Skip to content

Commit 6e3b14b

Browse files
siemen11nasahlpa
siemen11
authored and
nasahlpa
committed
[crypto/tests] More negative testing for ECC and RSA
Add NULL checks and bad inputs checks for ECC and RSA. Signed-off-by: Siemen Dhooghe <sdhooghe@google.com>
1 parent e01afe7 commit 6e3b14b

20 files changed

Lines changed: 951 additions & 94 deletions

sw/device/lib/crypto/impl/ecc_p256.c

Lines changed: 0 additions & 44 deletions
Original file line numberDiff line numberDiff line change
@@ -46,15 +46,6 @@ static status_t p256_private_key_length_check(
4646
HARDENED_CHECK_EQ(launder32(private_key->config.key_length),
4747
kP256ScalarBytes);
4848

49-
// Check the single-share length.
50-
if (keyblob_share_num_words(private_key->config) !=
51-
kP256MaskedScalarShareWords) {
52-
// COVERAGE (MISSING) We do not cover bad share length inputs
53-
return OTCRYPTO_BAD_ARGS;
54-
}
55-
HARDENED_CHECK_EQ(launder32(keyblob_share_num_words(private_key->config)),
56-
kP256MaskedScalarShareWords);
57-
5849
// Check the keyblob length.
5950
if (private_key->keyblob_length != kP256MaskedScalarTotalShareBytes) {
6051
return OTCRYPTO_BAD_ARGS;
@@ -266,7 +257,6 @@ otcrypto_status_t otcrypto_ecdh_p256(const otcrypto_blinded_key_t *private_key,
266257
otcrypto_status_t otcrypto_ecc_p256_point_on_curve(
267258
const otcrypto_unblinded_key_t *point, hardened_bool_t *check_result) {
268259
if (point == NULL || point->key == NULL || check_result == NULL) {
269-
// COVERAGE (MISSING) We do not cover null inputs
270260
return OTCRYPTO_BAD_ARGS;
271261
}
272262

@@ -280,7 +270,6 @@ status_t otcrypto_ecc_p256_base_point_mult(
280270
const otcrypto_blinded_key_t *private_key,
281271
otcrypto_unblinded_key_t *public_key) {
282272
if (private_key == NULL || public_key == NULL) {
283-
// COVERAGE (MISSING) We do not cover null inputs
284273
return OTCRYPTO_BAD_ARGS;
285274
}
286275

@@ -351,14 +340,12 @@ otcrypto_status_t otcrypto_ecdsa_p256_keygen_async_finalize(
351340
// Check for any NULL pointers.
352341
if (private_key == NULL || public_key == NULL ||
353342
private_key->keyblob == NULL || public_key->key == NULL) {
354-
// COVERAGE (MISSING) We do not cover null inputs.
355343
return OTCRYPTO_BAD_ARGS;
356344
}
357345

358346
// Check the key modes.
359347
if (private_key->config.key_mode != kOtcryptoKeyModeEcdsaP256 ||
360348
public_key->key_mode != kOtcryptoKeyModeEcdsaP256) {
361-
// COVERAGE (MISSING) We do not cover bad key mode inputs.
362349
return OTCRYPTO_BAD_ARGS;
363350
}
364351
HARDENED_CHECK_EQ(launder32(private_key->config.key_mode),
@@ -417,7 +404,6 @@ static otcrypto_status_t otcrypto_ecdsa_p256_sign_async_start_setup(
417404
kHardenedBoolTrue);
418405

419406
if (private_key->config.key_mode != kOtcryptoKeyModeEcdsaP256) {
420-
// COVERAGE (MISSING) We do not cover bad key mode inputs.
421407
return OTCRYPTO_BAD_ARGS;
422408
}
423409
HARDENED_CHECK_EQ(launder32(private_key->config.key_mode),
@@ -502,7 +488,6 @@ otcrypto_status_t otcrypto_ecdsa_p256_sign_async_start(
502488
HARDENED_TRY_WIPE_DMEM(p256_ecdsa_sideload_sign_start(message_digest.data));
503489
} else {
504490
// Invalid value for private_key->hw_backed.
505-
// COVERAGE (MISSING) We do not cover bad hw_backed inputs.
506491
return OTCRYPTO_BAD_ARGS;
507492
}
508493

@@ -542,21 +527,18 @@ otcrypto_status_t otcrypto_ecdsa_p256_dice_sign_async_start(
542527
const otcrypto_const_word32_buf_t *attestation_seed) {
543528
if (private_key == NULL || private_key->keyblob == NULL ||
544529
message_digest.data == NULL) {
545-
// COVERAGE (MISSING) We do not cover bad null inputs.
546530
return OTCRYPTO_BAD_ARGS;
547531
}
548532

549533
// Check the key mode.
550534
if (private_key->config.key_mode != kOtcryptoKeyModeEcdsaP256) {
551-
// COVERAGE (MISSING) We do not cover bad key_mode inputs.
552535
return OTCRYPTO_BAD_ARGS;
553536
}
554537
HARDENED_CHECK_EQ(launder32(private_key->config.key_mode),
555538
kOtcryptoKeyModeEcdsaP256);
556539

557540
// Check the digest length.
558541
if (message_digest.len != kP256ScalarWords) {
559-
// COVERAGE (MISSING) We do not cover bad length inputs.
560542
return OTCRYPTO_BAD_ARGS;
561543
}
562544
HARDENED_CHECK_EQ(launder32(message_digest.len), kP256ScalarWords);
@@ -583,7 +565,6 @@ otcrypto_status_t otcrypto_ecdsa_p256_verify_async_start(
583565
const otcrypto_const_word32_buf_t *signature) {
584566
if (public_key == NULL || signature->data == NULL ||
585567
message_digest.data == NULL || public_key->key == NULL) {
586-
// COVERAGE (MISSING) We do not cover null inputs.
587568
return OTCRYPTO_BAD_ARGS;
588569
}
589570

@@ -596,7 +577,6 @@ otcrypto_status_t otcrypto_ecdsa_p256_verify_async_start(
596577

597578
// Check the public key mode.
598579
if (public_key->key_mode != kOtcryptoKeyModeEcdsaP256) {
599-
// COVERAGE (MISSING) We do not cover bad key mode inputs.
600580
return OTCRYPTO_BAD_ARGS;
601581
}
602582
HARDENED_CHECK_EQ(launder32(public_key->key_mode), kOtcryptoKeyModeEcdsaP256);
@@ -607,7 +587,6 @@ otcrypto_status_t otcrypto_ecdsa_p256_verify_async_start(
607587

608588
// Check the digest length.
609589
if (message_digest.len != kP256ScalarWords) {
610-
// COVERAGE (MISSING) We do not cover bad length inputs.
611590
return OTCRYPTO_BAD_ARGS;
612591
}
613592
HARDENED_CHECK_EQ(launder32(message_digest.len), kP256ScalarWords);
@@ -702,7 +681,6 @@ otcrypto_status_t otcrypto_ecdh_p256_async_start(
702681
// Check the key modes.
703682
if (private_key->config.key_mode != kOtcryptoKeyModeEcdhP256 ||
704683
public_key->key_mode != kOtcryptoKeyModeEcdhP256) {
705-
// COVERAGE (MISSING) We do not cover bad key mode inputs.
706684
return OTCRYPTO_BAD_ARGS;
707685
}
708686
HARDENED_CHECK_EQ(launder32(private_key->config.key_mode),
@@ -733,7 +711,6 @@ otcrypto_status_t otcrypto_ecdh_p256_async_start(
733711
HARDENED_TRY_WIPE_DMEM(p256_ecdh_start(&private_scalar, pk));
734712
} else {
735713
// Invalid value for `hw_backed`.
736-
// COVERAGE (MISSING) We do not cover bad hw_backed inputs.
737714
return OTCRYPTO_BAD_ARGS;
738715
}
739716

@@ -773,7 +750,6 @@ otcrypto_status_t otcrypto_ecdh_p256_async_finalize(
773750
kP256CoordBytes);
774751
if (shared_secret->keyblob_length !=
775752
keyblob_num_words(shared_secret->config) * sizeof(uint32_t)) {
776-
// COVERAGE (MISSING) We do not cover bad keyblob length inputs.
777753
return OTCRYPTO_BAD_ARGS;
778754
}
779755
HARDENED_CHECK_EQ(
@@ -804,13 +780,11 @@ otcrypto_status_t otcrypto_ecc_p256_public_key_import(
804780
otcrypto_unblinded_key_t *public_key) {
805781
if (x.data == NULL || y.data == NULL || public_key == NULL ||
806782
public_key->key == NULL) {
807-
// COVERAGE (MISSING) We do not cover null inputs.
808783
return OTCRYPTO_BAD_ARGS;
809784
}
810785

811786
// Check the lengths of the input coordinate buffers.
812787
if (x.len != kP256CoordWords || y.len != kP256CoordWords) {
813-
// COVERAGE (MISSING) We do not cover bad length inputs.
814788
return OTCRYPTO_BAD_ARGS;
815789
}
816790
HARDENED_CHECK_EQ(launder32(x.len), kP256CoordWords);
@@ -820,7 +794,6 @@ otcrypto_status_t otcrypto_ecc_p256_public_key_import(
820794
// accepted since the underlying point representation is the same.
821795
if (public_key->key_mode != kOtcryptoKeyModeEcdsaP256 &&
822796
public_key->key_mode != kOtcryptoKeyModeEcdhP256) {
823-
// COVERAGE (MISSING) We do not cover bad key_mode inputs.
824797
return OTCRYPTO_BAD_ARGS;
825798
}
826799

@@ -843,13 +816,11 @@ otcrypto_status_t otcrypto_ecc_p256_public_key_export(
843816
otcrypto_word32_buf_t *y) {
844817
if (x == NULL || x->data == NULL || y == NULL || y->data == NULL ||
845818
public_key == NULL || public_key->key == NULL) {
846-
// COVERAGE (MISSING) We do not cover null inputs.
847819
return OTCRYPTO_BAD_ARGS;
848820
}
849821

850822
// Check the lengths of the output coordinate buffers.
851823
if (x->len != kP256CoordWords || y->len != kP256CoordWords) {
852-
// COVERAGE (MISSING) We do not cover bad length inputs.
853824
return OTCRYPTO_BAD_ARGS;
854825
}
855826
HARDENED_CHECK_EQ(launder32(x->len), kP256CoordWords);
@@ -859,7 +830,6 @@ otcrypto_status_t otcrypto_ecc_p256_public_key_export(
859830
// accepted since the underlying point representation is the same.
860831
if (public_key->key_mode != kOtcryptoKeyModeEcdsaP256 &&
861832
public_key->key_mode != kOtcryptoKeyModeEcdhP256) {
862-
// COVERAGE (MISSING) We do not cover bad key_mode inputs.
863833
return OTCRYPTO_BAD_ARGS;
864834
}
865835

@@ -868,7 +838,6 @@ otcrypto_status_t otcrypto_ecc_p256_public_key_export(
868838

869839
// Check the integrity of the public key.
870840
if (integrity_unblinded_key_check(public_key) != kHardenedBoolTrue) {
871-
// COVERAGE (MISSING) We do not cover bad integrity set keys.
872841
return OTCRYPTO_BAD_ARGS;
873842
}
874843

@@ -885,15 +854,13 @@ otcrypto_status_t otcrypto_ecc_p256_private_key_import(
885854
otcrypto_blinded_key_t *private_key) {
886855
if (share0.data == NULL || share1.data == NULL || private_key == NULL ||
887856
private_key->keyblob == NULL) {
888-
// COVERAGE (MISSING) We do not cover null inputs.
889857
return OTCRYPTO_BAD_ARGS;
890858
}
891859

892860
// Each share must be 320 bits (256-bit scalar + 64 redundant bits for
893861
// side-channel protection).
894862
if (share0.len != kP256MaskedScalarShareWords ||
895863
share1.len != kP256MaskedScalarShareWords) {
896-
// COVERAGE (MISSING) We do not cover bad length inputs.
897864
return OTCRYPTO_BAD_ARGS;
898865
}
899866
HARDENED_CHECK_EQ(launder32(share0.len), kP256MaskedScalarShareWords);
@@ -903,13 +870,11 @@ otcrypto_status_t otcrypto_ecc_p256_private_key_import(
903870
// the private key representation is identical for both.
904871
if (private_key->config.key_mode != kOtcryptoKeyModeEcdsaP256 &&
905872
private_key->config.key_mode != kOtcryptoKeyModeEcdhP256) {
906-
// COVERAGE (MISSING) We do not cover bad key_mode inputs.
907873
return OTCRYPTO_BAD_ARGS;
908874
}
909875

910876
// Import is only supported for software-backed keys.
911877
if (private_key->config.hw_backed != kHardenedBoolFalse) {
912-
// COVERAGE (MISSING) We do not cover bad hw_backed inputs.
913878
return OTCRYPTO_BAD_ARGS;
914879
}
915880
HARDENED_CHECK_EQ(launder32(private_key->config.hw_backed),
@@ -942,15 +907,13 @@ otcrypto_status_t otcrypto_ecc_p256_private_key_export(
942907
if (share0 == NULL || share0->data == NULL || share1 == NULL ||
943908
share1->data == NULL || private_key == NULL ||
944909
private_key->keyblob == NULL) {
945-
// COVERAGE (MISSING) We do not cover null inputs.
946910
return OTCRYPTO_BAD_ARGS;
947911
}
948912

949913
// Check the output buffer lengths: each must be exactly 320 bits (256-bit
950914
// scalar + 64 redundant bits for side-channel protection).
951915
if (share0->len != kP256MaskedScalarShareWords ||
952916
share1->len != kP256MaskedScalarShareWords) {
953-
// COVERAGE (MISSING) We do not cover bad length inputs.
954917
return OTCRYPTO_BAD_ARGS;
955918
}
956919
HARDENED_CHECK_EQ(launder32(share0->len), kP256MaskedScalarShareWords);
@@ -960,21 +923,18 @@ otcrypto_status_t otcrypto_ecc_p256_private_key_export(
960923
// the private key representation is identical for both.
961924
if (private_key->config.key_mode != kOtcryptoKeyModeEcdsaP256 &&
962925
private_key->config.key_mode != kOtcryptoKeyModeEcdhP256) {
963-
// COVERAGE (MISSING) We do not cover bad key_mode inputs.
964926
return OTCRYPTO_BAD_ARGS;
965927
}
966928

967929
// Export is only supported for software-backed keys.
968930
if (private_key->config.hw_backed != kHardenedBoolFalse) {
969-
// COVERAGE (MISSING) We do not cover bad hw_backed inputs.
970931
return OTCRYPTO_BAD_ARGS;
971932
}
972933
HARDENED_CHECK_EQ(launder32(private_key->config.hw_backed),
973934
kHardenedBoolFalse);
974935

975936
// Check that the key is marked exportable.
976937
if (launder32(private_key->config.exportable) != kHardenedBoolTrue) {
977-
// COVERAGE (MISSING) We do not cover non exportable inputs.
978938
return OTCRYPTO_BAD_ARGS;
979939
}
980940
HARDENED_CHECK_EQ(private_key->config.exportable, kHardenedBoolTrue);
@@ -1007,14 +967,12 @@ otcrypto_status_t otcrypto_ecc_p256_arith_share_private_key(
1007967
otcrypto_blinded_key_t *arith_private_key) {
1008968
if (bool_private_key_share0 == NULL || bool_private_key_share1 == NULL ||
1009969
arith_private_key == NULL || arith_private_key->keyblob == NULL) {
1010-
// COVERAGE (MISSING) We do not cover null inputs.
1011970
return OTCRYPTO_BAD_ARGS;
1012971
}
1013972

1014973
// The key shares must resided in 320-bit buffers.
1015974
if (bool_private_key_share0->len != kP256MaskedScalarShareWords ||
1016975
bool_private_key_share1->len != kP256MaskedScalarShareWords) {
1017-
// COVERAGE (MISSING) We do not cover bad length inputs.
1018976
return OTCRYPTO_BAD_ARGS;
1019977
}
1020978
HARDENED_CHECK_EQ(launder32(bool_private_key_share0->len),
@@ -1026,13 +984,11 @@ otcrypto_status_t otcrypto_ecc_p256_arith_share_private_key(
1026984
// the private key representation is identical for both.
1027985
if (arith_private_key->config.key_mode != kOtcryptoKeyModeEcdsaP256 &&
1028986
arith_private_key->config.key_mode != kOtcryptoKeyModeEcdhP256) {
1029-
// COVERAGE (MISSING) We do not cover bad key_mode inputs.
1030987
return OTCRYPTO_BAD_ARGS;
1031988
}
1032989

1033990
// Import is only supported for software-backed keys.
1034991
if (arith_private_key->config.hw_backed != kHardenedBoolFalse) {
1035-
// COVERAGE (MISSING) We do not cover bad hw_backed inputs.
1036992
return OTCRYPTO_BAD_ARGS;
1037993
}
1038994
HARDENED_CHECK_EQ(launder32(arith_private_key->config.hw_backed),

0 commit comments

Comments
 (0)