Merge branch 'simplify-test'

Author: benma

src/cipher/cipher.c

@@ -22,6 +22,10 @@
 #include <util.h>
 #include <wally_crypto.h>
 
+#ifdef TESTING
+#include <mock_cipher.h>
+#endif
+
 #define N_BLOCK (16U)
 // Used to sanity-check input to avoid large stack allocations
 #define CIPHER_MAX_ALLOC (200U)
@@ -65,7 +69,11 @@ static bool _aes_encrypt(
     }
 
     uint8_t iv[32] = {0}; // only 16 bytes needed for IV.
+#ifdef TESTING
+    cipher_mock_iv(iv);
+#else
     random_32_bytes(iv);
+#endif
     memcpy(out, iv, N_BLOCK);
 
     AES256_CBC_ctx ctx = {0};

test/unit-test/CMakeLists.txt

@@ -61,6 +61,7 @@ add_library(bitbox_objects
   ${CTAES-SOURCES}
   ${ETHEREUM-SOURCES}
   framework/mock_blocking.c
+  framework/mock_cipher.c
   framework/mock_screen.c
   framework/mock_screen_stack.c
   framework/mock_memory.c
@@ -210,7 +211,7 @@ set(TEST_LIST
    cleanup
    "-Wl,--wrap=util_cleanup_32"
    keystore
-   "-Wl,--wrap=secp256k1_anti_exfil_sign,--wrap=memory_is_initialized,--wrap=memory_is_seeded,--wrap=memory_get_failed_unlock_attempts,--wrap=memory_reset_failed_unlock_attempts,--wrap=memory_increment_failed_unlock_attempts,--wrap=memory_set_encrypted_seed_and_hmac,--wrap=memory_get_encrypted_seed_and_hmac,--wrap=memory_get_salt_root,--wrap=reset_reset,--wrap=salt_hash_data,--wrap=cipher_aes_hmac_encrypt,--wrap=random_32_bytes,--wrap=securechip_kdf"
+   "-Wl,--wrap=secp256k1_anti_exfil_sign,--wrap=memory_is_initialized,--wrap=memory_is_seeded,--wrap=memory_get_failed_unlock_attempts,--wrap=memory_reset_failed_unlock_attempts,--wrap=memory_increment_failed_unlock_attempts,--wrap=memory_set_encrypted_seed_and_hmac,--wrap=memory_get_encrypted_seed_and_hmac,--wrap=memory_get_salt_root,--wrap=reset_reset,--wrap=random_32_bytes"
    keystore_antiklepto
    ""
    keystore_functional
@@ -234,7 +235,7 @@ set(TEST_LIST
    salt
    "-Wl,--wrap=memory_get_salt_root"
    cipher
-   "-Wl,--wrap=random_32_bytes"
+   "-Wl,--wrap=cipher_mock_iv"
    util
    ""
    workflow_blocking

test/unit-test/framework/includes/mock_cipher.h

@@ -0,0 +1,22 @@
+// Copyright 2023 Shift Crypto AG
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef _MOCK_CIPHER_H_
+#define _MOCK_CIPHER_H_
+
+#include <stdint.h>
+
+void cipher_mock_iv(uint8_t* iv_out);
+
+#endif

test/unit-test/framework/includes/mock_memory.h

@@ -12,8 +12,8 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-#ifndef _MOCK_MOCK_H_
-#define _MOCK_MOCK_H_
+#ifndef _MOCK_MEMORY_H_
+#define _MOCK_MEMORY_H_
 
 #include <stdbool.h>
 #include <stdint.h>

test/unit-test/framework/mock_cipher.c

@@ -0,0 +1,22 @@
+// Copyright 2023 Shift Crypto AG
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include <string.h>
+
+#include <mock_cipher.h>
+
+void cipher_mock_iv(uint8_t* iv_out)
+{
+    memset(iv_out, 'a', 32);
+}

test/unit-test/test_cipher.c

@@ -21,9 +21,9 @@
 #include <stdlib.h>
 #include <string.h>
 
-void __wrap_random_32_bytes(uint8_t* buf)
+void __wrap_cipher_mock_iv(uint8_t* iv_out)
 {
-    memcpy(buf, (const uint8_t*)mock(), 32);
+    memcpy(iv_out, (const uint8_t*)mock(), 32);
 }
 
 typedef struct {
@@ -3839,7 +3839,7 @@ static void _test_cipher_aes_hmac_encrypt(void** state)
         const test_t* test = &_tests[i];
         uint8_t rand_mock[32] = {0};
         memcpy(rand_mock, test->iv, 16);
-        will_return(__wrap_random_32_bytes, rand_mock);
+        will_return(__wrap_cipher_mock_iv, rand_mock);
         size_t cipher_len = test->msg_len + 64;
         uint8_t cipher[cipher_len];
         assert_true(

test/unit-test/test_keystore.c

@@ -35,13 +35,6 @@
 
 #define PASSWORD ("password")
 
-int __real_securechip_kdf(securechip_slot_t slot, const uint8_t* msg, size_t len, uint8_t* kdf_out);
-int __wrap_securechip_kdf(securechip_slot_t slot, const uint8_t* msg, size_t len, uint8_t* kdf_out)
-{
-    check_expected(slot);
-    return __real_securechip_kdf(slot, msg, len, kdf_out);
-}
-
 static uint8_t _salt_root[KEYSTORE_MAX_SEED_LENGTH] = {
     0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
     0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
@@ -64,8 +57,6 @@ static uint8_t _mock_bip39_seed[64] = {
     0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
 };
 
-const uint8_t _aes_iv[32] = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
-
 static const uint32_t _keypath[] = {
     44 + BIP32_INITIAL_HARDENED_CHILD,
     0 + BIP32_INITIAL_HARDENED_CHILD,
@@ -112,41 +103,6 @@ int __wrap_secp256k1_anti_exfil_sign(
     return __real_secp256k1_anti_exfil_sign(ctx, sig, msg32, seckey, host_data32, recid);
 }
 
-bool __real_salt_hash_data(
-    const uint8_t* data,
-    size_t data_len,
-    const char* purpose,
-    uint8_t* hash_out);
-bool __wrap_salt_hash_data(
-    const uint8_t* data,
-    size_t data_len,
-    const char* purpose,
-    uint8_t* hash_out)
-{
-    check_expected(data);
-    check_expected(data_len);
-    check_expected(purpose);
-    return __real_salt_hash_data(data, data_len, purpose, hash_out);
-}
-
-bool __real_cipher_aes_hmac_encrypt(
-    const unsigned char* in,
-    int in_len,
-    uint8_t* out,
-    int* out_len,
-    const uint8_t* secret);
-
-bool __wrap_cipher_aes_hmac_encrypt(
-    const unsigned char* in,
-    int in_len,
-    uint8_t* out,
-    int* out_len,
-    const uint8_t* secret)
-{
-    check_expected(secret);
-    return __real_cipher_aes_hmac_encrypt(in, in_len, out, out_len, secret);
-}
-
 /** Reset the SmartEEPROM configuration. */
 static void _smarteeprom_reset(void)
 {
@@ -298,37 +254,9 @@ static void _test_keystore_secp256k1_sign(void** state)
         assert_true(_pubkeys_equal(ctx, &recovered_pubkey, &expected_pubkey));
     }
 }
-
-static void _expect_stretch(const char* password)
-{
-    expect_memory(__wrap_salt_hash_data, data, password, strlen(password));
-    expect_value(__wrap_salt_hash_data, data_len, strlen(password));
-    expect_string(__wrap_salt_hash_data, purpose, "keystore_seed_access_in");
-
-    // KDF 1
-    expect_value(__wrap_securechip_kdf, slot, SECURECHIP_SLOT_ROLLKEY);
-
-    // KDF 2
-    expect_value(__wrap_securechip_kdf, slot, SECURECHIP_SLOT_KDF);
-
-    // KDF 3
-    expect_value(__wrap_securechip_kdf, slot, SECURECHIP_SLOT_KDF);
-
-    expect_memory(__wrap_salt_hash_data, data, password, strlen(password));
-    expect_value(__wrap_salt_hash_data, data_len, strlen(password));
-    expect_string(__wrap_salt_hash_data, purpose, "keystore_seed_access_out");
-}
-
 static void _expect_encrypt_and_store_seed(void)
 {
     will_return(__wrap_memory_is_initialized, false);
-
-    _expect_stretch(PASSWORD); // first stretch to encrypt
-    _expect_stretch(PASSWORD); // second stretch to verify
-
-    expect_memory(__wrap_cipher_aes_hmac_encrypt, secret, _expected_secret, 32);
-    // For the AES IV:
-    will_return(__wrap_random_32_bytes, _aes_iv);
 }
 
 static void _test_keystore_encrypt_and_store_seed(void** state)
@@ -349,15 +277,13 @@ static void _test_keystore_create_and_unlock_twice(void** state)
     _smarteeprom_reset();
 
     will_return(__wrap_memory_is_seeded, true);
-    _expect_stretch(PASSWORD);
     assert_int_equal(KEYSTORE_OK, keystore_unlock(PASSWORD, &remaining_attempts, NULL));
 
     // Create new (different) seed.
     _expect_encrypt_and_store_seed();
     assert_int_equal(keystore_encrypt_and_store_seed(_mock_seed_2, 32, PASSWORD), KEYSTORE_OK);
 
     will_return(__wrap_memory_is_seeded, true);
-    _expect_stretch(PASSWORD);
     assert_int_equal(KEYSTORE_OK, keystore_unlock(PASSWORD, &remaining_attempts, NULL));
 }
 
@@ -375,7 +301,6 @@ static void _perform_some_unlocks(void)
     for (int i = 0; i < 3; i++) {
         _reset_reset_called = false;
         will_return(__wrap_memory_is_seeded, true);
-        _expect_stretch(PASSWORD);
         assert_int_equal(KEYSTORE_OK, keystore_unlock(PASSWORD, &remaining_attempts, NULL));
         assert_int_equal(remaining_attempts, MAX_UNLOCK_ATTEMPTS);
         assert_false(_reset_reset_called);
@@ -402,7 +327,6 @@ static void _test_keystore_unlock(void** state)
     for (int i = 1; i <= MAX_UNLOCK_ATTEMPTS; i++) {
         _reset_reset_called = false;
         will_return(__wrap_memory_is_seeded, true);
-        _expect_stretch("invalid password");
         assert_int_equal(
             i >= MAX_UNLOCK_ATTEMPTS ? KEYSTORE_ERR_MAX_ATTEMPTS_EXCEEDED
                                      : KEYSTORE_ERR_INCORRECT_PASSWORD,
@@ -483,9 +407,6 @@ static void _test_keystore_create_and_store_seed(void** state)
         size_t seed_len = test_sizes[i];
         // Seed random is xored with host entropy and the salted/hashed user password.
         will_return(__wrap_random_32_bytes, seed_random);
-        expect_memory(__wrap_salt_hash_data, data, PASSWORD, strlen(PASSWORD));
-        expect_value(__wrap_salt_hash_data, data_len, strlen(PASSWORD));
-        expect_string(__wrap_salt_hash_data, purpose, "keystore_seed_generation");
         _expect_encrypt_and_store_seed();
         assert_int_equal(
             keystore_create_and_store_seed(PASSWORD, host_entropy, seed_len), KEYSTORE_OK);