Disable the insecure PSA test RNG by default
To reduce the risk of people accidentally using the test implementation of mbedtls_psa_external_get_random(), which is insecure, require the user to explicitly call mbedtls_test_enable_insecure_external_rng() first. Disabling the test implementation of mbedtls_psa_external_get_random() will also allow negative testing for MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG, which will be added in a subsequent commit. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
parent
f6be590bf6
commit
76175ba785
3 changed files with 47 additions and 1 deletions
|
@ -53,6 +53,32 @@ const char *mbedtls_test_helper_is_psa_leaking( void );
|
|||
|
||||
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
|
||||
/** Enable the insecure implementation of mbedtls_psa_external_get_random().
|
||||
*
|
||||
* The insecure implementation of mbedtls_psa_external_get_random() is
|
||||
* disabled by default.
|
||||
*
|
||||
* When MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is enabled and the test
|
||||
* helpers are linked into a program, you must enable this before any code
|
||||
* that uses the PSA subsystem to generate random data (including internal
|
||||
* random generation for purposes such as blinding when the random generation
|
||||
* is routed through PSA).
|
||||
*
|
||||
* You can enable and disable it at any time, regardless of the state
|
||||
* of the PSA subsystem. You may disable it temporarily to simulate a
|
||||
* depleted entropy source.
|
||||
*/
|
||||
void mbedtls_test_enable_insecure_external_rng( void );
|
||||
|
||||
/** Disable the insecure implementation of mbedtls_psa_external_get_random().
|
||||
*
|
||||
* See mbedtls_test_enable_insecure_external_rng().
|
||||
*/
|
||||
void mbedtls_test_disable_insecure_external_rng( void );
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
|
||||
|
||||
|
||||
#if defined(RECORD_PSA_STATUS_COVERAGE_LOG)
|
||||
psa_status_t mbedtls_test_record_status( psa_status_t status,
|
||||
const char *func,
|
||||
|
|
|
@ -72,13 +72,29 @@ psa_status_t mbedtls_test_record_status( psa_status_t status,
|
|||
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
|
||||
#include <test/random.h>
|
||||
|
||||
static int test_insecure_external_rng_enabled = 0;
|
||||
|
||||
void mbedtls_test_enable_insecure_external_rng( void )
|
||||
{
|
||||
test_insecure_external_rng_enabled = 1;
|
||||
}
|
||||
|
||||
void mbedtls_test_disable_insecure_external_rng( void )
|
||||
{
|
||||
test_insecure_external_rng_enabled = 0;
|
||||
}
|
||||
|
||||
psa_status_t mbedtls_psa_external_get_random(
|
||||
mbedtls_psa_external_random_context_t *context,
|
||||
uint8_t *output, size_t output_size, size_t *output_length )
|
||||
{
|
||||
(void) context;
|
||||
|
||||
if( !test_insecure_external_rng_enabled )
|
||||
return( PSA_ERROR_INSUFFICIENT_ENTROPY );
|
||||
|
||||
/* This implementation is for test purposes only!
|
||||
* Use the libc non-cryptographic random generator. */
|
||||
(void) context;
|
||||
mbedtls_test_rnd_std_rand( NULL, output, output_size );
|
||||
*output_length = output_size;
|
||||
return( PSA_SUCCESS );
|
||||
|
|
|
@ -164,6 +164,10 @@ $dispatch_code
|
|||
*/
|
||||
void execute_function_ptr(TestWrapper_t fp, void **params)
|
||||
{
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
|
||||
mbedtls_test_enable_insecure_external_rng( );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CHECK_PARAMS)
|
||||
mbedtls_test_param_failed_location_record_t location_record;
|
||||
|
||||
|
|
Loading…
Reference in a new issue