Merge pull request #6586 from lpy4105/2.28-check-psa-name-typo

Backport 2.28: check_names: extend typo check to PSA macro/enum names
2025-08-08 17:42:09 +03:00 · 2022-12-13 09:24:56 +01:00
parent a5edd2b553 f513197d0d
commit 1d1baa7fc3
6 changed files with 44 additions and 30 deletions
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -2861,7 +2861,7 @@ psa_status_t psa_aead_abort(psa_aead_operation_t *operation);
 *
 * \note To perform a multi-part hash-and-sign signature algorithm, first use
 *       a multi-part hash operation and then pass the resulting hash to
- *       psa_sign_hash(). PSA_ALG_GET_HASH(\p alg) can be used to determine the
+ *       psa_sign_hash(). PSA_ALG_SIGN_GET_HASH(\p alg) can be used to determine the
 *       hash algorithm to use.
 *
 * \param[in]  key              Identifier of the key to use for the operation.
@@ -2927,7 +2927,7 @@ psa_status_t psa_sign_message( mbedtls_svc_key_id_t key,
 * \note To perform a multi-part hash-and-sign signature verification
 *       algorithm, first use a multi-part hash operation to hash the message
 *       and then pass the resulting hash to psa_verify_hash().
- *       PSA_ALG_GET_HASH(\p alg) can be used to determine the hash algorithm
+ *       PSA_ALG_SIGN_GET_HASH(\p alg) can be used to determine the hash algorithm
 *       to use.
 *
 * \param[in]  key              Identifier of the key to use for the operation.
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -1690,7 +1690,7 @@
 #define PSA_ALG_HKDF_BASE                       ((psa_algorithm_t)0x08000100)
 /** Macro to build an HKDF algorithm.
 *
- * For example, `PSA_ALG_HKDF(PSA_ALG_SHA256)` is HKDF using HMAC-SHA-256.
+ * For example, `PSA_ALG_HKDF(PSA_ALG_SHA_256)` is HKDF using HMAC-SHA-256.
 *
 * This key derivation algorithm uses the following inputs:
 * - #PSA_KEY_DERIVATION_INPUT_SALT is the salt used in the "extract" step.
@@ -1743,7 +1743,7 @@
 * concatenation of ServerHello.Random + ClientHello.Random,
 * and the label is "key expansion".
 *
- * For example, `PSA_ALG_TLS12_PRF(PSA_ALG_SHA256)` represents the
+ * For example, `PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256)` represents the
 * TLS 1.2 PRF using HMAC-SHA-256.
 *
 * \param hash_alg      A hash algorithm (\c PSA_ALG_XXX value such that
@@ -1789,7 +1789,7 @@
 * ClientHello.Random + ServerHello.Random,
 * and the label is "master secret" or "extended master secret".
 *
- * For example, `PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA256)` represents the
+ * For example, `PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256)` represents the
 * TLS-1.2 PSK to MasterSecret derivation PRF using HMAC-SHA-256.
 *
 * \param hash_alg      A hash algorithm (\c PSA_ALG_XXX value such that
--- a/library/psa_crypto_aead.h
+++ b/library/psa_crypto_aead.h
@@ -148,4 +148,4 @@ psa_status_t mbedtls_psa_aead_decrypt(
    const uint8_t *ciphertext, size_t ciphertext_length,
    uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length );
-#endif /* PSA_CRYPTO_AEAD */
+#endif /* PSA_CRYPTO_AEAD_H */
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -275,7 +275,7 @@ psa_status_t psa_driver_wrapper_sign_hash(
                    alg, hash, hash_length,
                    signature, signature_size, signature_length ) );
    }
-#endif /* PSA_CRYPTO_SE_C */
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
    psa_key_location_t location =
@@ -359,7 +359,7 @@ psa_status_t psa_driver_wrapper_verify_hash(
                    alg, hash, hash_length,
                    signature, signature_length ) );
    }
-#endif /* PSA_CRYPTO_SE_C */
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
    psa_key_location_t location =
@@ -579,7 +579,7 @@ psa_status_t psa_driver_wrapper_import_key(
        return( PSA_SUCCESS );
    }
-#endif /* PSA_CRYPTO_SE_C */
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
    switch( location )
    {
@@ -641,7 +641,7 @@ psa_status_t psa_driver_wrapper_export_key(
                     *( (psa_key_slot_number_t *)key_buffer ),
                     data, data_size, data_length ) );
    }
-#endif /* PSA_CRYPTO_SE_C */
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
    switch( location )
    {
--- a/library/psa_crypto_its.h
+++ b/library/psa_crypto_its.h
@@ -73,7 +73,7 @@ struct psa_storage_info_t
 * \return      A status indicating the success/failure of the operation
 *
 * \retval      #PSA_SUCCESS                     The operation completed successfully
- * \retval      #PSA_ERROR_NOT_PERMITTED         The operation failed because the provided `uid` value was already created with PSA_STORAGE_WRITE_ONCE_FLAG
+ * \retval      #PSA_ERROR_NOT_PERMITTED         The operation failed because the provided `uid` value was already created with PSA_STORAGE_FLAG_WRITE_ONCE
 * \retval      #PSA_ERROR_NOT_SUPPORTED         The operation failed because one or more of the flags provided in `create_flags` is not supported or is not valid
 * \retval      #PSA_ERROR_INSUFFICIENT_STORAGE  The operation failed because there was insufficient space on the storage medium
 * \retval      #PSA_ERROR_STORAGE_FAILURE       The operation failed because the physical storage has failed (Fatal error)
@@ -137,7 +137,7 @@ psa_status_t psa_its_get_info(psa_storage_uid_t uid,
 *
 * \retval      #PSA_SUCCESS                  The operation completed successfully
 * \retval      #PSA_ERROR_DOES_NOT_EXIST     The operation failed because the provided key value was not found in the storage
- * \retval      #PSA_ERROR_NOT_PERMITTED      The operation failed because the provided key value was created with PSA_STORAGE_WRITE_ONCE_FLAG
+ * \retval      #PSA_ERROR_NOT_PERMITTED      The operation failed because the provided key value was created with PSA_STORAGE_FLAG_WRITE_ONCE
 * \retval      #PSA_ERROR_STORAGE_FAILURE    The operation failed because the physical storage has failed (Fatal error)
 */
 psa_status_t psa_its_remove(psa_storage_uid_t uid);
--- a/tests/scripts/check_names.py
+++ b/tests/scripts/check_names.py
@@ -36,7 +36,7 @@ NameChecker performs the following checks:
  declared in the header files. This uses the nm command.
 - All macros, constants, and identifiers (function names, struct names, etc)
  follow the required regex pattern.
- Typo checking: All words that begin with MBED exist as macros or constants.
+- Typo checking: All words that begin with MBED|PSA exist as macros or constants.
 The script returns 0 on success, 1 on test failure, and 2 if there is a script
 error. It must be run from Mbed TLS root.
@@ -190,11 +190,12 @@ class PatternMismatch(Problem): # pylint: disable=too-few-public-methods
 class Typo(Problem): # pylint: disable=too-few-public-methods
    """
-    A problem that occurs when a word using MBED doesn't appear to be defined as
+    A problem that occurs when a word using MBED or PSA doesn't
-    constants nor enum values. Created with NameCheck.check_for_typos()
+    appear to be defined as constants nor enum values. Created with
    NameCheck.check_for_typos()
    Fields:
-    * match: the Match object of the MBED name in question.
+    * match: the Match object of the MBED|PSA name in question.
    """
    def __init__(self, match):
        self.match = match
@@ -252,9 +253,14 @@ class CodeParser():
            "3rdparty/everest/include/everest/everest.h",
            "3rdparty/everest/include/everest/x25519.h"
        ])
        private_macros = self.parse_macros([
            "library/*.c",
        ])
        enum_consts = self.parse_enum_consts([
            "include/mbedtls/*.h",
            "include/psa/*.h",
            "library/*.h",
            "library/*.c",
            "3rdparty/everest/include/everest/everest.h",
            "3rdparty/everest/include/everest/x25519.h"
        ])
@@ -265,7 +271,7 @@ class CodeParser():
            "3rdparty/everest/include/everest/everest.h",
            "3rdparty/everest/include/everest/x25519.h"
        ])
-        mbed_words = self.parse_mbed_words([
+        mbed_psa_words = self.parse_mbed_psa_words([
            "include/mbedtls/*.h",
            "include/psa/*.h",
            "library/*.h",
@@ -293,10 +299,11 @@ class CodeParser():
        self.log.debug("  {:4} Exported Symbols".format(len(symbols)))
        return {
            "macros": actual_macros,
            "private_macros": private_macros,
            "enum_consts": enum_consts,
            "identifiers": identifiers,
            "symbols": symbols,
-            "mbed_words": mbed_words
+            "mbed_psa_words": mbed_psa_words
        }
    def is_file_excluded(self, path, exclude_wildcards):
@@ -364,25 +371,28 @@ class CodeParser():
        return macros
-    def parse_mbed_words(self, include, exclude=None):
+    def parse_mbed_psa_words(self, include, exclude=None):
        """
-        Parse all words in the file that begin with MBED, in and out of macros,
+        Parse all words in the file that begin with MBED|PSA, in and out of
-        comments, anything.
+        macros, comments, anything.
        Args:
        * include: A List of glob expressions to look for files through.
        * exclude: A List of glob expressions for excluding files.
-        Returns a List of Match objects for words beginning with MBED.
+        Returns a List of Match objects for words beginning with MBED|PSA.
        """
        # Typos of TLS are common, hence the broader check below than MBEDTLS.
-        mbed_regex = re.compile(r"\bMBED.+?_[A-Z0-9_]*")
+        mbed_regex = re.compile(r"\b(MBED.+?|PSA)_[A-Z0-9_]*")
        exclusions = re.compile(r"// *no-check-names|#error")
        files = self.get_files(include, exclude)
-        self.log.debug("Looking for MBED words in {} files".format(len(files)))
+        self.log.debug(
            "Looking for MBED|PSA words in {} files"
            .format(len(files))
        )
-        mbed_words = []
+        mbed_psa_words = []
        for filename in files:
            with open(filename, "r", encoding="utf-8") as fp:
                for line_no, line in enumerate(fp):
@@ -390,14 +400,14 @@ class CodeParser():
                        continue
                    for name in mbed_regex.finditer(line):
-                        mbed_words.append(Match(
+                        mbed_psa_words.append(Match(
                            filename,
                            line,
                            line_no,
                            name.span(0),
                            name.group(0)))
-        return mbed_words
+        return mbed_psa_words
    def parse_enum_consts(self, include, exclude=None):
        """
@@ -820,11 +830,15 @@ class NameChecker():
        all_caps_names = {
            match.name
            for match
-            in self.parse_result["macros"] + self.parse_result["enum_consts"]}
+            in self.parse_result["macros"] +
            self.parse_result["private_macros"] +
            self.parse_result["enum_consts"]
        }
        typo_exclusion = re.compile(r"XXX|__|_$|^MBEDTLS_.*CONFIG_FILE$|"
-                                    r"MBEDTLS_TEST_LIBTESTDRIVER*")
+                                    r"MBEDTLS_TEST_LIBTESTDRIVER*|"
                                    r"PSA_CRYPTO_DRIVER_TEST")
-        for name_match in self.parse_result["mbed_words"]:
+        for name_match in self.parse_result["mbed_psa_words"]:
            found = name_match.name in all_caps_names
            # Since MBEDTLS_PSA_ACCEL_XXX defines are defined by the