Cryptography library error injection #1391

steven-bellock · 2022-11-14T02:33:27Z

steven-bellock
Nov 14, 2022
Maintainer

The time has come to inject errors into the cryptography library, and other HALs, so that code coverage can be improved. The question is how should this be implemented? I think the main requirement is that none of the files in libspdm/library should be edited to support this. So that means editing the files in libspdm/os_stub and libspdm/unit_test. One way would be to edit the cryptography implementations in library/os_stub to allow for error injection. For example

libspdm/os_stub/cryptlib_mbedtls/hash/sha.c

Lines 195 to 202 in 37e58c7

    
           bool libspdm_sha256_hash_all(const void *data, size_t data_size, 
        
                                        uint8_t *hash_value) 
        
           { 
        
               int32_t ret; 
        
               if (hash_value == NULL) { 
        
                   return false; 
        
               }

would become (something like)

 bool libspdm_sha256_hash_all(const void *data, size_t data_size, 
                              uint8_t *hash_value) 
 { 
     int32_t ret; 
  
     #if LIBSPDM_TEST_ERROR_ENABLE
     if (m_error_libspdm_sha256_hash_all) {
         return false;
     }
     #endif /* LIBSPDM_TEST_ERROR_ENABLE */

     if (hash_value == NULL) { 
         return false; 
     }

When LIBSPDM_TEST_ERROR_ENABLE is enabled this would lead to the creation of two new libraries, cryptlib_openssl_test and cryptlib_mbedtls_test. The Integrator would obviously need to be careful to not link to these libraries when in production.

jyao1 · 2022-11-14T15:37:34Z

jyao1
Nov 14, 2022
Maintainer

Good idea on error injection. I dont suggest we change any code in the original function. I suggest to use wrapper function. For example:

Use macro to rename the original crypt_func_name to crypt_func_name_internal in the header file, such as

#define libspdm_sha256_hash_all libspdm_sha256_hash_all_internal

Then when this library is built, it will expose a different symbol.

Create a wrapper function with original name, and call the internal function.

/* wrapper function with original name */
 bool libspdm_sha256_hash_all(const void *data, size_t data_size, 
                                                  uint8_t *hash_value)
 { 
     if (m_error_libspdm_sha256_hash_all) {
         return false;
     }

     return  libspdm_sha256_hash_all_internal (data, data_size, hash_value);
 }

The error on/off is controlled in the wrapper function.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Cryptography library error injection #1391

{{title}}

Replies: 1 comment

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Select a reply

Cryptography library error injection #1391

steven-bellock Nov 14, 2022 Maintainer

Replies: 1 comment

jyao1 Nov 14, 2022 Maintainer

steven-bellock
Nov 14, 2022
Maintainer

jyao1
Nov 14, 2022
Maintainer