From 40a93dff3291682ffaad1d873fdbf9bad470b40d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 13 Nov 2023 10:14:47 +0100 Subject: [PATCH 01/15] all.sh: keep CTR_DRBG enabled in test_psa_crypto_config_accel_cipher_aead() Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 462597ba6..3e4baa71e 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3729,7 +3729,6 @@ common_psa_crypto_config_accel_cipher_aead() { scripts/config.py unset MBEDTLS_PKCS5_C scripts/config.py unset MBEDTLS_PKCS12_C - scripts/config.py unset MBEDTLS_CTR_DRBG_C scripts/config.py unset MBEDTLS_NIST_KW_C } From fbefe04bf3fa8e2a1e6233251a3d755b8501eda2 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 13 Nov 2023 10:15:43 +0100 Subject: [PATCH 02/15] check_config: fix requirements for CTR_DRBG The module now depends on either: - AES_C, which is the default and the preferred solution for backward compatibility - CRYPTO_C + KEY_TYPE_AES + ALG_ECB_NO_PADDINTG, which is the new solution when AES_C is not defined Signed-off-by: Valerio Setti --- include/mbedtls/check_config.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 9b5b6467e..34ddcb159 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -153,7 +153,9 @@ #endif /* not all curves accelerated */ #endif /* some curve accelerated */ -#if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C) +#if defined(MBEDTLS_CTR_DRBG_C) && !(defined(MBEDTLS_AES_C) || \ + (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_KEY_TYPE_AES) && \ + defined(PSA_WANT_ALG_ECB_NO_PADDING))) #error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites" #endif From 5f4b28defc85f95498e0dc9332c2a094d0125cb4 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 13 Nov 2023 10:18:16 +0100 Subject: [PATCH 03/15] ctr_drbg: add alternative PSA implementation when AES_C is not defined Signed-off-by: Valerio Setti --- include/mbedtls/ctr_drbg.h | 18 +++++ library/ctr_drbg.c | 148 ++++++++++++++++++++++++++++++++++++- 2 files changed, 164 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h index d1f19e607..c00756df1 100644 --- a/include/mbedtls/ctr_drbg.h +++ b/include/mbedtls/ctr_drbg.h @@ -32,7 +32,14 @@ #include "mbedtls/build_info.h" +/* In case AES_C is defined then it is the primary option for backward + * compatibility purposes. If that's not available, PSA is used instead */ +#if defined(MBEDTLS_AES_C) #include "mbedtls/aes.h" +#else +#include "psa/crypto.h" +#endif + #include "entropy.h" #if defined(MBEDTLS_THREADING_C) @@ -150,6 +157,13 @@ extern "C" { #define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN (MBEDTLS_CTR_DRBG_ENTROPY_LEN + 1) / 2 #endif +#if !defined(MBEDTLS_AES_C) +typedef struct mbedtls_ctr_drbg_psa_context { + mbedtls_svc_key_id_t key_id; + psa_cipher_operation_t operation; +} mbedtls_ctr_drbg_psa_context; +#endif + /** * \brief The CTR_DRBG context structure. */ @@ -175,7 +189,11 @@ typedef struct mbedtls_ctr_drbg_context { * This is the maximum number of requests * that can be made between reseedings. */ +#if defined(MBEDTLS_AES_C) mbedtls_aes_context MBEDTLS_PRIVATE(aes_ctx); /*!< The AES context. */ +#else + mbedtls_ctr_drbg_psa_context MBEDTLS_PRIVATE(psa_ctx); /*!< The PSA context. */ +#endif /* * Callbacks (Entropy) diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index cf3816e9f..da34f950b 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -24,15 +24,60 @@ #include #endif +/* Using error translation functions from PSA to MbedTLS */ +#if !defined(MBEDTLS_AES_C) +#include "psa_util_internal.h" +#endif + #include "mbedtls/platform.h" +#if !defined(MBEDTLS_AES_C) +static psa_status_t ctr_drbg_setup_psa_context(mbedtls_ctr_drbg_psa_context *psa_ctx, + unsigned char *key, size_t key_len) +{ + psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t status; + + psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_ENCRYPT); + psa_set_key_algorithm(&key_attr, PSA_ALG_ECB_NO_PADDING); + psa_set_key_type(&key_attr, PSA_KEY_TYPE_AES); + status = psa_import_key(&key_attr, key, key_len, &psa_ctx->key_id); + if (status != PSA_SUCCESS) { + goto exit; + } + + status = psa_cipher_encrypt_setup(&psa_ctx->operation, psa_ctx->key_id, PSA_ALG_ECB_NO_PADDING); + if (status != PSA_SUCCESS) { + goto exit; + } + +exit: + psa_reset_key_attributes(&key_attr); + return status; +} + +static void ctr_drbg_destroy_psa_contex(mbedtls_ctr_drbg_psa_context *psa_ctx) +{ + psa_cipher_abort(&psa_ctx->operation); + psa_destroy_key(psa_ctx->key_id); + + psa_ctx->operation = psa_cipher_operation_init(); + psa_ctx->key_id = MBEDTLS_SVC_KEY_ID_INIT; +} +#endif + /* * CTR_DRBG context initialization */ void mbedtls_ctr_drbg_init(mbedtls_ctr_drbg_context *ctx) { memset(ctx, 0, sizeof(mbedtls_ctr_drbg_context)); +#if defined(MBEDTLS_AES_C) mbedtls_aes_init(&ctx->aes_ctx); +#else + ctx->psa_ctx.key_id = MBEDTLS_SVC_KEY_ID_INIT; + ctx->psa_ctx.operation = psa_cipher_operation_init(); +#endif /* Indicate that the entropy nonce length is not set explicitly. * See mbedtls_ctr_drbg_set_nonce_len(). */ ctx->reseed_counter = -1; @@ -56,7 +101,11 @@ void mbedtls_ctr_drbg_free(mbedtls_ctr_drbg_context *ctx) mbedtls_mutex_free(&ctx->mutex); } #endif +#if defined(MBEDTLS_AES_C) mbedtls_aes_free(&ctx->aes_ctx); +#else + ctr_drbg_destroy_psa_contex(&ctx->psa_ctx); +#endif mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ctr_drbg_context)); ctx->reseed_interval = MBEDTLS_CTR_DRBG_RESEED_INTERVAL; ctx->reseed_counter = -1; @@ -117,8 +166,17 @@ static int block_cipher_df(unsigned char *output, unsigned char key[MBEDTLS_CTR_DRBG_KEYSIZE]; unsigned char chain[MBEDTLS_CTR_DRBG_BLOCKSIZE]; unsigned char *p, *iv; - mbedtls_aes_context aes_ctx; int ret = 0; +#if defined(MBEDTLS_AES_C) + mbedtls_aes_context aes_ctx; +#else + psa_status_t status; + size_t tmp_len; + mbedtls_ctr_drbg_psa_context psa_ctx; + + psa_ctx.key_id = MBEDTLS_SVC_KEY_ID_INIT; + psa_ctx.operation = psa_cipher_operation_init(); +#endif int i, j; size_t buf_len, use_len; @@ -129,7 +187,6 @@ static int block_cipher_df(unsigned char *output, memset(buf, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT + MBEDTLS_CTR_DRBG_BLOCKSIZE + 16); - mbedtls_aes_init(&aes_ctx); /* * Construct IV (16 bytes) and S in buffer @@ -151,10 +208,20 @@ static int block_cipher_df(unsigned char *output, key[i] = i; } +#if defined(MBEDTLS_AES_C) + mbedtls_aes_init(&aes_ctx); + if ((ret = mbedtls_aes_setkey_enc(&aes_ctx, key, MBEDTLS_CTR_DRBG_KEYBITS)) != 0) { goto exit; } +#else + status = ctr_drbg_setup_psa_context(&psa_ctx, key, sizeof(key)); + if (status != PSA_SUCCESS) { + ret = psa_generic_status_to_mbedtls(status); + goto exit; + } +#endif /* * Reduce data to MBEDTLS_CTR_DRBG_SEEDLEN bytes of data @@ -170,10 +237,19 @@ static int block_cipher_df(unsigned char *output, use_len -= (use_len >= MBEDTLS_CTR_DRBG_BLOCKSIZE) ? MBEDTLS_CTR_DRBG_BLOCKSIZE : use_len; +#if defined(MBEDTLS_AES_C) if ((ret = mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT, chain, chain)) != 0) { goto exit; } +#else + status = psa_cipher_update(&psa_ctx.operation, chain, MBEDTLS_CTR_DRBG_BLOCKSIZE, + chain, MBEDTLS_CTR_DRBG_BLOCKSIZE, &tmp_len); + if (status != PSA_SUCCESS) { + ret = psa_generic_status_to_mbedtls(status); + goto exit; + } +#endif } memcpy(tmp + j, chain, MBEDTLS_CTR_DRBG_BLOCKSIZE); @@ -187,23 +263,46 @@ static int block_cipher_df(unsigned char *output, /* * Do final encryption with reduced data */ +#if defined(MBEDTLS_AES_C) if ((ret = mbedtls_aes_setkey_enc(&aes_ctx, tmp, MBEDTLS_CTR_DRBG_KEYBITS)) != 0) { goto exit; } +#else + ctr_drbg_destroy_psa_contex(&psa_ctx); + + status = ctr_drbg_setup_psa_context(&psa_ctx, tmp, MBEDTLS_CTR_DRBG_KEYSIZE); + if (status != PSA_SUCCESS) { + ret = psa_generic_status_to_mbedtls(status); + goto exit; + } +#endif iv = tmp + MBEDTLS_CTR_DRBG_KEYSIZE; p = output; for (j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE) { +#if defined(MBEDTLS_AES_C) if ((ret = mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT, iv, iv)) != 0) { goto exit; } +#else + status = psa_cipher_update(&psa_ctx.operation, iv, MBEDTLS_CTR_DRBG_BLOCKSIZE, + iv, MBEDTLS_CTR_DRBG_BLOCKSIZE, &tmp_len); + if (status != PSA_SUCCESS) { + ret = psa_generic_status_to_mbedtls(status); + goto exit; + } +#endif memcpy(p, iv, MBEDTLS_CTR_DRBG_BLOCKSIZE); p += MBEDTLS_CTR_DRBG_BLOCKSIZE; } exit: +#if defined(MBEDTLS_AES_C) mbedtls_aes_free(&aes_ctx); +#else + ctr_drbg_destroy_psa_contex(&psa_ctx); +#endif /* * tidy up the stack */ @@ -236,6 +335,10 @@ static int ctr_drbg_update_internal(mbedtls_ctr_drbg_context *ctx, unsigned char *p = tmp; int i, j; int ret = 0; +#if !defined(MBEDTLS_AES_C) + psa_status_t status; + size_t tmp_len; +#endif memset(tmp, 0, MBEDTLS_CTR_DRBG_SEEDLEN); @@ -252,10 +355,19 @@ static int ctr_drbg_update_internal(mbedtls_ctr_drbg_context *ctx, /* * Crypt counter block */ +#if defined(MBEDTLS_AES_C) if ((ret = mbedtls_aes_crypt_ecb(&ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, ctx->counter, p)) != 0) { goto exit; } +#else + status = psa_cipher_update(&ctx->psa_ctx.operation, ctx->counter, sizeof(ctx->counter), + p, MBEDTLS_CTR_DRBG_BLOCKSIZE, &tmp_len); + if (status != PSA_SUCCESS) { + ret = psa_generic_status_to_mbedtls(status); + goto exit; + } +#endif p += MBEDTLS_CTR_DRBG_BLOCKSIZE; } @@ -267,10 +379,20 @@ static int ctr_drbg_update_internal(mbedtls_ctr_drbg_context *ctx, /* * Update key and counter */ +#if defined(MBEDTLS_AES_C) if ((ret = mbedtls_aes_setkey_enc(&ctx->aes_ctx, tmp, MBEDTLS_CTR_DRBG_KEYBITS)) != 0) { goto exit; } +#else + ctr_drbg_destroy_psa_contex(&ctx->psa_ctx); + + status = ctr_drbg_setup_psa_context(&ctx->psa_ctx, tmp, MBEDTLS_CTR_DRBG_KEYSIZE); + if (status != PSA_SUCCESS) { + ret = psa_generic_status_to_mbedtls(status); + goto exit; + } +#endif memcpy(ctx->counter, tmp + MBEDTLS_CTR_DRBG_KEYSIZE, MBEDTLS_CTR_DRBG_BLOCKSIZE); @@ -447,10 +569,20 @@ int mbedtls_ctr_drbg_seed(mbedtls_ctr_drbg_context *ctx, good_nonce_len(ctx->entropy_len)); /* Initialize with an empty key. */ +#if defined(MBEDTLS_AES_C) if ((ret = mbedtls_aes_setkey_enc(&ctx->aes_ctx, key, MBEDTLS_CTR_DRBG_KEYBITS)) != 0) { return ret; } +#else + psa_status_t status; + + status = ctr_drbg_setup_psa_context(&ctx->psa_ctx, key, MBEDTLS_CTR_DRBG_KEYSIZE); + if (status != PSA_SUCCESS) { + ret = psa_generic_status_to_mbedtls(status); + return status; + } +#endif /* Do the initial seeding. */ if ((ret = mbedtls_ctr_drbg_reseed_internal(ctx, custom, len, @@ -531,10 +663,22 @@ int mbedtls_ctr_drbg_random_with_add(void *p_rng, /* * Crypt counter block */ +#if defined(MBEDTLS_AES_C) if ((ret = mbedtls_aes_crypt_ecb(&ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, ctx->counter, tmp)) != 0) { goto exit; } +#else + psa_status_t status; + size_t tmp_len; + + status = psa_cipher_update(&ctx->psa_ctx.operation, ctx->counter, sizeof(ctx->counter), + tmp, MBEDTLS_CTR_DRBG_BLOCKSIZE, &tmp_len); + if (status != PSA_SUCCESS) { + ret = psa_generic_status_to_mbedtls(status); + goto exit; + } +#endif use_len = (output_len > MBEDTLS_CTR_DRBG_BLOCKSIZE) ? MBEDTLS_CTR_DRBG_BLOCKSIZE : output_len; From 402cfba4dce9bd954be534e3d0de4460dd7ec670 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 13 Nov 2023 10:24:32 +0100 Subject: [PATCH 04/15] psa: free RNG implementation before checking for remaining open key slots Signed-off-by: Valerio Setti --- include/psa/crypto_extra.h | 9 +++++++++ library/psa_crypto.c | 24 ++++++++++++------------ tests/include/test/psa_crypto_helpers.h | 11 ++++++++--- 3 files changed, 29 insertions(+), 15 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index ef29b77db..8005dcb2f 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -193,6 +193,15 @@ psa_status_t mbedtls_psa_register_se_key( /**@}*/ +/** + * \brief PSA random deinitialization. + * + * This function frees the RNG implementation used by PSA. + * + * This is an Mbed TLS extension. + */ +void mbedtls_psa_random_free(void); + /** * \brief Library deinitialization. * diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 114994019..6caab03e1 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7327,14 +7327,16 @@ static void mbedtls_psa_random_init(mbedtls_psa_random_context_t *rng) /** Deinitialize the PSA random generator. */ -static void mbedtls_psa_random_free(mbedtls_psa_random_context_t *rng) +void mbedtls_psa_random_free(void) { + if (global_data.rng_state != RNG_NOT_INITIALIZED) { #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) - memset(rng, 0, sizeof(*rng)); + memset(&global_data.rng, 0, sizeof(global_data.rng)); #else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ - mbedtls_psa_drbg_free(MBEDTLS_PSA_RANDOM_STATE); - rng->entropy_free(&rng->entropy); + mbedtls_psa_drbg_free(MBEDTLS_PSA_RANDOM_STATE); + global_data.rng.entropy_free(&global_data.rng.entropy); #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ + } } /** Seed the PSA random generator. @@ -7661,9 +7663,7 @@ psa_status_t mbedtls_psa_crypto_configure_entropy_sources( void mbedtls_psa_crypto_free(void) { psa_wipe_all_key_slots(); - if (global_data.rng_state != RNG_NOT_INITIALIZED) { - mbedtls_psa_random_free(&global_data.rng); - } + mbedtls_psa_random_free(); /* Wipe all remaining data, including configuration. * In particular, this sets all state indicator to the value * indicating "uninitialized". */ @@ -7714,6 +7714,11 @@ psa_status_t psa_crypto_init(void) } global_data.drivers_initialized = 1; + status = psa_initialize_key_slots(); + if (status != PSA_SUCCESS) { + goto exit; + } + /* Initialize and seed the random generator. */ mbedtls_psa_random_init(&global_data.rng); global_data.rng_state = RNG_INITIALIZED; @@ -7723,11 +7728,6 @@ psa_status_t psa_crypto_init(void) } global_data.rng_state = RNG_SEEDED; - status = psa_initialize_key_slots(); - if (status != PSA_SUCCESS) { - goto exit; - } - #if defined(PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS) status = psa_crypto_load_transaction(); if (status == PSA_SUCCESS) { diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index 04b90b923..f4c49fb02 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -34,6 +34,7 @@ #define PSA_DONE() \ do \ { \ + mbedtls_psa_random_free(); \ mbedtls_test_fail_if_psa_leaking(__LINE__, __FILE__); \ mbedtls_test_psa_purge_key_storage(); \ mbedtls_psa_crypto_free(); \ @@ -125,17 +126,21 @@ const char *mbedtls_test_helper_is_psa_leaking(void); /** Shut down the PSA Crypto subsystem, allowing persistent keys to survive. * Expect a clean shutdown, with no slots in use. + * mbedtls_psa_random_free() is called before any check for remaining open + * keys because when AES_C is not defined, CTR_DRBG relies on PSA to perform + * AES-ECB so it holds an open AES key for that since psa_crypto_init(). * * If some key slots are still in use, record the test case as failed and * jump to the `exit` label. */ #define PSA_SESSION_DONE() \ - do \ - { \ + do \ + { \ + mbedtls_psa_random_free(); \ mbedtls_test_psa_purge_key_cache(); \ ASSERT_PSA_PRISTINE(); \ mbedtls_psa_crypto_free(); \ - } \ + } \ while (0) From dc32ac20fd76b76a023e0d6360659adb216526c1 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 13 Nov 2023 10:27:56 +0100 Subject: [PATCH 05/15] test_suite_[ctr_drbg/random]: initialize/close PSA in tests This commit also adds AES_PSA_[INIT/DONE] in "psa_crypto_helpers.h". Its scope is to call PSA_[INIT/DONE] only when AES_C is not defined (which is when PSA is effectively required for CTR_DRBG). Signed-off-by: Valerio Setti --- tests/include/test/psa_crypto_helpers.h | 23 +++++++++++++++++++++++ tests/suites/test_suite_ctr_drbg.function | 20 ++++++++++++++++++++ tests/suites/test_suite_random.function | 9 +++++++++ 3 files changed, 52 insertions(+) diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index f4c49fb02..cd64dc7ad 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -397,4 +397,27 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); #define MD_OR_USE_PSA_DONE() ((void) 0) #endif +/** \def AES_PSA_INIT + * + * Call this macro to initialize the PSA subsystem if AES_C is not defined, + * so that CTR_DRBG uses PSA implementation to get AES-ECB. + * + * If the initialization fails, mark the test case as failed and jump to the + * \p exit label. + */ +/** \def AES_PSA_DONE + * + * Call this macro at the end of a test case if you called #AES_PSA_INIT. + * + * This is like #PSA_DONE except it does nothing under the same conditions as + * #AES_PSA_INIT. + */ +#if defined(MBEDTLS_AES_C) +#define AES_PSA_INIT() ((void) 0) +#define AES_PSA_DONE() ((void) 0) +#else /* MBEDTLS_AES_C */ +#define AES_PSA_INIT() PSA_INIT() +#define AES_PSA_DONE() PSA_DONE() +#endif /* MBEDTLS_AES_C */ + #endif /* PSA_CRYPTO_HELPERS_H */ diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index c6896998e..066e70b35 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -137,10 +137,12 @@ void ctr_drbg_validate_no_reseed(data_t *add_init, data_t *entropy, data_t *result_string) { data_t empty = { 0, 0 }; + AES_PSA_INIT(); ctr_drbg_validate_internal(RESEED_NEVER, add_init, entropy->len, entropy, &empty, add1, add2, result_string); + AES_PSA_DONE(); goto exit; // goto is needed to avoid warning ( no test assertions in func) } /* END_CASE */ @@ -151,10 +153,12 @@ void ctr_drbg_validate_pr(data_t *add_init, data_t *entropy, data_t *result_string) { data_t empty = { 0, 0 }; + AES_PSA_INIT(); ctr_drbg_validate_internal(RESEED_ALWAYS, add_init, entropy->len / 3, entropy, &empty, add1, add2, result_string); + AES_PSA_DONE(); goto exit; // goto is needed to avoid warning ( no test assertions in func) } /* END_CASE */ @@ -164,10 +168,12 @@ void ctr_drbg_validate_reseed_between(data_t *add_init, data_t *entropy, data_t *add1, data_t *add_reseed, data_t *add2, data_t *result_string) { + AES_PSA_INIT(); ctr_drbg_validate_internal(RESEED_SECOND, add_init, entropy->len / 2, entropy, add_reseed, add1, add2, result_string); + AES_PSA_DONE(); goto exit; // goto is needed to avoid warning ( no test assertions in func) } /* END_CASE */ @@ -177,10 +183,12 @@ void ctr_drbg_validate_reseed_first(data_t *add_init, data_t *entropy, data_t *add1, data_t *add_reseed, data_t *add2, data_t *result_string) { + AES_PSA_INIT(); ctr_drbg_validate_internal(RESEED_FIRST, add_init, entropy->len / 2, entropy, add_reseed, add1, add2, result_string); + AES_PSA_DONE(); goto exit; // goto is needed to avoid warning ( no test assertions in func) } /* END_CASE */ @@ -196,6 +204,8 @@ void ctr_drbg_entropy_strength(int expected_bit_strength) size_t byte_strength = expected_bit_strength / 8; mbedtls_ctr_drbg_init(&ctx); + + AES_PSA_INIT(); test_offset_idx = 0; test_max_idx = sizeof(entropy); memset(entropy, 0, sizeof(entropy)); @@ -214,6 +224,7 @@ void ctr_drbg_entropy_strength(int expected_bit_strength) exit: mbedtls_ctr_drbg_free(&ctx); + AES_PSA_DONE(); } /* END_CASE */ @@ -228,6 +239,9 @@ void ctr_drbg_entropy_usage(int entropy_nonce_len) size_t expected_idx = 0; mbedtls_ctr_drbg_init(&ctx); + + AES_PSA_INIT(); + test_offset_idx = 0; test_max_idx = sizeof(entropy); memset(entropy, 0, sizeof(entropy)); @@ -307,6 +321,7 @@ void ctr_drbg_entropy_usage(int entropy_nonce_len) exit: mbedtls_ctr_drbg_free(&ctx); + AES_PSA_DONE(); } /* END_CASE */ @@ -317,6 +332,8 @@ void ctr_drbg_seed_file(char *path, int ret) mbedtls_ctr_drbg_init(&ctx); + AES_PSA_INIT(); + TEST_ASSERT(mbedtls_ctr_drbg_seed(&ctx, mbedtls_test_rnd_std_rand, NULL, NULL, 0) == 0); TEST_ASSERT(mbedtls_ctr_drbg_write_seed_file(&ctx, path) == ret); @@ -324,12 +341,15 @@ void ctr_drbg_seed_file(char *path, int ret) exit: mbedtls_ctr_drbg_free(&ctx); + AES_PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void ctr_drbg_selftest() { + AES_PSA_INIT(); TEST_ASSERT(mbedtls_ctr_drbg_self_test(1) == 0); + AES_PSA_DONE(); } /* END_CASE */ diff --git a/tests/suites/test_suite_random.function b/tests/suites/test_suite_random.function index 58cddb715..155b8e708 100644 --- a/tests/suites/test_suite_random.function +++ b/tests/suites/test_suite_random.function @@ -26,7 +26,12 @@ void random_twice_with_ctr_drbg() unsigned char output1[OUTPUT_SIZE]; unsigned char output2[OUTPUT_SIZE]; +#if defined(MBEDTLS_AES_C) MD_PSA_INIT(); +#else + USE_PSA_INIT(); +#endif + /* First round */ mbedtls_entropy_init(&entropy); @@ -56,7 +61,11 @@ void random_twice_with_ctr_drbg() exit: mbedtls_ctr_drbg_free(&drbg); mbedtls_entropy_free(&entropy); +#if defined(MBEDTLS_AES_C) MD_PSA_DONE(); +#else + USE_PSA_DONE(); +#endif } /* END_CASE */ From 0a903db804e45ae53888cfc4b0ac235344e6807f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 13 Nov 2023 10:29:53 +0100 Subject: [PATCH 06/15] test_suite_psa_crypto_slot_management: some fix for available key slots When AES_C is not defined, CTR_DRBG relies on PSA to get AES-ECB. This means that PSA holds an open AES key since psa_crypto_init() is called, which - reduces the maximum number of available key slots - shifts the 1st available index Signed-off-by: Valerio Setti --- ..._suite_psa_crypto_slot_management.function | 40 +++++++++---------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index b4f2d234e..2137aba22 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -90,8 +90,10 @@ static int invalidate_psa(invalidate_method_t invalidate_method) break; } - PSA_ASSERT(psa_crypto_init()); + /* When AES_C is not defined CTR_DRBG relies on PSA to get AES-ECB so it + * holds an open key once psa_crypto_init() is called. */ ASSERT_PSA_PRISTINE(); + PSA_ASSERT(psa_crypto_init()); return 1; exit: @@ -746,19 +748,12 @@ void invalid_handle(int handle_construction, * MBEDTLS_SVC_KEY_ID_GET_KEY_ID( valid_handle ) is a volatile * key identifier as the imported key is a volatile key. Volatile * key identifiers are in the range from PSA_KEY_ID_VOLATILE_MIN - * to PSA_KEY_ID_VOLATILE_MAX included. Thus pick a key identifier - * in the range from PSA_KEY_ID_VOLATILE_MIN to - * PSA_KEY_ID_VOLATILE_MAX different from - * MBEDTLS_SVC_KEY_ID_GET_KEY_ID( valid_handle ) to build an - * unopened and thus invalid identifier. + * to PSA_KEY_ID_VOLATILE_MAX included. It is very unlikely that + * all IDs are used up to the last one, so pick + * PSA_KEY_ID_VOLATILE_MAX to build an unopened and thus invalid + * identifier. */ - - if (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(valid_handle) == - PSA_KEY_ID_VOLATILE_MIN) { - key_id = PSA_KEY_ID_VOLATILE_MIN + 1; - } else { - key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID(valid_handle) - 1; - } + key_id = PSA_KEY_ID_VOLATILE_MAX; invalid_handle = mbedtls_svc_key_id_make(0, key_id); @@ -938,11 +933,16 @@ void non_reusable_key_slots_integrity_in_case_of_key_slot_starvation() mbedtls_svc_key_id_t persistent_key2 = MBEDTLS_SVC_KEY_ID_INIT; mbedtls_svc_key_id_t returned_key_id = MBEDTLS_SVC_KEY_ID_INIT; mbedtls_svc_key_id_t *keys = NULL; + mbedtls_psa_stats_t psa_key_slots_stats; + size_t available_key_slots = 0; TEST_ASSERT(MBEDTLS_PSA_KEY_SLOT_COUNT >= 1); - TEST_CALLOC(keys, MBEDTLS_PSA_KEY_SLOT_COUNT); PSA_ASSERT(psa_crypto_init()); + mbedtls_psa_get_stats(&psa_key_slots_stats); + available_key_slots = psa_key_slots_stats.empty_slots; + + TEST_CALLOC(keys, available_key_slots); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY); @@ -961,10 +961,10 @@ void non_reusable_key_slots_integrity_in_case_of_key_slot_starvation() TEST_ASSERT(mbedtls_svc_key_id_equal(returned_key_id, persistent_key)); /* - * Create MBEDTLS_PSA_KEY_SLOT_COUNT volatile keys + * Create the maximum available number of volatile keys */ psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_VOLATILE); - for (i = 0; i < MBEDTLS_PSA_KEY_SLOT_COUNT; i++) { + for (i = 0; i < available_key_slots; i++) { PSA_ASSERT(psa_import_key(&attributes, (uint8_t *) &i, sizeof(i), &keys[i])); @@ -983,12 +983,12 @@ void non_reusable_key_slots_integrity_in_case_of_key_slot_starvation() * Check we can export the volatile key created last and that it has the * expected value. Then, destroy it. */ - PSA_ASSERT(psa_export_key(keys[MBEDTLS_PSA_KEY_SLOT_COUNT - 1], + PSA_ASSERT(psa_export_key(keys[available_key_slots - 1], exported, sizeof(exported), &exported_length)); - i = MBEDTLS_PSA_KEY_SLOT_COUNT - 1; + i = available_key_slots - 1; TEST_MEMORY_COMPARE(exported, exported_length, (uint8_t *) &i, sizeof(i)); - PSA_ASSERT(psa_destroy_key(keys[MBEDTLS_PSA_KEY_SLOT_COUNT - 1])); + PSA_ASSERT(psa_destroy_key(keys[available_key_slots - 1])); /* * Check that we can now access the persistent key again. @@ -1011,7 +1011,7 @@ void non_reusable_key_slots_integrity_in_case_of_key_slot_starvation() * Check we can export the remaining volatile keys and that they have the * expected values. */ - for (i = 0; i < (MBEDTLS_PSA_KEY_SLOT_COUNT - 1); i++) { + for (i = 0; i < (available_key_slots - 1); i++) { PSA_ASSERT(psa_export_key(keys[i], exported, sizeof(exported), &exported_length)); From 6ef82ae39dd6dac197447a53a39dd3def527446a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 13 Nov 2023 10:32:34 +0100 Subject: [PATCH 07/15] test_suite_psa_crypto_driver_wrappers: improving driver access counters When AES_C is not defined CTR_DRBG relies on PSA to get AES-ECB. This means that, when AES-ECB is accelerated, each random operation goes through driver access as well. This might result in unexpectedly increased counters for driver's access. We add extra counters in test_driver_[cipher/key_management].c to be more specific on which driver functions are accessed and ignore extra accesses due to CTR_DRBG. Signed-off-by: Valerio Setti --- tests/include/test/drivers/cipher.h | 3 +- tests/include/test/drivers/key_management.h | 4 +- tests/src/drivers/test_driver_cipher.c | 1 + .../src/drivers/test_driver_key_management.c | 1 + ..._suite_psa_crypto_driver_wrappers.function | 37 ++++++++++++++++--- 5 files changed, 38 insertions(+), 8 deletions(-) diff --git a/tests/include/test/drivers/cipher.h b/tests/include/test/drivers/cipher.h index 950a17440..2e299da72 100644 --- a/tests/include/test/drivers/cipher.h +++ b/tests/include/test/drivers/cipher.h @@ -25,9 +25,10 @@ typedef struct { psa_status_t forced_status; /* Count the amount of times one of the cipher driver functions is called. */ unsigned long hits; + unsigned long cipher_encrypt_hits; } mbedtls_test_driver_cipher_hooks_t; -#define MBEDTLS_TEST_DRIVER_CIPHER_INIT { NULL, 0, PSA_SUCCESS, 0 } +#define MBEDTLS_TEST_DRIVER_CIPHER_INIT { NULL, 0, PSA_SUCCESS, 0, 0 } static inline mbedtls_test_driver_cipher_hooks_t mbedtls_test_driver_cipher_hooks_init(void) { diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h index 9e2c89885..24ecbc3c5 100644 --- a/tests/include/test/drivers/key_management.h +++ b/tests/include/test/drivers/key_management.h @@ -26,6 +26,8 @@ typedef struct { /* Count the amount of times one of the key management driver functions * is called. */ unsigned long hits; + /* Subset of hits which only counts key operations with EC key */ + unsigned long export_public_key_hits; /* Location of the last key management driver called to import a key. */ psa_key_location_t location; } mbedtls_test_driver_key_management_hooks_t; @@ -34,7 +36,7 @@ typedef struct { * sense that no PSA specification will assign a meaning to this location * (stated first in version 1.0.1 of the specification) and that it is not * used as a location of an opaque test drivers. */ -#define MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT { NULL, 0, PSA_SUCCESS, 0, 0x800000 } +#define MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT { NULL, 0, PSA_SUCCESS, 0, 0, 0x800000 } static inline mbedtls_test_driver_key_management_hooks_t mbedtls_test_driver_key_management_hooks_init(void) { diff --git a/tests/src/drivers/test_driver_cipher.c b/tests/src/drivers/test_driver_cipher.c index 678d8d5d6..324590c0a 100644 --- a/tests/src/drivers/test_driver_cipher.c +++ b/tests/src/drivers/test_driver_cipher.c @@ -41,6 +41,7 @@ psa_status_t mbedtls_test_transparent_cipher_encrypt( size_t *output_length) { mbedtls_test_driver_cipher_hooks.hits++; + mbedtls_test_driver_cipher_hooks.cipher_encrypt_hits++; if (mbedtls_test_driver_cipher_hooks.forced_output != NULL) { if (output_size < mbedtls_test_driver_cipher_hooks.forced_output_length) { diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c index 6442f2231..f73ae97f6 100644 --- a/tests/src/drivers/test_driver_key_management.c +++ b/tests/src/drivers/test_driver_key_management.c @@ -529,6 +529,7 @@ psa_status_t mbedtls_test_transparent_export_public_key( uint8_t *data, size_t data_size, size_t *data_length) { ++mbedtls_test_driver_key_management_hooks.hits; + ++mbedtls_test_driver_key_management_hooks.export_public_key_hits; if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) { return mbedtls_test_driver_key_management_hooks.forced_status; diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 1d96f72ac..7a41fc2f9 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -845,10 +845,10 @@ void validate_key(int force_status_arg, psa_set_key_bits(&attributes, 0); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT); - mbedtls_test_driver_key_management_hooks.forced_status = force_status; - PSA_ASSERT(psa_crypto_init()); + mbedtls_test_driver_key_management_hooks.hits = 0; + mbedtls_test_driver_key_management_hooks.forced_status = force_status; actual_status = psa_import_key(&attributes, key_input->x, key_input->len, &key); TEST_EQUAL(mbedtls_test_driver_key_management_hooks.hits, 1); TEST_EQUAL(actual_status, expected_status); @@ -906,6 +906,7 @@ void export_key(int force_status_arg, } mbedtls_test_driver_key_management_hooks.hits = 0; + mbedtls_test_driver_key_management_hooks.export_public_key_hits = 0; mbedtls_test_driver_key_management_hooks.forced_status = force_status; if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(output_key_type)) { @@ -923,7 +924,7 @@ void export_key(int force_status_arg, if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(output_key_type) && !PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(input_key_type)) { - TEST_EQUAL(mbedtls_test_driver_key_management_hooks.hits, 1); + TEST_EQUAL(mbedtls_test_driver_key_management_hooks.export_public_key_hits, 1); } if (actual_status == PSA_SUCCESS) { @@ -1059,9 +1060,11 @@ void cipher_encrypt_validation(int alg_arg, PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, &key)); + mbedtls_test_driver_cipher_hooks.hits = 0; + mbedtls_test_driver_cipher_hooks.cipher_encrypt_hits = 0; PSA_ASSERT(psa_cipher_encrypt(key, alg, input->x, input->len, output1, output1_buffer_size, &output1_length)); - TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); + TEST_EQUAL(mbedtls_test_driver_cipher_hooks.cipher_encrypt_hits, 1); mbedtls_test_driver_cipher_hooks.hits = 0; PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg)); @@ -1161,6 +1164,7 @@ void cipher_encrypt_multipart(int alg_arg, PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, &key)); + mbedtls_test_driver_cipher_hooks.hits = 0; PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg)); TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); mbedtls_test_driver_cipher_hooks.hits = 0; @@ -1289,6 +1293,7 @@ void cipher_decrypt_multipart(int alg_arg, PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, &key)); + mbedtls_test_driver_cipher_hooks.hits = 0; PSA_ASSERT(psa_cipher_decrypt_setup(&operation, key, alg)); TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); mbedtls_test_driver_cipher_hooks.hits = 0; @@ -1414,6 +1419,7 @@ void cipher_decrypt(int alg_arg, mbedtls_test_driver_cipher_hooks.forced_output_length = expected_output->len; } + mbedtls_test_driver_cipher_hooks.hits = 0; status = psa_cipher_decrypt(key, alg, input, input_buffer_size, output, output_buffer_size, &output_length); TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); @@ -1468,10 +1474,12 @@ void cipher_entry_points(int alg_arg, int key_type_arg, * First test that if we don't force a driver error, encryption is * successful, then force driver error. */ + mbedtls_test_driver_cipher_hooks.hits = 0; + mbedtls_test_driver_cipher_hooks.cipher_encrypt_hits = 0; status = psa_cipher_encrypt( key, alg, input->x, input->len, output, output_buffer_size, &function_output_length); - TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); + TEST_EQUAL(mbedtls_test_driver_cipher_hooks.cipher_encrypt_hits, 1); TEST_EQUAL(status, PSA_SUCCESS); mbedtls_test_driver_cipher_hooks.hits = 0; @@ -1481,10 +1489,19 @@ void cipher_entry_points(int alg_arg, int key_type_arg, output[i] = 0xa5; } + mbedtls_test_driver_cipher_hooks.cipher_encrypt_hits = 0; status = psa_cipher_encrypt( key, alg, input->x, input->len, output, output_buffer_size, &function_output_length); - TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); +#if defined(MBEDTLS_AES_C) + TEST_EQUAL(mbedtls_test_driver_cipher_hooks.cipher_encrypt_hits, 1); +#else + /* The call to psa_cipher_encrypt() is intentionally supposed to fail on the + * 1st access to the driver since "forced_status" is set. However this + * initial access happens in psa_cipher_update() (random number generation + * for IV) so psa_cipher_encrypt() never gets called. */ + TEST_EQUAL(mbedtls_test_driver_cipher_hooks.cipher_encrypt_hits, 0); +#endif TEST_EQUAL(status, PSA_ERROR_GENERIC_ERROR); /* * Check that the output buffer is still in the same state. @@ -1554,7 +1571,15 @@ void cipher_entry_points(int alg_arg, int key_type_arg, status = psa_cipher_generate_iv(&operation, output, 16, &function_output_length); /* When generating the IV fails, it should call abort too */ +#if defined(MBEDTLS_AES_C) TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 2); +#else + /* Previously failed call to psa_cipher_encrypt() above caused PSA to abort + * the cipher operation related to RNG. Therefore this call to + * psa_cipher_generate_iv() will failed due to unitialized RNG. Only the + * last driver call to psa_cipher_abort() remains. */ + TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); +#endif TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); /* * Check that the output buffer is still in the same state. From 45337a88954105374118d8d21f8742871169e4d6 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 23 Nov 2023 14:35:02 +0100 Subject: [PATCH 08/15] test_suite_psa_crypto_driver_wrappers: add counter for cipher_update() Signed-off-by: Valerio Setti --- tests/include/test/drivers/cipher.h | 3 ++- tests/src/drivers/test_driver_cipher.c | 1 + tests/suites/test_suite_psa_crypto_driver_wrappers.function | 4 ++-- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/tests/include/test/drivers/cipher.h b/tests/include/test/drivers/cipher.h index 2e299da72..71682303c 100644 --- a/tests/include/test/drivers/cipher.h +++ b/tests/include/test/drivers/cipher.h @@ -26,9 +26,10 @@ typedef struct { /* Count the amount of times one of the cipher driver functions is called. */ unsigned long hits; unsigned long cipher_encrypt_hits; + unsigned long cipher_update_hits; } mbedtls_test_driver_cipher_hooks_t; -#define MBEDTLS_TEST_DRIVER_CIPHER_INIT { NULL, 0, PSA_SUCCESS, 0, 0 } +#define MBEDTLS_TEST_DRIVER_CIPHER_INIT { NULL, 0, PSA_SUCCESS, 0, 0, 0 } static inline mbedtls_test_driver_cipher_hooks_t mbedtls_test_driver_cipher_hooks_init(void) { diff --git a/tests/src/drivers/test_driver_cipher.c b/tests/src/drivers/test_driver_cipher.c index 324590c0a..76ccdcffb 100644 --- a/tests/src/drivers/test_driver_cipher.c +++ b/tests/src/drivers/test_driver_cipher.c @@ -234,6 +234,7 @@ psa_status_t mbedtls_test_transparent_cipher_update( size_t *output_length) { mbedtls_test_driver_cipher_hooks.hits++; + mbedtls_test_driver_cipher_hooks.cipher_update_hits++; if (mbedtls_test_driver_cipher_hooks.forced_output != NULL) { if (output_size < mbedtls_test_driver_cipher_hooks.forced_output_length) { diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 7a41fc2f9..4fbc5e4b9 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -1489,7 +1489,7 @@ void cipher_entry_points(int alg_arg, int key_type_arg, output[i] = 0xa5; } - mbedtls_test_driver_cipher_hooks.cipher_encrypt_hits = 0; + mbedtls_test_driver_cipher_hooks.cipher_update_hits = 0; status = psa_cipher_encrypt( key, alg, input->x, input->len, output, output_buffer_size, &function_output_length); @@ -1500,7 +1500,7 @@ void cipher_entry_points(int alg_arg, int key_type_arg, * 1st access to the driver since "forced_status" is set. However this * initial access happens in psa_cipher_update() (random number generation * for IV) so psa_cipher_encrypt() never gets called. */ - TEST_EQUAL(mbedtls_test_driver_cipher_hooks.cipher_encrypt_hits, 0); + TEST_EQUAL(mbedtls_test_driver_cipher_hooks.cipher_update_hits, 1); #endif TEST_EQUAL(status, PSA_ERROR_GENERIC_ERROR); /* From 7ab90723c4f85082bcd1dd6ca5ba576c9ff4e189 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 23 Nov 2023 16:29:51 +0100 Subject: [PATCH 09/15] mbedtls_config: update descriptions of MBEDTLS_CTR_DRBG_C and MBEDTLS_PSA_CRYPTO_C Signed-off-by: Valerio Setti --- include/mbedtls/mbedtls_config.h | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 96a3e437d..758a51424 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -2607,6 +2607,13 @@ * The CTR_DRBG generator uses AES-256 by default. * To use AES-128 instead, enable \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY above. * + * AES support can either be achived through builtin (MBEDTLS_AES_C) or PSA. + * Builtin is the default option when MBEDTLS_AES_C is defined otherwise PSA + * is used. + * + * \warning When using PSA, the user should call `psa_crypto_init()` before + * using any CTR_DRBG operation (except `mbedtls_ctr_drbg_init()`). + * * \note AES-128 will be used if \c MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH is set. * * \note To achieve a 256-bit security strength with CTR_DRBG, @@ -2616,7 +2623,9 @@ * Module: library/ctr_drbg.c * Caller: * - * Requires: MBEDTLS_AES_C + * Requires: MBEDTLS_AES_C or + * (PSA_WANT_KEY_TYPE_AES and PSA_WANT_ALG_ECB_NO_PADDING and + * MBEDTLS_PSA_CRYPTO_C) * * This module provides the CTR_DRBG AES random number generator. */ @@ -3155,8 +3164,7 @@ * * Module: library/psa_crypto.c * - * Requires: MBEDTLS_CIPHER_C, - * either MBEDTLS_CTR_DRBG_C and MBEDTLS_ENTROPY_C, + * Requires: either MBEDTLS_CTR_DRBG_C and MBEDTLS_ENTROPY_C, * or MBEDTLS_HMAC_DRBG_C and MBEDTLS_ENTROPY_C, * or MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG. * From 7448367f68bba55da8ff2920cd5aec3584b8dfd9 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 24 Nov 2023 08:36:12 +0100 Subject: [PATCH 10/15] test_suite_psa_crypto_slot_management: modify check on open key slots This commit - Reverts changes previously done to psa_crypto_helpers.[c,h] - Implements a new check for open key slots in mbedtls_test_helper_is_psa_leaking(): - when CTR_DRBG does not use AES_C or PSA does not have an external RNG, then we allow 1 key slot (it's the one holding the AES key) - when the above conditions are not met, then we fallback to the usual check for "no open key slots remaining" Signed-off-by: Valerio Setti --- tests/include/test/psa_crypto_helpers.h | 11 +++-------- tests/src/psa_crypto_helpers.c | 11 +++++++++++ .../test_suite_psa_crypto_slot_management.function | 6 +++--- 3 files changed, 17 insertions(+), 11 deletions(-) diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index cd64dc7ad..0b8c22194 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -34,7 +34,6 @@ #define PSA_DONE() \ do \ { \ - mbedtls_psa_random_free(); \ mbedtls_test_fail_if_psa_leaking(__LINE__, __FILE__); \ mbedtls_test_psa_purge_key_storage(); \ mbedtls_psa_crypto_free(); \ @@ -126,21 +125,17 @@ const char *mbedtls_test_helper_is_psa_leaking(void); /** Shut down the PSA Crypto subsystem, allowing persistent keys to survive. * Expect a clean shutdown, with no slots in use. - * mbedtls_psa_random_free() is called before any check for remaining open - * keys because when AES_C is not defined, CTR_DRBG relies on PSA to perform - * AES-ECB so it holds an open AES key for that since psa_crypto_init(). * * If some key slots are still in use, record the test case as failed and * jump to the `exit` label. */ #define PSA_SESSION_DONE() \ - do \ - { \ - mbedtls_psa_random_free(); \ + do \ + { \ mbedtls_test_psa_purge_key_cache(); \ ASSERT_PSA_PRISTINE(); \ mbedtls_psa_crypto_free(); \ - } \ + } \ while (0) diff --git a/tests/src/psa_crypto_helpers.c b/tests/src/psa_crypto_helpers.c index d59a8f872..e1ea2b5c8 100644 --- a/tests/src/psa_crypto_helpers.c +++ b/tests/src/psa_crypto_helpers.c @@ -70,9 +70,20 @@ const char *mbedtls_test_helper_is_psa_leaking(void) mbedtls_psa_get_stats(&stats); +#if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C) && \ + !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) + /* When AES_C is not defined and PSA does not have an external RNG, + * then CTR_DRBG uses PSA to perform AES-ECB. In this scenario 1 key + * slot is used internally from PSA to hold the AES key and it should + * not be taken into account when evaluating remaining open slots. */ + if (stats.volatile_slots > 1) { + return "A volatile slot has not been closed properly."; + } +#else if (stats.volatile_slots != 0) { return "A volatile slot has not been closed properly."; } +#endif if (stats.persistent_slots != 0) { return "A persistent slot has not been closed properly."; } diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index 2137aba22..cc530e22c 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -90,10 +90,10 @@ static int invalidate_psa(invalidate_method_t invalidate_method) break; } - /* When AES_C is not defined CTR_DRBG relies on PSA to get AES-ECB so it - * holds an open key once psa_crypto_init() is called. */ - ASSERT_PSA_PRISTINE(); PSA_ASSERT(psa_crypto_init()); + + ASSERT_PSA_PRISTINE(); + return 1; exit: From 0ca1868fcdc582ba0c89adc747d855af089342e4 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 24 Nov 2023 12:10:23 +0100 Subject: [PATCH 11/15] test_suite_psa_crypto_driver_wrappers: fix missing hit counter reset before test Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto_driver_wrappers.function | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 4fbc5e4b9..43465527f 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -1490,6 +1490,7 @@ void cipher_entry_points(int alg_arg, int key_type_arg, } mbedtls_test_driver_cipher_hooks.cipher_update_hits = 0; + mbedtls_test_driver_cipher_hooks.cipher_encrypt_hits = 0; status = psa_cipher_encrypt( key, alg, input->x, input->len, output, output_buffer_size, &function_output_length); From 83e0de84815b3fc3e6012719b52e24548545ac3a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 24 Nov 2023 12:13:05 +0100 Subject: [PATCH 12/15] crypto_extra: revert changes to mbedtls_psa_random_free() Signed-off-by: Valerio Setti --- include/psa/crypto_extra.h | 9 --------- library/psa_crypto.c | 14 +++++++------- .../test_suite_psa_crypto_slot_management.function | 2 -- 3 files changed, 7 insertions(+), 18 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 8005dcb2f..ef29b77db 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -193,15 +193,6 @@ psa_status_t mbedtls_psa_register_se_key( /**@}*/ -/** - * \brief PSA random deinitialization. - * - * This function frees the RNG implementation used by PSA. - * - * This is an Mbed TLS extension. - */ -void mbedtls_psa_random_free(void); - /** * \brief Library deinitialization. * diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 6caab03e1..c90119fe4 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7327,16 +7327,14 @@ static void mbedtls_psa_random_init(mbedtls_psa_random_context_t *rng) /** Deinitialize the PSA random generator. */ -void mbedtls_psa_random_free(void) +static void mbedtls_psa_random_free(mbedtls_psa_random_context_t *rng) { - if (global_data.rng_state != RNG_NOT_INITIALIZED) { #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) - memset(&global_data.rng, 0, sizeof(global_data.rng)); + memset(rng, 0, sizeof(*rng)); #else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ - mbedtls_psa_drbg_free(MBEDTLS_PSA_RANDOM_STATE); - global_data.rng.entropy_free(&global_data.rng.entropy); + mbedtls_psa_drbg_free(MBEDTLS_PSA_RANDOM_STATE); + rng->entropy_free(&rng->entropy); #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ - } } /** Seed the PSA random generator. @@ -7663,7 +7661,9 @@ psa_status_t mbedtls_psa_crypto_configure_entropy_sources( void mbedtls_psa_crypto_free(void) { psa_wipe_all_key_slots(); - mbedtls_psa_random_free(); + if (global_data.rng_state != RNG_NOT_INITIALIZED) { + mbedtls_psa_random_free(&global_data.rng); + } /* Wipe all remaining data, including configuration. * In particular, this sets all state indicator to the value * indicating "uninitialized". */ diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index cc530e22c..8564d352a 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -91,9 +91,7 @@ static int invalidate_psa(invalidate_method_t invalidate_method) } PSA_ASSERT(psa_crypto_init()); - ASSERT_PSA_PRISTINE(); - return 1; exit: From 7ef35a9b3cb81e9de6c652961e69a79e88791e05 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 24 Nov 2023 12:51:42 +0100 Subject: [PATCH 13/15] test_suite_psa_crypto_driver_wrappers: add counter for failing psa_cipher_update() Signed-off-by: Valerio Setti --- tests/include/test/drivers/cipher.h | 2 +- tests/src/drivers/test_driver_cipher.c | 2 +- tests/suites/test_suite_psa_crypto_driver_wrappers.function | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/include/test/drivers/cipher.h b/tests/include/test/drivers/cipher.h index 71682303c..67047afac 100644 --- a/tests/include/test/drivers/cipher.h +++ b/tests/include/test/drivers/cipher.h @@ -26,7 +26,7 @@ typedef struct { /* Count the amount of times one of the cipher driver functions is called. */ unsigned long hits; unsigned long cipher_encrypt_hits; - unsigned long cipher_update_hits; + unsigned long cipher_update_forced_status_hits; } mbedtls_test_driver_cipher_hooks_t; #define MBEDTLS_TEST_DRIVER_CIPHER_INIT { NULL, 0, PSA_SUCCESS, 0, 0, 0 } diff --git a/tests/src/drivers/test_driver_cipher.c b/tests/src/drivers/test_driver_cipher.c index 76ccdcffb..b9da5d244 100644 --- a/tests/src/drivers/test_driver_cipher.c +++ b/tests/src/drivers/test_driver_cipher.c @@ -234,7 +234,6 @@ psa_status_t mbedtls_test_transparent_cipher_update( size_t *output_length) { mbedtls_test_driver_cipher_hooks.hits++; - mbedtls_test_driver_cipher_hooks.cipher_update_hits++; if (mbedtls_test_driver_cipher_hooks.forced_output != NULL) { if (output_size < mbedtls_test_driver_cipher_hooks.forced_output_length) { @@ -250,6 +249,7 @@ psa_status_t mbedtls_test_transparent_cipher_update( } if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) { + ++mbedtls_test_driver_cipher_hooks.cipher_update_forced_status_hits; return mbedtls_test_driver_cipher_hooks.forced_status; } diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 43465527f..309b395c5 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -1489,7 +1489,7 @@ void cipher_entry_points(int alg_arg, int key_type_arg, output[i] = 0xa5; } - mbedtls_test_driver_cipher_hooks.cipher_update_hits = 0; + mbedtls_test_driver_cipher_hooks.cipher_update_forced_status_hits = 0; mbedtls_test_driver_cipher_hooks.cipher_encrypt_hits = 0; status = psa_cipher_encrypt( key, alg, input->x, input->len, @@ -1501,7 +1501,7 @@ void cipher_entry_points(int alg_arg, int key_type_arg, * 1st access to the driver since "forced_status" is set. However this * initial access happens in psa_cipher_update() (random number generation * for IV) so psa_cipher_encrypt() never gets called. */ - TEST_EQUAL(mbedtls_test_driver_cipher_hooks.cipher_update_hits, 1); + TEST_EQUAL(mbedtls_test_driver_cipher_hooks.cipher_update_forced_status_hits, 1); #endif TEST_EQUAL(status, PSA_ERROR_GENERIC_ERROR); /* From 829ce0facffb6d5a21708fc247fdd9750fba3816 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 27 Nov 2023 12:27:46 +0100 Subject: [PATCH 14/15] test_driver_cipher: add forced return status for encrypt and set_iv Signed-off-by: Valerio Setti --- tests/include/test/drivers/cipher.h | 10 +++-- tests/src/drivers/test_driver_cipher.c | 10 ++++- ..._suite_psa_crypto_driver_wrappers.function | 40 ++++++------------- 3 files changed, 27 insertions(+), 33 deletions(-) diff --git a/tests/include/test/drivers/cipher.h b/tests/include/test/drivers/cipher.h index 67047afac..2fe47e4d7 100644 --- a/tests/include/test/drivers/cipher.h +++ b/tests/include/test/drivers/cipher.h @@ -23,13 +23,17 @@ typedef struct { /* If not PSA_SUCCESS, return this error code instead of processing the * function call. */ psa_status_t forced_status; + psa_status_t forced_status_encrypt; + psa_status_t forced_status_set_iv; /* Count the amount of times one of the cipher driver functions is called. */ unsigned long hits; - unsigned long cipher_encrypt_hits; - unsigned long cipher_update_forced_status_hits; + unsigned long hits_encrypt; + unsigned long hits_set_iv; } mbedtls_test_driver_cipher_hooks_t; -#define MBEDTLS_TEST_DRIVER_CIPHER_INIT { NULL, 0, PSA_SUCCESS, 0, 0, 0 } +#define MBEDTLS_TEST_DRIVER_CIPHER_INIT { NULL, 0, \ + PSA_SUCCESS, PSA_SUCCESS, PSA_SUCCESS, \ + 0, 0, 0 } static inline mbedtls_test_driver_cipher_hooks_t mbedtls_test_driver_cipher_hooks_init(void) { diff --git a/tests/src/drivers/test_driver_cipher.c b/tests/src/drivers/test_driver_cipher.c index b9da5d244..2bc751a8a 100644 --- a/tests/src/drivers/test_driver_cipher.c +++ b/tests/src/drivers/test_driver_cipher.c @@ -41,7 +41,7 @@ psa_status_t mbedtls_test_transparent_cipher_encrypt( size_t *output_length) { mbedtls_test_driver_cipher_hooks.hits++; - mbedtls_test_driver_cipher_hooks.cipher_encrypt_hits++; + mbedtls_test_driver_cipher_hooks.hits_encrypt++; if (mbedtls_test_driver_cipher_hooks.forced_output != NULL) { if (output_size < mbedtls_test_driver_cipher_hooks.forced_output_length) { @@ -59,6 +59,9 @@ psa_status_t mbedtls_test_transparent_cipher_encrypt( if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) { return mbedtls_test_driver_cipher_hooks.forced_status; } + if (mbedtls_test_driver_cipher_hooks.forced_status_encrypt != PSA_SUCCESS) { + return mbedtls_test_driver_cipher_hooks.forced_status_encrypt; + } #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) @@ -209,10 +212,14 @@ psa_status_t mbedtls_test_transparent_cipher_set_iv( size_t iv_length) { mbedtls_test_driver_cipher_hooks.hits++; + mbedtls_test_driver_cipher_hooks.hits_set_iv++; if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) { return mbedtls_test_driver_cipher_hooks.forced_status; } + if (mbedtls_test_driver_cipher_hooks.forced_status_set_iv != PSA_SUCCESS) { + return mbedtls_test_driver_cipher_hooks.forced_status_set_iv; + } #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) @@ -249,7 +256,6 @@ psa_status_t mbedtls_test_transparent_cipher_update( } if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) { - ++mbedtls_test_driver_cipher_hooks.cipher_update_forced_status_hits; return mbedtls_test_driver_cipher_hooks.forced_status; } diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 309b395c5..ff449acf4 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -1061,10 +1061,10 @@ void cipher_encrypt_validation(int alg_arg, &key)); mbedtls_test_driver_cipher_hooks.hits = 0; - mbedtls_test_driver_cipher_hooks.cipher_encrypt_hits = 0; + mbedtls_test_driver_cipher_hooks.hits_encrypt = 0; PSA_ASSERT(psa_cipher_encrypt(key, alg, input->x, input->len, output1, output1_buffer_size, &output1_length)); - TEST_EQUAL(mbedtls_test_driver_cipher_hooks.cipher_encrypt_hits, 1); + TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits_encrypt, 1); mbedtls_test_driver_cipher_hooks.hits = 0; PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg)); @@ -1475,34 +1475,25 @@ void cipher_entry_points(int alg_arg, int key_type_arg, * successful, then force driver error. */ mbedtls_test_driver_cipher_hooks.hits = 0; - mbedtls_test_driver_cipher_hooks.cipher_encrypt_hits = 0; + mbedtls_test_driver_cipher_hooks.hits_encrypt = 0; status = psa_cipher_encrypt( key, alg, input->x, input->len, output, output_buffer_size, &function_output_length); - TEST_EQUAL(mbedtls_test_driver_cipher_hooks.cipher_encrypt_hits, 1); + TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits_encrypt, 1); TEST_EQUAL(status, PSA_SUCCESS); mbedtls_test_driver_cipher_hooks.hits = 0; - mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; + mbedtls_test_driver_cipher_hooks.forced_status_encrypt = PSA_ERROR_GENERIC_ERROR; /* Set the output buffer in a given state. */ for (size_t i = 0; i < output_buffer_size; i++) { output[i] = 0xa5; } - mbedtls_test_driver_cipher_hooks.cipher_update_forced_status_hits = 0; - mbedtls_test_driver_cipher_hooks.cipher_encrypt_hits = 0; + mbedtls_test_driver_cipher_hooks.hits_encrypt = 0; status = psa_cipher_encrypt( key, alg, input->x, input->len, output, output_buffer_size, &function_output_length); -#if defined(MBEDTLS_AES_C) - TEST_EQUAL(mbedtls_test_driver_cipher_hooks.cipher_encrypt_hits, 1); -#else - /* The call to psa_cipher_encrypt() is intentionally supposed to fail on the - * 1st access to the driver since "forced_status" is set. However this - * initial access happens in psa_cipher_update() (random number generation - * for IV) so psa_cipher_encrypt() never gets called. */ - TEST_EQUAL(mbedtls_test_driver_cipher_hooks.cipher_update_forced_status_hits, 1); -#endif + TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits_encrypt, 1); TEST_EQUAL(status, PSA_ERROR_GENERIC_ERROR); /* * Check that the output buffer is still in the same state. @@ -1563,25 +1554,18 @@ void cipher_entry_points(int alg_arg, int key_type_arg, TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); mbedtls_test_driver_cipher_hooks.hits = 0; + mbedtls_test_driver_cipher_hooks.hits_set_iv = 0; - mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; + mbedtls_test_driver_cipher_hooks.forced_status_set_iv = PSA_ERROR_GENERIC_ERROR; /* Set the output buffer in a given state. */ for (size_t i = 0; i < 16; i++) { output[i] = 0xa5; } status = psa_cipher_generate_iv(&operation, output, 16, &function_output_length); - /* When generating the IV fails, it should call abort too */ -#if defined(MBEDTLS_AES_C) - TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 2); -#else - /* Previously failed call to psa_cipher_encrypt() above caused PSA to abort - * the cipher operation related to RNG. Therefore this call to - * psa_cipher_generate_iv() will failed due to unitialized RNG. Only the - * last driver call to psa_cipher_abort() remains. */ - TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); -#endif - TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); + TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits_set_iv, 1); + TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status_set_iv); + mbedtls_test_driver_cipher_hooks.forced_status_set_iv = PSA_SUCCESS; /* * Check that the output buffer is still in the same state. * This will fail if the output buffer is used by the core to pass the IV From 302a487499d049ad8fce868a85ea93bddc078f2e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 4 Dec 2023 10:27:00 +0100 Subject: [PATCH 15/15] test_driver_key_management: rename counter for export_public_key() hits Signed-off-by: Valerio Setti --- tests/include/test/drivers/key_management.h | 2 +- tests/src/drivers/test_driver_key_management.c | 2 +- tests/suites/test_suite_psa_crypto_driver_wrappers.function | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h index 24ecbc3c5..526adbb91 100644 --- a/tests/include/test/drivers/key_management.h +++ b/tests/include/test/drivers/key_management.h @@ -27,7 +27,7 @@ typedef struct { * is called. */ unsigned long hits; /* Subset of hits which only counts key operations with EC key */ - unsigned long export_public_key_hits; + unsigned long hits_export_public_key; /* Location of the last key management driver called to import a key. */ psa_key_location_t location; } mbedtls_test_driver_key_management_hooks_t; diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c index f73ae97f6..d522ebfe8 100644 --- a/tests/src/drivers/test_driver_key_management.c +++ b/tests/src/drivers/test_driver_key_management.c @@ -529,7 +529,7 @@ psa_status_t mbedtls_test_transparent_export_public_key( uint8_t *data, size_t data_size, size_t *data_length) { ++mbedtls_test_driver_key_management_hooks.hits; - ++mbedtls_test_driver_key_management_hooks.export_public_key_hits; + ++mbedtls_test_driver_key_management_hooks.hits_export_public_key; if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) { return mbedtls_test_driver_key_management_hooks.forced_status; diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index ff449acf4..032fa478f 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -906,7 +906,7 @@ void export_key(int force_status_arg, } mbedtls_test_driver_key_management_hooks.hits = 0; - mbedtls_test_driver_key_management_hooks.export_public_key_hits = 0; + mbedtls_test_driver_key_management_hooks.hits_export_public_key = 0; mbedtls_test_driver_key_management_hooks.forced_status = force_status; if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(output_key_type)) { @@ -924,7 +924,7 @@ void export_key(int force_status_arg, if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(output_key_type) && !PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(input_key_type)) { - TEST_EQUAL(mbedtls_test_driver_key_management_hooks.export_public_key_hits, 1); + TEST_EQUAL(mbedtls_test_driver_key_management_hooks.hits_export_public_key, 1); } if (actual_status == PSA_SUCCESS) {