tests/include/test/bignum_codepath_check.h

/** Support for path tracking in optionally safe bignum functions
 *
 * The functions are called when an optionally safe path is taken and logs it with a single
 * variable. This variable is at any time in one of three states:
 *      - MBEDTLS_MPI_IS_TEST: No optionally safe path has been taken since the last reset
 *      - MBEDTLS_MPI_IS_SECRET: Only safe paths were teken since the last reset
 *      - MBEDTLS_MPI_IS_PUBLIC: At least one unsafe path has been taken since the last reset
 *
 * Use a simple global variable to track execution path. Making it work with multithreading
 * isn't worth the effort as multithreaded tests add little to no value here.
 */
/*
 *  Copyright The Mbed TLS Contributors
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 */

#ifndef BIGNUM_CODEPATH_CHECK_H
#define BIGNUM_CODEPATH_CHECK_H

#include "bignum_core.h"

#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C)

extern int mbedtls_codepath_check;

/**
 * \brief         Setup the codepath test hooks used by optionally safe bignum functions to signal
 *                the path taken.
 */
void mbedtls_codepath_test_hooks_setup(void);

/**
 * \brief         Teardown the codepath test hooks used by optionally safe bignum functions to
 *                signal the path taken.
 */
void mbedtls_codepath_test_hooks_teardown(void);

/**
 * \brief         Reset the state of the codepath to the initial state.
 */
static inline void mbedtls_codepath_reset(void)
{
    mbedtls_codepath_check = MBEDTLS_MPI_IS_TEST;
}

/** Check the codepath taken and fail if it doesn't match.
 *
 * When a function returns with an error, it can do so before reaching any interesting codepath. The
 * same can happen if a parameter to the function is zero. In these cases we need to allow
 * the codepath tracking variable to still have its initial "not set" value.
 *
 * This macro expands to an instruction, not an expression.
 * It may jump to the \c exit label.
 *
 * \param path      The expected codepath.
 *                  This expression may be evaluated multiple times.
 * \param ret       The expected return value.
 * \param E         The MPI parameter that can cause shortcuts.
 */
#define ASSERT_BIGNUM_CODEPATH(path, ret, E)                            \
    do {                                                                \
        if ((ret) != 0 || (E).n == 0) {                                 \
            TEST_ASSERT(mbedtls_codepath_check == (path) ||             \
                        mbedtls_codepath_check == MBEDTLS_MPI_IS_TEST); \
        } else {                                                        \
            TEST_EQUAL(mbedtls_codepath_check, (path));                 \
        }                                                               \
    } while (0)

/** Check the codepath taken and fail if it doesn't match.
 *
 * When a function returns with an error, it can do so before reaching any interesting codepath. In
 * this case we need to allow the codepath tracking variable to still have its
 * initial "not set" value.
 *
 * This macro expands to an instruction, not an expression.
 * It may jump to the \c exit label.
 *
 * \param path      The expected codepath.
 *                  This expression may be evaluated multiple times.
 * \param ret       The expected return value.
 */
#define ASSERT_RSA_CODEPATH(path, ret)                                  \
    do {                                                                \
        if ((ret) != 0) {                                               \
            TEST_ASSERT(mbedtls_codepath_check == (path) ||             \
                        mbedtls_codepath_check == MBEDTLS_MPI_IS_TEST); \
        } else {                                                        \
            TEST_EQUAL(mbedtls_codepath_check, (path));                 \
        }                                                               \
    } while (0)
#endif /* MBEDTLS_TEST_HOOKS && !MBEDTLS_THREADING_C */

#endif /* BIGNUM_CODEPATH_CHECK_H */