2019-05-23 20:25:48 +02:00
|
|
|
/*
|
2019-06-20 12:54:43 +02:00
|
|
|
* Helper functions for tests that use the PSA Crypto API.
|
2019-05-23 20:25:48 +02:00
|
|
|
*/
|
2020-06-15 11:59:37 +02:00
|
|
|
/*
|
2020-08-07 13:07:28 +02:00
|
|
|
* Copyright The Mbed TLS Contributors
|
2019-05-23 20:25:48 +02:00
|
|
|
* SPDX-License-Identifier: Apache-2.0
|
|
|
|
*
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
|
|
* not use this file except in compliance with the License.
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
*
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
*
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
|
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
* limitations under the License.
|
|
|
|
*/
|
|
|
|
|
2019-06-20 12:40:56 +02:00
|
|
|
#ifndef PSA_CRYPTO_HELPERS_H
|
|
|
|
#define PSA_CRYPTO_HELPERS_H
|
|
|
|
|
2021-02-09 20:35:42 +01:00
|
|
|
#include "test/helpers.h"
|
2020-05-27 09:22:32 +02:00
|
|
|
#include "test/psa_helpers.h"
|
2019-05-23 20:25:48 +02:00
|
|
|
|
2019-06-20 12:54:43 +02:00
|
|
|
#include <psa/crypto.h>
|
2020-10-30 11:54:03 +01:00
|
|
|
#include <psa_crypto_slot_management.h>
|
2019-05-23 20:25:48 +02:00
|
|
|
|
2020-11-24 17:41:07 +01:00
|
|
|
/** Check for things that have not been cleaned up properly in the
|
|
|
|
* PSA subsystem.
|
|
|
|
*
|
|
|
|
* \return NULL if nothing has leaked.
|
|
|
|
* \return A string literal explaining what has not been cleaned up
|
|
|
|
* if applicable.
|
|
|
|
*/
|
2020-11-24 17:34:30 +01:00
|
|
|
const char *mbedtls_test_helper_is_psa_leaking( void );
|
2019-05-28 15:06:43 +02:00
|
|
|
|
2019-06-20 12:54:43 +02:00
|
|
|
/** Check that no PSA Crypto key slots are in use.
|
2021-01-06 20:47:16 +01:00
|
|
|
*
|
|
|
|
* If any slots are in use, mark the current test as failed and jump to
|
|
|
|
* the exit label. This is equivalent to
|
|
|
|
* `TEST_ASSERT( ! mbedtls_test_helper_is_psa_leaking( ) )`
|
|
|
|
* but with a more informative message.
|
2019-05-28 15:06:43 +02:00
|
|
|
*/
|
2021-01-06 20:47:16 +01:00
|
|
|
#define ASSERT_PSA_PRISTINE( ) \
|
|
|
|
do \
|
|
|
|
{ \
|
|
|
|
if( test_fail_if_psa_leaking( __LINE__, __FILE__ ) ) \
|
|
|
|
goto exit; \
|
|
|
|
} \
|
|
|
|
while( 0 )
|
2019-05-23 20:34:30 +02:00
|
|
|
|
2019-06-20 12:54:43 +02:00
|
|
|
/** Shut down the PSA Crypto subsystem. Expect a clean shutdown, with no slots
|
2019-05-23 20:34:30 +02:00
|
|
|
* in use.
|
|
|
|
*/
|
2021-01-06 20:47:16 +01:00
|
|
|
#define PSA_DONE( ) \
|
|
|
|
do \
|
|
|
|
{ \
|
|
|
|
test_fail_if_psa_leaking( __LINE__, __FILE__ ); \
|
|
|
|
mbedtls_psa_crypto_free( ); \
|
|
|
|
} \
|
2020-11-24 17:41:07 +01:00
|
|
|
while( 0 )
|
2019-05-23 20:34:30 +02:00
|
|
|
|
2019-05-20 19:35:37 +02:00
|
|
|
|
|
|
|
|
|
|
|
#if defined(RECORD_PSA_STATUS_COVERAGE_LOG)
|
2020-11-24 17:34:30 +01:00
|
|
|
psa_status_t mbedtls_test_record_status( psa_status_t status,
|
|
|
|
const char *func,
|
|
|
|
const char *file, int line,
|
|
|
|
const char *expr );
|
2019-05-20 19:35:37 +02:00
|
|
|
|
|
|
|
/** Return value logging wrapper macro.
|
|
|
|
*
|
|
|
|
* Evaluate \p expr. Write a line recording its value to the log file
|
|
|
|
* #STATUS_LOG_FILE_NAME and return the value. The line is a colon-separated
|
|
|
|
* list of fields:
|
|
|
|
* ```
|
|
|
|
* value of expr:string:__FILE__:__LINE__:expr
|
|
|
|
* ```
|
|
|
|
*
|
|
|
|
* The test code does not call this macro explicitly because that would
|
|
|
|
* be very invasive. Instead, we instrument the source code by defining
|
|
|
|
* a bunch of wrapper macros like
|
|
|
|
* ```
|
|
|
|
* #define psa_crypto_init() RECORD_STATUS("psa_crypto_init", psa_crypto_init())
|
|
|
|
* ```
|
|
|
|
* These macro definitions must be present in `instrument_record_status.h`
|
|
|
|
* when building the test suites.
|
|
|
|
*
|
|
|
|
* \param string A string, normally a function name.
|
|
|
|
* \param expr An expression to evaluate, normally a call of the function
|
|
|
|
* whose name is in \p string. This expression must return
|
|
|
|
* a value of type #psa_status_t.
|
|
|
|
* \return The value of \p expr.
|
|
|
|
*/
|
|
|
|
#define RECORD_STATUS( string, expr ) \
|
2020-11-24 17:07:05 +01:00
|
|
|
mbedtls_test_record_status( ( expr ), string, __FILE__, __LINE__, #expr )
|
2019-05-20 19:35:37 +02:00
|
|
|
|
|
|
|
#include "instrument_record_status.h"
|
|
|
|
|
|
|
|
#endif /* defined(RECORD_PSA_STATUS_COVERAGE_LOG) */
|
|
|
|
|
2021-02-09 20:35:42 +01:00
|
|
|
/** Skip a test case if the given key is an 192 bits AES key and the AES
|
|
|
|
* implementation is at least partially an alternative implementation.
|
|
|
|
*
|
|
|
|
* Call this macro in a test case when a cryptography operation that may
|
|
|
|
* involve an AES operation returns with the PSA_ERROR_NOT_SUPPORTED error
|
|
|
|
* code to skip and not fail the test case in case the operation involves an
|
|
|
|
* 192 bits AES key and the AES implementation is at least partially an
|
|
|
|
* alternative implementation.
|
|
|
|
*
|
|
|
|
* Hardware AES implementations are likely to not support 192 bits keys.
|
|
|
|
* Consequently, PSA test cases aim at not failing when an AES operation with
|
|
|
|
* an 192 bits key performed by an alternative AES implementation returns
|
|
|
|
* with the PSA_ERROR_NOT_SUPPORTED error code. The purpose of this macro
|
|
|
|
* is to facilitate this and make the related code more readable.
|
|
|
|
*
|
|
|
|
* \param key_type Key type
|
|
|
|
* \param key_bits Key length in number of bits.
|
|
|
|
*/
|
|
|
|
#if defined(MBEDTLS_AES_ALT) || \
|
|
|
|
defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \
|
|
|
|
defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES)
|
|
|
|
#define MBEDTLS_TEST_HAVE_ALT_AES 1
|
|
|
|
#else
|
|
|
|
#define MBEDTLS_TEST_HAVE_ALT_AES 0
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#define MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_bits ) \
|
|
|
|
do \
|
|
|
|
{ \
|
|
|
|
if( ( MBEDTLS_TEST_HAVE_ALT_AES ) && \
|
|
|
|
( ( key_type ) == PSA_KEY_TYPE_AES ) && \
|
|
|
|
( key_bits == 192 ) ) \
|
|
|
|
{ \
|
|
|
|
mbedtls_test_skip( "AES-192 not supported", __LINE__, __FILE__ ); \
|
|
|
|
goto exit; \
|
|
|
|
} \
|
|
|
|
} \
|
|
|
|
while( 0 )
|
|
|
|
|
|
|
|
/** Skip a test case in case of a GCM operation with a nonce length different
|
|
|
|
* from 12 bytes.
|
|
|
|
*
|
|
|
|
* Call this macro in a test case when an AEAD cryptography operation that
|
|
|
|
* may involve the GCM mode returns with the PSA_ERROR_NOT_SUPPORTED error
|
|
|
|
* code to skip and not fail the test case in case the operation involves the
|
|
|
|
* GCM mode, a nonce with a length different from 12 bytes and the GCM mode
|
|
|
|
* implementation is an alternative one.
|
|
|
|
*
|
|
|
|
* Hardware GCM implementations are likely to not support nonce lengths
|
|
|
|
* different from 12 are those imply additional computations involving the
|
|
|
|
* GHASH function. Consequently, PSA test cases aim at not failing when an
|
|
|
|
* AEAD operation in GCM mode with a nonce length different from 12 bytes
|
|
|
|
* performed by an alternative GCM implementation returns with the
|
|
|
|
* PSA_ERROR_NOT_SUPPORTED error code. The purpose of this macro is to
|
|
|
|
* facilitate this and make the related code more readable.
|
|
|
|
*
|
|
|
|
* \param alg The AEAD algorithm.
|
|
|
|
* \param nonce_length The nonce length in number of bytes.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#if defined(MBEDTLS_GCM_ALT) || \
|
|
|
|
defined(MBEDTLS_PSA_ACCEL_ALG_GCM)
|
|
|
|
#define MBEDTLS_TEST_HAVE_ALT_GCM 1
|
|
|
|
#else
|
|
|
|
#define MBEDTLS_TEST_HAVE_ALT_GCM 0
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#define MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, \
|
|
|
|
nonce_length ) \
|
|
|
|
do \
|
|
|
|
{ \
|
|
|
|
if( ( MBEDTLS_TEST_HAVE_ALT_GCM ) && \
|
|
|
|
( PSA_ALG_AEAD_WITH_TAG_LENGTH( ( alg ) , 0 ) == \
|
|
|
|
PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 0 ) ) && \
|
|
|
|
( ( nonce_length ) != 12 ) ) \
|
|
|
|
{ \
|
|
|
|
mbedtls_test_skip( "GCM with non-12-byte IV is not supported", __LINE__, __FILE__ ); \
|
|
|
|
goto exit; \
|
|
|
|
} \
|
|
|
|
} \
|
|
|
|
while( 0 )
|
|
|
|
|
2019-06-20 12:40:56 +02:00
|
|
|
#endif /* PSA_CRYPTO_HELPERS_H */
|