From 5ef4e8d9b9188289ff37e31445d28ebf03e8c4ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Sat, 16 Jul 2022 08:57:19 +0200 Subject: [PATCH] Don't depend on strong entropy for RSA tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Tests are not here to demonstrate best practice, but to test a specific part of the code. Using an RNG provided by the test framework also makes the test code more focused on what we actually mean to test. This brings the number of tests skipped in test_suite_rsa in test_psa_crypto_config_accel_hash_use_psa down to 0 (from 50). Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_rsa.function | 98 ++++++++-------------------- 1 file changed, 26 insertions(+), 72 deletions(-) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index cfea4eb53..1025bff08 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -1,15 +1,8 @@ /* BEGIN_HEADER */ #include "mbedtls/rsa.h" #include "rsa_alt_helpers.h" -#include "mbedtls/md5.h" -#include "mbedtls/sha1.h" -#include "mbedtls/sha256.h" -#include "mbedtls/sha512.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" #include "or_psa_helpers.h" - /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -687,23 +680,15 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */ +/* BEGIN_CASE */ void mbedtls_rsa_gen_key( int nrbits, int exponent, int result) { mbedtls_rsa_context ctx; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - const char *pers = "test_suite_rsa"; - - mbedtls_ctr_drbg_init( &ctr_drbg ); - mbedtls_entropy_init( &entropy ); mbedtls_rsa_init ( &ctx ); - TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, - &entropy, (const unsigned char *) pers, - strlen( pers ) ) == 0 ); - - TEST_ASSERT( mbedtls_rsa_gen_key( &ctx, mbedtls_ctr_drbg_random, &ctr_drbg, nrbits, exponent ) == result ); + /* This test uses an insecure RNG, suitable only for testing. + * In production, always use a cryptographically strong RNG! */ + TEST_ASSERT( mbedtls_rsa_gen_key( &ctx, mbedtls_test_rnd_std_rand, NULL, nrbits, exponent ) == result ); if( result == 0 ) { TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); @@ -712,8 +697,6 @@ void mbedtls_rsa_gen_key( int nrbits, int exponent, int result) exit: mbedtls_rsa_free( &ctx ); - mbedtls_ctr_drbg_free( &ctr_drbg ); - mbedtls_entropy_free( &entropy ); } /* END_CASE */ @@ -818,7 +801,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */ +/* BEGIN_CASE */ void mbedtls_rsa_import( int radix_N, char *input_N, int radix_P, char *input_P, int radix_Q, char *input_Q, @@ -837,27 +820,18 @@ void mbedtls_rsa_import( int radix_N, char *input_N, unsigned char *buf_enc = NULL; unsigned char *buf_dec = NULL; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - const char *pers = "test_suite_rsa"; - const int have_N = ( strlen( input_N ) > 0 ); const int have_P = ( strlen( input_P ) > 0 ); const int have_Q = ( strlen( input_Q ) > 0 ); const int have_D = ( strlen( input_D ) > 0 ); const int have_E = ( strlen( input_E ) > 0 ); - mbedtls_ctr_drbg_init( &ctr_drbg ); - mbedtls_entropy_init( &entropy ); mbedtls_rsa_init( &ctx ); mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); - TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, strlen( pers ) ) == 0 ); - if( have_N ) TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 ); @@ -931,7 +905,9 @@ void mbedtls_rsa_import( int radix_N, char *input_N, if( buf_orig == NULL || buf_enc == NULL || buf_dec == NULL ) goto exit; - TEST_ASSERT( mbedtls_ctr_drbg_random( &ctr_drbg, + /* This test uses an insecure RNG, suitable only for testing. + * In production, always use a cryptographically strong RNG! */ + TEST_ASSERT( mbedtls_test_rnd_std_rand( NULL, buf_orig, mbedtls_rsa_get_len( &ctx ) ) == 0 ); /* Make sure the number we're generating is smaller than the modulus */ @@ -941,8 +917,10 @@ void mbedtls_rsa_import( int radix_N, char *input_N, if( is_priv ) { - TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_ctr_drbg_random, - &ctr_drbg, buf_enc, + /* This test uses an insecure RNG, suitable only for testing. + * In production, always use a cryptographically strong RNG! */ + TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_test_rnd_std_rand, + NULL, buf_enc, buf_dec ) == 0 ); TEST_ASSERT( memcmp( buf_orig, buf_dec, @@ -958,9 +936,6 @@ exit: mbedtls_rsa_free( &ctx ); - mbedtls_ctr_drbg_free( &ctr_drbg ); - mbedtls_entropy_free( &entropy ); - mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); @@ -1091,7 +1066,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */ +/* BEGIN_CASE */ void mbedtls_rsa_validate_params( int radix_N, char *input_N, int radix_P, char *input_P, int radix_Q, char *input_Q, @@ -1108,20 +1083,10 @@ void mbedtls_rsa_validate_params( int radix_N, char *input_N, const int have_D = ( strlen( input_D ) > 0 ); const int have_E = ( strlen( input_E ) > 0 ); - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - const char *pers = "test_suite_rsa"; - mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); - mbedtls_ctr_drbg_init( &ctr_drbg ); - mbedtls_entropy_init( &entropy ); - TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, - &entropy, (const unsigned char *) pers, - strlen( pers ) ) == 0 ); - if( have_N ) TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 ); @@ -1137,18 +1102,17 @@ void mbedtls_rsa_validate_params( int radix_N, char *input_N, if( have_E ) TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 ); + /* This test uses an insecure RNG, suitable only for testing. + * In production, always use a cryptographically strong RNG! */ TEST_ASSERT( mbedtls_rsa_validate_params( have_N ? &N : NULL, have_P ? &P : NULL, have_Q ? &Q : NULL, have_D ? &D : NULL, have_E ? &E : NULL, - prng ? mbedtls_ctr_drbg_random : NULL, - prng ? &ctr_drbg : NULL ) == result ); + prng ? mbedtls_test_rnd_std_rand : NULL, + prng ? NULL : NULL ) == result ); + exit: - - mbedtls_ctr_drbg_free( &ctr_drbg ); - mbedtls_entropy_free( &entropy ); - mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); @@ -1250,7 +1214,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */ +/* BEGIN_CASE */ void mbedtls_rsa_import_raw( data_t *input_N, data_t *input_P, data_t *input_Q, data_t *input_D, data_t *input_E, @@ -1265,19 +1229,9 @@ void mbedtls_rsa_import_raw( data_t *input_N, unsigned char *buf_dec = NULL; mbedtls_rsa_context ctx; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - const char *pers = "test_suite_rsa"; - - mbedtls_ctr_drbg_init( &ctr_drbg ); - mbedtls_entropy_init( &entropy ); mbedtls_rsa_init( &ctx ); - TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, - &entropy, (const unsigned char *) pers, - strlen( pers ) ) == 0 ); - if( !successive ) { TEST_ASSERT( mbedtls_rsa_import_raw( &ctx, @@ -1336,7 +1290,9 @@ void mbedtls_rsa_import_raw( data_t *input_N, if( buf_orig == NULL || buf_enc == NULL || buf_dec == NULL ) goto exit; - TEST_ASSERT( mbedtls_ctr_drbg_random( &ctr_drbg, + /* This test uses an insecure RNG, suitable only for testing. + * In production, always use a cryptographically strong RNG! */ + TEST_ASSERT( mbedtls_test_rnd_std_rand( NULL, buf_orig, mbedtls_rsa_get_len( &ctx ) ) == 0 ); /* Make sure the number we're generating is smaller than the modulus */ @@ -1346,8 +1302,10 @@ void mbedtls_rsa_import_raw( data_t *input_N, if( is_priv ) { - TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_ctr_drbg_random, - &ctr_drbg, buf_enc, + /* This test uses an insecure RNG, suitable only for testing. + * In production, always use a cryptographically strong RNG! */ + TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_test_rnd_std_rand, + NULL, buf_enc, buf_dec ) == 0 ); TEST_ASSERT( memcmp( buf_orig, buf_dec, @@ -1362,10 +1320,6 @@ exit: mbedtls_free( buf_dec ); mbedtls_rsa_free( &ctx ); - - mbedtls_ctr_drbg_free( &ctr_drbg ); - mbedtls_entropy_free( &entropy ); - } /* END_CASE */