TF-M Reference Manual  1.2.0
TrustedFirmware-M
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
audit_ns_interface_testsuite.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  *
6  */
7 
9 #include "psa_audit_api.h"
10 #include "audit_ns_tests.h"
11 #include "tfm_api.h"
12 #include "audit_core.h"
13 
14 #include "../audit_tests_common.h"
15 
21 #define EMPTY_RETRIEVED_LOG_SIZE (0)
22 
28 #define EMPTY_RETRIEVED_LOG_ITEMS (0)
29 
36 #define SINGLE_RETRIEVED_LOG_SIZE (STANDARD_LOG_ENTRY_SIZE)
37 
43 #define SINGLE_RETRIEVED_LOG_ITEMS (1)
44 
50 #define SECOND_ELEMENT_START_INDEX (1)
51 
52 /* List of tests */
53 static void tfm_audit_test_1001(struct test_result_t *ret);
54 
55 static struct test_t audit_veneers_tests[] = {
56  {&tfm_audit_test_1001, "TFM_AUDIT_TEST_1001",
57  "Non Secure functional", {TEST_PASSED} },
58 };
59 
61 {
62  uint32_t list_size;
63 
64  list_size = (sizeof(audit_veneers_tests) /
65  sizeof(audit_veneers_tests[0]));
66 
67  set_testsuite("AuditLog non-secure interface test (TFM_AUDIT_TEST_1XXX)",
68  audit_veneers_tests, list_size, p_test_suite);
69 }
70 
71 #if AUDIT_TEST_S_ENABLE
72 
84 static void tfm_audit_test_1001(struct test_result_t *ret)
85 {
86  psa_status_t status;
87 
88  uint8_t local_buffer[LOCAL_BUFFER_SIZE];
89  uint32_t idx, stored_size, num_records, retrieved_size;
90 
91  struct psa_audit_record *retrieved_buffer;
92 
93  /* Get the log size (current state) */
94  status = psa_audit_get_info(&num_records, &stored_size);
95  if (status != PSA_SUCCESS) {
96  TEST_FAIL("Getting log info has returned error");
97  return;
98  }
99 
100  if (stored_size != INITIAL_LOG_SIZE) {
101  TEST_FAIL("Stored size different from " STR(INITIAL_LOG_SIZE));
102  return;
103  }
104 
105  if (num_records != INITIAL_LOG_RECORDS) {
106  TEST_FAIL("Stored records different from " STR(INITIAL_LOG_RECORDS));
107  return;
108  }
109 
110  /* Check the length of each record individually */
111  for (idx=0; idx<num_records; idx++) {
112  status = psa_audit_get_record_info(idx, &stored_size);
113  if (status != PSA_SUCCESS) {
114  TEST_FAIL("Getting record size individually has returned error");
115  return;
116  }
117 
118  if (stored_size != STANDARD_LOG_ENTRY_SIZE) {
119  TEST_FAIL("Unexpected record size for a single standard record");
120  return;
121  }
122  }
123 
124  /* Check that if requesting length of a record which is not there fails */
125  status = psa_audit_get_record_info(num_records, &stored_size);
126  if (status == PSA_SUCCESS) {
127  TEST_FAIL("Getting record size for non-existent record has not failed");
128  return;
129  }
130 
131  /* Log contains 2 items. Retrieve into buffer which is able to contain the
132  * the full contents of the log, one record at a time
133  */
134  for (idx=0; idx<INITIAL_LOG_RECORDS; idx++) {
135  status = psa_audit_retrieve_record(
136  idx,
138  NULL,
139  0,
140  &local_buffer[idx*STANDARD_LOG_ENTRY_SIZE],
141  &retrieved_size);
142 
143  if (status != PSA_SUCCESS) {
144  TEST_FAIL("Log retrieval from NS returned error");
145  return;
146  }
147 
148  if (retrieved_size != STANDARD_LOG_ENTRY_SIZE) {
149  TEST_FAIL("Expected retrieve size: " STR(STANDARD_LOG_ENTRY_SIZE));
150  return;
151  }
152  }
153 
154  /* Retrieve into a small buffer. It's not enough to store a single
155  * item so the provided buffer must be empty after retrieval. We
156  * check the info structure to count how many items and bytes have
157  * been returned, and if they're zeros items / zero bytes, there is
158  * no point in checking the contents of the local_buffer.
159  */
160  status = psa_audit_retrieve_record(0,
162  NULL,
163  0,
164  &local_buffer[0],
165  &retrieved_size);
166 
167  if (status == PSA_SUCCESS) {
168  TEST_FAIL("Log retrieval from NS should fail, buffer too small");
169  return;
170  }
171 
172  if (retrieved_size != EMPTY_RETRIEVED_LOG_SIZE) {
173  TEST_FAIL("Expected log size is " STR(EMPTY_RETRIEVED_LOG_SIZE));
174  return;
175  }
176 
177  /* Retrieve into a buffer which can hold a single element, but start from
178  * the second element that is stored in the log
179  */
180  status = psa_audit_retrieve_record(1,
182  NULL,
183  0,
184  &local_buffer[0],
185  &retrieved_size);
186 
187  if (status != PSA_SUCCESS) {
188  TEST_FAIL("Log retrieval from NS returned error");
189  return;
190  }
191 
192  if (retrieved_size != SINGLE_RETRIEVED_LOG_SIZE) {
193  TEST_FAIL("Expected log size is " STR(SINGLE_RETRIEVED_LOG_SIZE));
194  return;
195  }
196 
197  /* Inspect the contents of the retrieved buffer, i.e. check the
198  * retrieved log record contents
199  */
200  retrieved_buffer = (struct psa_audit_record *)
201  &local_buffer[offsetof(struct log_hdr, size)];
202 
203  if (retrieved_buffer->id != SECOND_ELEMENT_EXPECTED_CONTENT) {
204  TEST_FAIL("Unexpected argument in the first entry");
205  return;
206  }
207 
208  /* Delete oldest element in the log */
209  status = psa_audit_delete_record(0, NULL, 0);
210  if (status != PSA_SUCCESS) {
211  TEST_FAIL("Log record deletion from NS returned error");
212  return;
213  }
214 
215  /* Get the log size (current state) */
216  status = psa_audit_get_info(&num_records, &stored_size);
217  if (status != PSA_SUCCESS) {
218  TEST_FAIL("Getting log info has returned error");
219  return;
220  }
221 
222  if (num_records != 1) {
223  TEST_FAIL("Unexpected number of records in the log after delete");
224  return;
225  }
226 
227  if (stored_size != STANDARD_LOG_ENTRY_SIZE) {
228  TEST_FAIL("Unexpected size in the log after deletion");
229  return;
230  }
231 
232  /* Delete oldest element in the log. After this, the log will be empty */
233  status = psa_audit_delete_record(0, NULL, 0);
234  if (status != PSA_SUCCESS) {
235  TEST_FAIL("Log record deletion from NS returned error");
236  return;
237  }
238 
239  /* Get the log size (current state) */
240  status = psa_audit_get_info(&num_records, &stored_size);
241  if (status != PSA_SUCCESS) {
242  TEST_FAIL("Getting log info has returned error");
243  return;
244  }
245 
246  if (num_records != 0) {
247  TEST_FAIL("Unexpected number of records in the log after deletion");
248  return;
249  }
250 
251  if (stored_size != 0) {
252  TEST_FAIL("Unexpected size in the log after deletion");
253  return;
254  }
255 
256  ret->val = TEST_PASSED;
257 }
258 #else
259 
267 static void tfm_audit_test_1001(struct test_result_t *ret)
268 {
269  TEST_LOG("Skipped when Secure audit logging test is disabled.\r\n");
270 
271  ret->val = TEST_PASSED;
272 }
273 #endif /* AUDIT_TEST_S_ENABLE */
#define EMPTY_RETRIEVED_LOG_SIZE
Log size when the retrieved buffer is empty.
#define STANDARD_LOG_ENTRY_SIZE
A log item with no payload (standard size) has the following size. More details can be found observin...
#define PSA_SUCCESS
Definition: crypto_values.h:35
#define STR(a)
A standard stringify macro.
#define TEST_FAIL(info_msg)
psa_status_t psa_audit_get_record_info(const uint32_t record_index, uint32_t *size)
Returns the size of the record at the specified index.
enum test_suite_err_t set_testsuite(const char *name, struct test_t *test_list, uint32_t size, struct test_suite_t *p_ts)
Sets test suite parameters.
psa_status_t psa_audit_delete_record(const uint32_t record_index, const uint8_t *token, const uint32_t token_size)
Deletes a record at the specified index.
Fixed size header for a log record.
Definition: audit_core.h:99
#define INITIAL_LOG_RECORDS
Initial state of the log number of records.
This structure contains the record that is added to the audit log by the requesting secure service...
void register_testsuite_ns_audit_interface(struct test_suite_t *p_test_suite)
Register testsuite for audit logging non-secure interface.
struct test_result_t ret
#define SINGLE_RETRIEVED_LOG_SIZE
Log size when the retrieved buffer has 1 item of standard size (no payload)
#define TEST_LOG(...)
enum test_status_t val
#define LOCAL_BUFFER_SIZE
Size in bytes of the local buffer. Size accomodates two standard size (no payload) log items...
#define INITIAL_LOG_SIZE
Initial state of the log size in bytes.
#define SECOND_ELEMENT_EXPECTED_CONTENT
Content of the log record in the second log item in the final request.
int32_t psa_status_t
Function return status.
Definition: crypto_types.h:43
psa_status_t psa_audit_get_info(uint32_t *num_records, uint32_t *size)
Returns the total number and size of the records stored.
psa_status_t psa_audit_retrieve_record(const uint32_t record_index, const uint32_t buffer_size, const uint8_t *token, const uint32_t token_size, uint8_t *buffer, uint32_t *record_size)
Retrieves a record at the specified index.