/* * Helper functions for tests that use the PSA Crypto API. */ /* * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #ifndef PSA_CRYPTO_HELPERS_H #define PSA_CRYPTO_HELPERS_H #include "test/helpers.h" #include "test/psa_helpers.h" #include #include /** Check for things that have not been cleaned up properly in the * PSA subsystem. * * \return NULL if nothing has leaked. * \return A string literal explaining what has not been cleaned up * if applicable. */ const char *mbedtls_test_helper_is_psa_leaking( void ); /** Check that no PSA Crypto key slots are in use. * * If any slots are in use, mark the current test as failed and jump to * the exit label. This is equivalent to * `TEST_ASSERT( ! mbedtls_test_helper_is_psa_leaking( ) )` * but with a more informative message. */ #define ASSERT_PSA_PRISTINE( ) \ do \ { \ if( test_fail_if_psa_leaking( __LINE__, __FILE__ ) ) \ goto exit; \ } \ while( 0 ) /** Shut down the PSA Crypto subsystem. Expect a clean shutdown, with no slots * in use. */ #define PSA_DONE( ) \ do \ { \ test_fail_if_psa_leaking( __LINE__, __FILE__ ); \ mbedtls_psa_crypto_free( ); \ } \ while( 0 ) #if defined(RECORD_PSA_STATUS_COVERAGE_LOG) psa_status_t mbedtls_test_record_status( psa_status_t status, const char *func, const char *file, int line, const char *expr ); /** Return value logging wrapper macro. * * Evaluate \p expr. Write a line recording its value to the log file * #STATUS_LOG_FILE_NAME and return the value. The line is a colon-separated * list of fields: * ``` * value of expr:string:__FILE__:__LINE__:expr * ``` * * The test code does not call this macro explicitly because that would * be very invasive. Instead, we instrument the source code by defining * a bunch of wrapper macros like * ``` * #define psa_crypto_init() RECORD_STATUS("psa_crypto_init", psa_crypto_init()) * ``` * These macro definitions must be present in `instrument_record_status.h` * when building the test suites. * * \param string A string, normally a function name. * \param expr An expression to evaluate, normally a call of the function * whose name is in \p string. This expression must return * a value of type #psa_status_t. * \return The value of \p expr. */ #define RECORD_STATUS( string, expr ) \ mbedtls_test_record_status( ( expr ), string, __FILE__, __LINE__, #expr ) #include "instrument_record_status.h" #endif /* defined(RECORD_PSA_STATUS_COVERAGE_LOG) */ /** Skip a test case if the given key is an 192 bits AES key and the AES * implementation is at least partially an alternative implementation. * * Call this macro in a test case when a cryptography operation that may * involve an AES operation returns with the PSA_ERROR_NOT_SUPPORTED error * code to skip and not fail the test case in case the operation involves an * 192 bits AES key and the AES implementation is at least partially an * alternative implementation. * * Hardware AES implementations are likely to not support 192 bits keys. * Consequently, PSA test cases aim at not failing when an AES operation with * an 192 bits key performed by an alternative AES implementation returns * with the PSA_ERROR_NOT_SUPPORTED error code. The purpose of this macro * is to facilitate this and make the related code more readable. * * \param key_type Key type * \param key_bits Key length in number of bits. */ #if defined(MBEDTLS_AES_ALT) || \ defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) #define MBEDTLS_TEST_HAVE_ALT_AES 1 #else #define MBEDTLS_TEST_HAVE_ALT_AES 0 #endif #define MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_bits ) \ do \ { \ if( ( MBEDTLS_TEST_HAVE_ALT_AES ) && \ ( ( key_type ) == PSA_KEY_TYPE_AES ) && \ ( key_bits == 192 ) ) \ { \ mbedtls_test_skip( "AES-192 not supported", __LINE__, __FILE__ ); \ goto exit; \ } \ } \ while( 0 ) /** Skip a test case in case of a GCM operation with a nonce length different * from 12 bytes. * * Call this macro in a test case when an AEAD cryptography operation that * may involve the GCM mode returns with the PSA_ERROR_NOT_SUPPORTED error * code to skip and not fail the test case in case the operation involves the * GCM mode, a nonce with a length different from 12 bytes and the GCM mode * implementation is an alternative one. * * Hardware GCM implementations are likely to not support nonce lengths * different from 12 are those imply additional computations involving the * GHASH function. Consequently, PSA test cases aim at not failing when an * AEAD operation in GCM mode with a nonce length different from 12 bytes * performed by an alternative GCM implementation returns with the * PSA_ERROR_NOT_SUPPORTED error code. The purpose of this macro is to * facilitate this and make the related code more readable. * * \param alg The AEAD algorithm. * \param nonce_length The nonce length in number of bytes. */ #if defined(MBEDTLS_GCM_ALT) || \ defined(MBEDTLS_PSA_ACCEL_ALG_GCM) #define MBEDTLS_TEST_HAVE_ALT_GCM 1 #else #define MBEDTLS_TEST_HAVE_ALT_GCM 0 #endif #define MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, \ nonce_length ) \ do \ { \ if( ( MBEDTLS_TEST_HAVE_ALT_GCM ) && \ ( PSA_ALG_AEAD_WITH_TAG_LENGTH( ( alg ) , 0 ) == \ PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 0 ) ) && \ ( ( nonce_length ) != 12 ) ) \ { \ mbedtls_test_skip( "GCM with non-12-byte IV is not supported", __LINE__, __FILE__ ); \ goto exit; \ } \ } \ while( 0 ) #endif /* PSA_CRYPTO_HELPERS_H */