Mbed-TLS · gilles-peskine-arm · Apr 23, 2025 · Feb 5, 2025 · Feb 6, 2025 · Feb 6, 2025
diff --git a/tests/include/test/drivers/aead.h b/tests/include/test/drivers/aead.h
@@ -11,6 +11,8 @@
 #include "mbedtls/build_info.h"
 
 #if defined(PSA_CRYPTO_DRIVER_TEST)
+#include "test_driver_common.h"
+
 #include <psa/crypto_driver_common.h>
 
 typedef struct {

diff --git a/tests/include/test/drivers/asymmetric_encryption.h b/tests/include/test/drivers/asymmetric_encryption.h
@@ -11,6 +11,8 @@
 #include "mbedtls/build_info.h"
 
 #if defined(PSA_CRYPTO_DRIVER_TEST)
+#include "test_driver_common.h"
+
 #include <psa/crypto_driver_common.h>
 #include <psa/crypto.h>
 

diff --git a/tests/include/test/drivers/cipher.h b/tests/include/test/drivers/cipher.h
@@ -11,6 +11,8 @@
 #include "mbedtls/build_info.h"
 
 #if defined(PSA_CRYPTO_DRIVER_TEST)
+#include "test_driver_common.h"
+
 #include <psa/crypto_driver_common.h>
 #include <psa/crypto.h>
 

diff --git a/tests/include/test/drivers/hash.h b/tests/include/test/drivers/hash.h
@@ -11,6 +11,8 @@
 #include "mbedtls/build_info.h"
 
 #if defined(PSA_CRYPTO_DRIVER_TEST)
+#include "test_driver_common.h"
+
 #include <psa/crypto_driver_common.h>
 
 typedef struct {

diff --git a/tests/include/test/drivers/key_agreement.h b/tests/include/test/drivers/key_agreement.h
@@ -11,6 +11,8 @@
 #include "mbedtls/build_info.h"
 
 #if defined(PSA_CRYPTO_DRIVER_TEST)
+#include "test_driver_common.h"
+
 #include <psa/crypto_driver_common.h>
 
 typedef struct {

diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h
@@ -11,6 +11,8 @@
 #include "mbedtls/build_info.h"
 
 #if defined(PSA_CRYPTO_DRIVER_TEST)
+#include "test_driver_common.h"
+
 #include <psa/crypto_driver_common.h>
 
 #define PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT     0

diff --git a/tests/include/test/drivers/mac.h b/tests/include/test/drivers/mac.h
@@ -11,6 +11,8 @@
 #include "mbedtls/build_info.h"
 
 #if defined(PSA_CRYPTO_DRIVER_TEST)
+#include "test_driver_common.h"
+
 #include <psa/crypto_driver_common.h>
 
 typedef struct {

diff --git a/tests/include/test/drivers/pake.h b/tests/include/test/drivers/pake.h
@@ -11,6 +11,8 @@
 #include "mbedtls/build_info.h"
 
 #if defined(PSA_CRYPTO_DRIVER_TEST)
+#include "test_driver_common.h"
+
 #include <psa/crypto_driver_common.h>
 
 typedef struct {

diff --git a/tests/include/test/drivers/signature.h b/tests/include/test/drivers/signature.h
@@ -11,6 +11,8 @@
 #include "mbedtls/build_info.h"
 
 #if defined(PSA_CRYPTO_DRIVER_TEST)
+#include "test_driver_common.h"
+
 #include <psa/crypto_driver_common.h>
 
 typedef struct {

diff --git a/tests/include/test/drivers/test_driver_common.h b/tests/include/test/drivers/test_driver_common.h
@@ -0,0 +1,11 @@
+/* Common definitions used by test drivers. */
+/*  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#ifndef PSA_CRYPTO_TEST_DRIVERS_TEST_DRIVER_COMMON_H
+#define PSA_CRYPTO_TEST_DRIVERS_TEST_DRIVER_COMMON_H
+
+#include "mbedtls/build_info.h"
+
+#endif /* test_driver_common.h */
diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h
@@ -166,6 +166,30 @@ const char *mbedtls_test_get_mutex_usage_error(void);
 void mbedtls_test_set_mutex_usage_error(const char *msg);
 #endif
 
+/**
+ * \brief           Check whether the given buffer is all-bits-zero.
+ *
+ * \param[in] buf   Pointer to the buffer to check.
+ * \param size      Buffer size in bytes.
+ *
+ * \retval 0        The given buffer has a nonzero byte.
+ * \retval 1        The given buffer is all-bits-zero (this includes the case
+ *                  of an empty buffer).
+ */
+int mbedtls_test_buffer_is_all_zero(const uint8_t *buf, size_t size);
+
+/** Check whether the object at the given address is all-bits-zero.
+ *
+ * \param[in] ptr   A pointer to the object to check.
+ *                  This macro parameter may be evaluated more than once.
+ *
+ * \retval 0        The given object has a nonzero byte.
+ * \retval 1        The given object is all-bits-zero (this includes the case
+ *                  of an empty buffer).
+ */
+#define MBEDTLS_TEST_OBJECT_IS_ALL_ZERO(ptr)    \
+    (mbedtls_test_buffer_is_all_zero((const uint8_t *) (ptr), sizeof(*(ptr))))
+
 #if defined(MBEDTLS_BIGNUM_C)
 
 /**

diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h
@@ -145,6 +145,35 @@ const char *mbedtls_test_helper_is_psa_leaking(void);
     while (0)
 
 
+/** Initializer that doesn't set the embedded union to zero.
+ *
+ * Use this to validate that our code correctly handles platforms where
+ * `{0}` does not initialize a union to all-bits-zero, only the first member.
+ * Such behavior is uncommon, but compliant (see discussion in
+ * https://github.com/Mbed-TLS/mbedtls/issues/9814).
+ * You can portably simulate that behavior by using the `xxx_init_short()`
+ * initializer function instead of `{0}` or an official initializer
+ * `xxx_init()` or `XXX_INIT`.
+ */
+psa_hash_operation_t psa_hash_operation_init_short(void);
+psa_mac_operation_t psa_mac_operation_init_short(void);
+psa_cipher_operation_t psa_cipher_operation_init_short(void);
+psa_aead_operation_t psa_aead_operation_init_short(void);
+psa_key_derivation_operation_t psa_key_derivation_operation_init_short(void);
+psa_pake_operation_t psa_pake_operation_init_short(void);
+psa_sign_hash_interruptible_operation_t psa_sign_hash_interruptible_operation_init_short(void);
+psa_verify_hash_interruptible_operation_t psa_verify_hash_interruptible_operation_init_short(void);
+#if defined(PSA_KEY_AGREEMENT_IOP_INIT)
+psa_key_agreement_iop_t psa_key_agreement_iop_init_short(void);
+#endif
+#if defined(PSA_GENERATE_KEY_IOP_INIT)
+psa_generate_key_iop_t psa_generate_key_iop_init_short(void);
+#endif
+#if defined(PSA_EXPORT_PUBLIC_KEY_IOP_INIT)
+psa_export_public_key_iop_t psa_export_public_key_iop_init_short(void);
+#endif
+
+
 
 #if defined(RECORD_PSA_STATUS_COVERAGE_LOG)
 psa_status_t mbedtls_test_record_status(psa_status_t status,

diff --git a/tests/src/helpers.c b/tests/src/helpers.c
@@ -265,6 +265,16 @@ void mbedtls_test_set_mutex_usage_error(const char *msg)
 }
 #endif // #if defined(MBEDTLS_TEST_MUTEX_USAGE)
 
+int mbedtls_test_buffer_is_all_zero(const uint8_t *buf, size_t size)
+{
+    for (size_t i = 0; i < size; i++) {
+        if (buf[i] != 0) {
+            return 0;
+        }
+    }
+    return 1;
+}
+
 #if defined(MBEDTLS_BIGNUM_C)
 
 unsigned mbedtls_test_get_case_uses_negative_0(void)

diff --git a/tests/src/psa_crypto_helpers.c b/tests/src/psa_crypto_helpers.c
@@ -98,6 +98,96 @@ const char *mbedtls_test_helper_is_psa_leaking(void)
     return NULL;
 }
 
+
+
+psa_hash_operation_t psa_hash_operation_init_short(void)
+{
+    psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
+    memset(&operation.ctx, '!', sizeof(operation.ctx));
+    return operation;
+}
+
+psa_mac_operation_t psa_mac_operation_init_short(void)
+{
+    psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+    memset(&operation.ctx, '!', sizeof(operation.ctx));
+    return operation;
+}
+
+psa_cipher_operation_t psa_cipher_operation_init_short(void)
+{
+    psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+    memset(&operation.ctx, '!', sizeof(operation.ctx));
+    return operation;
+}
+
+psa_aead_operation_t psa_aead_operation_init_short(void)
+{
+    psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
+    memset(&operation.ctx, '!', sizeof(operation.ctx));
+    return operation;
+}
+
+psa_key_derivation_operation_t psa_key_derivation_operation_init_short(void)
+{
+    psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+    memset(&operation.ctx, '!', sizeof(operation.ctx));
+    return operation;
+}
+
+psa_pake_operation_t psa_pake_operation_init_short(void)
+{
+    psa_pake_operation_t operation = PSA_PAKE_OPERATION_INIT;
+    memset(&operation.computation_stage, '!', sizeof(operation.computation_stage));
+    memset(&operation.data, '!', sizeof(operation.data));
+    return operation;
+}
+
+psa_sign_hash_interruptible_operation_t psa_sign_hash_interruptible_operation_init_short(void)
+{
+    psa_sign_hash_interruptible_operation_t operation =
+        PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT;
+    memset(&operation.ctx, '!', sizeof(operation.ctx));
+    return operation;
+}
+
+psa_verify_hash_interruptible_operation_t psa_verify_hash_interruptible_operation_init_short(void)
+{
+    psa_verify_hash_interruptible_operation_t operation =
+        PSA_VERIFY_HASH_INTERRUPTIBLE_OPERATION_INIT;
+    memset(&operation.ctx, '!', sizeof(operation.ctx));
+    return operation;
+}
+
+#if defined(PSA_KEY_AGREEMENT_IOP_INIT)
+psa_key_agreement_iop_t psa_key_agreement_iop_init_short(void)
+{
+    psa_key_agreement_iop_t operation = PSA_KEY_AGREEMENT_IOP_INIT;
+    /* No driver support, and thus no union, yet, at the time of writing */
+    return operation;
+}
+#endif
+
+#if defined(PSA_GENERATE_KEY_IOP_INIT)
+psa_generate_key_iop_t psa_generate_key_iop_init_short(void)
+{
+    psa_generate_key_iop_t operation = PSA_GENERATE_KEY_IOP_INIT;
+    /* No driver support, and thus no union, yet, at the time of writing */
+    return operation;
+}
+#endif
+
+#if defined(PSA_EXPORT_PUBLIC_KEY_IOP_INIT)
+psa_export_public_key_iop_t psa_export_public_key_iop_init_short(void)
+{
+    psa_export_public_key_iop_t operation = PSA_EXPORT_PUBLIC_KEY_IOP_INIT;
+    /* No driver support, and thus no union, yet, at the time of writing */
+    return operation;
+}
+#endif
+
+
+
 #if defined(RECORD_PSA_STATUS_COVERAGE_LOG)
 /** Name of the file where return statuses are logged by #RECORD_STATUS. */
 #define STATUS_LOG_FILE_NAME "statuses.log"