87a5e565f4
This commit starts a migration to a new interface for key creation.
Today, the application allocates a handle, then fills its metadata,
and finally injects key material. The new interface fills metadata
into a temporary structure, and a handle is allocated at the same time
it gets filled with both metadata and key material.
This commit was obtained by moving the declaration of the old-style
functions to crypto_extra.h and renaming them with the to_handle
suffix, adding declarations for the new-style functions in crypto.h
under their new name, and running
perl -i -pe 's/\bpsa_(import|copy|generator_import|generate)_key\b/$&_to_handle/g' library/*.c tests/suites/*.function programs/psa/*.c
perl -i -pe 's/\bpsa_get_key_lifetime\b/$&_from_handle/g' library/*.c tests/suites/*.function programs/psa/*.c
Many functions that are specific to the old interface, and which will
not remain under the same name with the new interface, are still in
crypto.h for now.
All functional tests should still pass. The documentation may have
some broken links.
284 lines
8.6 KiB
Text
284 lines
8.6 KiB
Text
/* BEGIN_HEADER */
|
|
#include <stdint.h>
|
|
|
|
#if defined(MBEDTLS_PSA_CRYPTO_SPM)
|
|
#include "spm/psa_defs.h"
|
|
#endif
|
|
#include "psa/crypto.h"
|
|
|
|
/* Some tests in this module configure entropy sources. */
|
|
#include "psa_crypto_invasive.h"
|
|
|
|
#include "mbedtls/entropy.h"
|
|
#include "mbedtls/entropy_poll.h"
|
|
|
|
#define ENTROPY_MIN_NV_SEED_SIZE \
|
|
MAX(MBEDTLS_ENTROPY_MIN_PLATFORM, MBEDTLS_ENTROPY_BLOCK_SIZE)
|
|
|
|
typedef struct
|
|
{
|
|
size_t threshold; /* Minimum bytes to make mbedtls_entropy_func happy */
|
|
size_t max_steps;
|
|
size_t *length_sequence;
|
|
size_t step;
|
|
} fake_entropy_state_t;
|
|
static int fake_entropy_source( void *state_arg,
|
|
unsigned char *output, size_t len,
|
|
size_t *olen )
|
|
{
|
|
fake_entropy_state_t *state = state_arg;
|
|
size_t i;
|
|
|
|
if( state->step >= state->max_steps )
|
|
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
|
|
|
|
*olen = MIN( len, state->length_sequence[state->step] );
|
|
for( i = 0; i < *olen; i++ )
|
|
output[i] = i;
|
|
++state->step;
|
|
return( 0 );
|
|
}
|
|
|
|
#define ENTROPY_SOURCE_PLATFORM 0x00000001
|
|
#define ENTROPY_SOURCE_TIMING 0x00000002
|
|
#define ENTROPY_SOURCE_HAVEGE 0x00000004
|
|
#define ENTROPY_SOURCE_HARDWARE 0x00000008
|
|
#define ENTROPY_SOURCE_NV_SEED 0x00000010
|
|
#define ENTROPY_SOURCE_FAKE 0x40000000
|
|
|
|
static uint32_t custom_entropy_sources_mask;
|
|
static fake_entropy_state_t fake_entropy_state;
|
|
|
|
/* This is a modified version of mbedtls_entropy_init() from entropy.c
|
|
* which chooses entropy sources dynamically. */
|
|
static void custom_entropy_init( mbedtls_entropy_context *ctx )
|
|
{
|
|
ctx->source_count = 0;
|
|
memset( ctx->source, 0, sizeof( ctx->source ) );
|
|
|
|
#if defined(MBEDTLS_THREADING_C)
|
|
mbedtls_mutex_init( &ctx->mutex );
|
|
#endif
|
|
|
|
ctx->accumulator_started = 0;
|
|
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
|
|
mbedtls_sha512_init( &ctx->accumulator );
|
|
#else
|
|
mbedtls_sha256_init( &ctx->accumulator );
|
|
#endif
|
|
#if defined(MBEDTLS_HAVEGE_C)
|
|
mbedtls_havege_init( &ctx->havege_data );
|
|
#endif
|
|
|
|
#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
|
|
if( custom_entropy_sources_mask & ENTROPY_SOURCE_PLATFORM )
|
|
mbedtls_entropy_add_source( ctx, mbedtls_platform_entropy_poll, NULL,
|
|
MBEDTLS_ENTROPY_MIN_PLATFORM,
|
|
MBEDTLS_ENTROPY_SOURCE_STRONG );
|
|
#endif
|
|
#if defined(MBEDTLS_TIMING_C)
|
|
if( custom_entropy_sources_mask & ENTROPY_SOURCE_TIMING )
|
|
mbedtls_entropy_add_source( ctx, mbedtls_hardclock_poll, NULL,
|
|
MBEDTLS_ENTROPY_MIN_HARDCLOCK,
|
|
MBEDTLS_ENTROPY_SOURCE_WEAK );
|
|
#endif
|
|
#if defined(MBEDTLS_HAVEGE_C)
|
|
if( custom_entropy_sources_mask & ENTROPY_SOURCE_HAVEGE )
|
|
mbedtls_entropy_add_source( ctx, mbedtls_havege_poll, &ctx->havege_data,
|
|
MBEDTLS_ENTROPY_MIN_HAVEGE,
|
|
MBEDTLS_ENTROPY_SOURCE_STRONG );
|
|
#endif
|
|
#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
|
|
if( custom_entropy_sources_mask & ENTROPY_SOURCE_HARDWARE )
|
|
mbedtls_entropy_add_source( ctx, mbedtls_hardware_poll, NULL,
|
|
MBEDTLS_ENTROPY_MIN_HARDWARE,
|
|
MBEDTLS_ENTROPY_SOURCE_STRONG );
|
|
#endif
|
|
#if defined(MBEDTLS_ENTROPY_NV_SEED)
|
|
if( custom_entropy_sources_mask & ENTROPY_SOURCE_NV_SEED )
|
|
{
|
|
mbedtls_entropy_add_source( ctx, mbedtls_nv_seed_poll, NULL,
|
|
MBEDTLS_ENTROPY_BLOCK_SIZE,
|
|
MBEDTLS_ENTROPY_SOURCE_STRONG );
|
|
ctx->initial_entropy_run = 0;
|
|
}
|
|
else
|
|
{
|
|
/* Skip the NV seed even though it's compiled in. */
|
|
ctx->initial_entropy_run = 1;
|
|
}
|
|
#endif
|
|
|
|
if( custom_entropy_sources_mask & ENTROPY_SOURCE_FAKE )
|
|
mbedtls_entropy_add_source( ctx,
|
|
fake_entropy_source, &fake_entropy_state,
|
|
fake_entropy_state.threshold,
|
|
MBEDTLS_ENTROPY_SOURCE_STRONG );
|
|
}
|
|
|
|
/* END_HEADER */
|
|
|
|
/* BEGIN_DEPENDENCIES
|
|
* depends_on:MBEDTLS_PSA_CRYPTO_C
|
|
* END_DEPENDENCIES
|
|
*/
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED */
|
|
void create_nv_seed( )
|
|
{
|
|
static unsigned char seed[ENTROPY_MIN_NV_SEED_SIZE];
|
|
TEST_ASSERT( mbedtls_nv_seed_write( seed, sizeof( seed ) ) >= 0 );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE */
|
|
void init_deinit( int count )
|
|
{
|
|
psa_status_t status;
|
|
int i;
|
|
for( i = 0; i < count; i++ )
|
|
{
|
|
status = psa_crypto_init( );
|
|
PSA_ASSERT( status );
|
|
status = psa_crypto_init( );
|
|
PSA_ASSERT( status );
|
|
mbedtls_psa_crypto_free( );
|
|
}
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE */
|
|
void deinit_without_init( int count )
|
|
{
|
|
int i;
|
|
for( i = 0; i < count; i++ )
|
|
{
|
|
PSA_ASSERT( psa_crypto_init( ) );
|
|
mbedtls_psa_crypto_free( );
|
|
}
|
|
mbedtls_psa_crypto_free( );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE */
|
|
void validate_module_init_generate_random( int count )
|
|
{
|
|
psa_status_t status;
|
|
uint8_t random[10] = { 0 };
|
|
int i;
|
|
for( i = 0; i < count; i++ )
|
|
{
|
|
status = psa_crypto_init( );
|
|
PSA_ASSERT( status );
|
|
mbedtls_psa_crypto_free( );
|
|
}
|
|
status = psa_generate_random( random, sizeof( random ) );
|
|
TEST_EQUAL( status, PSA_ERROR_BAD_STATE );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE */
|
|
void validate_module_init_key_based( int count )
|
|
{
|
|
psa_status_t status;
|
|
uint8_t data[10] = { 0 };
|
|
int i;
|
|
for( i = 0; i < count; i++ )
|
|
{
|
|
status = psa_crypto_init( );
|
|
PSA_ASSERT( status );
|
|
mbedtls_psa_crypto_free( );
|
|
}
|
|
status = psa_import_key_to_handle( 1, PSA_KEY_TYPE_RAW_DATA, data, sizeof( data ) );
|
|
TEST_EQUAL( status, PSA_ERROR_BAD_STATE );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE */
|
|
void custom_entropy_sources( int sources_arg, int expected_init_status_arg )
|
|
{
|
|
psa_status_t expected_init_status = expected_init_status_arg;
|
|
uint8_t random[10] = { 0 };
|
|
|
|
custom_entropy_sources_mask = sources_arg;
|
|
PSA_ASSERT( mbedtls_psa_crypto_configure_entropy_sources(
|
|
custom_entropy_init, mbedtls_entropy_free ) );
|
|
|
|
TEST_EQUAL( psa_crypto_init( ), expected_init_status );
|
|
if( expected_init_status != PSA_SUCCESS )
|
|
goto exit;
|
|
|
|
PSA_ASSERT( psa_generate_random( random, sizeof( random ) ) );
|
|
|
|
exit:
|
|
mbedtls_psa_crypto_free( );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE */
|
|
void fake_entropy_source( int threshold,
|
|
int amount1,
|
|
int amount2,
|
|
int amount3,
|
|
int amount4,
|
|
int expected_init_status_arg )
|
|
{
|
|
psa_status_t expected_init_status = expected_init_status_arg;
|
|
uint8_t random[10] = { 0 };
|
|
size_t lengths[4];
|
|
|
|
fake_entropy_state.threshold = threshold;
|
|
fake_entropy_state.step = 0;
|
|
fake_entropy_state.max_steps = 0;
|
|
if( amount1 >= 0 )
|
|
lengths[fake_entropy_state.max_steps++] = amount1;
|
|
if( amount2 >= 0 )
|
|
lengths[fake_entropy_state.max_steps++] = amount2;
|
|
if( amount3 >= 0 )
|
|
lengths[fake_entropy_state.max_steps++] = amount3;
|
|
if( amount4 >= 0 )
|
|
lengths[fake_entropy_state.max_steps++] = amount4;
|
|
fake_entropy_state.length_sequence = lengths;
|
|
|
|
custom_entropy_sources_mask = ENTROPY_SOURCE_FAKE;
|
|
PSA_ASSERT( mbedtls_psa_crypto_configure_entropy_sources(
|
|
custom_entropy_init, mbedtls_entropy_free ) );
|
|
|
|
TEST_EQUAL( psa_crypto_init( ), expected_init_status );
|
|
if( expected_init_status != PSA_SUCCESS )
|
|
goto exit;
|
|
|
|
PSA_ASSERT( psa_generate_random( random, sizeof( random ) ) );
|
|
|
|
exit:
|
|
mbedtls_psa_crypto_free( );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED */
|
|
void entropy_from_nv_seed( int seed_size_arg,
|
|
int expected_init_status_arg )
|
|
{
|
|
psa_status_t expected_init_status = expected_init_status_arg;
|
|
uint8_t random[10] = { 0 };
|
|
uint8_t *seed = NULL;
|
|
size_t seed_size = seed_size_arg;
|
|
|
|
ASSERT_ALLOC( seed, seed_size );
|
|
TEST_ASSERT( mbedtls_nv_seed_write( seed, seed_size ) >= 0 );
|
|
|
|
custom_entropy_sources_mask = ENTROPY_SOURCE_NV_SEED;
|
|
PSA_ASSERT( mbedtls_psa_crypto_configure_entropy_sources(
|
|
custom_entropy_init, mbedtls_entropy_free ) );
|
|
|
|
TEST_EQUAL( psa_crypto_init( ), expected_init_status );
|
|
if( expected_init_status != PSA_SUCCESS )
|
|
goto exit;
|
|
|
|
PSA_ASSERT( psa_generate_random( random, sizeof( random ) ) );
|
|
|
|
exit:
|
|
mbedtls_free( seed );
|
|
mbedtls_psa_crypto_free( );
|
|
}
|
|
/* END_CASE */
|