Merge pull request #3912 from gilles-peskine-arm/psa-external-random-test
Alternative random generator support for PSA: negative tests
This commit is contained in:
commit
d0c7b79170
21 changed files with 285 additions and 113 deletions
2
ChangeLog.d/rsa_private-ret.txt
Normal file
2
ChangeLog.d/rsa_private-ret.txt
Normal file
|
@ -0,0 +1,2 @@
|
|||
Bugfix
|
||||
* Fix an incorrect error code if an RSA private operation glitched.
|
|
@ -135,9 +135,11 @@ mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state =
|
|||
|
||||
psa_status_t mbedtls_to_psa_error( int ret )
|
||||
{
|
||||
/* If there's both a high-level code and low-level code, dispatch on
|
||||
* the high-level code. */
|
||||
switch( ret < -0x7f ? - ( -ret & 0x7f80 ) : ret )
|
||||
/* Mbed TLS error codes can combine a high-level error code and a
|
||||
* low-level error code. The low-level error usually reflects the
|
||||
* root cause better, so dispatch on that preferably. */
|
||||
int low_level_ret = - ( -ret & 0x007f );
|
||||
switch( low_level_ret != 0 ? low_level_ret : ret )
|
||||
{
|
||||
case 0:
|
||||
return( PSA_SUCCESS );
|
||||
|
@ -344,7 +346,7 @@ psa_status_t mbedtls_to_psa_error( int ret )
|
|||
case MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE:
|
||||
return( PSA_ERROR_BUFFER_TOO_SMALL );
|
||||
case MBEDTLS_ERR_RSA_RNG_FAILED:
|
||||
return( PSA_ERROR_INSUFFICIENT_MEMORY );
|
||||
return( PSA_ERROR_INSUFFICIENT_ENTROPY );
|
||||
case MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION:
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
case MBEDTLS_ERR_RSA_HW_ACCEL_FAILED:
|
||||
|
@ -372,8 +374,11 @@ psa_status_t mbedtls_to_psa_error( int ret )
|
|||
return( PSA_ERROR_INVALID_SIGNATURE );
|
||||
case MBEDTLS_ERR_ECP_ALLOC_FAILED:
|
||||
return( PSA_ERROR_INSUFFICIENT_MEMORY );
|
||||
case MBEDTLS_ERR_ECP_RANDOM_FAILED:
|
||||
return( PSA_ERROR_INSUFFICIENT_ENTROPY );
|
||||
case MBEDTLS_ERR_ECP_HW_ACCEL_FAILED:
|
||||
return( PSA_ERROR_HARDWARE_FAILURE );
|
||||
|
||||
case MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED:
|
||||
return( PSA_ERROR_CORRUPTION_DETECTED );
|
||||
|
||||
|
|
|
@ -1076,10 +1076,10 @@ cleanup:
|
|||
mbedtls_mpi_free( &C );
|
||||
mbedtls_mpi_free( &I );
|
||||
|
||||
if( ret != 0 )
|
||||
if( ret != 0 && ret >= -0x007f )
|
||||
return( MBEDTLS_ERR_RSA_PRIVATE_FAILED + ret );
|
||||
|
||||
return( 0 );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_PKCS1_V21)
|
||||
|
|
|
@ -84,8 +84,13 @@ MBEDTLS_TEST_OBJS=$(patsubst %.c,%.o,$(wildcard src/*.c src/drivers/*.c))
|
|||
|
||||
mbedtls_test: $(MBEDTLS_TEST_OBJS)
|
||||
|
||||
TEST_OBJS_DEPS =
|
||||
ifdef RECORD_PSA_STATUS_COVERAGE_LOG
|
||||
TEST_OBJS_DEPS += include/test/instrument_record_status.h
|
||||
endif
|
||||
|
||||
# Rule to compile common test C files in src folder
|
||||
src/%.o : src/%.c
|
||||
src/%.o : src/%.c $(TEST_OBJS_DEPS)
|
||||
echo " CC $<"
|
||||
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $<
|
||||
|
||||
|
@ -121,7 +126,7 @@ C_FILES := $(addsuffix .c,$(APPS))
|
|||
-o .
|
||||
|
||||
|
||||
$(BINARIES): %$(EXEXT): %.c $(MBEDLIBS) $(MBEDTLS_TEST_OBJS)
|
||||
$(BINARIES): %$(EXEXT): %.c $(MBEDLIBS) $(TEST_OBJS_DEPS) $(MBEDTLS_TEST_OBJS)
|
||||
echo " CC $<"
|
||||
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(MBEDTLS_TEST_OBJS) $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
|
||||
|
||||
|
@ -135,6 +140,7 @@ clean:
|
|||
ifndef WINDOWS
|
||||
rm -rf $(BINARIES) *.c *.datax TESTS
|
||||
rm -f src/*.o src/drivers/*.o src/libmbed*
|
||||
rm -f include/test/instrument_record_status.h
|
||||
else
|
||||
if exist *.c del /Q /F *.c
|
||||
if exist *.exe del /Q /F *.exe
|
||||
|
@ -142,6 +148,7 @@ else
|
|||
if exist src/*.o del /Q /F src/*.o
|
||||
if exist src/drivers/*.o del /Q /F src/drivers/*.o
|
||||
if exist src/libmbed* del /Q /F src/libmed*
|
||||
if exist include/test/instrument_record_status.h del /Q /F include/test/instrument_record_status.h
|
||||
ifneq ($(wildcard TESTS/.*),)
|
||||
rmdir /Q /S TESTS
|
||||
endif
|
||||
|
@ -187,7 +194,7 @@ $(foreach app, $(APPS), $(foreach file, $(notdir $(wildcard include/test/*.h)),
|
|||
$(eval $(call copy_header_to_target,$(app),$(file)))))
|
||||
|
||||
ifdef RECORD_PSA_STATUS_COVERAGE_LOG
|
||||
$(BINARIES): include/test/instrument_record_status.h
|
||||
include/test/instrument_record_status.h: ../include/psa/crypto.h Makefile
|
||||
echo " Gen $@"
|
||||
sed <../include/psa/crypto.h >$@ -n 's/^psa_status_t \([A-Za-z0-9_]*\)(.*/#define \1(...) RECORD_STATUS("\1", \1(__VA_ARGS__))/p'
|
||||
endif
|
||||
|
|
|
@ -26,79 +26,74 @@
|
|||
#include <psa/crypto.h>
|
||||
#include <psa_crypto_slot_management.h>
|
||||
|
||||
static int test_helper_is_psa_pristine( int line, const char *file )
|
||||
{
|
||||
mbedtls_psa_stats_t stats;
|
||||
const char *msg = NULL;
|
||||
|
||||
mbedtls_psa_get_stats( &stats );
|
||||
|
||||
if( stats.volatile_slots != 0 )
|
||||
msg = "A volatile slot has not been closed properly.";
|
||||
else if( stats.persistent_slots != 0 )
|
||||
msg = "A persistent slot has not been closed properly.";
|
||||
else if( stats.external_slots != 0 )
|
||||
msg = "An external slot has not been closed properly.";
|
||||
else if( stats.half_filled_slots != 0 )
|
||||
msg = "A half-filled slot has not been cleared properly.";
|
||||
else if( stats.locked_slots != 0 )
|
||||
{
|
||||
msg = "Some slots are still marked as locked.";
|
||||
}
|
||||
|
||||
/* If the test has already failed, don't overwrite the failure
|
||||
* information. Do keep the stats lookup above, because it can be
|
||||
* convenient to break on it when debugging a failure. */
|
||||
if( msg != NULL && test_info.result == TEST_RESULT_SUCCESS )
|
||||
test_fail( msg, line, file );
|
||||
|
||||
return( msg == NULL );
|
||||
}
|
||||
/** Check for things that have not been cleaned up properly in the
|
||||
* PSA subsystem.
|
||||
*
|
||||
* \return NULL if nothing has leaked.
|
||||
* \return A string literal explaining what has not been cleaned up
|
||||
* if applicable.
|
||||
*/
|
||||
const char *mbedtls_test_helper_is_psa_leaking( void );
|
||||
|
||||
/** Check that no PSA Crypto key slots are in use.
|
||||
*
|
||||
* If any slots are in use, mark the current test as failed and jump to
|
||||
* the exit label. This is equivalent to
|
||||
* `TEST_ASSERT( ! mbedtls_test_helper_is_psa_leaking( ) )`
|
||||
* but with a more informative message.
|
||||
*/
|
||||
#define ASSERT_PSA_PRISTINE( ) \
|
||||
do \
|
||||
{ \
|
||||
if( ! test_helper_is_psa_pristine( __LINE__, __FILE__ ) ) \
|
||||
goto exit; \
|
||||
} \
|
||||
#define ASSERT_PSA_PRISTINE( ) \
|
||||
do \
|
||||
{ \
|
||||
if( test_fail_if_psa_leaking( __LINE__, __FILE__ ) ) \
|
||||
goto exit; \
|
||||
} \
|
||||
while( 0 )
|
||||
|
||||
static void test_helper_psa_done( int line, const char *file )
|
||||
{
|
||||
(void) test_helper_is_psa_pristine( line, file );
|
||||
mbedtls_psa_crypto_free( );
|
||||
}
|
||||
|
||||
/** Shut down the PSA Crypto subsystem. Expect a clean shutdown, with no slots
|
||||
* in use.
|
||||
*/
|
||||
#define PSA_DONE( ) test_helper_psa_done( __LINE__, __FILE__ )
|
||||
#define PSA_DONE( ) \
|
||||
do \
|
||||
{ \
|
||||
test_fail_if_psa_leaking( __LINE__, __FILE__ ); \
|
||||
mbedtls_psa_crypto_free( ); \
|
||||
} \
|
||||
while( 0 )
|
||||
|
||||
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
|
||||
/** Enable the insecure implementation of mbedtls_psa_external_get_random().
|
||||
*
|
||||
* The insecure implementation of mbedtls_psa_external_get_random() is
|
||||
* disabled by default.
|
||||
*
|
||||
* When MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is enabled and the test
|
||||
* helpers are linked into a program, you must enable this before running any
|
||||
* code that uses the PSA subsystem to generate random data (including internal
|
||||
* random generation for purposes such as blinding when the random generation
|
||||
* is routed through PSA).
|
||||
*
|
||||
* You can enable and disable it at any time, regardless of the state
|
||||
* of the PSA subsystem. You may disable it temporarily to simulate a
|
||||
* depleted entropy source.
|
||||
*/
|
||||
void mbedtls_test_enable_insecure_external_rng( void );
|
||||
|
||||
/** Disable the insecure implementation of mbedtls_psa_external_get_random().
|
||||
*
|
||||
* See mbedtls_test_enable_insecure_external_rng().
|
||||
*/
|
||||
void mbedtls_test_disable_insecure_external_rng( void );
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
|
||||
|
||||
|
||||
#if defined(RECORD_PSA_STATUS_COVERAGE_LOG)
|
||||
#include <psa/crypto.h>
|
||||
|
||||
/** Name of the file where return statuses are logged by #RECORD_STATUS. */
|
||||
#define STATUS_LOG_FILE_NAME "statuses.log"
|
||||
|
||||
static psa_status_t record_status( psa_status_t status,
|
||||
const char *func,
|
||||
const char *file, int line,
|
||||
const char *expr )
|
||||
{
|
||||
/* We open the log file on first use.
|
||||
* We never close the log file, so the record_status feature is not
|
||||
* compatible with resource leak detectors such as Asan.
|
||||
*/
|
||||
static FILE *log;
|
||||
if( log == NULL )
|
||||
log = fopen( STATUS_LOG_FILE_NAME, "a" );
|
||||
fprintf( log, "%d:%s:%s:%d:%s\n", (int) status, func, file, line, expr );
|
||||
return( status );
|
||||
}
|
||||
psa_status_t mbedtls_test_record_status( psa_status_t status,
|
||||
const char *func,
|
||||
const char *file, int line,
|
||||
const char *expr );
|
||||
|
||||
/** Return value logging wrapper macro.
|
||||
*
|
||||
|
@ -125,7 +120,7 @@ static psa_status_t record_status( psa_status_t status,
|
|||
* \return The value of \p expr.
|
||||
*/
|
||||
#define RECORD_STATUS( string, expr ) \
|
||||
record_status( ( expr ), string, __FILE__, __LINE__, #expr )
|
||||
mbedtls_test_record_status( ( expr ), string, __FILE__, __LINE__, #expr )
|
||||
|
||||
#include "instrument_record_status.h"
|
||||
|
||||
|
|
|
@ -22,21 +22,79 @@
|
|||
|
||||
#include <test/helpers.h>
|
||||
#include <test/macros.h>
|
||||
#include <test/psa_crypto_helpers.h>
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
||||
|
||||
#include <psa/crypto.h>
|
||||
|
||||
const char *mbedtls_test_helper_is_psa_leaking( void )
|
||||
{
|
||||
mbedtls_psa_stats_t stats;
|
||||
|
||||
mbedtls_psa_get_stats( &stats );
|
||||
|
||||
if( stats.volatile_slots != 0 )
|
||||
return( "A volatile slot has not been closed properly." );
|
||||
if( stats.persistent_slots != 0 )
|
||||
return( "A persistent slot has not been closed properly." );
|
||||
if( stats.external_slots != 0 )
|
||||
return( "An external slot has not been closed properly." );
|
||||
if( stats.half_filled_slots != 0 )
|
||||
return( "A half-filled slot has not been cleared properly." );
|
||||
if( stats.locked_slots != 0 )
|
||||
return( "Some slots are still marked as locked." );
|
||||
|
||||
return( NULL );
|
||||
}
|
||||
|
||||
#if defined(RECORD_PSA_STATUS_COVERAGE_LOG)
|
||||
/** Name of the file where return statuses are logged by #RECORD_STATUS. */
|
||||
#define STATUS_LOG_FILE_NAME "statuses.log"
|
||||
|
||||
psa_status_t mbedtls_test_record_status( psa_status_t status,
|
||||
const char *func,
|
||||
const char *file, int line,
|
||||
const char *expr )
|
||||
{
|
||||
/* We open the log file on first use.
|
||||
* We never close the log file, so the record_status feature is not
|
||||
* compatible with resource leak detectors such as Asan.
|
||||
*/
|
||||
static FILE *log;
|
||||
if( log == NULL )
|
||||
log = fopen( STATUS_LOG_FILE_NAME, "a" );
|
||||
fprintf( log, "%d:%s:%s:%d:%s\n", (int) status, func, file, line, expr );
|
||||
return( status );
|
||||
}
|
||||
#endif /* defined(RECORD_PSA_STATUS_COVERAGE_LOG) */
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
|
||||
#include <test/random.h>
|
||||
|
||||
static int test_insecure_external_rng_enabled = 0;
|
||||
|
||||
void mbedtls_test_enable_insecure_external_rng( void )
|
||||
{
|
||||
test_insecure_external_rng_enabled = 1;
|
||||
}
|
||||
|
||||
void mbedtls_test_disable_insecure_external_rng( void )
|
||||
{
|
||||
test_insecure_external_rng_enabled = 0;
|
||||
}
|
||||
|
||||
psa_status_t mbedtls_psa_external_get_random(
|
||||
mbedtls_psa_external_random_context_t *context,
|
||||
uint8_t *output, size_t output_size, size_t *output_length )
|
||||
{
|
||||
(void) context;
|
||||
|
||||
if( !test_insecure_external_rng_enabled )
|
||||
return( PSA_ERROR_INSUFFICIENT_ENTROPY );
|
||||
|
||||
/* This implementation is for test purposes only!
|
||||
* Use the libc non-cryptographic random generator. */
|
||||
(void) context;
|
||||
mbedtls_test_rnd_std_rand( NULL, output, output_size );
|
||||
*output_length = output_size;
|
||||
return( PSA_SUCCESS );
|
||||
|
|
|
@ -5,6 +5,9 @@
|
|||
#include <test/macros.h>
|
||||
#include <test/helpers.h>
|
||||
#include <test/random.h>
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
||||
#include <test/psa_crypto_helpers.h>
|
||||
#endif
|
||||
|
||||
#include <stdlib.h>
|
||||
|
||||
|
@ -418,6 +421,26 @@ void test_skip( const char *test, int line_no, const char* filename )
|
|||
test_info.filename = filename;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
||||
/** Check that no PSA Crypto key slots are in use.
|
||||
*
|
||||
* If any slots are in use, mark the current test as failed.
|
||||
*
|
||||
* \return 0 if the key store is empty, 1 otherwise.
|
||||
*/
|
||||
int test_fail_if_psa_leaking( int line_no, const char *filename )
|
||||
{
|
||||
const char *msg = mbedtls_test_helper_is_psa_leaking( );
|
||||
if( msg == NULL )
|
||||
return 0;
|
||||
else
|
||||
{
|
||||
test_fail( msg, line_no, filename );
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
#endif /* defined(MBEDTLS_PSA_CRYPTO_C) */
|
||||
|
||||
#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
|
||||
static int redirect_output( FILE* out_stream, const char* path )
|
||||
{
|
||||
|
|
|
@ -164,6 +164,10 @@ $dispatch_code
|
|||
*/
|
||||
void execute_function_ptr(TestWrapper_t fp, void **params)
|
||||
{
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
|
||||
mbedtls_test_enable_insecure_external_rng( );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CHECK_PARAMS)
|
||||
mbedtls_test_param_failed_location_record_t location_record;
|
||||
|
||||
|
|
|
@ -9,10 +9,6 @@
|
|||
#include "mbedtls/gcm.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#include "test/psa_crypto_helpers.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C)
|
||||
#define MBEDTLS_CIPHER_AUTH_CRYPT
|
||||
#endif
|
||||
|
|
|
@ -17,13 +17,13 @@
|
|||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#include "mbedtls/psa_util.h"
|
||||
#include "test/psa_crypto_helpers.h"
|
||||
#define PSA_INIT( ) PSA_ASSERT( psa_crypto_init( ) )
|
||||
#else
|
||||
/* Define empty macros so that we can use them in the preamble and teardown
|
||||
* of every test function that uses PSA conditionally based on
|
||||
* MBEDTLS_USE_PSA_CRYPTO. */
|
||||
#define PSA_INIT( ) ( (void) 0 )
|
||||
#undef PSA_DONE
|
||||
#define PSA_DONE( ) ( (void) 0 )
|
||||
#endif
|
||||
|
||||
|
|
|
@ -9,8 +9,6 @@
|
|||
* uses mbedtls_ctr_drbg internally. */
|
||||
#include "mbedtls/ctr_drbg.h"
|
||||
|
||||
#include "test/psa_crypto_helpers.h"
|
||||
|
||||
/* Tests that require more than 128kB of RAM plus change have this symbol
|
||||
* as a dependency. Currently we always define this symbol, so the tests
|
||||
* are always executed. In the future we should make this conditional
|
||||
|
|
|
@ -1,6 +1,4 @@
|
|||
/* BEGIN_HEADER */
|
||||
#include "test/psa_crypto_helpers.h"
|
||||
|
||||
#include "test/drivers/test_driver.h"
|
||||
/* END_HEADER */
|
||||
|
||||
|
|
|
@ -1,3 +1,30 @@
|
|||
PSA external RNG failure: generate random and key
|
||||
external_rng_failure_generate:
|
||||
|
||||
# When verifying the impact of a forced RNG failure, depend on the built-in
|
||||
# implementation of the algorithm that uses randomization, whether it's
|
||||
# because the algorithm is randomized or because our implementation uses
|
||||
# randomization for (e.g.) blinding. An external implementation could use
|
||||
# its own randomness source which is not affected by the forced failure of
|
||||
# the RNG driver.
|
||||
# Key types and non-randomized auxilary algorithms (in practice, hashes) can
|
||||
# use an external implementation.
|
||||
PSA external RNG failure: randomized ECDSA
|
||||
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PSA_BUILTIN_ALG_ECDSA:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
external_rng_failure_sign:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA_ANY:32
|
||||
|
||||
PSA external RNG failure: deterministic ECDSA (software implementation)
|
||||
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:PSA_WANT_ALG_SHA_256
|
||||
external_rng_failure_sign:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):32
|
||||
|
||||
PSA external RNG failure: RSA-PSS
|
||||
depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256
|
||||
external_rng_failure_sign:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):32
|
||||
|
||||
PSA external RNG failure: RSA PKCS#1v1.5 (software implementation)
|
||||
depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN
|
||||
external_rng_failure_sign:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:32
|
||||
|
||||
PSA validate entropy injection: good, minimum size
|
||||
validate_entropy_seed_injection:MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE:PSA_SUCCESS:MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE:PSA_ERROR_NOT_PERMITTED
|
||||
|
||||
|
|
|
@ -1,19 +1,23 @@
|
|||
/* BEGIN_HEADER */
|
||||
#include <stdint.h>
|
||||
#include <string.h>
|
||||
|
||||
#include <psa/crypto.h>
|
||||
|
||||
#include "mbedtls/entropy.h"
|
||||
#include "mbedtls/entropy_poll.h"
|
||||
|
||||
#include "test/psa_crypto_helpers.h"
|
||||
/* Calculating the minimum allowed entropy size in bytes */
|
||||
#define MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE MAX(MBEDTLS_ENTROPY_MIN_PLATFORM, MBEDTLS_ENTROPY_BLOCK_SIZE)
|
||||
|
||||
#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
|
||||
|
||||
#if defined(MBEDTLS_PSA_ITS_FILE_C)
|
||||
#include <stdio.h>
|
||||
#else
|
||||
#include <psa/internal_trusted_storage.h>
|
||||
#endif
|
||||
|
||||
/* Calculating the minimum allowed entropy size in bytes */
|
||||
#define MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE MAX(MBEDTLS_ENTROPY_MIN_PLATFORM, MBEDTLS_ENTROPY_BLOCK_SIZE)
|
||||
|
||||
/* Remove the entropy seed file. Since the library does not expose a way
|
||||
* to do this (it would be a security risk if such a function was ever
|
||||
* accessible in production), implement this functionality in a white-box
|
||||
|
@ -30,14 +34,89 @@ psa_status_t remove_seed_file( void )
|
|||
#endif
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
|
||||
|
||||
/* END_HEADER */
|
||||
|
||||
/* BEGIN_DEPENDENCIES
|
||||
* depends_on:MBEDTLS_PSA_INJECT_ENTROPY
|
||||
* END_DEPENDENCIES
|
||||
*/
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
|
||||
void external_rng_failure_generate( )
|
||||
{
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
|
||||
psa_set_key_bits( &attributes, 128 );
|
||||
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
uint8_t output[1];
|
||||
|
||||
/* BEGIN_CASE */
|
||||
PSA_ASSERT( psa_crypto_init( ) );
|
||||
|
||||
PSA_ASSERT( psa_generate_random( output, sizeof( output ) ) );
|
||||
PSA_ASSERT( psa_generate_key( &attributes, &key ) );
|
||||
PSA_ASSERT( psa_destroy_key( key ) );
|
||||
|
||||
mbedtls_test_disable_insecure_external_rng( );
|
||||
TEST_EQUAL( PSA_ERROR_INSUFFICIENT_ENTROPY,
|
||||
psa_generate_random( output, sizeof( output ) ) );
|
||||
TEST_EQUAL( PSA_ERROR_INSUFFICIENT_ENTROPY,
|
||||
psa_generate_key( &attributes, &key ) );
|
||||
|
||||
exit:
|
||||
psa_destroy_key( key );
|
||||
PSA_DONE( );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
|
||||
void external_rng_failure_sign( int key_type, data_t *key_data, int alg,
|
||||
int input_size_arg )
|
||||
{
|
||||
/* This test case is only expected to pass if the signature mechanism
|
||||
* requires randomness, either because it is a randomized signature
|
||||
* or because the implementation uses blinding. */
|
||||
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_set_key_type( &attributes, key_type );
|
||||
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN );
|
||||
psa_set_key_algorithm( &attributes, alg );
|
||||
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
size_t input_size = input_size_arg;
|
||||
uint8_t *input = NULL;
|
||||
uint8_t *signature = NULL;
|
||||
size_t signature_size = PSA_SIGNATURE_MAX_SIZE;
|
||||
size_t signature_length;
|
||||
|
||||
ASSERT_ALLOC( input, input_size );
|
||||
ASSERT_ALLOC( signature, signature_size );
|
||||
|
||||
PSA_ASSERT( psa_crypto_init( ) );
|
||||
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
|
||||
&key ) );
|
||||
PSA_ASSERT( psa_sign_hash( key, alg,
|
||||
input, input_size,
|
||||
signature, signature_size,
|
||||
&signature_length ) );
|
||||
PSA_ASSERT( psa_destroy_key( key ) );
|
||||
|
||||
mbedtls_test_disable_insecure_external_rng( );
|
||||
/* Import the key again, because for RSA Mbed TLS caches blinding values
|
||||
* in the key object and this could perturb the test. */
|
||||
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
|
||||
&key ) );
|
||||
TEST_EQUAL( PSA_ERROR_INSUFFICIENT_ENTROPY,
|
||||
psa_sign_hash( key, alg,
|
||||
input, input_size,
|
||||
signature, signature_size,
|
||||
&signature_length ) );
|
||||
PSA_ASSERT( psa_destroy_key( key ) );
|
||||
|
||||
exit:
|
||||
psa_destroy_key( key );
|
||||
PSA_DONE( );
|
||||
mbedtls_free( input );
|
||||
mbedtls_free( signature );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_PSA_INJECT_ENTROPY */
|
||||
void validate_entropy_seed_injection( int seed_length_a,
|
||||
int expected_status_a,
|
||||
int seed_length_b,
|
||||
|
@ -81,7 +160,7 @@ exit:
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_PSA_INJECT_ENTROPY */
|
||||
void run_entropy_inject_with_crypto_init( )
|
||||
{
|
||||
psa_status_t status;
|
||||
|
|
|
@ -2,8 +2,6 @@
|
|||
|
||||
#include <stdint.h>
|
||||
|
||||
#include "test/psa_crypto_helpers.h"
|
||||
|
||||
/* END_HEADER */
|
||||
|
||||
/* BEGIN_DEPENDENCIES
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
/* BEGIN_HEADER */
|
||||
#include <stdint.h>
|
||||
|
||||
#include "test/psa_crypto_helpers.h"
|
||||
/* Some tests in this module configure entropy sources. */
|
||||
#include "psa_crypto_invasive.h"
|
||||
|
||||
|
|
|
@ -9,7 +9,6 @@
|
|||
|
||||
#include <stdint.h>
|
||||
|
||||
#include "test/psa_crypto_helpers.h"
|
||||
#include "psa_crypto_slot_management.h"
|
||||
#include "psa_crypto_storage.h"
|
||||
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
/* BEGIN_HEADER */
|
||||
#include "test/psa_crypto_helpers.h"
|
||||
#include "psa/crypto_se_driver.h"
|
||||
|
||||
#include "psa_crypto_se.h"
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
/* BEGIN_HEADER */
|
||||
#include "test/psa_crypto_helpers.h"
|
||||
#include "psa/crypto_se_driver.h"
|
||||
|
||||
#include "psa_crypto_se.h"
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
/* BEGIN_HEADER */
|
||||
#include <stdint.h>
|
||||
|
||||
#include "test/psa_crypto_helpers.h"
|
||||
#include "psa_crypto_slot_management.h"
|
||||
#include "psa_crypto_storage.h"
|
||||
|
||||
|
|
|
@ -6,24 +6,11 @@
|
|||
#include "mbedtls/oid.h"
|
||||
#include "mbedtls/rsa.h"
|
||||
|
||||
/* These are the same depends as the test function x509_crs_check_opaque(),
|
||||
* the only function using PSA here. Using a weaker condition would result in
|
||||
* warnings about the static functions defined in psa_crypto_helpers.h being
|
||||
* unused. */
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
|
||||
defined(MBEDTLS_PEM_WRITE_C) && \
|
||||
defined(MBEDTLS_X509_CSR_WRITE_C)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#include "psa/crypto.h"
|
||||
#include "mbedtls/psa_util.h"
|
||||
#include "test/psa_crypto_helpers.h"
|
||||
#define PSA_INIT( ) PSA_ASSERT( psa_crypto_init( ) )
|
||||
#else
|
||||
/* Define empty macros so that we can use them in the preamble and teardown
|
||||
* of every test function that uses PSA conditionally based on
|
||||
* MBEDTLS_USE_PSA_CRYPTO. */
|
||||
#define PSA_INIT( ) ( (void) 0 )
|
||||
#define PSA_DONE( ) ( (void) 0 )
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_PEM_WRITE_C && MBEDTLS_X509_CSR_WRITE_C */
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
int mbedtls_rsa_decrypt_func( void *ctx, int mode, size_t *olen,
|
||||
|
|
Loading…
Reference in a new issue