Don't depend on strong entropy for RSA tests

Tests are not here to demonstrate best practice, but to test a specific part of the code. Using an RNG provided by the test framework also makes the test code more focused on what we actually mean to test. This brings the number of tests skipped in test_suite_rsa in test_psa_crypto_config_accel_hash_use_psa down to 0 (from 50). Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-16 08:57:19 +02:00 · 2022-07-16 08:57:19 +02:00 · 5ef4e8d9b9
commit 5ef4e8d9b9
parent 1d1174a5c3
1 changed files with 26 additions and 72 deletions
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@ -1,15 +1,8 @@
 /* BEGIN_HEADER */
 #include "mbedtls/rsa.h"
 #include "rsa_alt_helpers.h"
-#include "mbedtls/md5.h"
-#include "mbedtls/sha1.h"
-#include "mbedtls/sha256.h"
-#include "mbedtls/sha512.h"
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"

 #include "or_psa_helpers.h"
-
 /* END_HEADER */

 /* BEGIN_DEPENDENCIES
@ -687,23 +680,15 @@ exit:
 }
 /* END_CASE */

-/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
+/* BEGIN_CASE */
 void mbedtls_rsa_gen_key( int nrbits, int exponent, int result)
 {
    mbedtls_rsa_context ctx;
-    mbedtls_entropy_context entropy;
-    mbedtls_ctr_drbg_context ctr_drbg;
-    const char *pers = "test_suite_rsa";
-
-    mbedtls_ctr_drbg_init( &ctr_drbg );
-    mbedtls_entropy_init( &entropy );
    mbedtls_rsa_init ( &ctx );

-    TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
-                                        &entropy, (const unsigned char *) pers,
-                                        strlen( pers ) ) == 0 );
-
-    TEST_ASSERT( mbedtls_rsa_gen_key( &ctx, mbedtls_ctr_drbg_random, &ctr_drbg, nrbits, exponent ) == result );
+    /* This test uses an insecure RNG, suitable only for testing.
+     * In production, always use a cryptographically strong RNG! */
+    TEST_ASSERT( mbedtls_rsa_gen_key( &ctx, mbedtls_test_rnd_std_rand, NULL, nrbits, exponent ) == result );
    if( result == 0 )
    {
        TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
@ -712,8 +697,6 @@ void mbedtls_rsa_gen_key( int nrbits, int exponent, int result)

 exit:
    mbedtls_rsa_free( &ctx );
-    mbedtls_ctr_drbg_free( &ctr_drbg );
-    mbedtls_entropy_free( &entropy );
 }
 /* END_CASE */

@ -818,7 +801,7 @@ exit:
 }
 /* END_CASE */

-/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
+/* BEGIN_CASE */
 void mbedtls_rsa_import( int radix_N, char *input_N,
                         int radix_P, char *input_P,
                         int radix_Q, char *input_Q,
@ -837,27 +820,18 @@ void mbedtls_rsa_import( int radix_N, char *input_N,
    unsigned char *buf_enc  = NULL;
    unsigned char *buf_dec  = NULL;

-    mbedtls_entropy_context entropy;
-    mbedtls_ctr_drbg_context ctr_drbg;
-    const char *pers = "test_suite_rsa";
-
    const int have_N = ( strlen( input_N ) > 0 );
    const int have_P = ( strlen( input_P ) > 0 );
    const int have_Q = ( strlen( input_Q ) > 0 );
    const int have_D = ( strlen( input_D ) > 0 );
    const int have_E = ( strlen( input_E ) > 0 );

-    mbedtls_ctr_drbg_init( &ctr_drbg );
-    mbedtls_entropy_init( &entropy );
    mbedtls_rsa_init( &ctx );

    mbedtls_mpi_init( &N );
    mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
    mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );

-    TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
-                                (const unsigned char *) pers, strlen( pers ) ) == 0 );
-
    if( have_N )
        TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );

@ -931,7 +905,9 @@ void mbedtls_rsa_import( int radix_N, char *input_N,
        if( buf_orig == NULL || buf_enc == NULL || buf_dec == NULL )
            goto exit;

-        TEST_ASSERT( mbedtls_ctr_drbg_random( &ctr_drbg,
+        /* This test uses an insecure RNG, suitable only for testing.
+         * In production, always use a cryptographically strong RNG! */
+        TEST_ASSERT( mbedtls_test_rnd_std_rand( NULL,
                              buf_orig, mbedtls_rsa_get_len( &ctx ) ) == 0 );

        /* Make sure the number we're generating is smaller than the modulus */
@ -941,8 +917,10 @@ void mbedtls_rsa_import( int radix_N, char *input_N,

        if( is_priv )
        {
-            TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_ctr_drbg_random,
-                                              &ctr_drbg, buf_enc,
+            /* This test uses an insecure RNG, suitable only for testing.
+             * In production, always use a cryptographically strong RNG! */
+            TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_test_rnd_std_rand,
+                                              NULL, buf_enc,
                                              buf_dec ) == 0 );

            TEST_ASSERT( memcmp( buf_orig, buf_dec,
@ -958,9 +936,6 @@ exit:

    mbedtls_rsa_free( &ctx );

-    mbedtls_ctr_drbg_free( &ctr_drbg );
-    mbedtls_entropy_free( &entropy );
-
    mbedtls_mpi_free( &N );
    mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
    mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
@ -1091,7 +1066,7 @@ exit:
 }
 /* END_CASE */

-/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE */
 void mbedtls_rsa_validate_params( int radix_N, char *input_N,
                                  int radix_P, char *input_P,
                                  int radix_Q, char *input_Q,
@ -1108,20 +1083,10 @@ void mbedtls_rsa_validate_params( int radix_N, char *input_N,
    const int have_D = ( strlen( input_D ) > 0 );
    const int have_E = ( strlen( input_E ) > 0 );

-    mbedtls_entropy_context entropy;
-    mbedtls_ctr_drbg_context ctr_drbg;
-    const char *pers = "test_suite_rsa";
-
    mbedtls_mpi_init( &N );
    mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
    mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );

-    mbedtls_ctr_drbg_init( &ctr_drbg );
-    mbedtls_entropy_init( &entropy );
-    TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
-                                        &entropy, (const unsigned char *) pers,
-                                        strlen( pers ) ) == 0 );
-
    if( have_N )
        TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );

@ -1137,18 +1102,17 @@ void mbedtls_rsa_validate_params( int radix_N, char *input_N,
    if( have_E )
        TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );

+    /* This test uses an insecure RNG, suitable only for testing.
+     * In production, always use a cryptographically strong RNG! */
    TEST_ASSERT( mbedtls_rsa_validate_params( have_N ? &N : NULL,
                                        have_P ? &P : NULL,
                                        have_Q ? &Q : NULL,
                                        have_D ? &D : NULL,
                                        have_E ? &E : NULL,
-                                        prng ? mbedtls_ctr_drbg_random : NULL,
-                                        prng ? &ctr_drbg : NULL ) == result );
+                                        prng ? mbedtls_test_rnd_std_rand : NULL,
+                                        prng ? NULL : NULL ) == result );
+
 exit:
-
-    mbedtls_ctr_drbg_free( &ctr_drbg );
-    mbedtls_entropy_free( &entropy );
-
    mbedtls_mpi_free( &N );
    mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
    mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
@ -1250,7 +1214,7 @@ exit:
 }
 /* END_CASE */

-/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
+/* BEGIN_CASE */
 void mbedtls_rsa_import_raw( data_t *input_N,
                             data_t *input_P, data_t *input_Q,
                             data_t *input_D, data_t *input_E,
@ -1265,19 +1229,9 @@ void mbedtls_rsa_import_raw( data_t *input_N,
    unsigned char *buf_dec  = NULL;

    mbedtls_rsa_context ctx;
-    mbedtls_entropy_context entropy;
-    mbedtls_ctr_drbg_context ctr_drbg;

-    const char *pers = "test_suite_rsa";
-
-    mbedtls_ctr_drbg_init( &ctr_drbg );
-    mbedtls_entropy_init( &entropy );
    mbedtls_rsa_init( &ctx );

-    TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
-                                        &entropy, (const unsigned char *) pers,
-                                        strlen( pers ) ) == 0 );
-
    if( !successive )
    {
        TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
@ -1336,7 +1290,9 @@ void mbedtls_rsa_import_raw( data_t *input_N,
        if( buf_orig == NULL || buf_enc == NULL || buf_dec == NULL )
            goto exit;

-        TEST_ASSERT( mbedtls_ctr_drbg_random( &ctr_drbg,
+        /* This test uses an insecure RNG, suitable only for testing.
+         * In production, always use a cryptographically strong RNG! */
+        TEST_ASSERT( mbedtls_test_rnd_std_rand( NULL,
                              buf_orig, mbedtls_rsa_get_len( &ctx ) ) == 0 );

        /* Make sure the number we're generating is smaller than the modulus */
@ -1346,8 +1302,10 @@ void mbedtls_rsa_import_raw( data_t *input_N,

        if( is_priv )
        {
-            TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_ctr_drbg_random,
-                                              &ctr_drbg, buf_enc,
+            /* This test uses an insecure RNG, suitable only for testing.
+             * In production, always use a cryptographically strong RNG! */
+            TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_test_rnd_std_rand,
+                                              NULL, buf_enc,
                                              buf_dec ) == 0 );

            TEST_ASSERT( memcmp( buf_orig, buf_dec,
@ -1362,10 +1320,6 @@ exit:
    mbedtls_free( buf_dec  );

    mbedtls_rsa_free( &ctx );
-
-    mbedtls_ctr_drbg_free( &ctr_drbg );
-    mbedtls_entropy_free( &entropy );
-
 }
 /* END_CASE */