Merge branch 'development' into 'development-restricted'

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2025-08-01 10:06:53 +03:00 · 2024-03-19 22:24:00 +00:00
parent 4fc5b71cbb b2b9068264
commit b70f0fd9a9
87 changed files with 5816 additions and 2224 deletions
--- a/tests/include/test/psa_exercise_key.h
+++ b/tests/include/test/psa_exercise_key.h
@ -123,6 +123,9 @@
 * \param input2            The first input to pass.
 * \param input2_length     The length of \p input2 in bytes.
 * \param capacity          The capacity to set.
+ * \param key_destroyable   If set to 1, a failure due to the key not existing
+ *                          or the key being destroyed mid-operation will only
+ *                          be reported if the error code is unexpected.
 *
 * \return                  \c 1 on success, \c 0 on failure.
 */
@ -132,7 +135,7 @@ int mbedtls_test_psa_setup_key_derivation_wrap(
    psa_algorithm_t alg,
    const unsigned char *input1, size_t input1_length,
    const unsigned char *input2, size_t input2_length,
-    size_t capacity);
+    size_t capacity, int key_destroyable);

 /** Perform a key agreement using the given key pair against its public key
 * using psa_raw_key_agreement().
@ -143,12 +146,15 @@ int mbedtls_test_psa_setup_key_derivation_wrap(
 *
 * \param alg               A key agreement algorithm compatible with \p key.
 * \param key               A key that allows key agreement with \p alg.
+ * \param key_destroyable   If set to 1, a failure due to the key not existing
+ *                          or the key being destroyed mid-operation will only
+ *                          be reported if the error code is unexpected.
 *
 * \return                  \c 1 on success, \c 0 on failure.
 */
 psa_status_t mbedtls_test_psa_raw_key_agreement_with_self(
    psa_algorithm_t alg,
-    mbedtls_svc_key_id_t key);
+    mbedtls_svc_key_id_t key, int key_destroyable);

 /** Perform a key agreement using the given key pair against its public key
 * using psa_key_derivation_raw_key().
@ -162,12 +168,15 @@ psa_status_t mbedtls_test_psa_raw_key_agreement_with_self(
 *                          \p key.
 * \param key               A key pair object that is suitable for a key
 *                          agreement with \p operation.
+ * \param key_destroyable   If set to 1, a failure due to the key not existing
+ *                          or the key being destroyed mid-operation will only
+ *                          be reported if the error code is unexpected.
 *
 * \return                  \c 1 on success, \c 0 on failure.
 */
 psa_status_t mbedtls_test_psa_key_agreement_with_self(
    psa_key_derivation_operation_t *operation,
-    mbedtls_svc_key_id_t key);
+    mbedtls_svc_key_id_t key, int key_destroyable);

 /** Perform sanity checks on the given key representation.
 *
@ -209,18 +218,34 @@ int mbedtls_test_psa_exported_key_sanity_check(
 * ```
 * if( ! exercise_key( ... ) ) goto exit;
 * ```
+ * To use this function for multi-threaded tests where the key
+ * may be destroyed at any point: call this function with key_destroyable set
+ * to 1, while another thread calls psa_destroy_key on the same key;
+ * this will test whether destroying the key in use leads to any corruption.
 *
- * \param key       The key to exercise. It should be capable of performing
- *                  \p alg.
- * \param usage     The usage flags to assume.
- * \param alg       The algorithm to exercise.
+ * There cannot be a set of concurrent calls:
+ * `mbedtls_test_psa_exercise_key(ki,...)` such that each ki is a unique
+ * persistent key not loaded into any key slot, and i is greater than the
+ * number of free key slots.
+ * This is because such scenarios can lead to unsupported
+ * `PSA_ERROR_INSUFFICIENT_MEMORY` return codes.
+ *
+ *
+ * \param key               The key to exercise. It should be capable of performing
+ *                          \p alg.
+ * \param usage             The usage flags to assume.
+ * \param alg               The algorithm to exercise.
+ * \param key_destroyable   If set to 1, a failure due to the key not existing
+ *                          or the key being destroyed mid-operation will only
+ *                          be reported if the error code is unexpected.
 *
 * \retval 0 The key failed the smoke tests.
 * \retval 1 The key passed the smoke tests.
 */
 int mbedtls_test_psa_exercise_key(mbedtls_svc_key_id_t key,
                                  psa_key_usage_t usage,
-                                  psa_algorithm_t alg);
+                                  psa_algorithm_t alg,
+                                  int key_destroyable);

 psa_key_usage_t mbedtls_test_psa_usage_to_exercise(psa_key_type_t type,
                                                   psa_algorithm_t alg);
--- a/tests/include/test/ssl_helpers.h
+++ b/tests/include/test/ssl_helpers.h
@ -78,6 +78,10 @@ enum {
 #undef MBEDTLS_SSL_TLS1_3_LABEL
 };

+#if defined(MBEDTLS_SSL_ALPN)
+#define MBEDTLS_TEST_MAX_ALPN_LIST_SIZE 10
+#endif
+
 typedef struct mbedtls_test_ssl_log_pattern {
    const char *pattern;
    size_t counter;
@ -118,6 +122,9 @@ typedef struct mbedtls_test_handshake_test_options {
 #if defined(MBEDTLS_SSL_CACHE_C)
    mbedtls_ssl_cache_context *cache;
 #endif
+#if defined(MBEDTLS_SSL_ALPN)
+    const char *alpn_list[MBEDTLS_TEST_MAX_ALPN_LIST_SIZE];
+#endif
 } mbedtls_test_handshake_test_options;

 /*