diff --git a/tests/include/alt-extra/psa/crypto.h b/tests/include/alt-extra/psa/crypto.h deleted file mode 100644 index 005f3aeea0..0000000000 --- a/tests/include/alt-extra/psa/crypto.h +++ /dev/null @@ -1,7 +0,0 @@ -/* The goal of the include/alt-extra directory is to test what happens - * if certain files come _after_ the normal include directory. - * Make sure that if the alt-extra directory comes before the normal - * directory (so we wouldn't be achieving our test objective), the build - * will fail. - */ -#error "The normal include directory must come first in the include path" diff --git a/tests/include/baremetal-override/time.h b/tests/include/baremetal-override/time.h deleted file mode 100644 index 0a44275e76..0000000000 --- a/tests/include/baremetal-override/time.h +++ /dev/null @@ -1,6 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#error "time.h included in a configuration without MBEDTLS_HAVE_TIME" diff --git a/tests/include/spe/crypto_spe.h b/tests/include/spe/crypto_spe.h deleted file mode 100644 index fdf3a2db5a..0000000000 --- a/tests/include/spe/crypto_spe.h +++ /dev/null @@ -1,131 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - * - */ - -/** - * \file crypto_spe.h - * - * \brief When Mbed TLS is built with the MBEDTLS_PSA_CRYPTO_SPM option - * enabled, this header is included by all .c files in Mbed TLS that - * use PSA Crypto function names. This avoids duplication of symbols - * between TF-M and Mbed TLS. - * - * \note This file should be included before including any PSA Crypto headers - * from Mbed TLS. - */ - -#ifndef CRYPTO_SPE_H -#define CRYPTO_SPE_H - -#define PSA_FUNCTION_NAME(x) mbedcrypto__ ## x - -#define psa_crypto_init \ - PSA_FUNCTION_NAME(psa_crypto_init) -#define psa_key_derivation_get_capacity \ - PSA_FUNCTION_NAME(psa_key_derivation_get_capacity) -#define psa_key_derivation_set_capacity \ - PSA_FUNCTION_NAME(psa_key_derivation_set_capacity) -#define psa_key_derivation_input_bytes \ - PSA_FUNCTION_NAME(psa_key_derivation_input_bytes) -#define psa_key_derivation_output_bytes \ - PSA_FUNCTION_NAME(psa_key_derivation_output_bytes) -#define psa_key_derivation_input_key \ - PSA_FUNCTION_NAME(psa_key_derivation_input_key) -#define psa_key_derivation_output_key \ - PSA_FUNCTION_NAME(psa_key_derivation_output_key) -#define psa_key_derivation_setup \ - PSA_FUNCTION_NAME(psa_key_derivation_setup) -#define psa_key_derivation_abort \ - PSA_FUNCTION_NAME(psa_key_derivation_abort) -#define psa_key_derivation_key_agreement \ - PSA_FUNCTION_NAME(psa_key_derivation_key_agreement) -#define psa_raw_key_agreement \ - PSA_FUNCTION_NAME(psa_raw_key_agreement) -#define psa_generate_random \ - PSA_FUNCTION_NAME(psa_generate_random) -#define psa_aead_encrypt \ - PSA_FUNCTION_NAME(psa_aead_encrypt) -#define psa_aead_decrypt \ - PSA_FUNCTION_NAME(psa_aead_decrypt) -#define psa_open_key \ - PSA_FUNCTION_NAME(psa_open_key) -#define psa_close_key \ - PSA_FUNCTION_NAME(psa_close_key) -#define psa_import_key \ - PSA_FUNCTION_NAME(psa_import_key) -#define psa_destroy_key \ - PSA_FUNCTION_NAME(psa_destroy_key) -#define psa_get_key_attributes \ - PSA_FUNCTION_NAME(psa_get_key_attributes) -#define psa_reset_key_attributes \ - PSA_FUNCTION_NAME(psa_reset_key_attributes) -#define psa_export_key \ - PSA_FUNCTION_NAME(psa_export_key) -#define psa_export_public_key \ - PSA_FUNCTION_NAME(psa_export_public_key) -#define psa_purge_key \ - PSA_FUNCTION_NAME(psa_purge_key) -#define psa_copy_key \ - PSA_FUNCTION_NAME(psa_copy_key) -#define psa_cipher_operation_init \ - PSA_FUNCTION_NAME(psa_cipher_operation_init) -#define psa_cipher_generate_iv \ - PSA_FUNCTION_NAME(psa_cipher_generate_iv) -#define psa_cipher_set_iv \ - PSA_FUNCTION_NAME(psa_cipher_set_iv) -#define psa_cipher_encrypt_setup \ - PSA_FUNCTION_NAME(psa_cipher_encrypt_setup) -#define psa_cipher_decrypt_setup \ - PSA_FUNCTION_NAME(psa_cipher_decrypt_setup) -#define psa_cipher_update \ - PSA_FUNCTION_NAME(psa_cipher_update) -#define psa_cipher_finish \ - PSA_FUNCTION_NAME(psa_cipher_finish) -#define psa_cipher_abort \ - PSA_FUNCTION_NAME(psa_cipher_abort) -#define psa_hash_operation_init \ - PSA_FUNCTION_NAME(psa_hash_operation_init) -#define psa_hash_setup \ - PSA_FUNCTION_NAME(psa_hash_setup) -#define psa_hash_update \ - PSA_FUNCTION_NAME(psa_hash_update) -#define psa_hash_finish \ - PSA_FUNCTION_NAME(psa_hash_finish) -#define psa_hash_verify \ - PSA_FUNCTION_NAME(psa_hash_verify) -#define psa_hash_abort \ - PSA_FUNCTION_NAME(psa_hash_abort) -#define psa_hash_clone \ - PSA_FUNCTION_NAME(psa_hash_clone) -#define psa_hash_compute \ - PSA_FUNCTION_NAME(psa_hash_compute) -#define psa_hash_compare \ - PSA_FUNCTION_NAME(psa_hash_compare) -#define psa_mac_operation_init \ - PSA_FUNCTION_NAME(psa_mac_operation_init) -#define psa_mac_sign_setup \ - PSA_FUNCTION_NAME(psa_mac_sign_setup) -#define psa_mac_verify_setup \ - PSA_FUNCTION_NAME(psa_mac_verify_setup) -#define psa_mac_update \ - PSA_FUNCTION_NAME(psa_mac_update) -#define psa_mac_sign_finish \ - PSA_FUNCTION_NAME(psa_mac_sign_finish) -#define psa_mac_verify_finish \ - PSA_FUNCTION_NAME(psa_mac_verify_finish) -#define psa_mac_abort \ - PSA_FUNCTION_NAME(psa_mac_abort) -#define psa_sign_hash \ - PSA_FUNCTION_NAME(psa_sign_hash) -#define psa_verify_hash \ - PSA_FUNCTION_NAME(psa_verify_hash) -#define psa_asymmetric_encrypt \ - PSA_FUNCTION_NAME(psa_asymmetric_encrypt) -#define psa_asymmetric_decrypt \ - PSA_FUNCTION_NAME(psa_asymmetric_decrypt) -#define psa_generate_key \ - PSA_FUNCTION_NAME(psa_generate_key) - -#endif /* CRYPTO_SPE_H */ diff --git a/tests/include/test/arguments.h b/tests/include/test/arguments.h deleted file mode 100644 index 6d267b660e..0000000000 --- a/tests/include/test/arguments.h +++ /dev/null @@ -1,26 +0,0 @@ -/** - * \file arguments.h - * - * \brief Manipulation of test arguments. - * - * Much of the code is in host_test.function, to be migrated here later. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef TEST_ARGUMENTS_H -#define TEST_ARGUMENTS_H - -#include "mbedtls/build_info.h" -#include -#include - -typedef union { - size_t len; - intmax_t sint; -} mbedtls_test_argument_t; - -#endif /* TEST_ARGUMENTS_H */ diff --git a/tests/include/test/asn1_helpers.h b/tests/include/test/asn1_helpers.h deleted file mode 100644 index 2eb9171282..0000000000 --- a/tests/include/test/asn1_helpers.h +++ /dev/null @@ -1,38 +0,0 @@ -/** Helper functions for tests that manipulate ASN.1 data. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef ASN1_HELPERS_H -#define ASN1_HELPERS_H - -#include "test/helpers.h" - -/** Skip past an INTEGER in an ASN.1 buffer. - * - * Mark the current test case as failed in any of the following conditions: - * - The buffer does not start with an ASN.1 INTEGER. - * - The integer's size or parity does not match the constraints expressed - * through \p min_bits, \p max_bits and \p must_be_odd. - * - * \param p Upon entry, `*p` points to the first byte of the - * buffer to parse. - * On successful return, `*p` points to the first byte - * after the parsed INTEGER. - * On failure, `*p` is unspecified. - * \param end The end of the ASN.1 buffer. - * \param min_bits Fail the test case if the integer does not have at - * least this many significant bits. - * \param max_bits Fail the test case if the integer has more than - * this many significant bits. - * \param must_be_odd Fail the test case if the integer is even. - * - * \return \c 0 if the test failed, otherwise 1. - */ -int mbedtls_test_asn1_skip_integer(unsigned char **p, const unsigned char *end, - size_t min_bits, size_t max_bits, - int must_be_odd); - -#endif /* ASN1_HELPERS_H */ diff --git a/tests/include/test/bignum_codepath_check.h b/tests/include/test/bignum_codepath_check.h deleted file mode 100644 index 3d72be1b2e..0000000000 --- a/tests/include/test/bignum_codepath_check.h +++ /dev/null @@ -1,94 +0,0 @@ -/** Support for path tracking in optionally safe bignum functions - * - * The functions are called when an optionally safe path is taken and logs it with a single - * variable. This variable is at any time in one of three states: - * - MBEDTLS_MPI_IS_TEST: No optionally safe path has been taken since the last reset - * - MBEDTLS_MPI_IS_SECRET: Only safe paths were teken since the last reset - * - MBEDTLS_MPI_IS_PUBLIC: At least one unsafe path has been taken since the last reset - * - * Use a simple global variable to track execution path. Making it work with multithreading - * isn't worth the effort as multithreaded tests add little to no value here. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef BIGNUM_CODEPATH_CHECK_H -#define BIGNUM_CODEPATH_CHECK_H - -#include "bignum_core.h" - -#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C) - -extern int mbedtls_codepath_check; - -/** - * \brief Setup the codepath test hooks used by optionally safe bignum functions to signal - * the path taken. - */ -void mbedtls_codepath_test_hooks_setup(void); - -/** - * \brief Teardown the codepath test hooks used by optionally safe bignum functions to - * signal the path taken. - */ -void mbedtls_codepath_test_hooks_teardown(void); - -/** - * \brief Reset the state of the codepath to the initial state. - */ -static inline void mbedtls_codepath_reset(void) -{ - mbedtls_codepath_check = MBEDTLS_MPI_IS_TEST; -} - -/** Check the codepath taken and fail if it doesn't match. - * - * When a function returns with an error, it can do so before reaching any interesting codepath. The - * same can happen if a parameter to the function is zero. In these cases we need to allow - * the codepath tracking variable to still have its initial "not set" value. - * - * This macro expands to an instruction, not an expression. - * It may jump to the \c exit label. - * - * \param path The expected codepath. - * This expression may be evaluated multiple times. - * \param ret The expected return value. - * \param E The MPI parameter that can cause shortcuts. - */ -#define ASSERT_BIGNUM_CODEPATH(path, ret, E) \ - do { \ - if ((ret) != 0 || (E).n == 0) { \ - TEST_ASSERT(mbedtls_codepath_check == (path) || \ - mbedtls_codepath_check == MBEDTLS_MPI_IS_TEST); \ - } else { \ - TEST_EQUAL(mbedtls_codepath_check, (path)); \ - } \ - } while (0) - -/** Check the codepath taken and fail if it doesn't match. - * - * When a function returns with an error, it can do so before reaching any interesting codepath. In - * this case we need to allow the codepath tracking variable to still have its - * initial "not set" value. - * - * This macro expands to an instruction, not an expression. - * It may jump to the \c exit label. - * - * \param path The expected codepath. - * This expression may be evaluated multiple times. - * \param ret The expected return value. - */ -#define ASSERT_RSA_CODEPATH(path, ret) \ - do { \ - if ((ret) != 0) { \ - TEST_ASSERT(mbedtls_codepath_check == (path) || \ - mbedtls_codepath_check == MBEDTLS_MPI_IS_TEST); \ - } else { \ - TEST_EQUAL(mbedtls_codepath_check, (path)); \ - } \ - } while (0) -#endif /* MBEDTLS_TEST_HOOKS && !MBEDTLS_THREADING_C */ - -#endif /* BIGNUM_CODEPATH_CHECK_H */ diff --git a/tests/include/test/bignum_helpers.h b/tests/include/test/bignum_helpers.h deleted file mode 100644 index a5e49cbe57..0000000000 --- a/tests/include/test/bignum_helpers.h +++ /dev/null @@ -1,98 +0,0 @@ -/** - * \file bignum_helpers.h - * - * \brief This file contains the prototypes of helper functions for - * bignum-related testing. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef TEST_BIGNUM_HELPERS_H -#define TEST_BIGNUM_HELPERS_H - -#include - -#if defined(MBEDTLS_BIGNUM_C) - -#include -#include - -/** Allocate and populate a core MPI from a test case argument. - * - * This function allocates exactly as many limbs as necessary to fit - * the length of the input. In other words, it preserves leading zeros. - * - * The limb array is allocated with mbedtls_calloc() and must later be - * freed with mbedtls_free(). - * - * \param[in,out] pX The address where a pointer to the allocated limb - * array will be stored. - * \c *pX must be null on entry. - * On exit, \c *pX is null on error or if the number - * of limbs is 0. - * \param[out] plimbs The address where the number of limbs will be stored. - * \param[in] input The test argument to read. - * It is interpreted as a hexadecimal representation - * of a non-negative integer. - * - * \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise. - */ -int mbedtls_test_read_mpi_core(mbedtls_mpi_uint **pX, size_t *plimbs, - const char *input); - -/** Read a modulus from a hexadecimal string. - * - * This function allocates exactly as many limbs as necessary to fit - * the length of the input. In other words, it preserves leading zeros. - * - * The limb array is allocated with mbedtls_calloc() and must later be - * freed with mbedtls_free(). You can do that by calling - * mbedtls_test_mpi_mod_modulus_free_with_limbs(). - * - * \param[in,out] N A modulus structure. It must be initialized, but - * not set up. - * \param[in] s The null-terminated hexadecimal string to read from. - * \param int_rep The desired representation of residues. - * - * \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise. - */ -int mbedtls_test_read_mpi_modulus(mbedtls_mpi_mod_modulus *N, - const char *s, - mbedtls_mpi_mod_rep_selector int_rep); - -/** Free a modulus and its limbs. - * - * \param[in] N A modulus structure such that there is no other - * reference to `N->p`. - */ -void mbedtls_test_mpi_mod_modulus_free_with_limbs(mbedtls_mpi_mod_modulus *N); - -/** Read an MPI from a hexadecimal string. - * - * Like mbedtls_mpi_read_string(), but with tighter guarantees around - * edge cases. - * - * - This function guarantees that if \p s begins with '-' then the sign - * bit of the result will be negative, even if the value is 0. - * When this function encounters such a "negative 0", it calls - * mbedtls_test_increment_case_uses_negative_0(). - * - The size of the result is exactly the minimum number of limbs needed to fit - * the digits in the input. In particular, this function constructs a bignum - * with 0 limbs for an empty string, and a bignum with leading 0 limbs if the - * string has sufficiently many leading 0 digits. This is important so that - * the "0 (null)" and "0 (1 limb)" and "leading zeros" test cases do what they - * claim. - * - * \param[out] X The MPI object to populate. It must be initialized. - * \param[in] s The null-terminated hexadecimal string to read from. - * - * \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise. - */ -int mbedtls_test_read_mpi(mbedtls_mpi *X, const char *s); - -#endif /* MBEDTLS_BIGNUM_C */ - -#endif /* TEST_BIGNUM_HELPERS_H */ diff --git a/tests/include/test/constant_flow.h b/tests/include/test/constant_flow.h deleted file mode 100644 index c5658eb408..0000000000 --- a/tests/include/test/constant_flow.h +++ /dev/null @@ -1,71 +0,0 @@ -/** - * \file constant_flow.h - * - * \brief This file contains tools to ensure tested code has constant flow. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef TEST_CONSTANT_FLOW_H -#define TEST_CONSTANT_FLOW_H - -#include "mbedtls/build_info.h" - -/* - * This file defines the two macros - * - * #define TEST_CF_SECRET(ptr, size) - * #define TEST_CF_PUBLIC(ptr, size) - * - * that can be used in tests to mark a memory area as secret (no branch or - * memory access should depend on it) or public (default, only needs to be - * marked explicitly when it was derived from secret data). - * - * Arguments: - * - ptr: a pointer to the memory area to be marked - * - size: the size in bytes of the memory area - * - * Implementation: - * The basic idea is that of ctgrind : we can - * re-use tools that were designed for checking use of uninitialized memory. - * This file contains two implementations: one based on MemorySanitizer, the - * other on valgrind's memcheck. If none of them is enabled, dummy macros that - * do nothing are defined for convenience. - * - * \note #TEST_CF_SECRET must be called directly from within a .function file, - * not indirectly via a macro defined under tests/include or a function - * under tests/src. This is because we only run Valgrind for constant - * flow on test suites that have greppable annotations inside them (see - * `skip_suites_without_constant_flow` in `tests/scripts/all.sh`). - */ - -#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) -#include - -/* Use macros to avoid messing up with origin tracking */ -#define TEST_CF_SECRET __msan_allocated_memory -// void __msan_allocated_memory(const volatile void* data, size_t size); -#define TEST_CF_PUBLIC __msan_unpoison -// void __msan_unpoison(const volatile void *a, size_t size); - -#elif defined(MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND) -#include - -#define TEST_CF_SECRET VALGRIND_MAKE_MEM_UNDEFINED -// VALGRIND_MAKE_MEM_UNDEFINED(_qzz_addr, _qzz_len) -#define TEST_CF_PUBLIC VALGRIND_MAKE_MEM_DEFINED -// VALGRIND_MAKE_MEM_DEFINED(_qzz_addr, _qzz_len) - -#else /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN || - MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND */ - -#define TEST_CF_SECRET(ptr, size) -#define TEST_CF_PUBLIC(ptr, size) - -#endif /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN || - MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND */ - -#endif /* TEST_CONSTANT_FLOW_H */ diff --git a/tests/include/test/drivers/aead.h b/tests/include/test/drivers/aead.h deleted file mode 100644 index a033e399d0..0000000000 --- a/tests/include/test/drivers/aead.h +++ /dev/null @@ -1,121 +0,0 @@ -/* - * Test driver for AEAD driver entry points. - */ -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef PSA_CRYPTO_TEST_DRIVERS_AEAD_H -#define PSA_CRYPTO_TEST_DRIVERS_AEAD_H - -#include "mbedtls/build_info.h" - -#if defined(PSA_CRYPTO_DRIVER_TEST) -#include - -typedef struct { - /* If not PSA_SUCCESS, return this error code instead of processing the - * function call. */ - psa_status_t forced_status; - /* Count the amount of times AEAD driver functions are called. */ - unsigned long hits_encrypt; - unsigned long hits_decrypt; - unsigned long hits_encrypt_setup; - unsigned long hits_decrypt_setup; - unsigned long hits_set_nonce; - unsigned long hits_set_lengths; - unsigned long hits_update_ad; - unsigned long hits_update; - unsigned long hits_finish; - unsigned long hits_verify; - unsigned long hits_abort; - - /* Status returned by the last AEAD driver function call. */ - psa_status_t driver_status; -} mbedtls_test_driver_aead_hooks_t; - -#define MBEDTLS_TEST_DRIVER_AEAD_INIT { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 } -static inline mbedtls_test_driver_aead_hooks_t -mbedtls_test_driver_aead_hooks_init(void) -{ - const mbedtls_test_driver_aead_hooks_t v = MBEDTLS_TEST_DRIVER_AEAD_INIT; - return v; -} - -extern mbedtls_test_driver_aead_hooks_t mbedtls_test_driver_aead_hooks; - -psa_status_t mbedtls_test_transparent_aead_encrypt( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *nonce, size_t nonce_length, - const uint8_t *additional_data, size_t additional_data_length, - const uint8_t *plaintext, size_t plaintext_length, - uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length); - -psa_status_t mbedtls_test_transparent_aead_decrypt( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *nonce, size_t nonce_length, - const uint8_t *additional_data, size_t additional_data_length, - const uint8_t *ciphertext, size_t ciphertext_length, - uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length); - -psa_status_t mbedtls_test_transparent_aead_encrypt_setup( - mbedtls_transparent_test_driver_aead_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg); - -psa_status_t mbedtls_test_transparent_aead_decrypt_setup( - mbedtls_transparent_test_driver_aead_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg); - -psa_status_t mbedtls_test_transparent_aead_set_nonce( - mbedtls_transparent_test_driver_aead_operation_t *operation, - const uint8_t *nonce, - size_t nonce_length); - -psa_status_t mbedtls_test_transparent_aead_set_lengths( - mbedtls_transparent_test_driver_aead_operation_t *operation, - size_t ad_length, - size_t plaintext_length); - -psa_status_t mbedtls_test_transparent_aead_update_ad( - mbedtls_transparent_test_driver_aead_operation_t *operation, - const uint8_t *input, - size_t input_length); - -psa_status_t mbedtls_test_transparent_aead_update( - mbedtls_transparent_test_driver_aead_operation_t *operation, - const uint8_t *input, - size_t input_length, - uint8_t *output, - size_t output_size, - size_t *output_length); - -psa_status_t mbedtls_test_transparent_aead_finish( - mbedtls_transparent_test_driver_aead_operation_t *operation, - uint8_t *ciphertext, - size_t ciphertext_size, - size_t *ciphertext_length, - uint8_t *tag, - size_t tag_size, - size_t *tag_length); - -psa_status_t mbedtls_test_transparent_aead_verify( - mbedtls_transparent_test_driver_aead_operation_t *operation, - uint8_t *plaintext, - size_t plaintext_size, - size_t *plaintext_length, - const uint8_t *tag, - size_t tag_length); - -psa_status_t mbedtls_test_transparent_aead_abort( - mbedtls_transparent_test_driver_aead_operation_t *operation); - -#endif /* PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_TEST_DRIVERS_AEAD_H */ diff --git a/tests/include/test/drivers/asymmetric_encryption.h b/tests/include/test/drivers/asymmetric_encryption.h deleted file mode 100644 index 0ac77087df..0000000000 --- a/tests/include/test/drivers/asymmetric_encryption.h +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Test driver for asymmetric encryption. - */ -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef PSA_CRYPTO_TEST_DRIVERS_ASYMMETRIC_ENCRYPTION_H -#define PSA_CRYPTO_TEST_DRIVERS_ASYMMETRIC_ENCRYPTION_H - -#include "mbedtls/build_info.h" - -#if defined(PSA_CRYPTO_DRIVER_TEST) -#include -#include - -typedef struct { - /* If non-null, on success, copy this to the output. */ - void *forced_output; - size_t forced_output_length; - /* If not PSA_SUCCESS, return this error code instead of processing the - * function call. */ - psa_status_t forced_status; - /* Count the amount of times one of the asymmetric_encryption driver - functions is called. */ - unsigned long hits; -} mbedtls_test_driver_asymmetric_encryption_hooks_t; - -#define MBEDTLS_TEST_DRIVER_ASYMMETRIC_ENCRYPTION_INIT { NULL, 0, PSA_SUCCESS, 0 } - -static inline mbedtls_test_driver_asymmetric_encryption_hooks_t -mbedtls_test_driver_asymmetric_encryption_hooks_init(void) -{ - const mbedtls_test_driver_asymmetric_encryption_hooks_t v = - MBEDTLS_TEST_DRIVER_ASYMMETRIC_ENCRYPTION_INIT; - return v; -} - -extern mbedtls_test_driver_asymmetric_encryption_hooks_t - mbedtls_test_driver_asymmetric_encryption_hooks; - -psa_status_t mbedtls_test_transparent_asymmetric_encrypt( - const psa_key_attributes_t *attributes, const uint8_t *key_buffer, - size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input, - size_t input_length, const uint8_t *salt, size_t salt_length, - uint8_t *output, size_t output_size, size_t *output_length); - -psa_status_t mbedtls_test_opaque_asymmetric_encrypt( - const psa_key_attributes_t *attributes, const uint8_t *key, - size_t key_length, psa_algorithm_t alg, const uint8_t *input, - size_t input_length, const uint8_t *salt, size_t salt_length, - uint8_t *output, size_t output_size, size_t *output_length); - -psa_status_t mbedtls_test_transparent_asymmetric_decrypt( - const psa_key_attributes_t *attributes, const uint8_t *key_buffer, - size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input, - size_t input_length, const uint8_t *salt, size_t salt_length, - uint8_t *output, size_t output_size, size_t *output_length); - -psa_status_t mbedtls_test_opaque_asymmetric_decrypt( - const psa_key_attributes_t *attributes, const uint8_t *key, - size_t key_length, psa_algorithm_t alg, const uint8_t *input, - size_t input_length, const uint8_t *salt, size_t salt_length, - uint8_t *output, size_t output_size, size_t *output_length); - -#endif /* PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_TEST_DRIVERS_ASYMMETRIC_ENCRYPTION_H */ diff --git a/tests/include/test/drivers/cipher.h b/tests/include/test/drivers/cipher.h deleted file mode 100644 index 2fe47e4d7a..0000000000 --- a/tests/include/test/drivers/cipher.h +++ /dev/null @@ -1,136 +0,0 @@ -/* - * Test driver for cipher functions - */ -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef PSA_CRYPTO_TEST_DRIVERS_CIPHER_H -#define PSA_CRYPTO_TEST_DRIVERS_CIPHER_H - -#include "mbedtls/build_info.h" - -#if defined(PSA_CRYPTO_DRIVER_TEST) -#include -#include - -#include "mbedtls/cipher.h" - -typedef struct { - /* If non-null, on success, copy this to the output. */ - void *forced_output; - size_t forced_output_length; - /* If not PSA_SUCCESS, return this error code instead of processing the - * function call. */ - psa_status_t forced_status; - psa_status_t forced_status_encrypt; - psa_status_t forced_status_set_iv; - /* Count the amount of times one of the cipher driver functions is called. */ - unsigned long hits; - unsigned long hits_encrypt; - unsigned long hits_set_iv; -} mbedtls_test_driver_cipher_hooks_t; - -#define MBEDTLS_TEST_DRIVER_CIPHER_INIT { NULL, 0, \ - PSA_SUCCESS, PSA_SUCCESS, PSA_SUCCESS, \ - 0, 0, 0 } -static inline mbedtls_test_driver_cipher_hooks_t -mbedtls_test_driver_cipher_hooks_init(void) -{ - const mbedtls_test_driver_cipher_hooks_t v = MBEDTLS_TEST_DRIVER_CIPHER_INIT; - return v; -} - -extern mbedtls_test_driver_cipher_hooks_t mbedtls_test_driver_cipher_hooks; - -psa_status_t mbedtls_test_transparent_cipher_encrypt( - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg, - const uint8_t *iv, size_t iv_length, - const uint8_t *input, size_t input_length, - uint8_t *output, size_t output_size, size_t *output_length); - -psa_status_t mbedtls_test_transparent_cipher_decrypt( - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg, - const uint8_t *input, size_t input_length, - uint8_t *output, size_t output_size, size_t *output_length); - -psa_status_t mbedtls_test_transparent_cipher_encrypt_setup( - mbedtls_transparent_test_driver_cipher_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg); - -psa_status_t mbedtls_test_transparent_cipher_decrypt_setup( - mbedtls_transparent_test_driver_cipher_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg); - -psa_status_t mbedtls_test_transparent_cipher_abort( - mbedtls_transparent_test_driver_cipher_operation_t *operation); - -psa_status_t mbedtls_test_transparent_cipher_set_iv( - mbedtls_transparent_test_driver_cipher_operation_t *operation, - const uint8_t *iv, size_t iv_length); - -psa_status_t mbedtls_test_transparent_cipher_update( - mbedtls_transparent_test_driver_cipher_operation_t *operation, - const uint8_t *input, size_t input_length, - uint8_t *output, size_t output_size, size_t *output_length); - -psa_status_t mbedtls_test_transparent_cipher_finish( - mbedtls_transparent_test_driver_cipher_operation_t *operation, - uint8_t *output, size_t output_size, size_t *output_length); - -/* - * opaque versions - */ -psa_status_t mbedtls_test_opaque_cipher_encrypt( - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg, - const uint8_t *iv, size_t iv_length, - const uint8_t *input, size_t input_length, - uint8_t *output, size_t output_size, size_t *output_length); - -psa_status_t mbedtls_test_opaque_cipher_decrypt( - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg, - const uint8_t *input, size_t input_length, - uint8_t *output, size_t output_size, size_t *output_length); - -psa_status_t mbedtls_test_opaque_cipher_encrypt_setup( - mbedtls_opaque_test_driver_cipher_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg); - -psa_status_t mbedtls_test_opaque_cipher_decrypt_setup( - mbedtls_opaque_test_driver_cipher_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg); - -psa_status_t mbedtls_test_opaque_cipher_abort( - mbedtls_opaque_test_driver_cipher_operation_t *operation); - -psa_status_t mbedtls_test_opaque_cipher_set_iv( - mbedtls_opaque_test_driver_cipher_operation_t *operation, - const uint8_t *iv, size_t iv_length); - -psa_status_t mbedtls_test_opaque_cipher_update( - mbedtls_opaque_test_driver_cipher_operation_t *operation, - const uint8_t *input, size_t input_length, - uint8_t *output, size_t output_size, size_t *output_length); - -psa_status_t mbedtls_test_opaque_cipher_finish( - mbedtls_opaque_test_driver_cipher_operation_t *operation, - uint8_t *output, size_t output_size, size_t *output_length); - -#endif /* PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_TEST_DRIVERS_CIPHER_H */ diff --git a/tests/include/test/drivers/config_test_driver.h b/tests/include/test/drivers/config_test_driver.h deleted file mode 100644 index ec8bcb6135..0000000000 --- a/tests/include/test/drivers/config_test_driver.h +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Mbed TLS configuration for PSA test driver libraries. It includes: - * . the minimum set of modules needed by the PSA core. - * . the Mbed TLS configuration options that may need to be additionally - * enabled for the purpose of a specific test. - * . the PSA configuration file for the Mbed TLS library and its test drivers. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef MBEDTLS_CONFIG_H -#define MBEDTLS_CONFIG_H - -#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) -#define _CRT_SECURE_NO_DEPRECATE 1 -#endif - -#define MBEDTLS_PSA_CRYPTO_C -#define MBEDTLS_PSA_CRYPTO_CONFIG - -/* PSA core mandatory configuration options */ -#define MBEDTLS_CIPHER_C -#define MBEDTLS_AES_C -#define MBEDTLS_SHA256_C -#define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1 -#define MBEDTLS_CTR_DRBG_C -#define MBEDTLS_ENTROPY_C -#define MBEDTLS_ENTROPY_FORCE_SHA256 - -/* - * Configuration options that may need to be additionally enabled for the - * purpose of a specific set of tests. - */ -//#define MBEDTLS_SHA1_C -//#define MBEDTLS_SHA224_C -//#define MBEDTLS_SHA384_C -//#define MBEDTLS_SHA512_C -//#define MBEDTLS_MD_C -//#define MBEDTLS_PEM_PARSE_C -//#define MBEDTLS_BASE64_C -//#define MBEDTLS_THREADING_C -//#define MBEDTLS_THREADING_PTHREAD - -#endif /* MBEDTLS_CONFIG_H */ diff --git a/tests/include/test/drivers/crypto_config_test_driver_extension.h b/tests/include/test/drivers/crypto_config_test_driver_extension.h deleted file mode 100644 index 66378e7def..0000000000 --- a/tests/include/test/drivers/crypto_config_test_driver_extension.h +++ /dev/null @@ -1,689 +0,0 @@ -/** - * This file is intended to be used to build PSA external test driver - * libraries (libtestdriver1). - * - * It is intended to be appended by the test build system to the - * crypto_config.h file of the Mbed TLS library the test library will be - * linked to (see `tests/Makefile` libtestdriver1 target). This is done in - * order to insert it at the right time: after the main configuration - * (PSA_WANT) but before the logic that determines what built-ins to enable - * based on PSA_WANT and MBEDTLS_PSA_ACCEL macros. - * - * It reverses the PSA_ACCEL_* macros defining the cryptographic operations - * that will be accelerated in the main library: - * - When something is accelerated in the main library, we need it supported - * in libtestdriver1, so we disable the accel macro in order to the built-in - * to be enabled. - * - When something is NOT accelerated in the main library, we don't need it - * in libtestdriver1, so we enable its accel macro in order to the built-in - * to be disabled, to keep libtestdriver1 minimal. (We can't adjust the - * PSA_WANT macros as they need to be the same between libtestdriver1 and - * the main library, since they determine the ABI between the two.) - */ - -#include "psa/crypto_legacy.h" - -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) -#if defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING) -#undef MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING -#else -#define MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_CBC_PKCS7) -#if defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7) -#undef MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7 -#else -#define MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_CFB) -#if defined(MBEDTLS_PSA_ACCEL_ALG_CFB) -#undef MBEDTLS_PSA_ACCEL_ALG_CFB -#else -#define MBEDTLS_PSA_ACCEL_ALG_CFB 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_CMAC) -#if defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) -#undef MBEDTLS_PSA_ACCEL_ALG_CMAC -#else -#define MBEDTLS_PSA_ACCEL_ALG_CMAC 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_CTR) -#if defined(MBEDTLS_PSA_ACCEL_ALG_CTR) -#undef MBEDTLS_PSA_ACCEL_ALG_CTR -#else -#define MBEDTLS_PSA_ACCEL_ALG_CTR 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_STREAM_CIPHER) -#if defined(MBEDTLS_PSA_ACCEL_ALG_STREAM_CIPHER) -#undef MBEDTLS_PSA_ACCEL_ALG_STREAM_CIPHER -#else -#define MBEDTLS_PSA_ACCEL_ALG_STREAM_CIPHER 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_ECB_NO_PADDING) -#if defined(MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING) -#undef MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING -#else -#define MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING 1 -#endif -#endif - -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) -#if defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256) -#undef MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256 -#else -#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256 1 -#endif -#endif - -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) -#if defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384) -#undef MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384 -#else -#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384 1 -#endif -#endif - -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) -#if defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512) -#undef MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512 -#else -#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512 1 -#endif -#endif - -#if defined(PSA_WANT_ECC_MONTGOMERY_255) -#if defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255) -#undef MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255 -#else -#define MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255 1 -#endif -#endif - -#if defined(PSA_WANT_ECC_MONTGOMERY_448) -#if defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448) -#undef MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448 -#else -#define MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448 1 -#endif -#endif - -#if defined(PSA_WANT_ECC_SECP_K1_192) -#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192) -#undef MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192 -#else -#define MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192 1 -#endif -#endif - -#if defined(PSA_WANT_ECC_SECP_K1_224) -#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224) -#undef MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224 -#else -#define MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224 1 -#endif -#endif - -#if defined(PSA_WANT_ECC_SECP_K1_256) -#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256) -#undef MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256 -#else -#define MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256 1 -#endif -#endif - -#if defined(PSA_WANT_ECC_SECP_R1_192) -#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192) -#undef MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192 -#else -#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192 1 -#endif -#endif - -#if defined(PSA_WANT_ECC_SECP_R1_224) -#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224) -#undef MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224 -#else -#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224 1 -#endif -#endif - -#if defined(PSA_WANT_ECC_SECP_R1_256) -#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256) -#undef MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256 -#else -#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256 1 -#endif -#endif - -#if defined(PSA_WANT_ECC_SECP_R1_384) -#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384) -#undef MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384 -#else -#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384 1 -#endif -#endif - -#if defined(PSA_WANT_ECC_SECP_R1_521) -#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521) -#undef MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521 -#else -#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) -#if defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) -#undef MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA -#else -#define MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_ECDSA) -#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) -#undef MBEDTLS_PSA_ACCEL_ALG_ECDSA -#else -#define MBEDTLS_PSA_ACCEL_ALG_ECDSA 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_ECDH) -#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDH) -#undef MBEDTLS_PSA_ACCEL_ALG_ECDH -#else -#define MBEDTLS_PSA_ACCEL_ALG_ECDH 1 -#endif -#endif - -#if defined(PSA_WANT_DH_RFC7919_2048) -#if defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_2048) -#undef MBEDTLS_PSA_ACCEL_DH_RFC7919_2048 -#else -#define MBEDTLS_PSA_ACCEL_DH_RFC7919_2048 -#endif -#endif - -#if defined(PSA_WANT_DH_RFC7919_3072) -#if defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_3072) -#undef MBEDTLS_PSA_ACCEL_DH_RFC7919_3072 -#else -#define MBEDTLS_PSA_ACCEL_DH_RFC7919_3072 -#endif -#endif - -#if defined(PSA_WANT_DH_RFC7919_4096) -#if defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_4096) -#undef MBEDTLS_PSA_ACCEL_DH_RFC7919_4096 -#else -#define MBEDTLS_PSA_ACCEL_DH_RFC7919_4096 -#endif -#endif - -#if defined(PSA_WANT_DH_RFC7919_6144) -#if defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_6144) -#undef MBEDTLS_PSA_ACCEL_DH_RFC7919_6144 -#else -#define MBEDTLS_PSA_ACCEL_DH_RFC7919_6144 -#endif -#endif - -#if defined(PSA_WANT_DH_RFC7919_8192) -#if defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_8192) -#undef MBEDTLS_PSA_ACCEL_DH_RFC7919_8192 -#else -#define MBEDTLS_PSA_ACCEL_DH_RFC7919_8192 -#endif -#endif - -#if defined(PSA_WANT_ALG_FFDH) -#if defined(MBEDTLS_PSA_ACCEL_ALG_FFDH) -#undef MBEDTLS_PSA_ACCEL_ALG_FFDH -#else -#define MBEDTLS_PSA_ACCEL_ALG_FFDH 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_MD5) -#if defined(MBEDTLS_PSA_ACCEL_ALG_MD5) -#undef MBEDTLS_PSA_ACCEL_ALG_MD5 -#else -#define MBEDTLS_PSA_ACCEL_ALG_MD5 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_OFB) -#if defined(MBEDTLS_PSA_ACCEL_ALG_OFB) -#undef MBEDTLS_PSA_ACCEL_ALG_OFB -#else -#define MBEDTLS_PSA_ACCEL_ALG_OFB 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_RIPEMD160) -#if defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160) -#undef MBEDTLS_PSA_ACCEL_ALG_RIPEMD160 -#else -#define MBEDTLS_PSA_ACCEL_ALG_RIPEMD160 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) -#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) -#undef MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN -#else -#define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_RSA_PSS) -#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) -#undef MBEDTLS_PSA_ACCEL_ALG_RSA_PSS -#else -#define MBEDTLS_PSA_ACCEL_ALG_RSA_PSS 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_SHA_1) -#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1) -#undef MBEDTLS_PSA_ACCEL_ALG_SHA_1 -#else -#define MBEDTLS_PSA_ACCEL_ALG_SHA_1 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_SHA_224) -#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224) -#undef MBEDTLS_PSA_ACCEL_ALG_SHA_224 -#else -#define MBEDTLS_PSA_ACCEL_ALG_SHA_224 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_SHA_256) -#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256) -#undef MBEDTLS_PSA_ACCEL_ALG_SHA_256 -#else -#define MBEDTLS_PSA_ACCEL_ALG_SHA_256 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_SHA_384) -#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384) -#undef MBEDTLS_PSA_ACCEL_ALG_SHA_384 -#else -#define MBEDTLS_PSA_ACCEL_ALG_SHA_384 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_SHA_512) -#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512) -#undef MBEDTLS_PSA_ACCEL_ALG_SHA_512 -#else -#define MBEDTLS_PSA_ACCEL_ALG_SHA_512 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_SHA3_224) -#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_224) -#undef MBEDTLS_PSA_ACCEL_ALG_SHA3_224 -#else -#define MBEDTLS_PSA_ACCEL_ALG_SHA3_224 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_SHA3_256) -#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_256) -#undef MBEDTLS_PSA_ACCEL_ALG_SHA3_256 -#else -#define MBEDTLS_PSA_ACCEL_ALG_SHA3_256 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_SHA3_384) -#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_384) -#undef MBEDTLS_PSA_ACCEL_ALG_SHA3_384 -#else -#define MBEDTLS_PSA_ACCEL_ALG_SHA3_384 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_SHA3_512) -#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_512) -#undef MBEDTLS_PSA_ACCEL_ALG_SHA3_512 -#else -#define MBEDTLS_PSA_ACCEL_ALG_SHA3_512 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_XTS) -#if defined(MBEDTLS_PSA_ACCEL_ALG_XTS) -#undef MBEDTLS_PSA_ACCEL_ALG_XTS -#else -#define MBEDTLS_PSA_ACCEL_ALG_XTS 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_CHACHA20_POLY1305) -#if defined(MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305) -#undef MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 -#else -#define MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_JPAKE) -#if defined(MBEDTLS_PSA_ACCEL_ALG_JPAKE) -#undef MBEDTLS_PSA_ACCEL_ALG_JPAKE -#else -#define MBEDTLS_PSA_ACCEL_ALG_JPAKE 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_AES) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_AES -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_AES 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_ARIA) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_IMPORT) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_IMPORT -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_EXPORT) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_EXPORT -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_GENERATE) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_GENERATE -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_CHACHA20) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 1 -#endif -#endif - - -#if defined(PSA_WANT_ALG_TLS12_PRF) -#if defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF) -#undef MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF -#else -#define MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_TLS12_PSK_TO_MS) -#if defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS) -#undef MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS -#else -#define MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS) -#if defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS) -#undef MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS -#else -#define MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_GCM) -#if defined(MBEDTLS_PSA_ACCEL_ALG_GCM) -#undef MBEDTLS_PSA_ACCEL_ALG_GCM -#else -#define MBEDTLS_PSA_ACCEL_ALG_GCM 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_CCM) -#if defined(MBEDTLS_PSA_ACCEL_ALG_CCM) -#undef MBEDTLS_PSA_ACCEL_ALG_CCM -#else -#define MBEDTLS_PSA_ACCEL_ALG_CCM 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_CCM_STAR_NO_TAG) -#if defined(MBEDTLS_PSA_ACCEL_ALG_CCM_STAR_NO_TAG) -#undef MBEDTLS_PSA_ACCEL_ALG_CCM_STAR_NO_TAG -#else -#define MBEDTLS_PSA_ACCEL_ALG_CCM_STAR_NO_TAG 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_CBC_MAC) -#if defined(MBEDTLS_PSA_ACCEL_ALG_CBC_MAC) -#undef MBEDTLS_PSA_ACCEL_ALG_CBC_MAC -#else -#define MBEDTLS_PSA_ACCEL_ALG_CBC_MAC 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_HMAC) -#if defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) -#undef MBEDTLS_PSA_ACCEL_ALG_HMAC -#else -#define MBEDTLS_PSA_ACCEL_ALG_HMAC 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_HKDF) -#if defined(MBEDTLS_PSA_ACCEL_ALG_HKDF) -#undef MBEDTLS_PSA_ACCEL_ALG_HKDF -#else -#define MBEDTLS_PSA_ACCEL_ALG_HKDF 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_HKDF_EXTRACT) -#if defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT) -#undef MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT -#else -#define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_HKDF_EXPAND) -#if defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND) -#undef MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND -#else -#define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_RSA_OAEP) -#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP) -#undef MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP -#else -#define MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT) -#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT) -#undef MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT -#else -#define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_DERIVE) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_HMAC) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_DES) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DES) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DES -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DES 1 -#endif -#endif - -#if defined(PSA_WANT_KEY_TYPE_RAW_DATA) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RAW_DATA) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RAW_DATA -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RAW_DATA 1 -#endif -#endif diff --git a/tests/include/test/drivers/hash.h b/tests/include/test/drivers/hash.h deleted file mode 100644 index ad48c45d52..0000000000 --- a/tests/include/test/drivers/hash.h +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Test driver for hash driver entry points. - */ -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef PSA_CRYPTO_TEST_DRIVERS_HASH_H -#define PSA_CRYPTO_TEST_DRIVERS_HASH_H - -#include "mbedtls/build_info.h" - -#if defined(PSA_CRYPTO_DRIVER_TEST) -#include - -typedef struct { - /* If not PSA_SUCCESS, return this error code instead of processing the - * function call. */ - psa_status_t forced_status; - /* Count the amount of times hash driver entry points are called. */ - unsigned long hits; - /* Status returned by the last hash driver entry point call. */ - psa_status_t driver_status; -} mbedtls_test_driver_hash_hooks_t; - -#define MBEDTLS_TEST_DRIVER_HASH_INIT { 0, 0, 0 } -static inline mbedtls_test_driver_hash_hooks_t -mbedtls_test_driver_hash_hooks_init(void) -{ - const mbedtls_test_driver_hash_hooks_t v = MBEDTLS_TEST_DRIVER_HASH_INIT; - return v; -} - -extern mbedtls_test_driver_hash_hooks_t mbedtls_test_driver_hash_hooks; - -psa_status_t mbedtls_test_transparent_hash_compute( - psa_algorithm_t alg, - const uint8_t *input, size_t input_length, - uint8_t *hash, size_t hash_size, size_t *hash_length); - -psa_status_t mbedtls_test_transparent_hash_setup( - mbedtls_transparent_test_driver_hash_operation_t *operation, - psa_algorithm_t alg); - -psa_status_t mbedtls_test_transparent_hash_clone( - const mbedtls_transparent_test_driver_hash_operation_t *source_operation, - mbedtls_transparent_test_driver_hash_operation_t *target_operation); - -psa_status_t mbedtls_test_transparent_hash_update( - mbedtls_transparent_test_driver_hash_operation_t *operation, - const uint8_t *input, - size_t input_length); - -psa_status_t mbedtls_test_transparent_hash_finish( - mbedtls_transparent_test_driver_hash_operation_t *operation, - uint8_t *hash, - size_t hash_size, - size_t *hash_length); - -psa_status_t mbedtls_test_transparent_hash_abort( - mbedtls_transparent_test_driver_hash_operation_t *operation); - -#endif /* PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_TEST_DRIVERS_HASH_H */ diff --git a/tests/include/test/drivers/key_agreement.h b/tests/include/test/drivers/key_agreement.h deleted file mode 100644 index ca82b3ad96..0000000000 --- a/tests/include/test/drivers/key_agreement.h +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Test driver for key agreement functions. - */ -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef PSA_CRYPTO_TEST_DRIVERS_KEY_AGREEMENT_H -#define PSA_CRYPTO_TEST_DRIVERS_KEY_AGREEMENT_H - -#include "mbedtls/build_info.h" - -#if defined(PSA_CRYPTO_DRIVER_TEST) -#include - -typedef struct { - /* If non-null, on success, copy this to the output. */ - void *forced_output; - size_t forced_output_length; - /* If not PSA_SUCCESS, return this error code instead of processing the - * function call. */ - psa_status_t forced_status; - /* Count the amount of times one of the signature driver functions is called. */ - unsigned long hits; -} mbedtls_test_driver_key_agreement_hooks_t; - -#define MBEDTLS_TEST_DRIVER_KEY_AGREEMENT_INIT { NULL, 0, PSA_SUCCESS, 0 } -static inline mbedtls_test_driver_key_agreement_hooks_t -mbedtls_test_driver_key_agreement_hooks_init(void) -{ - const mbedtls_test_driver_key_agreement_hooks_t - v = MBEDTLS_TEST_DRIVER_KEY_AGREEMENT_INIT; - return v; -} - -extern mbedtls_test_driver_key_agreement_hooks_t - mbedtls_test_driver_key_agreement_hooks; - -psa_status_t mbedtls_test_transparent_key_agreement( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *peer_key, - size_t peer_key_length, - uint8_t *shared_secret, - size_t shared_secret_size, - size_t *shared_secret_length); - -psa_status_t mbedtls_test_opaque_key_agreement( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *peer_key, - size_t peer_key_length, - uint8_t *shared_secret, - size_t shared_secret_size, - size_t *shared_secret_length); - -#endif /*PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_TEST_DRIVERS_KEY_AGREEMENT_H */ diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h deleted file mode 100644 index 1d9bc43985..0000000000 --- a/tests/include/test/drivers/key_management.h +++ /dev/null @@ -1,131 +0,0 @@ -/* - * Test driver for generating and verifying keys. - */ -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H -#define PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H - -#include "mbedtls/build_info.h" - -#if defined(PSA_CRYPTO_DRIVER_TEST) -#include - -#define PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT 0 -#define PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT 1 - -typedef struct { - /* If non-null, on success, copy this to the output. */ - void *forced_output; - size_t forced_output_length; - /* If not PSA_SUCCESS, return this error code instead of processing the - * function call. */ - psa_status_t forced_status; - /* Count the amount of times one of the key management driver functions - * is called. */ - unsigned long hits; - /* Subset of hits which only counts public key export operations */ - unsigned long hits_export_public_key; - /* Subset of hits which only counts key generation operations */ - unsigned long hits_generate_key; - /* Location of the last key management driver called to import a key. */ - psa_key_location_t location; -} mbedtls_test_driver_key_management_hooks_t; - -/* The location is initialized to the invalid value 0x800000. Invalid in the - * sense that no PSA specification will assign a meaning to this location - * (stated first in version 1.0.1 of the specification) and that it is not - * used as a location of an opaque test drivers. */ -#define MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT { NULL, 0, PSA_SUCCESS, 0, 0, 0, 0x800000 } -static inline mbedtls_test_driver_key_management_hooks_t -mbedtls_test_driver_key_management_hooks_init(void) -{ - const mbedtls_test_driver_key_management_hooks_t - v = MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT; - return v; -} - -/* - * In order to convert the plain text keys to Opaque, the size of the key is - * padded up by PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE in addition to - * xor mangling the key. The pad prefix needs to be accounted for while - * sizing for the key. - */ -#define PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX 0xBEEFED00U -#define PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE sizeof( \ - PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX) - -size_t mbedtls_test_opaque_size_function( - const psa_key_type_t key_type, - const size_t key_bits); - -extern mbedtls_test_driver_key_management_hooks_t - mbedtls_test_driver_key_management_hooks; - -psa_status_t mbedtls_test_transparent_init(void); -void mbedtls_test_transparent_free(void); -psa_status_t mbedtls_test_opaque_init(void); -void mbedtls_test_opaque_free(void); - -psa_status_t mbedtls_test_opaque_unwrap_key( - const uint8_t *wrapped_key, size_t wrapped_key_length, uint8_t *key_buffer, - size_t key_buffer_size, size_t *key_buffer_length); - -psa_status_t mbedtls_test_transparent_generate_key( - const psa_key_attributes_t *attributes, - uint8_t *key, size_t key_size, size_t *key_length); - -psa_status_t mbedtls_test_opaque_generate_key( - const psa_key_attributes_t *attributes, - uint8_t *key, size_t key_size, size_t *key_length); - -psa_status_t mbedtls_test_opaque_export_key( - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - uint8_t *data, size_t data_size, size_t *data_length); - -psa_status_t mbedtls_test_transparent_export_public_key( - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - uint8_t *data, size_t data_size, size_t *data_length); - -psa_status_t mbedtls_test_opaque_export_public_key( - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - uint8_t *data, size_t data_size, size_t *data_length); - -psa_status_t mbedtls_test_transparent_import_key( - const psa_key_attributes_t *attributes, - const uint8_t *data, - size_t data_length, - uint8_t *key_buffer, - size_t key_buffer_size, - size_t *key_buffer_length, - size_t *bits); - -psa_status_t mbedtls_test_opaque_import_key( - const psa_key_attributes_t *attributes, - const uint8_t *data, - size_t data_length, - uint8_t *key_buffer, - size_t key_buffer_size, - size_t *key_buffer_length, - size_t *bits); - -psa_status_t mbedtls_test_opaque_get_builtin_key( - psa_drv_slot_number_t slot_number, - psa_key_attributes_t *attributes, - uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length); - -psa_status_t mbedtls_test_opaque_copy_key( - psa_key_attributes_t *attributes, - const uint8_t *source_key, - size_t source_key_length, - uint8_t *target_key_buffer, - size_t target_key_buffer_size, - size_t *target_key_buffer_length); - -#endif /* PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H */ diff --git a/tests/include/test/drivers/mac.h b/tests/include/test/drivers/mac.h deleted file mode 100644 index d92eff9038..0000000000 --- a/tests/include/test/drivers/mac.h +++ /dev/null @@ -1,125 +0,0 @@ -/* - * Test driver for MAC driver entry points. - */ -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef PSA_CRYPTO_TEST_DRIVERS_MAC_H -#define PSA_CRYPTO_TEST_DRIVERS_MAC_H - -#include "mbedtls/build_info.h" - -#if defined(PSA_CRYPTO_DRIVER_TEST) -#include - -typedef struct { - /* If not PSA_SUCCESS, return this error code instead of processing the - * function call. */ - psa_status_t forced_status; - /* Count the amount of times MAC driver functions are called. */ - unsigned long hits; - /* Status returned by the last MAC driver function call. */ - psa_status_t driver_status; -} mbedtls_test_driver_mac_hooks_t; - -#define MBEDTLS_TEST_DRIVER_MAC_INIT { 0, 0, 0 } -static inline mbedtls_test_driver_mac_hooks_t -mbedtls_test_driver_mac_hooks_init(void) -{ - const mbedtls_test_driver_mac_hooks_t v = MBEDTLS_TEST_DRIVER_MAC_INIT; - return v; -} - -extern mbedtls_test_driver_mac_hooks_t mbedtls_test_driver_mac_hooks; - -psa_status_t mbedtls_test_transparent_mac_compute( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *mac, - size_t mac_size, - size_t *mac_length); - -psa_status_t mbedtls_test_transparent_mac_sign_setup( - mbedtls_transparent_test_driver_mac_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg); - -psa_status_t mbedtls_test_transparent_mac_verify_setup( - mbedtls_transparent_test_driver_mac_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg); - -psa_status_t mbedtls_test_transparent_mac_update( - mbedtls_transparent_test_driver_mac_operation_t *operation, - const uint8_t *input, - size_t input_length); - -psa_status_t mbedtls_test_transparent_mac_sign_finish( - mbedtls_transparent_test_driver_mac_operation_t *operation, - uint8_t *mac, - size_t mac_size, - size_t *mac_length); - -psa_status_t mbedtls_test_transparent_mac_verify_finish( - mbedtls_transparent_test_driver_mac_operation_t *operation, - const uint8_t *mac, - size_t mac_length); - -psa_status_t mbedtls_test_transparent_mac_abort( - mbedtls_transparent_test_driver_mac_operation_t *operation); - -psa_status_t mbedtls_test_opaque_mac_compute( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *mac, - size_t mac_size, - size_t *mac_length); - -psa_status_t mbedtls_test_opaque_mac_sign_setup( - mbedtls_opaque_test_driver_mac_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg); - -psa_status_t mbedtls_test_opaque_mac_verify_setup( - mbedtls_opaque_test_driver_mac_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg); - -psa_status_t mbedtls_test_opaque_mac_update( - mbedtls_opaque_test_driver_mac_operation_t *operation, - const uint8_t *input, - size_t input_length); - -psa_status_t mbedtls_test_opaque_mac_sign_finish( - mbedtls_opaque_test_driver_mac_operation_t *operation, - uint8_t *mac, - size_t mac_size, - size_t *mac_length); - -psa_status_t mbedtls_test_opaque_mac_verify_finish( - mbedtls_opaque_test_driver_mac_operation_t *operation, - const uint8_t *mac, - size_t mac_length); - -psa_status_t mbedtls_test_opaque_mac_abort( - mbedtls_opaque_test_driver_mac_operation_t *operation); - -#endif /* PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_TEST_DRIVERS_MAC_H */ diff --git a/tests/include/test/drivers/pake.h b/tests/include/test/drivers/pake.h deleted file mode 100644 index d292ca0daf..0000000000 --- a/tests/include/test/drivers/pake.h +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Test driver for PAKE driver entry points. - */ -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef PSA_CRYPTO_TEST_DRIVERS_PAKE_H -#define PSA_CRYPTO_TEST_DRIVERS_PAKE_H - -#include "mbedtls/build_info.h" - -#if defined(PSA_CRYPTO_DRIVER_TEST) -#include - -typedef struct { - /* If not PSA_SUCCESS, return this error code instead of processing the - * function call. */ - psa_status_t forced_status; - /* PAKE driver setup is executed on the first call to - pake_output/pake_input (added to distinguish forced statuses). */ - psa_status_t forced_setup_status; - /* Count the amount of times PAKE driver functions are called. */ - struct { - unsigned long total; - unsigned long setup; - unsigned long input; - unsigned long output; - unsigned long implicit_key; - unsigned long abort; - } hits; - /* Status returned by the last PAKE driver function call. */ - psa_status_t driver_status; - /* Output returned by pake_output */ - void *forced_output; - size_t forced_output_length; -} mbedtls_test_driver_pake_hooks_t; - -#define MBEDTLS_TEST_DRIVER_PAKE_INIT { PSA_SUCCESS, PSA_SUCCESS, { 0, 0, 0, 0, 0, 0 }, PSA_SUCCESS, \ - NULL, 0 } -static inline mbedtls_test_driver_pake_hooks_t -mbedtls_test_driver_pake_hooks_init(void) -{ - const mbedtls_test_driver_pake_hooks_t v = MBEDTLS_TEST_DRIVER_PAKE_INIT; - return v; -} - -extern mbedtls_test_driver_pake_hooks_t mbedtls_test_driver_pake_hooks; - -psa_status_t mbedtls_test_transparent_pake_setup( - mbedtls_transparent_test_driver_pake_operation_t *operation, - const psa_crypto_driver_pake_inputs_t *inputs); - -psa_status_t mbedtls_test_transparent_pake_output( - mbedtls_transparent_test_driver_pake_operation_t *operation, - psa_crypto_driver_pake_step_t step, - uint8_t *output, - size_t output_size, - size_t *output_length); - -psa_status_t mbedtls_test_transparent_pake_input( - mbedtls_transparent_test_driver_pake_operation_t *operation, - psa_crypto_driver_pake_step_t step, - const uint8_t *input, - size_t input_length); - -psa_status_t mbedtls_test_transparent_pake_get_implicit_key( - mbedtls_transparent_test_driver_pake_operation_t *operation, - uint8_t *output, size_t output_size, size_t *output_length); - -psa_status_t mbedtls_test_transparent_pake_abort( - mbedtls_transparent_test_driver_pake_operation_t *operation); - -#endif /* PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_TEST_DRIVERS_PAKE_H */ diff --git a/tests/include/test/drivers/signature.h b/tests/include/test/drivers/signature.h deleted file mode 100644 index 8c5703edf9..0000000000 --- a/tests/include/test/drivers/signature.h +++ /dev/null @@ -1,112 +0,0 @@ -/* - * Test driver for signature functions. - */ -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H -#define PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H - -#include "mbedtls/build_info.h" - -#if defined(PSA_CRYPTO_DRIVER_TEST) -#include - -typedef struct { - /* If non-null, on success, copy this to the output. */ - void *forced_output; - size_t forced_output_length; - /* If not PSA_SUCCESS, return this error code instead of processing the - * function call. */ - psa_status_t forced_status; - /* Count the amount of times one of the signature driver functions is called. */ - unsigned long hits; -} mbedtls_test_driver_signature_hooks_t; - -#define MBEDTLS_TEST_DRIVER_SIGNATURE_INIT { NULL, 0, PSA_SUCCESS, 0 } -static inline mbedtls_test_driver_signature_hooks_t -mbedtls_test_driver_signature_hooks_init(void) -{ - const mbedtls_test_driver_signature_hooks_t - v = MBEDTLS_TEST_DRIVER_SIGNATURE_INIT; - return v; -} - -extern mbedtls_test_driver_signature_hooks_t - mbedtls_test_driver_signature_sign_hooks; -extern mbedtls_test_driver_signature_hooks_t - mbedtls_test_driver_signature_verify_hooks; - -psa_status_t mbedtls_test_transparent_signature_sign_message( - const psa_key_attributes_t *attributes, - const uint8_t *key, - size_t key_length, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *signature, - size_t signature_size, - size_t *signature_length); - -psa_status_t mbedtls_test_opaque_signature_sign_message( - const psa_key_attributes_t *attributes, - const uint8_t *key, - size_t key_length, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *signature, - size_t signature_size, - size_t *signature_length); - -psa_status_t mbedtls_test_transparent_signature_verify_message( - const psa_key_attributes_t *attributes, - const uint8_t *key, - size_t key_length, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - const uint8_t *signature, - size_t signature_length); - -psa_status_t mbedtls_test_opaque_signature_verify_message( - const psa_key_attributes_t *attributes, - const uint8_t *key, - size_t key_length, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - const uint8_t *signature, - size_t signature_length); - -psa_status_t mbedtls_test_transparent_signature_sign_hash( - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg, - const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, size_t *signature_length); - -psa_status_t mbedtls_test_opaque_signature_sign_hash( - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg, - const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, size_t *signature_length); - -psa_status_t mbedtls_test_transparent_signature_verify_hash( - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg, - const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length); - -psa_status_t mbedtls_test_opaque_signature_verify_hash( - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg, - const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length); - -#endif /* PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H */ diff --git a/tests/include/test/drivers/test_driver.h b/tests/include/test/drivers/test_driver.h deleted file mode 100644 index 74605d6b82..0000000000 --- a/tests/include/test/drivers/test_driver.h +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Umbrella include for all of the test driver functionality - */ -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef PSA_CRYPTO_TEST_DRIVER_H -#define PSA_CRYPTO_TEST_DRIVER_H - -#if defined(PSA_CRYPTO_DRIVER_TEST) -#ifndef PSA_CRYPTO_DRIVER_PRESENT -#define PSA_CRYPTO_DRIVER_PRESENT -#endif -#ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT -#define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT -#endif - -#define PSA_CRYPTO_TEST_DRIVER_LOCATION 0x7fffff - -#include "test/drivers/aead.h" -#include "test/drivers/cipher.h" -#include "test/drivers/hash.h" -#include "test/drivers/mac.h" -#include "test/drivers/key_management.h" -#include "test/drivers/signature.h" -#include "test/drivers/asymmetric_encryption.h" -#include "test/drivers/key_agreement.h" -#include "test/drivers/pake.h" - -#endif /* PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_TEST_DRIVER_H */ diff --git a/tests/include/test/fake_external_rng_for_test.h b/tests/include/test/fake_external_rng_for_test.h deleted file mode 100644 index e3e331d552..0000000000 --- a/tests/include/test/fake_external_rng_for_test.h +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Insecure but standalone implementation of mbedtls_psa_external_get_random(). - * Only for use in tests! - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef FAKE_EXTERNAL_RNG_FOR_TEST_H -#define FAKE_EXTERNAL_RNG_FOR_TEST_H - -#include "mbedtls/build_info.h" - -#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) -/** Enable the insecure implementation of mbedtls_psa_external_get_random(). - * - * The insecure implementation of mbedtls_psa_external_get_random() is - * disabled by default. - * - * When MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is enabled and the test - * helpers are linked into a program, you must enable this before running any - * code that uses the PSA subsystem to generate random data (including internal - * random generation for purposes such as blinding when the random generation - * is routed through PSA). - * - * You can enable and disable it at any time, regardless of the state - * of the PSA subsystem. You may disable it temporarily to simulate a - * depleted entropy source. - */ -void mbedtls_test_enable_insecure_external_rng(void); - -/** Disable the insecure implementation of mbedtls_psa_external_get_random(). - * - * See mbedtls_test_enable_insecure_external_rng(). - */ -void mbedtls_test_disable_insecure_external_rng(void); -#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ - -#endif /* FAKE_EXTERNAL_RNG_FOR_TEST_H */ diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h deleted file mode 100644 index d08100f158..0000000000 --- a/tests/include/test/helpers.h +++ /dev/null @@ -1,404 +0,0 @@ -/** - * \file helpers.h - * - * \brief This file contains the prototypes of helper functions for the - * purpose of testing. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef TEST_HELPERS_H -#define TEST_HELPERS_H - -/* Most fields of publicly available structs are private and are wrapped with - * MBEDTLS_PRIVATE macro. This define allows tests to access the private fields - * directly (without using the MBEDTLS_PRIVATE wrapper). */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - -#include "mbedtls/build_info.h" - -#if defined(__SANITIZE_ADDRESS__) /* gcc -fsanitize=address */ -# define MBEDTLS_TEST_HAVE_ASAN -#endif -#if defined(__SANITIZE_THREAD__) /* gcc -fsanitize-thread */ -# define MBEDTLS_TEST_HAVE_TSAN -#endif - -#if defined(__has_feature) -# if __has_feature(address_sanitizer) /* clang -fsanitize=address */ -# define MBEDTLS_TEST_HAVE_ASAN -# endif -# if __has_feature(memory_sanitizer) /* clang -fsanitize=memory */ -# define MBEDTLS_TEST_HAVE_MSAN -# endif -# if __has_feature(thread_sanitizer) /* clang -fsanitize=thread */ -# define MBEDTLS_TEST_HAVE_TSAN -# endif -#endif - -#include "test/threading_helpers.h" - -#if defined(MBEDTLS_TEST_MUTEX_USAGE) -#include "mbedtls/threading.h" -#endif - -#include "mbedtls/platform.h" - -#include -#include - -#if defined(MBEDTLS_BIGNUM_C) -#include "mbedtls/bignum.h" -#endif - -/** The type of test case arguments that contain binary data. */ -typedef struct data_tag { - uint8_t *x; - uint32_t len; -} data_t; - -typedef enum { - MBEDTLS_TEST_RESULT_SUCCESS = 0, - MBEDTLS_TEST_RESULT_FAILED, - MBEDTLS_TEST_RESULT_SKIPPED -} mbedtls_test_result_t; - -#define MBEDTLS_TEST_LINE_LENGTH 76 - -typedef struct { - mbedtls_test_result_t result; - const char *test; - const char *filename; - int line_no; - unsigned long step; - char line1[MBEDTLS_TEST_LINE_LENGTH]; - char line2[MBEDTLS_TEST_LINE_LENGTH]; -#if defined(MBEDTLS_TEST_MUTEX_USAGE) - const char *mutex_usage_error; -#endif -#if defined(MBEDTLS_BIGNUM_C) - unsigned case_uses_negative_0; -#endif -} -mbedtls_test_info_t; - -/** - * \brief Get the current test result status - * - * \return The current test result status - */ -mbedtls_test_result_t mbedtls_test_get_result(void); - -/** - * \brief Get the current test name/description - * - * \return The current test name/description - */ -const char *mbedtls_test_get_test(void); - -/** - * \brief Get the current test filename - * - * \return The current test filename - */ -const char *mbedtls_get_test_filename(void); - -/** - * \brief Get the current test file line number (for failure / skip) - * - * \return The current test file line number (for failure / skip) - */ -int mbedtls_test_get_line_no(void); - -/** - * \brief Increment the current test step. - * - * \note It is not recommended for multiple threads to call this - * function concurrently - whilst it is entirely thread safe, - * the order of calls to this function can obviously not be - * ensured, so unexpected results may occur. - */ -void mbedtls_test_increment_step(void); - -/** - * \brief Get the current test step - * - * \return The current test step - */ -unsigned long mbedtls_test_get_step(void); - -/** - * \brief Get the current test line buffer 1 - * - * \param line Buffer of minimum size \c MBEDTLS_TEST_LINE_LENGTH, - * which will have line buffer 1 copied to it. - */ -void mbedtls_test_get_line1(char *line); - -/** - * \brief Get the current test line buffer 2 - * - * \param line Buffer of minimum size \c MBEDTLS_TEST_LINE_LENGTH, - * which will have line buffer 1 copied to it. - */ -void mbedtls_test_get_line2(char *line); - -#if defined(MBEDTLS_TEST_MUTEX_USAGE) -/** - * \brief Get the current mutex usage error message - * - * \return The current mutex error message (may be NULL if no error) - */ -const char *mbedtls_test_get_mutex_usage_error(void); - -/** - * \brief Set the current mutex usage error message - * - * \note This will only set the mutex error message if one has not - * already been set, or if we are clearing the message (msg is - * NULL) - * - * \param msg Error message to set (can be NULL to clear) - */ -void mbedtls_test_set_mutex_usage_error(const char *msg); -#endif - -#if defined(MBEDTLS_BIGNUM_C) - -/** - * \brief Get whether the current test is a bignum test that uses - * negative zero. - * - * \return non zero if the current test uses bignum negative zero. - */ -unsigned mbedtls_test_get_case_uses_negative_0(void); - -/** - * \brief Indicate that the current test uses bignum negative zero. - * - * \note This function is called if the current test case had an - * input parsed with mbedtls_test_read_mpi() that is a negative - * 0 (`"-"`, `"-0"`, `"-00"`, etc., constructing a result with - * the sign bit set to -1 and the value being all-limbs-0, - * which is not a valid representation in #mbedtls_mpi but is - * tested for robustness). * - */ -void mbedtls_test_increment_case_uses_negative_0(void); -#endif - -int mbedtls_test_platform_setup(void); -void mbedtls_test_platform_teardown(void); - -/** - * \brief Record the current test case as a failure. - * - * This function can be called directly however it is usually - * called via macros such as TEST_ASSERT, TEST_EQUAL, - * PSA_ASSERT, etc... - * - * \note If the test case was already marked as failed, calling - * `mbedtls_test_fail( )` again will not overwrite any - * previous information about the failure. - * - * \param test Description of the failure or assertion that failed. This - * MUST be a string literal. - * \param line_no Line number where the failure originated. - * \param filename Filename where the failure originated. - */ -void mbedtls_test_fail(const char *test, int line_no, const char *filename); - -/** - * \brief Record the current test case as skipped. - * - * This function can be called directly however it is usually - * called via the TEST_ASSUME macro. - * - * \param test Description of the assumption that caused the test case to - * be skipped. This MUST be a string literal. - * \param line_no Line number where the test case was skipped. - * \param filename Filename where the test case was skipped. - */ -void mbedtls_test_skip(const char *test, int line_no, const char *filename); - -/** - * \brief Set the test step number for failure reports. - * - * Call this function to display "step NNN" in addition to the - * line number and file name if a test fails. Typically the - * "step number" is the index of a for loop but it can be - * whatever you want. - * - * \note It is not recommended for multiple threads to call this - * function concurrently - whilst it is entirely thread safe, - * the order of calls to this function can obviously not be - * ensured, so unexpected results may occur. - * - * \param step The step number to report. - */ -void mbedtls_test_set_step(unsigned long step); - -/** - * \brief Reset mbedtls_test_info to a ready/starting state. - */ -void mbedtls_test_info_reset(void); - -#ifdef MBEDTLS_TEST_MUTEX_USAGE -/** - * \brief Get the test info data mutex. - * - * \note This is designed only to be used by threading_helpers to - * avoid a deadlock, not for general access to this mutex. - * - * \return The test info data mutex. - */ -mbedtls_threading_mutex_t *mbedtls_test_get_info_mutex(void); - -#endif /* MBEDTLS_TEST_MUTEX_USAGE */ - -/** - * \brief Record the current test case as a failure if two integers - * have a different value. - * - * This function is usually called via the macro - * #TEST_EQUAL. - * - * \param test Description of the failure or assertion that failed. This - * MUST be a string literal. This normally has the form - * "EXPR1 == EXPR2" where EXPR1 has the value \p value1 - * and EXPR2 has the value \p value2. - * \param line_no Line number where the failure originated. - * \param filename Filename where the failure originated. - * \param value1 The first value to compare. - * \param value2 The second value to compare. - * - * \return \c 1 if the values are equal, otherwise \c 0. - */ -int mbedtls_test_equal(const char *test, int line_no, const char *filename, - unsigned long long value1, unsigned long long value2); - -/** - * \brief Record the current test case as a failure based - * on comparing two unsigned integers. - * - * This function is usually called via the macro - * #TEST_LE_U. - * - * \param test Description of the failure or assertion that failed. This - * MUST be a string literal. This normally has the form - * "EXPR1 <= EXPR2" where EXPR1 has the value \p value1 - * and EXPR2 has the value \p value2. - * \param line_no Line number where the failure originated. - * \param filename Filename where the failure originated. - * \param value1 The first value to compare. - * \param value2 The second value to compare. - * - * \return \c 1 if \p value1 <= \p value2, otherwise \c 0. - */ -int mbedtls_test_le_u(const char *test, int line_no, const char *filename, - unsigned long long value1, unsigned long long value2); - -/** - * \brief Record the current test case as a failure based - * on comparing two signed integers. - * - * This function is usually called via the macro - * #TEST_LE_S. - * - * \param test Description of the failure or assertion that failed. This - * MUST be a string literal. This normally has the form - * "EXPR1 <= EXPR2" where EXPR1 has the value \p value1 - * and EXPR2 has the value \p value2. - * \param line_no Line number where the failure originated. - * \param filename Filename where the failure originated. - * \param value1 The first value to compare. - * \param value2 The second value to compare. - * - * \return \c 1 if \p value1 <= \p value2, otherwise \c 0. - */ -int mbedtls_test_le_s(const char *test, int line_no, const char *filename, - long long value1, long long value2); - -/** - * \brief This function decodes the hexadecimal representation of - * data. - * - * \note The output buffer can be the same as the input buffer. For - * any other overlapping of the input and output buffers, the - * behavior is undefined. - * - * \param obuf Output buffer. - * \param obufmax Size in number of bytes of \p obuf. - * \param ibuf Input buffer. - * \param len The number of unsigned char written in \p obuf. This must - * not be \c NULL. - * - * \return \c 0 on success. - * \return \c -1 if the output buffer is too small or the input string - * is not a valid hexadecimal representation. - */ -int mbedtls_test_unhexify(unsigned char *obuf, size_t obufmax, - const char *ibuf, size_t *len); - -void mbedtls_test_hexify(unsigned char *obuf, - const unsigned char *ibuf, - int len); - -/** - * \brief Convert hexadecimal digit to an integer. - * - * \param c The digit to convert (`'0'` to `'9'`, `'A'` to `'F'` or - * `'a'` to `'f'`). - * \param[out] uc On success, the value of the digit (0 to 15). - * - * \return 0 on success, -1 if \p c is not a hexadecimal digit. - */ -int mbedtls_test_ascii2uc(const char c, unsigned char *uc); - -/** - * Allocate and zeroize a buffer. - * - * If the size if zero, a pointer to a zeroized 1-byte buffer is returned. - * - * For convenience, dies if allocation fails. - */ -unsigned char *mbedtls_test_zero_alloc(size_t len); - -/** - * Allocate and fill a buffer from hex data. - * - * The buffer is sized exactly as needed. This allows to detect buffer - * overruns (including overreads) when running the test suite under valgrind. - * - * If the size if zero, a pointer to a zeroized 1-byte buffer is returned. - * - * For convenience, dies if allocation fails. - */ -unsigned char *mbedtls_test_unhexify_alloc(const char *ibuf, size_t *olen); - -int mbedtls_test_hexcmp(uint8_t *a, uint8_t *b, - uint32_t a_len, uint32_t b_len); - -#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) -#include "test/fake_external_rng_for_test.h" -#endif - -#if defined(MBEDTLS_TEST_HOOKS) -/** - * \brief Check that only a pure high-level error code is being combined with - * a pure low-level error code as otherwise the resultant error code - * would be corrupted. - * - * \note Both high-level and low-level error codes cannot be greater than - * zero however can be zero. If one error code is zero then the - * other error code is returned even if both codes are zero. - * - * \note If the check fails, fail the test currently being run. - */ -void mbedtls_test_err_add_check(int high, int low, - const char *file, int line); -#endif - -#endif /* TEST_HELPERS_H */ diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h deleted file mode 100644 index a73e06fca8..0000000000 --- a/tests/include/test/macros.h +++ /dev/null @@ -1,250 +0,0 @@ -/** - * \file macros.h - * - * \brief This file contains generic macros for the purpose of testing. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef TEST_MACROS_H -#define TEST_MACROS_H - -#include "mbedtls/build_info.h" - -#include - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) -#include "mbedtls/memory_buffer_alloc.h" -#endif -#include "common.h" - -/** - * \brief This macro tests the expression passed to it as a test step or - * individual test in a test case. - * - * It allows a library function to return a value and return an error - * code that can be tested. - * - * Failing the test means: - * - Mark this test case as failed. - * - Print a message identifying the failure. - * - Jump to the \c exit label. - * - * This macro expands to an instruction, not an expression. - * It may jump to the \c exit label. - * - * \param TEST The test expression to be tested. - */ -#define TEST_ASSERT(TEST) \ - do { \ - if (!(TEST)) \ - { \ - mbedtls_test_fail( #TEST, __LINE__, __FILE__); \ - goto exit; \ - } \ - } while (0) - -/** This macro asserts fails the test with given output message. - * - * \param MESSAGE The message to be outputed on assertion - */ -#define TEST_FAIL(MESSAGE) \ - do { \ - mbedtls_test_fail(MESSAGE, __LINE__, __FILE__); \ - goto exit; \ - } while (0) - -/** Evaluate two integer expressions and fail the test case if they have - * different values. - * - * The two expressions should have the same signedness, otherwise the - * comparison is not meaningful if the signed value is negative. - * - * \param expr1 An integral-typed expression to evaluate. - * \param expr2 Another integral-typed expression to evaluate. - */ -#define TEST_EQUAL(expr1, expr2) \ - do { \ - if (!mbedtls_test_equal( #expr1 " == " #expr2, __LINE__, __FILE__, \ - (unsigned long long) (expr1), (unsigned long long) (expr2))) \ - goto exit; \ - } while (0) - -/** Evaluate two unsigned integer expressions and fail the test case - * if they are not in increasing order (left <= right). - * - * \param expr1 An integral-typed expression to evaluate. - * \param expr2 Another integral-typed expression to evaluate. - */ -#define TEST_LE_U(expr1, expr2) \ - do { \ - if (!mbedtls_test_le_u( #expr1 " <= " #expr2, __LINE__, __FILE__, \ - expr1, expr2)) \ - goto exit; \ - } while (0) - -/** Evaluate two signed integer expressions and fail the test case - * if they are not in increasing order (left <= right). - * - * \param expr1 An integral-typed expression to evaluate. - * \param expr2 Another integral-typed expression to evaluate. - */ -#define TEST_LE_S(expr1, expr2) \ - do { \ - if (!mbedtls_test_le_s( #expr1 " <= " #expr2, __LINE__, __FILE__, \ - expr1, expr2)) \ - goto exit; \ - } while (0) - -/** Allocate memory dynamically and fail the test case if this fails. - * The allocated memory will be filled with zeros. - * - * You must set \p pointer to \c NULL before calling this macro and - * put `mbedtls_free(pointer)` in the test's cleanup code. - * - * If \p item_count is zero, the resulting \p pointer will be \c NULL. - * This is usually what we want in tests since API functions are - * supposed to accept null pointers when a buffer size is zero. - * - * This macro expands to an instruction, not an expression. - * It may jump to the \c exit label. - * - * \param pointer An lvalue where the address of the allocated buffer - * will be stored. - * This expression may be evaluated multiple times. - * \param item_count Number of elements to allocate. - * This expression may be evaluated multiple times. - * - */ -#define TEST_CALLOC(pointer, item_count) \ - do { \ - TEST_ASSERT((pointer) == NULL); \ - if ((item_count) != 0) { \ - (pointer) = mbedtls_calloc((item_count), \ - sizeof(*(pointer))); \ - TEST_ASSERT((pointer) != NULL); \ - } \ - } while (0) - -/** Allocate memory dynamically and fail the test case if this fails. - * The allocated memory will be filled with zeros. - * - * You must set \p pointer to \c NULL before calling this macro and - * put `mbedtls_free(pointer)` in the test's cleanup code. - * - * If \p item_count is zero, the resulting \p pointer will not be \c NULL. - * - * This macro expands to an instruction, not an expression. - * It may jump to the \c exit label. - * - * \param pointer An lvalue where the address of the allocated buffer - * will be stored. - * This expression may be evaluated multiple times. - * \param item_count Number of elements to allocate. - * This expression may be evaluated multiple times. - * - * Note: if passing size 0, mbedtls_calloc may return NULL. In this case, - * we reattempt to allocate with the smallest possible buffer to assure a - * non-NULL pointer. - */ -#define TEST_CALLOC_NONNULL(pointer, item_count) \ - do { \ - TEST_ASSERT((pointer) == NULL); \ - (pointer) = mbedtls_calloc((item_count), \ - sizeof(*(pointer))); \ - if (((pointer) == NULL) && ((item_count) == 0)) { \ - (pointer) = mbedtls_calloc(1, 1); \ - } \ - TEST_ASSERT((pointer) != NULL); \ - } while (0) - -/* For backwards compatibility */ -#define ASSERT_ALLOC(pointer, item_count) TEST_CALLOC(pointer, item_count) - -/** Allocate memory dynamically. If the allocation fails, skip the test case. - * - * This macro behaves like #TEST_CALLOC, except that if the allocation - * fails, it marks the test as skipped rather than failed. - */ -#define TEST_CALLOC_OR_SKIP(pointer, item_count) \ - do { \ - TEST_ASSERT((pointer) == NULL); \ - if ((item_count) != 0) { \ - (pointer) = mbedtls_calloc((item_count), \ - sizeof(*(pointer))); \ - TEST_ASSUME((pointer) != NULL); \ - } \ - } while (0) - -/* For backwards compatibility */ -#define ASSERT_ALLOC_WEAK(pointer, item_count) TEST_CALLOC_OR_SKIP(pointer, item_count) - -/** Compare two buffers and fail the test case if they differ. - * - * This macro expands to an instruction, not an expression. - * It may jump to the \c exit label. - * - * \param p1 Pointer to the start of the first buffer. - * \param size1 Size of the first buffer in bytes. - * This expression may be evaluated multiple times. - * \param p2 Pointer to the start of the second buffer. - * \param size2 Size of the second buffer in bytes. - * This expression may be evaluated multiple times. - */ -#define TEST_MEMORY_COMPARE(p1, size1, p2, size2) \ - do { \ - TEST_EQUAL((size1), (size2)); \ - if ((size1) != 0) { \ - TEST_ASSERT(memcmp((p1), (p2), (size1)) == 0); \ - } \ - } while (0) - -/* For backwards compatibility */ -#define ASSERT_COMPARE(p1, size1, p2, size2) TEST_MEMORY_COMPARE(p1, size1, p2, size2) - -/** - * \brief This macro tests the expression passed to it and skips the - * running test if it doesn't evaluate to 'true'. - * - * \param TEST The test expression to be tested. - */ -#define TEST_ASSUME(TEST) \ - do { \ - if (!(TEST)) \ - { \ - mbedtls_test_skip( #TEST, __LINE__, __FILE__); \ - goto exit; \ - } \ - } while (0) - -#define TEST_HELPER_ASSERT(a) if (!(a)) \ - { \ - mbedtls_fprintf(stderr, "Assertion Failed at %s:%d - %s\n", \ - __FILE__, __LINE__, #a); \ - mbedtls_exit(1); \ - } - -/** Return the smaller of two values. - * - * \param x An integer-valued expression without side effects. - * \param y An integer-valued expression without side effects. - * - * \return The smaller of \p x and \p y. - */ -#define MIN(x, y) ((x) < (y) ? (x) : (y)) - -/** Return the larger of two values. - * - * \param x An integer-valued expression without side effects. - * \param y An integer-valued expression without side effects. - * - * \return The larger of \p x and \p y. - */ -#define MAX(x, y) ((x) > (y) ? (x) : (y)) - -#endif /* TEST_MACROS_H */ diff --git a/tests/include/test/memory.h b/tests/include/test/memory.h deleted file mode 100644 index 940d9e6baa..0000000000 --- a/tests/include/test/memory.h +++ /dev/null @@ -1,108 +0,0 @@ -/** - * \file memory.h - * - * \brief Helper macros and functions related to testing memory management. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef TEST_MEMORY_H -#define TEST_MEMORY_H - -#include "mbedtls/build_info.h" -#include "mbedtls/platform.h" -#include "test/helpers.h" - -/** \def MBEDTLS_TEST_MEMORY_CAN_POISON - * - * This macro is defined if the tests are compiled with a method to mark - * memory as poisoned, which can be used to enforce some memory access - * policies. - * - * Support for the C11 thread_local keyword is also required. - * - * Currently, only Asan (Address Sanitizer) is supported. - */ -#if defined(MBEDTLS_TEST_HAVE_ASAN) && \ - (__STDC_VERSION__ >= 201112L) && \ - !defined(PSA_CRYPTO_DRIVER_TEST) -# define MBEDTLS_TEST_MEMORY_CAN_POISON -#endif - -/** \def MBEDTLS_TEST_MEMORY_POISON(buf, size) - * - * Poison a memory area so that any attempt to read or write from it will - * cause a runtime failure. - * - * Depending on the implementation, this may poison a few bytes beyond the - * indicated region, but will never poison a separate object on the heap - * or a separate object with more than the alignment of a long long. - * - * The behavior is undefined if any part of the memory area is invalid. - * - * This is a no-op in builds without a poisoning method. - * See #MBEDTLS_TEST_MEMORY_CAN_POISON. - * - * \param buf Pointer to the beginning of the memory area to poison. - * \param size Size of the memory area in bytes. - */ - -/** \def MBEDTLS_TEST_MEMORY_UNPOISON(buf, size) - * - * Undo the effect of #MBEDTLS_TEST_MEMORY_POISON. - * - * The behavior is undefined if any part of the memory area is invalid, - * or if the memory area contains a mixture of poisoned and unpoisoned parts. - * - * This is a no-op in builds without a poisoning method. - * See #MBEDTLS_TEST_MEMORY_CAN_POISON. - * - * \param buf Pointer to the beginning of the memory area to unpoison. - * \param size Size of the memory area in bytes. - */ - -#if defined(MBEDTLS_TEST_MEMORY_CAN_POISON) - -/** Thread-local variable used to enable memory poisoning. This is set and - * unset in the test wrappers so that calls to PSA functions from the library - * do not poison memory. - */ -extern _Thread_local unsigned int mbedtls_test_memory_poisoning_count; - -/** Poison a memory area so that any attempt to read or write from it will - * cause a runtime failure. - * - * The behavior is undefined if any part of the memory area is invalid. - */ -void mbedtls_test_memory_poison(const unsigned char *ptr, size_t size); -#define MBEDTLS_TEST_MEMORY_POISON(ptr, size) \ - do { \ - mbedtls_test_memory_poisoning_count++; \ - mbedtls_test_memory_poison(ptr, size); \ - } while (0) - -/** Undo the effect of mbedtls_test_memory_poison(). - * - * This is a no-op if the given area is entirely valid, unpoisoned memory. - * - * The behavior is undefined if any part of the memory area is invalid, - * or if the memory area contains a mixture of poisoned and unpoisoned parts. - */ -void mbedtls_test_memory_unpoison(const unsigned char *ptr, size_t size); -#define MBEDTLS_TEST_MEMORY_UNPOISON(ptr, size) \ - do { \ - mbedtls_test_memory_unpoison(ptr, size); \ - if (mbedtls_test_memory_poisoning_count != 0) { \ - mbedtls_test_memory_poisoning_count--; \ - } \ - } while (0) - -#else /* MBEDTLS_TEST_MEMORY_CAN_POISON */ -#define MBEDTLS_TEST_MEMORY_POISON(ptr, size) ((void) (ptr), (void) (size)) -#define MBEDTLS_TEST_MEMORY_UNPOISON(ptr, size) ((void) (ptr), (void) (size)) -#endif /* MBEDTLS_TEST_MEMORY_CAN_POISON */ - -#endif /* TEST_MEMORY_H */ diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h deleted file mode 100644 index 82f333ccb5..0000000000 --- a/tests/include/test/psa_crypto_helpers.h +++ /dev/null @@ -1,533 +0,0 @@ -/* - * Helper functions for tests that use the PSA Crypto API. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef PSA_CRYPTO_HELPERS_H -#define PSA_CRYPTO_HELPERS_H - -#include "test/helpers.h" - -#if (MBEDTLS_VERSION_MAJOR < 4 && defined(MBEDTLS_PSA_CRYPTO_C)) || \ - (MBEDTLS_VERSION_MAJOR >= 4 && defined(MBEDTLS_PSA_CRYPTO_CLIENT)) -#include "test/psa_helpers.h" -#include -#endif - -#include - -#if defined(MBEDTLS_PSA_CRYPTO_C) -/** Initialize the PSA Crypto subsystem. */ -#define PSA_INIT() PSA_ASSERT(psa_crypto_init()) - -/** Shut down the PSA Crypto subsystem and destroy persistent keys. - * Expect a clean shutdown, with no slots in use. - * - * If some key slots are still in use, record the test case as failed, - * but continue executing. This macro is suitable (and primarily intended) - * for use in the cleanup section of test functions. - * - * \note Persistent keys must be recorded with #TEST_USES_KEY_ID before - * creating them. - */ -#define PSA_DONE() \ - do \ - { \ - mbedtls_test_fail_if_psa_leaking(__LINE__, __FILE__); \ - mbedtls_test_psa_purge_key_storage(); \ - mbedtls_psa_crypto_free(); \ - } \ - while (0) -#elif MBEDTLS_VERSION_MAJOR >= 4 && defined(MBEDTLS_PSA_CRYPTO_CLIENT) -#define PSA_INIT() PSA_ASSERT(psa_crypto_init()) -#define PSA_DONE() mbedtls_psa_crypto_free(); -#else /* MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C */ -#define PSA_INIT() ((void) 0) -#define PSA_DONE() ((void) 0) -#endif /* MBEDTLS_PSA_CRYPTO_C */ - -#if (MBEDTLS_VERSION_MAJOR < 4 && defined(MBEDTLS_PSA_CRYPTO_C)) || \ - (MBEDTLS_VERSION_MAJOR >= 4 && defined(MBEDTLS_PSA_CRYPTO_CLIENT)) - -#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) - -/* Internal function for #TEST_USES_KEY_ID. Return 1 on success, 0 on failure. */ -int mbedtls_test_uses_key_id(mbedtls_svc_key_id_t key_id); - -/** Destroy persistent keys recorded with #TEST_USES_KEY_ID. - */ -void mbedtls_test_psa_purge_key_storage(void); - -/** Purge the in-memory cache of persistent keys recorded with - * #TEST_USES_KEY_ID. - * - * Call this function before calling PSA_DONE() if it's ok for - * persistent keys to still exist at this point. - */ -void mbedtls_test_psa_purge_key_cache(void); - -/** \def TEST_USES_KEY_ID - * - * Call this macro in a test function before potentially creating a - * persistent key. Test functions that use this mechanism must call - * mbedtls_test_psa_purge_key_storage() in their cleanup code. - * - * This macro records a persistent key identifier as potentially used in the - * current test case. Recorded key identifiers will be cleaned up at the end - * of the test case, even on failure. - * - * This macro has no effect on volatile keys. Therefore, it is safe to call - * this macro in a test function that creates either volatile or persistent - * keys depending on the test data. - * - * This macro currently has no effect on special identifiers - * used to store implementation-specific files. - * - * Calling this macro multiple times on the same key identifier in the same - * test case has no effect. - * - * This macro can fail the test case if there isn't enough memory to - * record the key id. - * - * \param key_id The PSA key identifier to record. - */ -#define TEST_USES_KEY_ID(key_id) \ - TEST_ASSERT(mbedtls_test_uses_key_id(key_id)) - -#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ - -#define TEST_USES_KEY_ID(key_id) ((void) (key_id)) -#define mbedtls_test_psa_purge_key_storage() ((void) 0) -#define mbedtls_test_psa_purge_key_cache() ((void) 0) - -#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ - -/** Check for things that have not been cleaned up properly in the - * PSA subsystem. - * - * \return NULL if nothing has leaked. - * \return A string literal explaining what has not been cleaned up - * if applicable. - */ -const char *mbedtls_test_helper_is_psa_leaking(void); - -/** Check that no PSA Crypto key slots are in use. - * - * If any slots are in use, mark the current test as failed and jump to - * the exit label. This is equivalent to - * `TEST_ASSERT( ! mbedtls_test_helper_is_psa_leaking( ) )` - * but with a more informative message. - */ -#define ASSERT_PSA_PRISTINE() \ - do \ - { \ - if (mbedtls_test_fail_if_psa_leaking(__LINE__, __FILE__)) \ - goto exit; \ - } \ - while (0) - -/** Shut down the PSA Crypto subsystem, allowing persistent keys to survive. - * Expect a clean shutdown, with no slots in use. - * - * If some key slots are still in use, record the test case as failed and - * jump to the `exit` label. - */ -#define PSA_SESSION_DONE() \ - do \ - { \ - mbedtls_test_psa_purge_key_cache(); \ - ASSERT_PSA_PRISTINE(); \ - mbedtls_psa_crypto_free(); \ - } \ - while (0) - - - -#if defined(RECORD_PSA_STATUS_COVERAGE_LOG) -psa_status_t mbedtls_test_record_status(psa_status_t status, - const char *func, - const char *file, int line, - const char *expr); - -/** Return value logging wrapper macro. - * - * Evaluate \p expr. Write a line recording its value to the log file - * #STATUS_LOG_FILE_NAME and return the value. The line is a colon-separated - * list of fields: - * ``` - * value of expr:string:__FILE__:__LINE__:expr - * ``` - * - * The test code does not call this macro explicitly because that would - * be very invasive. Instead, we instrument the source code by defining - * a bunch of wrapper macros like - * ``` - * #define psa_crypto_init() RECORD_STATUS("psa_crypto_init", psa_crypto_init()) - * ``` - * These macro definitions must be present in `instrument_record_status.h` - * when building the test suites. - * - * \param string A string, normally a function name. - * \param expr An expression to evaluate, normally a call of the function - * whose name is in \p string. This expression must return - * a value of type #psa_status_t. - * \return The value of \p expr. - */ -#define RECORD_STATUS(string, expr) \ - mbedtls_test_record_status((expr), string, __FILE__, __LINE__, #expr) - -#include "instrument_record_status.h" - -#endif /* defined(RECORD_PSA_STATUS_COVERAGE_LOG) */ - -/** Return extended key usage policies. - * - * Do a key policy permission extension on key usage policies always involves - * permissions of other usage policies - * (like PSA_KEY_USAGE_SIGN_HASH involves PSA_KEY_USAGE_SIGN_MESSAGE). - */ -psa_key_usage_t mbedtls_test_update_key_usage_flags(psa_key_usage_t usage_flags); - -/** Check that no PSA Crypto key slots are in use. - * - * If any slots are in use, mark the current test as failed. - * - * \return 0 if the key store is empty, 1 otherwise. - */ -int mbedtls_test_fail_if_psa_leaking(int line_no, const char *filename); - - - -#if defined(MBEDTLS_PSA_INJECT_ENTROPY) -/* The #MBEDTLS_PSA_INJECT_ENTROPY feature requires two extra platform - * functions, which must be configured as #MBEDTLS_PLATFORM_NV_SEED_READ_MACRO - * and #MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO. The job of these functions - * is to read and write from the entropy seed file, which is located - * in the PSA ITS file whose uid is #PSA_CRYPTO_ITS_RANDOM_SEED_UID. - * (These could have been provided as library functions, but for historical - * reasons, they weren't, and so each integrator has to provide a copy - * of these functions.) - * - * Provide implementations of these functions for testing. */ -int mbedtls_test_inject_entropy_seed_read(unsigned char *buf, size_t len); -int mbedtls_test_inject_entropy_seed_write(unsigned char *buf, size_t len); - - -/** Make sure that the injected entropy is present. - * - * When MBEDTLS_PSA_INJECT_ENTROPY is enabled, psa_crypto_init() - * will fail if the PSA entropy seed is not present. - * This function must be called at least once in a test suite or other - * program before any call to psa_crypto_init(). - * It does not need to be called in each test case. - * - * The test framework calls this function before running any test case. - * - * The few tests that might remove the entropy file must call this function - * in their cleanup. - */ -int mbedtls_test_inject_entropy_restore(void); -#endif /* MBEDTLS_PSA_INJECT_ENTROPY */ - -/** Parse binary string and convert it to a long integer - */ -uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); - -/** Skip a test case if the given key is a 192 bits AES key and the AES - * implementation is at least partially provided by an accelerator or - * alternative implementation. - * - * Call this macro in a test case when a cryptographic operation that may - * involve an AES operation returns a #PSA_ERROR_NOT_SUPPORTED error code. - * The macro call will skip and not fail the test case in case the operation - * involves a 192 bits AES key and the AES implementation is at least - * partially provided by an accelerator or alternative implementation. - * - * Hardware AES implementations not supporting 192 bits keys commonly exist. - * Consequently, PSA test cases aim at not failing when an AES operation with - * a 192 bits key performed by an alternative AES implementation returns - * with the #PSA_ERROR_NOT_SUPPORTED error code. The purpose of this macro - * is to facilitate this and make the test case code more readable. - * - * \param key_type Key type - * \param key_bits Key length in number of bits. - */ -#if defined(MBEDTLS_AES_ALT) || \ - defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) -#define MBEDTLS_TEST_HAVE_ACCEL_AES 1 -#else -#define MBEDTLS_TEST_HAVE_ACCEL_AES 0 -#endif - -#define MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192(key_type, key_bits) \ - do \ - { \ - if ((MBEDTLS_TEST_HAVE_ACCEL_AES) && \ - ((key_type) == PSA_KEY_TYPE_AES) && \ - (key_bits == 192)) \ - { \ - mbedtls_test_skip("AES-192 not supported", __LINE__, __FILE__); \ - goto exit; \ - } \ - } \ - while (0) - -/** Skip a test case if a GCM operation with a nonce length different from - * 12 bytes fails and was performed by an accelerator or alternative - * implementation. - * - * Call this macro in a test case when an AEAD cryptography operation that - * may involve the GCM mode returns with a #PSA_ERROR_NOT_SUPPORTED error - * code. The macro call will skip and not fail the test case in case the - * operation involves the GCM mode, a nonce with a length different from - * 12 bytes and the GCM mode implementation is an alternative one. - * - * Hardware GCM implementations not supporting nonce lengths different from - * 12 bytes commonly exist, as supporting a non-12-byte nonce requires - * additional computations involving the GHASH function. - * Consequently, PSA test cases aim at not failing when an AEAD operation in - * GCM mode with a nonce length different from 12 bytes is performed by an - * alternative GCM implementation and returns with a #PSA_ERROR_NOT_SUPPORTED - * error code. The purpose of this macro is to facilitate this check and make - * the test case code more readable. - * - * \param alg The AEAD algorithm. - * \param nonce_length The nonce length in number of bytes. - */ - -#if defined(MBEDTLS_GCM_ALT) || \ - defined(MBEDTLS_PSA_ACCEL_ALG_GCM) -#define MBEDTLS_TEST_HAVE_ACCEL_GCM 1 -#else -#define MBEDTLS_TEST_HAVE_ACCEL_GCM 0 -#endif - -#define MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE(alg, \ - nonce_length) \ - do \ - { \ - if ((MBEDTLS_TEST_HAVE_ACCEL_GCM) && \ - (PSA_ALG_AEAD_WITH_SHORTENED_TAG((alg), 0) == \ - PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 0)) && \ - ((nonce_length) != 12)) \ - { \ - mbedtls_test_skip("GCM with non-12-byte IV is not supported", __LINE__, __FILE__); \ - goto exit; \ - } \ - } \ - while (0) - -#endif /* MBEDTLS_PSA_CRYPTO_CLIENT || MBEDTLS_PSA_CRYPTO_C */ - -#if MBEDTLS_VERSION_MAJOR >= 4 -/* Legacy PSA_INIT() / PSA_DONE() variants from 3.6 */ -#define USE_PSA_INIT() PSA_INIT() -#define USE_PSA_DONE() PSA_DONE() -#define MD_PSA_INIT() PSA_INIT() -#define MD_PSA_DONE() PSA_DONE() -#define BLOCK_CIPHER_PSA_INIT() PSA_INIT() -#define BLOCK_CIPHER_PSA_DONE() PSA_DONE() -#define MD_OR_USE_PSA_INIT() PSA_INIT() -#define MD_OR_USE_PSA_DONE() PSA_DONE() -#define AES_PSA_INIT() PSA_INIT() -#define AES_PSA_DONE() PSA_DONE() - -#else /* MBEDTLS_VERSION_MAJOR < 4 */ - -/** \def USE_PSA_INIT - * - * Call this macro to initialize the PSA subsystem if #MBEDTLS_USE_PSA_CRYPTO - * or #MBEDTLS_SSL_PROTO_TLS1_3 (In contrast to TLS 1.2 implementation, the - * TLS 1.3 one uses PSA independently of the definition of - * #MBEDTLS_USE_PSA_CRYPTO) is enabled and do nothing otherwise. - * - * If the initialization fails, mark the test case as failed and jump to the - * \p exit label. - */ -/** \def USE_PSA_DONE - * - * Call this macro at the end of a test case if you called #USE_PSA_INIT. - * - * This is like #PSA_DONE except it does nothing under the same conditions as - * #USE_PSA_INIT. - */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#define USE_PSA_INIT() PSA_INIT() -#define USE_PSA_DONE() PSA_DONE() -#elif defined(MBEDTLS_SSL_PROTO_TLS1_3) -/* TLS 1.3 must work without having called psa_crypto_init(), for backward - * compatibility with Mbed TLS <= 3.5 when connecting with a peer that - * supports both TLS 1.2 and TLS 1.3. See mbedtls_ssl_tls13_crypto_init() - * and https://github.com/Mbed-TLS/mbedtls/issues/9072 . */ -#define USE_PSA_INIT() ((void) 0) -/* TLS 1.3 may have initialized the PSA subsystem. Shut it down cleanly, - * otherwise Asan and Valgrind would notice a resource leak. */ -#define USE_PSA_DONE() PSA_DONE() -#else /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ -/* Define empty macros so that we can use them in the preamble and teardown - * of every test function that uses PSA conditionally based on - * MBEDTLS_USE_PSA_CRYPTO. */ -#define USE_PSA_INIT() ((void) 0) -#define USE_PSA_DONE() ((void) 0) -#endif /* !MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_SSL_PROTO_TLS1_3 */ - -/** \def MD_PSA_INIT - * - * Call this macro to initialize the PSA subsystem if MD uses a driver, - * and do nothing otherwise. - * - * If the initialization fails, mark the test case as failed and jump to the - * \p exit label. - */ -/** \def MD_PSA_DONE - * - * Call this macro at the end of a test case if you called #MD_PSA_INIT. - * - * This is like #PSA_DONE except it does nothing under the same conditions as - * #MD_PSA_INIT. - */ -#if defined(MBEDTLS_MD_SOME_PSA) -#define MD_PSA_INIT() PSA_INIT() -#define MD_PSA_DONE() PSA_DONE() -#else /* MBEDTLS_MD_SOME_PSA */ -#define MD_PSA_INIT() ((void) 0) -#define MD_PSA_DONE() ((void) 0) -#endif /* MBEDTLS_MD_SOME_PSA */ - -/** \def BLOCK_CIPHER_PSA_INIT - * - * Call this macro to initialize the PSA subsystem if BLOCK_CIPHER uses a driver, - * and do nothing otherwise. - * - * If the initialization fails, mark the test case as failed and jump to the - * \p exit label. - */ -/** \def BLOCK_CIPHER_PSA_DONE - * - * Call this macro at the end of a test case if you called #BLOCK_CIPHER_PSA_INIT. - * - * This is like #PSA_DONE except it does nothing under the same conditions as - * #BLOCK_CIPHER_PSA_INIT. - */ -#if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA) -#define BLOCK_CIPHER_PSA_INIT() PSA_INIT() -#define BLOCK_CIPHER_PSA_DONE() PSA_DONE() -#else /* MBEDTLS_MD_SOME_PSA */ -#define BLOCK_CIPHER_PSA_INIT() ((void) 0) -#define BLOCK_CIPHER_PSA_DONE() ((void) 0) -#endif /* MBEDTLS_MD_SOME_PSA */ - - -/** \def MD_OR_USE_PSA_INIT - * - * Call this macro to initialize the PSA subsystem if MD uses a driver, - * or if #MBEDTLS_USE_PSA_CRYPTO or #MBEDTLS_SSL_PROTO_TLS1_3 is enabled, - * and do nothing otherwise. - * - * If the initialization fails, mark the test case as failed and jump to the - * \p exit label. - */ -/** \def MD_OR_USE_PSA_DONE - * - * Call this macro at the end of a test case if you called #MD_OR_USE_PSA_INIT. - * - * This is like #PSA_DONE except it does nothing under the same conditions as - * #MD_OR_USE_PSA_INIT. - */ -#if defined(MBEDTLS_MD_SOME_PSA) -#define MD_OR_USE_PSA_INIT() PSA_INIT() -#define MD_OR_USE_PSA_DONE() PSA_DONE() -#else -#define MD_OR_USE_PSA_INIT() USE_PSA_INIT() -#define MD_OR_USE_PSA_DONE() USE_PSA_DONE() -#endif - -/** \def AES_PSA_INIT - * - * Call this macro to initialize the PSA subsystem if AES_C is not defined, - * so that CTR_DRBG uses PSA implementation to get AES-ECB. - * - * If the initialization fails, mark the test case as failed and jump to the - * \p exit label. - */ -/** \def AES_PSA_DONE - * - * Call this macro at the end of a test case if you called #AES_PSA_INIT. - * - * This is like #PSA_DONE except it does nothing under the same conditions as - * #AES_PSA_INIT. - */ -#if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) -#define AES_PSA_INIT() PSA_INIT() -#define AES_PSA_DONE() PSA_DONE() -#else /* MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO */ -#define AES_PSA_INIT() ((void) 0) -#define AES_PSA_DONE() ((void) 0) -#endif /* MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO */ - -#endif /* MBEDTLS_VERSION_MAJOR >= 4 */ - -#if !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) && \ - defined(MBEDTLS_CTR_DRBG_C) && \ - defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) -/* When AES_C is not defined and PSA does not have an external RNG, - * then CTR_DRBG uses PSA to perform AES-ECB. In this scenario 1 key - * slot is used internally from PSA to hold the AES key and it should - * not be taken into account when evaluating remaining open slots. */ -#define MBEDTLS_TEST_PSA_INTERNAL_KEYS_FOR_DRBG 1 -#else -#define MBEDTLS_TEST_PSA_INTERNAL_KEYS_FOR_DRBG 0 -#endif - -/** The number of volatile keys that PSA crypto uses internally. - * - * We expect that many volatile keys to be in use after a successful - * psa_crypto_init(). - */ -#define MBEDTLS_TEST_PSA_INTERNAL_KEYS \ - MBEDTLS_TEST_PSA_INTERNAL_KEYS_FOR_DRBG - -/* A couple of helper macros to verify if MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE is - * large enough to contain an RSA key pair of the given size. This is meant to be - * used in test cases where MBEDTLS_PSA_STATIC_KEY_SLOTS is enabled. */ -#if defined(MBEDTLS_PSA_CRYPTO_C) - -#if (MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE >= PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(4096)) -#define MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_4096 -#endif - -#if (MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE >= PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(2048)) -#define MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_2048 -#endif - -#endif /* MBEDTLS_PSA_CRYPTO_C */ - -/* Helper macro to get the size of the each key slot buffer. */ -#if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) -#define MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE -#else -#define MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE SIZE_MAX -#endif - -/* Helper macro for the PK module to check whether MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE - * is large enough to contain 4096-bit RSA key pairs. Of course this check is only - * necessary if PK relies on PSA (i.e. MBEDTLS_USE_PSA_CRYPTO) to store and manage - * the key. */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) - -#if !defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) || \ - defined(MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_4096) -#define MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 -#endif - -#else /* MBEDTLS_USE_PSA_CRYPTO */ - -#define MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 - -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#endif /* PSA_CRYPTO_HELPERS_H */ diff --git a/tests/include/test/psa_exercise_key.h b/tests/include/test/psa_exercise_key.h deleted file mode 100644 index f6be3073ac..0000000000 --- a/tests/include/test/psa_exercise_key.h +++ /dev/null @@ -1,286 +0,0 @@ -/** Code to exercise a PSA key object, i.e. validate that it seems well-formed - * and can do what it is supposed to do. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef PSA_EXERCISE_KEY_H -#define PSA_EXERCISE_KEY_H - -#include "test/helpers.h" -#include "test/psa_crypto_helpers.h" - -#include - -#if defined(MBEDTLS_PK_C) -#include -#endif - -/** \def KNOWN_SUPPORTED_HASH_ALG - * - * A hash algorithm that is known to be supported. - * - * This is used in some smoke tests. - */ -#if defined(PSA_WANT_ALG_SHA_256) -#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_256 -#elif defined(PSA_WANT_ALG_SHA_384) -#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_384 -#elif defined(PSA_WANT_ALG_SHA_512) -#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_512 -#elif defined(PSA_WANT_ALG_SHA3_256) -#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA3_256 -#elif defined(PSA_WANT_ALG_SHA_1) -#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_1 -#elif defined(PSA_WANT_ALG_MD5) -#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_MD5 -/* PSA_WANT_ALG_RIPEMD160 omitted. This is necessary for the sake of - * exercise_signature_key() because Mbed TLS doesn't support RIPEMD160 - * in RSA PKCS#1v1.5 signatures. A RIPEMD160-only configuration would be - * implausible anyway. */ -#else -#undef KNOWN_SUPPORTED_HASH_ALG -#endif - -/** \def KNOWN_SUPPORTED_BLOCK_CIPHER - * - * A block cipher that is known to be supported. - * - * For simplicity's sake, stick to block ciphers with 16-byte blocks. - */ -#if defined(PSA_WANT_KEY_TYPE_AES) -#define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_AES -#elif defined(PSA_WANT_KEY_TYPE_ARIA) -#define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_ARIA -#elif defined(PSA_WANT_KEY_TYPE_CAMELLIA) -#define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_CAMELLIA -#else -#undef KNOWN_SUPPORTED_BLOCK_CIPHER -#endif - -/** \def KNOWN_SUPPORTED_MAC_ALG - * - * A MAC mode that is known to be supported. - * - * It must either be HMAC with #KNOWN_SUPPORTED_HASH_ALG or - * a block cipher-based MAC with #KNOWN_SUPPORTED_BLOCK_CIPHER. - * - * This is used in some smoke tests. - */ -#if defined(KNOWN_SUPPORTED_HASH_ALG) && defined(PSA_WANT_ALG_HMAC) -#define KNOWN_SUPPORTED_MAC_ALG (PSA_ALG_HMAC(KNOWN_SUPPORTED_HASH_ALG)) -#define KNOWN_SUPPORTED_MAC_KEY_TYPE PSA_KEY_TYPE_HMAC -#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CMAC_C) -#define KNOWN_SUPPORTED_MAC_ALG PSA_ALG_CMAC -#define KNOWN_SUPPORTED_MAC_KEY_TYPE KNOWN_SUPPORTED_BLOCK_CIPHER -#else -#undef KNOWN_SUPPORTED_MAC_ALG -#undef KNOWN_SUPPORTED_MAC_KEY_TYPE -#endif - -/** \def KNOWN_SUPPORTED_BLOCK_CIPHER_ALG - * - * A cipher algorithm and key type that are known to be supported. - * - * This is used in some smoke tests. - */ -#if defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(PSA_WANT_ALG_CTR) -#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_CTR -#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(PSA_WANT_ALG_CBC_NO_PADDING) -#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_CBC_NO_PADDING -#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(PSA_WANT_ALG_CFB) -#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_CFB -#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(PSA_WANT_ALG_OFB) -#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_OFB -#else -#undef KNOWN_SUPPORTED_BLOCK_CIPHER_ALG -#endif -#if defined(KNOWN_SUPPORTED_BLOCK_CIPHER_ALG) -#define KNOWN_SUPPORTED_CIPHER_ALG KNOWN_SUPPORTED_BLOCK_CIPHER_ALG -#define KNOWN_SUPPORTED_CIPHER_KEY_TYPE KNOWN_SUPPORTED_BLOCK_CIPHER -#else -#undef KNOWN_SUPPORTED_CIPHER_ALG -#undef KNOWN_SUPPORTED_CIPHER_KEY_TYPE -#endif - -/** Convenience function to set up a key derivation. - * - * In case of failure, mark the current test case as failed. - * - * The inputs \p input1 and \p input2 are, in order: - * - HKDF: salt, info. - * - TKS 1.2 PRF, TLS 1.2 PSK-to-MS: seed, label. - * - PBKDF2: input cost, salt. - * - * \param operation The operation object to use. - * It must be in the initialized state. - * \param key The key to use. - * \param alg The algorithm to use. - * \param input1 The first input to pass. - * \param input1_length The length of \p input1 in bytes. - * \param input2 The first input to pass. - * \param input2_length The length of \p input2 in bytes. - * \param capacity The capacity to set. - * \param key_destroyable If set to 1, a failure due to the key not existing - * or the key being destroyed mid-operation will only - * be reported if the error code is unexpected. - * - * \return \c 1 on success, \c 0 on failure. - */ -int mbedtls_test_psa_setup_key_derivation_wrap( - psa_key_derivation_operation_t *operation, - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const unsigned char *input1, size_t input1_length, - const unsigned char *input2, size_t input2_length, - size_t capacity, int key_destroyable); - -/** Perform a key agreement using the given key pair against its public key - * using psa_raw_key_agreement(). - * - * The result is discarded. The purpose of this function is to smoke-test a key. - * - * In case of failure, mark the current test case as failed. - * - * \param alg A key agreement algorithm compatible with \p key. - * \param key A key that allows key agreement with \p alg. - * \param key_destroyable If set to 1, a failure due to the key not existing - * or the key being destroyed mid-operation will only - * be reported if the error code is unexpected. - * - * \return \c 1 on success, \c 0 on failure. - */ -psa_status_t mbedtls_test_psa_raw_key_agreement_with_self( - psa_algorithm_t alg, - mbedtls_svc_key_id_t key, int key_destroyable); - -/** Perform a key agreement using the given key pair against its public key - * using psa_key_derivation_raw_key(). - * - * The result is discarded. The purpose of this function is to smoke-test a key. - * - * In case of failure, mark the current test case as failed. - * - * \param operation An operation that has been set up for a key - * agreement algorithm that is compatible with - * \p key. - * \param key A key pair object that is suitable for a key - * agreement with \p operation. - * \param key_destroyable If set to 1, a failure due to the key not existing - * or the key being destroyed mid-operation will only - * be reported if the error code is unexpected. - * - * \return \c 1 on success, \c 0 on failure. - */ -psa_status_t mbedtls_test_psa_key_agreement_with_self( - psa_key_derivation_operation_t *operation, - mbedtls_svc_key_id_t key, int key_destroyable); - -/** Perform sanity checks on the given key representation. - * - * If any of the checks fail, mark the current test case as failed. - * - * The checks depend on the key type. - * - All types: check the export size against maximum-size macros. - * - DES: parity bits. - * - RSA: check the ASN.1 structure and the size and parity of the integers. - * - ECC private or public key: exact representation length. - * - Montgomery public key: first byte. - * - * \param type The key type. - * \param bits The key size in bits. - * \param exported A buffer containing the key representation. - * \param exported_length The length of \p exported in bytes. - * - * \return \c 1 if all checks passed, \c 0 on failure. - */ -int mbedtls_test_psa_exported_key_sanity_check( - psa_key_type_t type, size_t bits, - const uint8_t *exported, size_t exported_length); - -/** Do smoke tests on a key. - * - * Perform one of each operation indicated by \p alg (decrypt/encrypt, - * sign/verify, or derivation) that is permitted according to \p usage. - * \p usage and \p alg should correspond to the expected policy on the - * key. - * - * Export the key if permitted by \p usage, and check that the output - * looks sensible. If \p usage forbids export, check that - * \p psa_export_key correctly rejects the attempt. If the key is - * asymmetric, also check \p psa_export_public_key. - * - * If the key fails the tests, this function calls the test framework's - * `mbedtls_test_fail` function and returns false. Otherwise this function - * returns true. Therefore it should be used as follows: - * ``` - * if( ! exercise_key( ... ) ) goto exit; - * ``` - * To use this function for multi-threaded tests where the key - * may be destroyed at any point: call this function with key_destroyable set - * to 1, while another thread calls psa_destroy_key on the same key; - * this will test whether destroying the key in use leads to any corruption. - * - * There cannot be a set of concurrent calls: - * `mbedtls_test_psa_exercise_key(ki,...)` such that each ki is a unique - * persistent key not loaded into any key slot, and i is greater than the - * number of free key slots. - * This is because such scenarios can lead to unsupported - * `PSA_ERROR_INSUFFICIENT_MEMORY` return codes. - * - * - * \param key The key to exercise. It should be capable of performing - * \p alg. - * \param usage The usage flags to assume. - * \param alg The algorithm to exercise. - * \param key_destroyable If set to 1, a failure due to the key not existing - * or the key being destroyed mid-operation will only - * be reported if the error code is unexpected. - * - * \retval 0 The key failed the smoke tests. - * \retval 1 The key passed the smoke tests. - */ -int mbedtls_test_psa_exercise_key(mbedtls_svc_key_id_t key, - psa_key_usage_t usage, - psa_algorithm_t alg, - int key_destroyable); - -psa_key_usage_t mbedtls_test_psa_usage_to_exercise(psa_key_type_t type, - psa_algorithm_t alg); - -/** Whether the specified algorithm can be exercised. - * - * \note This function is solely based on the algorithm and does not - * consider potential issues with the compatibility of a key. - * The idea is that you already have a key, so you know that the - * key type is supported, and you want to exercise the key but - * only if the algorithm given in its policy is enabled in the - * compile-time configuration. - * - * \note This function currently only supports signature algorithms - * (including wildcards). - * TODO: a more general mechanism, which should be automatically - * generated and possibly available as a library function? - */ -int mbedtls_test_can_exercise_psa_algorithm(psa_algorithm_t alg); - -#if defined(MBEDTLS_PK_C) -/** PK-PSA key consistency test. - * - * This function tests that the pk context and the PSA key are - * consistent. At a minimum: - * - * - The two objects must contain keys of the same type, - * or a key pair and a public key of the matching type. - * - The two objects must have the same public key. - * - * \retval 0 The key failed the consistency tests. - * \retval 1 The key passed the consistency tests. - */ -int mbedtls_test_key_consistency_psa_pk(mbedtls_svc_key_id_t psa_key, - const mbedtls_pk_context *pk); -#endif /* MBEDTLS_PK_C */ - -#endif /* PSA_EXERCISE_KEY_H */ diff --git a/tests/include/test/psa_helpers.h b/tests/include/test/psa_helpers.h deleted file mode 100644 index b61718939e..0000000000 --- a/tests/include/test/psa_helpers.h +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Helper functions for tests that use any PSA API. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef PSA_HELPERS_H -#define PSA_HELPERS_H - -#if defined(MBEDTLS_PSA_CRYPTO_SPM) -#include "spm/psa_defs.h" -#endif - -/** Evaluate an expression and fail the test case if it returns an error. - * - * \param expr The expression to evaluate. This is typically a call - * to a \c psa_xxx function that returns a value of type - * #psa_status_t. - */ -#define PSA_ASSERT(expr) TEST_EQUAL((expr), PSA_SUCCESS) - -#endif /* PSA_HELPERS_H */ diff --git a/tests/include/test/psa_memory_poisoning_wrappers.h b/tests/include/test/psa_memory_poisoning_wrappers.h deleted file mode 100644 index 3f30b65c04..0000000000 --- a/tests/include/test/psa_memory_poisoning_wrappers.h +++ /dev/null @@ -1,40 +0,0 @@ -/** Support for memory poisoning wrappers for PSA functions. - * - * The wrappers poison the input and output buffers of each function - * before calling it, to ensure that it does not access the buffers - * except by calling the approved buffer-copying functions. - * - * This header declares support functions. The wrappers themselves are - * decalred in the automatically generated file `test/psa_test_wrappers.h`. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef PSA_MEMORY_POISONING_WRAPPERS_H -#define PSA_MEMORY_POISONING_WRAPPERS_H - -#include "psa/crypto.h" - -#include "test/memory.h" - -#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_TEST_MEMORY_CAN_POISON) - -/** - * \brief Setup the memory poisoning test hooks used by - * psa_crypto_copy_input() and psa_crypto_copy_output() for - * memory poisoning. - */ -void mbedtls_poison_test_hooks_setup(void); - -/** - * \brief Teardown the memory poisoning test hooks used by - * psa_crypto_copy_input() and psa_crypto_copy_output() for - * memory poisoning. - */ -void mbedtls_poison_test_hooks_teardown(void); - -#endif /* MBEDTLS_TEST_HOOKS && MBEDTLS_TEST_MEMORY_CAN_POISON */ - -#endif /* PSA_MEMORY_POISONING_WRAPPERS_H */ diff --git a/tests/include/test/random.h b/tests/include/test/random.h deleted file mode 100644 index 6304e05d7f..0000000000 --- a/tests/include/test/random.h +++ /dev/null @@ -1,91 +0,0 @@ -/** - * \file random.h - * - * \brief This file contains the prototypes of helper functions to generate - * random numbers for the purpose of testing. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef TEST_RANDOM_H -#define TEST_RANDOM_H - -#include "mbedtls/build_info.h" - -#include -#include - -typedef struct { - unsigned char *buf; /* Pointer to a buffer of length bytes. */ - size_t length; - /* If fallback_f_rng is NULL, fail after delivering length bytes. */ - int (*fallback_f_rng)(void *, unsigned char *, size_t); - void *fallback_p_rng; -} mbedtls_test_rnd_buf_info; - -/** - * Info structure for the pseudo random function - * - * Key should be set at the start to a test-unique value. - * Do not forget endianness! - * State( v0, v1 ) should be set to zero. - */ -typedef struct { - uint32_t key[16]; - uint32_t v0, v1; -} mbedtls_test_rnd_pseudo_info; - -/** - * This function just returns data from rand(). - * Although predictable and often similar on multiple - * runs, this does not result in identical random on - * each run. So do not use this if the results of a - * test depend on the random data that is generated. - * - * rng_state shall be NULL. - */ -int mbedtls_test_rnd_std_rand(void *rng_state, - unsigned char *output, - size_t len); - -/** - * This function only returns zeros. - * - * \p rng_state shall be \c NULL. - */ -int mbedtls_test_rnd_zero_rand(void *rng_state, - unsigned char *output, - size_t len); - -/** - * This function returns random data based on a buffer it receives. - * - * \p rng_state shall be a pointer to a #mbedtls_test_rnd_buf_info structure. - * - * The number of bytes released from the buffer on each call to - * the random function is specified by \p len. - * - * After the buffer is empty, this function will call the fallback RNG in the - * #mbedtls_test_rnd_buf_info structure if there is one, and - * will return #MBEDTLS_ERR_ENTROPY_SOURCE_FAILED otherwise. - */ -int mbedtls_test_rnd_buffer_rand(void *rng_state, - unsigned char *output, - size_t len); - -/** - * This function returns random based on a pseudo random function. - * This means the results should be identical on all systems. - * Pseudo random is based on the XTEA encryption algorithm to - * generate pseudorandom. - * - * \p rng_state shall be a pointer to a #mbedtls_test_rnd_pseudo_info structure. - */ -int mbedtls_test_rnd_pseudo_rand(void *rng_state, - unsigned char *output, - size_t len); - -#endif /* TEST_RANDOM_H */ diff --git a/tests/include/test/threading_helpers.h b/tests/include/test/threading_helpers.h deleted file mode 100644 index 79bc6c0ded..0000000000 --- a/tests/include/test/threading_helpers.h +++ /dev/null @@ -1,112 +0,0 @@ -/** - * \file threading_helpers.h - * - * \brief This file contains the prototypes of helper functions for the purpose - * of testing threading. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef THREADING_HELPERS_H -#define THREADING_HELPERS_H - -#if defined MBEDTLS_THREADING_C - -#include "mbedtls/private_access.h" -#include "mbedtls/build_info.h" - -/* Most fields of publicly available structs are private and are wrapped with - * MBEDTLS_PRIVATE macro. This define allows tests to access the private fields - * directly (without using the MBEDTLS_PRIVATE wrapper). */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - -#define MBEDTLS_ERR_THREADING_THREAD_ERROR -0x001F - -#if defined(MBEDTLS_THREADING_PTHREAD) -#include -#endif /* MBEDTLS_THREADING_PTHREAD */ - -#if defined(MBEDTLS_THREADING_ALT) -/* You should define the mbedtls_test_thread_t type in your header */ -#include "threading_alt.h" - -/** - * \brief Set your alternate threading implementation - * function pointers for test threads. If used, this - * function must be called once in the main thread - * before any other MbedTLS function is called. - * - * \note These functions are part of the testing API only and - * thus not considered part of the public API of - * MbedTLS and thus may change without notice. - * - * \param thread_create The thread create function implementation. - * \param thread_join The thread join function implementation. - - */ -void mbedtls_test_thread_set_alt(int (*thread_create)(mbedtls_test_thread_t *thread, - void *(*thread_func)( - void *), - void *thread_data), - int (*thread_join)(mbedtls_test_thread_t *thread)); - -#else /* MBEDTLS_THREADING_ALT*/ - -typedef struct mbedtls_test_thread_t { - -#if defined(MBEDTLS_THREADING_PTHREAD) - pthread_t MBEDTLS_PRIVATE(thread); -#else /* MBEDTLS_THREADING_PTHREAD */ - /* Make sure this struct is always non-empty */ - unsigned dummy; -#endif - -} mbedtls_test_thread_t; - -#endif /* MBEDTLS_THREADING_ALT*/ - -/** - * \brief The function pointers for thread create and thread - * join. - * - * \note These functions are part of the testing API only - * and thus not considered part of the public API of - * MbedTLS and thus may change without notice. - * - * \note All these functions are expected to work or - * the result will be undefined. - */ -extern int (*mbedtls_test_thread_create)(mbedtls_test_thread_t *thread, - void *(*thread_func)(void *), void *thread_data); -extern int (*mbedtls_test_thread_join)(mbedtls_test_thread_t *thread); - -#if defined(MBEDTLS_THREADING_PTHREAD) && defined(MBEDTLS_TEST_HOOKS) -#define MBEDTLS_TEST_MUTEX_USAGE -#endif - -#if defined(MBEDTLS_TEST_MUTEX_USAGE) -/** - * Activate the mutex usage verification framework. See threading_helpers.c for - * information. - */ -void mbedtls_test_mutex_usage_init(void); - -/** - * Deactivate the mutex usage verification framework. See threading_helpers.c - * for information. - */ -void mbedtls_test_mutex_usage_end(void); - -/** - * Call this function after executing a test case to check for mutex usage - * errors. - */ -void mbedtls_test_mutex_usage_check(void); -#endif /* MBEDTLS_TEST_MUTEX_USAGE */ - -#endif /* MBEDTLS_THREADING_C */ - -#endif /* THREADING_HELPERS_H */ diff --git a/tests/src/asn1_helpers.c b/tests/src/asn1_helpers.c deleted file mode 100644 index c63bd0cdf7..0000000000 --- a/tests/src/asn1_helpers.c +++ /dev/null @@ -1,64 +0,0 @@ -/** \file asn1_helpers.c - * - * \brief Helper functions for tests that manipulate ASN.1 data. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include -#include - -#if defined(MBEDTLS_ASN1_PARSE_C) - -#include - -#include - -int mbedtls_test_asn1_skip_integer(unsigned char **p, const unsigned char *end, - size_t min_bits, size_t max_bits, - int must_be_odd) -{ - size_t len; - size_t actual_bits; - unsigned char msb; - TEST_EQUAL(mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_INTEGER), - 0); - - /* Check if the retrieved length doesn't extend the actual buffer's size. - * It is assumed here, that end >= p, which validates casting to size_t. */ - TEST_ASSERT(len <= (size_t) (end - *p)); - - /* Tolerate a slight departure from DER encoding: - * - 0 may be represented by an empty string or a 1-byte string. - * - The sign bit may be used as a value bit. */ - if ((len == 1 && (*p)[0] == 0) || - (len > 1 && (*p)[0] == 0 && ((*p)[1] & 0x80) != 0)) { - ++(*p); - --len; - } - if (min_bits == 0 && len == 0) { - return 1; - } - msb = (*p)[0]; - TEST_ASSERT(msb != 0); - actual_bits = 8 * (len - 1); - while (msb != 0) { - msb >>= 1; - ++actual_bits; - } - TEST_ASSERT(actual_bits >= min_bits); - TEST_ASSERT(actual_bits <= max_bits); - if (must_be_odd) { - TEST_ASSERT(((*p)[len-1] & 1) != 0); - } - *p += len; - return 1; -exit: - return 0; -} - -#endif /* MBEDTLS_ASN1_PARSE_C */ diff --git a/tests/src/bignum_codepath_check.c b/tests/src/bignum_codepath_check.c deleted file mode 100644 index 9c6bbc72d8..0000000000 --- a/tests/src/bignum_codepath_check.c +++ /dev/null @@ -1,38 +0,0 @@ -/** Support for path tracking in optionally safe bignum functions - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "test/bignum_codepath_check.h" -#include "bignum_core_invasive.h" - -#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C) -int mbedtls_codepath_check = MBEDTLS_MPI_IS_TEST; - -static void mbedtls_codepath_take_safe(void) -{ - if (mbedtls_codepath_check == MBEDTLS_MPI_IS_TEST) { - mbedtls_codepath_check = MBEDTLS_MPI_IS_SECRET; - } -} - -static void mbedtls_codepath_take_unsafe(void) -{ - mbedtls_codepath_check = MBEDTLS_MPI_IS_PUBLIC; -} - -void mbedtls_codepath_test_hooks_setup(void) -{ - mbedtls_safe_codepath_hook = mbedtls_codepath_take_safe; - mbedtls_unsafe_codepath_hook = mbedtls_codepath_take_unsafe; -} - -void mbedtls_codepath_test_hooks_teardown(void) -{ - mbedtls_safe_codepath_hook = NULL; - mbedtls_unsafe_codepath_hook = NULL; -} - -#endif /* MBEDTLS_TEST_HOOKS && !MBEDTLS_THREADING_C */ diff --git a/tests/src/bignum_helpers.c b/tests/src/bignum_helpers.c deleted file mode 100644 index 913f5e3870..0000000000 --- a/tests/src/bignum_helpers.c +++ /dev/null @@ -1,145 +0,0 @@ -/** - * \file bignum_helpers.c - * - * \brief This file contains the prototypes of helper functions for - * bignum-related testing. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_ALLOW_PRIVATE_ACCESS -#include - -#if defined(MBEDTLS_BIGNUM_C) - -#include -#include - -#include -#include -#include -#include - -#include -#include - -int mbedtls_test_read_mpi_core(mbedtls_mpi_uint **pX, size_t *plimbs, - const char *input) -{ - /* Sanity check */ - if (*pX != NULL) { - return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; - } - - size_t hex_len = strlen(input); - size_t byte_len = (hex_len + 1) / 2; - *plimbs = CHARS_TO_LIMBS(byte_len); - - /* A core bignum is not allowed to be empty. Forbid it as test data, - * this way static analyzers have a chance of knowing we don't expect - * the bignum functions to support empty inputs. */ - if (*plimbs == 0) { - return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; - } - - *pX = mbedtls_calloc(*plimbs, sizeof(**pX)); - if (*pX == NULL) { - return MBEDTLS_ERR_MPI_ALLOC_FAILED; - } - - unsigned char *byte_start = (unsigned char *) *pX; - if (byte_len % sizeof(mbedtls_mpi_uint) != 0) { - byte_start += sizeof(mbedtls_mpi_uint) - byte_len % sizeof(mbedtls_mpi_uint); - } - if ((hex_len & 1) != 0) { - /* mbedtls_test_unhexify wants an even number of hex digits */ - TEST_ASSERT(mbedtls_test_ascii2uc(*input, byte_start) == 0); - ++byte_start; - ++input; - --byte_len; - } - TEST_ASSERT(mbedtls_test_unhexify(byte_start, - byte_len, - input, - &byte_len) == 0); - - mbedtls_mpi_core_bigendian_to_host(*pX, *plimbs); - return 0; - -exit: - mbedtls_free(*pX); - return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; -} - -#if defined(MBEDTLS_ECP_WITH_MPI_UINT) -int mbedtls_test_read_mpi_modulus(mbedtls_mpi_mod_modulus *N, - const char *s, - mbedtls_mpi_mod_rep_selector int_rep) -{ - mbedtls_mpi_uint *p = NULL; - size_t limbs = 0; - if (N->limbs != 0) { - return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; - } - int ret = mbedtls_test_read_mpi_core(&p, &limbs, s); - if (ret != 0) { - return ret; - } - - switch (int_rep) { - case MBEDTLS_MPI_MOD_REP_MONTGOMERY: - ret = mbedtls_mpi_mod_modulus_setup(N, p, limbs); - break; - case MBEDTLS_MPI_MOD_REP_OPT_RED: - ret = mbedtls_mpi_mod_optred_modulus_setup(N, p, limbs, NULL); - break; - default: - ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; - break; - } - if (ret != 0) { - mbedtls_free(p); - } - return ret; -} - -void mbedtls_test_mpi_mod_modulus_free_with_limbs(mbedtls_mpi_mod_modulus *N) -{ - mbedtls_free((mbedtls_mpi_uint *) N->p); - mbedtls_mpi_mod_modulus_free(N); -} -#endif /* MBEDTLS_ECP_WITH_MPI_UINT */ - -int mbedtls_test_read_mpi(mbedtls_mpi *X, const char *s) -{ - int negative = 0; - /* Always set the sign bit to -1 if the input has a minus sign, even for 0. - * This creates an invalid representation, which mbedtls_mpi_read_string() - * avoids but we want to be able to create that in test data. */ - if (s[0] == '-') { - ++s; - negative = 1; - } - /* mbedtls_mpi_read_string() currently retains leading zeros. - * It always allocates at least one limb for the value 0. */ - if (s[0] == 0) { - mbedtls_mpi_free(X); - return 0; - } - int ret = mbedtls_mpi_read_string(X, 16, s); - if (ret != 0) { - return ret; - } - if (negative) { - if (mbedtls_mpi_cmp_int(X, 0) == 0) { - mbedtls_test_increment_case_uses_negative_0(); - } - X->s = -1; - } - return 0; -} - -#endif /* MBEDTLS_BIGNUM_C */ diff --git a/tests/src/drivers/hash.c b/tests/src/drivers/hash.c deleted file mode 100644 index 54aec93225..0000000000 --- a/tests/src/drivers/hash.c +++ /dev/null @@ -1,203 +0,0 @@ -/* - * Test driver for hash entry points. - */ -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include - -#if defined(PSA_CRYPTO_DRIVER_TEST) -#include "psa_crypto_hash.h" - -#include "test/drivers/hash.h" - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) -#if MBEDTLS_VERSION_MAJOR < 4 -#include "libtestdriver1/library/psa_crypto_hash.h" -#else -#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_hash.h" -#endif -#endif - -mbedtls_test_driver_hash_hooks_t - mbedtls_test_driver_hash_hooks = MBEDTLS_TEST_DRIVER_HASH_INIT; - -psa_status_t mbedtls_test_transparent_hash_compute( - psa_algorithm_t alg, - const uint8_t *input, size_t input_length, - uint8_t *hash, size_t hash_size, size_t *hash_length) -{ - mbedtls_test_driver_hash_hooks.hits++; - - if (mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_hash_hooks.driver_status = - mbedtls_test_driver_hash_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) - mbedtls_test_driver_hash_hooks.driver_status = - libtestdriver1_mbedtls_psa_hash_compute( - alg, input, input_length, - hash, hash_size, hash_length); -#elif defined(MBEDTLS_PSA_BUILTIN_HASH) - mbedtls_test_driver_hash_hooks.driver_status = - mbedtls_psa_hash_compute( - alg, input, input_length, - hash, hash_size, hash_length); -#else - (void) alg; - (void) input; - (void) input_length; - (void) hash; - (void) hash_size; - (void) hash_length; - mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_hash_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_hash_setup( - mbedtls_transparent_test_driver_hash_operation_t *operation, - psa_algorithm_t alg) -{ - mbedtls_test_driver_hash_hooks.hits++; - - if (mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_hash_hooks.driver_status = - mbedtls_test_driver_hash_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) - mbedtls_test_driver_hash_hooks.driver_status = - libtestdriver1_mbedtls_psa_hash_setup(operation, alg); -#elif defined(MBEDTLS_PSA_BUILTIN_HASH) - mbedtls_test_driver_hash_hooks.driver_status = - mbedtls_psa_hash_setup(operation, alg); -#else - (void) operation; - (void) alg; - mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_hash_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_hash_clone( - const mbedtls_transparent_test_driver_hash_operation_t *source_operation, - mbedtls_transparent_test_driver_hash_operation_t *target_operation) -{ - mbedtls_test_driver_hash_hooks.hits++; - - if (mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_hash_hooks.driver_status = - mbedtls_test_driver_hash_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) - mbedtls_test_driver_hash_hooks.driver_status = - libtestdriver1_mbedtls_psa_hash_clone(source_operation, - target_operation); -#elif defined(MBEDTLS_PSA_BUILTIN_HASH) - mbedtls_test_driver_hash_hooks.driver_status = - mbedtls_psa_hash_clone(source_operation, target_operation); -#else - (void) source_operation; - (void) target_operation; - mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_hash_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_hash_update( - mbedtls_transparent_test_driver_hash_operation_t *operation, - const uint8_t *input, - size_t input_length) -{ - mbedtls_test_driver_hash_hooks.hits++; - - if (mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_hash_hooks.driver_status = - mbedtls_test_driver_hash_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) - mbedtls_test_driver_hash_hooks.driver_status = - libtestdriver1_mbedtls_psa_hash_update( - operation, input, input_length); -#elif defined(MBEDTLS_PSA_BUILTIN_HASH) - mbedtls_test_driver_hash_hooks.driver_status = - mbedtls_psa_hash_update(operation, input, input_length); -#else - (void) operation; - (void) input; - (void) input_length; - mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_hash_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_hash_finish( - mbedtls_transparent_test_driver_hash_operation_t *operation, - uint8_t *hash, - size_t hash_size, - size_t *hash_length) -{ - mbedtls_test_driver_hash_hooks.hits++; - - if (mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_hash_hooks.driver_status = - mbedtls_test_driver_hash_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) - mbedtls_test_driver_hash_hooks.driver_status = - libtestdriver1_mbedtls_psa_hash_finish( - operation, hash, hash_size, hash_length); -#elif defined(MBEDTLS_PSA_BUILTIN_HASH) - mbedtls_test_driver_hash_hooks.driver_status = - mbedtls_psa_hash_finish(operation, hash, hash_size, hash_length); -#else - (void) operation; - (void) hash; - (void) hash_size; - (void) hash_length; - mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_hash_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_hash_abort( - mbedtls_transparent_test_driver_hash_operation_t *operation) -{ - mbedtls_test_driver_hash_hooks.hits++; - - if (mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_hash_hooks.driver_status = - mbedtls_test_driver_hash_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) - mbedtls_test_driver_hash_hooks.driver_status = - libtestdriver1_mbedtls_psa_hash_abort(operation); -#elif defined(MBEDTLS_PSA_BUILTIN_HASH) - mbedtls_test_driver_hash_hooks.driver_status = - mbedtls_psa_hash_abort(operation); -#else - (void) operation; - mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_hash_hooks.driver_status; -} -#endif /* PSA_CRYPTO_DRIVER_TEST */ diff --git a/tests/src/drivers/platform_builtin_keys.c b/tests/src/drivers/platform_builtin_keys.c deleted file mode 100644 index 4561b6fdc2..0000000000 --- a/tests/src/drivers/platform_builtin_keys.c +++ /dev/null @@ -1,82 +0,0 @@ -/** \file platform_builtin_keys.c - * - * \brief Test driver implementation of the builtin key support - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include - -#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS) - -#include -#include - -#if defined(PSA_CRYPTO_DRIVER_TEST) -#include -#endif - -typedef struct { - psa_key_id_t builtin_key_id; - psa_key_lifetime_t lifetime; - psa_drv_slot_number_t slot_number; -} mbedtls_psa_builtin_key_description_t; - -static const mbedtls_psa_builtin_key_description_t builtin_keys[] = { -#if defined(PSA_CRYPTO_DRIVER_TEST) - /* For testing, assign the AES builtin key slot to the boundary values. - * ECDSA can be exercised on key ID MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1. */ - { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN - 1, - PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( - PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION), - PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT }, - { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN, - PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( - PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION), - PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT }, - { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1, - PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( - PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION), - PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT }, - { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX - 1, - PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( - PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION), - PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT }, - { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX, - PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( - PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION), - PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT }, - { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX + 1, - PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( - PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION), - PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT }, -#else - { 0, 0, 0 } -#endif -}; - -psa_status_t mbedtls_psa_platform_get_builtin_key( - mbedtls_svc_key_id_t key_id, - psa_key_lifetime_t *lifetime, - psa_drv_slot_number_t *slot_number) -{ - psa_key_id_t app_key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key_id); - const mbedtls_psa_builtin_key_description_t *builtin_key; - - for (size_t i = 0; - i < (sizeof(builtin_keys) / sizeof(builtin_keys[0])); i++) { - builtin_key = &builtin_keys[i]; - if (builtin_key->builtin_key_id == app_key_id) { - *lifetime = builtin_key->lifetime; - *slot_number = builtin_key->slot_number; - return PSA_SUCCESS; - } - } - - return PSA_ERROR_DOES_NOT_EXIST; -} - -#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c deleted file mode 100644 index 6992a066d2..0000000000 --- a/tests/src/drivers/test_driver_aead.c +++ /dev/null @@ -1,466 +0,0 @@ -/* - * Test driver for AEAD entry points. - */ -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include - -#if defined(PSA_CRYPTO_DRIVER_TEST) -#include "psa_crypto_aead.h" -#include "psa_crypto_core.h" - -#include "test/drivers/aead.h" - -#include "mbedtls/constant_time.h" - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) -#if MBEDTLS_VERSION_MAJOR < 4 -#include "libtestdriver1/library/psa_crypto_aead.h" -#else -#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_aead.h" -#endif -#endif - -mbedtls_test_driver_aead_hooks_t - mbedtls_test_driver_aead_hooks = MBEDTLS_TEST_DRIVER_AEAD_INIT; - -psa_status_t mbedtls_test_transparent_aead_encrypt( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *nonce, size_t nonce_length, - const uint8_t *additional_data, size_t additional_data_length, - const uint8_t *plaintext, size_t plaintext_length, - uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length) -{ - mbedtls_test_driver_aead_hooks.hits_encrypt++; - - if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_test_driver_aead_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) - mbedtls_test_driver_aead_hooks.driver_status = - libtestdriver1_mbedtls_psa_aead_encrypt( - (const libtestdriver1_psa_key_attributes_t *) attributes, - key_buffer, key_buffer_size, - alg, - nonce, nonce_length, - additional_data, additional_data_length, - plaintext, plaintext_length, - ciphertext, ciphertext_size, ciphertext_length); -#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_psa_aead_encrypt( - attributes, key_buffer, key_buffer_size, - alg, - nonce, nonce_length, - additional_data, additional_data_length, - plaintext, plaintext_length, - ciphertext, ciphertext_size, ciphertext_length); -#else - (void) attributes; - (void) key_buffer; - (void) key_buffer_size; - (void) alg; - (void) nonce; - (void) nonce_length; - (void) additional_data; - (void) additional_data_length; - (void) plaintext; - (void) plaintext_length; - (void) ciphertext; - (void) ciphertext_size; - (void) ciphertext_length; - mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_aead_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_aead_decrypt( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *nonce, size_t nonce_length, - const uint8_t *additional_data, size_t additional_data_length, - const uint8_t *ciphertext, size_t ciphertext_length, - uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length) -{ - mbedtls_test_driver_aead_hooks.hits_decrypt++; - - if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_test_driver_aead_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) - mbedtls_test_driver_aead_hooks.driver_status = - libtestdriver1_mbedtls_psa_aead_decrypt( - (const libtestdriver1_psa_key_attributes_t *) attributes, - key_buffer, key_buffer_size, - alg, - nonce, nonce_length, - additional_data, additional_data_length, - ciphertext, ciphertext_length, - plaintext, plaintext_size, plaintext_length); -#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_psa_aead_decrypt( - attributes, key_buffer, key_buffer_size, - alg, - nonce, nonce_length, - additional_data, additional_data_length, - ciphertext, ciphertext_length, - plaintext, plaintext_size, plaintext_length); -#else - (void) attributes; - (void) key_buffer; - (void) key_buffer_size; - (void) alg; - (void) nonce; - (void) nonce_length; - (void) additional_data; - (void) additional_data_length; - (void) ciphertext; - (void) ciphertext_length; - (void) plaintext; - (void) plaintext_size; - (void) plaintext_length; - mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_aead_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_aead_encrypt_setup( - mbedtls_transparent_test_driver_aead_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg) -{ - mbedtls_test_driver_aead_hooks.hits_encrypt_setup++; - - if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_test_driver_aead_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) - mbedtls_test_driver_aead_hooks.driver_status = - libtestdriver1_mbedtls_psa_aead_encrypt_setup(operation, - (const libtestdriver1_psa_key_attributes_t - *) attributes, - key_buffer, - key_buffer_size, alg); -#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_psa_aead_encrypt_setup(operation, attributes, key_buffer, - key_buffer_size, alg); -#else - (void) operation; - (void) attributes; - (void) key_buffer; - (void) key_buffer_size; - (void) alg; - mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_aead_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_aead_decrypt_setup( - mbedtls_transparent_test_driver_aead_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg) -{ - mbedtls_test_driver_aead_hooks.hits_decrypt_setup++; - - if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_test_driver_aead_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) - mbedtls_test_driver_aead_hooks.driver_status = - libtestdriver1_mbedtls_psa_aead_decrypt_setup(operation, - (const libtestdriver1_psa_key_attributes_t - *) attributes, - key_buffer, key_buffer_size, alg); -#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_psa_aead_decrypt_setup(operation, attributes, key_buffer, - key_buffer_size, alg); -#else - (void) operation; - (void) attributes; - (void) key_buffer; - (void) key_buffer_size; - (void) alg; - mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_aead_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_aead_set_nonce( - mbedtls_transparent_test_driver_aead_operation_t *operation, - const uint8_t *nonce, - size_t nonce_length) -{ - mbedtls_test_driver_aead_hooks.hits_set_nonce++; - - if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_test_driver_aead_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) - mbedtls_test_driver_aead_hooks.driver_status = - libtestdriver1_mbedtls_psa_aead_set_nonce(operation, nonce, nonce_length); -#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_psa_aead_set_nonce(operation, nonce, nonce_length); -#else - (void) operation; - (void) nonce; - (void) nonce_length; - mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_aead_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_aead_set_lengths( - mbedtls_transparent_test_driver_aead_operation_t *operation, - size_t ad_length, - size_t plaintext_length) -{ - mbedtls_test_driver_aead_hooks.hits_set_lengths++; - - if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_test_driver_aead_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) - mbedtls_test_driver_aead_hooks.driver_status = - libtestdriver1_mbedtls_psa_aead_set_lengths(operation, ad_length, - plaintext_length); -#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_psa_aead_set_lengths(operation, ad_length, - plaintext_length); -#else - (void) operation; - (void) ad_length; - (void) plaintext_length; - mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_aead_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_aead_update_ad( - mbedtls_transparent_test_driver_aead_operation_t *operation, - const uint8_t *input, - size_t input_length) -{ - mbedtls_test_driver_aead_hooks.hits_update_ad++; - - if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_test_driver_aead_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) - mbedtls_test_driver_aead_hooks.driver_status = - libtestdriver1_mbedtls_psa_aead_update_ad(operation, input, input_length); -#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_psa_aead_update_ad(operation, input, input_length); -#else - (void) operation; - (void) input; - (void) input_length; - mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_aead_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_aead_update( - mbedtls_transparent_test_driver_aead_operation_t *operation, - const uint8_t *input, - size_t input_length, - uint8_t *output, - size_t output_size, - size_t *output_length) -{ - mbedtls_test_driver_aead_hooks.hits_update++; - - if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_test_driver_aead_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) - mbedtls_test_driver_aead_hooks.driver_status = - libtestdriver1_mbedtls_psa_aead_update(operation, input, - input_length, output, - output_size, output_length); -#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_psa_aead_update(operation, input, input_length, output, - output_size, output_length); -#else - (void) operation; - (void) input; - (void) input_length; - (void) output; - (void) output_size; - (void) output_length; - mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_aead_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_aead_finish( - mbedtls_transparent_test_driver_aead_operation_t *operation, - uint8_t *ciphertext, - size_t ciphertext_size, - size_t *ciphertext_length, - uint8_t *tag, - size_t tag_size, - size_t *tag_length) -{ - mbedtls_test_driver_aead_hooks.hits_finish++; - - if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_test_driver_aead_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) - mbedtls_test_driver_aead_hooks.driver_status = - libtestdriver1_mbedtls_psa_aead_finish(operation, ciphertext, - ciphertext_size, ciphertext_length, - tag, tag_size, tag_length); -#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_psa_aead_finish(operation, ciphertext, ciphertext_size, - ciphertext_length, tag, tag_size, - tag_length); -#else - (void) operation; - (void) ciphertext; - (void) ciphertext_size; - (void) ciphertext_length; - (void) tag; - (void) tag_size; - (void) tag_length; - mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_aead_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_aead_verify( - mbedtls_transparent_test_driver_aead_operation_t *operation, - uint8_t *plaintext, - size_t plaintext_size, - size_t *plaintext_length, - const uint8_t *tag, - size_t tag_length) -{ - mbedtls_test_driver_aead_hooks.hits_verify++; - - if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_test_driver_aead_hooks.forced_status; - } else { - uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE]; - size_t check_tag_length = 0; - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) - mbedtls_test_driver_aead_hooks.driver_status = - libtestdriver1_mbedtls_psa_aead_finish(operation, - plaintext, - plaintext_size, - plaintext_length, - check_tag, - sizeof(check_tag), - &check_tag_length); -#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_psa_aead_finish(operation, - plaintext, - plaintext_size, - plaintext_length, - check_tag, - sizeof(check_tag), - &check_tag_length); -#else - (void) operation; - (void) plaintext; - (void) plaintext_size; - (void) plaintext_length; - mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - - if (mbedtls_test_driver_aead_hooks.driver_status == PSA_SUCCESS) { - if (tag_length != check_tag_length || - mbedtls_ct_memcmp(tag, check_tag, tag_length) - != 0) { - mbedtls_test_driver_aead_hooks.driver_status = - PSA_ERROR_INVALID_SIGNATURE; - } - } - - mbedtls_platform_zeroize(check_tag, sizeof(check_tag)); - } - - return mbedtls_test_driver_aead_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_aead_abort( - mbedtls_transparent_test_driver_aead_operation_t *operation) -{ - mbedtls_test_driver_aead_hooks.hits_abort++; - - if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_test_driver_aead_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) - mbedtls_test_driver_aead_hooks.driver_status = - libtestdriver1_mbedtls_psa_aead_abort(operation); -#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_psa_aead_abort(operation); -#else - (void) operation; - mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_aead_hooks.driver_status; -} - -#endif /* PSA_CRYPTO_DRIVER_TEST */ diff --git a/tests/src/drivers/test_driver_asymmetric_encryption.c b/tests/src/drivers/test_driver_asymmetric_encryption.c deleted file mode 100644 index 6fdbe43aee..0000000000 --- a/tests/src/drivers/test_driver_asymmetric_encryption.c +++ /dev/null @@ -1,185 +0,0 @@ -/* - * Test driver for asymmetric encryption. - */ -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include - -#if defined(PSA_CRYPTO_DRIVER_TEST) -#include "psa/crypto.h" -#include "mbedtls/rsa.h" -#include "psa_crypto_rsa.h" -#include "string.h" -#include "test/drivers/asymmetric_encryption.h" -#include "test/drivers/key_management.h" - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) -#if MBEDTLS_VERSION_MAJOR < 4 -#include "libtestdriver1/library/psa_crypto_rsa.h" -#else -#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_rsa.h" -#endif -#endif - -#define PSA_RSA_KEY_PAIR_MAX_SIZE \ - PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) - -mbedtls_test_driver_asymmetric_encryption_hooks_t mbedtls_test_driver_asymmetric_encryption_hooks = - MBEDTLS_TEST_DRIVER_ASYMMETRIC_ENCRYPTION_INIT; - -psa_status_t mbedtls_test_transparent_asymmetric_encrypt( - const psa_key_attributes_t *attributes, const uint8_t *key_buffer, - size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input, - size_t input_length, const uint8_t *salt, size_t salt_length, - uint8_t *output, size_t output_size, size_t *output_length) -{ - mbedtls_test_driver_asymmetric_encryption_hooks.hits++; - - if (mbedtls_test_driver_asymmetric_encryption_hooks.forced_output != NULL) { - if (output_size < mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - - memcpy(output, - mbedtls_test_driver_asymmetric_encryption_hooks.forced_output, - mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length); - *output_length = mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length; - - return mbedtls_test_driver_asymmetric_encryption_hooks.forced_status; - } - - if (mbedtls_test_driver_asymmetric_encryption_hooks.forced_status != PSA_SUCCESS) { - return mbedtls_test_driver_asymmetric_encryption_hooks.forced_status; - } - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) - return libtestdriver1_mbedtls_psa_asymmetric_encrypt( - (const libtestdriver1_psa_key_attributes_t *) attributes, - key_buffer, key_buffer_size, - alg, input, input_length, salt, salt_length, - output, output_size, output_length); -#else - return mbedtls_psa_asymmetric_encrypt( - attributes, key_buffer, key_buffer_size, - alg, input, input_length, salt, salt_length, - output, output_size, output_length); -#endif - - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_transparent_asymmetric_decrypt( - const psa_key_attributes_t *attributes, const uint8_t *key_buffer, - size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input, - size_t input_length, const uint8_t *salt, size_t salt_length, - uint8_t *output, size_t output_size, size_t *output_length) -{ - mbedtls_test_driver_asymmetric_encryption_hooks.hits++; - - if (mbedtls_test_driver_asymmetric_encryption_hooks.forced_output != NULL) { - if (output_size < mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - - memcpy(output, - mbedtls_test_driver_asymmetric_encryption_hooks.forced_output, - mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length); - *output_length = mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length; - - return mbedtls_test_driver_asymmetric_encryption_hooks.forced_status; - } - - if (mbedtls_test_driver_asymmetric_encryption_hooks.forced_status != PSA_SUCCESS) { - return mbedtls_test_driver_asymmetric_encryption_hooks.forced_status; - } - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) - return libtestdriver1_mbedtls_psa_asymmetric_decrypt( - (const libtestdriver1_psa_key_attributes_t *) attributes, - key_buffer, key_buffer_size, - alg, input, input_length, salt, salt_length, - output, output_size, output_length); -#else - return mbedtls_psa_asymmetric_decrypt( - attributes, key_buffer, key_buffer_size, - alg, input, input_length, salt, salt_length, - output, output_size, output_length); -#endif - - return PSA_ERROR_NOT_SUPPORTED; -} - -/* - * opaque versions - */ -psa_status_t mbedtls_test_opaque_asymmetric_encrypt( - const psa_key_attributes_t *attributes, const uint8_t *key, - size_t key_length, psa_algorithm_t alg, const uint8_t *input, - size_t input_length, const uint8_t *salt, size_t salt_length, - uint8_t *output, size_t output_size, size_t *output_length) -{ - unsigned char unwrapped_key[PSA_RSA_KEY_PAIR_MAX_SIZE]; - size_t unwrapped_key_length; - psa_status_t status; - - status = mbedtls_test_opaque_unwrap_key(key, key_length, - unwrapped_key, sizeof(unwrapped_key), - &unwrapped_key_length); - if (status != PSA_SUCCESS) { - return status; - } - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - (defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP) || defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT)) - return libtestdriver1_mbedtls_psa_asymmetric_encrypt( - (const libtestdriver1_psa_key_attributes_t *) attributes, - unwrapped_key, unwrapped_key_length, - alg, input, input_length, salt, salt_length, - output, output_size, output_length); -#else - return mbedtls_psa_asymmetric_encrypt( - attributes, unwrapped_key, unwrapped_key_length, - alg, input, input_length, salt, salt_length, - output, output_size, output_length); -#endif - - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_opaque_asymmetric_decrypt( - const psa_key_attributes_t *attributes, const uint8_t *key, - size_t key_length, psa_algorithm_t alg, const uint8_t *input, - size_t input_length, const uint8_t *salt, size_t salt_length, - uint8_t *output, size_t output_size, size_t *output_length) -{ - unsigned char unwrapped_key[PSA_RSA_KEY_PAIR_MAX_SIZE]; - size_t unwrapped_key_length; - psa_status_t status; - - status = mbedtls_test_opaque_unwrap_key(key, key_length, - unwrapped_key, sizeof(unwrapped_key), - &unwrapped_key_length); - if (status != PSA_SUCCESS) { - return status; - } - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - (defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP) || defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT)) - return libtestdriver1_mbedtls_psa_asymmetric_decrypt( - (const libtestdriver1_psa_key_attributes_t *) attributes, - unwrapped_key, unwrapped_key_length, - alg, input, input_length, salt, salt_length, - output, output_size, output_length); -#else - return mbedtls_psa_asymmetric_decrypt( - attributes, unwrapped_key, unwrapped_key_length, - alg, input, input_length, salt, salt_length, - output, output_size, output_length); -#endif - - return PSA_ERROR_NOT_SUPPORTED; -} - -#endif /* PSA_CRYPTO_DRIVER_TEST */ diff --git a/tests/src/drivers/test_driver_cipher.c b/tests/src/drivers/test_driver_cipher.c deleted file mode 100644 index 90256fc4ea..0000000000 --- a/tests/src/drivers/test_driver_cipher.c +++ /dev/null @@ -1,436 +0,0 @@ -/* - * Test driver for cipher functions. - * Currently only supports multi-part operations using AES-CTR. - */ -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include - -#if defined(PSA_CRYPTO_DRIVER_TEST) -#include "psa/crypto.h" -#include "psa_crypto_cipher.h" -#include "psa_crypto_core.h" -#include "mbedtls/cipher.h" - -#include "test/drivers/cipher.h" - -#include "test/random.h" - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) -#if MBEDTLS_VERSION_MAJOR < 4 -#include "libtestdriver1/library/psa_crypto_cipher.h" -#else -#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_cipher.h" -#endif -#endif - -#include - -mbedtls_test_driver_cipher_hooks_t mbedtls_test_driver_cipher_hooks = - MBEDTLS_TEST_DRIVER_CIPHER_INIT; - -psa_status_t mbedtls_test_transparent_cipher_encrypt( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *iv, - size_t iv_length, - const uint8_t *input, - size_t input_length, - uint8_t *output, - size_t output_size, - size_t *output_length) -{ - mbedtls_test_driver_cipher_hooks.hits++; - mbedtls_test_driver_cipher_hooks.hits_encrypt++; - - if (mbedtls_test_driver_cipher_hooks.forced_output != NULL) { - if (output_size < mbedtls_test_driver_cipher_hooks.forced_output_length) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - - memcpy(output, - mbedtls_test_driver_cipher_hooks.forced_output, - mbedtls_test_driver_cipher_hooks.forced_output_length); - *output_length = mbedtls_test_driver_cipher_hooks.forced_output_length; - - return mbedtls_test_driver_cipher_hooks.forced_status; - } - - if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) { - return mbedtls_test_driver_cipher_hooks.forced_status; - } - if (mbedtls_test_driver_cipher_hooks.forced_status_encrypt != PSA_SUCCESS) { - return mbedtls_test_driver_cipher_hooks.forced_status_encrypt; - } - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) - return libtestdriver1_mbedtls_psa_cipher_encrypt( - (const libtestdriver1_psa_key_attributes_t *) attributes, - key_buffer, key_buffer_size, - alg, iv, iv_length, input, input_length, - output, output_size, output_length); -#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) - return mbedtls_psa_cipher_encrypt( - attributes, key_buffer, key_buffer_size, - alg, iv, iv_length, input, input_length, - output, output_size, output_length); -#endif - - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_transparent_cipher_decrypt( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *output, - size_t output_size, - size_t *output_length) -{ - mbedtls_test_driver_cipher_hooks.hits++; - - if (mbedtls_test_driver_cipher_hooks.forced_output != NULL) { - if (output_size < mbedtls_test_driver_cipher_hooks.forced_output_length) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - - memcpy(output, - mbedtls_test_driver_cipher_hooks.forced_output, - mbedtls_test_driver_cipher_hooks.forced_output_length); - *output_length = mbedtls_test_driver_cipher_hooks.forced_output_length; - - return mbedtls_test_driver_cipher_hooks.forced_status; - } - - if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) { - return mbedtls_test_driver_cipher_hooks.forced_status; - } - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) - return libtestdriver1_mbedtls_psa_cipher_decrypt( - (const libtestdriver1_psa_key_attributes_t *) attributes, - key_buffer, key_buffer_size, - alg, input, input_length, - output, output_size, output_length); -#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) - return mbedtls_psa_cipher_decrypt( - attributes, key_buffer, key_buffer_size, - alg, input, input_length, - output, output_size, output_length); -#endif - - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_transparent_cipher_encrypt_setup( - mbedtls_transparent_test_driver_cipher_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg) -{ - mbedtls_test_driver_cipher_hooks.hits++; - - /* Wiping the entire struct here, instead of member-by-member. This is - * useful for the test suite, since it gives a chance of catching memory - * corruption errors should the core not have allocated (enough) memory for - * our context struct. */ - memset(operation, 0, sizeof(*operation)); - - if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) { - return mbedtls_test_driver_cipher_hooks.forced_status; - } - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) - return libtestdriver1_mbedtls_psa_cipher_encrypt_setup( - operation, - (const libtestdriver1_psa_key_attributes_t *) attributes, - key, key_length, alg); -#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) - return mbedtls_psa_cipher_encrypt_setup( - operation, attributes, key, key_length, alg); -#endif - - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_transparent_cipher_decrypt_setup( - mbedtls_transparent_test_driver_cipher_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg) -{ - mbedtls_test_driver_cipher_hooks.hits++; - - if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) { - return mbedtls_test_driver_cipher_hooks.forced_status; - } - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) - return libtestdriver1_mbedtls_psa_cipher_decrypt_setup( - operation, - (const libtestdriver1_psa_key_attributes_t *) attributes, - key, key_length, alg); -#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) - return mbedtls_psa_cipher_decrypt_setup( - operation, attributes, key, key_length, alg); -#endif - - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_transparent_cipher_abort( - mbedtls_transparent_test_driver_cipher_operation_t *operation) -{ - mbedtls_test_driver_cipher_hooks.hits++; - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) - libtestdriver1_mbedtls_psa_cipher_abort(operation); -#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) - mbedtls_psa_cipher_abort(operation); -#endif - - /* Wiping the entire struct here, instead of member-by-member. This is - * useful for the test suite, since it gives a chance of catching memory - * corruption errors should the core not have allocated (enough) memory for - * our context struct. */ - memset(operation, 0, sizeof(*operation)); - - return mbedtls_test_driver_cipher_hooks.forced_status; -} - -psa_status_t mbedtls_test_transparent_cipher_set_iv( - mbedtls_transparent_test_driver_cipher_operation_t *operation, - const uint8_t *iv, - size_t iv_length) -{ - mbedtls_test_driver_cipher_hooks.hits++; - mbedtls_test_driver_cipher_hooks.hits_set_iv++; - - if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) { - return mbedtls_test_driver_cipher_hooks.forced_status; - } - if (mbedtls_test_driver_cipher_hooks.forced_status_set_iv != PSA_SUCCESS) { - return mbedtls_test_driver_cipher_hooks.forced_status_set_iv; - } - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) - return libtestdriver1_mbedtls_psa_cipher_set_iv( - operation, iv, iv_length); -#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) - return mbedtls_psa_cipher_set_iv(operation, iv, iv_length); -#endif - - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_transparent_cipher_update( - mbedtls_transparent_test_driver_cipher_operation_t *operation, - const uint8_t *input, - size_t input_length, - uint8_t *output, - size_t output_size, - size_t *output_length) -{ - mbedtls_test_driver_cipher_hooks.hits++; - - if (mbedtls_test_driver_cipher_hooks.forced_output != NULL) { - if (output_size < mbedtls_test_driver_cipher_hooks.forced_output_length) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - - memcpy(output, - mbedtls_test_driver_cipher_hooks.forced_output, - mbedtls_test_driver_cipher_hooks.forced_output_length); - *output_length = mbedtls_test_driver_cipher_hooks.forced_output_length; - - return mbedtls_test_driver_cipher_hooks.forced_status; - } - - if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) { - return mbedtls_test_driver_cipher_hooks.forced_status; - } - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) - return libtestdriver1_mbedtls_psa_cipher_update( - operation, input, input_length, - output, output_size, output_length); -#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) - return mbedtls_psa_cipher_update( - operation, input, input_length, - output, output_size, output_length); -#endif - - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_transparent_cipher_finish( - mbedtls_transparent_test_driver_cipher_operation_t *operation, - uint8_t *output, - size_t output_size, - size_t *output_length) -{ - mbedtls_test_driver_cipher_hooks.hits++; - - if (mbedtls_test_driver_cipher_hooks.forced_output != NULL) { - if (output_size < mbedtls_test_driver_cipher_hooks.forced_output_length) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - - memcpy(output, - mbedtls_test_driver_cipher_hooks.forced_output, - mbedtls_test_driver_cipher_hooks.forced_output_length); - *output_length = mbedtls_test_driver_cipher_hooks.forced_output_length; - - return mbedtls_test_driver_cipher_hooks.forced_status; - } - - if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) { - return mbedtls_test_driver_cipher_hooks.forced_status; - } - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) - return libtestdriver1_mbedtls_psa_cipher_finish( - operation, output, output_size, output_length); -#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) - return mbedtls_psa_cipher_finish( - operation, output, output_size, output_length); -#endif - - return PSA_ERROR_NOT_SUPPORTED; -} - -/* - * opaque versions, to do - */ -psa_status_t mbedtls_test_opaque_cipher_encrypt( - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg, - const uint8_t *iv, size_t iv_length, - const uint8_t *input, size_t input_length, - uint8_t *output, size_t output_size, size_t *output_length) -{ - (void) attributes; - (void) key; - (void) key_length; - (void) alg; - (void) iv; - (void) iv_length; - (void) input; - (void) input_length; - (void) output; - (void) output_size; - (void) output_length; - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_opaque_cipher_decrypt( - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg, - const uint8_t *input, size_t input_length, - uint8_t *output, size_t output_size, size_t *output_length) -{ - (void) attributes; - (void) key; - (void) key_length; - (void) alg; - (void) input; - (void) input_length; - (void) output; - (void) output_size; - (void) output_length; - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_opaque_cipher_encrypt_setup( - mbedtls_opaque_test_driver_cipher_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg) -{ - (void) operation; - (void) attributes; - (void) key; - (void) key_length; - (void) alg; - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_opaque_cipher_decrypt_setup( - mbedtls_opaque_test_driver_cipher_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg) -{ - (void) operation; - (void) attributes; - (void) key; - (void) key_length; - (void) alg; - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_opaque_cipher_abort( - mbedtls_opaque_test_driver_cipher_operation_t *operation) -{ - (void) operation; - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_opaque_cipher_set_iv( - mbedtls_opaque_test_driver_cipher_operation_t *operation, - const uint8_t *iv, - size_t iv_length) -{ - (void) operation; - (void) iv; - (void) iv_length; - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_opaque_cipher_update( - mbedtls_opaque_test_driver_cipher_operation_t *operation, - const uint8_t *input, - size_t input_length, - uint8_t *output, - size_t output_size, - size_t *output_length) -{ - (void) operation; - (void) input; - (void) input_length; - (void) output; - (void) output_size; - (void) output_length; - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_opaque_cipher_finish( - mbedtls_opaque_test_driver_cipher_operation_t *operation, - uint8_t *output, - size_t output_size, - size_t *output_length) -{ - (void) operation; - (void) output; - (void) output_size; - (void) output_length; - return PSA_ERROR_NOT_SUPPORTED; -} -#endif /* PSA_CRYPTO_DRIVER_TEST */ diff --git a/tests/src/drivers/test_driver_key_agreement.c b/tests/src/drivers/test_driver_key_agreement.c deleted file mode 100644 index 8a7a9ea525..0000000000 --- a/tests/src/drivers/test_driver_key_agreement.c +++ /dev/null @@ -1,153 +0,0 @@ -/* - * Test driver for key agreement functions. - */ -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include - -#if defined(PSA_CRYPTO_DRIVER_TEST) - -#include "psa/crypto.h" -#include "psa_crypto_core.h" -#include "psa_crypto_ecp.h" -#include "psa_crypto_ffdh.h" - -#include "test/drivers/key_agreement.h" -#include "test/drivers/test_driver.h" - -#include - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) -#if MBEDTLS_VERSION_MAJOR < 4 -#include "libtestdriver1/include/psa/crypto.h" -#include "libtestdriver1/library/psa_crypto_ecp.h" -#include "libtestdriver1/library/psa_crypto_ffdh.h" -#else -#include "libtestdriver1/tf-psa-crypto/include/psa/crypto.h" -#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.h" -#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_ffdh.h" -#endif -#endif - -mbedtls_test_driver_key_agreement_hooks_t - mbedtls_test_driver_key_agreement_hooks = MBEDTLS_TEST_DRIVER_KEY_AGREEMENT_INIT; - -psa_status_t mbedtls_test_transparent_key_agreement( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *peer_key, - size_t peer_key_length, - uint8_t *shared_secret, - size_t shared_secret_size, - size_t *shared_secret_length) -{ - mbedtls_test_driver_key_agreement_hooks.hits++; - - if (mbedtls_test_driver_key_agreement_hooks.forced_status != PSA_SUCCESS) { - return mbedtls_test_driver_key_agreement_hooks.forced_status; - } - - if (mbedtls_test_driver_key_agreement_hooks.forced_output != NULL) { - if (mbedtls_test_driver_key_agreement_hooks.forced_output_length > shared_secret_size) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - - memcpy(shared_secret, mbedtls_test_driver_key_agreement_hooks.forced_output, - mbedtls_test_driver_key_agreement_hooks.forced_output_length); - *shared_secret_length = mbedtls_test_driver_key_agreement_hooks.forced_output_length; - - return PSA_SUCCESS; - } - - if (PSA_ALG_IS_ECDH(alg)) { -#if (defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDH)) - return libtestdriver1_mbedtls_psa_key_agreement_ecdh( - (const libtestdriver1_psa_key_attributes_t *) attributes, - key_buffer, key_buffer_size, - alg, peer_key, peer_key_length, - shared_secret, shared_secret_size, - shared_secret_length); -#elif defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) - return mbedtls_psa_key_agreement_ecdh( - attributes, - key_buffer, key_buffer_size, - alg, peer_key, peer_key_length, - shared_secret, shared_secret_size, - shared_secret_length); -#else - (void) attributes; - (void) key_buffer; - (void) key_buffer_size; - (void) peer_key; - (void) peer_key_length; - (void) shared_secret; - (void) shared_secret_size; - (void) shared_secret_length; - return PSA_ERROR_NOT_SUPPORTED; -#endif - } - if (PSA_ALG_IS_FFDH(alg)) { -#if (defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_FFDH)) - return libtestdriver1_mbedtls_psa_ffdh_key_agreement( - (const libtestdriver1_psa_key_attributes_t *) attributes, - peer_key, peer_key_length, - key_buffer, key_buffer_size, - shared_secret, shared_secret_size, - shared_secret_length); -#elif defined(MBEDTLS_PSA_BUILTIN_ALG_FFDH) - return mbedtls_psa_ffdh_key_agreement( - attributes, - peer_key, - peer_key_length, - key_buffer, - key_buffer_size, - shared_secret, - shared_secret_size, - shared_secret_length); -#else - (void) attributes; - (void) key_buffer; - (void) key_buffer_size; - (void) peer_key; - (void) peer_key_length; - (void) shared_secret; - (void) shared_secret_size; - (void) shared_secret_length; - return PSA_ERROR_NOT_SUPPORTED; -#endif - } else { - return PSA_ERROR_INVALID_ARGUMENT; - } - -} - -psa_status_t mbedtls_test_opaque_key_agreement( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *peer_key, - size_t peer_key_length, - uint8_t *shared_secret, - size_t shared_secret_size, - size_t *shared_secret_length) -{ - (void) attributes; - (void) key_buffer; - (void) key_buffer_size; - (void) alg; - (void) peer_key; - (void) peer_key_length; - (void) shared_secret; - (void) shared_secret_size; - (void) shared_secret_length; - return PSA_ERROR_NOT_SUPPORTED; -} - -#endif /* PSA_CRYPTO_DRIVER_TEST */ diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c deleted file mode 100644 index d2ca157b8b..0000000000 --- a/tests/src/drivers/test_driver_key_management.c +++ /dev/null @@ -1,794 +0,0 @@ -/* - * Test driver for generating and verifying keys. - * Currently only supports generating and verifying ECC keys. - */ -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include - -#if defined(PSA_CRYPTO_DRIVER_TEST) -#include "psa/crypto.h" -#include "psa_crypto_core.h" -#include "psa_crypto_ecp.h" -#include "psa_crypto_rsa.h" -#include "psa_crypto_ffdh.h" -#include "mbedtls/ecp.h" -#include "mbedtls/error.h" - -#include "test/drivers/key_management.h" -#include "test/drivers/test_driver.h" - -#include "test/random.h" - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) -#if MBEDTLS_VERSION_MAJOR < 4 -#include "libtestdriver1/library/psa_crypto_ecp.h" -#include "libtestdriver1/library/psa_crypto_rsa.h" -#include "libtestdriver1/library/psa_crypto_ffdh.h" -#else -#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.h" -#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_rsa.h" -#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_ffdh.h" -#endif -#endif - -#include - -mbedtls_test_driver_key_management_hooks_t - mbedtls_test_driver_key_management_hooks = MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT; - -const uint8_t mbedtls_test_driver_aes_key[16] = -{ 0x36, 0x77, 0x39, 0x7A, 0x24, 0x43, 0x26, 0x46, - 0x29, 0x4A, 0x40, 0x4E, 0x63, 0x52, 0x66, 0x55 }; -const uint8_t mbedtls_test_driver_ecdsa_key[32] = -{ 0xdc, 0x7d, 0x9d, 0x26, 0xd6, 0x7a, 0x4f, 0x63, - 0x2c, 0x34, 0xc2, 0xdc, 0x0b, 0x69, 0x86, 0x18, - 0x38, 0x82, 0xc2, 0x06, 0xdf, 0x04, 0xcd, 0xb7, - 0xd6, 0x9a, 0xab, 0xe2, 0x8b, 0xe4, 0xf8, 0x1a }; -const uint8_t mbedtls_test_driver_ecdsa_pubkey[65] = -{ 0x04, - 0x85, 0xf6, 0x4d, 0x89, 0xf0, 0x0b, 0xe6, 0x6c, - 0x88, 0xdd, 0x93, 0x7e, 0xfd, 0x6d, 0x7c, 0x44, - 0x56, 0x48, 0xdc, 0xb7, 0x01, 0x15, 0x0b, 0x8a, - 0x95, 0x09, 0x29, 0x58, 0x50, 0xf4, 0x1c, 0x19, - 0x31, 0xe5, 0x71, 0xfb, 0x8f, 0x8c, 0x78, 0x31, - 0x7a, 0x20, 0xb3, 0x80, 0xe8, 0x66, 0x58, 0x4b, - 0xbc, 0x25, 0x16, 0xc3, 0xd2, 0x70, 0x2d, 0x79, - 0x2f, 0x13, 0x1a, 0x92, 0x20, 0x95, 0xfd, 0x6c }; - -psa_status_t mbedtls_test_transparent_init(void) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) - status = libtestdriver1_psa_crypto_init(); - if (status != PSA_SUCCESS) { - return status; - } -#endif - - (void) status; - return PSA_SUCCESS; -} - -void mbedtls_test_transparent_free(void) -{ -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) - libtestdriver1_mbedtls_psa_crypto_free(); -#endif - - return; -} - -psa_status_t mbedtls_test_opaque_init(void) -{ - return PSA_SUCCESS; -} - -void mbedtls_test_opaque_free(void) -{ - return; -} - -/* - * This macro returns the base size for the key context when SE does not - * support storage. It is the size of the metadata that gets added to the - * wrapped key. In its test functionality the metadata is just some padded - * prefixing to the key. - */ -#define TEST_DRIVER_KEY_CONTEXT_BASE_SIZE \ - PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE - - -size_t mbedtls_test_opaque_size_function( - const psa_key_type_t key_type, - const size_t key_bits) -{ - size_t key_buffer_size = 0; - - key_buffer_size = PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits); - if (key_buffer_size == 0) { - return 0; - } - /* Include spacing for base size overhead over the key size - * */ - key_buffer_size += TEST_DRIVER_KEY_CONTEXT_BASE_SIZE; - return key_buffer_size; -} - -static size_t mbedtls_test_opaque_get_base_size() -{ - return TEST_DRIVER_KEY_CONTEXT_BASE_SIZE; -} - -/* - * The wrap function mbedtls_test_opaque_wrap_key pads and wraps the - * clear key. It expects the clear and wrap buffers to be passed in. - * key_length is the size of the clear key to be wrapped. - * wrapped_key_buffer_size is the size of the output buffer wrap_key. - * The argument wrapped_key_buffer_length is filled with the wrapped - * key_size on success. - * */ -static psa_status_t mbedtls_test_opaque_wrap_key( - const uint8_t *key, - size_t key_length, - uint8_t *wrapped_key_buffer, - size_t wrapped_key_buffer_size, - size_t *wrapped_key_buffer_length) -{ - size_t opaque_key_base_size = mbedtls_test_opaque_get_base_size(); - uint64_t prefix = PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX; - - if (key_length + opaque_key_base_size > wrapped_key_buffer_size) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - - /* Write in the opaque pad prefix */ - memcpy(wrapped_key_buffer, &prefix, opaque_key_base_size); - wrapped_key_buffer += opaque_key_base_size; - *wrapped_key_buffer_length = key_length + opaque_key_base_size; - - while (key_length--) { - wrapped_key_buffer[key_length] = key[key_length] ^ 0xFF; - } - return PSA_SUCCESS; -} - -/* - * The unwrap function mbedtls_test_opaque_unwrap_key removes a pad prefix - * and unwraps the wrapped key. It expects the clear and wrap buffers to be - * passed in. - * wrapped_key_length is the size of the wrapped key, - * key_buffer_size is the size of the output buffer clear_key. - * The argument key_buffer_length is filled with the unwrapped(clear) - * key_size on success. - * */ -psa_status_t mbedtls_test_opaque_unwrap_key( - const uint8_t *wrapped_key, - size_t wrapped_key_length, - uint8_t *key_buffer, - size_t key_buffer_size, - size_t *key_buffer_length) -{ - /* Remove the pad prefix from the wrapped key */ - size_t opaque_key_base_size = mbedtls_test_opaque_get_base_size(); - size_t clear_key_size; - - /* Check for underflow */ - if (wrapped_key_length < opaque_key_base_size) { - return PSA_ERROR_DATA_CORRUPT; - } - clear_key_size = wrapped_key_length - opaque_key_base_size; - - wrapped_key += opaque_key_base_size; - if (clear_key_size > key_buffer_size) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - - *key_buffer_length = clear_key_size; - while (clear_key_size--) { - key_buffer[clear_key_size] = wrapped_key[clear_key_size] ^ 0xFF; - } - return PSA_SUCCESS; -} - -psa_status_t mbedtls_test_transparent_generate_key( - const psa_key_attributes_t *attributes, - uint8_t *key, size_t key_size, size_t *key_length) -{ - ++mbedtls_test_driver_key_management_hooks.hits; - ++mbedtls_test_driver_key_management_hooks.hits_generate_key; - - if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) { - return mbedtls_test_driver_key_management_hooks.forced_status; - } - - if (mbedtls_test_driver_key_management_hooks.forced_output != NULL) { - if (mbedtls_test_driver_key_management_hooks.forced_output_length > - key_size) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - memcpy(key, mbedtls_test_driver_key_management_hooks.forced_output, - mbedtls_test_driver_key_management_hooks.forced_output_length); - *key_length = mbedtls_test_driver_key_management_hooks.forced_output_length; - return PSA_SUCCESS; - } - - if (PSA_KEY_TYPE_IS_ECC(psa_get_key_type(attributes)) - && PSA_KEY_TYPE_IS_KEY_PAIR(psa_get_key_type(attributes))) { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE) - return libtestdriver1_mbedtls_psa_ecp_generate_key( - (const libtestdriver1_psa_key_attributes_t *) attributes, - key, key_size, key_length); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE) - return mbedtls_psa_ecp_generate_key( - attributes, key, key_size, key_length); -#endif - } else if (psa_get_key_type(attributes) == PSA_KEY_TYPE_RSA_KEY_PAIR) { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE) - return libtestdriver1_mbedtls_psa_rsa_generate_key( - (const libtestdriver1_psa_key_attributes_t *) attributes, - NULL, 0, /* We don't support custom e in the test driver yet */ - key, key_size, key_length); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE) - return mbedtls_psa_rsa_generate_key( - attributes, - NULL, 0, /* We don't support custom e in the test driver yet */ - key, key_size, key_length); -#endif - } else if (PSA_KEY_TYPE_IS_DH(psa_get_key_type(attributes)) - && PSA_KEY_TYPE_IS_KEY_PAIR(psa_get_key_type(attributes))) { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE) - return libtestdriver1_mbedtls_psa_ffdh_generate_key( - (const libtestdriver1_psa_key_attributes_t *) attributes, - key, key_size, key_length); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) - return mbedtls_psa_ffdh_generate_key( - attributes, key, key_size, key_length); -#endif - } - - (void) attributes; - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_opaque_generate_key( - const psa_key_attributes_t *attributes, - uint8_t *key, size_t key_size, size_t *key_length) -{ - (void) attributes; - (void) key; - (void) key_size; - (void) key_length; - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_transparent_import_key( - const psa_key_attributes_t *attributes, - const uint8_t *data, - size_t data_length, - uint8_t *key_buffer, - size_t key_buffer_size, - size_t *key_buffer_length, - size_t *bits) -{ - psa_key_type_t type = psa_get_key_type(attributes); - - ++mbedtls_test_driver_key_management_hooks.hits; - mbedtls_test_driver_key_management_hooks.location = PSA_KEY_LOCATION_LOCAL_STORAGE; - - if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) { - return mbedtls_test_driver_key_management_hooks.forced_status; - } - - if (PSA_KEY_TYPE_IS_ECC(type)) { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)) - return libtestdriver1_mbedtls_psa_ecp_import_key( - (const libtestdriver1_psa_key_attributes_t *) attributes, - data, data_length, - key_buffer, key_buffer_size, - key_buffer_length, bits); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) - return mbedtls_psa_ecp_import_key( - attributes, - data, data_length, - key_buffer, key_buffer_size, - key_buffer_length, bits); -#endif - } else if (PSA_KEY_TYPE_IS_RSA(type)) { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)) - return libtestdriver1_mbedtls_psa_rsa_import_key( - (const libtestdriver1_psa_key_attributes_t *) attributes, - data, data_length, - key_buffer, key_buffer_size, - key_buffer_length, bits); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) - return mbedtls_psa_rsa_import_key( - attributes, - data, data_length, - key_buffer, key_buffer_size, - key_buffer_length, bits); -#endif - } else if (PSA_KEY_TYPE_IS_DH(type)) { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY)) - return libtestdriver1_mbedtls_psa_ffdh_import_key( - (const libtestdriver1_psa_key_attributes_t *) attributes, - data, data_length, - key_buffer, key_buffer_size, - key_buffer_length, bits); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) - return mbedtls_psa_ffdh_import_key( - attributes, - data, data_length, - key_buffer, key_buffer_size, - key_buffer_length, bits); -#endif - } - (void) data; - (void) data_length; - (void) key_buffer; - (void) key_buffer_size; - (void) key_buffer_length; - (void) bits; - (void) type; - - return PSA_ERROR_NOT_SUPPORTED; -} - - -psa_status_t mbedtls_test_opaque_import_key( - const psa_key_attributes_t *attributes, - const uint8_t *data, - size_t data_length, - uint8_t *key_buffer, - size_t key_buffer_size, - size_t *key_buffer_length, - size_t *bits) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_type_t type = psa_get_key_type(attributes); - /* This buffer will be used as an intermediate placeholder for - * the clear key till we wrap it */ - uint8_t *key_buffer_temp; - - ++mbedtls_test_driver_key_management_hooks.hits; - mbedtls_test_driver_key_management_hooks.location = PSA_CRYPTO_TEST_DRIVER_LOCATION; - - if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) { - return mbedtls_test_driver_key_management_hooks.forced_status; - } - - key_buffer_temp = mbedtls_calloc(1, key_buffer_size); - if (key_buffer_temp == NULL) { - return PSA_ERROR_INSUFFICIENT_MEMORY; - } - - if (PSA_KEY_TYPE_IS_UNSTRUCTURED(type)) { - *bits = PSA_BYTES_TO_BITS(data_length); - - status = psa_validate_unstructured_key_bit_size(type, - *bits); - if (status != PSA_SUCCESS) { - goto exit; - } - - if (data_length > key_buffer_size) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - - /* Copy the key material accounting for opaque key padding. */ - memcpy(key_buffer_temp, data, data_length); - *key_buffer_length = data_length; - } else if (PSA_KEY_TYPE_IS_ECC(type)) { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - (defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)) - status = libtestdriver1_mbedtls_psa_ecp_import_key( - (const libtestdriver1_psa_key_attributes_t *) attributes, - data, data_length, - key_buffer_temp, key_buffer_size, - key_buffer_length, bits); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) - status = mbedtls_psa_ecp_import_key( - attributes, - data, data_length, - key_buffer_temp, key_buffer_size, - key_buffer_length, bits); -#else - status = PSA_ERROR_NOT_SUPPORTED; -#endif - if (status != PSA_SUCCESS) { - goto exit; - } - } else if (PSA_KEY_TYPE_IS_RSA(type)) { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - (defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY)) - status = libtestdriver1_mbedtls_psa_rsa_import_key( - (const libtestdriver1_psa_key_attributes_t *) attributes, - data, data_length, - key_buffer_temp, key_buffer_size, - key_buffer_length, bits); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) - status = mbedtls_psa_rsa_import_key( - attributes, - data, data_length, - key_buffer_temp, key_buffer_size, - key_buffer_length, bits); -#else - status = PSA_ERROR_NOT_SUPPORTED; -#endif - if (status != PSA_SUCCESS) { - goto exit; - } - } else { - status = PSA_ERROR_INVALID_ARGUMENT; - goto exit; - } - - status = mbedtls_test_opaque_wrap_key(key_buffer_temp, *key_buffer_length, - key_buffer, key_buffer_size, key_buffer_length); -exit: - mbedtls_free(key_buffer_temp); - return status; -} - -psa_status_t mbedtls_test_opaque_export_key( - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - uint8_t *data, size_t data_size, size_t *data_length) -{ - if (key_length == sizeof(psa_drv_slot_number_t)) { - /* Assume this is a builtin key based on the key material length. */ - psa_drv_slot_number_t slot_number = *((psa_drv_slot_number_t *) key); - - switch (slot_number) { - case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT: - /* This is the ECDSA slot. Verify the key's attributes before - * returning the private key. */ - if (psa_get_key_type(attributes) != - PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) { - return PSA_ERROR_CORRUPTION_DETECTED; - } - if (psa_get_key_bits(attributes) != 256) { - return PSA_ERROR_CORRUPTION_DETECTED; - } - if (psa_get_key_algorithm(attributes) != - PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)) { - return PSA_ERROR_CORRUPTION_DETECTED; - } - if ((psa_get_key_usage_flags(attributes) & - PSA_KEY_USAGE_EXPORT) == 0) { - return PSA_ERROR_CORRUPTION_DETECTED; - } - - if (data_size < sizeof(mbedtls_test_driver_ecdsa_key)) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - - memcpy(data, mbedtls_test_driver_ecdsa_key, - sizeof(mbedtls_test_driver_ecdsa_key)); - *data_length = sizeof(mbedtls_test_driver_ecdsa_key); - return PSA_SUCCESS; - - case PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT: - /* This is the AES slot. Verify the key's attributes before - * returning the key. */ - if (psa_get_key_type(attributes) != PSA_KEY_TYPE_AES) { - return PSA_ERROR_CORRUPTION_DETECTED; - } - if (psa_get_key_bits(attributes) != 128) { - return PSA_ERROR_CORRUPTION_DETECTED; - } - if (psa_get_key_algorithm(attributes) != PSA_ALG_CTR) { - return PSA_ERROR_CORRUPTION_DETECTED; - } - if ((psa_get_key_usage_flags(attributes) & - PSA_KEY_USAGE_EXPORT) == 0) { - return PSA_ERROR_CORRUPTION_DETECTED; - } - - if (data_size < sizeof(mbedtls_test_driver_aes_key)) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - - memcpy(data, mbedtls_test_driver_aes_key, - sizeof(mbedtls_test_driver_aes_key)); - *data_length = sizeof(mbedtls_test_driver_aes_key); - return PSA_SUCCESS; - - default: - return PSA_ERROR_DOES_NOT_EXIST; - } - } else { - /* This buffer will be used as an intermediate placeholder for - * the opaque key till we unwrap the key into key_buffer */ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_type_t type = psa_get_key_type(attributes); - - if (PSA_KEY_TYPE_IS_UNSTRUCTURED(type) || - PSA_KEY_TYPE_IS_RSA(type) || - PSA_KEY_TYPE_IS_ECC(type)) { - status = mbedtls_test_opaque_unwrap_key(key, key_length, - data, data_size, data_length); - return status; - } - } - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_transparent_export_public_key( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - uint8_t *data, size_t data_size, size_t *data_length) -{ - ++mbedtls_test_driver_key_management_hooks.hits; - ++mbedtls_test_driver_key_management_hooks.hits_export_public_key; - - if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) { - return mbedtls_test_driver_key_management_hooks.forced_status; - } - - if (mbedtls_test_driver_key_management_hooks.forced_output != NULL) { - if (mbedtls_test_driver_key_management_hooks.forced_output_length > - data_size) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - memcpy(data, mbedtls_test_driver_key_management_hooks.forced_output, - mbedtls_test_driver_key_management_hooks.forced_output_length); - *data_length = mbedtls_test_driver_key_management_hooks.forced_output_length; - return PSA_SUCCESS; - } - - psa_key_type_t key_type = psa_get_key_type(attributes); - - if (PSA_KEY_TYPE_IS_ECC(key_type)) { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT) || \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)) - return libtestdriver1_mbedtls_psa_ecp_export_public_key( - (const libtestdriver1_psa_key_attributes_t *) attributes, - key_buffer, key_buffer_size, - data, data_size, data_length); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) - return mbedtls_psa_ecp_export_public_key( - attributes, - key_buffer, key_buffer_size, - data, data_size, data_length); -#endif - } else if (PSA_KEY_TYPE_IS_RSA(key_type)) { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)) - return libtestdriver1_mbedtls_psa_rsa_export_public_key( - (const libtestdriver1_psa_key_attributes_t *) attributes, - key_buffer, key_buffer_size, - data, data_size, data_length); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) - return mbedtls_psa_rsa_export_public_key( - attributes, - key_buffer, key_buffer_size, - data, data_size, data_length); -#endif - } else if (PSA_KEY_TYPE_IS_DH(key_type)) { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY)) - return libtestdriver1_mbedtls_psa_ffdh_export_public_key( - (const libtestdriver1_psa_key_attributes_t *) attributes, - key_buffer, key_buffer_size, - data, data_size, data_length); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) - return mbedtls_psa_ffdh_export_public_key( - attributes, - key_buffer, key_buffer_size, - data, data_size, data_length); -#endif - } - - (void) key_buffer; - (void) key_buffer_size; - (void) key_type; - - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_opaque_export_public_key( - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - uint8_t *data, size_t data_size, size_t *data_length) -{ - if (key_length != sizeof(psa_drv_slot_number_t)) { - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_type_t key_type = psa_get_key_type(attributes); - uint8_t *key_buffer_temp; - - key_buffer_temp = mbedtls_calloc(1, key_length); - if (key_buffer_temp == NULL) { - return PSA_ERROR_INSUFFICIENT_MEMORY; - } - - if (PSA_KEY_TYPE_IS_ECC(key_type)) { - status = mbedtls_test_opaque_unwrap_key(key, key_length, - key_buffer_temp, key_length, data_length); - if (status == PSA_SUCCESS) { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - (defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)) - status = libtestdriver1_mbedtls_psa_ecp_export_public_key( - (const libtestdriver1_psa_key_attributes_t *) attributes, - key_buffer_temp, *data_length, - data, data_size, data_length); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) - status = mbedtls_psa_ecp_export_public_key( - attributes, - key_buffer_temp, *data_length, - data, data_size, data_length); -#else - status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - } else if (PSA_KEY_TYPE_IS_RSA(key_type)) { - status = mbedtls_test_opaque_unwrap_key(key, key_length, - key_buffer_temp, key_length, data_length); - if (status == PSA_SUCCESS) { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - (defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY)) - status = libtestdriver1_mbedtls_psa_rsa_export_public_key( - (const libtestdriver1_psa_key_attributes_t *) attributes, - key_buffer_temp, *data_length, - data, data_size, data_length); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) - status = mbedtls_psa_rsa_export_public_key( - attributes, - key_buffer_temp, *data_length, - data, data_size, data_length); -#else - status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - } else { - status = PSA_ERROR_NOT_SUPPORTED; - (void) key; - (void) key_type; - } - mbedtls_free(key_buffer_temp); - return status; - } - - /* Assume this is a builtin key based on the key material length. */ - psa_drv_slot_number_t slot_number = *((psa_drv_slot_number_t *) key); - switch (slot_number) { - case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT: - /* This is the ECDSA slot. Verify the key's attributes before - * returning the public key. */ - if (psa_get_key_type(attributes) != - PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) { - return PSA_ERROR_CORRUPTION_DETECTED; - } - if (psa_get_key_bits(attributes) != 256) { - return PSA_ERROR_CORRUPTION_DETECTED; - } - if (psa_get_key_algorithm(attributes) != - PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)) { - return PSA_ERROR_CORRUPTION_DETECTED; - } - - if (data_size < sizeof(mbedtls_test_driver_ecdsa_pubkey)) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - - memcpy(data, mbedtls_test_driver_ecdsa_pubkey, - sizeof(mbedtls_test_driver_ecdsa_pubkey)); - *data_length = sizeof(mbedtls_test_driver_ecdsa_pubkey); - return PSA_SUCCESS; - - default: - return PSA_ERROR_DOES_NOT_EXIST; - } -} - -/* The opaque test driver exposes two built-in keys when builtin key support is - * compiled in. - * The key in slot #PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT is an AES-128 - * key which allows CTR mode. - * The key in slot #PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT is a secp256r1 - * private key which allows ECDSA sign & verify. - * The key buffer format for these is the raw format of psa_drv_slot_number_t - * (i.e. for an actual driver this would mean 'builtin_key_size' = - * sizeof(psa_drv_slot_number_t)). - */ -psa_status_t mbedtls_test_opaque_get_builtin_key( - psa_drv_slot_number_t slot_number, - psa_key_attributes_t *attributes, - uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length) -{ - switch (slot_number) { - case PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT: - psa_set_key_type(attributes, PSA_KEY_TYPE_AES); - psa_set_key_bits(attributes, 128); - psa_set_key_usage_flags( - attributes, - PSA_KEY_USAGE_ENCRYPT | - PSA_KEY_USAGE_DECRYPT | - PSA_KEY_USAGE_EXPORT); - psa_set_key_algorithm(attributes, PSA_ALG_CTR); - - if (key_buffer_size < sizeof(psa_drv_slot_number_t)) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - - *((psa_drv_slot_number_t *) key_buffer) = - PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT; - *key_buffer_length = sizeof(psa_drv_slot_number_t); - return PSA_SUCCESS; - case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT: - psa_set_key_type( - attributes, - PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)); - psa_set_key_bits(attributes, 256); - psa_set_key_usage_flags( - attributes, - PSA_KEY_USAGE_SIGN_HASH | - PSA_KEY_USAGE_VERIFY_HASH | - PSA_KEY_USAGE_EXPORT); - psa_set_key_algorithm( - attributes, PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)); - - if (key_buffer_size < sizeof(psa_drv_slot_number_t)) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - - *((psa_drv_slot_number_t *) key_buffer) = - PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT; - *key_buffer_length = sizeof(psa_drv_slot_number_t); - return PSA_SUCCESS; - default: - return PSA_ERROR_DOES_NOT_EXIST; - } -} - -psa_status_t mbedtls_test_opaque_copy_key( - psa_key_attributes_t *attributes, - const uint8_t *source_key, size_t source_key_length, - uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length) -{ - /* This is a case where the opaque test driver emulates an SE without storage. - * With that all key context is stored in the wrapped buffer. - * So no additional house keeping is necessary to reference count the - * copied keys. This could change when the opaque test driver is extended - * to support SE with storage, or to emulate an SE without storage but - * still holding some slot references */ - if (source_key_length > key_buffer_size) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - - memcpy(key_buffer, source_key, source_key_length); - *key_buffer_length = source_key_length; - (void) attributes; - return PSA_SUCCESS; -} - -#endif /* PSA_CRYPTO_DRIVER_TEST */ diff --git a/tests/src/drivers/test_driver_mac.c b/tests/src/drivers/test_driver_mac.c deleted file mode 100644 index f1cf504303..0000000000 --- a/tests/src/drivers/test_driver_mac.c +++ /dev/null @@ -1,426 +0,0 @@ -/* - * Test driver for MAC entry points. - */ -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include - -#if defined(PSA_CRYPTO_DRIVER_TEST) -#include "psa_crypto_mac.h" - -#include "test/drivers/mac.h" - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) -#if MBEDTLS_VERSION_MAJOR < 4 -#include "libtestdriver1/library/psa_crypto_mac.h" -#else -#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_mac.h" -#endif -#endif - -mbedtls_test_driver_mac_hooks_t mbedtls_test_driver_mac_hooks = - MBEDTLS_TEST_DRIVER_MAC_INIT; - -psa_status_t mbedtls_test_transparent_mac_compute( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *mac, - size_t mac_size, - size_t *mac_length) -{ - mbedtls_test_driver_mac_hooks.hits++; - - if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_test_driver_mac_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC) - mbedtls_test_driver_mac_hooks.driver_status = - libtestdriver1_mbedtls_psa_mac_compute( - (const libtestdriver1_psa_key_attributes_t *) attributes, - key_buffer, key_buffer_size, alg, - input, input_length, - mac, mac_size, mac_length); -#elif defined(MBEDTLS_PSA_BUILTIN_MAC) - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_psa_mac_compute( - attributes, key_buffer, key_buffer_size, alg, - input, input_length, - mac, mac_size, mac_length); -#else - (void) attributes; - (void) key_buffer; - (void) key_buffer_size; - (void) alg; - (void) input; - (void) input_length; - (void) mac; - (void) mac_size; - (void) mac_length; - mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_mac_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_mac_sign_setup( - mbedtls_transparent_test_driver_mac_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg) -{ - mbedtls_test_driver_mac_hooks.hits++; - - if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_test_driver_mac_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC) - mbedtls_test_driver_mac_hooks.driver_status = - libtestdriver1_mbedtls_psa_mac_sign_setup( - operation, - (const libtestdriver1_psa_key_attributes_t *) attributes, - key_buffer, key_buffer_size, alg); -#elif defined(MBEDTLS_PSA_BUILTIN_MAC) - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_psa_mac_sign_setup( - operation, attributes, key_buffer, key_buffer_size, alg); -#else - (void) operation; - (void) attributes; - (void) key_buffer; - (void) key_buffer_size; - (void) alg; - mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_mac_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_mac_verify_setup( - mbedtls_transparent_test_driver_mac_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg) -{ - mbedtls_test_driver_mac_hooks.hits++; - - if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_test_driver_mac_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC) - mbedtls_test_driver_mac_hooks.driver_status = - libtestdriver1_mbedtls_psa_mac_verify_setup( - operation, - (const libtestdriver1_psa_key_attributes_t *) attributes, - key_buffer, key_buffer_size, alg); -#elif defined(MBEDTLS_PSA_BUILTIN_MAC) - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_psa_mac_verify_setup( - operation, attributes, key_buffer, key_buffer_size, alg); -#else - (void) operation; - (void) attributes; - (void) key_buffer; - (void) key_buffer_size; - (void) alg; - mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_mac_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_mac_update( - mbedtls_transparent_test_driver_mac_operation_t *operation, - const uint8_t *input, - size_t input_length) -{ - mbedtls_test_driver_mac_hooks.hits++; - - if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_test_driver_mac_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC) - mbedtls_test_driver_mac_hooks.driver_status = - libtestdriver1_mbedtls_psa_mac_update( - operation, input, input_length); -#elif defined(MBEDTLS_PSA_BUILTIN_MAC) - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_psa_mac_update( - operation, input, input_length); -#else - (void) operation; - (void) input; - (void) input_length; - mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_mac_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_mac_sign_finish( - mbedtls_transparent_test_driver_mac_operation_t *operation, - uint8_t *mac, - size_t mac_size, - size_t *mac_length) -{ - mbedtls_test_driver_mac_hooks.hits++; - - if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_test_driver_mac_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC) - mbedtls_test_driver_mac_hooks.driver_status = - libtestdriver1_mbedtls_psa_mac_sign_finish( - operation, mac, mac_size, mac_length); -#elif defined(MBEDTLS_PSA_BUILTIN_MAC) - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_psa_mac_sign_finish( - operation, mac, mac_size, mac_length); -#else - (void) operation; - (void) mac; - (void) mac_size; - (void) mac_length; - mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_mac_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_mac_verify_finish( - mbedtls_transparent_test_driver_mac_operation_t *operation, - const uint8_t *mac, - size_t mac_length) -{ - mbedtls_test_driver_mac_hooks.hits++; - - if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_test_driver_mac_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC) - mbedtls_test_driver_mac_hooks.driver_status = - libtestdriver1_mbedtls_psa_mac_verify_finish( - operation, mac, mac_length); -#elif defined(MBEDTLS_PSA_BUILTIN_MAC) - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_psa_mac_verify_finish( - operation, mac, mac_length); -#else - (void) operation; - (void) mac; - (void) mac_length; - mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_mac_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_mac_abort( - mbedtls_transparent_test_driver_mac_operation_t *operation) -{ - mbedtls_test_driver_mac_hooks.hits++; - - if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_test_driver_mac_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC) - mbedtls_test_driver_mac_hooks.driver_status = - libtestdriver1_mbedtls_psa_mac_abort(operation); -#elif defined(MBEDTLS_PSA_BUILTIN_MAC) - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_psa_mac_abort(operation); -#else - (void) operation; - mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_mac_hooks.driver_status; -} - -psa_status_t mbedtls_test_opaque_mac_compute( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *mac, - size_t mac_size, - size_t *mac_length) -{ - mbedtls_test_driver_mac_hooks.hits++; - - if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_test_driver_mac_hooks.forced_status; - } else { - (void) attributes; - (void) key_buffer; - (void) key_buffer_size; - (void) alg; - (void) input; - (void) input_length; - (void) mac; - (void) mac_size; - (void) mac_length; - mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; - } - - return mbedtls_test_driver_mac_hooks.driver_status; -} - -psa_status_t mbedtls_test_opaque_mac_sign_setup( - mbedtls_opaque_test_driver_mac_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg) -{ - mbedtls_test_driver_mac_hooks.hits++; - - if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_test_driver_mac_hooks.forced_status; - } else { - (void) operation; - (void) attributes; - (void) key_buffer; - (void) key_buffer_size; - (void) alg; - mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; - } - - return mbedtls_test_driver_mac_hooks.driver_status; -} - -psa_status_t mbedtls_test_opaque_mac_verify_setup( - mbedtls_opaque_test_driver_mac_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg) -{ - mbedtls_test_driver_mac_hooks.hits++; - - if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_test_driver_mac_hooks.forced_status; - } else { - (void) operation; - (void) attributes; - (void) key_buffer; - (void) key_buffer_size; - (void) alg; - mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; - } - - return mbedtls_test_driver_mac_hooks.driver_status; -} - -psa_status_t mbedtls_test_opaque_mac_update( - mbedtls_opaque_test_driver_mac_operation_t *operation, - const uint8_t *input, - size_t input_length) -{ - mbedtls_test_driver_mac_hooks.hits++; - - if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_test_driver_mac_hooks.forced_status; - } else { - (void) operation; - (void) input; - (void) input_length; - mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; - } - - return mbedtls_test_driver_mac_hooks.driver_status; -} - -psa_status_t mbedtls_test_opaque_mac_sign_finish( - mbedtls_opaque_test_driver_mac_operation_t *operation, - uint8_t *mac, - size_t mac_size, - size_t *mac_length) -{ - mbedtls_test_driver_mac_hooks.hits++; - - if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_test_driver_mac_hooks.forced_status; - } else { - (void) operation; - (void) mac; - (void) mac_size; - (void) mac_length; - mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; - } - - return mbedtls_test_driver_mac_hooks.driver_status; -} - -psa_status_t mbedtls_test_opaque_mac_verify_finish( - mbedtls_opaque_test_driver_mac_operation_t *operation, - const uint8_t *mac, - size_t mac_length) -{ - mbedtls_test_driver_mac_hooks.hits++; - - if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_test_driver_mac_hooks.forced_status; - } else { - (void) operation; - (void) mac; - (void) mac_length; - mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; - } - - return mbedtls_test_driver_mac_hooks.driver_status; -} - -psa_status_t mbedtls_test_opaque_mac_abort( - mbedtls_opaque_test_driver_mac_operation_t *operation) -{ - mbedtls_test_driver_mac_hooks.hits++; - - if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_test_driver_mac_hooks.forced_status; - } else { - (void) operation; - mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; - } - - return mbedtls_test_driver_mac_hooks.driver_status; -} - -#endif /* PSA_CRYPTO_DRIVER_TEST */ diff --git a/tests/src/drivers/test_driver_pake.c b/tests/src/drivers/test_driver_pake.c deleted file mode 100644 index c3ce326fe2..0000000000 --- a/tests/src/drivers/test_driver_pake.c +++ /dev/null @@ -1,206 +0,0 @@ -/* - * Test driver for PAKE entry points. - */ -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include - -#if defined(PSA_CRYPTO_DRIVER_TEST) -#include "psa_crypto_pake.h" - -#include "test/drivers/pake.h" -#include "string.h" - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) -#if MBEDTLS_VERSION_MAJOR < 4 -#include "libtestdriver1/library/psa_crypto_pake.h" -#else -#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_pake.h" -#endif -#endif - -mbedtls_test_driver_pake_hooks_t mbedtls_test_driver_pake_hooks = - MBEDTLS_TEST_DRIVER_PAKE_INIT; - - -psa_status_t mbedtls_test_transparent_pake_setup( - mbedtls_transparent_test_driver_pake_operation_t *operation, - const psa_crypto_driver_pake_inputs_t *inputs) -{ - mbedtls_test_driver_pake_hooks.hits.total++; - mbedtls_test_driver_pake_hooks.hits.setup++; - - if (mbedtls_test_driver_pake_hooks.forced_setup_status != PSA_SUCCESS) { - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_test_driver_pake_hooks.forced_setup_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - libtestdriver1_mbedtls_psa_pake_setup( - operation, (const libtestdriver1_psa_crypto_driver_pake_inputs_t *) inputs); -#elif defined(MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_psa_pake_setup( - operation, inputs); -#else - (void) operation; - (void) inputs; - mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_pake_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_pake_output( - mbedtls_transparent_test_driver_pake_operation_t *operation, - psa_crypto_driver_pake_step_t step, - uint8_t *output, - size_t output_size, - size_t *output_length) -{ - mbedtls_test_driver_pake_hooks.hits.total++; - mbedtls_test_driver_pake_hooks.hits.output++; - - if (mbedtls_test_driver_pake_hooks.forced_output != NULL) { - if (output_size < mbedtls_test_driver_pake_hooks.forced_output_length) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - - memcpy(output, - mbedtls_test_driver_pake_hooks.forced_output, - mbedtls_test_driver_pake_hooks.forced_output_length); - *output_length = mbedtls_test_driver_pake_hooks.forced_output_length; - - return mbedtls_test_driver_pake_hooks.forced_status; - } - - if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_test_driver_pake_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - libtestdriver1_mbedtls_psa_pake_output( - operation, (libtestdriver1_psa_crypto_driver_pake_step_t) step, - output, output_size, output_length); -#elif defined(MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_psa_pake_output( - operation, step, output, output_size, output_length); -#else - (void) operation; - (void) step; - (void) output; - (void) output_size; - (void) output_length; - mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_pake_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_pake_input( - mbedtls_transparent_test_driver_pake_operation_t *operation, - psa_crypto_driver_pake_step_t step, - const uint8_t *input, - size_t input_length) -{ - mbedtls_test_driver_pake_hooks.hits.total++; - mbedtls_test_driver_pake_hooks.hits.input++; - - if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_test_driver_pake_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - libtestdriver1_mbedtls_psa_pake_input( - operation, (libtestdriver1_psa_crypto_driver_pake_step_t) step, - input, input_length); -#elif defined(MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_psa_pake_input( - operation, step, input, input_length); -#else - (void) operation; - (void) step; - (void) input; - (void) input_length; - mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_pake_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_pake_get_implicit_key( - mbedtls_transparent_test_driver_pake_operation_t *operation, - uint8_t *output, size_t output_size, size_t *output_length) -{ - mbedtls_test_driver_pake_hooks.hits.total++; - mbedtls_test_driver_pake_hooks.hits.implicit_key++; - - if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_test_driver_pake_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - libtestdriver1_mbedtls_psa_pake_get_implicit_key( - operation, output, output_size, output_length); -#elif defined(MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_psa_pake_get_implicit_key( - operation, output, output_size, output_length); -#else - (void) operation; - (void) output; - (void) output_size; - (void) output_length; - mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_pake_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_pake_abort( - mbedtls_transparent_test_driver_pake_operation_t *operation) -{ - mbedtls_test_driver_pake_hooks.hits.total++; - mbedtls_test_driver_pake_hooks.hits.abort++; - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - libtestdriver1_mbedtls_psa_pake_abort( - operation); -#elif defined(MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_psa_pake_abort( - operation); -#else - (void) operation; - mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - - - if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS && - mbedtls_test_driver_pake_hooks.driver_status == PSA_SUCCESS) { - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_test_driver_pake_hooks.forced_status; - } - - - return mbedtls_test_driver_pake_hooks.driver_status; -} - -#endif /* PSA_CRYPTO_DRIVER_TEST */ diff --git a/tests/src/drivers/test_driver_signature.c b/tests/src/drivers/test_driver_signature.c deleted file mode 100644 index a6eef573b2..0000000000 --- a/tests/src/drivers/test_driver_signature.c +++ /dev/null @@ -1,410 +0,0 @@ -/* - * Test driver for signature functions. - * Currently supports signing and verifying precalculated hashes, using - * only deterministic ECDSA on curves secp256r1, secp384r1 and secp521r1. - */ -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include - -#if defined(PSA_CRYPTO_DRIVER_TEST) -#include "psa/crypto.h" -#include "psa_crypto_core.h" -#include "psa_crypto_ecp.h" -#include "psa_crypto_hash.h" -#include "psa_crypto_rsa.h" -#include "mbedtls/ecp.h" - -#include "test/drivers/hash.h" -#include "test/drivers/signature.h" -#include "test/drivers/hash.h" - -#include "mbedtls/ecdsa.h" - -#include "test/random.h" - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) -#if MBEDTLS_VERSION_MAJOR < 4 -#include "libtestdriver1/library/psa_crypto_ecp.h" -#include "libtestdriver1/library/psa_crypto_hash.h" -#include "libtestdriver1/library/psa_crypto_rsa.h" -#else -#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.h" -#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_hash.h" -#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_rsa.h" -#endif -#endif - -#include - -mbedtls_test_driver_signature_hooks_t - mbedtls_test_driver_signature_sign_hooks = MBEDTLS_TEST_DRIVER_SIGNATURE_INIT; -mbedtls_test_driver_signature_hooks_t - mbedtls_test_driver_signature_verify_hooks = MBEDTLS_TEST_DRIVER_SIGNATURE_INIT; - -psa_status_t sign_hash( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *hash, - size_t hash_length, - uint8_t *signature, - size_t signature_size, - size_t *signature_length) -{ - if (attributes->type == PSA_KEY_TYPE_RSA_KEY_PAIR) { - if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) || - PSA_ALG_IS_RSA_PSS(alg)) { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)) - return libtestdriver1_mbedtls_psa_rsa_sign_hash( - (const libtestdriver1_psa_key_attributes_t *) attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_size, signature_length); -#elif defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) - return mbedtls_psa_rsa_sign_hash( - attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_size, signature_length); -#endif - } else { - return PSA_ERROR_INVALID_ARGUMENT; - } - } else if (PSA_KEY_TYPE_IS_ECC(attributes->type)) { - if (PSA_ALG_IS_ECDSA(alg)) { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) - return libtestdriver1_mbedtls_psa_ecdsa_sign_hash( - (const libtestdriver1_psa_key_attributes_t *) attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_size, signature_length); -#elif defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) - return mbedtls_psa_ecdsa_sign_hash( - attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_size, signature_length); -#endif - } else { - return PSA_ERROR_INVALID_ARGUMENT; - } - } - - (void) attributes; - (void) key_buffer; - (void) key_buffer_size; - (void) alg; - (void) hash; - (void) hash_length; - (void) signature; - (void) signature_size; - (void) signature_length; - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t verify_hash( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *hash, - size_t hash_length, - const uint8_t *signature, - size_t signature_length) -{ - if (PSA_KEY_TYPE_IS_RSA(attributes->type)) { - if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) || - PSA_ALG_IS_RSA_PSS(alg)) { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)) - return libtestdriver1_mbedtls_psa_rsa_verify_hash( - (const libtestdriver1_psa_key_attributes_t *) attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_length); -#elif defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) - return mbedtls_psa_rsa_verify_hash( - attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_length); -#endif - } else { - return PSA_ERROR_INVALID_ARGUMENT; - } - } else if (PSA_KEY_TYPE_IS_ECC(attributes->type)) { - if (PSA_ALG_IS_ECDSA(alg)) { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) - return libtestdriver1_mbedtls_psa_ecdsa_verify_hash( - (const libtestdriver1_psa_key_attributes_t *) attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_length); -#elif defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) - return mbedtls_psa_ecdsa_verify_hash( - attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_length); -#endif - } else { - return PSA_ERROR_INVALID_ARGUMENT; - } - } - - (void) attributes; - (void) key_buffer; - (void) key_buffer_size; - (void) alg; - (void) hash; - (void) hash_length; - (void) signature; - (void) signature_length; - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_transparent_signature_sign_message( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *signature, - size_t signature_size, - size_t *signature_length) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t hash_length; - uint8_t hash[PSA_HASH_MAX_SIZE]; - - ++mbedtls_test_driver_signature_sign_hooks.hits; - - if (mbedtls_test_driver_signature_sign_hooks.forced_status != PSA_SUCCESS) { - return mbedtls_test_driver_signature_sign_hooks.forced_status; - } - - if (mbedtls_test_driver_signature_sign_hooks.forced_output != NULL) { - if (mbedtls_test_driver_signature_sign_hooks.forced_output_length > signature_size) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - - memcpy(signature, mbedtls_test_driver_signature_sign_hooks.forced_output, - mbedtls_test_driver_signature_sign_hooks.forced_output_length); - *signature_length = mbedtls_test_driver_signature_sign_hooks.forced_output_length; - - return PSA_SUCCESS; - } - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) - status = libtestdriver1_mbedtls_psa_hash_compute( - PSA_ALG_SIGN_GET_HASH(alg), input, input_length, - hash, sizeof(hash), &hash_length); -#elif defined(MBEDTLS_PSA_BUILTIN_HASH) - status = mbedtls_psa_hash_compute( - PSA_ALG_SIGN_GET_HASH(alg), input, input_length, - hash, sizeof(hash), &hash_length); -#else - (void) input; - (void) input_length; - status = PSA_ERROR_NOT_SUPPORTED; -#endif - if (status != PSA_SUCCESS) { - return status; - } - - return sign_hash(attributes, key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_size, signature_length); -} - -psa_status_t mbedtls_test_opaque_signature_sign_message( - const psa_key_attributes_t *attributes, - const uint8_t *key, - size_t key_length, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *signature, - size_t signature_size, - size_t *signature_length) -{ - (void) attributes; - (void) key; - (void) key_length; - (void) alg; - (void) input; - (void) input_length; - (void) signature; - (void) signature_size; - (void) signature_length; - - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_transparent_signature_verify_message( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - const uint8_t *signature, - size_t signature_length) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t hash_length; - uint8_t hash[PSA_HASH_MAX_SIZE]; - - ++mbedtls_test_driver_signature_verify_hooks.hits; - - if (mbedtls_test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS) { - return mbedtls_test_driver_signature_verify_hooks.forced_status; - } - -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) - status = libtestdriver1_mbedtls_psa_hash_compute( - PSA_ALG_SIGN_GET_HASH(alg), input, input_length, - hash, sizeof(hash), &hash_length); -#elif defined(MBEDTLS_PSA_BUILTIN_HASH) - status = mbedtls_psa_hash_compute( - PSA_ALG_SIGN_GET_HASH(alg), input, input_length, - hash, sizeof(hash), &hash_length); -#else - (void) input; - (void) input_length; - status = PSA_ERROR_NOT_SUPPORTED; -#endif - if (status != PSA_SUCCESS) { - return status; - } - - return verify_hash(attributes, key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_length); -} - -psa_status_t mbedtls_test_opaque_signature_verify_message( - const psa_key_attributes_t *attributes, - const uint8_t *key, - size_t key_length, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - const uint8_t *signature, - size_t signature_length) -{ - (void) attributes; - (void) key; - (void) key_length; - (void) alg; - (void) input; - (void) input_length; - (void) signature; - (void) signature_length; - - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_transparent_signature_sign_hash( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, size_t *signature_length) -{ - ++mbedtls_test_driver_signature_sign_hooks.hits; - - if (mbedtls_test_driver_signature_sign_hooks.forced_status != PSA_SUCCESS) { - return mbedtls_test_driver_signature_sign_hooks.forced_status; - } - - if (mbedtls_test_driver_signature_sign_hooks.forced_output != NULL) { - if (mbedtls_test_driver_signature_sign_hooks.forced_output_length > signature_size) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - memcpy(signature, mbedtls_test_driver_signature_sign_hooks.forced_output, - mbedtls_test_driver_signature_sign_hooks.forced_output_length); - *signature_length = mbedtls_test_driver_signature_sign_hooks.forced_output_length; - return PSA_SUCCESS; - } - - return sign_hash(attributes, key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_size, signature_length); -} - -psa_status_t mbedtls_test_opaque_signature_sign_hash( - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg, - const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, size_t *signature_length) -{ - (void) attributes; - (void) key; - (void) key_length; - (void) alg; - (void) hash; - (void) hash_length; - (void) signature; - (void) signature_size; - (void) signature_length; - - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_transparent_signature_verify_hash( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length) -{ - ++mbedtls_test_driver_signature_verify_hooks.hits; - - if (mbedtls_test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS) { - return mbedtls_test_driver_signature_verify_hooks.forced_status; - } - - return verify_hash(attributes, key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_length); -} - -psa_status_t mbedtls_test_opaque_signature_verify_hash( - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg, - const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length) -{ - (void) attributes; - (void) key; - (void) key_length; - (void) alg; - (void) hash; - (void) hash_length; - (void) signature; - (void) signature_length; - return PSA_ERROR_NOT_SUPPORTED; -} - -#endif /* PSA_CRYPTO_DRIVER_TEST */ diff --git a/tests/src/fake_external_rng_for_test.c b/tests/src/fake_external_rng_for_test.c deleted file mode 100644 index c0bfde51aa..0000000000 --- a/tests/src/fake_external_rng_for_test.c +++ /dev/null @@ -1,45 +0,0 @@ -/** \file fake_external_rng_for_test.c - * - * \brief Helper functions to test PSA crypto functionality. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include - -#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) -#include -#include - -static int test_insecure_external_rng_enabled = 0; - -void mbedtls_test_enable_insecure_external_rng(void) -{ - test_insecure_external_rng_enabled = 1; -} - -void mbedtls_test_disable_insecure_external_rng(void) -{ - test_insecure_external_rng_enabled = 0; -} - -psa_status_t mbedtls_psa_external_get_random( - mbedtls_psa_external_random_context_t *context, - uint8_t *output, size_t output_size, size_t *output_length) -{ - (void) context; - - if (!test_insecure_external_rng_enabled) { - return PSA_ERROR_INSUFFICIENT_ENTROPY; - } - - /* This implementation is for test purposes only! - * Use the libc non-cryptographic random generator. */ - mbedtls_test_rnd_std_rand(NULL, output, output_size); - *output_length = output_size; - return PSA_SUCCESS; -} -#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ diff --git a/tests/src/helpers.c b/tests/src/helpers.c deleted file mode 100644 index db50296e01..0000000000 --- a/tests/src/helpers.c +++ /dev/null @@ -1,720 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include -#include -#include -#include - -#if defined(MBEDTLS_PSA_INJECT_ENTROPY) -#include -#include -#endif - -#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_PSA_CRYPTO_C) -#include -#endif -#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C) -#include -#endif -#if defined(MBEDTLS_THREADING_C) -#include "mbedtls/threading.h" -#endif - -/*----------------------------------------------------------------------------*/ -/* Static global variables */ - -#if defined(MBEDTLS_PLATFORM_C) -static mbedtls_platform_context platform_ctx; -#endif - -static mbedtls_test_info_t mbedtls_test_info; - -#ifdef MBEDTLS_THREADING_C -mbedtls_threading_mutex_t mbedtls_test_info_mutex; -#endif /* MBEDTLS_THREADING_C */ - -/*----------------------------------------------------------------------------*/ -/* Mbedtls Test Info accessors - * - * NOTE - there are two types of accessors here: public accessors and internal - * accessors. The public accessors have prototypes in helpers.h and lock - * mbedtls_test_info_mutex (if mutexes are enabled). The _internal accessors, - * which are expected to be used from this module *only*, do not lock the mutex. - * These are designed to be called from within public functions which already - * hold the mutex. The main reason for this difference is the need to set - * multiple test data values atomically (without releasing the mutex) to prevent - * race conditions. */ - -mbedtls_test_result_t mbedtls_test_get_result(void) -{ - mbedtls_test_result_t result; - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - result = mbedtls_test_info.result; - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - return result; -} - -static void mbedtls_test_set_result_internal(mbedtls_test_result_t result, const char *test, - int line_no, const char *filename) -{ - /* Internal function only - mbedtls_test_info_mutex should be held prior - * to calling this function. */ - - mbedtls_test_info.result = result; - mbedtls_test_info.test = test; - mbedtls_test_info.line_no = line_no; - mbedtls_test_info.filename = filename; -} - -const char *mbedtls_test_get_test(void) -{ - const char *test; - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - test = mbedtls_test_info.test; - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - return test; -} -const char *mbedtls_get_test_filename(void) -{ - const char *filename; - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - /* It should be ok just to pass back the pointer here, as it is going to - * be a pointer into non changing data. */ - filename = mbedtls_test_info.filename; - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - return filename; -} - -int mbedtls_test_get_line_no(void) -{ - int line_no; - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - line_no = mbedtls_test_info.line_no; - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - return line_no; -} - -void mbedtls_test_increment_step(void) -{ -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - ++mbedtls_test_info.step; - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ -} - -unsigned long mbedtls_test_get_step(void) -{ - unsigned long step; - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - step = mbedtls_test_info.step; - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - return step; -} - -static void mbedtls_test_reset_step_internal(void) -{ - /* Internal function only - mbedtls_test_info_mutex should be held prior - * to calling this function. */ - - mbedtls_test_info.step = (unsigned long) (-1); -} - -void mbedtls_test_set_step(unsigned long step) -{ -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - mbedtls_test_info.step = step; - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ -} - -void mbedtls_test_get_line1(char *line) -{ -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - memcpy(line, mbedtls_test_info.line1, MBEDTLS_TEST_LINE_LENGTH); - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ -} - -static void mbedtls_test_set_line1_internal(const char *line) -{ - /* Internal function only - mbedtls_test_info_mutex should be held prior - * to calling this function. */ - - if (line == NULL) { - memset(mbedtls_test_info.line1, 0, MBEDTLS_TEST_LINE_LENGTH); - } else { - memcpy(mbedtls_test_info.line1, line, MBEDTLS_TEST_LINE_LENGTH); - } -} - -void mbedtls_test_get_line2(char *line) -{ -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - memcpy(line, mbedtls_test_info.line2, MBEDTLS_TEST_LINE_LENGTH); - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ -} - -static void mbedtls_test_set_line2_internal(const char *line) -{ - /* Internal function only - mbedtls_test_info_mutex should be held prior - * to calling this function. */ - - if (line == NULL) { - memset(mbedtls_test_info.line2, 0, MBEDTLS_TEST_LINE_LENGTH); - } else { - memcpy(mbedtls_test_info.line2, line, MBEDTLS_TEST_LINE_LENGTH); - } -} - - -#if defined(MBEDTLS_TEST_MUTEX_USAGE) -const char *mbedtls_test_get_mutex_usage_error(void) -{ - const char *usage_error; - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - usage_error = mbedtls_test_info.mutex_usage_error; - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - return usage_error; -} - -void mbedtls_test_set_mutex_usage_error(const char *msg) -{ -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - if (mbedtls_test_info.mutex_usage_error == NULL || msg == NULL) { - mbedtls_test_info.mutex_usage_error = msg; - } - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ -} -#endif // #if defined(MBEDTLS_TEST_MUTEX_USAGE) - -#if defined(MBEDTLS_BIGNUM_C) - -unsigned mbedtls_test_get_case_uses_negative_0(void) -{ - unsigned test_case_uses_negative_0 = 0; -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - test_case_uses_negative_0 = mbedtls_test_info.case_uses_negative_0; - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - return test_case_uses_negative_0; -} - -static void mbedtls_test_set_case_uses_negative_0_internal(unsigned uses) -{ - /* Internal function only - mbedtls_test_info_mutex should be held prior - * to calling this function. */ - - mbedtls_test_info.case_uses_negative_0 = uses; -} - -void mbedtls_test_increment_case_uses_negative_0(void) -{ -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - ++mbedtls_test_info.case_uses_negative_0; - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ -} - -#endif /* MBEDTLS_BIGNUM_C */ - -#ifdef MBEDTLS_TEST_MUTEX_USAGE -mbedtls_threading_mutex_t *mbedtls_test_get_info_mutex(void) -{ - return &mbedtls_test_info_mutex; -} - -#endif /* MBEDTLS_TEST_MUTEX_USAGE */ - -/*----------------------------------------------------------------------------*/ -/* Helper Functions */ - -int mbedtls_test_platform_setup(void) -{ - int ret = 0; - -#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_PSA_CRYPTO_C) \ - && !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) \ - && defined(MBEDTLS_TEST_MEMORY_CAN_POISON) - mbedtls_poison_test_hooks_setup(); -#endif - -#if defined(MBEDTLS_PSA_INJECT_ENTROPY) - /* Make sure that injected entropy is present. Otherwise - * psa_crypto_init() will fail. This is not necessary for test suites - * that don't use PSA, but it's harmless (except for leaving a file - * behind). */ - ret = mbedtls_test_inject_entropy_restore(); - if (ret != 0) { - return ret; - } -#endif - -#if defined(MBEDTLS_PLATFORM_C) - ret = mbedtls_platform_setup(&platform_ctx); -#endif /* MBEDTLS_PLATFORM_C */ - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_init(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - -#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C) - mbedtls_codepath_test_hooks_setup(); -#endif /* MBEDTLS_TEST_HOOKS && !MBEDTLS_THREADING_C */ - - return ret; -} - -void mbedtls_test_platform_teardown(void) -{ -#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_PSA_CRYPTO_C) \ - && !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) \ - && defined(MBEDTLS_TEST_MEMORY_CAN_POISON) - mbedtls_poison_test_hooks_teardown(); -#endif -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_free(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - -#if defined(MBEDTLS_PLATFORM_C) - mbedtls_platform_teardown(&platform_ctx); -#endif /* MBEDTLS_PLATFORM_C */ - -#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C) - mbedtls_codepath_test_hooks_teardown(); -#endif /* MBEDTLS_TEST_HOOKS && !MBEDTLS_THREADING_C */ -} - -int mbedtls_test_ascii2uc(const char c, unsigned char *uc) -{ - if ((c >= '0') && (c <= '9')) { - *uc = c - '0'; - } else if ((c >= 'a') && (c <= 'f')) { - *uc = c - 'a' + 10; - } else if ((c >= 'A') && (c <= 'F')) { - *uc = c - 'A' + 10; - } else { - return -1; - } - - return 0; -} - -static void mbedtls_test_fail_internal(const char *test, int line_no, const char *filename) -{ - /* Internal function only - mbedtls_test_info_mutex should be held prior - * to calling this function. */ - - /* Don't use accessor, we already hold mutex. */ - if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) { - /* If we have already recorded the test as having failed then don't - * overwrite any previous information about the failure. */ - mbedtls_test_set_result_internal(MBEDTLS_TEST_RESULT_FAILED, test, line_no, filename); - } -} - -void mbedtls_test_fail(const char *test, int line_no, const char *filename) -{ -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - mbedtls_test_fail_internal(test, line_no, filename); - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ -} - -void mbedtls_test_skip(const char *test, int line_no, const char *filename) -{ -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - mbedtls_test_set_result_internal(MBEDTLS_TEST_RESULT_SKIPPED, test, line_no, filename); - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ -} - -void mbedtls_test_info_reset(void) -{ -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - mbedtls_test_set_result_internal(MBEDTLS_TEST_RESULT_SUCCESS, 0, 0, 0); - mbedtls_test_reset_step_internal(); - mbedtls_test_set_line1_internal(NULL); - mbedtls_test_set_line2_internal(NULL); - -#if defined(MBEDTLS_BIGNUM_C) - mbedtls_test_set_case_uses_negative_0_internal(0); -#endif - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ -} - -int mbedtls_test_equal(const char *test, int line_no, const char *filename, - unsigned long long value1, unsigned long long value2) -{ - TEST_CF_PUBLIC(&value1, sizeof(value1)); - TEST_CF_PUBLIC(&value2, sizeof(value2)); - - if (value1 == value2) { - return 1; - } - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - /* Don't use accessor, as we already hold mutex. */ - if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) { - /* If we've already recorded the test as having failed then don't - * overwrite any previous information about the failure. */ - - char buf[MBEDTLS_TEST_LINE_LENGTH]; - mbedtls_test_fail_internal(test, line_no, filename); - (void) mbedtls_snprintf(buf, sizeof(buf), - "lhs = 0x%016llx = %lld", - value1, (long long) value1); - mbedtls_test_set_line1_internal(buf); - (void) mbedtls_snprintf(buf, sizeof(buf), - "rhs = 0x%016llx = %lld", - value2, (long long) value2); - mbedtls_test_set_line2_internal(buf); - } - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - return 0; -} - -int mbedtls_test_le_u(const char *test, int line_no, const char *filename, - unsigned long long value1, unsigned long long value2) -{ - TEST_CF_PUBLIC(&value1, sizeof(value1)); - TEST_CF_PUBLIC(&value2, sizeof(value2)); - - if (value1 <= value2) { - return 1; - } - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - /* Don't use accessor, we already hold mutex. */ - if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) { - /* If we've already recorded the test as having failed then don't - * overwrite any previous information about the failure. */ - - char buf[MBEDTLS_TEST_LINE_LENGTH]; - mbedtls_test_fail_internal(test, line_no, filename); - (void) mbedtls_snprintf(buf, sizeof(buf), - "lhs = 0x%016llx = %llu", - value1, value1); - mbedtls_test_set_line1_internal(buf); - (void) mbedtls_snprintf(buf, sizeof(buf), - "rhs = 0x%016llx = %llu", - value2, value2); - mbedtls_test_set_line2_internal(buf); - } - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - return 0; -} - -int mbedtls_test_le_s(const char *test, int line_no, const char *filename, - long long value1, long long value2) -{ - TEST_CF_PUBLIC(&value1, sizeof(value1)); - TEST_CF_PUBLIC(&value2, sizeof(value2)); - - if (value1 <= value2) { - return 1; - } - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - /* Don't use accessor, we already hold mutex. */ - if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) { - /* If we've already recorded the test as having failed then don't - * overwrite any previous information about the failure. */ - - char buf[MBEDTLS_TEST_LINE_LENGTH]; - mbedtls_test_fail_internal(test, line_no, filename); - (void) mbedtls_snprintf(buf, sizeof(buf), - "lhs = 0x%016llx = %lld", - (unsigned long long) value1, value1); - mbedtls_test_set_line1_internal(buf); - (void) mbedtls_snprintf(buf, sizeof(buf), - "rhs = 0x%016llx = %lld", - (unsigned long long) value2, value2); - mbedtls_test_set_line2_internal(buf); - } - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ - - return 0; -} - -int mbedtls_test_unhexify(unsigned char *obuf, - size_t obufmax, - const char *ibuf, - size_t *len) -{ - unsigned char uc, uc2; - - *len = strlen(ibuf); - - /* Must be even number of bytes. */ - if ((*len) & 1) { - return -1; - } - *len /= 2; - - if ((*len) > obufmax) { - return -1; - } - - while (*ibuf != 0) { - if (mbedtls_test_ascii2uc(*(ibuf++), &uc) != 0) { - return -1; - } - - if (mbedtls_test_ascii2uc(*(ibuf++), &uc2) != 0) { - return -1; - } - - *(obuf++) = (uc << 4) | uc2; - } - - return 0; -} - -void mbedtls_test_hexify(unsigned char *obuf, - const unsigned char *ibuf, - int len) -{ - unsigned char l, h; - - while (len != 0) { - h = *ibuf / 16; - l = *ibuf % 16; - - if (h < 10) { - *obuf++ = '0' + h; - } else { - *obuf++ = 'a' + h - 10; - } - - if (l < 10) { - *obuf++ = '0' + l; - } else { - *obuf++ = 'a' + l - 10; - } - - ++ibuf; - len--; - } -} - -unsigned char *mbedtls_test_zero_alloc(size_t len) -{ - void *p; - size_t actual_len = (len != 0) ? len : 1; - - p = mbedtls_calloc(1, actual_len); - TEST_HELPER_ASSERT(p != NULL); - - memset(p, 0x00, actual_len); - - return p; -} - -unsigned char *mbedtls_test_unhexify_alloc(const char *ibuf, size_t *olen) -{ - unsigned char *obuf; - size_t len; - - *olen = strlen(ibuf) / 2; - - if (*olen == 0) { - return mbedtls_test_zero_alloc(*olen); - } - - obuf = mbedtls_calloc(1, *olen); - TEST_HELPER_ASSERT(obuf != NULL); - TEST_HELPER_ASSERT(mbedtls_test_unhexify(obuf, *olen, ibuf, &len) == 0); - - return obuf; -} - -int mbedtls_test_hexcmp(uint8_t *a, uint8_t *b, - uint32_t a_len, uint32_t b_len) -{ - int ret = 0; - uint32_t i = 0; - - if (a_len != b_len) { - return -1; - } - - for (i = 0; i < a_len; i++) { - if (a[i] != b[i]) { - ret = -1; - break; - } - } - return ret; -} - -#if defined(MBEDTLS_TEST_HOOKS) -void mbedtls_test_err_add_check(int high, int low, - const char *file, int line) -{ - /* Error codes are always negative (a value of zero is a success) however - * their positive opposites can be easier to understand. The following - * examples given in comments have been made positive for ease of - * understanding. The structure of an error code is such: - * - * shhhhhhhhlllllll - * - * s = sign bit. - * h = high level error code (includes high level module ID (bits 12..14) - * and module-dependent error code (bits 7..11)). - * l = low level error code. - */ - if (high > -0x1000 && high != 0) { - /* high < 0001000000000000 - * No high level module ID bits are set. - */ - mbedtls_test_fail("'high' is not a high-level error code", - line, file); - } else if (high < -0x7F80) { - /* high > 0111111110000000 - * Error code is greater than the largest allowed high level module ID. - */ - mbedtls_test_fail("'high' error code is greater than 15 bits", - line, file); - } else if ((high & 0x7F) != 0) { - /* high & 0000000001111111 - * Error code contains low level error code bits. - */ - mbedtls_test_fail("'high' contains a low-level error code", - line, file); - } else if (low < -0x007F) { - /* low > 0000000001111111 - * Error code contains high or module level error code bits. - */ - mbedtls_test_fail("'low' error code is greater than 7 bits", - line, file); - } else if (low > 0) { - mbedtls_test_fail("'low' error code is greater than zero", - line, file); - } -} -#endif /* MBEDTLS_TEST_HOOKS */ diff --git a/tests/src/psa_crypto_helpers.c b/tests/src/psa_crypto_helpers.c deleted file mode 100644 index 197fd41980..0000000000 --- a/tests/src/psa_crypto_helpers.c +++ /dev/null @@ -1,205 +0,0 @@ -/** \file psa_crypto_helpers.c - * - * \brief Helper functions to test PSA crypto functionality. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include -#include -#include -#include - -#if defined(MBEDTLS_CTR_DRBG_C) -#include -#endif - -#if defined(MBEDTLS_PSA_CRYPTO_C) - -#include - -#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) - -#include - -static mbedtls_svc_key_id_t key_ids_used_in_test[9]; -static size_t num_key_ids_used; - -int mbedtls_test_uses_key_id(mbedtls_svc_key_id_t key_id) -{ - size_t i; - if (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key_id) > - PSA_MAX_PERSISTENT_KEY_IDENTIFIER) { - /* Don't touch key id values that designate non-key files. */ - return 1; - } - for (i = 0; i < num_key_ids_used; i++) { - if (mbedtls_svc_key_id_equal(key_id, key_ids_used_in_test[i])) { - return 1; - } - } - if (num_key_ids_used == ARRAY_LENGTH(key_ids_used_in_test)) { - return 0; - } - key_ids_used_in_test[num_key_ids_used] = key_id; - ++num_key_ids_used; - return 1; -} - -void mbedtls_test_psa_purge_key_storage(void) -{ - size_t i; - for (i = 0; i < num_key_ids_used; i++) { - psa_destroy_persistent_key(key_ids_used_in_test[i]); - } - num_key_ids_used = 0; -} - -void mbedtls_test_psa_purge_key_cache(void) -{ - size_t i; - for (i = 0; i < num_key_ids_used; i++) { - psa_purge_key(key_ids_used_in_test[i]); - } -} - -#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ - -const char *mbedtls_test_helper_is_psa_leaking(void) -{ - mbedtls_psa_stats_t stats; - - mbedtls_psa_get_stats(&stats); - - /* Some volatile slots may be used for internal purposes. Generally - * we'll have exactly MBEDTLS_TEST_PSA_INTERNAL_KEYS at this point, - * but in some cases we might have less, e.g. if a code path calls - * PSA_DONE more than once, or if there has only been a partial or - * failed initialization. */ - if (stats.volatile_slots > MBEDTLS_TEST_PSA_INTERNAL_KEYS) { - return "A volatile slot has not been closed properly."; - } - if (stats.persistent_slots != 0) { - return "A persistent slot has not been closed properly."; - } - if (stats.external_slots != 0) { - return "An external slot has not been closed properly."; - } - if (stats.half_filled_slots != 0) { - return "A half-filled slot has not been cleared properly."; - } - if (stats.locked_slots != 0) { - return "Some slots are still marked as locked."; - } - - return NULL; -} - -#if defined(RECORD_PSA_STATUS_COVERAGE_LOG) -/** Name of the file where return statuses are logged by #RECORD_STATUS. */ -#define STATUS_LOG_FILE_NAME "statuses.log" - -psa_status_t mbedtls_test_record_status(psa_status_t status, - const char *func, - const char *file, int line, - const char *expr) -{ - /* We open the log file on first use. - * We never close the log file, so the record_status feature is not - * compatible with resource leak detectors such as Asan. - */ - static FILE *log; - if (log == NULL) { - log = fopen(STATUS_LOG_FILE_NAME, "a"); - } - fprintf(log, "%d:%s:%s:%d:%s\n", (int) status, func, file, line, expr); - return status; -} -#endif /* defined(RECORD_PSA_STATUS_COVERAGE_LOG) */ - -psa_key_usage_t mbedtls_test_update_key_usage_flags(psa_key_usage_t usage_flags) -{ - psa_key_usage_t updated_usage = usage_flags; - - if (usage_flags & PSA_KEY_USAGE_SIGN_HASH) { - updated_usage |= PSA_KEY_USAGE_SIGN_MESSAGE; - } - - if (usage_flags & PSA_KEY_USAGE_VERIFY_HASH) { - updated_usage |= PSA_KEY_USAGE_VERIFY_MESSAGE; - } - - return updated_usage; -} - -int mbedtls_test_fail_if_psa_leaking(int line_no, const char *filename) -{ - const char *msg = mbedtls_test_helper_is_psa_leaking(); - if (msg == NULL) { - return 0; - } else { - mbedtls_test_fail(msg, line_no, filename); - return 1; - } -} - -uint64_t mbedtls_test_parse_binary_string(data_t *bin_string) -{ - uint64_t result = 0; - TEST_LE_U(bin_string->len, 8); - for (size_t i = 0; i < bin_string->len; i++) { - result = result << 8 | bin_string->x[i]; - } -exit: - return result; /* returns 0 if len > 8 */ -} - -#if defined(MBEDTLS_PSA_INJECT_ENTROPY) - -#include -#include - -int mbedtls_test_inject_entropy_seed_read(unsigned char *buf, size_t len) -{ - size_t actual_len = 0; - psa_status_t status = psa_its_get(PSA_CRYPTO_ITS_RANDOM_SEED_UID, - 0, len, buf, &actual_len); - if (status != 0) { - return MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR; - } - if (actual_len != len) { - return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; - } - return 0; -} - -int mbedtls_test_inject_entropy_seed_write(unsigned char *buf, size_t len) -{ - psa_status_t status = psa_its_set(PSA_CRYPTO_ITS_RANDOM_SEED_UID, - len, buf, 0); - if (status != 0) { - return MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR; - } - return 0; -} - -int mbedtls_test_inject_entropy_restore(void) -{ - unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE]; - for (size_t i = 0; i < sizeof(buf); i++) { - buf[i] = (unsigned char) i; - } - psa_status_t status = mbedtls_psa_inject_entropy(buf, sizeof(buf)); - /* It's ok if the file was just created, or if it already exists. */ - if (status != PSA_SUCCESS && status != PSA_ERROR_NOT_PERMITTED) { - return status; - } - return PSA_SUCCESS; -} - -#endif /* MBEDTLS_PSA_INJECT_ENTROPY */ - -#endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/tests/src/psa_crypto_stubs.c b/tests/src/psa_crypto_stubs.c deleted file mode 100644 index 81d7f4b328..0000000000 --- a/tests/src/psa_crypto_stubs.c +++ /dev/null @@ -1,75 +0,0 @@ -/** \file psa_crypto_stubs.c - * - * \brief Stub functions when MBEDTLS_PSA_CRYPTO_CLIENT is enabled but - * MBEDTLS_PSA_CRYPTO_C is disabled. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include - -#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C) - -psa_status_t psa_generate_random(uint8_t *output, - size_t output_size) -{ - (void) output; - (void) output_size; - - return PSA_ERROR_COMMUNICATION_FAILURE; -} - -psa_status_t psa_export_key(mbedtls_svc_key_id_t key, - uint8_t *data, - size_t data_size, - size_t *data_length) -{ - (void) key; - (void) data; - (void) data_size; - (void) data_length; - return PSA_ERROR_COMMUNICATION_FAILURE; -} - -psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key, - uint8_t *data, - size_t data_size, - size_t *data_length) -{ - (void) key; - (void) data; - (void) data_size; - (void) data_length; - return PSA_ERROR_COMMUNICATION_FAILURE; -} - -psa_status_t psa_get_key_attributes(mbedtls_svc_key_id_t key, - psa_key_attributes_t *attributes) -{ - (void) key; - (void) attributes; - return PSA_ERROR_COMMUNICATION_FAILURE; -} - -psa_status_t psa_hash_abort(psa_hash_operation_t *operation) -{ - (void) operation; - return PSA_ERROR_COMMUNICATION_FAILURE; -} - -psa_status_t psa_import_key(const psa_key_attributes_t *attributes, - const uint8_t *data, - size_t data_length, - mbedtls_svc_key_id_t *key) -{ - (void) attributes; - (void) data; - (void) data_length; - (void) key; - return PSA_ERROR_COMMUNICATION_FAILURE; -} - -#endif /* MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C */ diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c deleted file mode 100644 index 032c489201..0000000000 --- a/tests/src/psa_exercise_key.c +++ /dev/null @@ -1,1336 +0,0 @@ -/** Code to exercise a PSA key object, i.e. validate that it seems well-formed - * and can do what it is supposed to do. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include -#include -#include - -#if (MBEDTLS_VERSION_MAJOR < 4 && defined(MBEDTLS_PSA_CRYPTO_C)) || \ - (MBEDTLS_VERSION_MAJOR >= 4 && defined(MBEDTLS_PSA_CRYPTO_CLIENT)) - -#include -#include - -#include -#include -#include - -#if defined(MBEDTLS_PK_C) -#include -#endif -#if defined(MBEDTLS_ECP_C) -#include -#endif -#if defined(MBEDTLS_RSA_C) -#include -#endif - -#if defined(MBEDTLS_PSA_CRYPTO_SE_C) -static int lifetime_is_dynamic_secure_element(psa_key_lifetime_t lifetime) -{ - return PSA_KEY_LIFETIME_GET_LOCATION(lifetime) != - PSA_KEY_LOCATION_LOCAL_STORAGE; -} -#endif - -static int check_key_attributes_sanity(mbedtls_svc_key_id_t key, - int key_destroyable) -{ - int ok = 0; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_lifetime_t lifetime; - mbedtls_svc_key_id_t id; - psa_key_type_t type; - size_t bits; - psa_status_t status = psa_get_key_attributes(key, &attributes); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - psa_reset_key_attributes(&attributes); - return 1; - } - PSA_ASSERT(status); - lifetime = psa_get_key_lifetime(&attributes); - id = psa_get_key_id(&attributes); - type = psa_get_key_type(&attributes); - bits = psa_get_key_bits(&attributes); - - /* Persistence */ - if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)) { - TEST_ASSERT( - (PSA_KEY_ID_VOLATILE_MIN <= - MBEDTLS_SVC_KEY_ID_GET_KEY_ID(id)) && - (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(id) <= - PSA_KEY_ID_VOLATILE_MAX)); - } else { - TEST_ASSERT( - (PSA_KEY_ID_USER_MIN <= MBEDTLS_SVC_KEY_ID_GET_KEY_ID(id)) && - (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(id) <= PSA_KEY_ID_USER_MAX)); - } -#if defined(MBEDTLS_PSA_CRYPTO_SE_C) - /* MBEDTLS_PSA_CRYPTO_SE_C does not support thread safety. */ - if (key_destroyable == 0) { - /* randomly-generated 64-bit constant, should never appear in test data */ - psa_key_slot_number_t slot_number = 0xec94d4a5058a1a21; - status = psa_get_key_slot_number(&attributes, &slot_number); - if (lifetime_is_dynamic_secure_element(lifetime)) { - /* Mbed TLS currently always exposes the slot number to - * applications. This is not mandated by the PSA specification - * and may change in future versions. */ - TEST_EQUAL(status, 0); - TEST_ASSERT(slot_number != 0xec94d4a5058a1a21); - } else { - TEST_EQUAL(status, PSA_ERROR_INVALID_ARGUMENT); - } - } -#endif - - /* Type and size */ - TEST_ASSERT(type != 0); - TEST_ASSERT(bits != 0); - TEST_ASSERT(bits <= PSA_MAX_KEY_BITS); - if (PSA_KEY_TYPE_IS_UNSTRUCTURED(type)) { - TEST_ASSERT(bits % 8 == 0); - } - - /* MAX macros concerning specific key types */ - if (PSA_KEY_TYPE_IS_ECC(type)) { - TEST_ASSERT(bits <= PSA_VENDOR_ECC_MAX_CURVE_BITS); - } else if (PSA_KEY_TYPE_IS_RSA(type)) { - TEST_ASSERT(bits <= PSA_VENDOR_RSA_MAX_KEY_BITS); - } - TEST_ASSERT(PSA_BLOCK_CIPHER_BLOCK_LENGTH(type) <= PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE); - - ok = 1; - -exit: - /* - * Key attributes may have been returned by psa_get_key_attributes() - * thus reset them as required. - */ - psa_reset_key_attributes(&attributes); - - return ok; -} - -static int exercise_mac_key(mbedtls_svc_key_id_t key, - psa_key_usage_t usage, - psa_algorithm_t alg, - int key_destroyable) -{ - psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; - const unsigned char input[] = "foo"; - unsigned char mac[PSA_MAC_MAX_SIZE] = { 0 }; - size_t mac_length = sizeof(mac); - psa_status_t status = PSA_SUCCESS; - /* Convert wildcard algorithm to exercisable algorithm */ - if (alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) { - alg = PSA_ALG_TRUNCATED_MAC(alg, PSA_MAC_TRUNCATED_LENGTH(alg)); - } - - if (usage & PSA_KEY_USAGE_SIGN_HASH) { - status = psa_mac_sign_setup(&operation, key, alg); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - PSA_ASSERT(psa_mac_abort(&operation)); - return 1; - } - PSA_ASSERT(status); - PSA_ASSERT(psa_mac_update(&operation, - input, sizeof(input))); - PSA_ASSERT(psa_mac_sign_finish(&operation, - mac, sizeof(mac), - &mac_length)); - } - - if (usage & PSA_KEY_USAGE_VERIFY_HASH) { - psa_status_t verify_status = - (usage & PSA_KEY_USAGE_SIGN_HASH ? - PSA_SUCCESS : - PSA_ERROR_INVALID_SIGNATURE); - status = psa_mac_verify_setup(&operation, key, alg); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - PSA_ASSERT(psa_mac_abort(&operation)); - return 1; - } - PSA_ASSERT(status); - PSA_ASSERT(psa_mac_update(&operation, - input, sizeof(input))); - TEST_EQUAL(psa_mac_verify_finish(&operation, mac, mac_length), - verify_status); - } - - return 1; - -exit: - psa_mac_abort(&operation); - return 0; -} - -static int exercise_cipher_key(mbedtls_svc_key_id_t key, - psa_key_usage_t usage, - psa_algorithm_t alg, - int key_destroyable) -{ - psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; - unsigned char iv[PSA_CIPHER_IV_MAX_SIZE] = { 0 }; - size_t iv_length; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_type_t key_type; - const unsigned char plaintext[16] = "Hello, world..."; - unsigned char ciphertext[32] = "(wabblewebblewibblewobblewubble)"; - size_t ciphertext_length = sizeof(ciphertext); - unsigned char decrypted[sizeof(ciphertext)]; - size_t part_length; - psa_status_t status = PSA_SUCCESS; - - PSA_ASSERT(psa_get_key_attributes(key, &attributes)); - key_type = psa_get_key_type(&attributes); - iv_length = PSA_CIPHER_IV_LENGTH(key_type, alg); - - if (usage & PSA_KEY_USAGE_ENCRYPT) { - status = psa_cipher_encrypt_setup(&operation, key, alg); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - PSA_ASSERT(psa_cipher_abort(&operation)); - return 1; - } - PSA_ASSERT(status); - if (iv_length != 0) { - PSA_ASSERT(psa_cipher_generate_iv(&operation, - iv, sizeof(iv), - &iv_length)); - } - PSA_ASSERT(psa_cipher_update(&operation, - plaintext, sizeof(plaintext), - ciphertext, sizeof(ciphertext), - &ciphertext_length)); - PSA_ASSERT(psa_cipher_finish(&operation, - ciphertext + ciphertext_length, - sizeof(ciphertext) - ciphertext_length, - &part_length)); - ciphertext_length += part_length; - } - - if (usage & PSA_KEY_USAGE_DECRYPT) { - int maybe_invalid_padding = 0; - if (!(usage & PSA_KEY_USAGE_ENCRYPT)) { - maybe_invalid_padding = !PSA_ALG_IS_STREAM_CIPHER(alg); - } - status = psa_cipher_decrypt_setup(&operation, key, alg); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - PSA_ASSERT(psa_cipher_abort(&operation)); - return 1; - } - PSA_ASSERT(status); - if (iv_length != 0) { - PSA_ASSERT(psa_cipher_set_iv(&operation, - iv, iv_length)); - } - PSA_ASSERT(psa_cipher_update(&operation, - ciphertext, ciphertext_length, - decrypted, sizeof(decrypted), - &part_length)); - status = psa_cipher_finish(&operation, - decrypted + part_length, - sizeof(decrypted) - part_length, - &part_length); - /* For a stream cipher, all inputs are valid. For a block cipher, - * if the input is some arbitrary data rather than an actual - ciphertext, a padding error is likely. */ - if (maybe_invalid_padding) { - TEST_ASSERT(status == PSA_SUCCESS || - status == PSA_ERROR_INVALID_PADDING); - } else { - PSA_ASSERT(status); - } - } - - return 1; - -exit: - psa_cipher_abort(&operation); - psa_reset_key_attributes(&attributes); - return 0; -} - -static int exercise_aead_key(mbedtls_svc_key_id_t key, - psa_key_usage_t usage, - psa_algorithm_t alg, - int key_destroyable) -{ - unsigned char nonce[PSA_AEAD_NONCE_MAX_SIZE] = { 0 }; - size_t nonce_length; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_type_t key_type; - unsigned char plaintext[16] = "Hello, world..."; - unsigned char ciphertext[48] = "(wabblewebblewibblewobblewubble)"; - size_t ciphertext_length = sizeof(ciphertext); - size_t plaintext_length = sizeof(ciphertext); - psa_status_t status = PSA_SUCCESS; - - /* Convert wildcard algorithm to exercisable algorithm */ - if (alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) { - alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg, PSA_ALG_AEAD_GET_TAG_LENGTH(alg)); - } - - PSA_ASSERT(psa_get_key_attributes(key, &attributes)); - key_type = psa_get_key_type(&attributes); - nonce_length = PSA_AEAD_NONCE_LENGTH(key_type, alg); - - if (usage & PSA_KEY_USAGE_ENCRYPT) { - status = psa_aead_encrypt(key, alg, - nonce, nonce_length, - NULL, 0, - plaintext, sizeof(plaintext), - ciphertext, sizeof(ciphertext), - &ciphertext_length); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - return 1; - } - PSA_ASSERT(status); - } - - if (usage & PSA_KEY_USAGE_DECRYPT) { - psa_status_t verify_status = - (usage & PSA_KEY_USAGE_ENCRYPT ? - PSA_SUCCESS : - PSA_ERROR_INVALID_SIGNATURE); - status = psa_aead_decrypt(key, alg, - nonce, nonce_length, - NULL, 0, - ciphertext, ciphertext_length, - plaintext, sizeof(plaintext), - &plaintext_length); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - return 1; - } - TEST_ASSERT(status == verify_status); - } - - return 1; - -exit: - psa_reset_key_attributes(&attributes); - return 0; -} - -static int can_sign_or_verify_message(psa_key_usage_t usage, - psa_algorithm_t alg) -{ - /* Sign-the-unspecified-hash algorithms can only be used with - * {sign,verify}_hash, not with {sign,verify}_message. */ - if (alg == PSA_ALG_ECDSA_ANY || alg == PSA_ALG_RSA_PKCS1V15_SIGN_RAW) { - return 0; - } - return usage & (PSA_KEY_USAGE_SIGN_MESSAGE | - PSA_KEY_USAGE_VERIFY_MESSAGE); -} - -static int exercise_signature_key(mbedtls_svc_key_id_t key, - psa_key_usage_t usage, - psa_algorithm_t alg, - int key_destroyable) -{ - /* If the policy allows signing with any hash, just pick one. */ - psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg); - if (PSA_ALG_IS_SIGN_HASH(alg) && hash_alg == PSA_ALG_ANY_HASH && - usage & (PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | - PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE)) { -#if defined(KNOWN_SUPPORTED_HASH_ALG) - hash_alg = KNOWN_SUPPORTED_HASH_ALG; - alg ^= PSA_ALG_ANY_HASH ^ hash_alg; -#else - TEST_FAIL("No hash algorithm for hash-and-sign testing"); -#endif - } - psa_status_t status = PSA_SUCCESS; - - if (usage & (PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH) && - PSA_ALG_IS_SIGN_HASH(alg)) { - unsigned char payload[PSA_HASH_MAX_SIZE] = { 1 }; - size_t payload_length = 16; - unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = { 0 }; - size_t signature_length = sizeof(signature); - - /* Some algorithms require the payload to have the size of - * the hash encoded in the algorithm. Use this input size - * even for algorithms that allow other input sizes. */ - if (hash_alg != 0) { - payload_length = PSA_HASH_LENGTH(hash_alg); - } - - if (usage & PSA_KEY_USAGE_SIGN_HASH) { - status = psa_sign_hash(key, alg, - payload, payload_length, - signature, sizeof(signature), - &signature_length); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - return 1; - } - PSA_ASSERT(status); - } - - if (usage & PSA_KEY_USAGE_VERIFY_HASH) { - psa_status_t verify_status = - (usage & PSA_KEY_USAGE_SIGN_HASH ? - PSA_SUCCESS : - PSA_ERROR_INVALID_SIGNATURE); - status = psa_verify_hash(key, alg, - payload, payload_length, - signature, signature_length); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - return 1; - } - TEST_ASSERT(status == verify_status); - } - } - - if (can_sign_or_verify_message(usage, alg)) { - unsigned char message[256] = "Hello, world..."; - unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = { 0 }; - size_t message_length = 16; - size_t signature_length = sizeof(signature); - - if (usage & PSA_KEY_USAGE_SIGN_MESSAGE) { - status = psa_sign_message(key, alg, - message, message_length, - signature, sizeof(signature), - &signature_length); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - return 1; - } - PSA_ASSERT(status); - } - - if (usage & PSA_KEY_USAGE_VERIFY_MESSAGE) { - psa_status_t verify_status = - (usage & PSA_KEY_USAGE_SIGN_MESSAGE ? - PSA_SUCCESS : - PSA_ERROR_INVALID_SIGNATURE); - status = psa_verify_message(key, alg, - message, message_length, - signature, signature_length); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - return 1; - } - TEST_ASSERT(status == verify_status); - } - } - - return 1; - -exit: - return 0; -} - -static int exercise_asymmetric_encryption_key(mbedtls_svc_key_id_t key, - psa_key_usage_t usage, - psa_algorithm_t alg, - int key_destroyable) -{ - unsigned char plaintext[PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE] = - "Hello, world..."; - unsigned char ciphertext[PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE] = - "(wabblewebblewibblewobblewubble)"; - size_t ciphertext_length = sizeof(ciphertext); - size_t plaintext_length = 16; - psa_status_t status = PSA_SUCCESS; - if (usage & PSA_KEY_USAGE_ENCRYPT) { - status = psa_asymmetric_encrypt(key, alg, - plaintext, plaintext_length, - NULL, 0, - ciphertext, sizeof(ciphertext), - &ciphertext_length); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - return 1; - } - PSA_ASSERT(status); - } - - if (usage & PSA_KEY_USAGE_DECRYPT) { - status = psa_asymmetric_decrypt(key, alg, - ciphertext, ciphertext_length, - NULL, 0, - plaintext, sizeof(plaintext), - &plaintext_length); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - return 1; - } - TEST_ASSERT(status == PSA_SUCCESS || - ((usage & PSA_KEY_USAGE_ENCRYPT) == 0 && - (status == PSA_ERROR_INVALID_ARGUMENT || - status == PSA_ERROR_INVALID_PADDING))); - } - - return 1; - -exit: - return 0; -} - -int mbedtls_test_psa_setup_key_derivation_wrap( - psa_key_derivation_operation_t *operation, - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const unsigned char *input1, size_t input1_length, - const unsigned char *input2, size_t input2_length, - size_t capacity, int key_destroyable) -{ - PSA_ASSERT(psa_key_derivation_setup(operation, alg)); - psa_status_t status = PSA_SUCCESS; - if (PSA_ALG_IS_HKDF(alg)) { - PSA_ASSERT(psa_key_derivation_input_bytes(operation, - PSA_KEY_DERIVATION_INPUT_SALT, - input1, input1_length)); - status = psa_key_derivation_input_key(operation, - PSA_KEY_DERIVATION_INPUT_SECRET, - key); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - return 1; - } - PSA_ASSERT(status); - PSA_ASSERT(psa_key_derivation_input_bytes(operation, - PSA_KEY_DERIVATION_INPUT_INFO, - input2, - input2_length)); - } else if (PSA_ALG_IS_HKDF_EXTRACT(alg)) { - PSA_ASSERT(psa_key_derivation_input_bytes(operation, - PSA_KEY_DERIVATION_INPUT_SALT, - input1, input1_length)); - status = psa_key_derivation_input_key(operation, - PSA_KEY_DERIVATION_INPUT_SECRET, - key); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - return 1; - } - PSA_ASSERT(status); - } else if (PSA_ALG_IS_HKDF_EXPAND(alg)) { - status = psa_key_derivation_input_key(operation, - PSA_KEY_DERIVATION_INPUT_SECRET, - key); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - return 1; - } - PSA_ASSERT(status); - PSA_ASSERT(psa_key_derivation_input_bytes(operation, - PSA_KEY_DERIVATION_INPUT_INFO, - input2, - input2_length)); - } else if (PSA_ALG_IS_TLS12_PRF(alg) || - PSA_ALG_IS_TLS12_PSK_TO_MS(alg)) { - PSA_ASSERT(psa_key_derivation_input_bytes(operation, - PSA_KEY_DERIVATION_INPUT_SEED, - input1, input1_length)); - status = psa_key_derivation_input_key(operation, - PSA_KEY_DERIVATION_INPUT_SECRET, - key); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - return 1; - } - PSA_ASSERT(status); - PSA_ASSERT(psa_key_derivation_input_bytes(operation, - PSA_KEY_DERIVATION_INPUT_LABEL, - input2, input2_length)); - } else if (PSA_ALG_IS_PBKDF2(alg)) { - PSA_ASSERT(psa_key_derivation_input_integer(operation, - PSA_KEY_DERIVATION_INPUT_COST, - 1U)); - PSA_ASSERT(psa_key_derivation_input_bytes(operation, - PSA_KEY_DERIVATION_INPUT_SALT, - input2, - input2_length)); - status = psa_key_derivation_input_key(operation, - PSA_KEY_DERIVATION_INPUT_PASSWORD, - key); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - return 1; - } - PSA_ASSERT(status); - } else if (alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) { - PSA_ASSERT(psa_key_derivation_input_bytes(operation, - PSA_KEY_DERIVATION_INPUT_SECRET, - input1, input1_length)); - } else { - TEST_FAIL("Key derivation algorithm not supported"); - } - - if (capacity != SIZE_MAX) { - PSA_ASSERT(psa_key_derivation_set_capacity(operation, capacity)); - } - - return 1; - -exit: - return 0; -} - - -static int exercise_key_derivation_key(mbedtls_svc_key_id_t key, - psa_key_usage_t usage, - psa_algorithm_t alg, - int key_destroyable) -{ - psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; - unsigned char input1[] = "Input 1"; - size_t input1_length = sizeof(input1); - unsigned char input2[] = "Input 2"; - size_t input2_length = sizeof(input2); - unsigned char output[1]; - size_t capacity = sizeof(output); - - if (usage & PSA_KEY_USAGE_DERIVE) { - if (!mbedtls_test_psa_setup_key_derivation_wrap(&operation, key, alg, - input1, input1_length, - input2, input2_length, - capacity, key_destroyable)) { - goto exit; - } - - psa_status_t status = psa_key_derivation_output_bytes(&operation, - output, - capacity); - if (key_destroyable && status == PSA_ERROR_BAD_STATE) { - /* The key has been destroyed. */ - PSA_ASSERT(psa_key_derivation_abort(&operation)); - } else { - PSA_ASSERT(status); - PSA_ASSERT(psa_key_derivation_abort(&operation)); - } - } - - return 1; - -exit: - return 0; -} - -/* We need two keys to exercise key agreement. Exercise the - * private key against its own public key. */ -psa_status_t mbedtls_test_psa_key_agreement_with_self( - psa_key_derivation_operation_t *operation, - mbedtls_svc_key_id_t key, int key_destroyable) -{ - psa_key_type_t private_key_type; - psa_key_type_t public_key_type; - size_t key_bits; - uint8_t *public_key = NULL; - size_t public_key_length; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - - psa_status_t status = psa_get_key_attributes(key, &attributes); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - psa_reset_key_attributes(&attributes); - return PSA_SUCCESS; - } - PSA_ASSERT(status); - - private_key_type = psa_get_key_type(&attributes); - key_bits = psa_get_key_bits(&attributes); - public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(private_key_type); - public_key_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_key_type, key_bits); - TEST_CALLOC(public_key, public_key_length); - status = psa_export_public_key(key, public_key, public_key_length, - &public_key_length); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - status = PSA_SUCCESS; - goto exit; - } - PSA_ASSERT(status); - - status = psa_key_derivation_key_agreement( - operation, PSA_KEY_DERIVATION_INPUT_SECRET, key, - public_key, public_key_length); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - status = PSA_SUCCESS; - goto exit; - } -exit: - /* - * Key attributes may have been returned by psa_get_key_attributes() - * thus reset them as required. - */ - psa_reset_key_attributes(&attributes); - - mbedtls_free(public_key); - return status; -} - -/* We need two keys to exercise key agreement. Exercise the - * private key against its own public key. */ -psa_status_t mbedtls_test_psa_raw_key_agreement_with_self( - psa_algorithm_t alg, - mbedtls_svc_key_id_t key, - int key_destroyable) -{ - psa_key_type_t private_key_type; - psa_key_type_t public_key_type; - size_t key_bits; - uint8_t *public_key = NULL; - size_t public_key_length; - uint8_t output[1024]; - size_t output_length; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - - psa_status_t status = psa_get_key_attributes(key, &attributes); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - psa_reset_key_attributes(&attributes); - return PSA_SUCCESS; - } - PSA_ASSERT(status); - - private_key_type = psa_get_key_type(&attributes); - key_bits = psa_get_key_bits(&attributes); - public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(private_key_type); - public_key_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_key_type, key_bits); - TEST_CALLOC(public_key, public_key_length); - status = psa_export_public_key(key, - public_key, public_key_length, - &public_key_length); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - status = PSA_SUCCESS; - goto exit; - } - PSA_ASSERT(status); - - status = psa_raw_key_agreement(alg, key, - public_key, public_key_length, - output, sizeof(output), &output_length); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - status = PSA_SUCCESS; - goto exit; - } - if (status == PSA_SUCCESS) { - TEST_ASSERT(output_length <= - PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(private_key_type, - key_bits)); - TEST_ASSERT(output_length <= - PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE); - } - -exit: - /* - * Key attributes may have been returned by psa_get_key_attributes() - * thus reset them as required. - */ - psa_reset_key_attributes(&attributes); - - mbedtls_free(public_key); - return status; -} - -static int exercise_raw_key_agreement_key(mbedtls_svc_key_id_t key, - psa_key_usage_t usage, - psa_algorithm_t alg, - int key_destroyable) -{ - int ok = 0; - - if (usage & PSA_KEY_USAGE_DERIVE) { - /* We need two keys to exercise key agreement. Exercise the - * private key against its own public key. */ - PSA_ASSERT(mbedtls_test_psa_raw_key_agreement_with_self(alg, key, - key_destroyable)); - } - ok = 1; - -exit: - return ok; -} - -static int exercise_key_agreement_key(mbedtls_svc_key_id_t key, - psa_key_usage_t usage, - psa_algorithm_t alg, - int key_destroyable) -{ - psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; - unsigned char input[1] = { 0 }; - unsigned char output[1]; - int ok = 0; - psa_algorithm_t kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF(alg); - psa_status_t expected_key_agreement_status = PSA_SUCCESS; - - if (usage & PSA_KEY_USAGE_DERIVE) { - /* We need two keys to exercise key agreement. Exercise the - * private key against its own public key. */ - PSA_ASSERT(psa_key_derivation_setup(&operation, alg)); - if (PSA_ALG_IS_TLS12_PRF(kdf_alg) || - PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg)) { - PSA_ASSERT(psa_key_derivation_input_bytes( - &operation, PSA_KEY_DERIVATION_INPUT_SEED, - input, sizeof(input))); - } - - if (PSA_ALG_IS_HKDF_EXTRACT(kdf_alg)) { - PSA_ASSERT(psa_key_derivation_input_bytes( - &operation, PSA_KEY_DERIVATION_INPUT_SALT, - input, sizeof(input))); - } - - /* For HKDF_EXPAND input secret may fail as secret size may not match - to expected PRK size. In practice it means that key bits must match - hash length. Otherwise test should fail with INVALID_ARGUMENT. */ - if (PSA_ALG_IS_HKDF_EXPAND(kdf_alg)) { - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_status_t status = psa_get_key_attributes(key, &attributes); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - ok = 1; - } - PSA_ASSERT(status); - size_t key_bits = psa_get_key_bits(&attributes); - psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH(kdf_alg); - - if (PSA_BITS_TO_BYTES(key_bits) != PSA_HASH_LENGTH(hash_alg)) { - expected_key_agreement_status = PSA_ERROR_INVALID_ARGUMENT; - } - } - - TEST_EQUAL(mbedtls_test_psa_key_agreement_with_self(&operation, key, - key_destroyable), - expected_key_agreement_status); - - if (expected_key_agreement_status != PSA_SUCCESS) { - return 1; - } - - if (PSA_ALG_IS_TLS12_PRF(kdf_alg) || - PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg)) { - PSA_ASSERT(psa_key_derivation_input_bytes( - &operation, PSA_KEY_DERIVATION_INPUT_LABEL, - input, sizeof(input))); - } else if (PSA_ALG_IS_HKDF(kdf_alg) || PSA_ALG_IS_HKDF_EXPAND(kdf_alg)) { - PSA_ASSERT(psa_key_derivation_input_bytes( - &operation, PSA_KEY_DERIVATION_INPUT_INFO, - input, sizeof(input))); - } - PSA_ASSERT(psa_key_derivation_output_bytes(&operation, - output, - sizeof(output))); - PSA_ASSERT(psa_key_derivation_abort(&operation)); - } - ok = 1; - -exit: - return ok; -} - -int mbedtls_test_psa_exported_key_sanity_check( - psa_key_type_t type, size_t bits, - const uint8_t *exported, size_t exported_length) -{ - TEST_ASSERT(exported_length <= PSA_EXPORT_KEY_OUTPUT_SIZE(type, bits)); - - if (PSA_KEY_TYPE_IS_UNSTRUCTURED(type)) { - TEST_EQUAL(exported_length, PSA_BITS_TO_BYTES(bits)); - } else - -#if defined(MBEDTLS_ASN1_PARSE_C) - if (type == PSA_KEY_TYPE_RSA_KEY_PAIR) { - uint8_t *p = (uint8_t *) exported; - const uint8_t *end = exported + exported_length; - size_t len; - /* RSAPrivateKey ::= SEQUENCE { - * version INTEGER, -- must be 0 - * modulus INTEGER, -- n - * publicExponent INTEGER, -- e - * privateExponent INTEGER, -- d - * prime1 INTEGER, -- p - * prime2 INTEGER, -- q - * exponent1 INTEGER, -- d mod (p-1) - * exponent2 INTEGER, -- d mod (q-1) - * coefficient INTEGER, -- (inverse of q) mod p - * } - */ - TEST_EQUAL(mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_SEQUENCE | - MBEDTLS_ASN1_CONSTRUCTED), 0); - TEST_EQUAL(len, end - p); - if (!mbedtls_test_asn1_skip_integer(&p, end, 0, 0, 0)) { - goto exit; - } - if (!mbedtls_test_asn1_skip_integer(&p, end, bits, bits, 1)) { - goto exit; - } - if (!mbedtls_test_asn1_skip_integer(&p, end, 2, bits, 1)) { - goto exit; - } - /* Require d to be at least half the size of n. */ - if (!mbedtls_test_asn1_skip_integer(&p, end, bits / 2, bits, 1)) { - goto exit; - } - /* Require p and q to be at most half the size of n, rounded up. */ - if (!mbedtls_test_asn1_skip_integer(&p, end, bits / 2, bits / 2 + 1, 1)) { - goto exit; - } - if (!mbedtls_test_asn1_skip_integer(&p, end, bits / 2, bits / 2 + 1, 1)) { - goto exit; - } - if (!mbedtls_test_asn1_skip_integer(&p, end, 1, bits / 2 + 1, 0)) { - goto exit; - } - if (!mbedtls_test_asn1_skip_integer(&p, end, 1, bits / 2 + 1, 0)) { - goto exit; - } - if (!mbedtls_test_asn1_skip_integer(&p, end, 1, bits / 2 + 1, 0)) { - goto exit; - } - TEST_EQUAL(p - end, 0); - - TEST_ASSERT(exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE); - } else -#endif /* MBEDTLS_ASN1_PARSE_C */ - - if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) { - /* Just the secret value */ - TEST_EQUAL(exported_length, PSA_BITS_TO_BYTES(bits)); - - TEST_ASSERT(exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE); - } else - -#if defined(MBEDTLS_ASN1_PARSE_C) - if (type == PSA_KEY_TYPE_RSA_PUBLIC_KEY) { - uint8_t *p = (uint8_t *) exported; - const uint8_t *end = exported + exported_length; - size_t len; - /* RSAPublicKey ::= SEQUENCE { - * modulus INTEGER, -- n - * publicExponent INTEGER } -- e - */ - TEST_EQUAL(mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_SEQUENCE | - MBEDTLS_ASN1_CONSTRUCTED), - 0); - TEST_EQUAL(len, end - p); - if (!mbedtls_test_asn1_skip_integer(&p, end, bits, bits, 1)) { - goto exit; - } - if (!mbedtls_test_asn1_skip_integer(&p, end, 2, bits, 1)) { - goto exit; - } - TEST_EQUAL(p - end, 0); - - - TEST_ASSERT(exported_length <= - PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(type, bits)); - TEST_ASSERT(exported_length <= - PSA_EXPORT_PUBLIC_KEY_MAX_SIZE); - } else -#endif /* MBEDTLS_ASN1_PARSE_C */ - - if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type)) { - - TEST_ASSERT(exported_length <= - PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(type, bits)); - TEST_ASSERT(exported_length <= - PSA_EXPORT_PUBLIC_KEY_MAX_SIZE); - - if (PSA_KEY_TYPE_ECC_GET_FAMILY(type) == PSA_ECC_FAMILY_MONTGOMERY) { - /* The representation of an ECC Montgomery public key is - * the raw compressed point */ - TEST_EQUAL(PSA_BITS_TO_BYTES(bits), exported_length); - } else if (PSA_KEY_TYPE_ECC_GET_FAMILY(type) == PSA_ECC_FAMILY_TWISTED_EDWARDS) { - /* The representation of an ECC Edwards public key is - * the raw compressed point */ - TEST_EQUAL(PSA_BITS_TO_BYTES(bits + 1), exported_length); - } else { - /* The representation of an ECC Weierstrass public key is: - * - The byte 0x04; - * - `x_P` as a `ceiling(m/8)`-byte string, big-endian; - * - `y_P` as a `ceiling(m/8)`-byte string, big-endian; - * - where m is the bit size associated with the curve. - */ - TEST_EQUAL(1 + 2 * PSA_BITS_TO_BYTES(bits), exported_length); - TEST_EQUAL(exported[0], 4); - } - } else - if (PSA_KEY_TYPE_IS_DH_PUBLIC_KEY(type) || PSA_KEY_TYPE_IS_DH_KEY_PAIR(type)) { - TEST_ASSERT(exported_length == - PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(type, bits)); - TEST_ASSERT(exported_length <= - PSA_EXPORT_PUBLIC_KEY_MAX_SIZE); - } else { - (void) exported; - TEST_FAIL("Sanity check not implemented for this key type"); - } - -#if defined(MBEDTLS_DES_C) - if (type == PSA_KEY_TYPE_DES) { - /* Check the parity bits. */ - unsigned i; - for (i = 0; i < bits / 8; i++) { - unsigned bit_count = 0; - unsigned m; - for (m = 1; m <= 0x100; m <<= 1) { - if (exported[i] & m) { - ++bit_count; - } - } - TEST_ASSERT(bit_count % 2 != 0); - } - } -#endif - - return 1; - -exit: - return 0; -} - -static int exercise_export_key(mbedtls_svc_key_id_t key, - psa_key_usage_t usage, - int key_destroyable) -{ - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - uint8_t *exported = NULL; - size_t exported_size = 0; - size_t exported_length = 0; - int ok = 0; - - psa_status_t status = psa_get_key_attributes(key, &attributes); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - psa_reset_key_attributes(&attributes); - return 1; - } - PSA_ASSERT(status); - - exported_size = PSA_EXPORT_KEY_OUTPUT_SIZE( - psa_get_key_type(&attributes), - psa_get_key_bits(&attributes)); - TEST_CALLOC(exported, exported_size); - - status = psa_export_key(key, exported, exported_size, &exported_length); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - ok = 1; - goto exit; - } else if ((usage & PSA_KEY_USAGE_EXPORT) == 0 && - !PSA_KEY_TYPE_IS_PUBLIC_KEY(psa_get_key_type(&attributes))) { - TEST_EQUAL(status, PSA_ERROR_NOT_PERMITTED); - ok = 1; - goto exit; - } - PSA_ASSERT(status); - ok = mbedtls_test_psa_exported_key_sanity_check( - psa_get_key_type(&attributes), psa_get_key_bits(&attributes), - exported, exported_length); - -exit: - /* - * Key attributes may have been returned by psa_get_key_attributes() - * thus reset them as required. - */ - psa_reset_key_attributes(&attributes); - - mbedtls_free(exported); - return ok; -} - -static int exercise_export_public_key(mbedtls_svc_key_id_t key, - int key_destroyable) -{ - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_type_t public_type; - uint8_t *exported = NULL; - size_t exported_size = 0; - size_t exported_length = 0; - int ok = 0; - - psa_status_t status = psa_get_key_attributes(key, &attributes); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - psa_reset_key_attributes(&attributes); - return 1; - } - PSA_ASSERT(status); - if (!PSA_KEY_TYPE_IS_ASYMMETRIC(psa_get_key_type(&attributes))) { - exported_size = PSA_EXPORT_KEY_OUTPUT_SIZE( - psa_get_key_type(&attributes), - psa_get_key_bits(&attributes)); - TEST_CALLOC(exported, exported_size); - - status = psa_export_public_key(key, exported, - exported_size, &exported_length); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - ok = 1; - goto exit; - } - TEST_EQUAL(status, PSA_ERROR_INVALID_ARGUMENT); - ok = 1; - goto exit; - } - - public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( - psa_get_key_type(&attributes)); - exported_size = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_type, - psa_get_key_bits(&attributes)); - TEST_CALLOC(exported, exported_size); - - status = psa_export_public_key(key, exported, - exported_size, &exported_length); - if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { - /* The key has been destroyed. */ - ok = 1; - goto exit; - } - PSA_ASSERT(status); - ok = mbedtls_test_psa_exported_key_sanity_check( - public_type, psa_get_key_bits(&attributes), - exported, exported_length); - -exit: - /* - * Key attributes may have been returned by psa_get_key_attributes() - * thus reset them as required. - */ - psa_reset_key_attributes(&attributes); - - mbedtls_free(exported); - return ok; -} - -int mbedtls_test_psa_exercise_key(mbedtls_svc_key_id_t key, - psa_key_usage_t usage, - psa_algorithm_t alg, - int key_destroyable) -{ - int ok = 0; - - if (!check_key_attributes_sanity(key, key_destroyable)) { - return 0; - } - - if (alg == 0) { - ok = 1; /* If no algorithm, do nothing (used for raw data "keys"). */ - } else if (PSA_ALG_IS_MAC(alg)) { - ok = exercise_mac_key(key, usage, alg, key_destroyable); - } else if (PSA_ALG_IS_CIPHER(alg)) { - ok = exercise_cipher_key(key, usage, alg, key_destroyable); - } else if (PSA_ALG_IS_AEAD(alg)) { - ok = exercise_aead_key(key, usage, alg, key_destroyable); - } else if (PSA_ALG_IS_SIGN(alg)) { - ok = exercise_signature_key(key, usage, alg, key_destroyable); - } else if (PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg)) { - ok = exercise_asymmetric_encryption_key(key, usage, alg, - key_destroyable); - } else if (PSA_ALG_IS_KEY_DERIVATION(alg)) { - ok = exercise_key_derivation_key(key, usage, alg, key_destroyable); - } else if (PSA_ALG_IS_RAW_KEY_AGREEMENT(alg)) { - ok = exercise_raw_key_agreement_key(key, usage, alg, key_destroyable); - } else if (PSA_ALG_IS_KEY_AGREEMENT(alg)) { - ok = exercise_key_agreement_key(key, usage, alg, key_destroyable); - } else { - TEST_FAIL("No code to exercise this category of algorithm"); - } - - ok = ok && exercise_export_key(key, - usage, - key_destroyable); - ok = ok && exercise_export_public_key(key, - key_destroyable); - -exit: - return ok; -} - -psa_key_usage_t mbedtls_test_psa_usage_to_exercise(psa_key_type_t type, - psa_algorithm_t alg) -{ - if (PSA_ALG_IS_MAC(alg) || PSA_ALG_IS_SIGN(alg)) { - if (PSA_ALG_IS_SIGN_HASH(alg)) { - if (PSA_ALG_SIGN_GET_HASH(alg)) { - return PSA_KEY_TYPE_IS_PUBLIC_KEY(type) ? - PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE : - PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | - PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE; - } - } else if (PSA_ALG_IS_SIGN_MESSAGE(alg)) { - return PSA_KEY_TYPE_IS_PUBLIC_KEY(type) ? - PSA_KEY_USAGE_VERIFY_MESSAGE : - PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE; - } - - return PSA_KEY_TYPE_IS_PUBLIC_KEY(type) ? - PSA_KEY_USAGE_VERIFY_HASH : - PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH; - } else if (PSA_ALG_IS_CIPHER(alg) || PSA_ALG_IS_AEAD(alg) || - PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg)) { - return PSA_KEY_TYPE_IS_PUBLIC_KEY(type) ? - PSA_KEY_USAGE_ENCRYPT : - PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT; - } else if (PSA_ALG_IS_KEY_DERIVATION(alg) || - PSA_ALG_IS_KEY_AGREEMENT(alg)) { - return PSA_KEY_USAGE_DERIVE; - } else { - return 0; - } - -} - -int mbedtls_test_can_exercise_psa_algorithm(psa_algorithm_t alg) -{ - /* Reject algorithms that we know are not supported. Default to - * attempting exercise, so that if an algorithm is missing from this - * function, the result will be a test failure and not silently - * omitting exercise. */ -#if !defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT) - if (alg == PSA_ALG_RSA_PKCS1V15_CRYPT) { - return 0; - } -#endif -#if !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) - if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg)) { - return 0; - } -#endif -#if !defined(PSA_WANT_ALG_RSA_PSS) - if (PSA_ALG_IS_RSA_PSS_STANDARD_SALT(alg)) { - return 0; - } -#endif -#if !defined(PSA_WANT_ALG_RSA_PSS_ANY_SALT) - if (PSA_ALG_IS_RSA_PSS_ANY_SALT(alg)) { - return 0; - } -#endif -#if !defined(PSA_WANT_ALG_ECDSA) - if (PSA_ALG_IS_ECDSA(alg)) { - return 0; - } -#endif -#if !defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) - if (PSA_ALG_IS_DETERMINISTIC_ECDSA(alg)) { - return 0; - } -#endif -#if !defined(PSA_WANT_ALG_ECDH) - if (PSA_ALG_IS_ECDH(alg)) { - return 0; - } -#endif - (void) alg; - return 1; -} - -#if defined(MBEDTLS_PK_C) -int mbedtls_test_key_consistency_psa_pk(mbedtls_svc_key_id_t psa_key, - const mbedtls_pk_context *pk) -{ - psa_key_attributes_t psa_attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_attributes_t pk_attributes = PSA_KEY_ATTRIBUTES_INIT; - int ok = 0; - - PSA_ASSERT(psa_get_key_attributes(psa_key, &psa_attributes)); - psa_key_type_t psa_type = psa_get_key_type(&psa_attributes); - mbedtls_pk_type_t pk_type = mbedtls_pk_get_type(pk); - - TEST_ASSERT(PSA_KEY_TYPE_IS_PUBLIC_KEY(psa_type) || - PSA_KEY_TYPE_IS_KEY_PAIR(psa_type)); - TEST_EQUAL(psa_get_key_bits(&psa_attributes), mbedtls_pk_get_bitlen(pk)); - - uint8_t pk_public_buffer[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; - const uint8_t *pk_public = NULL; - size_t pk_public_length = 0; - - switch (pk_type) { -#if defined(MBEDTLS_RSA_C) - case MBEDTLS_PK_RSA: - TEST_ASSERT(PSA_KEY_TYPE_IS_RSA(psa_type)); - const mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*pk); - uint8_t *const end = pk_public_buffer + sizeof(pk_public_buffer); - uint8_t *cursor = end; - TEST_LE_U(1, mbedtls_rsa_write_pubkey(rsa, - pk_public_buffer, &cursor)); - pk_public = cursor; - pk_public_length = end - pk_public; - break; -#endif - -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - case MBEDTLS_PK_ECKEY: - case MBEDTLS_PK_ECKEY_DH: - case MBEDTLS_PK_ECDSA: - TEST_ASSERT(PSA_KEY_TYPE_IS_ECC(psa_type)); - TEST_EQUAL(PSA_KEY_TYPE_ECC_GET_FAMILY(psa_type), pk->ec_family); - pk_public = pk->pub_raw; - pk_public_length = pk->pub_raw_len; - break; -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ - -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && !defined(MBEDTLS_PK_USE_PSA_EC_DATA) - case MBEDTLS_PK_ECKEY: - case MBEDTLS_PK_ECKEY_DH: - case MBEDTLS_PK_ECDSA: - TEST_ASSERT(PSA_KEY_TYPE_IS_ECC(psa_get_key_type(&psa_attributes))); - const mbedtls_ecp_keypair *ec = mbedtls_pk_ec_ro(*pk); - TEST_EQUAL(mbedtls_ecp_write_public_key( - ec, MBEDTLS_ECP_PF_UNCOMPRESSED, &pk_public_length, - pk_public_buffer, sizeof(pk_public_buffer)), 0); - pk_public = pk_public_buffer; - break; -#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY && !MBEDTLS_PK_USE_PSA_EC_DATA */ - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - case MBEDTLS_PK_OPAQUE: - PSA_ASSERT(psa_get_key_attributes(pk->priv_id, &pk_attributes)); - psa_key_type_t pk_psa_type = psa_get_key_type(&pk_attributes); - TEST_EQUAL(PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(psa_type), - PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(pk_psa_type)); - PSA_ASSERT(psa_export_public_key(psa_key, - pk_public_buffer, - sizeof(pk_public_buffer), - &pk_public_length)); - pk_public = pk_public_buffer; - break; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - default: - TEST_FAIL("pk type not supported"); - } - - uint8_t psa_public[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; - size_t psa_public_length = 0; - PSA_ASSERT(psa_export_public_key(psa_key, - psa_public, sizeof(psa_public), - &psa_public_length)); - TEST_MEMORY_COMPARE(pk_public, pk_public_length, - psa_public, psa_public_length); - - ok = 1; - -exit: - psa_reset_key_attributes(&psa_attributes); - psa_reset_key_attributes(&pk_attributes); - return ok; -} -#endif /* MBEDTLS_PK_C */ - -#endif /* MBEDTLS_PSA_CRYPTO_C || MBEDTLS_PSA_CRYPTO_CLIENT */ diff --git a/tests/src/psa_memory_poisoning_wrappers.c b/tests/src/psa_memory_poisoning_wrappers.c deleted file mode 100644 index 7b48c7c95e..0000000000 --- a/tests/src/psa_memory_poisoning_wrappers.c +++ /dev/null @@ -1,32 +0,0 @@ -/** Helper functions for memory poisoning in tests. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#include -#include - -#include "psa_crypto_invasive.h" - -#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_PSA_CRYPTO_C) \ - && defined(MBEDTLS_TEST_MEMORY_CAN_POISON) - -void mbedtls_poison_test_hooks_setup(void) -{ - psa_input_pre_copy_hook = mbedtls_test_memory_unpoison; - psa_input_post_copy_hook = mbedtls_test_memory_poison; - psa_output_pre_copy_hook = mbedtls_test_memory_unpoison; - psa_output_post_copy_hook = mbedtls_test_memory_poison; -} - -void mbedtls_poison_test_hooks_teardown(void) -{ - psa_input_pre_copy_hook = NULL; - psa_input_post_copy_hook = NULL; - psa_output_pre_copy_hook = NULL; - psa_output_post_copy_hook = NULL; -} - -#endif /* MBEDTLS_TEST_HOOKS && MBEDTLS_PSA_CRYPTO_C && - MBEDTLS_TEST_MEMORY_CAN_POISON */ diff --git a/tests/src/random.c b/tests/src/random.c deleted file mode 100644 index d041f36a1f..0000000000 --- a/tests/src/random.c +++ /dev/null @@ -1,136 +0,0 @@ -/** - * \file random.c - * - * \brief This file contains the helper functions to generate random numbers - * for the purpose of testing. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/* - * for arc4random_buf() from - */ -#if defined(__NetBSD__) -#define _NETBSD_SOURCE 1 -#elif defined(__OpenBSD__) -#define _BSD_SOURCE 1 -#endif - -#include -#include -#include - -#include -#include - -int mbedtls_test_rnd_std_rand(void *rng_state, - unsigned char *output, - size_t len) -{ -#if !defined(__OpenBSD__) && !defined(__NetBSD__) - size_t i; - - if (rng_state != NULL) { - rng_state = NULL; - } - - for (i = 0; i < len; ++i) { - output[i] = rand(); - } -#else - if (rng_state != NULL) { - rng_state = NULL; - } - - arc4random_buf(output, len); -#endif /* !OpenBSD && !NetBSD */ - - return 0; -} - -int mbedtls_test_rnd_zero_rand(void *rng_state, - unsigned char *output, - size_t len) -{ - if (rng_state != NULL) { - rng_state = NULL; - } - - memset(output, 0, len); - - return 0; -} - -int mbedtls_test_rnd_buffer_rand(void *rng_state, - unsigned char *output, - size_t len) -{ - mbedtls_test_rnd_buf_info *info = (mbedtls_test_rnd_buf_info *) rng_state; - size_t use_len; - - if (rng_state == NULL) { - return mbedtls_test_rnd_std_rand(NULL, output, len); - } - - use_len = len; - if (len > info->length) { - use_len = info->length; - } - - if (use_len) { - memcpy(output, info->buf, use_len); - info->buf += use_len; - info->length -= use_len; - } - - if (len - use_len > 0) { - if (info->fallback_f_rng != NULL) { - return info->fallback_f_rng(info->fallback_p_rng, - output + use_len, - len - use_len); - } else { - return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; - } - } - - return 0; -} - -int mbedtls_test_rnd_pseudo_rand(void *rng_state, - unsigned char *output, - size_t len) -{ - mbedtls_test_rnd_pseudo_info *info = - (mbedtls_test_rnd_pseudo_info *) rng_state; - uint32_t i, *k, sum, delta = 0x9E3779B9; - unsigned char result[4], *out = output; - - if (rng_state == NULL) { - return mbedtls_test_rnd_std_rand(NULL, output, len); - } - - k = info->key; - - while (len > 0) { - size_t use_len = (len > 4) ? 4 : len; - sum = 0; - - for (i = 0; i < 32; i++) { - info->v0 += (((info->v1 << 4) ^ (info->v1 >> 5)) - + info->v1) ^ (sum + k[sum & 3]); - sum += delta; - info->v1 += (((info->v0 << 4) ^ (info->v0 >> 5)) - + info->v0) ^ (sum + k[(sum>>11) & 3]); - } - - MBEDTLS_PUT_UINT32_BE(info->v0, result, 0); - memcpy(out, result, use_len); - len -= use_len; - out += 4; - } - - return 0; -} diff --git a/tests/src/test_memory.c b/tests/src/test_memory.c deleted file mode 100644 index ac9dde6163..0000000000 --- a/tests/src/test_memory.c +++ /dev/null @@ -1,60 +0,0 @@ -/** - * \file memory.c - * - * \brief Helper functions related to testing memory management. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include -#include -#include - -#if defined(MBEDTLS_TEST_MEMORY_CAN_POISON) -#include -#include -#endif - -#if defined(MBEDTLS_TEST_MEMORY_CAN_POISON) - -_Thread_local unsigned int mbedtls_test_memory_poisoning_count = 0; - -static void align_for_asan(const unsigned char **p_ptr, size_t *p_size) -{ - uintptr_t start = (uintptr_t) *p_ptr; - uintptr_t end = start + (uintptr_t) *p_size; - /* ASan can only poison regions with 8-byte alignment, and only poisons a - * region if it's fully within the requested range. We want to poison the - * whole requested region and don't mind a few extra bytes. Therefore, - * align start down to an 8-byte boundary, and end up to an 8-byte - * boundary. */ - start = start & ~(uintptr_t) 7; - end = (end + 7) & ~(uintptr_t) 7; - *p_ptr = (const unsigned char *) start; - *p_size = end - start; -} - -void mbedtls_test_memory_poison(const unsigned char *ptr, size_t size) -{ - if (mbedtls_test_memory_poisoning_count == 0) { - return; - } - if (size == 0) { - return; - } - align_for_asan(&ptr, &size); - __asan_poison_memory_region(ptr, size); -} - -void mbedtls_test_memory_unpoison(const unsigned char *ptr, size_t size) -{ - if (size == 0) { - return; - } - align_for_asan(&ptr, &size); - __asan_unpoison_memory_region(ptr, size); -} -#endif /* Memory poisoning */ diff --git a/tests/src/threading_helpers.c b/tests/src/threading_helpers.c deleted file mode 100644 index c1686c21ad..0000000000 --- a/tests/src/threading_helpers.c +++ /dev/null @@ -1,354 +0,0 @@ -/** Mutex usage verification framework. */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include -#include -#include - -#include "mbedtls/threading.h" - -#if defined(MBEDTLS_THREADING_C) - -#if defined(MBEDTLS_THREADING_PTHREAD) - -static int threading_thread_create_pthread(mbedtls_test_thread_t *thread, void *(*thread_func)( - void *), void *thread_data) -{ - if (thread == NULL || thread_func == NULL) { - return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA; - } - - if (pthread_create(&thread->thread, NULL, thread_func, thread_data)) { - return MBEDTLS_ERR_THREADING_THREAD_ERROR; - } - - return 0; -} - -static int threading_thread_join_pthread(mbedtls_test_thread_t *thread) -{ - if (thread == NULL) { - return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA; - } - - if (pthread_join(thread->thread, NULL) != 0) { - return MBEDTLS_ERR_THREADING_THREAD_ERROR; - } - - return 0; -} - -int (*mbedtls_test_thread_create)(mbedtls_test_thread_t *thread, void *(*thread_func)(void *), - void *thread_data) = threading_thread_create_pthread; -int (*mbedtls_test_thread_join)(mbedtls_test_thread_t *thread) = threading_thread_join_pthread; - -#endif /* MBEDTLS_THREADING_PTHREAD */ - -#if defined(MBEDTLS_THREADING_ALT) - -static int threading_thread_create_fail(mbedtls_test_thread_t *thread, - void *(*thread_func)(void *), - void *thread_data) -{ - (void) thread; - (void) thread_func; - (void) thread_data; - - return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA; -} - -static int threading_thread_join_fail(mbedtls_test_thread_t *thread) -{ - (void) thread; - - return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA; -} - -int (*mbedtls_test_thread_create)(mbedtls_test_thread_t *thread, void *(*thread_func)(void *), - void *thread_data) = threading_thread_create_fail; -int (*mbedtls_test_thread_join)(mbedtls_test_thread_t *thread) = threading_thread_join_fail; - -#endif /* MBEDTLS_THREADING_ALT */ - -#if defined(MBEDTLS_TEST_MUTEX_USAGE) - -#include "mbedtls/threading.h" - -/** Mutex usage verification framework. - * - * The mutex usage verification code below aims to detect bad usage of - * Mbed TLS's mutex abstraction layer at runtime. Note that this is solely - * about the use of the mutex itself, not about checking whether the mutex - * correctly protects whatever it is supposed to protect. - * - * The normal usage of a mutex is: - * ``` - * digraph mutex_states { - * "UNINITIALIZED"; // the initial state - * "IDLE"; - * "FREED"; - * "LOCKED"; - * "UNINITIALIZED" -> "IDLE" [label="init"]; - * "FREED" -> "IDLE" [label="init"]; - * "IDLE" -> "LOCKED" [label="lock"]; - * "LOCKED" -> "IDLE" [label="unlock"]; - * "IDLE" -> "FREED" [label="free"]; - * } - * ``` - * - * All bad transitions that can be unambiguously detected are reported. - * An attempt to use an uninitialized mutex cannot be detected in general - * since the memory content may happen to denote a valid state. For the same - * reason, a double init cannot be detected. - * All-bits-zero is the state of a freed mutex, which is distinct from an - * initialized mutex, so attempting to use zero-initialized memory as a mutex - * without calling the init function is detected. - * - * The framework attempts to detect missing calls to init and free by counting - * calls to init and free. If there are more calls to init than free, this - * means that a mutex is not being freed somewhere, which is a memory leak - * on platforms where a mutex consumes resources other than the - * mbedtls_threading_mutex_t object itself. If there are more calls to free - * than init, this indicates a missing init, which is likely to be detected - * by an attempt to lock the mutex as well. A limitation of this framework is - * that it cannot detect scenarios where there is exactly the same number of - * calls to init and free but the calls don't match. A bug like this is - * unlikely to happen uniformly throughout the whole test suite though. - * - * If an error is detected, this framework will report what happened and the - * test case will be marked as failed. Unfortunately, the error report cannot - * indicate the exact location of the problematic call. To locate the error, - * use a debugger and set a breakpoint on mbedtls_test_mutex_usage_error(). - */ -enum value_of_mutex_state_field { - /* Potential values for the state field of mbedtls_threading_mutex_t. - * Note that MUTEX_FREED must be 0 and MUTEX_IDLE must be 1 for - * compatibility with threading_mutex_init_pthread() and - * threading_mutex_free_pthread(). MUTEX_LOCKED could be any nonzero - * value. */ - MUTEX_FREED = 0, //! < Set by mbedtls_test_wrap_mutex_free - MUTEX_IDLE = 1, //! < Set by mbedtls_test_wrap_mutex_init and by mbedtls_test_wrap_mutex_unlock - MUTEX_LOCKED = 2, //! < Set by mbedtls_test_wrap_mutex_lock -}; - -typedef struct { - void (*init)(mbedtls_threading_mutex_t *); - void (*free)(mbedtls_threading_mutex_t *); - int (*lock)(mbedtls_threading_mutex_t *); - int (*unlock)(mbedtls_threading_mutex_t *); -} mutex_functions_t; -static mutex_functions_t mutex_functions; - -/** - * The mutex used to guard live_mutexes below and access to the status variable - * in every mbedtls_threading_mutex_t. - * Note that we are not reporting any errors when locking and unlocking this - * mutex. This is for a couple of reasons: - * - * 1. We have no real way of reporting any errors with this mutex - we cannot - * report it back to the caller, as the failure was not that of the mutex - * passed in. We could fail the test, but again this would indicate a problem - * with the test code that did not exist. - * - * 2. Any failure to lock is unlikely to be intermittent, and will thus not - * give false test results - the overall result would be to turn off the - * testing. This is not a situation that is likely to happen with normal - * testing and we still have TSan to fall back on should this happen. - */ -mbedtls_threading_mutex_t mbedtls_test_mutex_mutex; - -/** - * The total number of calls to mbedtls_mutex_init(), minus the total number - * of calls to mbedtls_mutex_free(). - * - * Do not read or write without holding mbedtls_test_mutex_mutex (above). Reset - * to 0 after each test case. - */ -static int live_mutexes; - -static void mbedtls_test_mutex_usage_error(mbedtls_threading_mutex_t *mutex, - const char *msg) -{ - (void) mutex; - - mbedtls_test_set_mutex_usage_error(msg); - mbedtls_fprintf(stdout, "[mutex: %s] ", msg); - /* Don't mark the test as failed yet. This way, if the test fails later - * for a functional reason, the test framework will report the message - * and location for this functional reason. If the test passes, - * mbedtls_test_mutex_usage_check() will mark it as failed. */ -} - -static int mbedtls_test_mutex_can_test(mbedtls_threading_mutex_t *mutex) -{ - /* If we attempt to run tests on this mutex then we are going to run into a - * couple of problems: - * 1. If any test on this mutex fails, we are going to deadlock when - * reporting that failure, as we already hold the mutex at that point. - * 2. Given the 'global' position of the initialization and free of this - * mutex, it will be shown as leaked on the first test run. */ - if (mutex == mbedtls_test_get_info_mutex()) { - return 0; - } - - return 1; -} - -static void mbedtls_test_wrap_mutex_init(mbedtls_threading_mutex_t *mutex) -{ - mutex_functions.init(mutex); - - if (mbedtls_test_mutex_can_test(mutex)) { - if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { - mutex->state = MUTEX_IDLE; - ++live_mutexes; - - mutex_functions.unlock(&mbedtls_test_mutex_mutex); - } - } -} - -static void mbedtls_test_wrap_mutex_free(mbedtls_threading_mutex_t *mutex) -{ - if (mbedtls_test_mutex_can_test(mutex)) { - if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { - - switch (mutex->state) { - case MUTEX_FREED: - mbedtls_test_mutex_usage_error(mutex, "free without init or double free"); - break; - case MUTEX_IDLE: - mutex->state = MUTEX_FREED; - --live_mutexes; - break; - case MUTEX_LOCKED: - mbedtls_test_mutex_usage_error(mutex, "free without unlock"); - break; - default: - mbedtls_test_mutex_usage_error(mutex, "corrupted state"); - break; - } - - mutex_functions.unlock(&mbedtls_test_mutex_mutex); - } - } - - mutex_functions.free(mutex); -} - -static int mbedtls_test_wrap_mutex_lock(mbedtls_threading_mutex_t *mutex) -{ - /* Lock the passed in mutex first, so that the only way to change the state - * is to hold the passed in and internal mutex - otherwise we create a race - * condition. */ - int ret = mutex_functions.lock(mutex); - - if (mbedtls_test_mutex_can_test(mutex)) { - if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { - switch (mutex->state) { - case MUTEX_FREED: - mbedtls_test_mutex_usage_error(mutex, "lock without init"); - break; - case MUTEX_IDLE: - if (ret == 0) { - mutex->state = MUTEX_LOCKED; - } - break; - case MUTEX_LOCKED: - mbedtls_test_mutex_usage_error(mutex, "double lock"); - break; - default: - mbedtls_test_mutex_usage_error(mutex, "corrupted state"); - break; - } - - mutex_functions.unlock(&mbedtls_test_mutex_mutex); - } - } - - return ret; -} - -static int mbedtls_test_wrap_mutex_unlock(mbedtls_threading_mutex_t *mutex) -{ - /* Lock the internal mutex first and change state, so that the only way to - * change the state is to hold the passed in and internal mutex - otherwise - * we create a race condition. */ - if (mbedtls_test_mutex_can_test(mutex)) { - if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { - switch (mutex->state) { - case MUTEX_FREED: - mbedtls_test_mutex_usage_error(mutex, "unlock without init"); - break; - case MUTEX_IDLE: - mbedtls_test_mutex_usage_error(mutex, "unlock without lock"); - break; - case MUTEX_LOCKED: - mutex->state = MUTEX_IDLE; - break; - default: - mbedtls_test_mutex_usage_error(mutex, "corrupted state"); - break; - } - mutex_functions.unlock(&mbedtls_test_mutex_mutex); - } - } - - return mutex_functions.unlock(mutex); -} - -void mbedtls_test_mutex_usage_init(void) -{ - mutex_functions.init = mbedtls_mutex_init; - mutex_functions.free = mbedtls_mutex_free; - mutex_functions.lock = mbedtls_mutex_lock; - mutex_functions.unlock = mbedtls_mutex_unlock; - mbedtls_mutex_init = &mbedtls_test_wrap_mutex_init; - mbedtls_mutex_free = &mbedtls_test_wrap_mutex_free; - mbedtls_mutex_lock = &mbedtls_test_wrap_mutex_lock; - mbedtls_mutex_unlock = &mbedtls_test_wrap_mutex_unlock; - - mutex_functions.init(&mbedtls_test_mutex_mutex); -} - -void mbedtls_test_mutex_usage_check(void) -{ - if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { - if (live_mutexes != 0) { - /* A positive number (more init than free) means that a mutex resource - * is leaking (on platforms where a mutex consumes more than the - * mbedtls_threading_mutex_t object itself). The (hopefully) rare - * case of a negative number means a missing init somewhere. */ - mbedtls_fprintf(stdout, "[mutex: %d leaked] ", live_mutexes); - live_mutexes = 0; - mbedtls_test_set_mutex_usage_error("missing free"); - } - if (mbedtls_test_get_mutex_usage_error() != NULL && - mbedtls_test_get_result() != MBEDTLS_TEST_RESULT_FAILED) { - /* Functionally, the test passed. But there was a mutex usage error, - * so mark the test as failed after all. */ - mbedtls_test_fail("Mutex usage error", __LINE__, __FILE__); - } - mbedtls_test_set_mutex_usage_error(NULL); - - mutex_functions.unlock(&mbedtls_test_mutex_mutex); - } -} - -void mbedtls_test_mutex_usage_end(void) -{ - mbedtls_mutex_init = mutex_functions.init; - mbedtls_mutex_free = mutex_functions.free; - mbedtls_mutex_lock = mutex_functions.lock; - mbedtls_mutex_unlock = mutex_functions.unlock; - - mutex_functions.free(&mbedtls_test_mutex_mutex); -} - -#endif /* MBEDTLS_TEST_MUTEX_USAGE */ - -#endif /* MBEDTLS_THREADING_C */