CryptoPkg/BaseCryptLibUnitTest: Separate MbedTls UnitTest Library.

Separate Unit test functions for MbedTls.

BaseCryptLibMbedTls does not support all Crypto services
So deprecate below function for MbedTls Unit test:

TestVerifyEKUsWith3CertsInSignature()
TestVerifyEKUsWith2CertsInSignature()
TestNoEKUsInSignature()
TestVerifyRsaCertPkcs1SignVerify
TestVerifyPkcs7SignVerifyNonSelfIssued()
TestVerifyDhGenerateKey()
Pkcs1v2Decrypt
Pkcs1v2EncryptDecrypt
RsaOaepEncrypt (Interface)
RsaOaepEncrypt (NoSeed)
RsaOaepEncrypt (Seeded)
RsaOaepDecrypt
RsaOaepEncryptDecrypt
RsaOaepEncryptPkcs1v2Decrypt
Pkcs1v2EncryptRsaOaepDecrypt
RsaOaepEncrypt (MdDefaultMgf1Default)
RsaOaepDecrypt (MdDefaultMgf1Default)
RsaOaepEncryptDecrypt (MdDefaultMgf1Default)
RsaOaepEncrypt (MdSha1Bgf1Sha1
RsaOaepDecrypt (MdSha1Bgf1Sha1)
RsaOaepEncryptDecrypt (MdSha1Bgf1Sha1)
RsaOaepEncrypt (MdSha256Bgf1Sha256)
RsaOaepDecrypt (MdSha256Bgf1Sha256)
RsaOaepEncryptDecrypt (MdSha256Bgf1Sha256)
TestVerifyBn()
TestVerifyEcKey()
TestPkcs7Attached()
TestPkcs7Detached()
TestVerifyPkcs7ContentData()

REF: tianocore/edk2#11605
Signed-off-by: Longhaox Lee <[email protected]>

Author: poloaegis83

CryptoPkg/Test/CryptoPkgHostUnitTest.dsc

@@ -57,7 +57,7 @@
 !endif
 
 !if $(CRYPTO_TEST_TYPE) IN "MBEDTLS"
-  CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf {
+  CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHostMbedTls.inf {
     <LibraryClasses>
       BaseCryptLib|CryptoPkg/Library/BaseCryptLibMbedTls/UnitTestHostBaseCryptLib.inf
       OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibSm3.inf

CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTestsMbedTls.c

@@ -0,0 +1,74 @@
+/** @file
+  This is defines the tests that will run on BaseCryptLib
+
+  Copyright (c) Microsoft Corporation.<BR>
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+#include "TestBaseCryptLib.h"
+
+SUITE_DESC  mSuiteDesc[] = {
+  //
+  // Title--------------------------Package-------------------Sup--Tdn----TestNum------------TestDesc
+  //
+  { "EKU verify tests",              "CryptoPkg.BaseCryptLib", NULL, NULL, &mPkcs7EkuTestMbedTlsNum,     mPkcs7EkuTestMbedTls     },
+  { "HASH verify tests",             "CryptoPkg.BaseCryptLib", NULL, NULL, &mHashTestNum,                mHashTest                },
+  { "HMAC verify tests",             "CryptoPkg.BaseCryptLib", NULL, NULL, &mHmacTestNum,                mHmacTest                },
+  { "BlockCipher verify tests",      "CryptoPkg.BaseCryptLib", NULL, NULL, &mBlockCipherTestNum,         mBlockCipherTest         },
+  { "RSA verify tests",              "CryptoPkg.BaseCryptLib", NULL, NULL, &mRsaTestMbedTlsNum,          mRsaTestMbedTls          },
+  { "RSA PSS verify tests",          "CryptoPkg.BaseCryptLib", NULL, NULL, &mRsaPssTestNum,              mRsaPssTest              },
+  { "RSACert verify tests",          "CryptoPkg.BaseCryptLib", NULL, NULL, &mRsaCertTestNum,             mRsaCertTest             },
+  { "PKCS7 verify tests",            "CryptoPkg.BaseCryptLib", NULL, NULL, &mPkcs7TestMbedTlsNum,        mPkcs7TestMbedTls        },
+  { "PKCS5 verify tests",            "CryptoPkg.BaseCryptLib", NULL, NULL, &mPkcs5TestNum,               mPkcs5Test               },
+  { "Authenticode verify tests",     "CryptoPkg.BaseCryptLib", NULL, NULL, &mAuthenticodeTestNum,        mAuthenticodeTest        },
+  { "ImageTimestamp verify tests",   "CryptoPkg.BaseCryptLib", NULL, NULL, &mImageTimestampTestNum,      mImageTimestampTest      },
+  { "PRNG verify tests",             "CryptoPkg.BaseCryptLib", NULL, NULL, &mPrngTestNum,                mPrngTest                },
+  { "OAEP encrypt verify tests",     "CryptoPkg.BaseCryptLib", NULL, NULL, &mOaepTestMbedTlsNum,         mOaepTestMbedTls         },
+  { "Hkdf extract and expand tests", "CryptoPkg.BaseCryptLib", NULL, NULL, &mHkdfTestNum,                mHkdfTest                },
+  { "Aead AES Gcm tests",            "CryptoPkg.BaseCryptLib", NULL, NULL, &mAeadAesGcmTestNum,          mAeadAesGcmTest          },
+  { "X509 Verify tests",             "CryptoPkg.BaseCryptLib", NULL, NULL, &mX509TestNum,                mX509Test                },
+  { "PKCS7 Attach Content tests",    "CryptoPkg.BaseCryptLib", NULL, NULL, &mPkcs7ContentTestMbedTlsNum, mPkcs7ContentTestMbedTls },
+};
+
+EFI_STATUS
+EFIAPI
+CreateUnitTest (
+  IN     CHAR8                       *UnitTestName,
+  IN     CHAR8                       *UnitTestVersion,
+  IN OUT UNIT_TEST_FRAMEWORK_HANDLE  *Framework
+  )
+{
+  EFI_STATUS  Status;
+  UINTN       SuiteIndex;
+  UINTN       TestIndex;
+
+  if ((Framework == NULL) || (UnitTestVersion == NULL) || (UnitTestName == NULL)) {
+    return EFI_INVALID_PARAMETER;
+  }
+
+  Status = EFI_SUCCESS;
+  //
+  // Start setting up the test framework for running the tests.
+  //
+  Status = InitUnitTestFramework (Framework, UnitTestName, gEfiCallerBaseName, UnitTestVersion);
+  if (EFI_ERROR (Status)) {
+    DEBUG ((DEBUG_ERROR, "Failed in InitUnitTestFramework. Status = %r\n", Status));
+    goto EXIT;
+  }
+
+  for (SuiteIndex = 0; SuiteIndex < ARRAY_SIZE (mSuiteDesc); SuiteIndex++) {
+    UNIT_TEST_SUITE_HANDLE  Suite = NULL;
+    Status = CreateUnitTestSuite (&Suite, *Framework, mSuiteDesc[SuiteIndex].Title, mSuiteDesc[SuiteIndex].Package, mSuiteDesc[SuiteIndex].Sup, mSuiteDesc[SuiteIndex].Tdn);
+    if (EFI_ERROR (Status)) {
+      Status = EFI_OUT_OF_RESOURCES;
+      goto EXIT;
+    }
+
+    for (TestIndex = 0; TestIndex < *mSuiteDesc[SuiteIndex].TestNum; TestIndex++) {
+      AddTestCase (Suite, (mSuiteDesc[SuiteIndex].TestDesc + TestIndex)->Description, (mSuiteDesc[SuiteIndex].TestDesc + TestIndex)->ClassName, (mSuiteDesc[SuiteIndex].TestDesc + TestIndex)->Func, (mSuiteDesc[SuiteIndex].TestDesc + TestIndex)->PreReq, (mSuiteDesc[SuiteIndex].TestDesc + TestIndex)->CleanUp, (mSuiteDesc[SuiteIndex].TestDesc + TestIndex)->Context);
+    }
+  }
+
+EXIT:
+  return Status;
+}

CryptoPkg/Test/UnitTest/Library/BaseCryptLib/OaepEncryptTests.c

@@ -920,3 +920,15 @@ TEST_DESC  mOaepTest[] = {
 };
 
 UINTN  mOaepTestNum = ARRAY_SIZE (mOaepTest);
+
+TEST_DESC  mOaepTestMbedTls[] = {
+  //
+  // -----Description--------------------------------------Class----------------------Function-----------------Pre---Post--Context
+  //
+  // Pkcs1v2Encrypt
+  { "Pkcs1v2Encrypt (Interface)", "CryptoPkg.BaseCryptLib.Pkcs1v2Encrypt.Interface", TestVerifyPkcs1v2EncryptInterface, NULL, NULL, &mTestVerifyPkcs1v2Msg1230         },
+  { "Pkcs1v2Encrypt (NoSeed)",    "CryptoPkg.BaseCryptLib.Pkcs1v2Encrypt.NoSeed",    TestVerifyEncrypt,                 NULL, NULL, &mTestVerifyPkcs1v2Msg1230         },
+  { "Pkcs1v2Encrypt (Seeded)",    "CryptoPkg.BaseCryptLib.Pkcs1v2Encrypt.Seeded",    TestVerifyEncrypt,                 NULL, NULL, &mTestVerifyPkcs1v2Msg1230PrngSeed },
+};
+
+UINTN  mOaepTestMbedTlsNum = ARRAY_SIZE (mOaepTestMbedTls);

CryptoPkg/Test/UnitTest/Library/BaseCryptLib/Pkcs7AttachedContentTest.c

@@ -247,3 +247,13 @@ TEST_DESC  mPkcs7ContentTest[] = {
 };
 
 UINTN  mPkcs7ContentTestNum = ARRAY_SIZE (mPkcs7ContentTest);
+
+TEST_DESC  mPkcs7ContentTestMbedTls[] = {
+  //
+  // -----Description--------------------------------Class----------------------------Function------------------------------Pre---Post--Context
+  //
+  { "TestWithInvalidPkcs7()",      "CryptoPkg.BaseCryptLib.TestWithInvalidPkcs7",      TestWithInvalidPkcs7,      NULL, NULL, NULL },
+  { "TestWithInvalidParameters()", "CryptoPkg.BaseCryptLib.TestWithInvalidParameters", TestWithInvalidParameters, NULL, NULL, NULL },
+};
+
+UINTN  mPkcs7ContentTestMbedTlsNum = ARRAY_SIZE (mPkcs7ContentTestMbedTls);

CryptoPkg/Test/UnitTest/Library/BaseCryptLib/Pkcs7EkuTests.c

@@ -541,3 +541,18 @@ TEST_DESC  mPkcs7EkuTest[] = {
 };
 
 UINTN  mPkcs7EkuTestNum = ARRAY_SIZE (mPkcs7EkuTest);
+
+TEST_DESC  mPkcs7EkuTestMbedTls[] = {
+  //
+  // -----Description--------------------------------Class----------------------------Function------------------------------Pre---Post--Context
+  //
+  { "TestVerifyEKUsWith1CertInSignature()",   "CryptoPkg.BaseCryptLib.Eku", TestVerifyEKUsWith1CertInSignature,   NULL, NULL, NULL },
+  { "TestVerifyEKUsWithMultipleEKUsInCert()", "CryptoPkg.BaseCryptLib.Eku", TestVerifyEKUsWithMultipleEKUsInCert, NULL, NULL, NULL },
+  { "TestEkusNotPresentInSignature()",        "CryptoPkg.BaseCryptLib.Eku", TestEkusNotPresentInSignature,        NULL, NULL, NULL },
+  { "TestProductId10001PresentInSignature()", "CryptoPkg.BaseCryptLib.Eku", TestProductId10001PresentInSignature, NULL, NULL, NULL },
+  { "TestOnlyOneEkuInListRequired()",         "CryptoPkg.BaseCryptLib.Eku", TestOnlyOneEkuInListRequired,         NULL, NULL, NULL },
+  { "TestInvalidParameters()",                "CryptoPkg.BaseCryptLib.Eku", TestInvalidParameters,                NULL, NULL, NULL },
+  { "TestEKUSubsetSupersetFails()",           "CryptoPkg.BaseCryptLib.Eku", TestEKUSubsetSupersetFails,           NULL, NULL, NULL },
+};
+
+UINTN  mPkcs7EkuTestMbedTlsNum = ARRAY_SIZE (mPkcs7EkuTestMbedTls);

CryptoPkg/Test/UnitTest/Library/BaseCryptLib/RsaPkcs7Tests.c

@@ -668,3 +668,12 @@ TEST_DESC  mPkcs7Test[] = {
 };
 
 UINTN  mPkcs7TestNum = ARRAY_SIZE (mPkcs7Test);
+
+TEST_DESC  mPkcs7TestMbedTls[] = {
+  //
+  // -----Description--------------------------------------Class----------------------Function-----------------Pre---Post--Context
+  //
+  { "TestVerifyPkcs7SignVerify()", "CryptoPkg.BaseCryptLib.Pkcs7", TestVerifyPkcs7SignVerify, NULL, NULL, NULL },
+};
+
+UINTN  mPkcs7TestMbedTlsNum = ARRAY_SIZE (mPkcs7TestMbedTls);

CryptoPkg/Test/UnitTest/Library/BaseCryptLib/RsaTests.c

@@ -340,3 +340,13 @@ TEST_DESC  mRsaTest[] = {
 };
 
 UINTN  mRsaTestNum = ARRAY_SIZE (mRsaTest);
+
+TEST_DESC  mRsaTestMbedTls[] = {
+  //
+  // -----Description--------------------------------------Class----------------------Function---------------------------------Pre---------------------Post---------Context
+  //
+  { "TestVerifyRsaSetGetKeyComponents()", "CryptoPkg.BaseCryptLib.Rsa", TestVerifyRsaSetGetKeyComponents, TestVerifyRsaPreReq, TestVerifyRsaCleanUp, NULL },
+  { "TestVerifyRsaPkcs1SignVerify()",     "CryptoPkg.BaseCryptLib.Rsa", TestVerifyRsaPkcs1SignVerify,     TestVerifyRsaPreReq, TestVerifyRsaCleanUp, NULL },
+};
+
+UINTN  mRsaTestMbedTlsNum = ARRAY_SIZE (mRsaTestMbedTls);

CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.h

@@ -104,6 +104,24 @@ extern TEST_DESC  mX509Test[];
 extern UINTN      mPkcs7ContentTestNum;
 extern TEST_DESC  mPkcs7ContentTest[];
 
+//
+// Test Case only for MbedTls.
+//
+extern UINTN      mPkcs7EkuTestMbedTlsNum;
+extern TEST_DESC  mPkcs7EkuTestMbedTls[];
+
+extern UINTN      mRsaTestMbedTlsNum;
+extern TEST_DESC  mRsaTestMbedTls[];
+
+extern UINTN      mPkcs7TestMbedTlsNum;
+extern TEST_DESC  mPkcs7TestMbedTls[];
+
+extern UINTN      mOaepTestMbedTlsNum;
+extern TEST_DESC  mOaepTestMbedTls[];
+
+extern UINTN      mPkcs7ContentTestMbedTlsNum;
+extern TEST_DESC  mPkcs7ContentTestMbedTls[];
+
 /** Creates a framework you can use */
 EFI_STATUS
 EFIAPI

CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHostMbedTls.inf

@@ -0,0 +1,54 @@
+## @file
+# Host-based UnitTest for BaseCryptLibMbedTls
+#
+# Copyright (c) 2025, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+[Defines]
+  INF_VERSION    = 0x00010005
+  BASE_NAME      = BaseCryptLibUnitTestHost
+  FILE_GUID      = ab0bc736-2552-4a3c-a2c5-eb106b8a75d1
+  MODULE_TYPE    = HOST_APPLICATION
+  VERSION_STRING = 1.0
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64
+#
+
+[Sources]
+  UnitTestMain.c
+  UnitTestMainHost.c
+  BaseCryptLibUnitTestsMbedTls.c
+  TestBaseCryptLib.h
+  HashTests.c
+  HmacTests.c
+  BlockCipherTests.c
+  RsaTests.c
+  RsaPkcs7Tests.c
+  Pkcs5Pbkdf2Tests.c
+  AuthenticodeTests.c
+  TSTests.c
+  RandTests.c
+  Pkcs7EkuTests.c
+  Pkcs7AttachedContentTest.c
+  OaepEncryptTests.c
+  RsaPssTests.c
+  ParallelhashTests.c
+  HkdfTests.c
+  AeadAesGcmTests.c
+  X509Tests.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+  BaseLib
+  DebugLib
+  BaseCryptLib
+  UnitTestLib
+  MmServicesTableLib
+  SynchronizationLib