From 76175ba785322b0beb4d0cc2a0c1fe406f032dd4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 24 Nov 2020 18:39:12 +0100 Subject: [PATCH] Disable the insecure PSA test RNG by default To reduce the risk of people accidentally using the test implementation of mbedtls_psa_external_get_random(), which is insecure, require the user to explicitly call mbedtls_test_enable_insecure_external_rng() first. Disabling the test implementation of mbedtls_psa_external_get_random() will also allow negative testing for MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG, which will be added in a subsequent commit. Signed-off-by: Gilles Peskine --- tests/include/test/psa_crypto_helpers.h | 26 +++++++++++++++++++++++++ tests/src/psa_crypto_helpers.c | 18 ++++++++++++++++- tests/suites/main_test.function | 4 ++++ 3 files changed, 47 insertions(+), 1 deletion(-) diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index f44a292453..3e60a9b651 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -53,6 +53,32 @@ const char *mbedtls_test_helper_is_psa_leaking( void ); +#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) +/** Enable the insecure implementation of mbedtls_psa_external_get_random(). + * + * The insecure implementation of mbedtls_psa_external_get_random() is + * disabled by default. + * + * When MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is enabled and the test + * helpers are linked into a program, you must enable this before any code + * that uses the PSA subsystem to generate random data (including internal + * random generation for purposes such as blinding when the random generation + * is routed through PSA). + * + * You can enable and disable it at any time, regardless of the state + * of the PSA subsystem. You may disable it temporarily to simulate a + * depleted entropy source. + */ +void mbedtls_test_enable_insecure_external_rng( void ); + +/** Disable the insecure implementation of mbedtls_psa_external_get_random(). + * + * See mbedtls_test_enable_insecure_external_rng(). + */ +void mbedtls_test_disable_insecure_external_rng( void ); +#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ + + #if defined(RECORD_PSA_STATUS_COVERAGE_LOG) psa_status_t mbedtls_test_record_status( psa_status_t status, const char *func, diff --git a/tests/src/psa_crypto_helpers.c b/tests/src/psa_crypto_helpers.c index 499f4b3280..00098574ec 100644 --- a/tests/src/psa_crypto_helpers.c +++ b/tests/src/psa_crypto_helpers.c @@ -72,13 +72,29 @@ psa_status_t mbedtls_test_record_status( psa_status_t status, #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) #include +static int test_insecure_external_rng_enabled = 0; + +void mbedtls_test_enable_insecure_external_rng( void ) +{ + test_insecure_external_rng_enabled = 1; +} + +void mbedtls_test_disable_insecure_external_rng( void ) +{ + test_insecure_external_rng_enabled = 0; +} + psa_status_t mbedtls_psa_external_get_random( mbedtls_psa_external_random_context_t *context, uint8_t *output, size_t output_size, size_t *output_length ) { + (void) context; + + if( !test_insecure_external_rng_enabled ) + return( PSA_ERROR_INSUFFICIENT_ENTROPY ); + /* This implementation is for test purposes only! * Use the libc non-cryptographic random generator. */ - (void) context; mbedtls_test_rnd_std_rand( NULL, output, output_size ); *output_length = output_size; return( PSA_SUCCESS ); diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 256224e799..98dab3ebbd 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -164,6 +164,10 @@ $dispatch_code */ void execute_function_ptr(TestWrapper_t fp, void **params) { +#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) + mbedtls_test_enable_insecure_external_rng( ); +#endif + #if defined(MBEDTLS_CHECK_PARAMS) mbedtls_test_param_failed_location_record_t location_record;