mbedtls/tests/include/test/psa_crypto_helpers.h

/*
 * Helper functions for tests that use the PSA Crypto API.
 */
/*
 *  Copyright The Mbed TLS Contributors
 *  SPDX-License-Identifier: Apache-2.0
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *  http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 */

#ifndef PSA_CRYPTO_HELPERS_H
#define PSA_CRYPTO_HELPERS_H

#include "test/psa_helpers.h"

#include <psa/crypto.h>
#include <psa_crypto_slot_management.h>

/** Check for things that have not been cleaned up properly in the
 * PSA subsystem.
 *
 * \return NULL if nothing has leaked.
 * \return A string literal explaining what has not been cleaned up
 *         if applicable.
 */
static const char *mbedtls_test_helper_is_psa_leaking( void )
{
    mbedtls_psa_stats_t stats;

    mbedtls_psa_get_stats( &stats );

    if( stats.volatile_slots != 0 )
        return( "A volatile slot has not been closed properly." );
    if( stats.persistent_slots != 0 )
        return( "A persistent slot has not been closed properly." );
    if( stats.external_slots != 0 )
        return( "An external slot has not been closed properly." );
     if( stats.half_filled_slots != 0 )
        return( "A half-filled slot has not been cleared properly." );
    if( stats.locked_slots != 0 )
        return( "Some slots are still marked as locked." );

    return( NULL );
}

/** Check that no PSA Crypto key slots are in use.
 */
#define ASSERT_PSA_PRISTINE( )                                  \
    TEST_ASSERT( ! mbedtls_test_helper_is_psa_leaking( ) )

/** Shut down the PSA Crypto subsystem. Expect a clean shutdown, with no slots
 * in use.
 */
#define PSA_DONE( )                                     \
    do                                                  \
    {                                                   \
        ASSERT_PSA_PRISTINE( );                         \
        mbedtls_psa_crypto_free( );                     \
    }                                                   \
    while( 0 )


#if defined(RECORD_PSA_STATUS_COVERAGE_LOG)
#include <psa/crypto.h>

/** Name of the file where return statuses are logged by #RECORD_STATUS. */
#define STATUS_LOG_FILE_NAME "statuses.log"

static psa_status_t mbedtls_test_record_status( psa_status_t status,
                                                const char *func,
                                                const char *file, int line,
                                                const char *expr )
{
    /* We open the log file on first use.
     * We never close the log file, so the record_status feature is not
     * compatible with resource leak detectors such as Asan.
     */
    static FILE *log;
    if( log == NULL )
        log = fopen( STATUS_LOG_FILE_NAME, "a" );
    fprintf( log, "%d:%s:%s:%d:%s\n", (int) status, func, file, line, expr );
    return( status );
}

/** Return value logging wrapper macro.
 *
 * Evaluate \p expr. Write a line recording its value to the log file
 * #STATUS_LOG_FILE_NAME and return the value. The line is a colon-separated
 * list of fields:
 * ```
 * value of expr:string:__FILE__:__LINE__:expr
 * ```
 *
 * The test code does not call this macro explicitly because that would
 * be very invasive. Instead, we instrument the source code by defining
 * a bunch of wrapper macros like
 * ```
 * #define psa_crypto_init() RECORD_STATUS("psa_crypto_init", psa_crypto_init())
 * ```
 * These macro definitions must be present in `instrument_record_status.h`
 * when building the test suites.
 *
 * \param string    A string, normally a function name.
 * \param expr      An expression to evaluate, normally a call of the function
 *                  whose name is in \p string. This expression must return
 *                  a value of type #psa_status_t.
 * \return          The value of \p expr.
 */
#define RECORD_STATUS( string, expr )                                   \
    mbedtls_test_record_status( ( expr ), string, __FILE__, __LINE__, #expr )

#include "instrument_record_status.h"

#endif /* defined(RECORD_PSA_STATUS_COVERAGE_LOG) */

#endif /* PSA_CRYPTO_HELPERS_H */
Create PSA-specific helper function file Create a specific file for helper functions that are related to the PSA API. The reason for a separate file is so that it can include <psa/crypto.h>, without forcing this header inclusion into every test suite. In this commit, psa_helpers.function doesn't need psa/crypto.h yet, but this will be the case in a subsequent commit. Move PSA_ASSERT to psa_helpers.function, since that's the sort of things it's for. Include "psa_helpers.function" from the PSA crypto tests. In the ITS test, don't include "psa_helpers". The ITS tests are meant to stand alone from the rest of the library. 2019-05-23 20:25:48 +02:00			`/*`
Move the one non-crypto-specific PSA helper macro to a new header Create a new header file psa_helpers.h and put the one helper macro that isn't specific to PSA crypto there. Use this header file in the ITS test suite. 2019-06-20 12:54:43 +02:00			`* Helper functions for tests that use the PSA Crypto API.`
Create PSA-specific helper function file Create a specific file for helper functions that are related to the PSA API. The reason for a separate file is so that it can include <psa/crypto.h>, without forcing this header inclusion into every test suite. In this commit, psa_helpers.function doesn't need psa/crypto.h yet, but this will be the case in a subsequent commit. Move PSA_ASSERT to psa_helpers.function, since that's the sort of things it's for. Include "psa_helpers.function" from the PSA crypto tests. In the ITS test, don't include "psa_helpers". The ITS tests are meant to stand alone from the rest of the library. 2019-05-23 20:25:48 +02:00			`*/`
Add Apache-2.0 headers to all source files Also normalize the first line of the copyright headers. This commit was generated using the following script: # ======================== #!/bin/sh # Find scripts find -path './.git' -prune -o '(' -name '.c' -o -name '.cpp' -o -name '.fmt' -o -name '.h' ')' -print \| xargs sed -i ' # Normalize the first line of the copyright headers (no text on the first line of a block comment) /^\/\.Copyright.Arm/I { i\ / s/^\// / } /Copyright.Arm/I { # Print copyright declaration p # Read the two lines immediately following the copyright declaration N N # Insert Apache header if it is missing /SPDX/! i\ SPDX-License-Identifier: Apache-2.0\ \ Licensed under the Apache License, Version 2.0 (the "License"); you may\ * not use this file except in compliance with the License.\ * You may obtain a copy of the License at\ \ http://www.apache.org/licenses/LICENSE-2.0\ \ Unless required by applicable law or agreed to in writing, software\ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT\ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\ * See the License for the specific language governing permissions and\ * limitations under the License. # Clear copyright declaration from buffer D } ' # ======================== Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com> 2020-06-15 11:59:37 +02:00			`/*`
Update copyright notices to use Linux Foundation guidance As a result, the copyright of contributors other than Arm is now acknowledged, and the years of publishing are no longer tracked in the source files. Also remove the now-redundant lines declaring that the files are part of MbedTLS. This commit was generated using the following script: # ======================== #!/bin/sh # Find files find '(' -path './.git' -o -path './3rdparty' ')' -prune -o -type f -print \| xargs sed -bi ' # Replace copyright attribution line s/Copyright.Arm./Copyright The Mbed TLS Contributors/I # Remove redundant declaration and the preceding line $!N /This file is part of Mbed TLS/Id P D ' # ======================== Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com> 2020-08-07 13:07:28 +02:00			`* Copyright The Mbed TLS Contributors`
Create PSA-specific helper function file Create a specific file for helper functions that are related to the PSA API. The reason for a separate file is so that it can include <psa/crypto.h>, without forcing this header inclusion into every test suite. In this commit, psa_helpers.function doesn't need psa/crypto.h yet, but this will be the case in a subsequent commit. Move PSA_ASSERT to psa_helpers.function, since that's the sort of things it's for. Include "psa_helpers.function" from the PSA crypto tests. In the ITS test, don't include "psa_helpers". The ITS tests are meant to stand alone from the rest of the library. 2019-05-23 20:25:48 +02:00			`* SPDX-License-Identifier: Apache-2.0`
			`*`
			`* Licensed under the Apache License, Version 2.0 (the "License"); you may`
			`* not use this file except in compliance with the License.`
			`* You may obtain a copy of the License at`
			`*`
			`* http://www.apache.org/licenses/LICENSE-2.0`
			`*`
			`* Unless required by applicable law or agreed to in writing, software`
			`* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT`
			`* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`* See the License for the specific language governing permissions and`
			`* limitations under the License.`
			`*/`

Rename psa_helpers.function to psa_crypto_helpers.h This file isn't like the other .function files: it isn't concatenated by a separate preprocessing script, but included via C preprocessing. Rename this file to .h. This isn't a normal C header, because it defines auxiliary functions. But the functions aren't big and we only have one compilation unit per executable, so this is good enough for what we're doing. 2019-06-20 12:40:56 +02:00			`#ifndef PSA_CRYPTO_HELPERS_H`
			`#define PSA_CRYPTO_HELPERS_H`

tests: Create an include folder Create an include folder dedicated to include files for tests. With the upcoming work on tests for PSA crypto drivers the number of includes specific to tests is going to increase significantly thus create a dedicated folder. Don't put the include files in the include folder but in include/test folder. This way test headers can be included using a test/* path pattern as mbedtls and psa headers are included using an mbedtls/* and psa/* path pattern. This makes explicit the scope of the test headers. Move the existing includes for tests into include/test and update the code and build systems (make and cmake) accordingly. Signed-off-by: Ronald Cron <ronald.cron@arm.com> 2020-05-27 09:22:32 +02:00			`#include "test/psa_helpers.h"`
Create PSA-specific helper function file Create a specific file for helper functions that are related to the PSA API. The reason for a separate file is so that it can include <psa/crypto.h>, without forcing this header inclusion into every test suite. In this commit, psa_helpers.function doesn't need psa/crypto.h yet, but this will be the case in a subsequent commit. Move PSA_ASSERT to psa_helpers.function, since that's the sort of things it's for. Include "psa_helpers.function" from the PSA crypto tests. In the ITS test, don't include "psa_helpers". The ITS tests are meant to stand alone from the rest of the library. 2019-05-23 20:25:48 +02:00
Move the one non-crypto-specific PSA helper macro to a new header Create a new header file psa_helpers.h and put the one helper macro that isn't specific to PSA crypto there. Use this header file in the ITS test suite. 2019-06-20 12:54:43 +02:00			`#include <psa/crypto.h>`
psa: slot mgmt: Add unaccessed slots counter in stats Add a counter of unaccessed slots and use it in tests to check that at the end of PSA tests all key slot are unaccessed. Signed-off-by: Ronald Cron <ronald.cron@arm.com> 2020-10-30 11:54:03 +01:00			`#include <psa_crypto_slot_management.h>`
Create PSA-specific helper function file Create a specific file for helper functions that are related to the PSA API. The reason for a separate file is so that it can include <psa/crypto.h>, without forcing this header inclusion into every test suite. In this commit, psa_helpers.function doesn't need psa/crypto.h yet, but this will be the case in a subsequent commit. Move PSA_ASSERT to psa_helpers.function, since that's the sort of things it's for. Include "psa_helpers.function" from the PSA crypto tests. In the ITS test, don't include "psa_helpers". The ITS tests are meant to stand alone from the rest of the library. 2019-05-23 20:25:48 +02:00
Refactor PSA test helpers: don't depend on test_info access Refactor some PSA test helper functions and macros to avoid depending on test_info and test_fail inside functions. These identifiers are only defined in helpers.function, so they're only available in test suites, and not in test helper modules (tests/src/*.c) which are also linked into example programs. This is in preparation for moving function definitions from psa_crypto_helpers.h to psa_crypto_helpers.c. No behavior change. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> 2020-11-24 17:41:07 +01:00			`/** Check for things that have not been cleaned up properly in the`
			`* PSA subsystem.`
			`*`
			`* \return NULL if nothing has leaked.`
			`* \return A string literal explaining what has not been cleaned up`
			`* if applicable.`
			`*/`
			`static const char *mbedtls_test_helper_is_psa_leaking( void )`
New macro PSA_DONE for a clean PSA shutdown The new macro PSA_DONE calls mbedtls_psa_crypto_free, but before that, it checks that no key slots are in use. The goal is to allow tests to verify that functions like psa_close_key properly mark slots as unused, and more generally to detect key slot leaks. We call mbedtls_psa_crypto_free at the end of each test case, which could mask a bug whereby slots are not freed when they should be, but their content is correctly reclaimed by mbedtls_psa_crypto_free. 2019-05-23 20:34:30 +02:00			`{`
			`mbedtls_psa_stats_t stats;`

			`mbedtls_psa_get_stats( &stats );`

			`if( stats.volatile_slots != 0 )`
Refactor PSA test helpers: don't depend on test_info access Refactor some PSA test helper functions and macros to avoid depending on test_info and test_fail inside functions. These identifiers are only defined in helpers.function, so they're only available in test suites, and not in test helper modules (tests/src/*.c) which are also linked into example programs. This is in preparation for moving function definitions from psa_crypto_helpers.h to psa_crypto_helpers.c. No behavior change. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> 2020-11-24 17:41:07 +01:00			`return( "A volatile slot has not been closed properly." );`
			`if( stats.persistent_slots != 0 )`
			`return( "A persistent slot has not been closed properly." );`
			`if( stats.external_slots != 0 )`
			`return( "An external slot has not been closed properly." );`
			`if( stats.half_filled_slots != 0 )`
			`return( "A half-filled slot has not been cleared properly." );`
			`if( stats.locked_slots != 0 )`
			`return( "Some slots are still marked as locked." );`
New macro PSA_DONE for a clean PSA shutdown The new macro PSA_DONE calls mbedtls_psa_crypto_free, but before that, it checks that no key slots are in use. The goal is to allow tests to verify that functions like psa_close_key properly mark slots as unused, and more generally to detect key slot leaks. We call mbedtls_psa_crypto_free at the end of each test case, which could mask a bug whereby slots are not freed when they should be, but their content is correctly reclaimed by mbedtls_psa_crypto_free. 2019-05-23 20:34:30 +02:00
Refactor PSA test helpers: don't depend on test_info access Refactor some PSA test helper functions and macros to avoid depending on test_info and test_fail inside functions. These identifiers are only defined in helpers.function, so they're only available in test suites, and not in test helper modules (tests/src/*.c) which are also linked into example programs. This is in preparation for moving function definitions from psa_crypto_helpers.h to psa_crypto_helpers.c. No behavior change. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> 2020-11-24 17:41:07 +01:00			`return( NULL );`
Test shutdown without closing handles Add some test cases that shut down and restart without explicitly closing handles, and check that the handles are properly invalidated. 2019-05-28 15:06:43 +02:00			`}`

Move the one non-crypto-specific PSA helper macro to a new header Create a new header file psa_helpers.h and put the one helper macro that isn't specific to PSA crypto there. Use this header file in the ITS test suite. 2019-06-20 12:54:43 +02:00			`/** Check that no PSA Crypto key slots are in use.`
Test shutdown without closing handles Add some test cases that shut down and restart without explicitly closing handles, and check that the handles are properly invalidated. 2019-05-28 15:06:43 +02:00			`*/`
Refactor PSA test helpers: don't depend on test_info access Refactor some PSA test helper functions and macros to avoid depending on test_info and test_fail inside functions. These identifiers are only defined in helpers.function, so they're only available in test suites, and not in test helper modules (tests/src/*.c) which are also linked into example programs. This is in preparation for moving function definitions from psa_crypto_helpers.h to psa_crypto_helpers.c. No behavior change. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> 2020-11-24 17:41:07 +01:00			`#define ASSERT_PSA_PRISTINE( ) \`
			`TEST_ASSERT( ! mbedtls_test_helper_is_psa_leaking( ) )`
New macro PSA_DONE for a clean PSA shutdown The new macro PSA_DONE calls mbedtls_psa_crypto_free, but before that, it checks that no key slots are in use. The goal is to allow tests to verify that functions like psa_close_key properly mark slots as unused, and more generally to detect key slot leaks. We call mbedtls_psa_crypto_free at the end of each test case, which could mask a bug whereby slots are not freed when they should be, but their content is correctly reclaimed by mbedtls_psa_crypto_free. 2019-05-23 20:34:30 +02:00
Move the one non-crypto-specific PSA helper macro to a new header Create a new header file psa_helpers.h and put the one helper macro that isn't specific to PSA crypto there. Use this header file in the ITS test suite. 2019-06-20 12:54:43 +02:00			`/** Shut down the PSA Crypto subsystem. Expect a clean shutdown, with no slots`
New macro PSA_DONE for a clean PSA shutdown The new macro PSA_DONE calls mbedtls_psa_crypto_free, but before that, it checks that no key slots are in use. The goal is to allow tests to verify that functions like psa_close_key properly mark slots as unused, and more generally to detect key slot leaks. We call mbedtls_psa_crypto_free at the end of each test case, which could mask a bug whereby slots are not freed when they should be, but their content is correctly reclaimed by mbedtls_psa_crypto_free. 2019-05-23 20:34:30 +02:00			`* in use.`
			`*/`
Refactor PSA test helpers: don't depend on test_info access Refactor some PSA test helper functions and macros to avoid depending on test_info and test_fail inside functions. These identifiers are only defined in helpers.function, so they're only available in test suites, and not in test helper modules (tests/src/*.c) which are also linked into example programs. This is in preparation for moving function definitions from psa_crypto_helpers.h to psa_crypto_helpers.c. No behavior change. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> 2020-11-24 17:41:07 +01:00			`#define PSA_DONE( ) \`
			`do \`
			`{ \`
			`ASSERT_PSA_PRISTINE( ); \`
			`mbedtls_psa_crypto_free( ); \`
			`} \`
			`while( 0 )`
New macro PSA_DONE for a clean PSA shutdown The new macro PSA_DONE calls mbedtls_psa_crypto_free, but before that, it checks that no key slots are in use. The goal is to allow tests to verify that functions like psa_close_key properly mark slots as unused, and more generally to detect key slot leaks. We call mbedtls_psa_crypto_free at the end of each test case, which could mask a bug whereby slots are not freed when they should be, but their content is correctly reclaimed by mbedtls_psa_crypto_free. 2019-05-23 20:34:30 +02:00
PSA return status coverage script Add infrastructure to run unit tests and collect the return values for every PSA API function that returns psa_status_t. ./tests/scripts/psa_collect_statuses.py >statuses.txt 2019-05-20 19:35:37 +02:00

			`#if defined(RECORD_PSA_STATUS_COVERAGE_LOG)`
			`#include <psa/crypto.h>`

			`/** Name of the file where return statuses are logged by #RECORD_STATUS. */`
			`#define STATUS_LOG_FILE_NAME "statuses.log"`

Use mbedtls_test_ prefix on all PSA helper functions Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> 2020-11-24 17:07:05 +01:00			`static psa_status_t mbedtls_test_record_status( psa_status_t status,`
			`const char *func,`
			`const char *file, int line,`
			`const char *expr )`
PSA return status coverage script Add infrastructure to run unit tests and collect the return values for every PSA API function that returns psa_status_t. ./tests/scripts/psa_collect_statuses.py >statuses.txt 2019-05-20 19:35:37 +02:00			`{`
			`/* We open the log file on first use.`
			`* We never close the log file, so the record_status feature is not`
			`* compatible with resource leak detectors such as Asan.`
			`*/`
			`static FILE *log;`
			`if( log == NULL )`
			`log = fopen( STATUS_LOG_FILE_NAME, "a" );`
			`fprintf( log, "%d:%s:%s:%d:%s\n", (int) status, func, file, line, expr );`
			`return( status );`
			`}`

			`/** Return value logging wrapper macro.`
			`*`
			`* Evaluate \p expr. Write a line recording its value to the log file`
			`* #STATUS_LOG_FILE_NAME and return the value. The line is a colon-separated`
			`* list of fields:`
			* ```
			`* value of expr:string:__FILE__:__LINE__:expr`
			* ```
			`*`
			`* The test code does not call this macro explicitly because that would`
			`* be very invasive. Instead, we instrument the source code by defining`
			`* a bunch of wrapper macros like`
			* ```
			`* #define psa_crypto_init() RECORD_STATUS("psa_crypto_init", psa_crypto_init())`
			* ```
			* These macro definitions must be present in `instrument_record_status.h`
			`* when building the test suites.`
			`*`
			`* \param string A string, normally a function name.`
			`* \param expr An expression to evaluate, normally a call of the function`
			`* whose name is in \p string. This expression must return`
			`* a value of type #psa_status_t.`
			`* \return The value of \p expr.`
			`*/`
			`#define RECORD_STATUS( string, expr ) \`
Use mbedtls_test_ prefix on all PSA helper functions Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> 2020-11-24 17:07:05 +01:00			`mbedtls_test_record_status( ( expr ), string, __FILE__, __LINE__, #expr )`
PSA return status coverage script Add infrastructure to run unit tests and collect the return values for every PSA API function that returns psa_status_t. ./tests/scripts/psa_collect_statuses.py >statuses.txt 2019-05-20 19:35:37 +02:00
			`#include "instrument_record_status.h"`

			`#endif /* defined(RECORD_PSA_STATUS_COVERAGE_LOG) */`

Rename psa_helpers.function to psa_crypto_helpers.h This file isn't like the other .function files: it isn't concatenated by a separate preprocessing script, but included via C preprocessing. Rename this file to .h. This isn't a normal C header, because it defines auxiliary functions. But the functions aren't big and we only have one compilation unit per executable, so this is good enough for what we're doing. 2019-06-20 12:40:56 +02:00			`#endif /* PSA_CRYPTO_HELPERS_H */`