From bdc7b8bb6ac3afb96953dec92a01abc2706972e6 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 20 Sep 2022 18:31:30 +0200
Subject: [PATCH] Allow test assertions on constant-flow scalar data

When testing a function that is supposed to be constant-flow, we declare the
inputs as constant-flow secrets with TEST_CF_SECRET. The result of such a
function is itself a constant-flow secret, so it can't be tested with
comparison operators.

In TEST_EQUAL, TEST_LE_U and TEST_LE_S, declare the values to be compared as
public. This way, test code doesn't need to explicitly declare results as
public if they're only used by one of these macros.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/src/helpers.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/tests/src/helpers.c b/tests/src/helpers.c
index 4f976a27b..673a8412b 100644
--- a/tests/src/helpers.c
+++ b/tests/src/helpers.c
@@ -15,6 +15,7 @@
  *  limitations under the License.
  */
 
+#include <test/constant_flow.h>
 #include <test/helpers.h>
 #include <test/macros.h>
 #include <string.h>
@@ -102,8 +103,12 @@ void mbedtls_test_info_reset( void )
 int mbedtls_test_equal( const char *test, int line_no, const char* filename,
                         unsigned long long value1, unsigned long long value2 )
 {
+    TEST_CF_PUBLIC( &value1, sizeof( value1 ) );
+    TEST_CF_PUBLIC( &value2, sizeof( value2 ) );
+
     if( value1 == value2 )
         return( 1 );
+
     if( mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED )
     {
         /* We've already recorded the test as having failed. Don't
@@ -125,8 +130,12 @@ int mbedtls_test_equal( const char *test, int line_no, const char* filename,
 int mbedtls_test_le_u( const char *test, int line_no, const char* filename,
                        unsigned long long value1, unsigned long long value2 )
 {
+    TEST_CF_PUBLIC( &value1, sizeof( value1 ) );
+    TEST_CF_PUBLIC( &value2, sizeof( value2 ) );
+
     if( value1 <= value2 )
         return( 1 );
+
     if( mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED )
     {
         /* We've already recorded the test as having failed. Don't
@@ -148,8 +157,12 @@ int mbedtls_test_le_u( const char *test, int line_no, const char* filename,
 int mbedtls_test_le_s( const char *test, int line_no, const char* filename,
                        long long value1, long long value2 )
 {
+    TEST_CF_PUBLIC( &value1, sizeof( value1 ) );
+    TEST_CF_PUBLIC( &value2, sizeof( value2 ) );
+
     if( value1 <= value2 )
         return( 1 );
+
     if( mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED )
     {
         /* We've already recorded the test as having failed. Don't