• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1/* BEGIN_HEADER */
2#include <stdint.h>
3#include <string.h>
4
5#include <psa/crypto.h>
6
7#include "mbedtls/entropy.h"
8#include "entropy_poll.h"
9
10/* Calculating the minimum allowed entropy size in bytes */
11#define MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE MAX(MBEDTLS_ENTROPY_MIN_PLATFORM, MBEDTLS_ENTROPY_BLOCK_SIZE)
12
13#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
14
15#if defined(MBEDTLS_PSA_ITS_FILE_C)
16#include <stdio.h>
17#else
18#include <psa/internal_trusted_storage.h>
19#endif
20
21/* Remove the entropy seed file. Since the library does not expose a way
22 * to do this (it would be a security risk if such a function was ever
23 * accessible in production), implement this functionality in a white-box
24 * manner. */
25psa_status_t remove_seed_file( void )
26{
27#if defined(MBEDTLS_PSA_ITS_FILE_C)
28    if( remove( "00000000ffffff52.psa_its" ) == 0 )
29        return( PSA_SUCCESS );
30    else
31        return( PSA_ERROR_DOES_NOT_EXIST );
32#else
33    return( psa_its_remove( PSA_CRYPTO_ITS_RANDOM_SEED_UID ) );
34#endif
35}
36
37#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
38
39/* END_HEADER */
40
41/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
42void external_rng_failure_generate( )
43{
44    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
45    psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
46    psa_set_key_bits( &attributes, 128 );
47    mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
48    uint8_t output[1];
49
50    PSA_ASSERT( psa_crypto_init( ) );
51
52    PSA_ASSERT( psa_generate_random( output, sizeof( output ) ) );
53    PSA_ASSERT( psa_generate_key( &attributes, &key ) );
54    PSA_ASSERT( psa_destroy_key( key ) );
55
56    mbedtls_test_disable_insecure_external_rng( );
57    TEST_EQUAL( PSA_ERROR_INSUFFICIENT_ENTROPY,
58                psa_generate_random( output, sizeof( output ) ) );
59    TEST_EQUAL( PSA_ERROR_INSUFFICIENT_ENTROPY,
60                psa_generate_key( &attributes, &key ) );
61
62exit:
63    psa_destroy_key( key );
64    PSA_DONE( );
65}
66/* END_CASE */
67
68/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
69void external_rng_failure_sign( int key_type, data_t *key_data, int alg,
70                                int input_size_arg )
71{
72    /* This test case is only expected to pass if the signature mechanism
73     * requires randomness, either because it is a randomized signature
74     * or because the implementation uses blinding. */
75
76    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
77    psa_set_key_type( &attributes, key_type );
78    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
79    psa_set_key_algorithm( &attributes, alg );
80    mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
81    size_t input_size = input_size_arg;
82    uint8_t *input = NULL;
83    uint8_t *signature = NULL;
84    size_t signature_size = PSA_SIGNATURE_MAX_SIZE;
85    size_t signature_length;
86
87    ASSERT_ALLOC( input, input_size );
88    ASSERT_ALLOC( signature, signature_size );
89
90    PSA_ASSERT( psa_crypto_init( ) );
91    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
92                                &key ) );
93    PSA_ASSERT( psa_sign_hash( key, alg,
94                               input, input_size,
95                               signature, signature_size,
96                               &signature_length ) );
97    PSA_ASSERT( psa_destroy_key( key ) );
98
99    mbedtls_test_disable_insecure_external_rng( );
100    /* Import the key again, because for RSA Mbed TLS caches blinding values
101     * in the key object and this could perturb the test. */
102    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
103                                &key ) );
104    TEST_EQUAL( PSA_ERROR_INSUFFICIENT_ENTROPY,
105                psa_sign_hash( key, alg,
106                               input, input_size,
107                               signature, signature_size,
108                               &signature_length ) );
109    PSA_ASSERT( psa_destroy_key( key ) );
110
111exit:
112    psa_destroy_key( key );
113    PSA_DONE( );
114    mbedtls_free( input );
115    mbedtls_free( signature );
116}
117/* END_CASE */
118
119/* BEGIN_CASE depends_on:MBEDTLS_PSA_INJECT_ENTROPY */
120void validate_entropy_seed_injection( int seed_length_a,
121                                      int expected_status_a,
122                                      int seed_length_b,
123                                      int expected_status_b )
124{
125    psa_status_t status;
126    uint8_t output[32] = { 0 };
127    uint8_t zeros[32] = { 0 };
128    uint8_t *seed = NULL;
129    int i;
130    int seed_size;
131    if( seed_length_a > seed_length_b )
132    {
133        seed_size = seed_length_a;
134    }
135    else
136    {
137        seed_size = seed_length_b;
138    }
139    ASSERT_ALLOC( seed, seed_size );
140    /* fill seed with some data */
141    for( i = 0; i < seed_size; ++i )
142    {
143        seed[i] = i;
144    }
145    status =  remove_seed_file( );
146    TEST_ASSERT( ( status == PSA_SUCCESS ) ||
147                 ( status == PSA_ERROR_DOES_NOT_EXIST ) );
148    status = mbedtls_psa_inject_entropy( seed, seed_length_a );
149    TEST_EQUAL( status, expected_status_a );
150    status = mbedtls_psa_inject_entropy( seed, seed_length_b );
151    TEST_EQUAL( status, expected_status_b );
152    PSA_ASSERT( psa_crypto_init( ) );
153    PSA_ASSERT( psa_generate_random( output,
154                                     sizeof( output ) ) );
155    TEST_ASSERT( memcmp( output, zeros, sizeof( output ) ) != 0 );
156exit:
157    mbedtls_free( seed );
158    remove_seed_file( );
159    PSA_DONE( );
160}
161/* END_CASE */
162
163/* BEGIN_CASE depends_on:MBEDTLS_PSA_INJECT_ENTROPY */
164void run_entropy_inject_with_crypto_init( )
165{
166    psa_status_t status;
167    size_t i;
168    uint8_t seed[MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE] = { 0 };
169    /* fill seed with some data */
170    for( i = 0; i < sizeof( seed ); ++i )
171    {
172        seed[i] = i;
173    }
174    status =  remove_seed_file( );
175    TEST_ASSERT( ( status == PSA_SUCCESS ) ||
176                 ( status == PSA_ERROR_DOES_NOT_EXIST ) );
177    status = mbedtls_psa_inject_entropy( seed, sizeof( seed ) );
178    PSA_ASSERT( status );
179    status =  remove_seed_file( );
180    TEST_EQUAL( status, PSA_SUCCESS );
181    status = psa_crypto_init( );
182    TEST_EQUAL( status, PSA_ERROR_INSUFFICIENT_ENTROPY );
183    status = mbedtls_psa_inject_entropy( seed, sizeof( seed ) );
184    PSA_ASSERT( status );
185    status = psa_crypto_init( );
186    PSA_ASSERT( status );
187    PSA_DONE( );
188    /* The seed is written by nv_seed callback functions therefore the injection will fail */
189    status = mbedtls_psa_inject_entropy( seed, sizeof( seed ) );
190    TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
191exit:
192    remove_seed_file( );
193    PSA_DONE( );
194}
195/* END_CASE */
196