Add fall-back to hash-based KDF for internal ECP DRBG
The dependency on a DRBG module was perhaps a bit strict for LTS branches, so
let's have an option that works with no DRBG when at least one SHA module is
present.
This changes the internal API of ecp_drbg_seed() by adding the size of the
MPI as a parameter. Re-computing the size from the number of limbs doesn't
work too well here as we're writing out to a fixed-size buffer and for some
curves (P-521) that would round up too much. Using mbedtls_mpi_get_len() is
not entirely satisfactory either as it would mean using a variable-length
encoding, with could open side channels.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 4103ace..e7b84f0 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -814,6 +814,69 @@
# so there's little value in running those lengthy tests here.
}
+component_test_no_drbg_all_hashes () {
+ # this tests the internal ECP DRBG using a KDF based on SHA-512
+ msg "build: Default minus DRBGs"
+ scripts/config.pl unset MBEDTLS_CTR_DRBG_C
+ scripts/config.pl unset MBEDTLS_HMAC_DRBG_C
+ scripts/config.pl unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
+ scripts/config.pl unset MBEDTLS_PSA_CRYPTO_C # requires a DRBG
+ scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA Crypto
+
+ CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ make
+
+ msg "test: Default minus DRBGs"
+ make test
+
+ # no SSL tests as they all depend on having a DRBG
+}
+
+component_test_no_drbg_no_sha512 () {
+ # this tests the internal ECP DRBG using a KDF based on SHA-256
+ msg "build: Default minus DRBGs minus SHA-512"
+ scripts/config.pl unset MBEDTLS_CTR_DRBG_C
+ scripts/config.pl unset MBEDTLS_HMAC_DRBG_C
+ scripts/config.pl unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
+ scripts/config.pl unset MBEDTLS_PSA_CRYPTO_C # requires a DRBG
+ scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA Crypto
+ scripts/config.pl unset MBEDTLS_SHA512_C
+
+ CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ make
+
+ msg "test: Default minus DRBGs minus SHA-512"
+ make test
+
+ # no SSL tests as they all depend on having a DRBG
+}
+
+component_test_no_drbg_no_sha2 () {
+ # this tests the internal ECP DRBG using a KDF based on SHA-1
+ msg "build: Default minus DRBGs minus SHA-2"
+ scripts/config.pl unset MBEDTLS_CTR_DRBG_C
+ scripts/config.pl unset MBEDTLS_HMAC_DRBG_C
+ scripts/config.pl unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
+ scripts/config.pl unset MBEDTLS_PSA_CRYPTO_C # requires a DRBG
+ scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA Crypto
+ scripts/config.pl unset MBEDTLS_SHA512_C
+ scripts/config.pl unset MBEDTLS_SHA256_C
+ scripts/config.pl unset MBEDTLS_ENTROPY_C # requires SHA-2
+ scripts/config.pl unset MBEDTLS_PSA_CRYPTO_C # requires Entropy
+ scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA Crypto
+ scripts/config.pl unset MBEDTLS_PSA_CRYPTO_SE_C # requires PSA Crypto
+ scripts/config.pl unset MBEDTLS_USE_PSA_CRYPTO # requires PSA Crypto
+ scripts/config.pl unset MBEDTLS_SSL_PROTO_TLS1_2 # requires SHA-2
+
+ CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ make
+
+ msg "test: Default minus DRBGs minus SHA-2"
+ make test
+
+ # no SSL tests as they all depend on having a DRBG
+}
+
component_test_ecp_no_internal_rng () {
msg "build: Default plus ECP_NO_INTERNAL_RNG minus DRBG modules"
scripts/config.pl set MBEDTLS_ECP_NO_INTERNAL_RNG