From 018b2f6a62cc2fcb0d35ccb5e0ec72bff5c9388c Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 8 Nov 2022 15:55:00 +0800 Subject: [PATCH 1/3] check_names: extend typo check to PSA macro/enum names Typos of PSA macro and enum names are not checked by check_names.py. This commit extend the check list to include PSA_XXX references. The words should be macro/enum names defined as public_macros, internal_macros, private_macros and enums. This commit also extend the scope of enums to include those are defined in library/*.c. A new type of macros "private", which are defined in library/*.c was also added. Signed-off-by: Pengyu Lv --- tests/scripts/check_names.py | 47 +++++++++++++++++++++++------------- 1 file changed, 30 insertions(+), 17 deletions(-) diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py index d1e87b5c52..b2a72b5019 100755 --- a/tests/scripts/check_names.py +++ b/tests/scripts/check_names.py @@ -36,7 +36,7 @@ NameChecker performs the following checks: declared in the header files. This uses the nm command. - All macros, constants, and identifiers (function names, struct names, etc) follow the required regex pattern. -- Typo checking: All words that begin with MBED exist as macros or constants. +- Typo checking: All words that begin with MBED|PSA exist as macros or constants. The script returns 0 on success, 1 on test failure, and 2 if there is a script error. It must be run from Mbed TLS root. @@ -190,11 +190,12 @@ class PatternMismatch(Problem): # pylint: disable=too-few-public-methods class Typo(Problem): # pylint: disable=too-few-public-methods """ - A problem that occurs when a word using MBED doesn't appear to be defined as - constants nor enum values. Created with NameCheck.check_for_typos() + A problem that occurs when a word using MBED or PSA doesn't + appear to be defined as constants nor enum values. Created with + NameCheck.check_for_typos() Fields: - * match: the Match object of the MBED name in question. + * match: the Match object of the MBED|PSA name in question. """ def __init__(self, match): self.match = match @@ -252,9 +253,14 @@ class CodeParser(): "3rdparty/everest/include/everest/everest.h", "3rdparty/everest/include/everest/x25519.h" ]) + private_macros = self.parse_macros([ + "library/*.c", + ]) enum_consts = self.parse_enum_consts([ "include/mbedtls/*.h", + "include/psa/*.h", "library/*.h", + "library/*.c", "3rdparty/everest/include/everest/everest.h", "3rdparty/everest/include/everest/x25519.h" ]) @@ -265,7 +271,7 @@ class CodeParser(): "3rdparty/everest/include/everest/everest.h", "3rdparty/everest/include/everest/x25519.h" ]) - mbed_words = self.parse_mbed_words([ + mbed_psa_words = self.parse_mbed_psa_words([ "include/mbedtls/*.h", "include/psa/*.h", "library/*.h", @@ -293,10 +299,11 @@ class CodeParser(): self.log.debug(" {:4} Exported Symbols".format(len(symbols))) return { "macros": actual_macros, + "private_macros": private_macros, "enum_consts": enum_consts, "identifiers": identifiers, "symbols": symbols, - "mbed_words": mbed_words + "mbed_psa_words": mbed_psa_words } def is_file_excluded(self, path, exclude_wildcards): @@ -364,25 +371,28 @@ class CodeParser(): return macros - def parse_mbed_words(self, include, exclude=None): + def parse_mbed_psa_words(self, include, exclude=None): """ - Parse all words in the file that begin with MBED, in and out of macros, - comments, anything. + Parse all words in the file that begin with MBED|PSA, in and out of + macros, comments, anything. Args: * include: A List of glob expressions to look for files through. * exclude: A List of glob expressions for excluding files. - Returns a List of Match objects for words beginning with MBED. + Returns a List of Match objects for words beginning with MBED|PSA. """ # Typos of TLS are common, hence the broader check below than MBEDTLS. - mbed_regex = re.compile(r"\bMBED.+?_[A-Z0-9_]*") + mbed_regex = re.compile(r"\b(MBED.+?|PSA)_[A-Z0-9_]*") exclusions = re.compile(r"// *no-check-names|#error") files = self.get_files(include, exclude) - self.log.debug("Looking for MBED words in {} files".format(len(files))) + self.log.debug( + "Looking for MBED|PSA words in {} files" + .format(len(files)) + ) - mbed_words = [] + mbed_psa_words = [] for filename in files: with open(filename, "r", encoding="utf-8") as fp: for line_no, line in enumerate(fp): @@ -390,14 +400,14 @@ class CodeParser(): continue for name in mbed_regex.finditer(line): - mbed_words.append(Match( + mbed_psa_words.append(Match( filename, line, line_no, name.span(0), name.group(0))) - return mbed_words + return mbed_psa_words def parse_enum_consts(self, include, exclude=None): """ @@ -820,11 +830,14 @@ class NameChecker(): all_caps_names = { match.name for match - in self.parse_result["macros"] + self.parse_result["enum_consts"]} + in self.parse_result["macros"] + + self.parse_result["private_macros"] + + self.parse_result["enum_consts"] + } typo_exclusion = re.compile(r"XXX|__|_$|^MBEDTLS_.*CONFIG_FILE$|" r"MBEDTLS_TEST_LIBTESTDRIVER*") - for name_match in self.parse_result["mbed_words"]: + for name_match in self.parse_result["mbed_psa_words"]: found = name_match.name in all_caps_names # Since MBEDTLS_PSA_ACCEL_XXX defines are defined by the From fda7f508d8ba2e7c6cd7c723db553d1d8f5e71a2 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 8 Nov 2022 16:56:51 +0800 Subject: [PATCH 2/3] add exclusive rule for PSA_CRYPTO_DRIVER_TEST This macro is expected to be defined out of the library, and there is no definition in the library. Thus it needs to be excluded from typo check. Signed-off-by: Pengyu Lv --- tests/scripts/check_names.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py index b2a72b5019..e317c4a670 100755 --- a/tests/scripts/check_names.py +++ b/tests/scripts/check_names.py @@ -835,7 +835,8 @@ class NameChecker(): self.parse_result["enum_consts"] } typo_exclusion = re.compile(r"XXX|__|_$|^MBEDTLS_.*CONFIG_FILE$|" - r"MBEDTLS_TEST_LIBTESTDRIVER*") + r"MBEDTLS_TEST_LIBTESTDRIVER*|" + r"PSA_CRYPTO_DRIVER_TEST") for name_match in self.parse_result["mbed_psa_words"]: found = name_match.name in all_caps_names From f513197d0d71fc22d2b6bd89da7aef92a1ff4f8a Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 8 Nov 2022 18:17:00 +0800 Subject: [PATCH 3/3] fix PSA_XXX typos detected by check_names.py Fix the PSA_XXX typos detected by check_names.py. Signed-off-by: Pengyu Lv --- include/psa/crypto.h | 4 ++-- include/psa/crypto_values.h | 6 +++--- library/psa_crypto_aead.h | 2 +- library/psa_crypto_driver_wrappers.c | 8 ++++---- library/psa_crypto_its.h | 4 ++-- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index faa3b9e3fb..b75947cdb4 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -2861,7 +2861,7 @@ psa_status_t psa_aead_abort(psa_aead_operation_t *operation); * * \note To perform a multi-part hash-and-sign signature algorithm, first use * a multi-part hash operation and then pass the resulting hash to - * psa_sign_hash(). PSA_ALG_GET_HASH(\p alg) can be used to determine the + * psa_sign_hash(). PSA_ALG_SIGN_GET_HASH(\p alg) can be used to determine the * hash algorithm to use. * * \param[in] key Identifier of the key to use for the operation. @@ -2927,7 +2927,7 @@ psa_status_t psa_sign_message( mbedtls_svc_key_id_t key, * \note To perform a multi-part hash-and-sign signature verification * algorithm, first use a multi-part hash operation to hash the message * and then pass the resulting hash to psa_verify_hash(). - * PSA_ALG_GET_HASH(\p alg) can be used to determine the hash algorithm + * PSA_ALG_SIGN_GET_HASH(\p alg) can be used to determine the hash algorithm * to use. * * \param[in] key Identifier of the key to use for the operation. diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 8e61f2fba4..e3c587020d 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1688,7 +1688,7 @@ #define PSA_ALG_HKDF_BASE ((psa_algorithm_t)0x08000100) /** Macro to build an HKDF algorithm. * - * For example, `PSA_ALG_HKDF(PSA_ALG_SHA256)` is HKDF using HMAC-SHA-256. + * For example, `PSA_ALG_HKDF(PSA_ALG_SHA_256)` is HKDF using HMAC-SHA-256. * * This key derivation algorithm uses the following inputs: * - #PSA_KEY_DERIVATION_INPUT_SALT is the salt used in the "extract" step. @@ -1741,7 +1741,7 @@ * concatenation of ServerHello.Random + ClientHello.Random, * and the label is "key expansion". * - * For example, `PSA_ALG_TLS12_PRF(PSA_ALG_SHA256)` represents the + * For example, `PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256)` represents the * TLS 1.2 PRF using HMAC-SHA-256. * * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that @@ -1787,7 +1787,7 @@ * ClientHello.Random + ServerHello.Random, * and the label is "master secret" or "extended master secret". * - * For example, `PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA256)` represents the + * For example, `PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256)` represents the * TLS-1.2 PSK to MasterSecret derivation PRF using HMAC-SHA-256. * * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h index aab0f835c4..e18e85d1ca 100644 --- a/library/psa_crypto_aead.h +++ b/library/psa_crypto_aead.h @@ -148,4 +148,4 @@ psa_status_t mbedtls_psa_aead_decrypt( const uint8_t *ciphertext, size_t ciphertext_length, uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length ); -#endif /* PSA_CRYPTO_AEAD */ +#endif /* PSA_CRYPTO_AEAD_H */ diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index c455ecb939..c9b86fe819 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -275,7 +275,7 @@ psa_status_t psa_driver_wrapper_sign_hash( alg, hash, hash_length, signature, signature_size, signature_length ) ); } -#endif /* PSA_CRYPTO_SE_C */ +#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_location_t location = @@ -359,7 +359,7 @@ psa_status_t psa_driver_wrapper_verify_hash( alg, hash, hash_length, signature, signature_length ) ); } -#endif /* PSA_CRYPTO_SE_C */ +#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_location_t location = @@ -579,7 +579,7 @@ psa_status_t psa_driver_wrapper_import_key( return( PSA_SUCCESS ); } -#endif /* PSA_CRYPTO_SE_C */ +#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ switch( location ) { @@ -641,7 +641,7 @@ psa_status_t psa_driver_wrapper_export_key( *( (psa_key_slot_number_t *)key_buffer ), data, data_size, data_length ) ); } -#endif /* PSA_CRYPTO_SE_C */ +#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ switch( location ) { diff --git a/library/psa_crypto_its.h b/library/psa_crypto_its.h index 3a3f49a725..1b8dc2032c 100644 --- a/library/psa_crypto_its.h +++ b/library/psa_crypto_its.h @@ -73,7 +73,7 @@ struct psa_storage_info_t * \return A status indicating the success/failure of the operation * * \retval #PSA_SUCCESS The operation completed successfully - * \retval #PSA_ERROR_NOT_PERMITTED The operation failed because the provided `uid` value was already created with PSA_STORAGE_WRITE_ONCE_FLAG + * \retval #PSA_ERROR_NOT_PERMITTED The operation failed because the provided `uid` value was already created with PSA_STORAGE_FLAG_WRITE_ONCE * \retval #PSA_ERROR_NOT_SUPPORTED The operation failed because one or more of the flags provided in `create_flags` is not supported or is not valid * \retval #PSA_ERROR_INSUFFICIENT_STORAGE The operation failed because there was insufficient space on the storage medium * \retval #PSA_ERROR_STORAGE_FAILURE The operation failed because the physical storage has failed (Fatal error) @@ -137,7 +137,7 @@ psa_status_t psa_its_get_info(psa_storage_uid_t uid, * * \retval #PSA_SUCCESS The operation completed successfully * \retval #PSA_ERROR_DOES_NOT_EXIST The operation failed because the provided key value was not found in the storage - * \retval #PSA_ERROR_NOT_PERMITTED The operation failed because the provided key value was created with PSA_STORAGE_WRITE_ONCE_FLAG + * \retval #PSA_ERROR_NOT_PERMITTED The operation failed because the provided key value was created with PSA_STORAGE_FLAG_WRITE_ONCE * \retval #PSA_ERROR_STORAGE_FAILURE The operation failed because the physical storage has failed (Fatal error) */ psa_status_t psa_its_remove(psa_storage_uid_t uid);