mbedtls icon indicating copy to clipboard operation
mbedtls copied to clipboard

Published 20 hours ago verified publisher icon Mbed-TLS

Generate PSA test wrappers

Open gilles-peskine-arm opened this issue 1 year ago • 0 comments

Introduce Python code to generate wrapper functions for library functions. When the wrapper code is enabled, test code transparently calls the wrapper instead of the library function. The wrapper generation framework is designed to be flexible so that we can add various instrumentation as needed.

Use this instrumentation to generate wrappers for PSA crypto API functions. These functions are used when MBEDTLS_TEST_HOOKS is enabled. Currently, all the wrapper code does is to optionally log the inputs and outputs to the function (metadata only, not buffer contents). To enable this logging, set the environment variable MBEDTLS_TEST_PSA_WRAPPERS_LOG_FILE to the name of a log file.

Use this new logging mechanism in psa_collect_statuses.py and retire the old RECORD_PSA_STATUS_COVERAGE_LOG mechanism, which was less flexible and less well integrated in the build system.

Status:

  • Parts of this code (the base classes, not the logging code) have been included in 3.6.0 as part of a security fix. They have not been reviewed as part of this fix; this will happen through https://github.com/Mbed-TLS/mbedtls/issues/8961.
  • I have the features I want for now. I may still revise based on CI feedback and to make minor improvements, and also to make the logging thread-safe.

Possible follow-ups:

  • Generate at least PSA client-side IPC wrappers, and perhaps even server side, which we could use to test MBEDTLS_PSA_CRYPTO_CLIENT and MBEDTLS_PSA_CRYPTO_SPM. I started writing code for this in https://github.com/gilles-peskine-arm/mbedtls/tree/psa-generate-wrappers+generate_psa_client_stubs-wip-1; this is incomplete and I don't intend to work on it any further in the near future, but demonstrates the flexibility of the framework.
  • Use this to generate the driver wrappers, replacing the current mechanism based on Jinja templates. This would allow us to get rid of an external dependency and would require less effort to support additional functions.
  • Run test coverage analyses (e.g. which error conditions have been exercised, which functions have been exercised with which algorithms, coverage for buffer overlap, …).

PR checklist

  • [ ] changelog no (test only)
  • [ ] backport done, or not required
  • [ ] tests provided, or not required

gilles-peskine-arm avatar Nov 22 '23 22:11 gilles-peskine-arm