lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-30 22:43:08 +03:00
Code Activity

Add a facility to configure entropy sources

Browse Source 
Add a function to configure entropy sources. For testing only.

Use it to test that the library initialization fails properly if there is no
entropy source.
This commit is contained in:
Gilles Peskine
2018-11-20 21:59:56 +01:00
parent c6b6907066
commit 5e76952235
4 changed files with 200 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
tests/suites/test_suite_psa_crypto_init.data
View File

@ -18,3 +18,9 @@ validate_module_init_generate_random:1
No key slot access after deinit
validate_module_init_key_based:1
Custom entropy sources: all standard
custom_entropy_sources:0x0000ffff:PSA_SUCCESS
Custom entropy sources: none
custom_entropy_sources:0:PSA_ERROR_INSUFFICIENT_ENTROPY

93
tests/suites/test_suite_psa_crypto_init.function
View File

@ -6,6 +6,73 @@
#endif
#include "psa/crypto.h"
/* Some tests in this module configure entropy sources. */
#include "psa_crypto_invasive.h"
#include "mbedtls/entropy.h"
#include "mbedtls/entropy_poll.h"
#define ENTROPY_SOURCE_PLATFORM 0x00000001
#define ENTROPY_SOURCE_TIMING 0x00000002
#define ENTROPY_SOURCE_HAVEGE 0x00000004
#define ENTROPY_SOURCE_HARDWARE 0x00000008
#define ENTROPY_SOURCE_NV_SEED 0x00000010
static uint32_t custom_entropy_sources_mask;
/* This is a modified version of mbedtls_entropy_init() from entropy.c
* which chooses entropy sources dynamically. */
static void custom_entropy_init( mbedtls_entropy_context *ctx )
{
ctx->source_count = 0;
memset( ctx->source, 0, sizeof( ctx->source ) );
#if defined(MBEDTLS_THREADING_C)
mbedtls_mutex_init( &ctx->mutex );
#endif
ctx->accumulator_started = 0;
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
mbedtls_sha512_init( &ctx->accumulator );
#else
mbedtls_sha256_init( &ctx->accumulator );
#endif
#if defined(MBEDTLS_HAVEGE_C)
mbedtls_havege_init( &ctx->havege_data );
#endif
#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
if( custom_entropy_sources_mask & ENTROPY_SOURCE_PLATFORM )
mbedtls_entropy_add_source( ctx, mbedtls_platform_entropy_poll, NULL,
MBEDTLS_ENTROPY_MIN_PLATFORM,
MBEDTLS_ENTROPY_SOURCE_STRONG );
#endif
#if defined(MBEDTLS_TIMING_C)
if( custom_entropy_sources_mask & ENTROPY_SOURCE_TIMING )
mbedtls_entropy_add_source( ctx, mbedtls_hardclock_poll, NULL,
MBEDTLS_ENTROPY_MIN_HARDCLOCK,
MBEDTLS_ENTROPY_SOURCE_WEAK );
#endif
#if defined(MBEDTLS_HAVEGE_C)
if( custom_entropy_sources_mask & ENTROPY_SOURCE_HAVEGE )
mbedtls_entropy_add_source( ctx, mbedtls_havege_poll, &ctx->havege_data,
MBEDTLS_ENTROPY_MIN_HAVEGE,
MBEDTLS_ENTROPY_SOURCE_STRONG );
#endif
#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
if( custom_entropy_sources_mask & ENTROPY_SOURCE_HARDWARE )
mbedtls_entropy_add_source( ctx, mbedtls_hardware_poll, NULL,
MBEDTLS_ENTROPY_MIN_HARDWARE,
MBEDTLS_ENTROPY_SOURCE_STRONG );
#endif
#if defined(MBEDTLS_ENTROPY_NV_SEED)
if( custom_entropy_sources_mask & ENTROPY_SOURCE_NV_SEED )
mbedtls_entropy_add_source( ctx, mbedtls_nv_seed_poll, NULL,
MBEDTLS_ENTROPY_BLOCK_SIZE,
MBEDTLS_ENTROPY_SOURCE_STRONG );
ctx->initial_entropy_run = 0;
#endif
}
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@ -75,3 +142,29 @@ void validate_module_init_key_based( int count )
TEST_ASSERT( status == PSA_ERROR_BAD_STATE );
}
/* END_CASE */
/* BEGIN_CASE */
void custom_entropy_sources( int sources_arg, int expected_init_status_arg )
{
psa_status_t expected_init_status = expected_init_status_arg;
int inited = 0;
uint8_t random[10] = { 0 };
custom_entropy_sources_mask = sources_arg;
TEST_ASSERT( mbedtls_psa_crypto_configure_entropy_sources(
custom_entropy_init, mbedtls_entropy_free ) ==
PSA_SUCCESS );
TEST_ASSERT( psa_crypto_init( ) == expected_init_status );
if( expected_init_status != PSA_SUCCESS )
goto exit;
inited = 1;
TEST_ASSERT( psa_generate_random( random, sizeof( random ) ) ==
PSA_SUCCESS );
exit:
if( inited )
mbedtls_psa_crypto_free( );
}
/* END_CASE */