_rnd_std_rand(NULL, - (void *) &user_data_n, - sizeof(user_data_n)); - mbedtls_ssl_conf_set_user_data_n(&ep->conf, user_data_n); - mbedtls_ssl_set_user_data_n(&ep->ssl, user_data_n); - - if (dtls_context != NULL) { - TEST_ASSERT(mbedtls_test_message_socket_setup(input_queue, output_queue, - 100, &(ep->socket), - dtls_context) == 0); - } else { - mbedtls_test_mock_socket_init(&(ep->socket)); - } - - /* Non-blocking callbacks without timeout */ - if (dtls_context != NULL) { - mbedtls_ssl_set_bio(&(ep->ssl), dtls_context, - mbedtls_test_mock_tcp_send_msg, - mbedtls_test_mock_tcp_recv_msg, - NULL); - } else { - mbedtls_ssl_set_bio(&(ep->ssl), &(ep->socket), - mbedtls_test_mock_tcp_send_nb, - mbedtls_test_mock_tcp_recv_nb, - NULL); - } - - ret = mbedtls_ssl_config_defaults(&(ep->conf), endpoint_type, - (dtls_context != NULL) ? - MBEDTLS_SSL_TRANSPORT_DATAGRAM : - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT); - TEST_ASSERT(ret == 0); - - if (MBEDTLS_SSL_IS_CLIENT == endpoint_type) { - if (options->client_min_version != MBEDTLS_SSL_VERSION_UNKNOWN) { - mbedtls_ssl_conf_min_tls_version(&(ep->conf), - options->client_min_version); - } - - if (options->client_max_version != MBEDTLS_SSL_VERSION_UNKNOWN) { - mbedtls_ssl_conf_max_tls_version(&(ep->conf), - options->client_max_version); - } - } else { - if (options->server_min_version != MBEDTLS_SSL_VERSION_UNKNOWN) { - mbedtls_ssl_conf_min_tls_version(&(ep->conf), - options->server_min_version); - } - - if (options->server_max_version != MBEDTLS_SSL_VERSION_UNKNOWN) { - mbedtls_ssl_conf_max_tls_version(&(ep->conf), - options->server_max_version); - } - } - - if (options->group_list != NULL) { - mbedtls_ssl_conf_groups(&(ep->conf), options->group_list); - } - - mbedtls_ssl_conf_authmode(&(ep->conf), MBEDTLS_SSL_VERIFY_REQUIRED); - -#if defined(MBEDTLS_SSL_EARLY_DATA) - mbedtls_ssl_conf_early_data(&(ep->conf), options->early_data); -#if defined(MBEDTLS_SSL_SRV_C) - if (endpoint_type == MBEDTLS_SSL_IS_SERVER && - (options->max_early_data_size >= 0)) { - mbedtls_ssl_conf_max_early_data_size(&(ep->conf), - options->max_early_data_size); - } -#endif -#if defined(MBEDTLS_SSL_ALPN) - /* check that alpn_list contains at least one valid entry */ - if (options->alpn_list[0] != NULL) { - mbedtls_ssl_conf_alpn_protocols(&(ep->conf), options->alpn_list); - } -#endif -#endif - -#if defined(MBEDTLS_SSL_CACHE_C) && defined(MBEDTLS_SSL_SRV_C) - if (endpoint_type == MBEDTLS_SSL_IS_SERVER && options->cache != NULL) { - mbedtls_ssl_conf_session_cache(&(ep->conf), options->cache, - mbedtls_ssl_cache_get, - mbedtls_ssl_cache_set); - } -#endif - - ret = mbedtls_ssl_setup(&(ep->ssl), &(ep->conf)); - TEST_ASSERT(ret == 0); - -#if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_SRV_C) - if (endpoint_type == MBEDTLS_SSL_IS_SERVER && dtls_context != NULL) { - mbedtls_ssl_conf_dtls_cookies(&(ep->conf), NULL, NULL, NULL); - } -#endif - -#if defined(MBEDTLS_DEBUG_C) -#if defined(MBEDTLS_SSL_SRV_C) - if (endpoint_type == MBEDTLS_SSL_IS_SERVER && - options->srv_log_fun != NULL) { - mbedtls_ssl_conf_dbg(&(ep->conf), options->srv_log_fun, - options->srv_log_obj); - } -#endif -#if defined(MBEDTLS_SSL_CLI_C) - if (endpoint_type == MBEDTLS_SSL_IS_CLIENT && - options->cli_log_fun != NULL) { - mbedtls_ssl_conf_dbg(&(ep->conf), options->cli_log_fun, - options->cli_log_obj); - } -#endif -#endif /* MBEDTLS_DEBUG_C */ - - ret = mbedtls_test_ssl_endpoint_certificate_init(ep, options->pk_alg, - options->opaque_alg, - options->opaque_alg2, - options->opaque_usage); - TEST_ASSERT(ret == 0); - - TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), user_data_n); - mbedtls_ssl_conf_set_user_data_p(&ep->conf, ep); - TEST_EQUAL(mbedtls_ssl_get_user_data_n(&ep->ssl), user_data_n); - mbedtls_ssl_set_user_data_p(&ep->ssl, ep); - -exit: - return ret; -} - -void mbedtls_test_ssl_endpoint_free( - mbedtls_test_ssl_endpoint *ep, - mbedtls_test_message_socket_context *context) -{ - test_ssl_endpoint_certificate_free(ep); - - mbedtls_ssl_free(&(ep->ssl)); - mbedtls_ssl_config_free(&(ep->conf)); - - if (context != NULL) { - mbedtls_test_message_socket_close(context); - } else { - mbedtls_test_mock_socket_close(&(ep->socket)); - } -} - -int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl, - mbedtls_ssl_context *second_ssl, - int state) -{ - enum { BUFFSIZE = 1024 }; - int max_steps = 1000; - int ret = 0; - - if (ssl == NULL || second_ssl == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - /* Perform communication via connected sockets */ - while ((ssl->state != state) && (--max_steps >= 0)) { - /* If /p second_ssl ends the handshake procedure before /p ssl then - * there is no need to call the next step */ - if (!mbedtls_ssl_is_handshake_over(second_ssl)) { - ret = mbedtls_ssl_handshake_step(second_ssl); - if (ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ && - ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - return ret; - } - } - - /* We only care about the \p ssl state and returns, so we call it last, - * to leave the iteration as soon as the state is as expected. */ - ret = mbedtls_ssl_handshake_step(ssl); - if (ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ && - ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - return ret; - } - } - - return (max_steps >= 0) ? ret : -1; -} - -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -/* - * Write application data. Increase write counter if necessary. - */ -int mbedtls_ssl_write_fragment(mbedtls_ssl_context *ssl, - unsigned char *buf, int buf_len, - int *written, - const int expected_fragments) -{ - int ret; - /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is - * a valid no-op for TLS connections. */ - if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - TEST_ASSERT(mbedtls_ssl_write(ssl, NULL, 0) == 0); - } - - ret = mbedtls_ssl_write(ssl, buf + *written, buf_len - *written); - if (ret > 0) { - *written += ret; - } - - if (expected_fragments == 0) { - /* Used for DTLS and the message size larger than MFL. In that case - * the message can not be fragmented and the library should return - * MBEDTLS_ERR_SSL_BAD_INPUT_DATA error. This error must be returned - * to prevent a dead loop inside mbedtls_test_ssl_exchange_data(). */ - return ret; - } else if (expected_fragments == 1) { - /* Used for TLS/DTLS and the message size lower than MFL */ - TEST_ASSERT(ret == buf_len || - ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE); - } else { - /* Used for TLS and the message size larger than MFL */ - TEST_ASSERT(expected_fragments > 1); - TEST_ASSERT((ret >= 0 && ret <= buf_len) || - ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE); - } - - return 0; - -exit: - /* Some of the tests failed */ - return -1; -} - -/* - * Read application data and increase read counter and fragments counter - * if necessary. - */ -int mbedtls_ssl_read_fragment(mbedtls_ssl_context *ssl, - unsigned char *buf, int buf_len, - int *read, int *fragments, - const int expected_fragments) -{ - int ret; - /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is - * a valid no-op for TLS connections. */ - if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - TEST_ASSERT(mbedtls_ssl_read(ssl, NULL, 0) == 0); - } - - ret = mbedtls_ssl_read(ssl, buf + *read, buf_len - *read); - if (ret > 0) { - (*fragments)++; - *read += ret; - } - - if (expected_fragments == 0) { - TEST_ASSERT(ret == 0); - } else if (expected_fragments == 1) { - TEST_ASSERT(ret == buf_len || - ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE); - } else { - TEST_ASSERT(expected_fragments > 1); - TEST_ASSERT((ret >= 0 && ret <= buf_len) || - ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE); - } - - return 0; - -exit: - /* Some of the tests failed */ - return -1; -} - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -static void set_ciphersuite(mbedtls_ssl_config *conf, const char *cipher, - int *forced_ciphersuite) -{ - const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - forced_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(cipher); - forced_ciphersuite[1] = 0; - - ciphersuite_info = - mbedtls_ssl_ciphersuite_from_id(forced_ciphersuite[0]); - - TEST_ASSERT(ciphersuite_info != NULL); - TEST_ASSERT(ciphersuite_info->min_tls_version <= conf->max_tls_version); - TEST_ASSERT(ciphersuite_info->max_tls_version >= conf->min_tls_version); - - if (conf->max_tls_version > ciphersuite_info->max_tls_version) { - conf->max_tls_version = (mbedtls_ssl_protocol_version) ciphersuite_info->max_tls_version; - } - if (conf->min_tls_version < ciphersuite_info->min_tls_version) { - conf->min_tls_version = (mbedtls_ssl_protocol_version) ciphersuite_info->min_tls_version; - } - - mbedtls_ssl_conf_ciphersuites(conf, forced_ciphersuite); - -exit: - return; -} -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) && \ - defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \ - defined(MBEDTLS_SSL_SRV_C) -static int psk_dummy_callback(void *p_info, mbedtls_ssl_context *ssl, - const unsigned char *name, size_t name_len) -{ - (void) p_info; - (void) ssl; - (void) name; - (void) name_len; - - return 0; -} -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED && - MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED && - MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - defined(MBEDTLS_SSL_HAVE_CBC) && defined(MBEDTLS_SSL_HAVE_AES) -int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform, - const unsigned char *iv, - size_t iv_len, - const unsigned char *input, - size_t ilen, - unsigned char *output, - size_t *olen) -{ -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT; - size_t part_len; - - status = psa_cipher_encrypt_setup(&cipher_op, - transform->psa_key_enc, - transform->psa_alg); - - if (status != PSA_SUCCESS) { - return PSA_TO_MBEDTLS_ERR(status); - } - - status = psa_cipher_set_iv(&cipher_op, iv, iv_len); - - if (status != PSA_SUCCESS) { - return PSA_TO_MBEDTLS_ERR(status); - } - - status = psa_cipher_update(&cipher_op, input, ilen, output, ilen, olen); - - if (status != PSA_SUCCESS) { - return PSA_TO_MBEDTLS_ERR(status); - } - - status = psa_cipher_finish(&cipher_op, output + *olen, ilen - *olen, - &part_len); - - if (status != PSA_SUCCESS) { - return PSA_TO_MBEDTLS_ERR(status); - } - - *olen += part_len; - return 0; -#else - return mbedtls_cipher_crypt(&transform->cipher_ctx_enc, - iv, iv_len, input, ilen, output, olen); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ -} -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_HAVE_CBC && - MBEDTLS_SSL_HAVE_AES */ - -static void mbedtls_test_ssl_cipher_info_from_type(mbedtls_cipher_type_t cipher_type, - mbedtls_cipher_mode_t *cipher_mode, - size_t *key_bits, size_t *iv_len) -{ - switch (cipher_type) { - case MBEDTLS_CIPHER_AES_128_CBC: - *cipher_mode = MBEDTLS_MODE_CBC; - *key_bits = 128; - *iv_len = 16; - break; - case MBEDTLS_CIPHER_AES_256_CBC: - *cipher_mode = MBEDTLS_MODE_CBC; - *key_bits = 256; - *iv_len = 16; - break; - case MBEDTLS_CIPHER_ARIA_128_CBC: - *cipher_mode = MBEDTLS_MODE_CBC; - *key_bits = 128; - *iv_len = 16; - break; - case MBEDTLS_CIPHER_ARIA_256_CBC: - *cipher_mode = MBEDTLS_MODE_CBC; - *key_bits = 256; - *iv_len = 16; - break; - case MBEDTLS_CIPHER_CAMELLIA_128_CBC: - *cipher_mode = MBEDTLS_MODE_CBC; - *key_bits = 128; - *iv_len = 16; - break; - case MBEDTLS_CIPHER_CAMELLIA_256_CBC: - *cipher_mode = MBEDTLS_MODE_CBC; - *key_bits = 256; - *iv_len = 16; - break; - - case MBEDTLS_CIPHER_AES_128_CCM: - *cipher_mode = MBEDTLS_MODE_CCM; - *key_bits = 128; - *iv_len = 12; - break; - case MBEDTLS_CIPHER_AES_192_CCM: - *cipher_mode = MBEDTLS_MODE_CCM; - *key_bits = 192; - *iv_len = 12; - break; - case MBEDTLS_CIPHER_AES_256_CCM: - *cipher_mode = MBEDTLS_MODE_CCM; - *key_bits = 256; - *iv_len = 12; - break; - case MBEDTLS_CIPHER_CAMELLIA_128_CCM: - *cipher_mode = MBEDTLS_MODE_CCM; - *key_bits = 128; - *iv_len = 12; - break; - case MBEDTLS_CIPHER_CAMELLIA_192_CCM: - *cipher_mode = MBEDTLS_MODE_CCM; - *key_bits = 192; - *iv_len = 12; - break; - case MBEDTLS_CIPHER_CAMELLIA_256_CCM: - *cipher_mode = MBEDTLS_MODE_CCM; - *key_bits = 256; - *iv_len = 12; - break; - - case MBEDTLS_CIPHER_AES_128_GCM: - *cipher_mode = MBEDTLS_MODE_GCM; - *key_bits = 128; - *iv_len = 12; - break; - case MBEDTLS_CIPHER_AES_192_GCM: - *cipher_mode = MBEDTLS_MODE_GCM; - *key_bits = 192; - *iv_len = 12; - break; - case MBEDTLS_CIPHER_AES_256_GCM: - *cipher_mode = MBEDTLS_MODE_GCM; - *key_bits = 256; - *iv_len = 12; - break; - case MBEDTLS_CIPHER_CAMELLIA_128_GCM: - *cipher_mode = MBEDTLS_MODE_GCM; - *key_bits = 128; - *iv_len = 12; - break; - case MBEDTLS_CIPHER_CAMELLIA_192_GCM: - *cipher_mode = MBEDTLS_MODE_GCM; - *key_bits = 192; - *iv_len = 12; - break; - case MBEDTLS_CIPHER_CAMELLIA_256_GCM: - *cipher_mode = MBEDTLS_MODE_GCM; - *key_bits = 256; - *iv_len = 12; - break; - - case MBEDTLS_CIPHER_CHACHA20_POLY1305: - *cipher_mode = MBEDTLS_MODE_CHACHAPOLY; - *key_bits = 256; - *iv_len = 12; - break; - - case MBEDTLS_CIPHER_NULL: - *cipher_mode = MBEDTLS_MODE_STREAM; - *key_bits = 0; - *iv_len = 0; - break; - - default: - *cipher_mode = MBEDTLS_MODE_NONE; - *key_bits = 0; - *iv_len = 0; - } -} - -int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, - mbedtls_ssl_transform *t_out, - int cipher_type, int hash_id, - int etm, int tag_mode, - mbedtls_ssl_protocol_version tls_version, - size_t cid0_len, - size_t cid1_len) -{ - mbedtls_cipher_mode_t cipher_mode = MBEDTLS_MODE_NONE; - size_t key_bits = 0; - int ret = 0; - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_key_type_t key_type; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_algorithm_t alg; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; -#else - mbedtls_cipher_info_t const *cipher_info; -#endif - - size_t keylen, maclen, ivlen = 0; - unsigned char *key0 = NULL, *key1 = NULL; - unsigned char *md0 = NULL, *md1 = NULL; - unsigned char iv_enc[16], iv_dec[16]; - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - unsigned char cid0[SSL_CID_LEN_MIN]; - unsigned char cid1[SSL_CID_LEN_MIN]; - - mbedtls_test_rnd_std_rand(NULL, cid0, sizeof(cid0)); - mbedtls_test_rnd_std_rand(NULL, cid1, sizeof(cid1)); -#else - ((void) cid0_len); - ((void) cid1_len); -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - - maclen = 0; - mbedtls_test_ssl_cipher_info_from_type((mbedtls_cipher_type_t) cipher_type, - &cipher_mode, &key_bits, &ivlen); - - /* Pick keys */ - keylen = key_bits / 8; - /* Allocate `keylen + 1` bytes to ensure that we get - * a non-NULL pointers from `mbedtls_calloc` even if - * `keylen == 0` in the case of the NULL cipher. */ - CHK((key0 = mbedtls_calloc(1, keylen + 1)) != NULL); - CHK((key1 = mbedtls_calloc(1, keylen + 1)) != NULL); - memset(key0, 0x1, keylen); - memset(key1, 0x2, keylen); - -#if !defined(MBEDTLS_USE_PSA_CRYPTO) - /* Pick cipher */ - cipher_info = mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) cipher_type); - CHK(cipher_info != NULL); - CHK(mbedtls_cipher_info_get_iv_size(cipher_info) <= 16); - CHK(mbedtls_cipher_info_get_key_bitlen(cipher_info) % 8 == 0); - - /* Setup cipher contexts */ - CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_enc, cipher_info) == 0); - CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_dec, cipher_info) == 0); - CHK(mbedtls_cipher_setup(&t_out->cipher_ctx_enc, cipher_info) == 0); - CHK(mbedtls_cipher_setup(&t_out->cipher_ctx_dec, cipher_info) == 0); - -#if defined(MBEDTLS_CIPHER_MODE_CBC) - if (cipher_mode == MBEDTLS_MODE_CBC) { - CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_enc, - MBEDTLS_PADDING_NONE) == 0); - CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_dec, - MBEDTLS_PADDING_NONE) == 0); - CHK(mbedtls_cipher_set_padding_mode(&t_out->cipher_ctx_enc, - MBEDTLS_PADDING_NONE) == 0); - CHK(mbedtls_cipher_set_padding_mode(&t_out->cipher_ctx_dec, - MBEDTLS_PADDING_NONE) == 0); - } -#endif /* MBEDTLS_CIPHER_MODE_CBC */ - - CHK(mbedtls_cipher_setkey(&t_in->cipher_ctx_enc, key0, - (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3, - MBEDTLS_ENCRYPT) - == 0); - CHK(mbedtls_cipher_setkey(&t_in->cipher_ctx_dec, key1, - (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3, - MBEDTLS_DECRYPT) - == 0); - CHK(mbedtls_cipher_setkey(&t_out->cipher_ctx_enc, key1, - (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3, - MBEDTLS_ENCRYPT) - == 0); - CHK(mbedtls_cipher_setkey(&t_out->cipher_ctx_dec, key0, - (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3, - MBEDTLS_DECRYPT) - == 0); -#endif /* !MBEDTLS_USE_PSA_CRYPTO */ - - /* Setup MAC contexts */ -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) - if (cipher_mode == MBEDTLS_MODE_CBC || - cipher_mode == MBEDTLS_MODE_STREAM) { -#if !defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_md_info_t const *md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) hash_id); - CHK(md_info != NULL); -#endif - maclen = mbedtls_md_get_size_from_type((mbedtls_md_type_t) hash_id); - CHK(maclen != 0); - /* Pick hash keys */ - CHK((md0 = mbedtls_calloc(1, maclen)) != NULL); - CHK((md1 = mbedtls_calloc(1, maclen)) != NULL); - memset(md0, 0x5, maclen); - memset(md1, 0x6, maclen); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - alg = mbedtls_md_psa_alg_from_type(hash_id); - - CHK(alg != 0); - - t_out->psa_mac_alg = PSA_ALG_HMAC(alg); - t_in->psa_mac_alg = PSA_ALG_HMAC(alg); - t_in->psa_mac_enc = MBEDTLS_SVC_KEY_ID_INIT; - t_out->psa_mac_enc = MBEDTLS_SVC_KEY_ID_INIT; - t_in->psa_mac_dec = MBEDTLS_SVC_KEY_ID_INIT; - t_out->psa_mac_dec = MBEDTLS_SVC_KEY_ID_INIT; - - psa_reset_key_attributes(&attributes); - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE); - psa_set_key_algorithm(&attributes, PSA_ALG_HMAC(alg)); - psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC); - - CHK(psa_import_key(&attributes, - md0, maclen, - &t_in->psa_mac_enc) == PSA_SUCCESS); - - CHK(psa_import_key(&attributes, - md1, maclen, - &t_out->psa_mac_enc) == PSA_SUCCESS); - - if (cipher_mode == MBEDTLS_MODE_STREAM || - etm == MBEDTLS_SSL_ETM_DISABLED) { - /* mbedtls_ct_hmac() requires the key to be exportable */ - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT | - PSA_KEY_USAGE_VERIFY_HASH); - } else { - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); - } - - CHK(psa_import_key(&attributes, - md1, maclen, - &t_in->psa_mac_dec) == PSA_SUCCESS); - - CHK(psa_import_key(&attributes, - md0, maclen, - &t_out->psa_mac_dec) == PSA_SUCCESS); -#else - CHK(mbedtls_md_setup(&t_out->md_ctx_enc, md_info, 1) == 0); - CHK(mbedtls_md_setup(&t_out->md_ctx_dec, md_info, 1) == 0); - CHK(mbedtls_md_setup(&t_in->md_ctx_enc, md_info, 1) == 0); - CHK(mbedtls_md_setup(&t_in->md_ctx_dec, md_info, 1) == 0); - - CHK(mbedtls_md_hmac_starts(&t_in->md_ctx_enc, - md0, maclen) == 0); - CHK(mbedtls_md_hmac_starts(&t_in->md_ctx_dec, - md1, maclen) == 0); - CHK(mbedtls_md_hmac_starts(&t_out->md_ctx_enc, - md1, maclen) == 0); - CHK(mbedtls_md_hmac_starts(&t_out->md_ctx_dec, - md0, maclen) == 0); -#endif - } -#else - ((void) hash_id); -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ - - - /* Pick IV's (regardless of whether they - * are being used by the transform). */ - memset(iv_enc, 0x3, sizeof(iv_enc)); - memset(iv_dec, 0x4, sizeof(iv_dec)); - - /* - * Setup transforms - */ - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \ - defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) - t_out->encrypt_then_mac = etm; - t_in->encrypt_then_mac = etm; -#else - ((void) etm); -#endif - - t_out->tls_version = tls_version; - t_in->tls_version = tls_version; - t_out->ivlen = ivlen; - t_in->ivlen = ivlen; - - switch (cipher_mode) { - case MBEDTLS_MODE_GCM: - case MBEDTLS_MODE_CCM: -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - t_out->fixed_ivlen = 12; - t_in->fixed_ivlen = 12; - } else -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - { - t_out->fixed_ivlen = 4; - t_in->fixed_ivlen = 4; - } - t_out->maclen = 0; - t_in->maclen = 0; - switch (tag_mode) { - case 0: /* Full tag */ - t_out->taglen = 16; - t_in->taglen = 16; - break; - case 1: /* Partial tag */ - t_out->taglen = 8; - t_in->taglen = 8; - break; - default: - ret = 1; - goto cleanup; - } - break; - - case MBEDTLS_MODE_CHACHAPOLY: - t_out->fixed_ivlen = 12; - t_in->fixed_ivlen = 12; - t_out->maclen = 0; - t_in->maclen = 0; - switch (tag_mode) { - case 0: /* Full tag */ - t_out->taglen = 16; - t_in->taglen = 16; - break; - case 1: /* Partial tag */ - t_out->taglen = 8; - t_in->taglen = 8; - break; - default: - ret = 1; - goto cleanup; - } - break; - - case MBEDTLS_MODE_STREAM: - case MBEDTLS_MODE_CBC: - t_out->fixed_ivlen = 0; /* redundant, must be 0 */ - t_in->fixed_ivlen = 0; /* redundant, must be 0 */ - t_out->taglen = 0; - t_in->taglen = 0; - switch (tag_mode) { - case 0: /* Full tag */ - t_out->maclen = maclen; - t_in->maclen = maclen; - break; - default: - ret = 1; - goto cleanup; - } - break; - default: - ret = 1; - goto cleanup; - break; - } - - /* Setup IV's */ - - memcpy(&t_in->iv_dec, iv_dec, sizeof(iv_dec)); - memcpy(&t_in->iv_enc, iv_enc, sizeof(iv_enc)); - memcpy(&t_out->iv_dec, iv_enc, sizeof(iv_enc)); - memcpy(&t_out->iv_enc, iv_dec, sizeof(iv_dec)); - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - /* Add CID */ - memcpy(&t_in->in_cid, cid0, cid0_len); - memcpy(&t_in->out_cid, cid1, cid1_len); - t_in->in_cid_len = (uint8_t) cid0_len; - t_in->out_cid_len = (uint8_t) cid1_len; - memcpy(&t_out->in_cid, cid1, cid1_len); - memcpy(&t_out->out_cid, cid0, cid0_len); - t_out->in_cid_len = (uint8_t) cid1_len; - t_out->out_cid_len = (uint8_t) cid0_len; -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - status = mbedtls_ssl_cipher_to_psa(cipher_type, - t_in->taglen, - &alg, - &key_type, - &key_bits); - - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto cleanup; - } - - t_in->psa_alg = alg; - t_out->psa_alg = alg; - - if (alg != MBEDTLS_SSL_NULL_CIPHER) { - psa_reset_key_attributes(&attributes); - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); - psa_set_key_algorithm(&attributes, alg); - psa_set_key_type(&attributes, key_type); - - status = psa_import_key(&attributes, - key0, - PSA_BITS_TO_BYTES(key_bits), - &t_in->psa_key_enc); - - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto cleanup; - } - - status = psa_import_key(&attributes, - key1, - PSA_BITS_TO_BYTES(key_bits), - &t_out->psa_key_enc); - - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto cleanup; - } - - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); - - status = psa_import_key(&attributes, - key1, - PSA_BITS_TO_BYTES(key_bits), - &t_in->psa_key_dec); - - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto cleanup; - } - - status = psa_import_key(&attributes, - key0, - PSA_BITS_TO_BYTES(key_bits), - &t_out->psa_key_dec); - - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto cleanup; - } - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -cleanup: - - mbedtls_free(key0); - mbedtls_free(key1); - - mbedtls_free(md0); - mbedtls_free(md1); - - return ret; -} - -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) -int mbedtls_test_ssl_prepare_record_mac(mbedtls_record *record, - mbedtls_ssl_transform *transform_out) -{ -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; -#endif - - /* Serialized version of record header for MAC purposes */ - unsigned char add_data[13]; - memcpy(add_data, record->ctr, 8); - add_data[8] = record->type; - add_data[9] = record->ver[0]; - add_data[10] = record->ver[1]; - add_data[11] = (record->data_len >> 8) & 0xff; - add_data[12] = (record->data_len >> 0) & 0xff; - - /* MAC with additional data */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) - size_t sign_mac_length = 0; - TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_setup(&operation, - transform_out->psa_mac_enc, - transform_out->psa_mac_alg)); - TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation, add_data, 13)); - TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation, - record->buf + record->data_offset, - record->data_len)); - /* Use a temporary buffer for the MAC, because with the truncated HMAC - * extension, there might not be enough room in the record for the - * full-length MAC. */ - unsigned char mac[PSA_HASH_MAX_SIZE]; - TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_finish(&operation, - mac, sizeof(mac), - &sign_mac_length)); -#else - TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc, add_data, 13)); - TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc, - record->buf + record->data_offset, - record->data_len)); - /* Use a temporary buffer for the MAC, because with the truncated HMAC - * extension, there might not be enough room in the record for the - * full-length MAC. */ - unsigned char mac[MBEDTLS_MD_MAX_SIZE]; - TEST_EQUAL(0, mbedtls_md_hmac_finish(&transform_out->md_ctx_enc, mac)); -#endif - memcpy(record->buf + record->data_offset + record->data_len, mac, transform_out->maclen); - record->data_len += transform_out->maclen; - - return 0; - -exit: -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_mac_abort(&operation); -#endif - return -1; -} -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) -int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, - int ticket_len, - int endpoint_type, - const char *crt_file) -{ - (void) ticket_len; - -#if defined(MBEDTLS_HAVE_TIME) - session->start = mbedtls_time(NULL) - 42; -#endif - session->tls_version = MBEDTLS_SSL_VERSION_TLS1_2; - - TEST_ASSERT(endpoint_type == MBEDTLS_SSL_IS_CLIENT || - endpoint_type == MBEDTLS_SSL_IS_SERVER); - - session->endpoint = endpoint_type; - session->ciphersuite = 0xabcd; - session->id_len = sizeof(session->id); - memset(session->id, 66, session->id_len); - memset(session->master, 17, sizeof(session->master)); - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) && defined(MBEDTLS_FS_IO) - if (crt_file != NULL && strlen(crt_file) != 0) { - mbedtls_x509_crt tmp_crt; - int ret; - - mbedtls_x509_crt_init(&tmp_crt); - ret = mbedtls_x509_crt_parse_file(&tmp_crt, crt_file); - if (ret != 0) { - return ret; - } - -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - /* Move temporary CRT. */ - session->peer_cert = mbedtls_calloc(1, sizeof(*session->peer_cert)); - if (session->peer_cert == NULL) { - return -1; - } - *session->peer_cert = tmp_crt; - memset(&tmp_crt, 0, sizeof(tmp_crt)); -#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - /* Calculate digest of temporary CRT. */ - session->peer_cert_digest = - mbedtls_calloc(1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN); - if (session->peer_cert_digest == NULL) { - return -1; - } - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_algorithm_t psa_alg = mbedtls_md_psa_alg_from_type( - MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE); - size_t hash_size = 0; - psa_status_t status = psa_hash_compute( - psa_alg, tmp_crt.raw.p, - tmp_crt.raw.len, - session->peer_cert_digest, - MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN, - &hash_size); - ret = PSA_TO_MBEDTLS_ERR(status); -#else - ret = mbedtls_md(mbedtls_md_info_from_type( - MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE), - tmp_crt.raw.p, tmp_crt.raw.len, - session->peer_cert_digest); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - if (ret != 0) { - return ret; - } - session->peer_cert_digest_type = - MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE; - session->peer_cert_digest_len = - MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN; -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - - mbedtls_x509_crt_free(&tmp_crt); - } -#else /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED && MBEDTLS_FS_IO */ - (void) crt_file; -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED && MBEDTLS_FS_IO */ - session->verify_result = 0xdeadbeef; - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -#if defined(MBEDTLS_SSL_CLI_C) - if (ticket_len != 0) { - session->ticket = mbedtls_calloc(1, ticket_len); - if (session->ticket == NULL) { - return -1; - } - memset(session->ticket, 33, ticket_len); - } - session->ticket_len = ticket_len; - session->ticket_lifetime = 86401; -#endif /* MBEDTLS_SSL_CLI_C */ - -#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_HAVE_TIME) - if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { - session->ticket_creation_time = mbedtls_ms_time() - 42; - } -#endif -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - session->mfl_code = 1; -#endif -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - session->encrypt_then_mac = 1; -#endif - -exit: - return 0; -} -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) -int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session, - int ticket_len, - int endpoint_type) -{ - ((void) ticket_len); - session->tls_version = MBEDTLS_SSL_VERSION_TLS1_3; - session->endpoint = endpoint_type == MBEDTLS_SSL_IS_CLIENT ? - MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER; - session->ciphersuite = 0xabcd; - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - session->ticket_age_add = 0x87654321; - session->ticket_flags = 0x7; - session->resumption_key_len = 32; - memset(session->resumption_key, 0x99, sizeof(session->resumption_key)); -#endif - -#if defined(MBEDTLS_SSL_SRV_C) - if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_ALPN) - int ret = mbedtls_ssl_session_set_ticket_alpn(session, "ALPNExample"); - if (ret != 0) { - return -1; - } -#endif -#if defined(MBEDTLS_HAVE_TIME) - session->ticket_creation_time = mbedtls_ms_time() - 42; -#endif -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - } -#endif /* MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_SSL_CLI_C) - if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -#if defined(MBEDTLS_HAVE_TIME) - session->ticket_reception_time = mbedtls_ms_time() - 40; -#endif - session->ticket_lifetime = 0xfedcba98; - - session->ticket_len = ticket_len; - if (ticket_len != 0) { - session->ticket = mbedtls_calloc(1, ticket_len); - if (session->ticket == NULL) { - return -1; - } - memset(session->ticket, 33, ticket_len); - } -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - char hostname[] = "hostname example"; - session->hostname = mbedtls_calloc(1, sizeof(hostname)); - if (session->hostname == NULL) { - return -1; - } - memcpy(session->hostname, hostname, sizeof(hostname)); -#endif -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - } -#endif /* MBEDTLS_SSL_CLI_C */ - -#if defined(MBEDTLS_SSL_EARLY_DATA) - session->max_early_data_size = 0x87654321; -#endif /* MBEDTLS_SSL_EARLY_DATA */ - -#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) - session->record_size_limit = 2048; -#endif - - return 0; -} -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - -int mbedtls_test_ssl_exchange_data( - mbedtls_ssl_context *ssl_1, - int msg_len_1, const int expected_fragments_1, - mbedtls_ssl_context *ssl_2, - int msg_len_2, const int expected_fragments_2) -{ - unsigned char *msg_buf_1 = malloc(msg_len_1); - unsigned char *msg_buf_2 = malloc(msg_len_2); - unsigned char *in_buf_1 = malloc(msg_len_2); - unsigned char *in_buf_2 = malloc(msg_len_1); - int msg_type, ret = -1; - - /* Perform this test with two message types. At first use a message - * consisting of only 0x00 for the client and only 0xFF for the server. - * At the second time use message with generated data */ - for (msg_type = 0; msg_type < 2; msg_type++) { - int written_1 = 0; - int written_2 = 0; - int read_1 = 0; - int read_2 = 0; - int fragments_1 = 0; - int fragments_2 = 0; - - if (msg_type == 0) { - memset(msg_buf_1, 0x00, msg_len_1); - memset(msg_buf_2, 0xff, msg_len_2); - } else { - int i, j = 0; - for (i = 0; i < msg_len_1; i++) { - msg_buf_1[i] = j++ & 0xFF; - } - for (i = 0; i < msg_len_2; i++) { - msg_buf_2[i] = (j -= 5) & 0xFF; - } - } - - while (read_1 < msg_len_2 || read_2 < msg_len_1) { - /* ssl_1 sending */ - if (msg_len_1 > written_1) { - ret = mbedtls_ssl_write_fragment(ssl_1, msg_buf_1, - msg_len_1, &written_1, - expected_fragments_1); - if (expected_fragments_1 == 0) { - /* This error is expected when the message is too large and - * cannot be fragmented */ - TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - msg_len_1 = 0; - } else { - TEST_ASSERT(ret == 0); - } - } - - /* ssl_2 sending */ - if (msg_len_2 > written_2) { - ret = mbedtls_ssl_write_fragment(ssl_2, msg_buf_2, - msg_len_2, &written_2, - expected_fragments_2); - if (expected_fragments_2 == 0) { - /* This error is expected when the message is too large and - * cannot be fragmented */ - TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - msg_len_2 = 0; - } else { - TEST_ASSERT(ret == 0); - } - } - - /* ssl_1 reading */ - if (read_1 < msg_len_2) { - ret = mbedtls_ssl_read_fragment(ssl_1, in_buf_1, - msg_len_2, &read_1, - &fragments_2, - expected_fragments_2); - TEST_ASSERT(ret == 0); - } - - /* ssl_2 reading */ - if (read_2 < msg_len_1) { - ret = mbedtls_ssl_read_fragment(ssl_2, in_buf_2, - msg_len_1, &read_2, - &fragments_1, - expected_fragments_1); - TEST_ASSERT(ret == 0); - } - } - - ret = -1; - TEST_ASSERT(0 == memcmp(msg_buf_1, in_buf_2, msg_len_1)); - TEST_ASSERT(0 == memcmp(msg_buf_2, in_buf_1, msg_len_2)); - TEST_ASSERT(fragments_1 == expected_fragments_1); - TEST_ASSERT(fragments_2 == expected_fragments_2); - } - - ret = 0; - -exit: - free(msg_buf_1); - free(in_buf_1); - free(msg_buf_2); - free(in_buf_2); - - return ret; -} - -/* - * Perform data exchanging between \p ssl_1 and \p ssl_2. Both of endpoints - * must be initialized and connected beforehand. - * - * \retval 0 on success, otherwise error code. - */ -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) && \ - (defined(MBEDTLS_SSL_RENEGOTIATION) || \ - defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)) -static int exchange_data(mbedtls_ssl_context *ssl_1, - mbedtls_ssl_context *ssl_2) -{ - return mbedtls_test_ssl_exchange_data(ssl_1, 256, 1, - ssl_2, 256, 1); -} -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED && - (MBEDTLS_SSL_RENEGOTIATION || - MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -static int check_ssl_version( - mbedtls_ssl_protocol_version expected_negotiated_version, - const mbedtls_ssl_context *ssl) -{ - const char *version_string = mbedtls_ssl_get_version(ssl); - mbedtls_ssl_protocol_version version_number = - mbedtls_ssl_get_version_number(ssl); - - TEST_EQUAL(ssl->tls_version, expected_negotiated_version); - - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - TEST_EQUAL(version_string[0], 'D'); - ++version_string; - } - - switch (expected_negotiated_version) { - case MBEDTLS_SSL_VERSION_TLS1_2: - TEST_EQUAL(version_number, MBEDTLS_SSL_VERSION_TLS1_2); - TEST_ASSERT(strcmp(version_string, "TLSv1.2") == 0); - break; - - case MBEDTLS_SSL_VERSION_TLS1_3: - TEST_EQUAL(version_number, MBEDTLS_SSL_VERSION_TLS1_3); - TEST_ASSERT(strcmp(version_string, "TLSv1.3") == 0); - break; - - default: - TEST_FAIL( - "Version check not implemented for this protocol version"); - } - - return 1; - -exit: - return 0; -} -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -void mbedtls_test_ssl_perform_handshake( - mbedtls_test_handshake_test_options *options) -{ - /* forced_ciphersuite needs to last until the end of the handshake */ - int forced_ciphersuite[2]; - enum { BUFFSIZE = 17000 }; - mbedtls_test_ssl_endpoint client, server; -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) - const char *psk_identity = "foo"; -#endif -#if defined(MBEDTLS_TIMING_C) - mbedtls_timing_delay_context timer_client, timer_server; -#endif -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) - unsigned char *context_buf = NULL; - size_t context_buf_len; -#endif -#if defined(MBEDTLS_SSL_RENEGOTIATION) - int ret = -1; -#endif - int expected_handshake_result = options->expected_handshake_result; - - MD_OR_USE_PSA_INIT(); - mbedtls_platform_zeroize(&client, sizeof(client)); - mbedtls_platform_zeroize(&server, sizeof(server)); - mbedtls_test_ssl_message_queue server_queue, client_queue; - mbedtls_test_message_socket_context server_context, client_context; - mbedtls_test_message_socket_init(&server_context); - mbedtls_test_message_socket_init(&client_context); - -#if defined(MBEDTLS_DEBUG_C) - if (options->cli_log_fun || options->srv_log_fun) { - mbedtls_debug_set_threshold(4); - } -#endif - - /* Client side */ - if (options->dtls != 0) { - TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, - MBEDTLS_SSL_IS_CLIENT, - options, &client_context, - &client_queue, - &server_queue) == 0); -#if defined(MBEDTLS_TIMING_C) - mbedtls_ssl_set_timer_cb(&client.ssl, &timer_client, - mbedtls_timing_set_delay, - mbedtls_timing_get_delay); -#endif - } else { - TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, - MBEDTLS_SSL_IS_CLIENT, - options, NULL, NULL, - NULL) == 0); - } - - if (strlen(options->cipher) > 0) { - set_ciphersuite(&client.conf, options->cipher, forced_ciphersuite); - } - - /* Server side */ - if (options->dtls != 0) { - TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, - MBEDTLS_SSL_IS_SERVER, - options, &server_context, - &server_queue, - &client_queue) == 0); -#if defined(MBEDTLS_TIMING_C) - mbedtls_ssl_set_timer_cb(&server.ssl, &timer_server, - mbedtls_timing_set_delay, - mbedtls_timing_get_delay); -#endif - } else { - TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, - MBEDTLS_SSL_IS_SERVER, - options, NULL, NULL, - NULL) == 0); - } - - mbedtls_ssl_conf_authmode(&server.conf, options->srv_auth_mode); - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - TEST_ASSERT(mbedtls_ssl_conf_max_frag_len(&(server.conf), - (unsigned char) options->mfl) - == 0); - TEST_ASSERT(mbedtls_ssl_conf_max_frag_len(&(client.conf), - (unsigned char) options->mfl) - == 0); -#else - TEST_ASSERT(MBEDTLS_SSL_MAX_FRAG_LEN_NONE == options->mfl); -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) - if (options->psk_str != NULL && options->psk_str->len > 0) { - TEST_ASSERT(mbedtls_ssl_conf_psk( - &client.conf, options->psk_str->x, - options->psk_str->len, - (const unsigned char *) psk_identity, - strlen(psk_identity)) == 0); - - TEST_ASSERT(mbedtls_ssl_conf_psk( - &server.conf, options->psk_str->x, - options->psk_str->len, - (const unsigned char *) psk_identity, - strlen(psk_identity)) == 0); -#if defined(MBEDTLS_SSL_SRV_C) - mbedtls_ssl_conf_psk_cb(&server.conf, psk_dummy_callback, NULL); -#endif - } -#endif -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if (options->renegotiate) { - mbedtls_ssl_conf_renegotiation(&(server.conf), - MBEDTLS_SSL_RENEGOTIATION_ENABLED); - mbedtls_ssl_conf_renegotiation(&(client.conf), - MBEDTLS_SSL_RENEGOTIATION_ENABLED); - - mbedtls_ssl_conf_legacy_renegotiation(&(server.conf), - options->legacy_renegotiation); - mbedtls_ssl_conf_legacy_renegotiation(&(client.conf), - options->legacy_renegotiation); - } -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - - TEST_ASSERT(mbedtls_test_mock_socket_connect(&(client.socket), - &(server.socket), - BUFFSIZE) == 0); - -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - if (options->resize_buffers != 0) { - /* Ensure that the buffer sizes are appropriate before resizes */ - TEST_ASSERT(client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN); - TEST_ASSERT(client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN); - TEST_ASSERT(server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN); - TEST_ASSERT(server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN); - } -#endif - - if (options->expected_negotiated_version == MBEDTLS_SSL_VERSION_UNKNOWN) { - expected_handshake_result = MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION; - } - - TEST_ASSERT(mbedtls_test_move_handshake_to_state(&(client.ssl), - &(server.ssl), - MBEDTLS_SSL_HANDSHAKE_OVER) - == expected_handshake_result); - - if (expected_handshake_result != 0) { - /* Connection will have failed by this point, skip to cleanup */ - goto exit; - } - - TEST_ASSERT(mbedtls_ssl_is_handshake_over(&client.ssl) == 1); - - /* Make sure server state is moved to HANDSHAKE_OVER also. */ - TEST_EQUAL(mbedtls_test_move_handshake_to_state(&(server.ssl), - &(client.ssl), - MBEDTLS_SSL_HANDSHAKE_OVER), - 0); - - TEST_ASSERT(mbedtls_ssl_is_handshake_over(&server.ssl) == 1); - /* Check that both sides have negotiated the expected version. */ - mbedtls_test_set_step(0); - if (!check_ssl_version(options->expected_negotiated_version, - &client.ssl)) { - goto exit; - } - - mbedtls_test_set_step(1); - if (!check_ssl_version(options->expected_negotiated_version, - &server.ssl)) { - goto exit; - } - - if (options->expected_ciphersuite != 0) { - TEST_EQUAL(server.ssl.session->ciphersuite, - options->expected_ciphersuite); - } - -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - if (options->resize_buffers != 0) { - /* A server, when using DTLS, might delay a buffer resize to happen - * after it receives a message, so we force it. */ - TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0); - - TEST_ASSERT(client.ssl.out_buf_len == - mbedtls_ssl_get_output_buflen(&client.ssl)); - TEST_ASSERT(client.ssl.in_buf_len == - mbedtls_ssl_get_input_buflen(&client.ssl)); - TEST_ASSERT(server.ssl.out_buf_len == - mbedtls_ssl_get_output_buflen(&server.ssl)); - TEST_ASSERT(server.ssl.in_buf_len == - mbedtls_ssl_get_input_buflen(&server.ssl)); - } -#endif - - if (options->cli_msg_len != 0 || options->srv_msg_len != 0) { - /* Start data exchanging test */ - TEST_ASSERT(mbedtls_test_ssl_exchange_data( - &(client.ssl), options->cli_msg_len, - options->expected_cli_fragments, - &(server.ssl), options->srv_msg_len, - options->expected_srv_fragments) - == 0); - } -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) - if (options->serialize == 1) { - TEST_ASSERT(options->dtls == 1); - - TEST_ASSERT(mbedtls_ssl_context_save(&(server.ssl), NULL, - 0, &context_buf_len) - == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); - - context_buf = mbedtls_calloc(1, context_buf_len); - TEST_ASSERT(context_buf != NULL); - - TEST_ASSERT(mbedtls_ssl_context_save(&(server.ssl), context_buf, - context_buf_len, - &context_buf_len) - == 0); - - mbedtls_ssl_free(&(server.ssl)); - mbedtls_ssl_init(&(server.ssl)); - - TEST_ASSERT(mbedtls_ssl_setup(&(server.ssl), &(server.conf)) == 0); - - mbedtls_ssl_set_bio(&(server.ssl), &server_context, - mbedtls_test_mock_tcp_send_msg, - mbedtls_test_mock_tcp_recv_msg, - NULL); - - mbedtls_ssl_set_user_data_p(&server.ssl, &server); - -#if defined(MBEDTLS_TIMING_C) - mbedtls_ssl_set_timer_cb(&server.ssl, &timer_server, - mbedtls_timing_set_delay, - mbedtls_timing_get_delay); -#endif -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - if (options->resize_buffers != 0) { - /* Ensure that the buffer sizes are appropriate before resizes */ - TEST_ASSERT(server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN); - TEST_ASSERT(server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN); - } -#endif - TEST_ASSERT(mbedtls_ssl_context_load(&(server.ssl), context_buf, - context_buf_len) == 0); - -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - /* Validate buffer sizes after context deserialization */ - if (options->resize_buffers != 0) { - TEST_ASSERT(server.ssl.out_buf_len == - mbedtls_ssl_get_output_buflen(&server.ssl)); - TEST_ASSERT(server.ssl.in_buf_len == - mbedtls_ssl_get_input_buflen(&server.ssl)); - } -#endif - /* Retest writing/reading */ - if (options->cli_msg_len != 0 || options->srv_msg_len != 0) { - TEST_ASSERT(mbedtls_test_ssl_exchange_data( - &(client.ssl), options->cli_msg_len, - options->expected_cli_fragments, - &(server.ssl), options->srv_msg_len, - options->expected_srv_fragments) - == 0); - } - } -#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ - -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if (options->renegotiate) { - /* Start test with renegotiation */ - TEST_ASSERT(server.ssl.renego_status == - MBEDTLS_SSL_INITIAL_HANDSHAKE); - TEST_ASSERT(client.ssl.renego_status == - MBEDTLS_SSL_INITIAL_HANDSHAKE); - - /* After calling this function for the server, it only sends a handshake - * request. All renegotiation should happen during data exchanging */ - TEST_ASSERT(mbedtls_ssl_renegotiate(&(server.ssl)) == 0); - TEST_ASSERT(server.ssl.renego_status == - MBEDTLS_SSL_RENEGOTIATION_PENDING); - TEST_ASSERT(client.ssl.renego_status == - MBEDTLS_SSL_INITIAL_HANDSHAKE); - - TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0); - TEST_ASSERT(server.ssl.renego_status == - MBEDTLS_SSL_RENEGOTIATION_DONE); - TEST_ASSERT(client.ssl.renego_status == - MBEDTLS_SSL_RENEGOTIATION_DONE); - - /* After calling mbedtls_ssl_renegotiate for the client, - * all renegotiation should happen inside this function. - * However in this test, we cannot perform simultaneous communication - * between client and server so this function will return waiting error - * on the socket. All rest of renegotiation should happen - * during data exchanging */ - ret = mbedtls_ssl_renegotiate(&(client.ssl)); -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - if (options->resize_buffers != 0) { - /* Ensure that the buffer sizes are appropriate before resizes */ - TEST_ASSERT(client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN); - TEST_ASSERT(client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN); - } -#endif - TEST_ASSERT(ret == 0 || - ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE); - TEST_ASSERT(server.ssl.renego_status == - MBEDTLS_SSL_RENEGOTIATION_DONE); - TEST_ASSERT(client.ssl.renego_status == - MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS); - - TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0); - TEST_ASSERT(server.ssl.renego_status == - MBEDTLS_SSL_RENEGOTIATION_DONE); - TEST_ASSERT(client.ssl.renego_status == - MBEDTLS_SSL_RENEGOTIATION_DONE); -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - /* Validate buffer sizes after renegotiation */ - if (options->resize_buffers != 0) { - TEST_ASSERT(client.ssl.out_buf_len == - mbedtls_ssl_get_output_buflen(&client.ssl)); - TEST_ASSERT(client.ssl.in_buf_len == - mbedtls_ssl_get_input_buflen(&client.ssl)); - TEST_ASSERT(server.ssl.out_buf_len == - mbedtls_ssl_get_output_buflen(&server.ssl)); - TEST_ASSERT(server.ssl.in_buf_len == - mbedtls_ssl_get_input_buflen(&server.ssl)); - } -#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */ - } -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - - TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&client.conf) == &client); - TEST_ASSERT(mbedtls_ssl_get_user_data_p(&client.ssl) == &client); - TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&server.conf) == &server); - TEST_ASSERT(mbedtls_ssl_get_user_data_p(&server.ssl) == &server); - -exit: - mbedtls_test_ssl_endpoint_free(&client, - options->dtls != 0 ? &client_context : NULL); - mbedtls_test_ssl_endpoint_free(&server, - options->dtls != 0 ? &server_context : NULL); -#if defined(MBEDTLS_DEBUG_C) - if (options->cli_log_fun || options->srv_log_fun) { - mbedtls_debug_set_threshold(0); - } -#endif -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) - if (context_buf != NULL) { - mbedtls_free(context_buf); - } -#endif - MD_OR_USE_PSA_DONE(); -} -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(MBEDTLS_TEST_HOOKS) -int mbedtls_test_tweak_tls13_certificate_msg_vector_len( - unsigned char *buf, unsigned char **end, int tweak, - int *expected_result, mbedtls_ssl_chk_buf_ptr_args *args) -{ -/* - * The definition of the tweaks assume that the certificate list contains only - * one certificate. - */ - -/* - * struct { - * opaque cert_data<1..2^24-1>; - * Extension extensions<0..2^16-1>; - * } CertificateEntry; - * - * struct { - * opaque certificate_request_context<0..2^8-1>; - * CertificateEntry certificate_list<0..2^24-1>; - * } Certificate; - */ - unsigned char *p_certificate_request_context_len = buf; - size_t certificate_request_context_len = buf[0]; - - unsigned char *p_certificate_list_len = - buf + 1 + certificate_request_context_len; - unsigned char *certificate_list = p_certificate_list_len + 3; - size_t certificate_list_len = - MBEDTLS_GET_UINT24_BE(p_certificate_list_len, 0); - - unsigned char *p_cert_data_len = certificate_list; - unsigned char *cert_data = p_cert_data_len + 3; - size_t cert_data_len = MBEDTLS_GET_UINT24_BE(p_cert_data_len, 0); - - unsigned char *p_extensions_len = cert_data + cert_data_len; - unsigned char *extensions = p_extensions_len + 2; - size_t extensions_len = MBEDTLS_GET_UINT16_BE(p_extensions_len, 0); - - *expected_result = MBEDTLS_ERR_SSL_DECODE_ERROR; - - switch (tweak) { - case 1: - /* Failure when checking if the certificate request context length - * and certificate list length can be read - */ - *end = buf + 3; - set_chk_buf_ptr_args(args, buf, *end, 4); - break; - - case 2: - /* Invalid certificate request context length. - */ - *p_certificate_request_context_len = - (unsigned char) certificate_request_context_len + 1; - reset_chk_buf_ptr_args(args); - break; - - case 3: - /* Failure when checking if certificate_list data can be read. */ - MBEDTLS_PUT_UINT24_BE(certificate_list_len + 1, - p_certificate_list_len, 0); - set_chk_buf_ptr_args(args, certificate_list, *end, - certificate_list_len + 1); - break; - - case 4: - /* Failure when checking if the cert_data length can be read. */ - MBEDTLS_PUT_UINT24_BE(2, p_certificate_list_len, 0); - set_chk_buf_ptr_args(args, p_cert_data_len, certificate_list + 2, 3); - break; - - case 5: - /* Failure when checking if cert_data data can be read. */ - MBEDTLS_PUT_UINT24_BE(certificate_list_len - 3 + 1, - p_cert_data_len, 0); - set_chk_buf_ptr_args(args, cert_data, - certificate_list + certificate_list_len, - certificate_list_len - 3 + 1); - break; - - case 6: - /* Failure when checking if the extensions length can be read. */ - MBEDTLS_PUT_UINT24_BE(certificate_list_len - extensions_len - 1, - p_certificate_list_len, 0); - set_chk_buf_ptr_args( - args, p_extensions_len, - certificate_list + certificate_list_len - extensions_len - 1, 2); - break; - - case 7: - /* Failure when checking if extensions data can be read. */ - MBEDTLS_PUT_UINT16_BE(extensions_len + 1, p_extensions_len, 0); - - set_chk_buf_ptr_args( - args, extensions, - certificate_list + certificate_list_len, extensions_len + 1); - break; - - default: - return -1; - } - - return 0; -} -#endif /* MBEDTLS_TEST_HOOKS */ - -/* - * Functions for tests based on tickets. Implementations of the - * write/parse ticket interfaces as defined by mbedtls_ssl_ticket_write/parse_t. - * Basically same implementations as in ticket.c without the encryption. That - * way we can tweak easily tickets characteristics to simulate misbehaving - * peers. - */ -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -int mbedtls_test_ticket_write( - void *p_ticket, const mbedtls_ssl_session *session, - unsigned char *start, const unsigned char *end, - size_t *tlen, uint32_t *lifetime) -{ - int ret; - ((void) p_ticket); - - if ((ret = mbedtls_ssl_session_save(session, start, end - start, - tlen)) != 0) { - return ret; - } - - /* Maximum ticket lifetime as defined in RFC 8446 */ - *lifetime = 7 * 24 * 3600; - - return 0; -} - -int mbedtls_test_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, - unsigned char *buf, size_t len) -{ - ((void) p_ticket); - - return mbedtls_ssl_session_load(session, buf, len); -} -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_SRV_C) && \ - defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) && \ - defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -int mbedtls_test_get_tls13_ticket( - mbedtls_test_handshake_test_options *client_options, - mbedtls_test_handshake_test_options *server_options, - mbedtls_ssl_session *session) -{ - int ret = -1; - unsigned char buf[64]; - mbedtls_test_ssl_endpoint client_ep, server_ep; - - mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); - mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); - - ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, - client_options, NULL, NULL, NULL); - TEST_EQUAL(ret, 0); - - ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, - server_options, NULL, NULL, NULL); - TEST_EQUAL(ret, 0); - - mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, - mbedtls_test_ticket_write, - mbedtls_test_ticket_parse, - NULL); - - ret = mbedtls_test_mock_socket_connect(&(client_ep.socket), - &(server_ep.socket), 1024); - TEST_EQUAL(ret, 0); - - TEST_EQUAL(mbedtls_test_move_handshake_to_state( - &(server_ep.ssl), &(client_ep.ssl), - MBEDTLS_SSL_HANDSHAKE_OVER), 0); - - TEST_EQUAL(server_ep.ssl.handshake->new_session_tickets_count, 0); - - do { - ret = mbedtls_ssl_read(&(client_ep.ssl), buf, sizeof(buf)); - } while (ret != MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET); - - ret = mbedtls_ssl_get_session(&(client_ep.ssl), session); - TEST_EQUAL(ret, 0); - -exit: - mbedtls_test_ssl_endpoint_free(&client_ep, NULL); - mbedtls_test_ssl_endpoint_free(&server_ep, NULL); - - return ret; -} -#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_SRV_C && - MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS && - MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#endif /* MBEDTLS_SSL_TLS_C */ diff --git a/tests/src/test_memory.c b/tests/src/test_memory.c deleted file mode 100644 index ac9dde616366..000000000000 --- a/tests/src/test_memory.c +++ /dev/null @@ -1,60 +0,0 @@ -/** - * \file memory.c - * - * \brief Helper functions related to testing memory management. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include -#include -#include - -#if defined(MBEDTLS_TEST_MEMORY_CAN_POISON) -#include -#include -#endif - -#if defined(MBEDTLS_TEST_MEMORY_CAN_POISON) - -_Thread_local unsigned int mbedtls_test_memory_poisoning_count = 0; - -static void align_for_asan(const unsigned char **p_ptr, size_t *p_size) -{ - uintptr_t start = (uintptr_t) *p_ptr; - uintptr_t end = start + (uintptr_t) *p_size; - /* ASan can only poison regions with 8-byte alignment, and only poisons a - * region if it's fully within the requested range. We want to poison the - * whole requested region and don't mind a few extra bytes. Therefore, - * align start down to an 8-byte boundary, and end up to an 8-byte - * boundary. */ - start = start & ~(uintptr_t) 7; - end = (end + 7) & ~(uintptr_t) 7; - *p_ptr = (const unsigned char *) start; - *p_size = end - start; -} - -void mbedtls_test_memory_poison(const unsigned char *ptr, size_t size) -{ - if (mbedtls_test_memory_poisoning_count == 0) { - return; - } - if (size == 0) { - return; - } - align_for_asan(&ptr, &size); - __asan_poison_memory_region(ptr, size); -} - -void mbedtls_test_memory_unpoison(const unsigned char *ptr, size_t size) -{ - if (size == 0) { - return; - } - align_for_asan(&ptr, &size); - __asan_unpoison_memory_region(ptr, size); -} -#endif /* Memory poisoning */ diff --git a/tests/src/threading_helpers.c b/tests/src/threading_helpers.c deleted file mode 100644 index c1686c21ad55..000000000000 --- a/tests/src/threading_helpers.c +++ /dev/null @@ -1,354 +0,0 @@ -/** Mutex usage verification framework. */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include -#include -#include - -#include "mbedtls/threading.h" - -#if defined(MBEDTLS_THREADING_C) - -#if defined(MBEDTLS_THREADING_PTHREAD) - -static int threading_thread_create_pthread(mbedtls_test_thread_t *thread, void *(*thread_func)( - void *), void *thread_data) -{ - if (thread == NULL || thread_func == NULL) { - return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA; - } - - if (pthread_create(&thread->thread, NULL, thread_func, thread_data)) { - return MBEDTLS_ERR_THREADING_THREAD_ERROR; - } - - return 0; -} - -static int threading_thread_join_pthread(mbedtls_test_thread_t *thread) -{ - if (thread == NULL) { - return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA; - } - - if (pthread_join(thread->thread, NULL) != 0) { - return MBEDTLS_ERR_THREADING_THREAD_ERROR; - } - - return 0; -} - -int (*mbedtls_test_thread_create)(mbedtls_test_thread_t *thread, void *(*thread_func)(void *), - void *thread_data) = threading_thread_create_pthread; -int (*mbedtls_test_thread_join)(mbedtls_test_thread_t *thread) = threading_thread_join_pthread; - -#endif /* MBEDTLS_THREADING_PTHREAD */ - -#if defined(MBEDTLS_THREADING_ALT) - -static int threading_thread_create_fail(mbedtls_test_thread_t *thread, - void *(*thread_func)(void *), - void *thread_data) -{ - (void) thread; - (void) thread_func; - (void) thread_data; - - return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA; -} - -static int threading_thread_join_fail(mbedtls_test_thread_t *thread) -{ - (void) thread; - - return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA; -} - -int (*mbedtls_test_thread_create)(mbedtls_test_thread_t *thread, void *(*thread_func)(void *), - void *thread_data) = threading_thread_create_fail; -int (*mbedtls_test_thread_join)(mbedtls_test_thread_t *thread) = threading_thread_join_fail; - -#endif /* MBEDTLS_THREADING_ALT */ - -#if defined(MBEDTLS_TEST_MUTEX_USAGE) - -#include "mbedtls/threading.h" - -/** Mutex usage verification framework. - * - * The mutex usage verification code below aims to detect bad usage of - * Mbed TLS's mutex abstraction layer at runtime. Note that this is solely - * about the use of the mutex itself, not about checking whether the mutex - * correctly protects whatever it is supposed to protect. - * - * The normal usage of a mutex is: - * ``` - * digraph mutex_states { - * "UNINITIALIZED"; // the initial state - * "IDLE"; - * "FREED"; - * "LOCKED"; - * "UNINITIALIZED" -> "IDLE" [label="init"]; - * "FREED" -> "IDLE" [label="init"]; - * "IDLE" -> "LOCKED" [label="lock"]; - * "LOCKED" -> "IDLE" [label="unlock"]; - * "IDLE" -> "FREED" [label="free"]; - * } - * ``` - * - * All bad transitions that can be unambiguously detected are reported. - * An attempt to use an uninitialized mutex cannot be detected in general - * since the memory content may happen to denote a valid state. For the same - * reason, a double init cannot be detected. - * All-bits-zero is the state of a freed mutex, which is distinct from an - * initialized mutex, so attempting to use zero-initialized memory as a mutex - * without calling the init function is detected. - * - * The framework attempts to detect missing calls to init and free by counting - * calls to init and free. If there are more calls to init than free, this - * means that a mutex is not being freed somewhere, which is a memory leak - * on platforms where a mutex consumes resources other than the - * mbedtls_threading_mutex_t object itself. If there are more calls to free - * than init, this indicates a missing init, which is likely to be detected - * by an attempt to lock the mutex as well. A limitation of this framework is - * that it cannot detect scenarios where there is exactly the same number of - * calls to init and free but the calls don't match. A bug like this is - * unlikely to happen uniformly throughout the whole test suite though. - * - * If an error is detected, this framework will report what happened and the - * test case will be marked as failed. Unfortunately, the error report cannot - * indicate the exact location of the problematic call. To locate the error, - * use a debugger and set a breakpoint on mbedtls_test_mutex_usage_error(). - */ -enum value_of_mutex_state_field { - /* Potential values for the state field of mbedtls_threading_mutex_t. - * Note that MUTEX_FREED must be 0 and MUTEX_IDLE must be 1 for - * compatibility with threading_mutex_init_pthread() and - * threading_mutex_free_pthread(). MUTEX_LOCKED could be any nonzero - * value. */ - MUTEX_FREED = 0, //! < Set by mbedtls_test_wrap_mutex_free - MUTEX_IDLE = 1, //! < Set by mbedtls_test_wrap_mutex_init and by mbedtls_test_wrap_mutex_unlock - MUTEX_LOCKED = 2, //! < Set by mbedtls_test_wrap_mutex_lock -}; - -typedef struct { - void (*init)(mbedtls_threading_mutex_t *); - void (*free)(mbedtls_threading_mutex_t *); - int (*lock)(mbedtls_threading_mutex_t *); - int (*unlock)(mbedtls_threading_mutex_t *); -} mutex_functions_t; -static mutex_functions_t mutex_functions; - -/** - * The mutex used to guard live_mutexes below and access to the status variable - * in every mbedtls_threading_mutex_t. - * Note that we are not reporting any errors when locking and unlocking this - * mutex. This is for a couple of reasons: - * - * 1. We have no real way of reporting any errors with this mutex - we cannot - * report it back to the caller, as the failure was not that of the mutex - * passed in. We could fail the test, but again this would indicate a problem - * with the test code that did not exist. - * - * 2. Any failure to lock is unlikely to be intermittent, and will thus not - * give false test results - the overall result would be to turn off the - * testing. This is not a situation that is likely to happen with normal - * testing and we still have TSan to fall back on should this happen. - */ -mbedtls_threading_mutex_t mbedtls_test_mutex_mutex; - -/** - * The total number of calls to mbedtls_mutex_init(), minus the total number - * of calls to mbedtls_mutex_free(). - * - * Do not read or write without holding mbedtls_test_mutex_mutex (above). Reset - * to 0 after each test case. - */ -static int live_mutexes; - -static void mbedtls_test_mutex_usage_error(mbedtls_threading_mutex_t *mutex, - const char *msg) -{ - (void) mutex; - - mbedtls_test_set_mutex_usage_error(msg); - mbedtls_fprintf(stdout, "[mutex: %s] ", msg); - /* Don't mark the test as failed yet. This way, if the test fails later - * for a functional reason, the test framework will report the message - * and location for this functional reason. If the test passes, - * mbedtls_test_mutex_usage_check() will mark it as failed. */ -} - -static int mbedtls_test_mutex_can_test(mbedtls_threading_mutex_t *mutex) -{ - /* If we attempt to run tests on this mutex then we are going to run into a - * couple of problems: - * 1. If any test on this mutex fails, we are going to deadlock when - * reporting that failure, as we already hold the mutex at that point. - * 2. Given the 'global' position of the initialization and free of this - * mutex, it will be shown as leaked on the first test run. */ - if (mutex == mbedtls_test_get_info_mutex()) { - return 0; - } - - return 1; -} - -static void mbedtls_test_wrap_mutex_init(mbedtls_threading_mutex_t *mutex) -{ - mutex_functions.init(mutex); - - if (mbedtls_test_mutex_can_test(mutex)) { - if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { - mutex->state = MUTEX_IDLE; - ++live_mutexes; - - mutex_functions.unlock(&mbedtls_test_mutex_mutex); - } - } -} - -static void mbedtls_test_wrap_mutex_free(mbedtls_threading_mutex_t *mutex) -{ - if (mbedtls_test_mutex_can_test(mutex)) { - if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { - - switch (mutex->state) { - case MUTEX_FREED: - mbedtls_test_mutex_usage_error(mutex, "free without init or double free"); - break; - case MUTEX_IDLE: - mutex->state = MUTEX_FREED; - --live_mutexes; - break; - case MUTEX_LOCKED: - mbedtls_test_mutex_usage_error(mutex, "free without unlock"); - break; - default: - mbedtls_test_mutex_usage_error(mutex, "corrupted state"); - break; - } - - mutex_functions.unlock(&mbedtls_test_mutex_mutex); - } - } - - mutex_functions.free(mutex); -} - -static int mbedtls_test_wrap_mutex_lock(mbedtls_threading_mutex_t *mutex) -{ - /* Lock the passed in mutex first, so that the only way to change the state - * is to hold the passed in and internal mutex - otherwise we create a race - * condition. */ - int ret = mutex_functions.lock(mutex); - - if (mbedtls_test_mutex_can_test(mutex)) { - if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { - switch (mutex->state) { - case MUTEX_FREED: - mbedtls_test_mutex_usage_error(mutex, "lock without init"); - break; - case MUTEX_IDLE: - if (ret == 0) { - mutex->state = MUTEX_LOCKED; - } - break; - case MUTEX_LOCKED: - mbedtls_test_mutex_usage_error(mutex, "double lock"); - break; - default: - mbedtls_test_mutex_usage_error(mutex, "corrupted state"); - break; - } - - mutex_functions.unlock(&mbedtls_test_mutex_mutex); - } - } - - return ret; -} - -static int mbedtls_test_wrap_mutex_unlock(mbedtls_threading_mutex_t *mutex) -{ - /* Lock the internal mutex first and change state, so that the only way to - * change the state is to hold the passed in and internal mutex - otherwise - * we create a race condition. */ - if (mbedtls_test_mutex_can_test(mutex)) { - if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { - switch (mutex->state) { - case MUTEX_FREED: - mbedtls_test_mutex_usage_error(mutex, "unlock without init"); - break; - case MUTEX_IDLE: - mbedtls_test_mutex_usage_error(mutex, "unlock without lock"); - break; - case MUTEX_LOCKED: - mutex->state = MUTEX_IDLE; - break; - default: - mbedtls_test_mutex_usage_error(mutex, "corrupted state"); - break; - } - mutex_functions.unlock(&mbedtls_test_mutex_mutex); - } - } - - return mutex_functions.unlock(mutex); -} - -void mbedtls_test_mutex_usage_init(void) -{ - mutex_functions.init = mbedtls_mutex_init; - mutex_functions.free = mbedtls_mutex_free; - mutex_functions.lock = mbedtls_mutex_lock; - mutex_functions.unlock = mbedtls_mutex_unlock; - mbedtls_mutex_init = &mbedtls_test_wrap_mutex_init; - mbedtls_mutex_free = &mbedtls_test_wrap_mutex_free; - mbedtls_mutex_lock = &mbedtls_test_wrap_mutex_lock; - mbedtls_mutex_unlock = &mbedtls_test_wrap_mutex_unlock; - - mutex_functions.init(&mbedtls_test_mutex_mutex); -} - -void mbedtls_test_mutex_usage_check(void) -{ - if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { - if (live_mutexes != 0) { - /* A positive number (more init than free) means that a mutex resource - * is leaking (on platforms where a mutex consumes more than the - * mbedtls_threading_mutex_t object itself). The (hopefully) rare - * case of a negative number means a missing init somewhere. */ - mbedtls_fprintf(stdout, "[mutex: %d leaked] ", live_mutexes); - live_mutexes = 0; - mbedtls_test_set_mutex_usage_error("missing free"); - } - if (mbedtls_test_get_mutex_usage_error() != NULL && - mbedtls_test_get_result() != MBEDTLS_TEST_RESULT_FAILED) { - /* Functionally, the test passed. But there was a mutex usage error, - * so mark the test as failed after all. */ - mbedtls_test_fail("Mutex usage error", __LINE__, __FILE__); - } - mbedtls_test_set_mutex_usage_error(NULL); - - mutex_functions.unlock(&mbedtls_test_mutex_mutex); - } -} - -void mbedtls_test_mutex_usage_end(void) -{ - mbedtls_mutex_init = mutex_functions.init; - mbedtls_mutex_free = mutex_functions.free; - mbedtls_mutex_lock = mutex_functions.lock; - mbedtls_mutex_unlock = mutex_functions.unlock; - - mutex_functions.free(&mbedtls_test_mutex_mutex); -} - -#endif /* MBEDTLS_TEST_MUTEX_USAGE */ - -#endif /* MBEDTLS_THREADING_C */ diff --git a/tests/suites/test_suite_constant_time.function b/tests/suites/test_suite_constant_time.function index ba8439756f12..64c815f43edf 100644 --- a/tests/suites/test_suite_constant_time.function +++ b/tests/suites/test_suite_constant_time.function @@ -4,7 +4,7 @@ * Functional testing of functions in the constant_time module. * * The tests are instrumented with #TEST_CF_SECRET and #TEST_CF_PUBLIC - * (see tests/include/test/constant_flow.h) so that running the tests + * (see framework/tests/include/test/constant_flow.h) so that running the tests * under MSan or Valgrind will detect a non-constant-time implementation. */ diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/threading.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/threading.h index d50d04ead105..b4df0e38bebf 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/threading.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/threading.h @@ -30,7 +30,7 @@ typedef struct mbedtls_threading_mutex_t { pthread_mutex_t MBEDTLS_PRIVATE(mutex); /* WARNING - state should only be accessed when holding the mutex lock in - * tests/src/threading_helpers.c, otherwise corruption can occur. + * framework/tests/src/threading_helpers.c, otherwise corruption can occur. * state will be 0 after a failed init or a free, and nonzero after a * successful init. This field is for testing only and thus not considered * part of the public API of Mbed TLS and may change without notice.*/ diff --git a/tf-psa-crypto/drivers/builtin/src/threading.c b/tf-psa-crypto/drivers/builtin/src/threading.c index 85db243f213f..fde7cea1d63a 100644 --- a/tf-psa-crypto/drivers/builtin/src/threading.c +++ b/tf-psa-crypto/drivers/builtin/src/threading.c @@ -61,7 +61,7 @@ static void threading_mutex_init_pthread(mbedtls_threading_mutex_t *mutex) * this here in a thread safe manner without a significant performance * hit, so state transitions are checked in tests only via the state * variable. Please make sure any new mutex that gets added is exercised in - * tests; see tests/src/threading_helpers.c for more details. */ + * tests; see framework/tests/src/threading_helpers.c for more details. */ (void) pthread_mutex_init(&mutex->mutex, NULL); }