Merge pull request #3912 from gilles-peskine-arm/psa-external-random-test

Alternative random generator support for PSA: negative tests
This commit is contained in:
Gilles Peskine 2021-01-12 17:55:11 +01:00 committed by GitHub
commit d0c7b79170
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
21 changed files with 285 additions and 113 deletions

View file

@ -0,0 +1,2 @@
Bugfix
* Fix an incorrect error code if an RSA private operation glitched.

View file

@ -135,9 +135,11 @@ mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state =
psa_status_t mbedtls_to_psa_error( int ret )
{
/* If there's both a high-level code and low-level code, dispatch on
* the high-level code. */
switch( ret < -0x7f ? - ( -ret & 0x7f80 ) : ret )
/* Mbed TLS error codes can combine a high-level error code and a
* low-level error code. The low-level error usually reflects the
* root cause better, so dispatch on that preferably. */
int low_level_ret = - ( -ret & 0x007f );
switch( low_level_ret != 0 ? low_level_ret : ret )
{
case 0:
return( PSA_SUCCESS );
@ -344,7 +346,7 @@ psa_status_t mbedtls_to_psa_error( int ret )
case MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE:
return( PSA_ERROR_BUFFER_TOO_SMALL );
case MBEDTLS_ERR_RSA_RNG_FAILED:
return( PSA_ERROR_INSUFFICIENT_MEMORY );
return( PSA_ERROR_INSUFFICIENT_ENTROPY );
case MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION:
return( PSA_ERROR_NOT_SUPPORTED );
case MBEDTLS_ERR_RSA_HW_ACCEL_FAILED:
@ -372,8 +374,11 @@ psa_status_t mbedtls_to_psa_error( int ret )
return( PSA_ERROR_INVALID_SIGNATURE );
case MBEDTLS_ERR_ECP_ALLOC_FAILED:
return( PSA_ERROR_INSUFFICIENT_MEMORY );
case MBEDTLS_ERR_ECP_RANDOM_FAILED:
return( PSA_ERROR_INSUFFICIENT_ENTROPY );
case MBEDTLS_ERR_ECP_HW_ACCEL_FAILED:
return( PSA_ERROR_HARDWARE_FAILURE );
case MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED:
return( PSA_ERROR_CORRUPTION_DETECTED );

View file

@ -1076,10 +1076,10 @@ cleanup:
mbedtls_mpi_free( &C );
mbedtls_mpi_free( &I );
if( ret != 0 )
if( ret != 0 && ret >= -0x007f )
return( MBEDTLS_ERR_RSA_PRIVATE_FAILED + ret );
return( 0 );
return( ret );
}
#if defined(MBEDTLS_PKCS1_V21)

View file

@ -84,8 +84,13 @@ MBEDTLS_TEST_OBJS=$(patsubst %.c,%.o,$(wildcard src/*.c src/drivers/*.c))
mbedtls_test: $(MBEDTLS_TEST_OBJS)
TEST_OBJS_DEPS =
ifdef RECORD_PSA_STATUS_COVERAGE_LOG
TEST_OBJS_DEPS += include/test/instrument_record_status.h
endif
# Rule to compile common test C files in src folder
src/%.o : src/%.c
src/%.o : src/%.c $(TEST_OBJS_DEPS)
echo " CC $<"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $<
@ -121,7 +126,7 @@ C_FILES := $(addsuffix .c,$(APPS))
-o .
$(BINARIES): %$(EXEXT): %.c $(MBEDLIBS) $(MBEDTLS_TEST_OBJS)
$(BINARIES): %$(EXEXT): %.c $(MBEDLIBS) $(TEST_OBJS_DEPS) $(MBEDTLS_TEST_OBJS)
echo " CC $<"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(MBEDTLS_TEST_OBJS) $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
@ -135,6 +140,7 @@ clean:
ifndef WINDOWS
rm -rf $(BINARIES) *.c *.datax TESTS
rm -f src/*.o src/drivers/*.o src/libmbed*
rm -f include/test/instrument_record_status.h
else
if exist *.c del /Q /F *.c
if exist *.exe del /Q /F *.exe
@ -142,6 +148,7 @@ else
if exist src/*.o del /Q /F src/*.o
if exist src/drivers/*.o del /Q /F src/drivers/*.o
if exist src/libmbed* del /Q /F src/libmed*
if exist include/test/instrument_record_status.h del /Q /F include/test/instrument_record_status.h
ifneq ($(wildcard TESTS/.*),)
rmdir /Q /S TESTS
endif
@ -187,7 +194,7 @@ $(foreach app, $(APPS), $(foreach file, $(notdir $(wildcard include/test/*.h)),
$(eval $(call copy_header_to_target,$(app),$(file)))))
ifdef RECORD_PSA_STATUS_COVERAGE_LOG
$(BINARIES): include/test/instrument_record_status.h
include/test/instrument_record_status.h: ../include/psa/crypto.h Makefile
echo " Gen $@"
sed <../include/psa/crypto.h >$@ -n 's/^psa_status_t \([A-Za-z0-9_]*\)(.*/#define \1(...) RECORD_STATUS("\1", \1(__VA_ARGS__))/p'
endif

View file

@ -26,79 +26,74 @@
#include <psa/crypto.h>
#include <psa_crypto_slot_management.h>
static int test_helper_is_psa_pristine( int line, const char *file )
{
mbedtls_psa_stats_t stats;
const char *msg = NULL;
mbedtls_psa_get_stats( &stats );
if( stats.volatile_slots != 0 )
msg = "A volatile slot has not been closed properly.";
else if( stats.persistent_slots != 0 )
msg = "A persistent slot has not been closed properly.";
else if( stats.external_slots != 0 )
msg = "An external slot has not been closed properly.";
else if( stats.half_filled_slots != 0 )
msg = "A half-filled slot has not been cleared properly.";
else if( stats.locked_slots != 0 )
{
msg = "Some slots are still marked as locked.";
}
/* If the test has already failed, don't overwrite the failure
* information. Do keep the stats lookup above, because it can be
* convenient to break on it when debugging a failure. */
if( msg != NULL && test_info.result == TEST_RESULT_SUCCESS )
test_fail( msg, line, file );
return( msg == NULL );
}
/** Check for things that have not been cleaned up properly in the
* PSA subsystem.
*
* \return NULL if nothing has leaked.
* \return A string literal explaining what has not been cleaned up
* if applicable.
*/
const char *mbedtls_test_helper_is_psa_leaking( void );
/** Check that no PSA Crypto key slots are in use.
*
* If any slots are in use, mark the current test as failed and jump to
* the exit label. This is equivalent to
* `TEST_ASSERT( ! mbedtls_test_helper_is_psa_leaking( ) )`
* but with a more informative message.
*/
#define ASSERT_PSA_PRISTINE( ) \
do \
{ \
if( ! test_helper_is_psa_pristine( __LINE__, __FILE__ ) ) \
goto exit; \
} \
#define ASSERT_PSA_PRISTINE( ) \
do \
{ \
if( test_fail_if_psa_leaking( __LINE__, __FILE__ ) ) \
goto exit; \
} \
while( 0 )
static void test_helper_psa_done( int line, const char *file )
{
(void) test_helper_is_psa_pristine( line, file );
mbedtls_psa_crypto_free( );
}
/** Shut down the PSA Crypto subsystem. Expect a clean shutdown, with no slots
* in use.
*/
#define PSA_DONE( ) test_helper_psa_done( __LINE__, __FILE__ )
#define PSA_DONE( ) \
do \
{ \
test_fail_if_psa_leaking( __LINE__, __FILE__ ); \
mbedtls_psa_crypto_free( ); \
} \
while( 0 )
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
/** Enable the insecure implementation of mbedtls_psa_external_get_random().
*
* The insecure implementation of mbedtls_psa_external_get_random() is
* disabled by default.
*
* When MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is enabled and the test
* helpers are linked into a program, you must enable this before running any
* code that uses the PSA subsystem to generate random data (including internal
* random generation for purposes such as blinding when the random generation
* is routed through PSA).
*
* You can enable and disable it at any time, regardless of the state
* of the PSA subsystem. You may disable it temporarily to simulate a
* depleted entropy source.
*/
void mbedtls_test_enable_insecure_external_rng( void );
/** Disable the insecure implementation of mbedtls_psa_external_get_random().
*
* See mbedtls_test_enable_insecure_external_rng().
*/
void mbedtls_test_disable_insecure_external_rng( void );
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
#if defined(RECORD_PSA_STATUS_COVERAGE_LOG)
#include <psa/crypto.h>
/** Name of the file where return statuses are logged by #RECORD_STATUS. */
#define STATUS_LOG_FILE_NAME "statuses.log"
static psa_status_t record_status( psa_status_t status,
const char *func,
const char *file, int line,
const char *expr )
{
/* We open the log file on first use.
* We never close the log file, so the record_status feature is not
* compatible with resource leak detectors such as Asan.
*/
static FILE *log;
if( log == NULL )
log = fopen( STATUS_LOG_FILE_NAME, "a" );
fprintf( log, "%d:%s:%s:%d:%s\n", (int) status, func, file, line, expr );
return( status );
}
psa_status_t mbedtls_test_record_status( psa_status_t status,
const char *func,
const char *file, int line,
const char *expr );
/** Return value logging wrapper macro.
*
@ -125,7 +120,7 @@ static psa_status_t record_status( psa_status_t status,
* \return The value of \p expr.
*/
#define RECORD_STATUS( string, expr ) \
record_status( ( expr ), string, __FILE__, __LINE__, #expr )
mbedtls_test_record_status( ( expr ), string, __FILE__, __LINE__, #expr )
#include "instrument_record_status.h"

View file

@ -22,21 +22,79 @@
#include <test/helpers.h>
#include <test/macros.h>
#include <test/psa_crypto_helpers.h>
#if defined(MBEDTLS_PSA_CRYPTO_C)
#include <psa/crypto.h>
const char *mbedtls_test_helper_is_psa_leaking( void )
{
mbedtls_psa_stats_t stats;
mbedtls_psa_get_stats( &stats );
if( stats.volatile_slots != 0 )
return( "A volatile slot has not been closed properly." );
if( stats.persistent_slots != 0 )
return( "A persistent slot has not been closed properly." );
if( stats.external_slots != 0 )
return( "An external slot has not been closed properly." );
if( stats.half_filled_slots != 0 )
return( "A half-filled slot has not been cleared properly." );
if( stats.locked_slots != 0 )
return( "Some slots are still marked as locked." );
return( NULL );
}
#if defined(RECORD_PSA_STATUS_COVERAGE_LOG)
/** Name of the file where return statuses are logged by #RECORD_STATUS. */
#define STATUS_LOG_FILE_NAME "statuses.log"
psa_status_t mbedtls_test_record_status( psa_status_t status,
const char *func,
const char *file, int line,
const char *expr )
{
/* We open the log file on first use.
* We never close the log file, so the record_status feature is not
* compatible with resource leak detectors such as Asan.
*/
static FILE *log;
if( log == NULL )
log = fopen( STATUS_LOG_FILE_NAME, "a" );
fprintf( log, "%d:%s:%s:%d:%s\n", (int) status, func, file, line, expr );
return( status );
}
#endif /* defined(RECORD_PSA_STATUS_COVERAGE_LOG) */
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
#include <test/random.h>
static int test_insecure_external_rng_enabled = 0;
void mbedtls_test_enable_insecure_external_rng( void )
{
test_insecure_external_rng_enabled = 1;
}
void mbedtls_test_disable_insecure_external_rng( void )
{
test_insecure_external_rng_enabled = 0;
}
psa_status_t mbedtls_psa_external_get_random(
mbedtls_psa_external_random_context_t *context,
uint8_t *output, size_t output_size, size_t *output_length )
{
(void) context;
if( !test_insecure_external_rng_enabled )
return( PSA_ERROR_INSUFFICIENT_ENTROPY );
/* This implementation is for test purposes only!
* Use the libc non-cryptographic random generator. */
(void) context;
mbedtls_test_rnd_std_rand( NULL, output, output_size );
*output_length = output_size;
return( PSA_SUCCESS );

View file

@ -5,6 +5,9 @@
#include <test/macros.h>
#include <test/helpers.h>
#include <test/random.h>
#if defined(MBEDTLS_PSA_CRYPTO_C)
#include <test/psa_crypto_helpers.h>
#endif
#include <stdlib.h>
@ -418,6 +421,26 @@ void test_skip( const char *test, int line_no, const char* filename )
test_info.filename = filename;
}
#if defined(MBEDTLS_PSA_CRYPTO_C)
/** Check that no PSA Crypto key slots are in use.
*
* If any slots are in use, mark the current test as failed.
*
* \return 0 if the key store is empty, 1 otherwise.
*/
int test_fail_if_psa_leaking( int line_no, const char *filename )
{
const char *msg = mbedtls_test_helper_is_psa_leaking( );
if( msg == NULL )
return 0;
else
{
test_fail( msg, line_no, filename );
return 1;
}
}
#endif /* defined(MBEDTLS_PSA_CRYPTO_C) */
#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
static int redirect_output( FILE* out_stream, const char* path )
{

View file

@ -164,6 +164,10 @@ $dispatch_code
*/
void execute_function_ptr(TestWrapper_t fp, void **params)
{
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
mbedtls_test_enable_insecure_external_rng( );
#endif
#if defined(MBEDTLS_CHECK_PARAMS)
mbedtls_test_param_failed_location_record_t location_record;

View file

@ -9,10 +9,6 @@
#include "mbedtls/gcm.h"
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "test/psa_crypto_helpers.h"
#endif
#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C)
#define MBEDTLS_CIPHER_AUTH_CRYPT
#endif

View file

@ -17,13 +17,13 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "mbedtls/psa_util.h"
#include "test/psa_crypto_helpers.h"
#define PSA_INIT( ) PSA_ASSERT( psa_crypto_init( ) )
#else
/* Define empty macros so that we can use them in the preamble and teardown
* of every test function that uses PSA conditionally based on
* MBEDTLS_USE_PSA_CRYPTO. */
#define PSA_INIT( ) ( (void) 0 )
#undef PSA_DONE
#define PSA_DONE( ) ( (void) 0 )
#endif

View file

@ -9,8 +9,6 @@
* uses mbedtls_ctr_drbg internally. */
#include "mbedtls/ctr_drbg.h"
#include "test/psa_crypto_helpers.h"
/* Tests that require more than 128kB of RAM plus change have this symbol
* as a dependency. Currently we always define this symbol, so the tests
* are always executed. In the future we should make this conditional

View file

@ -1,6 +1,4 @@
/* BEGIN_HEADER */
#include "test/psa_crypto_helpers.h"
#include "test/drivers/test_driver.h"
/* END_HEADER */

View file

@ -1,3 +1,30 @@
PSA external RNG failure: generate random and key
external_rng_failure_generate:
# When verifying the impact of a forced RNG failure, depend on the built-in
# implementation of the algorithm that uses randomization, whether it's
# because the algorithm is randomized or because our implementation uses
# randomization for (e.g.) blinding. An external implementation could use
# its own randomness source which is not affected by the forced failure of
# the RNG driver.
# Key types and non-randomized auxilary algorithms (in practice, hashes) can
# use an external implementation.
PSA external RNG failure: randomized ECDSA
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PSA_BUILTIN_ALG_ECDSA:MBEDTLS_ECP_DP_SECP256R1_ENABLED
external_rng_failure_sign:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA_ANY:32
PSA external RNG failure: deterministic ECDSA (software implementation)
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:PSA_WANT_ALG_SHA_256
external_rng_failure_sign:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):32
PSA external RNG failure: RSA-PSS
depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256
external_rng_failure_sign:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):32
PSA external RNG failure: RSA PKCS#1v1.5 (software implementation)
depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN
external_rng_failure_sign:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:32
PSA validate entropy injection: good, minimum size
validate_entropy_seed_injection:MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE:PSA_SUCCESS:MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE:PSA_ERROR_NOT_PERMITTED

View file

@ -1,19 +1,23 @@
/* BEGIN_HEADER */
#include <stdint.h>
#include <string.h>
#include <psa/crypto.h>
#include "mbedtls/entropy.h"
#include "mbedtls/entropy_poll.h"
#include "test/psa_crypto_helpers.h"
/* Calculating the minimum allowed entropy size in bytes */
#define MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE MAX(MBEDTLS_ENTROPY_MIN_PLATFORM, MBEDTLS_ENTROPY_BLOCK_SIZE)
#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
#if defined(MBEDTLS_PSA_ITS_FILE_C)
#include <stdio.h>
#else
#include <psa/internal_trusted_storage.h>
#endif
/* Calculating the minimum allowed entropy size in bytes */
#define MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE MAX(MBEDTLS_ENTROPY_MIN_PLATFORM, MBEDTLS_ENTROPY_BLOCK_SIZE)
/* Remove the entropy seed file. Since the library does not expose a way
* to do this (it would be a security risk if such a function was ever
* accessible in production), implement this functionality in a white-box
@ -30,14 +34,89 @@ psa_status_t remove_seed_file( void )
#endif
}
#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
/* END_HEADER */
/* BEGIN_DEPENDENCIES
* depends_on:MBEDTLS_PSA_INJECT_ENTROPY
* END_DEPENDENCIES
*/
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
void external_rng_failure_generate( )
{
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
psa_set_key_bits( &attributes, 128 );
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
uint8_t output[1];
/* BEGIN_CASE */
PSA_ASSERT( psa_crypto_init( ) );
PSA_ASSERT( psa_generate_random( output, sizeof( output ) ) );
PSA_ASSERT( psa_generate_key( &attributes, &key ) );
PSA_ASSERT( psa_destroy_key( key ) );
mbedtls_test_disable_insecure_external_rng( );
TEST_EQUAL( PSA_ERROR_INSUFFICIENT_ENTROPY,
psa_generate_random( output, sizeof( output ) ) );
TEST_EQUAL( PSA_ERROR_INSUFFICIENT_ENTROPY,
psa_generate_key( &attributes, &key ) );
exit:
psa_destroy_key( key );
PSA_DONE( );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
void external_rng_failure_sign( int key_type, data_t *key_data, int alg,
int input_size_arg )
{
/* This test case is only expected to pass if the signature mechanism
* requires randomness, either because it is a randomized signature
* or because the implementation uses blinding. */
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_set_key_type( &attributes, key_type );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN );
psa_set_key_algorithm( &attributes, alg );
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
size_t input_size = input_size_arg;
uint8_t *input = NULL;
uint8_t *signature = NULL;
size_t signature_size = PSA_SIGNATURE_MAX_SIZE;
size_t signature_length;
ASSERT_ALLOC( input, input_size );
ASSERT_ALLOC( signature, signature_size );
PSA_ASSERT( psa_crypto_init( ) );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
&key ) );
PSA_ASSERT( psa_sign_hash( key, alg,
input, input_size,
signature, signature_size,
&signature_length ) );
PSA_ASSERT( psa_destroy_key( key ) );
mbedtls_test_disable_insecure_external_rng( );
/* Import the key again, because for RSA Mbed TLS caches blinding values
* in the key object and this could perturb the test. */
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
&key ) );
TEST_EQUAL( PSA_ERROR_INSUFFICIENT_ENTROPY,
psa_sign_hash( key, alg,
input, input_size,
signature, signature_size,
&signature_length ) );
PSA_ASSERT( psa_destroy_key( key ) );
exit:
psa_destroy_key( key );
PSA_DONE( );
mbedtls_free( input );
mbedtls_free( signature );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PSA_INJECT_ENTROPY */
void validate_entropy_seed_injection( int seed_length_a,
int expected_status_a,
int seed_length_b,
@ -81,7 +160,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PSA_INJECT_ENTROPY */
void run_entropy_inject_with_crypto_init( )
{
psa_status_t status;

View file

@ -2,8 +2,6 @@
#include <stdint.h>
#include "test/psa_crypto_helpers.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES

View file

@ -1,7 +1,6 @@
/* BEGIN_HEADER */
#include <stdint.h>
#include "test/psa_crypto_helpers.h"
/* Some tests in this module configure entropy sources. */
#include "psa_crypto_invasive.h"

View file

@ -9,7 +9,6 @@
#include <stdint.h>
#include "test/psa_crypto_helpers.h"
#include "psa_crypto_slot_management.h"
#include "psa_crypto_storage.h"

View file

@ -1,5 +1,4 @@
/* BEGIN_HEADER */
#include "test/psa_crypto_helpers.h"
#include "psa/crypto_se_driver.h"
#include "psa_crypto_se.h"

View file

@ -1,5 +1,4 @@
/* BEGIN_HEADER */
#include "test/psa_crypto_helpers.h"
#include "psa/crypto_se_driver.h"
#include "psa_crypto_se.h"

View file

@ -1,7 +1,6 @@
/* BEGIN_HEADER */
#include <stdint.h>
#include "test/psa_crypto_helpers.h"
#include "psa_crypto_slot_management.h"
#include "psa_crypto_storage.h"

View file

@ -6,24 +6,11 @@
#include "mbedtls/oid.h"
#include "mbedtls/rsa.h"
/* These are the same depends as the test function x509_crs_check_opaque(),
* the only function using PSA here. Using a weaker condition would result in
* warnings about the static functions defined in psa_crypto_helpers.h being
* unused. */
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
defined(MBEDTLS_PEM_WRITE_C) && \
defined(MBEDTLS_X509_CSR_WRITE_C)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
#include "mbedtls/psa_util.h"
#include "test/psa_crypto_helpers.h"
#define PSA_INIT( ) PSA_ASSERT( psa_crypto_init( ) )
#else
/* Define empty macros so that we can use them in the preamble and teardown
* of every test function that uses PSA conditionally based on
* MBEDTLS_USE_PSA_CRYPTO. */
#define PSA_INIT( ) ( (void) 0 )
#define PSA_DONE( ) ( (void) 0 )
#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_PEM_WRITE_C && MBEDTLS_X509_CSR_WRITE_C */
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_RSA_C)
int mbedtls_rsa_decrypt_func( void *ctx, int mode, size_t *olen,