yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-29 16:04:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

Destroy recorded persistent keys in PSA_DONE()

Browse Source 
This ensures that test cases won't leave persistent files behind even
on failure, provided they use TEST_USES_KEY_ID(). Test cases that
don't use this macro are unaffected.

Tests that use PSA_DONE() midway and expect persistent keys to survive
must use PSA_SESSION_DONE() instead.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2021-02-14 14:08:22 +01:00
parent aae718caca
commit 65048ad648
3 changed files with 35 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
tests/include/test/psa_crypto_helpers.h
View File

@ -45,6 +45,9 @@ void mbedtls_test_psa_purge_key_storage( void );
/** Purge the in-memory cache of persistent keys recorded with /** Purge the in-memory cache of persistent keys recorded with
* #TEST_USES_KEY_ID. * #TEST_USES_KEY_ID.
*
* Call this function before calling PSA_DONE() if it's ok for
* persistent keys to still exist at this point.
*/ */
void mbedtls_test_psa_purge_key_cache( void ); void mbedtls_test_psa_purge_key_cache( void );
@ -79,6 +82,8 @@ void mbedtls_test_psa_purge_key_cache( void );
#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ #else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
#define TEST_USES_KEY_ID( key_id ) ( (void) ( key_id ) ) #define TEST_USES_KEY_ID( key_id ) ( (void) ( key_id ) )
#define mbedtls_test_psa_purge_key_storage( ) ( (void) 0 )
#define mbedtls_test_psa_purge_key_cache( ) ( (void) 0 )
#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ #endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
@ -108,13 +113,36 @@ const char *mbedtls_test_helper_is_psa_leaking( void );
} \ } \
while( 0 ) while( 0 )
/** Shut down the PSA Crypto subsystem. Expect a clean shutdown, with no slots /** Shut down the PSA Crypto subsystem and destroy persistent keys.
* in use. * Expect a clean shutdown, with no slots in use.
*
* If some key slots are still in use, record the test case as failed,
* but continue executing. This macro is suitable (and primarily intended)
* for use in the cleanup section of test functions.
*
* \note Persistent keys must be recorded with #TEST_USES_KEY_ID before
* creating them.
*/ */
#define PSA_DONE( ) \ #define PSA_DONE( ) \
do \ do \
{ \ { \
test_fail_if_psa_leaking( __LINE__, __FILE__ ); \ test_fail_if_psa_leaking( __LINE__, __FILE__ ); \
mbedtls_test_psa_purge_key_storage( ); \
mbedtls_psa_crypto_free( ); \
} \
while( 0 )
/** Shut down the PSA Crypto subsystem, allowing persistent keys to survive.
* Expect a clean shutdown, with no slots in use.
*
* If some key slots are still in use, record the test case as failed and
* jump to the `exit` label.
*/
#define PSA_SESSION_DONE( ) \
do \
{ \
mbedtls_test_psa_purge_key_cache( ); \
ASSERT_PSA_PRISTINE( ); \
mbedtls_psa_crypto_free( ); \ mbedtls_psa_crypto_free( ); \
} \ } \
while( 0 ) while( 0 )

8
tests/suites/test_suite_psa_crypto_se_driver_hal.function
View File

@ -769,10 +769,10 @@ exit:
static void psa_purge_storage( void ) static void psa_purge_storage( void )
{ {
/* The generic code in mbedtls_test_psa_purge_key_storage()
* (which is called by PSA_DONE()) doesn't take care of things that are
* specific to dynamic secure elements. */
psa_key_location_t location; psa_key_location_t location;
mbedtls_test_psa_purge_key_storage( );
/* Purge the transaction file. */ /* Purge the transaction file. */
psa_crypto_stop_transaction( ); psa_crypto_stop_transaction( );
/* Purge driver persistent data. */ /* Purge driver persistent data. */
@ -1496,7 +1496,7 @@ void register_key_smoke_test( int lifetime_arg,
PSA_ASSERT( psa_purge_key( id ) ); PSA_ASSERT( psa_purge_key( id ) );
/* Restart and try again. */ /* Restart and try again. */
PSA_DONE( ); PSA_SESSION_DONE( );
PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) ); PSA_ASSERT( psa_crypto_init( ) );
if( ! check_key_attributes( id, &attributes ) ) if( ! check_key_attributes( id, &attributes ) )

14
tests/suites/test_suite_psa_crypto_slot_management.function
View File

@ -86,8 +86,7 @@ static int invalidate_psa( invalidate_method_t invalidate_method )
case INVALIDATE_BY_DESTROYING_WITH_SHUTDOWN: case INVALIDATE_BY_DESTROYING_WITH_SHUTDOWN:
case INVALIDATE_BY_PURGING_WITH_SHUTDOWN: case INVALIDATE_BY_PURGING_WITH_SHUTDOWN:
/* All keys must have been closed. */ /* All keys must have been closed. */
mbedtls_test_psa_purge_key_cache( ); PSA_SESSION_DONE( );
PSA_DONE( );
break; break;
case INVALIDATE_BY_SHUTDOWN: case INVALIDATE_BY_SHUTDOWN:
/* Some keys may remain behind, and we're testing that this /* Some keys may remain behind, and we're testing that this
@ -339,7 +338,6 @@ exit:
psa_reset_key_attributes( &read_attributes ); psa_reset_key_attributes( &read_attributes );
PSA_DONE( ); PSA_DONE( );
mbedtls_test_psa_purge_key_storage( );
mbedtls_free( reexported ); mbedtls_free( reexported );
} }
/* END_CASE */ /* END_CASE */
@ -413,7 +411,6 @@ exit:
psa_reset_key_attributes( &attributes ); psa_reset_key_attributes( &attributes );
PSA_DONE( ); PSA_DONE( );
mbedtls_test_psa_purge_key_storage( );
} }
/* END_CASE */ /* END_CASE */
@ -472,9 +469,6 @@ void create_fail( int lifetime_arg, int id_arg,
exit: exit:
PSA_DONE( ); PSA_DONE( );
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
mbedtls_test_psa_purge_key_storage( );
#endif
} }
/* END_CASE */ /* END_CASE */
@ -610,9 +604,6 @@ exit:
PSA_DONE( ); PSA_DONE( );
mbedtls_free( export_buffer ); mbedtls_free( export_buffer );
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
mbedtls_test_psa_purge_key_storage( );
#endif
} }
/* END_CASE */ /* END_CASE */
@ -728,9 +719,6 @@ exit:
PSA_DONE( ); PSA_DONE( );
mbedtls_free( export_buffer ); mbedtls_free( export_buffer );
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
mbedtls_test_psa_purge_key_storage( );
#endif
} }
/* END_CASE */ /* END_CASE */