mbedtls/tests/suites/test_suite_psa_crypto_entropy.function

/* BEGIN_HEADER */
#include <stdint.h>
#include <string.h>

#include <psa/crypto.h>

#include "mbedtls/entropy.h"
#include "entropy_poll.h"

/* Calculating the minimum allowed entropy size in bytes */
#define MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE MAX(MBEDTLS_ENTROPY_MIN_PLATFORM, \
                                                MBEDTLS_ENTROPY_BLOCK_SIZE)

#if defined(MBEDTLS_PSA_INJECT_ENTROPY)

#if defined(MBEDTLS_PSA_ITS_FILE_C)
#include <stdio.h>
#else
#include <psa/internal_trusted_storage.h>
#endif

/* Remove the entropy seed file. Since the library does not expose a way
 * to do this (it would be a security risk if such a function was ever
 * accessible in production), implement this functionality in a white-box
 * manner. */
psa_status_t remove_seed_file(void)
{
#if defined(MBEDTLS_PSA_ITS_FILE_C)
    if (remove("00000000ffffff52.psa_its") == 0) {
        return PSA_SUCCESS;
    } else {
        return PSA_ERROR_DOES_NOT_EXIST;
    }
#else
    return psa_its_remove(PSA_CRYPTO_ITS_RANDOM_SEED_UID);
#endif
}

#endif /* MBEDTLS_PSA_INJECT_ENTROPY */

/* END_HEADER */

/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
void external_rng_failure_generate()
{
    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
    psa_set_key_type(&attributes, PSA_KEY_TYPE_DERIVE);
    psa_set_key_bits(&attributes, 128);
    mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
    uint8_t output[1];

    PSA_ASSERT(psa_crypto_init());

    PSA_ASSERT(psa_generate_random(output, sizeof(output)));
    PSA_ASSERT(psa_generate_key(&attributes, &key));
    PSA_ASSERT(psa_destroy_key(key));

    mbedtls_test_disable_insecure_external_rng();
    TEST_EQUAL(PSA_ERROR_INSUFFICIENT_ENTROPY,
               psa_generate_random(output, sizeof(output)));
    TEST_EQUAL(PSA_ERROR_INSUFFICIENT_ENTROPY,
               psa_generate_key(&attributes, &key));

exit:
    psa_destroy_key(key);
    PSA_DONE();
}
/* END_CASE */

/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
void external_rng_failure_sign(int key_type, data_t *key_data, int alg,
                               int input_size_arg)
{
    /* This test case is only expected to pass if the signature mechanism
     * requires randomness, either because it is a randomized signature
     * or because the implementation uses blinding. */

    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
    psa_set_key_type(&attributes, key_type);
    psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH);
    psa_set_key_algorithm(&attributes, alg);
    mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
    size_t input_size = input_size_arg;
    uint8_t *input = NULL;
    uint8_t *signature = NULL;
    size_t signature_size = PSA_SIGNATURE_MAX_SIZE;
    size_t signature_length;

    ASSERT_ALLOC(input, input_size);
    ASSERT_ALLOC(signature, signature_size);

    PSA_ASSERT(psa_crypto_init());
    PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
                              &key));
    PSA_ASSERT(psa_sign_hash(key, alg,
                             input, input_size,
                             signature, signature_size,
                             &signature_length));
    PSA_ASSERT(psa_destroy_key(key));

    mbedtls_test_disable_insecure_external_rng();
    /* Import the key again, because for RSA Mbed TLS caches blinding values
     * in the key object and this could perturb the test. */
    PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
                              &key));
    TEST_EQUAL(PSA_ERROR_INSUFFICIENT_ENTROPY,
               psa_sign_hash(key, alg,
                             input, input_size,
                             signature, signature_size,
                             &signature_length));
    PSA_ASSERT(psa_destroy_key(key));

exit:
    psa_destroy_key(key);
    PSA_DONE();
    mbedtls_free(input);
    mbedtls_free(signature);
}
/* END_CASE */

/* BEGIN_CASE depends_on:MBEDTLS_PSA_INJECT_ENTROPY */
void validate_entropy_seed_injection(int seed_length_a,
                                     int expected_status_a,
                                     int seed_length_b,
                                     int expected_status_b)
{
    psa_status_t status;
    uint8_t output[32] = { 0 };
    uint8_t zeros[32] = { 0 };
    uint8_t *seed = NULL;
    int i;
    int seed_size;
    if (seed_length_a > seed_length_b) {
        seed_size = seed_length_a;
    } else {
        seed_size = seed_length_b;
    }
    ASSERT_ALLOC(seed, seed_size);
    /* fill seed with some data */
    for (i = 0; i < seed_size; ++i) {
        seed[i] = i;
    }
    status =  remove_seed_file();
    TEST_ASSERT((status == PSA_SUCCESS) ||
                (status == PSA_ERROR_DOES_NOT_EXIST));
    status = mbedtls_psa_inject_entropy(seed, seed_length_a);
    TEST_EQUAL(status, expected_status_a);
    status = mbedtls_psa_inject_entropy(seed, seed_length_b);
    TEST_EQUAL(status, expected_status_b);
    PSA_ASSERT(psa_crypto_init());
    PSA_ASSERT(psa_generate_random(output,
                                   sizeof(output)));
    TEST_ASSERT(memcmp(output, zeros, sizeof(output)) != 0);
exit:
    mbedtls_free(seed);
    PSA_DONE();
    mbedtls_test_inject_entropy_restore();
}
/* END_CASE */

/* BEGIN_CASE depends_on:MBEDTLS_PSA_INJECT_ENTROPY */
void run_entropy_inject_with_crypto_init()
{
    psa_status_t status;
    size_t i;
    uint8_t seed[MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE] = { 0 };
    /* fill seed with some data */
    for (i = 0; i < sizeof(seed); ++i) {
        seed[i] = i;
    }
    status =  remove_seed_file();
    TEST_ASSERT((status == PSA_SUCCESS) ||
                (status == PSA_ERROR_DOES_NOT_EXIST));
    status = mbedtls_psa_inject_entropy(seed, sizeof(seed));
    PSA_ASSERT(status);
    status =  remove_seed_file();
    TEST_EQUAL(status, PSA_SUCCESS);
    status = psa_crypto_init();
    TEST_EQUAL(status, PSA_ERROR_INSUFFICIENT_ENTROPY);
    status = mbedtls_psa_inject_entropy(seed, sizeof(seed));
    PSA_ASSERT(status);
    status = psa_crypto_init();
    PSA_ASSERT(status);
    PSA_DONE();
    /* The seed is written by nv_seed callback functions therefore the injection will fail */
    status = mbedtls_psa_inject_entropy(seed, sizeof(seed));
    TEST_EQUAL(status, PSA_ERROR_NOT_PERMITTED);
exit:
    PSA_DONE();
    mbedtls_test_inject_entropy_restore();
}
/* END_CASE */