#line 2 "helpers.function" /*----------------------------------------------------------------------------*/ /* Headers */ #include #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" #else #include #define mbedtls_fprintf fprintf #define mbedtls_snprintf snprintf #define mbedtls_calloc calloc #define mbedtls_free free #define mbedtls_exit exit #define mbedtls_time time #define mbedtls_time_t time_t #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) #include "mbedtls/memory_buffer_alloc.h" #endif #ifdef _MSC_VER #include typedef UINT32 uint32_t; #define strncasecmp _strnicmp #define strcasecmp _stricmp #else #include #endif #include #if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) #include #endif #if defined(MBEDTLS_THREADING_C) && defined(MBEDTLS_THREADING_PTHREAD) && \ defined(MBEDTLS_TEST_HOOKS) #include "mbedtls/threading.h" #define MBEDTLS_TEST_MUTEX_USAGE #endif /* * Define the two macros * * #define TEST_CF_SECRET(ptr, size) * #define TEST_CF_PUBLIC(ptr, size) * * that can be used in tests to mark a memory area as secret (no branch or * memory access should depend on it) or public (default, only needs to be * marked explicitly when it was derived from secret data). * * Arguments: * - ptr: a pointer to the memory area to be marked * - size: the size in bytes of the memory area * * Implementation: * The basic idea is that of ctgrind : we can * re-use tools that were designed for checking use of uninitialized memory. * This file contains two implementations: one based on MemorySanitizer, the * other on valgrind's memcheck. If none of them is enabled, dummy macros that * do nothing are defined for convenience. */ #if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) #include /* Use macros to avoid messing up with origin tracking */ #define TEST_CF_SECRET __msan_allocated_memory // void __msan_allocated_memory(const volatile void* data, size_t size); #define TEST_CF_PUBLIC __msan_unpoison // void __msan_unpoison(const volatile void *a, size_t size); #elif defined(MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND) #include #define TEST_CF_SECRET VALGRIND_MAKE_MEM_UNDEFINED // VALGRIND_MAKE_MEM_UNDEFINED(_qzz_addr, _qzz_len) #define TEST_CF_PUBLIC VALGRIND_MAKE_MEM_DEFINED // VALGRIND_MAKE_MEM_DEFINED(_qzz_addr, _qzz_len) #else /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN || MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND */ #define TEST_CF_SECRET(ptr, size) #define TEST_CF_PUBLIC(ptr, size) #endif /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN */ /*----------------------------------------------------------------------------*/ /* Constants */ #define DEPENDENCY_SUPPORTED 0 #define DEPENDENCY_NOT_SUPPORTED 1 #define KEY_VALUE_MAPPING_FOUND 0 #define KEY_VALUE_MAPPING_NOT_FOUND -1 #define DISPATCH_TEST_SUCCESS 0 #define DISPATCH_TEST_FN_NOT_FOUND 1 #define DISPATCH_INVALID_TEST_DATA 2 #define DISPATCH_UNSUPPORTED_SUITE 3 /*----------------------------------------------------------------------------*/ /* Macros */ #define TEST_ASSERT( TEST ) \ do { \ if( ! (TEST) ) \ { \ test_fail( #TEST, __LINE__, __FILE__ ); \ goto exit; \ } \ } while( 0 ) #define assert(a) if( !( a ) ) \ { \ mbedtls_fprintf( stderr, "Assertion Failed at %s:%d - %s\n", \ __FILE__, __LINE__, #a ); \ mbedtls_exit( 1 ); \ } #if defined(__GNUC__) /* Test if arg and &(arg)[0] have the same type. This is true if arg is * an array but not if it's a pointer. */ #define IS_ARRAY_NOT_POINTER( arg ) \ ( ! __builtin_types_compatible_p( __typeof__( arg ), \ __typeof__( &( arg )[0] ) ) ) #else /* On platforms where we don't know how to implement this check, * omit it. Oh well, a non-portable check is better than nothing. */ #define IS_ARRAY_NOT_POINTER( arg ) 1 #endif /* A compile-time constant with the value 0. If `const_expr` is not a * compile-time constant with a nonzero value, cause a compile-time error. */ #define STATIC_ASSERT_EXPR( const_expr ) \ ( 0 && sizeof( struct { unsigned int STATIC_ASSERT : 1 - 2 * ! ( const_expr ); } ) ) /* Return the scalar value `value` (possibly promoted). This is a compile-time * constant if `value` is. `condition` must be a compile-time constant. * If `condition` is false, arrange to cause a compile-time error. */ #define STATIC_ASSERT_THEN_RETURN( condition, value ) \ ( STATIC_ASSERT_EXPR( condition ) ? 0 : ( value ) ) #define ARRAY_LENGTH_UNSAFE( array ) \ ( sizeof( array ) / sizeof( *( array ) ) ) /** Return the number of elements of a static or stack array. * * \param array A value of array (not pointer) type. * * \return The number of elements of the array. */ #define ARRAY_LENGTH( array ) \ ( STATIC_ASSERT_THEN_RETURN( IS_ARRAY_NOT_POINTER( array ), \ ARRAY_LENGTH_UNSAFE( array ) ) ) /* * 32-bit integer manipulation macros (big endian) */ #ifndef GET_UINT32_BE #define GET_UINT32_BE(n,b,i) \ { \ (n) = ( (uint32_t) (b)[(i) ] << 24 ) \ | ( (uint32_t) (b)[(i) + 1] << 16 ) \ | ( (uint32_t) (b)[(i) + 2] << 8 ) \ | ( (uint32_t) (b)[(i) + 3] ); \ } #endif #ifndef PUT_UINT32_BE #define PUT_UINT32_BE(n,b,i) \ { \ (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ (b)[(i) + 3] = (unsigned char) ( (n) ); \ } #endif /*----------------------------------------------------------------------------*/ /* Global variables */ static struct { int failed; const char *test; const char *filename; int line_no; #if defined(MBEDTLS_TEST_MUTEX_USAGE) const char *mutex_usage_error; #endif } test_info; /*----------------------------------------------------------------------------*/ /* Helper flags for complex dependencies */ /* Indicates whether we expect mbedtls_entropy_init * to initialize some strong entropy source. */ #if defined(MBEDTLS_TEST_NULL_ENTROPY) || \ ( !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) && \ ( !defined(MBEDTLS_NO_PLATFORM_ENTROPY) || \ defined(MBEDTLS_HAVEGE_C) || \ defined(MBEDTLS_ENTROPY_HARDWARE_ALT) || \ defined(ENTROPY_NV_SEED) ) ) #define ENTROPY_HAVE_STRONG #endif /*----------------------------------------------------------------------------*/ /* Helper Functions */ void test_fail( const char *test, int line_no, const char* filename ) { if( test_info.failed ) { /* We've already recorded the test as having failed. Don't * overwrite any previous information about the failure. */ return; } test_info.failed = 1; test_info.test = test; test_info.line_no = line_no; test_info.filename = filename; } #if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) static int redirect_output( FILE* out_stream, const char* path ) { int out_fd, dup_fd; FILE* path_stream; out_fd = fileno( out_stream ); dup_fd = dup( out_fd ); if( dup_fd == -1 ) { return( -1 ); } path_stream = fopen( path, "w" ); if( path_stream == NULL ) { close( dup_fd ); return( -1 ); } fflush( out_stream ); if( dup2( fileno( path_stream ), out_fd ) == -1 ) { close( dup_fd ); fclose( path_stream ); return( -1 ); } fclose( path_stream ); return( dup_fd ); } static int restore_output( FILE* out_stream, int dup_fd ) { int out_fd = fileno( out_stream ); fflush( out_stream ); if( dup2( dup_fd, out_fd ) == -1 ) { close( out_fd ); close( dup_fd ); return( -1 ); } close( dup_fd ); return( 0 ); } #endif /* __unix__ || __APPLE__ __MACH__ */ int unhexify( unsigned char *obuf, const char *ibuf ) { unsigned char c, c2; int len = strlen( ibuf ) / 2; assert( strlen( ibuf ) % 2 == 0 ); /* must be even number of bytes */ while( *ibuf != 0 ) { c = *ibuf++; if( c >= '0' && c <= '9' ) c -= '0'; else if( c >= 'a' && c <= 'f' ) c -= 'a' - 10; else if( c >= 'A' && c <= 'F' ) c -= 'A' - 10; else assert( 0 ); c2 = *ibuf++; if( c2 >= '0' && c2 <= '9' ) c2 -= '0'; else if( c2 >= 'a' && c2 <= 'f' ) c2 -= 'a' - 10; else if( c2 >= 'A' && c2 <= 'F' ) c2 -= 'A' - 10; else assert( 0 ); *obuf++ = ( c << 4 ) | c2; } return len; } void hexify( unsigned char *obuf, const unsigned char *ibuf, int len ) { unsigned char l, h; while( len != 0 ) { h = *ibuf / 16; l = *ibuf % 16; if( h < 10 ) *obuf++ = '0' + h; else *obuf++ = 'a' + h - 10; if( l < 10 ) *obuf++ = '0' + l; else *obuf++ = 'a' + l - 10; ++ibuf; len--; } } /** * Allocate and zeroize a buffer. * * If the size if zero, a pointer to a zeroized 1-byte buffer is returned. * * For convenience, dies if allocation fails. */ static unsigned char *zero_alloc( size_t len ) { void *p; size_t actual_len = ( len != 0 ) ? len : 1; p = mbedtls_calloc( 1, actual_len ); assert( p != NULL ); memset( p, 0x00, actual_len ); return( p ); } /** * Allocate and fill a buffer from hex data. * * The buffer is sized exactly as needed. This allows to detect buffer * overruns (including overreads) when running the test suite under valgrind. * * If the size if zero, a pointer to a zeroized 1-byte buffer is returned. * * For convenience, dies if allocation fails. */ unsigned char *unhexify_alloc( const char *ibuf, size_t *olen ) { unsigned char *obuf; *olen = strlen( ibuf ) / 2; if( *olen == 0 ) return( zero_alloc( *olen ) ); obuf = mbedtls_calloc( 1, *olen ); assert( obuf != NULL ); (void) unhexify( obuf, ibuf ); return( obuf ); } /** * This function just returns data from rand(). * Although predictable and often similar on multiple * runs, this does not result in identical random on * each run. So do not use this if the results of a * test depend on the random data that is generated. * * rng_state shall be NULL. */ static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len ) { #if !defined(__OpenBSD__) && !defined(__NetBSD__) size_t i; if( rng_state != NULL ) rng_state = NULL; for( i = 0; i < len; ++i ) output[i] = rand(); #else if( rng_state != NULL ) rng_state = NULL; arc4random_buf( output, len ); #endif /* !OpenBSD && !NetBSD */ return( 0 ); } /** * This function only returns zeros * * rng_state shall be NULL. */ int rnd_zero_rand( void *rng_state, unsigned char *output, size_t len ) { if( rng_state != NULL ) rng_state = NULL; memset( output, 0, len ); return( 0 ); } typedef struct { unsigned char *buf; size_t length; } rnd_buf_info; /** * This function returns random based on a buffer it receives. * * rng_state shall be a pointer to a rnd_buf_info structure. * * The number of bytes released from the buffer on each call to * the random function is specified by per_call. (Can be between * 1 and 4) * * After the buffer is empty it will return rand(); */ int rnd_buffer_rand( void *rng_state, unsigned char *output, size_t len ) { rnd_buf_info *info = (rnd_buf_info *) rng_state; size_t use_len; if( rng_state == NULL ) return( rnd_std_rand( NULL, output, len ) ); use_len = len; if( len > info->length ) use_len = info->length; if( use_len ) { memcpy( output, info->buf, use_len ); info->buf += use_len; info->length -= use_len; } if( len - use_len > 0 ) return( rnd_std_rand( NULL, output + use_len, len - use_len ) ); return( 0 ); } /** * Info structure for the pseudo random function * * Key should be set at the start to a test-unique value. * Do not forget endianness! * State( v0, v1 ) should be set to zero. */ typedef struct { uint32_t key[16]; uint32_t v0, v1; } rnd_pseudo_info; /** * This function returns random based on a pseudo random function. * This means the results should be identical on all systems. * Pseudo random is based on the XTEA encryption algorithm to * generate pseudorandom. * * rng_state shall be a pointer to a rnd_pseudo_info structure. */ int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len ) { rnd_pseudo_info *info = (rnd_pseudo_info *) rng_state; uint32_t i, *k, sum, delta=0x9E3779B9; unsigned char result[4], *out = output; if( rng_state == NULL ) return( rnd_std_rand( NULL, output, len ) ); k = info->key; while( len > 0 ) { size_t use_len = ( len > 4 ) ? 4 : len; sum = 0; for( i = 0; i < 32; i++ ) { info->v0 += ( ( ( info->v1 << 4 ) ^ ( info->v1 >> 5 ) ) + info->v1 ) ^ ( sum + k[sum & 3] ); sum += delta; info->v1 += ( ( ( info->v0 << 4 ) ^ ( info->v0 >> 5 ) ) + info->v0 ) ^ ( sum + k[( sum>>11 ) & 3] ); } PUT_UINT32_BE( info->v0, result, 0 ); memcpy( out, result, use_len ); len -= use_len; out += 4; } return( 0 ); } #if defined(MBEDTLS_TEST_MUTEX_USAGE) /** Mutex usage verification framework. * * The mutex usage verification code below aims to detect bad usage of * Mbed TLS's mutex abstraction layer at runtime. Note that this is solely * about the use of the mutex itself, not about checking whether the mutex * correctly protects whatever it is supposed to protect. * * The normal usage of a mutex is: * ``` * digraph mutex_states { * "UNINITIALIZED"; // the initial state * "IDLE"; * "FREED"; * "LOCKED"; * "UNINITIALIZED" -> "IDLE" [label="init"]; * "FREED" -> "IDLE" [label="init"]; * "IDLE" -> "LOCKED" [label="lock"]; * "LOCKED" -> "IDLE" [label="unlock"]; * "IDLE" -> "FREED" [label="free"]; * } * ``` * * All bad transitions that can be unambiguously detected are reported. * An attempt to use an uninitialized mutex cannot be detected in general * since the memory content may happen to denote a valid state. For the same * reason, a double init cannot be detected. * All-bits-zero is the state of a freed mutex, which is distinct from an * initialized mutex, so attempting to use zero-initialized memory as a mutex * without calling the init function is detected. * * The framework attempts to detect missing calls to init and free by counting * calls to init and free. If there are more calls to init than free, this * means that a mutex is not being freed somewhere, which is a memory leak * on platforms where a mutex consumes resources other than the * mbedtls_threading_mutex_t object itself. If there are more calls to free * than init, this indicates a missing init, which is likely to be detected * by an attempt to lock the mutex as well. A limitation of this framework is * that it cannot detect scenarios where there is exactly the same number of * calls to init and free but the calls don't match. A bug like this is * unlikely to happen uniformly throughout the whole test suite though. * * If an error is detected, this framework will report what happened and the * test case will be marked as failed. Unfortunately, the error report cannot * indicate the exact location of the problematic call. To locate the error, * use a debugger and set a breakpoint on mbedtls_test_mutex_usage_error(). */ enum value_of_mutex_is_valid_field { /* Potential values for the is_valid field of mbedtls_threading_mutex_t. * Note that MUTEX_FREED must be 0 and MUTEX_IDLE must be 1 for * compatibility with threading_mutex_init_pthread() and * threading_mutex_free_pthread(). MUTEX_LOCKED could be any nonzero * value. */ MUTEX_FREED = 0, //!< Set by threading_mutex_free_pthread MUTEX_IDLE = 1, //!< Set by threading_mutex_init_pthread and by our unlock MUTEX_LOCKED = 2, //!< Set by our lock }; typedef struct { void (*init)( mbedtls_threading_mutex_t * ); void (*free)( mbedtls_threading_mutex_t * ); int (*lock)( mbedtls_threading_mutex_t * ); int (*unlock)( mbedtls_threading_mutex_t * ); } mutex_functions_t; static mutex_functions_t mutex_functions; /** The total number of calls to mbedtls_mutex_init(), minus the total number * of calls to mbedtls_mutex_free(). * * Reset to 0 after each test case. */ static int live_mutexes; static void mbedtls_test_mutex_usage_error( mbedtls_threading_mutex_t *mutex, const char *msg ) { (void) mutex; if( test_info.mutex_usage_error == NULL ) test_info.mutex_usage_error = msg; mbedtls_fprintf( stdout, "[mutex: %s] ", msg ); /* Don't mark the test as failed yet. This way, if the test fails later * for a functional reason, the test framework will report the message * and location for this functional reason. If the test passes, * mbedtls_test_mutex_usage_check() will mark it as failed. */ } static void mbedtls_test_wrap_mutex_init( mbedtls_threading_mutex_t *mutex ) { mutex_functions.init( mutex ); if( mutex->is_valid ) ++live_mutexes; } static void mbedtls_test_wrap_mutex_free( mbedtls_threading_mutex_t *mutex ) { switch( mutex->is_valid ) { case MUTEX_FREED: mbedtls_test_mutex_usage_error( mutex, "free without init or double free" ); break; case MUTEX_IDLE: /* Do nothing. The underlying free function will reset is_valid * to 0. */ break; case MUTEX_LOCKED: mbedtls_test_mutex_usage_error( mutex, "free without unlock" ); break; default: mbedtls_test_mutex_usage_error( mutex, "corrupted state" ); break; } if( mutex->is_valid ) --live_mutexes; mutex_functions.free( mutex ); } static int mbedtls_test_wrap_mutex_lock( mbedtls_threading_mutex_t *mutex ) { int ret = mutex_functions.lock( mutex ); switch( mutex->is_valid ) { case MUTEX_FREED: mbedtls_test_mutex_usage_error( mutex, "lock without init" ); break; case MUTEX_IDLE: if( ret == 0 ) mutex->is_valid = 2; break; case MUTEX_LOCKED: mbedtls_test_mutex_usage_error( mutex, "double lock" ); break; default: mbedtls_test_mutex_usage_error( mutex, "corrupted state" ); break; } return( ret ); } static int mbedtls_test_wrap_mutex_unlock( mbedtls_threading_mutex_t *mutex ) { int ret = mutex_functions.unlock( mutex ); switch( mutex->is_valid ) { case MUTEX_FREED: mbedtls_test_mutex_usage_error( mutex, "unlock without init" ); break; case MUTEX_IDLE: mbedtls_test_mutex_usage_error( mutex, "unlock without lock" ); break; case MUTEX_LOCKED: if( ret == 0 ) mutex->is_valid = MUTEX_IDLE; break; default: mbedtls_test_mutex_usage_error( mutex, "corrupted state" ); break; } return( ret ); } static void mbedtls_test_mutex_usage_init( void ) { mutex_functions.init = mbedtls_mutex_init; mutex_functions.free = mbedtls_mutex_free; mutex_functions.lock = mbedtls_mutex_lock; mutex_functions.unlock = mbedtls_mutex_unlock; mbedtls_mutex_init = &mbedtls_test_wrap_mutex_init; mbedtls_mutex_free = &mbedtls_test_wrap_mutex_free; mbedtls_mutex_lock = &mbedtls_test_wrap_mutex_lock; mbedtls_mutex_unlock = &mbedtls_test_wrap_mutex_unlock; } static void mbedtls_test_mutex_usage_check( void ) { if( live_mutexes != 0 ) { /* A positive number (more init than free) means that a mutex resource * is leaking (on platforms where a mutex consumes more than the * mbedtls_threading_mutex_t object itself). The rare case of a * negative number means a missing init somewhere. */ mbedtls_fprintf( stdout, "[mutex: %d leaked] ", live_mutexes ); live_mutexes = 0; if( test_info.mutex_usage_error == NULL ) test_info.mutex_usage_error = "missing free"; } if( test_info.mutex_usage_error != NULL && ! test_info.failed ) { /* Functionally, the test passed. But there was a mutex usage error, * so mark the test as failed after all. */ test_fail( "Mutex usage error", __LINE__, __FILE__ ); } test_info.mutex_usage_error = NULL; } #endif /* MBEDTLS_TEST_MUTEX_USAGE */