0b3b5733fc
When testing with custom entropy sources, if MBEDTLS_ENTROPY_NV_SEED is enabled at compile time but the NV seed source is not used at runtime, mbedtls_entropy_func makes a second pass anyway. Cope with this in the test code by telling the entropy module not to make this second pass.
251 lines
7.6 KiB
Text
251 lines
7.6 KiB
Text
/* BEGIN_HEADER */
|
|
#include <stdint.h>
|
|
|
|
#if defined(MBEDTLS_PSA_CRYPTO_SPM)
|
|
#include "spm/psa_defs.h"
|
|
#endif
|
|
#include "psa/crypto.h"
|
|
|
|
/* Some tests in this module configure entropy sources. */
|
|
#include "psa_crypto_invasive.h"
|
|
|
|
#include "mbedtls/entropy.h"
|
|
#include "mbedtls/entropy_poll.h"
|
|
|
|
#define MIN( x, y ) ( ( x ) < ( y ) ? ( x ) : ( y ) )
|
|
|
|
typedef struct
|
|
{
|
|
size_t threshold; /* Minimum bytes to make mbedtls_entropy_func happy */
|
|
size_t max_steps;
|
|
size_t *length_sequence;
|
|
size_t step;
|
|
} fake_entropy_state_t;
|
|
static int fake_entropy_source( void *state_arg,
|
|
unsigned char *output, size_t len,
|
|
size_t *olen )
|
|
{
|
|
fake_entropy_state_t *state = state_arg;
|
|
size_t i;
|
|
|
|
if( state->step >= state->max_steps )
|
|
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
|
|
|
|
*olen = MIN( len, state->length_sequence[state->step] );
|
|
for( i = 0; i < *olen; i++ )
|
|
output[i] = i;
|
|
++state->step;
|
|
return( 0 );
|
|
};
|
|
|
|
#define ENTROPY_SOURCE_PLATFORM 0x00000001
|
|
#define ENTROPY_SOURCE_TIMING 0x00000002
|
|
#define ENTROPY_SOURCE_HAVEGE 0x00000004
|
|
#define ENTROPY_SOURCE_HARDWARE 0x00000008
|
|
#define ENTROPY_SOURCE_NV_SEED 0x00000010
|
|
#define ENTROPY_SOURCE_FAKE 0x40000000
|
|
|
|
static uint32_t custom_entropy_sources_mask;
|
|
static fake_entropy_state_t fake_entropy_state;
|
|
|
|
/* This is a modified version of mbedtls_entropy_init() from entropy.c
|
|
* which chooses entropy sources dynamically. */
|
|
static void custom_entropy_init( mbedtls_entropy_context *ctx )
|
|
{
|
|
ctx->source_count = 0;
|
|
memset( ctx->source, 0, sizeof( ctx->source ) );
|
|
|
|
#if defined(MBEDTLS_THREADING_C)
|
|
mbedtls_mutex_init( &ctx->mutex );
|
|
#endif
|
|
|
|
ctx->accumulator_started = 0;
|
|
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
|
|
mbedtls_sha512_init( &ctx->accumulator );
|
|
#else
|
|
mbedtls_sha256_init( &ctx->accumulator );
|
|
#endif
|
|
#if defined(MBEDTLS_HAVEGE_C)
|
|
mbedtls_havege_init( &ctx->havege_data );
|
|
#endif
|
|
|
|
#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
|
|
if( custom_entropy_sources_mask & ENTROPY_SOURCE_PLATFORM )
|
|
mbedtls_entropy_add_source( ctx, mbedtls_platform_entropy_poll, NULL,
|
|
MBEDTLS_ENTROPY_MIN_PLATFORM,
|
|
MBEDTLS_ENTROPY_SOURCE_STRONG );
|
|
#endif
|
|
#if defined(MBEDTLS_TIMING_C)
|
|
if( custom_entropy_sources_mask & ENTROPY_SOURCE_TIMING )
|
|
mbedtls_entropy_add_source( ctx, mbedtls_hardclock_poll, NULL,
|
|
MBEDTLS_ENTROPY_MIN_HARDCLOCK,
|
|
MBEDTLS_ENTROPY_SOURCE_WEAK );
|
|
#endif
|
|
#if defined(MBEDTLS_HAVEGE_C)
|
|
if( custom_entropy_sources_mask & ENTROPY_SOURCE_HAVEGE )
|
|
mbedtls_entropy_add_source( ctx, mbedtls_havege_poll, &ctx->havege_data,
|
|
MBEDTLS_ENTROPY_MIN_HAVEGE,
|
|
MBEDTLS_ENTROPY_SOURCE_STRONG );
|
|
#endif
|
|
#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
|
|
if( custom_entropy_sources_mask & ENTROPY_SOURCE_HARDWARE )
|
|
mbedtls_entropy_add_source( ctx, mbedtls_hardware_poll, NULL,
|
|
MBEDTLS_ENTROPY_MIN_HARDWARE,
|
|
MBEDTLS_ENTROPY_SOURCE_STRONG );
|
|
#endif
|
|
#if defined(MBEDTLS_ENTROPY_NV_SEED)
|
|
if( custom_entropy_sources_mask & ENTROPY_SOURCE_NV_SEED )
|
|
{
|
|
mbedtls_entropy_add_source( ctx, mbedtls_nv_seed_poll, NULL,
|
|
MBEDTLS_ENTROPY_BLOCK_SIZE,
|
|
MBEDTLS_ENTROPY_SOURCE_STRONG );
|
|
ctx->initial_entropy_run = 0;
|
|
}
|
|
else
|
|
{
|
|
/* Skip the NV seed even though it's compiled in. */
|
|
ctx->initial_entropy_run = 1;
|
|
}
|
|
#endif
|
|
|
|
if( custom_entropy_sources_mask & ENTROPY_SOURCE_FAKE )
|
|
mbedtls_entropy_add_source( ctx,
|
|
fake_entropy_source, &fake_entropy_state,
|
|
fake_entropy_state.threshold,
|
|
MBEDTLS_ENTROPY_SOURCE_STRONG );
|
|
}
|
|
|
|
/* END_HEADER */
|
|
|
|
/* BEGIN_DEPENDENCIES
|
|
* depends_on:MBEDTLS_PSA_CRYPTO_C
|
|
* END_DEPENDENCIES
|
|
*/
|
|
|
|
/* BEGIN_CASE */
|
|
void init_deinit( int count )
|
|
{
|
|
psa_status_t status;
|
|
int i;
|
|
for( i = 0; i < count; i++ )
|
|
{
|
|
status = psa_crypto_init( );
|
|
TEST_ASSERT( status == PSA_SUCCESS );
|
|
status = psa_crypto_init( );
|
|
TEST_ASSERT( status == PSA_SUCCESS );
|
|
mbedtls_psa_crypto_free( );
|
|
}
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE */
|
|
void deinit_without_init( int count )
|
|
{
|
|
int i;
|
|
for( i = 0; i < count; i++ )
|
|
{
|
|
TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
|
|
mbedtls_psa_crypto_free( );
|
|
}
|
|
mbedtls_psa_crypto_free( );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE */
|
|
void validate_module_init_generate_random( int count )
|
|
{
|
|
psa_status_t status;
|
|
uint8_t random[10] = { 0 };
|
|
int i;
|
|
for( i = 0; i < count; i++ )
|
|
{
|
|
status = psa_crypto_init( );
|
|
TEST_ASSERT( status == PSA_SUCCESS );
|
|
mbedtls_psa_crypto_free( );
|
|
}
|
|
status = psa_generate_random( random, sizeof( random ) );
|
|
TEST_ASSERT( status == PSA_ERROR_BAD_STATE );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE */
|
|
void validate_module_init_key_based( int count )
|
|
{
|
|
psa_status_t status;
|
|
uint8_t data[10] = { 0 };
|
|
int i;
|
|
for( i = 0; i < count; i++ )
|
|
{
|
|
status = psa_crypto_init( );
|
|
TEST_ASSERT( status == PSA_SUCCESS );
|
|
mbedtls_psa_crypto_free( );
|
|
}
|
|
status = psa_import_key( 1, PSA_KEY_TYPE_RAW_DATA, data, sizeof( data ) );
|
|
TEST_ASSERT( status == PSA_ERROR_BAD_STATE );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE */
|
|
void custom_entropy_sources( int sources_arg, int expected_init_status_arg )
|
|
{
|
|
psa_status_t expected_init_status = expected_init_status_arg;
|
|
uint8_t random[10] = { 0 };
|
|
|
|
custom_entropy_sources_mask = sources_arg;
|
|
TEST_ASSERT( mbedtls_psa_crypto_configure_entropy_sources(
|
|
custom_entropy_init, mbedtls_entropy_free ) ==
|
|
PSA_SUCCESS );
|
|
|
|
TEST_ASSERT( psa_crypto_init( ) == expected_init_status );
|
|
if( expected_init_status != PSA_SUCCESS )
|
|
goto exit;
|
|
|
|
TEST_ASSERT( psa_generate_random( random, sizeof( random ) ) ==
|
|
PSA_SUCCESS );
|
|
|
|
exit:
|
|
mbedtls_psa_crypto_free( );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE */
|
|
void fake_entropy_source( int threshold,
|
|
int amount1,
|
|
int amount2,
|
|
int amount3,
|
|
int amount4,
|
|
int expected_init_status_arg )
|
|
{
|
|
psa_status_t expected_init_status = expected_init_status_arg;
|
|
uint8_t random[10] = { 0 };
|
|
size_t lengths[4];
|
|
|
|
fake_entropy_state.threshold = threshold;
|
|
fake_entropy_state.step = 0;
|
|
fake_entropy_state.max_steps = 0;
|
|
if( amount1 >= 0 )
|
|
lengths[fake_entropy_state.max_steps++] = amount1;
|
|
if( amount2 >= 0 )
|
|
lengths[fake_entropy_state.max_steps++] = amount2;
|
|
if( amount3 >= 0 )
|
|
lengths[fake_entropy_state.max_steps++] = amount3;
|
|
if( amount4 >= 0 )
|
|
lengths[fake_entropy_state.max_steps++] = amount4;
|
|
fake_entropy_state.length_sequence = lengths;
|
|
|
|
custom_entropy_sources_mask = ENTROPY_SOURCE_FAKE;
|
|
TEST_ASSERT( mbedtls_psa_crypto_configure_entropy_sources(
|
|
custom_entropy_init, mbedtls_entropy_free ) ==
|
|
PSA_SUCCESS );
|
|
|
|
TEST_ASSERT( psa_crypto_init( ) == expected_init_status );
|
|
if( expected_init_status != PSA_SUCCESS )
|
|
goto exit;
|
|
|
|
TEST_ASSERT( psa_generate_random( random, sizeof( random ) ) ==
|
|
PSA_SUCCESS );
|
|
|
|
exit:
|
|
mbedtls_psa_crypto_free( );
|
|
}
|
|
/* END_CASE */
|