1 /** \file psa_crypto_helpers.c
2  *
3  * \brief Helper functions to test PSA crypto functionality.
4  */
5 
6 /*
7  *  Copyright The Mbed TLS Contributors
8  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
9  */
10 
11 #include <test/helpers.h>
12 #include <test/macros.h>
13 #include <psa_crypto_slot_management.h>
14 #include <test/psa_crypto_helpers.h>
15 
16 #if defined(MBEDTLS_CTR_DRBG_C)
17 #include <mbedtls/ctr_drbg.h>
18 #endif
19 
20 #if defined(MBEDTLS_PSA_CRYPTO_C)
21 
22 #include <psa/crypto.h>
23 
24 #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
25 
26 #include <psa_crypto_storage.h>
27 
28 static mbedtls_svc_key_id_t key_ids_used_in_test[9];
29 static size_t num_key_ids_used;
30 
mbedtls_test_uses_key_id(mbedtls_svc_key_id_t key_id)31 int mbedtls_test_uses_key_id(mbedtls_svc_key_id_t key_id)
32 {
33     size_t i;
34     if (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key_id) >
35         PSA_MAX_PERSISTENT_KEY_IDENTIFIER) {
36         /* Don't touch key id values that designate non-key files. */
37         return 1;
38     }
39     for (i = 0; i < num_key_ids_used; i++) {
40         if (mbedtls_svc_key_id_equal(key_id, key_ids_used_in_test[i])) {
41             return 1;
42         }
43     }
44     if (num_key_ids_used == ARRAY_LENGTH(key_ids_used_in_test)) {
45         return 0;
46     }
47     key_ids_used_in_test[num_key_ids_used] = key_id;
48     ++num_key_ids_used;
49     return 1;
50 }
51 
mbedtls_test_psa_purge_key_storage(void)52 void mbedtls_test_psa_purge_key_storage(void)
53 {
54     size_t i;
55     for (i = 0; i < num_key_ids_used; i++) {
56         psa_destroy_persistent_key(key_ids_used_in_test[i]);
57     }
58     num_key_ids_used = 0;
59 }
60 
mbedtls_test_psa_purge_key_cache(void)61 void mbedtls_test_psa_purge_key_cache(void)
62 {
63     size_t i;
64     for (i = 0; i < num_key_ids_used; i++) {
65         psa_purge_key(key_ids_used_in_test[i]);
66     }
67 }
68 
69 #endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
70 
mbedtls_test_helper_is_psa_leaking(void)71 const char *mbedtls_test_helper_is_psa_leaking(void)
72 {
73     mbedtls_psa_stats_t stats;
74 
75     mbedtls_psa_get_stats(&stats);
76 
77     /* Some volatile slots may be used for internal purposes. Generally
78      * we'll have exactly MBEDTLS_TEST_PSA_INTERNAL_KEYS at this point,
79      * but in some cases we might have less, e.g. if a code path calls
80      * PSA_DONE more than once, or if there has only been a partial or
81      * failed initialization. */
82     if (stats.volatile_slots > MBEDTLS_TEST_PSA_INTERNAL_KEYS) {
83         return "A volatile slot has not been closed properly.";
84     }
85     if (stats.persistent_slots != 0) {
86         return "A persistent slot has not been closed properly.";
87     }
88     if (stats.external_slots != 0) {
89         return "An external slot has not been closed properly.";
90     }
91     if (stats.half_filled_slots != 0) {
92         return "A half-filled slot has not been cleared properly.";
93     }
94     if (stats.locked_slots != 0) {
95         return "Some slots are still marked as locked.";
96     }
97 
98     return NULL;
99 }
100 
101 #if defined(RECORD_PSA_STATUS_COVERAGE_LOG)
102 /** Name of the file where return statuses are logged by #RECORD_STATUS. */
103 #define STATUS_LOG_FILE_NAME "statuses.log"
104 
mbedtls_test_record_status(psa_status_t status,const char * func,const char * file,int line,const char * expr)105 psa_status_t mbedtls_test_record_status(psa_status_t status,
106                                         const char *func,
107                                         const char *file, int line,
108                                         const char *expr)
109 {
110     /* We open the log file on first use.
111      * We never close the log file, so the record_status feature is not
112      * compatible with resource leak detectors such as Asan.
113      */
114     static FILE *log;
115     if (log == NULL) {
116         log = fopen(STATUS_LOG_FILE_NAME, "a");
117     }
118     fprintf(log, "%d:%s:%s:%d:%s\n", (int) status, func, file, line, expr);
119     return status;
120 }
121 #endif /* defined(RECORD_PSA_STATUS_COVERAGE_LOG) */
122 
mbedtls_test_update_key_usage_flags(psa_key_usage_t usage_flags)123 psa_key_usage_t mbedtls_test_update_key_usage_flags(psa_key_usage_t usage_flags)
124 {
125     psa_key_usage_t updated_usage = usage_flags;
126 
127     if (usage_flags & PSA_KEY_USAGE_SIGN_HASH) {
128         updated_usage |= PSA_KEY_USAGE_SIGN_MESSAGE;
129     }
130 
131     if (usage_flags & PSA_KEY_USAGE_VERIFY_HASH) {
132         updated_usage |= PSA_KEY_USAGE_VERIFY_MESSAGE;
133     }
134 
135     return updated_usage;
136 }
137 
mbedtls_test_fail_if_psa_leaking(int line_no,const char * filename)138 int mbedtls_test_fail_if_psa_leaking(int line_no, const char *filename)
139 {
140     const char *msg = mbedtls_test_helper_is_psa_leaking();
141     if (msg == NULL) {
142         return 0;
143     } else {
144         mbedtls_test_fail(msg, line_no, filename);
145         return 1;
146     }
147 }
148 
mbedtls_test_parse_binary_string(data_t * bin_string)149 uint64_t mbedtls_test_parse_binary_string(data_t *bin_string)
150 {
151     uint64_t result = 0;
152     TEST_LE_U(bin_string->len, 8);
153     for (size_t i = 0; i < bin_string->len; i++) {
154         result = result << 8 | bin_string->x[i];
155     }
156 exit:
157     return result; /* returns 0 if len > 8 */
158 }
159 
160 #if defined(MBEDTLS_PSA_INJECT_ENTROPY)
161 
162 #include <mbedtls/entropy.h>
163 #include <psa_crypto_its.h>
164 
mbedtls_test_inject_entropy_seed_read(unsigned char * buf,size_t len)165 int mbedtls_test_inject_entropy_seed_read(unsigned char *buf, size_t len)
166 {
167     size_t actual_len = 0;
168     psa_status_t status = psa_its_get(PSA_CRYPTO_ITS_RANDOM_SEED_UID,
169                                       0, len, buf, &actual_len);
170     if (status != 0) {
171         return MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
172     }
173     if (actual_len != len) {
174         return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
175     }
176     return 0;
177 }
178 
mbedtls_test_inject_entropy_seed_write(unsigned char * buf,size_t len)179 int mbedtls_test_inject_entropy_seed_write(unsigned char *buf, size_t len)
180 {
181     psa_status_t status = psa_its_set(PSA_CRYPTO_ITS_RANDOM_SEED_UID,
182                                       len, buf, 0);
183     if (status != 0) {
184         return MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
185     }
186     return 0;
187 }
188 
mbedtls_test_inject_entropy_restore(void)189 int mbedtls_test_inject_entropy_restore(void)
190 {
191     unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
192     for (size_t i = 0; i < sizeof(buf); i++) {
193         buf[i] = (unsigned char) i;
194     }
195     psa_status_t status = mbedtls_psa_inject_entropy(buf, sizeof(buf));
196     /* It's ok if the file was just created, or if it already exists. */
197     if (status != PSA_SUCCESS && status != PSA_ERROR_NOT_PERMITTED) {
198         return status;
199     }
200     return PSA_SUCCESS;
201 }
202 
203 #endif /* MBEDTLS_PSA_INJECT_ENTROPY */
204 
205 #endif /* MBEDTLS_PSA_CRYPTO_C */
206