Add test helpers to framework repo

scripts/generate_psa_wrappers.py

@@ -248,8 +248,8 @@ def _printf_parameters(self, typ: str, var: str) -> Tuple[str, List[str]]:
         return super()._printf_parameters(typ, var)
 
 
-DEFAULT_C_OUTPUT_FILE_NAME = 'tests/src/psa_test_wrappers.c'
-DEFAULT_H_OUTPUT_FILE_NAME = 'tests/include/test/psa_test_wrappers.h'
+DEFAULT_C_OUTPUT_FILE_NAME = 'framework/tests/src/psa_test_wrappers.c'
+DEFAULT_H_OUTPUT_FILE_NAME = 'framework/tests/include/test/psa_test_wrappers.h'
 
 def main() -> None:
     parser = argparse.ArgumentParser(description=globals()['__doc__'])

scripts/generate_test_cert_macros.py

@@ -1,7 +1,8 @@
 #!/usr/bin/env python3
 
 """
-Generate `tests/src/test_certs.h` which includes certficaties/keys/certificate list for testing.
+Generate `framework/tests/src/test_certs.h` which includes
+certficates/keys/certificate list for testing.
 """
 
 #
@@ -15,8 +16,8 @@
 import jinja2
 from mbedtls_framework.build_tree import guess_project_root
 
-TESTS_DIR = os.path.join(guess_project_root(), 'tests')
 FRAMEWORK_DIR = os.path.join(guess_project_root(), 'framework')
+TESTS_DIR = os.path.join(FRAMEWORK_DIR, 'tests')
 DATA_FILES_PATH = os.path.join(FRAMEWORK_DIR, 'data_files')
 
 INPUT_ARGS = [

scripts/generate_test_keys.py

@@ -168,7 +168,7 @@ def collect_keys() -> Tuple[str, str]:
     return ''.join(arrays), '\n'.join(look_up_table)
 
 def main() -> None:
-    default_output_path = guess_project_root() + "/tests/src/test_keys.h"
+    default_output_path = guess_project_root() + "/framework/tests/src/test_keys.h"
 
     argparser = argparse.ArgumentParser()
     argparser.add_argument("--output", help="Output file", default=default_output_path)

tests/include/alt-extra/psa/crypto.h

@@ -0,0 +1,7 @@
+/* The goal of the include/alt-extra directory is to test what happens
+ * if certain files come _after_ the normal include directory.
+ * Make sure that if the alt-extra directory comes before the normal
+ * directory (so we wouldn't be achieving our test objective), the build
+ * will fail.
+ */
+#error "The normal include directory must come first in the include path"

tests/include/baremetal-override/time.h

@@ -0,0 +1,6 @@
+/*
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#error "time.h included in a configuration without MBEDTLS_HAVE_TIME"

tests/include/spe/crypto_spe.h

@@ -0,0 +1,131 @@
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ */
+
+/**
+ * \file crypto_spe.h
+ *
+ * \brief When Mbed TLS is built with the MBEDTLS_PSA_CRYPTO_SPM option
+ *        enabled, this header is included by all .c files in Mbed TLS that
+ *        use PSA Crypto function names. This avoids duplication of symbols
+ *        between TF-M and Mbed TLS.
+ *
+ * \note  This file should be included before including any PSA Crypto headers
+ *        from Mbed TLS.
+ */
+
+#ifndef CRYPTO_SPE_H
+#define CRYPTO_SPE_H
+
+#define PSA_FUNCTION_NAME(x) mbedcrypto__ ## x
+
+#define psa_crypto_init \
+    PSA_FUNCTION_NAME(psa_crypto_init)
+#define psa_key_derivation_get_capacity \
+    PSA_FUNCTION_NAME(psa_key_derivation_get_capacity)
+#define psa_key_derivation_set_capacity \
+    PSA_FUNCTION_NAME(psa_key_derivation_set_capacity)
+#define psa_key_derivation_input_bytes \
+    PSA_FUNCTION_NAME(psa_key_derivation_input_bytes)
+#define psa_key_derivation_output_bytes \
+    PSA_FUNCTION_NAME(psa_key_derivation_output_bytes)
+#define psa_key_derivation_input_key \
+    PSA_FUNCTION_NAME(psa_key_derivation_input_key)
+#define psa_key_derivation_output_key \
+    PSA_FUNCTION_NAME(psa_key_derivation_output_key)
+#define psa_key_derivation_setup \
+    PSA_FUNCTION_NAME(psa_key_derivation_setup)
+#define psa_key_derivation_abort \
+    PSA_FUNCTION_NAME(psa_key_derivation_abort)
+#define psa_key_derivation_key_agreement \
+    PSA_FUNCTION_NAME(psa_key_derivation_key_agreement)
+#define psa_raw_key_agreement \
+    PSA_FUNCTION_NAME(psa_raw_key_agreement)
+#define psa_generate_random \
+    PSA_FUNCTION_NAME(psa_generate_random)
+#define psa_aead_encrypt \
+    PSA_FUNCTION_NAME(psa_aead_encrypt)
+#define psa_aead_decrypt \
+    PSA_FUNCTION_NAME(psa_aead_decrypt)
+#define psa_open_key \
+    PSA_FUNCTION_NAME(psa_open_key)
+#define psa_close_key \
+    PSA_FUNCTION_NAME(psa_close_key)
+#define psa_import_key \
+    PSA_FUNCTION_NAME(psa_import_key)
+#define psa_destroy_key \
+    PSA_FUNCTION_NAME(psa_destroy_key)
+#define psa_get_key_attributes \
+    PSA_FUNCTION_NAME(psa_get_key_attributes)
+#define psa_reset_key_attributes \
+    PSA_FUNCTION_NAME(psa_reset_key_attributes)
+#define psa_export_key \
+    PSA_FUNCTION_NAME(psa_export_key)
+#define psa_export_public_key \
+    PSA_FUNCTION_NAME(psa_export_public_key)
+#define psa_purge_key \
+    PSA_FUNCTION_NAME(psa_purge_key)
+#define psa_copy_key \
+    PSA_FUNCTION_NAME(psa_copy_key)
+#define psa_cipher_operation_init \
+    PSA_FUNCTION_NAME(psa_cipher_operation_init)
+#define psa_cipher_generate_iv \
+    PSA_FUNCTION_NAME(psa_cipher_generate_iv)
+#define psa_cipher_set_iv \
+    PSA_FUNCTION_NAME(psa_cipher_set_iv)
+#define psa_cipher_encrypt_setup \
+    PSA_FUNCTION_NAME(psa_cipher_encrypt_setup)
+#define psa_cipher_decrypt_setup \
+    PSA_FUNCTION_NAME(psa_cipher_decrypt_setup)
+#define psa_cipher_update \
+    PSA_FUNCTION_NAME(psa_cipher_update)
+#define psa_cipher_finish \
+    PSA_FUNCTION_NAME(psa_cipher_finish)
+#define psa_cipher_abort \
+    PSA_FUNCTION_NAME(psa_cipher_abort)
+#define psa_hash_operation_init \
+    PSA_FUNCTION_NAME(psa_hash_operation_init)
+#define psa_hash_setup \
+    PSA_FUNCTION_NAME(psa_hash_setup)
+#define psa_hash_update \
+    PSA_FUNCTION_NAME(psa_hash_update)
+#define psa_hash_finish \
+    PSA_FUNCTION_NAME(psa_hash_finish)
+#define psa_hash_verify \
+    PSA_FUNCTION_NAME(psa_hash_verify)
+#define psa_hash_abort \
+    PSA_FUNCTION_NAME(psa_hash_abort)
+#define psa_hash_clone \
+    PSA_FUNCTION_NAME(psa_hash_clone)
+#define psa_hash_compute \
+    PSA_FUNCTION_NAME(psa_hash_compute)
+#define psa_hash_compare \
+    PSA_FUNCTION_NAME(psa_hash_compare)
+#define psa_mac_operation_init \
+    PSA_FUNCTION_NAME(psa_mac_operation_init)
+#define psa_mac_sign_setup \
+    PSA_FUNCTION_NAME(psa_mac_sign_setup)
+#define psa_mac_verify_setup \
+    PSA_FUNCTION_NAME(psa_mac_verify_setup)
+#define psa_mac_update \
+    PSA_FUNCTION_NAME(psa_mac_update)
+#define psa_mac_sign_finish \
+    PSA_FUNCTION_NAME(psa_mac_sign_finish)
+#define psa_mac_verify_finish \
+    PSA_FUNCTION_NAME(psa_mac_verify_finish)
+#define psa_mac_abort \
+    PSA_FUNCTION_NAME(psa_mac_abort)
+#define psa_sign_hash \
+    PSA_FUNCTION_NAME(psa_sign_hash)
+#define psa_verify_hash \
+    PSA_FUNCTION_NAME(psa_verify_hash)
+#define psa_asymmetric_encrypt \
+    PSA_FUNCTION_NAME(psa_asymmetric_encrypt)
+#define psa_asymmetric_decrypt \
+    PSA_FUNCTION_NAME(psa_asymmetric_decrypt)
+#define psa_generate_key \
+    PSA_FUNCTION_NAME(psa_generate_key)
+
+#endif /* CRYPTO_SPE_H */

tests/include/test/arguments.h

@@ -0,0 +1,26 @@
+/**
+ * \file arguments.h
+ *
+ * \brief Manipulation of test arguments.
+ *
+ * Much of the code is in host_test.function, to be migrated here later.
+ */
+
+/*
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#ifndef TEST_ARGUMENTS_H
+#define TEST_ARGUMENTS_H
+
+#include "mbedtls/build_info.h"
+#include <stdint.h>
+#include <stdlib.h>
+
+typedef union {
+    size_t len;
+    intmax_t sint;
+} mbedtls_test_argument_t;
+
+#endif /* TEST_ARGUMENTS_H */

tests/include/test/asn1_helpers.h

@@ -0,0 +1,38 @@
+/** Helper functions for tests that manipulate ASN.1 data.
+ */
+/*
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#ifndef ASN1_HELPERS_H
+#define ASN1_HELPERS_H
+
+#include "test/helpers.h"
+
+/** Skip past an INTEGER in an ASN.1 buffer.
+ *
+ * Mark the current test case as failed in any of the following conditions:
+ * - The buffer does not start with an ASN.1 INTEGER.
+ * - The integer's size or parity does not match the constraints expressed
+ *   through \p min_bits, \p max_bits and \p must_be_odd.
+ *
+ * \param p             Upon entry, `*p` points to the first byte of the
+ *                      buffer to parse.
+ *                      On successful return, `*p` points to the first byte
+ *                      after the parsed INTEGER.
+ *                      On failure, `*p` is unspecified.
+ * \param end           The end of the ASN.1 buffer.
+ * \param min_bits      Fail the test case if the integer does not have at
+ *                      least this many significant bits.
+ * \param max_bits      Fail the test case if the integer has more than
+ *                      this many significant bits.
+ * \param must_be_odd   Fail the test case if the integer is even.
+ *
+ * \return              \c 0 if the test failed, otherwise 1.
+ */
+int mbedtls_test_asn1_skip_integer(unsigned char **p, const unsigned char *end,
+                                   size_t min_bits, size_t max_bits,
+                                   int must_be_odd);
+
+#endif /* ASN1_HELPERS_H */

tests/include/test/bignum_helpers.h

@@ -0,0 +1,98 @@
+/**
+ * \file bignum_helpers.h
+ *
+ * \brief   This file contains the prototypes of helper functions for
+ *          bignum-related testing.
+ */
+
+/*
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#ifndef TEST_BIGNUM_HELPERS_H
+#define TEST_BIGNUM_HELPERS_H
+
+#include <mbedtls/build_info.h>
+
+#if defined(MBEDTLS_BIGNUM_C)
+
+#include <mbedtls/bignum.h>
+#include <bignum_mod.h>
+
+/** Allocate and populate a core MPI from a test case argument.
+ *
+ * This function allocates exactly as many limbs as necessary to fit
+ * the length of the input. In other words, it preserves leading zeros.
+ *
+ * The limb array is allocated with mbedtls_calloc() and must later be
+ * freed with mbedtls_free().
+ *
+ * \param[in,out] pX    The address where a pointer to the allocated limb
+ *                      array will be stored.
+ *                      \c *pX must be null on entry.
+ *                      On exit, \c *pX is null on error or if the number
+ *                      of limbs is 0.
+ * \param[out] plimbs   The address where the number of limbs will be stored.
+ * \param[in] input     The test argument to read.
+ *                      It is interpreted as a hexadecimal representation
+ *                      of a non-negative integer.
+ *
+ * \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise.
+ */
+int mbedtls_test_read_mpi_core(mbedtls_mpi_uint **pX, size_t *plimbs,
+                               const char *input);
+
+/** Read a modulus from a hexadecimal string.
+ *
+ * This function allocates exactly as many limbs as necessary to fit
+ * the length of the input. In other words, it preserves leading zeros.
+ *
+ * The limb array is allocated with mbedtls_calloc() and must later be
+ * freed with mbedtls_free(). You can do that by calling
+ * mbedtls_test_mpi_mod_modulus_free_with_limbs().
+ *
+ * \param[in,out] N     A modulus structure. It must be initialized, but
+ *                      not set up.
+ * \param[in] s         The null-terminated hexadecimal string to read from.
+ * \param int_rep       The desired representation of residues.
+ *
+ * \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise.
+ */
+int mbedtls_test_read_mpi_modulus(mbedtls_mpi_mod_modulus *N,
+                                  const char *s,
+                                  mbedtls_mpi_mod_rep_selector int_rep);
+
+/** Free a modulus and its limbs.
+ *
+ * \param[in] N         A modulus structure such that there is no other
+ *                      reference to `N->p`.
+ */
+void mbedtls_test_mpi_mod_modulus_free_with_limbs(mbedtls_mpi_mod_modulus *N);
+
+/** Read an MPI from a hexadecimal string.
+ *
+ * Like mbedtls_mpi_read_string(), but with tighter guarantees around
+ * edge cases.
+ *
+ * - This function guarantees that if \p s begins with '-' then the sign
+ *   bit of the result will be negative, even if the value is 0.
+ *   When this function encounters such a "negative 0", it calls
+ *   mbedtls_test_increment_case_uses_negative_0().
+ * - The size of the result is exactly the minimum number of limbs needed to fit
+ *   the digits in the input. In particular, this function constructs a bignum
+ *   with 0 limbs for an empty string, and a bignum with leading 0 limbs if the
+ *   string has sufficiently many leading 0 digits. This is important so that
+ *   the "0 (null)" and "0 (1 limb)" and "leading zeros" test cases do what they
+ *   claim.
+ *
+ * \param[out] X        The MPI object to populate. It must be initialized.
+ * \param[in] s         The null-terminated hexadecimal string to read from.
+ *
+ * \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise.
+ */
+int mbedtls_test_read_mpi(mbedtls_mpi *X, const char *s);
+
+#endif /* MBEDTLS_BIGNUM_C */
+
+#endif /* TEST_BIGNUM_HELPERS_H */