lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-01 10:06:53 +03:00
Code Activity

Merge remote-tracking branch 'upstream/development' into psa-m-aead-merge

Browse Source 
Also fiixed the following merge problems:

crypto_struct.h   : Added MBEDTLS_PRIVATE to psa_aead_operation_s
                    members (merge conflict)
psa_crypto_aead.c : Added ciphertext_length to mbedtls_gcm_finish
                    call (change of API during development)

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
This commit is contained in:
Paul Elliott
2021-09-24 11:18:13 +01:00
parent 3db0b70263 f0f2294f57
commit 71b0567c87
542 changed files with 27388 additions and 25216 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
tests/include/test/certs.h
View File

@ -22,11 +22,7 @@
#ifndef MBEDTLS_CERTS_H
#define MBEDTLS_CERTS_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "mbedtls/build_info.h"
#include <stddef.h>

6
tests/include/test/constant_flow.h
View File

@ -24,11 +24,7 @@
#ifndef TEST_CONSTANT_FLOW_H
#define TEST_CONSTANT_FLOW_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "mbedtls/build_info.h"
/*
* This file defines the two macros

6
tests/include/test/drivers/aead.h
View File

@ -20,11 +20,7 @@
#ifndef PSA_CRYPTO_TEST_DRIVERS_AEAD_H
#define PSA_CRYPTO_TEST_DRIVERS_AEAD_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "mbedtls/build_info.h"
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include <psa/crypto_driver_common.h>

6
tests/include/test/drivers/cipher.h
View File

@ -20,11 +20,7 @@
#ifndef PSA_CRYPTO_TEST_DRIVERS_CIPHER_H
#define PSA_CRYPTO_TEST_DRIVERS_CIPHER_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "mbedtls/build_info.h"
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include <psa/crypto_driver_common.h>

6
tests/include/test/drivers/hash.h
View File

@ -20,11 +20,7 @@
#ifndef PSA_CRYPTO_TEST_DRIVERS_HASH_H
#define PSA_CRYPTO_TEST_DRIVERS_HASH_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "mbedtls/build_info.h"
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include <psa/crypto_driver_common.h>

38
tests/include/test/drivers/key_management.h
View File

@ -20,11 +20,7 @@
#ifndef PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H
#define PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "mbedtls/build_info.h"
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include <psa/crypto_driver_common.h>
@ -53,6 +49,20 @@ static inline mbedtls_test_driver_key_management_hooks_t
return( v );
}
/*
* In order to convert the plain text keys to Opaque, the size of the key is
* padded up by PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE in addition to
* xor mangling the key. The pad prefix needs to be accounted for while
* sizing for the key.
*/
#define PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX 0xBEEFED00U
#define PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE sizeof( \
PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX )
size_t mbedtls_test_opaque_size_function(
const psa_key_type_t key_type,
const size_t key_bits );
extern mbedtls_test_driver_key_management_hooks_t
mbedtls_test_driver_key_management_hooks;
@ -88,10 +98,28 @@ psa_status_t mbedtls_test_transparent_import_key(
size_t *key_buffer_length,
size_t *bits);
psa_status_t mbedtls_test_opaque_import_key(
const psa_key_attributes_t *attributes,
const uint8_t *data,
size_t data_length,
uint8_t *key_buffer,
size_t key_buffer_size,
size_t *key_buffer_length,
size_t *bits);
psa_status_t mbedtls_test_opaque_get_builtin_key(
psa_drv_slot_number_t slot_number,
psa_key_attributes_t *attributes,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length );
psa_status_t mbedtls_test_opaque_copy_key(
psa_key_attributes_t *attributes,
const uint8_t *source_key,
size_t source_key_length,
uint8_t *target_key_buffer,
size_t target_key_buffer_size,
size_t *target_key_buffer_length);
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H */

6
tests/include/test/drivers/mac.h
View File

@ -20,11 +20,7 @@
#ifndef PSA_CRYPTO_TEST_DRIVERS_MAC_H
#define PSA_CRYPTO_TEST_DRIVERS_MAC_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "mbedtls/build_info.h"
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include <psa/crypto_driver_common.h>

6
tests/include/test/drivers/signature.h
View File

@ -20,11 +20,7 @@
#ifndef PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H
#define PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "mbedtls/build_info.h"
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include <psa/crypto_driver_common.h>

37
tests/include/test/drivers/size.h
View File

@ -1,37 +0,0 @@
/*
* Test driver for context size functions
*/
/* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef PSA_CRYPTO_TEST_DRIVERS_SIZE_H
#define PSA_CRYPTO_TEST_DRIVERS_SIZE_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include <psa/crypto_driver_common.h>
size_t mbedtls_test_size_function(
const psa_key_type_t key_type,
const size_t key_bits );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_TEST_DRIVERS_SIZE_H */

1
tests/include/test/drivers/test_driver.h
View File

@ -28,6 +28,5 @@
#include "test/drivers/mac.h"
#include "test/drivers/key_management.h"
#include "test/drivers/signature.h"
#include "test/drivers/size.h"
#endif /* PSA_CRYPTO_TEST_DRIVER_H */

6
tests/include/test/fake_external_rng_for_test.h
View File

@ -22,11 +22,7 @@
#ifndef FAKE_EXTERNAL_RNG_FOR_TEST_H
#define FAKE_EXTERNAL_RNG_FOR_TEST_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
/** Enable the insecure implementation of mbedtls_psa_external_get_random().

125
tests/include/test/helpers.h
View File

@ -25,11 +25,12 @@
#ifndef TEST_HELPERS_H
#define TEST_HELPERS_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
/* Most fields of publicly available structs are private and are wrapped with
* MBEDTLS_PRIVATE macro. This define allows tests to access the private fields
* directly (without using the MBEDTLS_PRIVATE wrapper). */
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#include "mbedtls/build_info.h"
#if defined(MBEDTLS_THREADING_C) && defined(MBEDTLS_THREADING_PTHREAD) && \
defined(MBEDTLS_TEST_HOOKS)
@ -54,6 +55,10 @@
#include <stddef.h>
#include <stdint.h>
#if defined(MBEDTLS_BIGNUM_C)
#include "mbedtls/bignum.h"
#endif
typedef enum
{
MBEDTLS_TEST_RESULT_SUCCESS = 0,
@ -175,95 +180,6 @@ unsigned char *mbedtls_test_unhexify_alloc( const char *ibuf, size_t *olen );
int mbedtls_test_hexcmp( uint8_t * a, uint8_t * b,
uint32_t a_len, uint32_t b_len );
#if defined(MBEDTLS_CHECK_PARAMS)
typedef struct
{
const char *failure_condition;
const char *file;
int line;
}
mbedtls_test_param_failed_location_record_t;
/**
* \brief Get the location record of the last call to
* mbedtls_test_param_failed().
*
* \note The call expectation is set up and active until the next call to
* mbedtls_test_param_failed_check_expected_call() or
* mbedtls_param_failed() that cancels it.
*/
void mbedtls_test_param_failed_get_location_record(
mbedtls_test_param_failed_location_record_t *location_record );
/**
* \brief State that a call to mbedtls_param_failed() is expected.
*
* \note The call expectation is set up and active until the next call to
* mbedtls_test_param_failed_check_expected_call() or
* mbedtls_param_failed that cancel it.
*/
void mbedtls_test_param_failed_expect_call( void );
/**
* \brief Check whether mbedtls_param_failed() has been called as expected.
*
* \note Check whether mbedtls_param_failed() has been called between the
* last call to mbedtls_test_param_failed_expect_call() and the call
* to this function.
*
* \return \c 0 Since the last call to mbedtls_param_failed_expect_call(),
* mbedtls_param_failed() has been called.
* \c -1 Otherwise.
*/
int mbedtls_test_param_failed_check_expected_call( void );
/**
* \brief Get the address of the object of type jmp_buf holding the execution
* state information used by mbedtls_param_failed() to do a long jump.
*
* \note If a call to mbedtls_param_failed() is not expected in the sense
* that there is no call to mbedtls_test_param_failed_expect_call()
* preceding it, then mbedtls_param_failed() will try to restore the
* execution to the state stored in the jmp_buf object whose address
* is returned by the present function.
*
* \note This function is intended to provide the parameter of the
* setjmp() function to set-up where mbedtls_param_failed() should
* long-jump if it has to. It is foreseen to be used as:
*
* setjmp( mbedtls_test_param_failed_get_state_buf() ).
*
* \note The type of the returned value is not jmp_buf as jmp_buf is an
* an array type (C specification) and a function cannot return an
* array type.
*
* \note The type of the returned value is not jmp_buf* as then the return
* value couldn't be used by setjmp(), as its parameter's type is
* jmp_buf.
*
* \return Address of the object of type jmp_buf holding the execution state
* information used by mbedtls_param_failed() to do a long jump.
*/
void* mbedtls_test_param_failed_get_state_buf( void );
/**
* \brief Reset the execution state used by mbedtls_param_failed() to do a
* long jump.
*
* \note If a call to mbedtls_param_failed() is not expected in the sense
* that there is no call to mbedtls_test_param_failed_expect_call()
* preceding it, then mbedtls_param_failed() will try to restore the
* execution state that this function reset.
*
* \note It is recommended to reset the execution state when the state
* is not relevant anymore. That way an unexpected call to
* mbedtls_param_failed() will not trigger a long jump with
* undefined behavior but rather a long jump that will rather fault.
*/
void mbedtls_test_param_failed_reset_state( void );
#endif /* MBEDTLS_CHECK_PARAMS */
#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
#include "test/fake_external_rng_for_test.h"
#endif
@ -294,4 +210,25 @@ void mbedtls_test_err_add_check( int high, int low,
const char *file, int line);
#endif
#if defined(MBEDTLS_BIGNUM_C)
/** Read an MPI from a string.
*
* Like mbedtls_mpi_read_string(), but size the resulting bignum based
* on the number of digits in the string. In particular, construct a
* bignum with 0 limbs for an empty string, and a bignum with leading 0
* limbs if the string has sufficiently many leading 0 digits.
*
* This is important so that the "0 (null)" and "0 (1 limb)" and
* "leading zeros" test cases do what they claim.
*
* \param[out] X The MPI object to populate. It must be initialized.
* \param radix The radix (2 to 16).
* \param[in] s The null-terminated string to read from.
*
* \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise.
*/
/* Since the library has exactly the desired behavior, this is trivial. */
int mbedtls_test_read_mpi( mbedtls_mpi *X, int radix, const char *s );
#endif /* MBEDTLS_BIGNUM_C */
#endif /* TEST_HELPERS_H */

114
tests/include/test/macros.h
View File

@ -24,11 +24,7 @@
#ifndef TEST_MACROS_H
#define TEST_MACROS_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "mbedtls/build_info.h"
#include <stdlib.h>
@ -58,13 +54,6 @@
* It allows a library function to return a value and return an error
* code that can be tested.
*
* When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure
* callback, MBEDTLS_PARAM_FAILED(), will be assumed to be a test
* failure.
*
* This macro is not suitable for negative parameter validation tests,
* as it assumes the test step will not create an error.
*
* Failing the test means:
* - Mark this test case as failed.
* - Print a message identifying the failure.
@ -181,107 +170,6 @@
} \
} while( 0 )
#if defined(MBEDTLS_CHECK_PARAMS) && !defined(MBEDTLS_PARAM_FAILED_ALT)
/**
* \brief This macro tests the statement passed to it as a test step or
* individual test in a test case. The macro assumes the test will fail
* and will generate an error.
*
* It allows a library function to return a value and tests the return
* code on return to confirm the given error code was returned.
*
* When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure
* callback, MBEDTLS_PARAM_FAILED(), are assumed to indicate the
* expected failure, and the test will pass.
*
* This macro is intended for negative parameter validation tests,
* where the failing function may return an error value or call
* MBEDTLS_PARAM_FAILED() to indicate the error.
*
* \param PARAM_ERROR_VALUE The expected error code.
*
* \param TEST The test expression to be tested.
*/
#define TEST_INVALID_PARAM_RET( PARAM_ERR_VALUE, TEST ) \
do { \
mbedtls_test_param_failed_expect_call( ); \
if( ( ( TEST ) != ( PARAM_ERR_VALUE ) ) || \
( mbedtls_test_param_failed_check_expected_call( ) != 0 ) ) \
{ \
mbedtls_test_fail( #TEST, __LINE__, __FILE__ ); \
goto exit; \
} \
mbedtls_test_param_failed_check_expected_call( ); \
} while( 0 )
/**
* \brief This macro tests the statement passed to it as a test step or
* individual test in a test case. The macro assumes the test will fail
* and will generate an error.
*
* It assumes the library function under test cannot return a value and
* assumes errors can only be indicated byt calls to
* MBEDTLS_PARAM_FAILED().
*
* When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure
* callback, MBEDTLS_PARAM_FAILED(), are assumed to indicate the
* expected failure. If MBEDTLS_CHECK_PARAMS is not enabled, no test
* can be made.
*
* This macro is intended for negative parameter validation tests,
* where the failing function can only return an error by calling
* MBEDTLS_PARAM_FAILED() to indicate the error.
*
* \param TEST The test expression to be tested.
*/
#define TEST_INVALID_PARAM( TEST ) \
do { \
memcpy( jmp_tmp, mbedtls_test_param_failed_get_state_buf( ), \
sizeof( jmp_tmp ) ); \
if( setjmp( mbedtls_test_param_failed_get_state_buf( ) ) == 0 ) \
{ \
TEST; \
mbedtls_test_fail( #TEST, __LINE__, __FILE__ ); \
goto exit; \
} \
mbedtls_test_param_failed_reset_state( ); \
} while( 0 )
#endif /* MBEDTLS_CHECK_PARAMS && !MBEDTLS_PARAM_FAILED_ALT */
/**
* \brief This macro tests the statement passed to it as a test step or
* individual test in a test case. The macro assumes the test will not fail.
*
* It assumes the library function under test cannot return a value and
* assumes errors can only be indicated by calls to
* MBEDTLS_PARAM_FAILED().
*
* When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure
* callback, MBEDTLS_PARAM_FAILED(), are assumed to indicate the
* expected failure. If MBEDTLS_CHECK_PARAMS is not enabled, no test
* can be made.
*
* This macro is intended to test that functions returning void
* accept all of the parameter values they're supposed to accept - eg
* that they don't call MBEDTLS_PARAM_FAILED() when a parameter
* that's allowed to be NULL happens to be NULL.
*
* Note: for functions that return something other that void,
* checking that they accept all the parameters they're supposed to
* accept is best done by using TEST_ASSERT() and checking the return
* value as well.
*
* Note: this macro is available even when #MBEDTLS_CHECK_PARAMS is
* disabled, as it makes sense to check that the functions accept all
* legal values even if this option is disabled - only in that case,
* the test is more about whether the function segfaults than about
* whether it invokes MBEDTLS_PARAM_FAILED().
*
* \param TEST The test expression to be tested.
*/
#define TEST_VALID_PARAM( TEST ) \
TEST_ASSERT( ( TEST, 1 ) );
#define TEST_HELPER_ASSERT(a) if( !( a ) ) \
{ \
mbedtls_fprintf( stderr, "Assertion Failed at %s:%d - %s\n", \

8
tests/include/test/psa_crypto_helpers.h
View File

@ -186,6 +186,14 @@ psa_status_t mbedtls_test_record_status( psa_status_t status,
#endif /* defined(RECORD_PSA_STATUS_COVERAGE_LOG) */
/** Return extended key usage policies.
*
* Do a key policy permission extension on key usage policies always involves
* permissions of other usage policies
* (like PSA_KEY_USAGE_SIGN_HASH involves PSA_KEY_USAGE_SIGN_MESSGAE).
*/
psa_key_usage_t mbedtls_test_update_key_usage_flags( psa_key_usage_t usage_flags );
/** Skip a test case if the given key is a 192 bits AES key and the AES
* implementation is at least partially provided by an accelerator or
* alternative implementation.

9
tests/include/test/psa_exercise_key.h
View File

@ -32,11 +32,7 @@
*
* This is used in some smoke tests.
*/
#if defined(PSA_WANT_ALG_MD2)
#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_MD2
#elif defined(PSA_WANT_ALG_MD4)
#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_MD4
#elif defined(PSA_WANT_ALG_MD5)
#if defined(PSA_WANT_ALG_MD5)
#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_MD5
/* MBEDTLS_RIPEMD160_C omitted. This is necessary for the sake of
* exercise_signature_key() because Mbed TLS doesn't support RIPEMD160
@ -111,9 +107,6 @@
#if defined(KNOWN_SUPPORTED_BLOCK_CIPHER_ALG)
#define KNOWN_SUPPORTED_CIPHER_ALG KNOWN_SUPPORTED_BLOCK_CIPHER_ALG
#define KNOWN_SUPPORTED_CIPHER_KEY_TYPE KNOWN_SUPPORTED_BLOCK_CIPHER
#elif defined(MBEDTLS_RC4_C)
#define KNOWN_SUPPORTED_CIPHER_ALG PSA_ALG_RC4
#define KNOWN_SUPPORTED_CIPHER_KEY_TYPE PSA_KEY_TYPE_RC4
#else
#undef KNOWN_SUPPORTED_CIPHER_ALG
#undef KNOWN_SUPPORTED_CIPHER_KEY_TYPE

28
tests/include/test/random.h
View File

@ -25,19 +25,18 @@
#ifndef TEST_RANDOM_H
#define TEST_RANDOM_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "mbedtls/build_info.h"
#include <stddef.h>
#include <stdint.h>
typedef struct
{
unsigned char *buf;
unsigned char *buf; /* Pointer to a buffer of length bytes. */
size_t length;
/* If fallback_f_rng is NULL, fail after delivering length bytes. */
int ( *fallback_f_rng )( void*, unsigned char *, size_t );
void *fallback_p_rng;
} mbedtls_test_rnd_buf_info;
/**
@ -67,24 +66,25 @@ int mbedtls_test_rnd_std_rand( void *rng_state,
size_t len );
/**
* This function only returns zeros
* This function only returns zeros.
*
* rng_state shall be NULL.
* \p rng_state shall be \c NULL.
*/
int mbedtls_test_rnd_zero_rand( void *rng_state,
unsigned char *output,
size_t len );
/**
* This function returns random based on a buffer it receives.
* This function returns random data based on a buffer it receives.
*
* rng_state shall be a pointer to a rnd_buf_info structure.
* \p rng_state shall be a pointer to a #mbedtls_test_rnd_buf_info structure.
*
* The number of bytes released from the buffer on each call to
* the random function is specified by per_call. (Can be between
* 1 and 4)
* the random function is specified by \p len.
*
* After the buffer is empty it will return rand();
* After the buffer is empty, this function will call the fallback RNG in the
* #mbedtls_test_rnd_buf_info structure if there is one, and
* will return #MBEDTLS_ERR_ENTROPY_SOURCE_FAILED otherwise.
*/
int mbedtls_test_rnd_buffer_rand( void *rng_state,
unsigned char *output,
@ -96,7 +96,7 @@ int mbedtls_test_rnd_buffer_rand( void *rng_state,
* Pseudo random is based on the XTEA encryption algorithm to
* generate pseudorandom.
*
* rng_state shall be a pointer to a rnd_pseudo_info structure.
* \p rng_state shall be a pointer to a #mbedtls_test_rnd_pseudo_info structure.
*/
int mbedtls_test_rnd_pseudo_rand( void *rng_state,
unsigned char *output,