251 lines
8.1 KiB
C
251 lines
8.1 KiB
C
/* BEGIN_HEADER */
|
|
#include <stdint.h>
|
|
#include <string.h>
|
|
|
|
#include <psa/crypto.h>
|
|
|
|
#include "mbedtls/entropy.h"
|
|
#include "entropy_poll.h"
|
|
|
|
/* Calculating the minimum allowed entropy size in bytes */
|
|
#define MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE MAX(MBEDTLS_ENTROPY_MIN_PLATFORM, \
|
|
MBEDTLS_ENTROPY_BLOCK_SIZE)
|
|
|
|
#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
|
|
#include <psa_crypto_its.h>
|
|
|
|
/* Check the entropy seed file.
|
|
*
|
|
* \param expected_size Expected size in bytes.
|
|
* If 0, the file must not exist.
|
|
*
|
|
* \retval 1 Either \p expected_size is nonzero and
|
|
* the entropy seed file exists and has exactly this size,
|
|
* or \p expected_size is zero and the file does not exist.
|
|
* \retval 0 Either \p expected_size is nonzero but
|
|
* the entropy seed file does not exist or has a different size,
|
|
* or \p expected_size is zero but the file exists.
|
|
* In this case, the test case is marked as failed.
|
|
*
|
|
* \note We enforce that the seed is in a specific ITS file.
|
|
* This must not change, otherwise we break backward compatibility if
|
|
* the library is upgraded on a device with an existing seed.
|
|
*/
|
|
int check_random_seed_file(size_t expected_size)
|
|
{
|
|
/* The value of the random seed UID must not change. Otherwise that would
|
|
* break upgrades of the library on devices that already contain a seed
|
|
* file. If this test assertion fails, you've presumably broken backward
|
|
* compatibility! */
|
|
TEST_EQUAL(PSA_CRYPTO_ITS_RANDOM_SEED_UID, 0xFFFFFF52);
|
|
|
|
struct psa_storage_info_t info = { 0, 0 };
|
|
psa_status_t status = psa_its_get_info(PSA_CRYPTO_ITS_RANDOM_SEED_UID,
|
|
&info);
|
|
|
|
if (expected_size == 0) {
|
|
TEST_EQUAL(status, PSA_ERROR_DOES_NOT_EXIST);
|
|
} else {
|
|
TEST_EQUAL(status, PSA_SUCCESS);
|
|
TEST_EQUAL(info.size, expected_size);
|
|
}
|
|
return 1;
|
|
|
|
exit:
|
|
return 0;
|
|
}
|
|
|
|
/* Remove the entropy seed file.
|
|
*
|
|
* See check_random_seed_file() regarding abstraction boundaries.
|
|
*/
|
|
psa_status_t remove_seed_file(void)
|
|
{
|
|
return psa_its_remove(PSA_CRYPTO_ITS_RANDOM_SEED_UID);
|
|
}
|
|
|
|
#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
|
|
|
|
/* END_HEADER */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
|
|
void external_rng_failure_generate()
|
|
{
|
|
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
|
psa_set_key_type(&attributes, PSA_KEY_TYPE_DERIVE);
|
|
psa_set_key_bits(&attributes, 128);
|
|
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
|
|
uint8_t output[1];
|
|
|
|
PSA_ASSERT(psa_crypto_init());
|
|
|
|
PSA_ASSERT(psa_generate_random(output, sizeof(output)));
|
|
PSA_ASSERT(psa_generate_key(&attributes, &key));
|
|
PSA_ASSERT(psa_destroy_key(key));
|
|
|
|
mbedtls_test_disable_insecure_external_rng();
|
|
TEST_EQUAL(PSA_ERROR_INSUFFICIENT_ENTROPY,
|
|
psa_generate_random(output, sizeof(output)));
|
|
TEST_EQUAL(PSA_ERROR_INSUFFICIENT_ENTROPY,
|
|
psa_generate_key(&attributes, &key));
|
|
|
|
exit:
|
|
psa_destroy_key(key);
|
|
PSA_DONE();
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
|
|
void external_rng_failure_sign(int key_type, data_t *key_data, int alg,
|
|
int input_size_arg)
|
|
{
|
|
/* This test case is only expected to pass if the signature mechanism
|
|
* requires randomness, either because it is a randomized signature
|
|
* or because the implementation uses blinding. */
|
|
|
|
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
|
psa_set_key_type(&attributes, key_type);
|
|
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH);
|
|
psa_set_key_algorithm(&attributes, alg);
|
|
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
|
|
size_t input_size = input_size_arg;
|
|
uint8_t *input = NULL;
|
|
uint8_t *signature = NULL;
|
|
size_t signature_size = PSA_SIGNATURE_MAX_SIZE;
|
|
size_t signature_length;
|
|
|
|
TEST_CALLOC(input, input_size);
|
|
TEST_CALLOC(signature, signature_size);
|
|
|
|
PSA_ASSERT(psa_crypto_init());
|
|
PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
|
|
&key));
|
|
PSA_ASSERT(psa_sign_hash(key, alg,
|
|
input, input_size,
|
|
signature, signature_size,
|
|
&signature_length));
|
|
PSA_ASSERT(psa_destroy_key(key));
|
|
|
|
mbedtls_test_disable_insecure_external_rng();
|
|
/* Import the key again, because for RSA Mbed TLS caches blinding values
|
|
* in the key object and this could perturb the test. */
|
|
PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
|
|
&key));
|
|
TEST_EQUAL(PSA_ERROR_INSUFFICIENT_ENTROPY,
|
|
psa_sign_hash(key, alg,
|
|
input, input_size,
|
|
signature, signature_size,
|
|
&signature_length));
|
|
PSA_ASSERT(psa_destroy_key(key));
|
|
|
|
exit:
|
|
psa_destroy_key(key);
|
|
PSA_DONE();
|
|
mbedtls_free(input);
|
|
mbedtls_free(signature);
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_PSA_INJECT_ENTROPY */
|
|
void validate_entropy_seed_injection(int seed_length_a,
|
|
int expected_status_a,
|
|
int seed_length_b,
|
|
int expected_status_b)
|
|
{
|
|
psa_status_t status;
|
|
uint8_t output[32] = { 0 };
|
|
uint8_t zeros[32] = { 0 };
|
|
uint8_t *seed = NULL;
|
|
int i;
|
|
int seed_size;
|
|
if (seed_length_a > seed_length_b) {
|
|
seed_size = seed_length_a;
|
|
} else {
|
|
seed_size = seed_length_b;
|
|
}
|
|
TEST_CALLOC(seed, seed_size);
|
|
/* fill seed with some data */
|
|
for (i = 0; i < seed_size; ++i) {
|
|
seed[i] = i;
|
|
}
|
|
status = remove_seed_file();
|
|
TEST_ASSERT((status == PSA_SUCCESS) ||
|
|
(status == PSA_ERROR_DOES_NOT_EXIST));
|
|
if (!check_random_seed_file(0)) {
|
|
goto exit;
|
|
}
|
|
|
|
status = mbedtls_psa_inject_entropy(seed, seed_length_a);
|
|
TEST_EQUAL(status, expected_status_a);
|
|
if (!check_random_seed_file(expected_status_a == PSA_SUCCESS ? seed_length_a :
|
|
0)) {
|
|
goto exit;
|
|
}
|
|
|
|
status = mbedtls_psa_inject_entropy(seed, seed_length_b);
|
|
TEST_EQUAL(status, expected_status_b);
|
|
if (!check_random_seed_file(expected_status_a == PSA_SUCCESS ? seed_length_a :
|
|
expected_status_b == PSA_SUCCESS ? seed_length_b :
|
|
0)) {
|
|
goto exit;
|
|
}
|
|
|
|
PSA_ASSERT(psa_crypto_init());
|
|
PSA_ASSERT(psa_generate_random(output,
|
|
sizeof(output)));
|
|
TEST_ASSERT(memcmp(output, zeros, sizeof(output)) != 0);
|
|
|
|
exit:
|
|
mbedtls_free(seed);
|
|
PSA_DONE();
|
|
mbedtls_test_inject_entropy_restore();
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_PSA_INJECT_ENTROPY */
|
|
void run_entropy_inject_with_crypto_init()
|
|
{
|
|
psa_status_t status;
|
|
size_t i;
|
|
uint8_t seed[MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE] = { 0 };
|
|
/* fill seed with some data */
|
|
for (i = 0; i < sizeof(seed); ++i) {
|
|
seed[i] = i;
|
|
}
|
|
|
|
status = remove_seed_file();
|
|
TEST_ASSERT((status == PSA_SUCCESS) ||
|
|
(status == PSA_ERROR_DOES_NOT_EXIST));
|
|
if (!check_random_seed_file(0)) {
|
|
goto exit;
|
|
}
|
|
status = mbedtls_psa_inject_entropy(seed, sizeof(seed));
|
|
PSA_ASSERT(status);
|
|
TEST_ASSERT(check_random_seed_file(sizeof(seed)));
|
|
status = remove_seed_file();
|
|
TEST_EQUAL(status, PSA_SUCCESS);
|
|
if (!check_random_seed_file(0)) {
|
|
goto exit;
|
|
}
|
|
|
|
status = psa_crypto_init();
|
|
TEST_EQUAL(status, PSA_ERROR_INSUFFICIENT_ENTROPY);
|
|
status = mbedtls_psa_inject_entropy(seed, sizeof(seed));
|
|
PSA_ASSERT(status);
|
|
if (!check_random_seed_file(sizeof(seed))) {
|
|
goto exit;
|
|
}
|
|
|
|
status = psa_crypto_init();
|
|
PSA_ASSERT(status);
|
|
PSA_DONE();
|
|
|
|
/* The seed is written by nv_seed callback functions therefore the injection will fail */
|
|
status = mbedtls_psa_inject_entropy(seed, sizeof(seed));
|
|
TEST_EQUAL(status, PSA_ERROR_NOT_PERMITTED);
|
|
|
|
exit:
|
|
PSA_DONE();
|
|
mbedtls_test_inject_entropy_restore();
|
|
}
|
|
/* END_CASE */
|