mbedtls/tests/suites/test_suite_psa_crypto_init.function
Gilles Peskine 9e1be6a246 Create the NV seed file for the tests if needed
Write an all-bits-zero NV seed file for the tests. Without this, if
the seed file is not present when this test suite is executed, the
PSA module initialization will fail, causing most test cases to fail.

Also write an all-bits-zero NV seed file at the end. The test cases in
this test suite mess with the file, but subsequent test suites may
need it.
2018-11-23 22:58:40 +01:00

295 lines
9 KiB
Plaintext

/* BEGIN_HEADER */
#include <stdint.h>
#if defined(MBEDTLS_PSA_CRYPTO_SPM)
#include "spm/psa_defs.h"
#endif
#include "psa/crypto.h"
/* Some tests in this module configure entropy sources. */
#include "psa_crypto_invasive.h"
#include "mbedtls/entropy.h"
#include "mbedtls/entropy_poll.h"
#include "mbedtls/platform.h"
#define MIN( x, y ) ( ( x ) < ( y ) ? ( x ) : ( y ) )
#define MAX( x, y ) ( ( x ) > ( y ) ? ( x ) : ( y ) )
#define ENTROPY_MIN_NV_SEED_SIZE \
MAX(MBEDTLS_ENTROPY_MIN_PLATFORM, MBEDTLS_ENTROPY_BLOCK_SIZE)
typedef struct
{
size_t threshold; /* Minimum bytes to make mbedtls_entropy_func happy */
size_t max_steps;
size_t *length_sequence;
size_t step;
} fake_entropy_state_t;
static int fake_entropy_source( void *state_arg,
unsigned char *output, size_t len,
size_t *olen )
{
fake_entropy_state_t *state = state_arg;
size_t i;
if( state->step >= state->max_steps )
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
*olen = MIN( len, state->length_sequence[state->step] );
for( i = 0; i < *olen; i++ )
output[i] = i;
++state->step;
return( 0 );
};
#define ENTROPY_SOURCE_PLATFORM 0x00000001
#define ENTROPY_SOURCE_TIMING 0x00000002
#define ENTROPY_SOURCE_HAVEGE 0x00000004
#define ENTROPY_SOURCE_HARDWARE 0x00000008
#define ENTROPY_SOURCE_NV_SEED 0x00000010
#define ENTROPY_SOURCE_FAKE 0x40000000
static uint32_t custom_entropy_sources_mask;
static fake_entropy_state_t fake_entropy_state;
/* This is a modified version of mbedtls_entropy_init() from entropy.c
* which chooses entropy sources dynamically. */
static void custom_entropy_init( mbedtls_entropy_context *ctx )
{
ctx->source_count = 0;
memset( ctx->source, 0, sizeof( ctx->source ) );
#if defined(MBEDTLS_THREADING_C)
mbedtls_mutex_init( &ctx->mutex );
#endif
ctx->accumulator_started = 0;
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
mbedtls_sha512_init( &ctx->accumulator );
#else
mbedtls_sha256_init( &ctx->accumulator );
#endif
#if defined(MBEDTLS_HAVEGE_C)
mbedtls_havege_init( &ctx->havege_data );
#endif
#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
if( custom_entropy_sources_mask & ENTROPY_SOURCE_PLATFORM )
mbedtls_entropy_add_source( ctx, mbedtls_platform_entropy_poll, NULL,
MBEDTLS_ENTROPY_MIN_PLATFORM,
MBEDTLS_ENTROPY_SOURCE_STRONG );
#endif
#if defined(MBEDTLS_TIMING_C)
if( custom_entropy_sources_mask & ENTROPY_SOURCE_TIMING )
mbedtls_entropy_add_source( ctx, mbedtls_hardclock_poll, NULL,
MBEDTLS_ENTROPY_MIN_HARDCLOCK,
MBEDTLS_ENTROPY_SOURCE_WEAK );
#endif
#if defined(MBEDTLS_HAVEGE_C)
if( custom_entropy_sources_mask & ENTROPY_SOURCE_HAVEGE )
mbedtls_entropy_add_source( ctx, mbedtls_havege_poll, &ctx->havege_data,
MBEDTLS_ENTROPY_MIN_HAVEGE,
MBEDTLS_ENTROPY_SOURCE_STRONG );
#endif
#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
if( custom_entropy_sources_mask & ENTROPY_SOURCE_HARDWARE )
mbedtls_entropy_add_source( ctx, mbedtls_hardware_poll, NULL,
MBEDTLS_ENTROPY_MIN_HARDWARE,
MBEDTLS_ENTROPY_SOURCE_STRONG );
#endif
#if defined(MBEDTLS_ENTROPY_NV_SEED)
if( custom_entropy_sources_mask & ENTROPY_SOURCE_NV_SEED )
{
mbedtls_entropy_add_source( ctx, mbedtls_nv_seed_poll, NULL,
MBEDTLS_ENTROPY_BLOCK_SIZE,
MBEDTLS_ENTROPY_SOURCE_STRONG );
ctx->initial_entropy_run = 0;
}
else
{
/* Skip the NV seed even though it's compiled in. */
ctx->initial_entropy_run = 1;
}
#endif
if( custom_entropy_sources_mask & ENTROPY_SOURCE_FAKE )
mbedtls_entropy_add_source( ctx,
fake_entropy_source, &fake_entropy_state,
fake_entropy_state.threshold,
MBEDTLS_ENTROPY_SOURCE_STRONG );
}
/* END_HEADER */
/* BEGIN_DEPENDENCIES
* depends_on:MBEDTLS_PSA_CRYPTO_C
* END_DEPENDENCIES
*/
/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED */
void create_nv_seed( )
{
static unsigned char seed[ENTROPY_MIN_NV_SEED_SIZE];
TEST_ASSERT( mbedtls_nv_seed_write( seed, sizeof( seed ) ) >= 0 );
}
/* END_CASE */
/* BEGIN_CASE */
void init_deinit( int count )
{
psa_status_t status;
int i;
for( i = 0; i < count; i++ )
{
status = psa_crypto_init( );
TEST_ASSERT( status == PSA_SUCCESS );
status = psa_crypto_init( );
TEST_ASSERT( status == PSA_SUCCESS );
mbedtls_psa_crypto_free( );
}
}
/* END_CASE */
/* BEGIN_CASE */
void deinit_without_init( int count )
{
int i;
for( i = 0; i < count; i++ )
{
TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
mbedtls_psa_crypto_free( );
}
mbedtls_psa_crypto_free( );
}
/* END_CASE */
/* BEGIN_CASE */
void validate_module_init_generate_random( int count )
{
psa_status_t status;
uint8_t random[10] = { 0 };
int i;
for( i = 0; i < count; i++ )
{
status = psa_crypto_init( );
TEST_ASSERT( status == PSA_SUCCESS );
mbedtls_psa_crypto_free( );
}
status = psa_generate_random( random, sizeof( random ) );
TEST_ASSERT( status == PSA_ERROR_BAD_STATE );
}
/* END_CASE */
/* BEGIN_CASE */
void validate_module_init_key_based( int count )
{
psa_status_t status;
uint8_t data[10] = { 0 };
int i;
for( i = 0; i < count; i++ )
{
status = psa_crypto_init( );
TEST_ASSERT( status == PSA_SUCCESS );
mbedtls_psa_crypto_free( );
}
status = psa_import_key( 1, PSA_KEY_TYPE_RAW_DATA, data, sizeof( data ) );
TEST_ASSERT( status == PSA_ERROR_BAD_STATE );
}
/* END_CASE */
/* BEGIN_CASE */
void custom_entropy_sources( int sources_arg, int expected_init_status_arg )
{
psa_status_t expected_init_status = expected_init_status_arg;
uint8_t random[10] = { 0 };
custom_entropy_sources_mask = sources_arg;
TEST_ASSERT( mbedtls_psa_crypto_configure_entropy_sources(
custom_entropy_init, mbedtls_entropy_free ) ==
PSA_SUCCESS );
TEST_ASSERT( psa_crypto_init( ) == expected_init_status );
if( expected_init_status != PSA_SUCCESS )
goto exit;
TEST_ASSERT( psa_generate_random( random, sizeof( random ) ) ==
PSA_SUCCESS );
exit:
mbedtls_psa_crypto_free( );
}
/* END_CASE */
/* BEGIN_CASE */
void fake_entropy_source( int threshold,
int amount1,
int amount2,
int amount3,
int amount4,
int expected_init_status_arg )
{
psa_status_t expected_init_status = expected_init_status_arg;
uint8_t random[10] = { 0 };
size_t lengths[4];
fake_entropy_state.threshold = threshold;
fake_entropy_state.step = 0;
fake_entropy_state.max_steps = 0;
if( amount1 >= 0 )
lengths[fake_entropy_state.max_steps++] = amount1;
if( amount2 >= 0 )
lengths[fake_entropy_state.max_steps++] = amount2;
if( amount3 >= 0 )
lengths[fake_entropy_state.max_steps++] = amount3;
if( amount4 >= 0 )
lengths[fake_entropy_state.max_steps++] = amount4;
fake_entropy_state.length_sequence = lengths;
custom_entropy_sources_mask = ENTROPY_SOURCE_FAKE;
TEST_ASSERT( mbedtls_psa_crypto_configure_entropy_sources(
custom_entropy_init, mbedtls_entropy_free ) ==
PSA_SUCCESS );
TEST_ASSERT( psa_crypto_init( ) == expected_init_status );
if( expected_init_status != PSA_SUCCESS )
goto exit;
TEST_ASSERT( psa_generate_random( random, sizeof( random ) ) ==
PSA_SUCCESS );
exit:
mbedtls_psa_crypto_free( );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED */
void entropy_from_nv_seed( int seed_size_arg,
int expected_init_status_arg )
{
psa_status_t expected_init_status = expected_init_status_arg;
uint8_t random[10] = { 0 };
uint8_t *seed = NULL;
size_t seed_size = seed_size_arg;
ASSERT_ALLOC( seed, seed_size );
TEST_ASSERT( mbedtls_nv_seed_write( seed, seed_size ) >= 0 );
custom_entropy_sources_mask = ENTROPY_SOURCE_NV_SEED;
TEST_ASSERT( mbedtls_psa_crypto_configure_entropy_sources(
custom_entropy_init, mbedtls_entropy_free ) ==
PSA_SUCCESS );
TEST_ASSERT( psa_crypto_init( ) == expected_init_status );
if( expected_init_status != PSA_SUCCESS )
goto exit;
TEST_ASSERT( psa_generate_random( random, sizeof( random ) ) ==
PSA_SUCCESS );
exit:
mbedtls_free( seed );
mbedtls_psa_crypto_free( );
}
/* END_CASE */