From 0adf0fc31c2ed664f7536e15c8c7ef4e99e1b5a5 Mon Sep 17 00:00:00 2001 From: itayzafrir Date: Thu, 6 Sep 2018 16:24:41 +0300 Subject: [PATCH] Ensure the module is initialized in psa_generate_random --- include/psa/crypto.h | 1 + library/psa_crypto.c | 10 ++++++++-- tests/suites/test_suite_psa_crypto.data | 3 +++ tests/suites/test_suite_psa_crypto.function | 10 ++++++++++ 4 files changed, 22 insertions(+), 2 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index c3899bfe7..b0bbb16cf 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -2902,6 +2902,7 @@ psa_status_t psa_key_derivation(psa_crypto_generator_t *generator, * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_TAMPERING_DETECTED + * \retval #PSA_ERROR_BAD_STATE */ psa_status_t psa_generate_random(uint8_t *output, size_t output_size); diff --git a/library/psa_crypto.c b/library/psa_crypto.c index dfbb6800f..01dbf3c3a 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -148,6 +148,10 @@ typedef struct static psa_global_data_t global_data; +#define GUARD_MODULE_INITIALIZED \ + if( global_data.initialized == 0 ) \ + return( PSA_ERROR_BAD_STATE ); + static psa_status_t mbedtls_to_psa_error( int ret ) { /* If there's both a high-level code and low-level code, dispatch on @@ -3360,8 +3364,10 @@ psa_status_t psa_key_derivation( psa_crypto_generator_t *generator, psa_status_t psa_generate_random( uint8_t *output, size_t output_size ) { - int ret = mbedtls_ctr_drbg_random( &global_data.ctr_drbg, - output, output_size ); + int ret; + GUARD_MODULE_INITIALIZED; + + ret = mbedtls_ctr_drbg_random( &global_data.ctr_drbg, output, output_size ); return( mbedtls_to_psa_error( ret ) ); } diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 01be797ab..202bd420f 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -1178,3 +1178,6 @@ generate_key:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_KEY_USAGE PSA generate key: ECC, SECP256R1, incorrect bit size depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C generate_key:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_ANY:PSA_ERROR_INVALID_ARGUMENT + +PSA validate module initialization: random +validate_module_init_generate_random: diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index e14b2256d..e4a776ac0 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3451,3 +3451,13 @@ exit: mbedtls_psa_crypto_free( ); } /* END_CASE */ + +/* BEGIN_CASE */ +void validate_module_init_generate_random( ) +{ + psa_status_t status; + uint8_t random[10] = { 0 }; + status = psa_generate_random( random, sizeof( random ) ); + TEST_ASSERT( status == PSA_ERROR_BAD_STATE ); +} +/* END_CASE */