MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG: negative tests

Under MBEDTLS_ERR_RSA_RNG_FAILED, add tests where the random generator
failed. This commit tests the following operations:

* psa_generate_random()
* psa_generate_key() for a symmetric key
* Deterministic signatures that use blinding (RSA PKCS#1v1.5,
  deterministic ECDSA).
* Randomized signatures (RSA PSS, randomized ECDSA).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2020-11-25 00:16:10 +01:00
parent ae3741e8a4
commit f547ce8daa
2 changed files with 101 additions and 0 deletions

View File

@ -1,3 +1,26 @@
PSA external RNG failure: generate random and key
external_rng_failure_generate:
PSA external RNG failure: randomized ECDSA
depends_on:PSA_WANT_ALG_ECDSA
external_rng_failure_sign:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA_ANY:32
PSA external RNG failure: deterministic ECDSA (software implementation)
# Depend on the built-in implementation which we know uses blinding.
# An external implementation might not use blinding.
depends_on:MBEDTLS_PSA_BUILTIN_ALG_ECDSA:MBEDTLS_SHA256_C:PSA_WANT_ALG_SHA256
external_rng_failure_sign:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):32
PSA external RNG failure: RSA-PSS
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256
external_rng_failure_sign:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):32
PSA external RNG failure: RSA PKCS#1v1.5 (software implementation)
# Depend on the built-in implementation which we know uses blinding.
# An external implementation might not use blinding.
depends_on:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN
external_rng_failure_sign:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:32
PSA validate entropy injection: good, minimum size PSA validate entropy injection: good, minimum size
validate_entropy_seed_injection:MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE:PSA_SUCCESS:MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE:PSA_ERROR_NOT_PERMITTED validate_entropy_seed_injection:MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE:PSA_SUCCESS:MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE:PSA_ERROR_NOT_PERMITTED

View File

@ -1,5 +1,8 @@
/* BEGIN_HEADER */ /* BEGIN_HEADER */
#include <stdint.h> #include <stdint.h>
#include <string.h>
#include <psa/crypto.h>
#include "mbedtls/entropy.h" #include "mbedtls/entropy.h"
#include "mbedtls/entropy_poll.h" #include "mbedtls/entropy_poll.h"
@ -35,6 +38,81 @@ psa_status_t remove_seed_file( void )
/* END_HEADER */ /* END_HEADER */
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
void external_rng_failure_generate( )
{
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
psa_set_key_bits( &attributes, 128 );
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
uint8_t output[1];
PSA_ASSERT( psa_crypto_init( ) );
PSA_ASSERT( psa_generate_random( output, sizeof( output ) ) );
PSA_ASSERT( psa_generate_key( &attributes, &key ) );
PSA_ASSERT( psa_destroy_key( key ) );
mbedtls_test_disable_insecure_external_rng( );
TEST_EQUAL( PSA_ERROR_INSUFFICIENT_ENTROPY,
psa_generate_random( output, sizeof( output ) ) );
TEST_EQUAL( PSA_ERROR_INSUFFICIENT_ENTROPY,
psa_generate_key( &attributes, &key ) );
exit:
psa_destroy_key( key );
PSA_DONE( );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
void external_rng_failure_sign( int key_type, data_t *key_data, int alg,
int input_size_arg )
{
/* This test case is only expected to pass if the signature mechanism
* requires randomness, either because it is a randomized signature
* or because the implementation uses blinding. */
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_set_key_type( &attributes, key_type );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN );
psa_set_key_algorithm( &attributes, alg );
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
size_t input_size = input_size_arg;
uint8_t signature[PSA_SIGNATURE_MAX_SIZE];
size_t signature_length;
TEST_ASSERT( input_size <= sizeof( signature ) );
PSA_ASSERT( psa_crypto_init( ) );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
&key ) );
memset( signature, 0, input_size );
PSA_ASSERT( psa_sign_hash( key, alg,
signature, input_size,
signature, sizeof( signature ),
&signature_length ) );
PSA_ASSERT( psa_destroy_key( key ) );
mbedtls_test_disable_insecure_external_rng( );
/* Import the key again, because for RSA Mbed TLS caches blinding values
* in the key object and this could perturb the test. */
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
&key ) );
memset( signature, 0, input_size );
TEST_EQUAL( PSA_ERROR_INSUFFICIENT_ENTROPY,
psa_sign_hash( key, alg,
signature, input_size,
signature, sizeof( signature ),
&signature_length ) );
PSA_ASSERT( psa_destroy_key( key ) );
exit:
psa_destroy_key( key );
PSA_DONE( );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PSA_INJECT_ENTROPY */ /* BEGIN_CASE depends_on:MBEDTLS_PSA_INJECT_ENTROPY */
void validate_entropy_seed_injection( int seed_length_a, void validate_entropy_seed_injection( int seed_length_a,
int expected_status_a, int expected_status_a,