Add build option for exposing self-test failure messages (#433)

*Issue #, if available:* ACCP-129

_**THIS FEATURE IS NOT INTENDED FOR PRODUCTION AND IS THUS LEFT
UNDOCUMENTED IN OUR README**_

## Notes

This PR builds on prior work from @amirhosv on the
`fips-experimentation` branch to provide an alternative mode of handling
AWS-LC self test failures. We call this (non-default) mode
`FIPS_SELF_TEST_SKIP_ABORT`, and it is only usable when ACCP is built in
FIPS mode.

By default, AWS-LC will `abort()` on self-test failures. However, as of
AWS-LC v1.47, when built with the `AWSLC_FIPS_FAILURE_CALLBACK` build
flag AWS-LC will [call][1] a [weak symbol][2]
`AWS_LC_fips_failure_callback` function to handle self test failures
instead of aborting. When ACCP is built with
`-DFIPS_SELF_TEST_SKIP_ABORT`, ACCP defines
`AWS_LC_fips_failure_callback` such that it appends to a queue of error
strings in ACCP's native heap. To manage the accumulated error strings,
we add a native `std::vector` wrapper `ConcurrentStringVector` providing
a minimal, threadsafe API. Once the error queue is non-empty, all
subsequent `getInstance` calls on an algorithm provided by ACCP will
throw `FipsStatusException`.

We provide two functions for callers to query fips self test error state
on an `AmazonCorrettoCryptoProvider` instance:

- `public boolean isFipsStatusOk()`
- `public List<String> getFipsSelfTestFailures()`

We could get away with only the latter function, but we provide
`isFipsStatusOk()` to avoid performance costs of copying error strings
over the JNI.


[1]:
https://github.com/aws/aws-lc/blob/1d8b807ed1ae75c89beda6c73a4ae27c404fa46f/crypto/fipsmodule/bcm.c#L416
[2]:
https://github.com/aws/aws-lc/blob/1d8b807ed1ae75c89beda6c73a4ae27c404fa46f/crypto/internal.h#L1427-L1432

## Testing

To adequately test the new mode, we need to build AWS-LC with
`FIPS_BREAK_TEST=TESTS` to programmatically break AWS-LC's pairwise
consistency tests (PCTs). We test against each available PCT breakage
during key generation by setting the appropriate environment variable,
indicating which PCT to break. Unfortunately, Java doesn't appear to
have a standard utility for manipulating process environment variables
at runtime, so we create our own `TestUtil.setEnv` that calls POSIX
`setenv`/`unsetenv` over the JNI.

In addition to CI tests, I've also executed `run_accp_basic_tests.sh`
with the new `--fips-self-test-failure-no-abort` flag, which will
eventually be incorporated into our GitHub CI.

```
$ TEST_JAVA_HOME=/usr/lib/jvm/java-17-amazon-corretto.x86_64 ./tests/ci/run_accp_basic_tests.sh --fips-self-test-failure-no-abort
...
BUILD SUCCESSFUL in 40m 15s
18 actionable tasks: 13 executed, 5 up-to-date
```

---

By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice.

---------

Co-authored-by: Amir Vakili <[email protected]>
Co-authored-by: Amir Vakili <[email protected]>
Co-authored-by: Gerardo Ravago 🇵🇭 <[email protected]>

Author: 3 people

CHANGELOG.md

@@ -1,5 +1,10 @@
 # Changelog
 
+## 2.6.0
+
+### Minor
+* [PR 433:](https://github.com/corretto/amazon-corretto-crypto-provider/pull/433) Add build option for exposing self-test failure messages
+
 ## 2.5.0
 
 ### Minor

CMakeLists.txt

@@ -42,6 +42,7 @@ set(TEST_DATA_DIR ${PROJECT_SOURCE_DIR}/test-data/ CACHE STRING "Path to directo
 set(ORIG_SRCROOT ${PROJECT_SOURCE_DIR} CACHE STRING "Path to root of original package")
 set(PROVIDER_VERSION_STRING "" CACHE STRING "X.Y.Z formatted version of the provider")
 set(EXPERIMENTAL_FIPS NO CACHE BOOL "Determines if this build is for FIPS mode with extra features from a non-FIPS branch of AWS-LC.")
+set(FIPS_SELF_TEST_SKIP_ABORT NO CACHE BOOL "Determines whether ACCP throws exceptions on self-test failure, or AWS-LC aborts. If NO, AWS-LC aborts. If YES, ACCP will provide error messages.")
 set(FIPS NO CACHE BOOL "Determine if this build is for FIPS mode")
 set(ALWAYS_ALLOW_EXTERNAL_LIB NO CACHE BOOL "Always permit tests to load ACCP shared objects from the library path")
 set(AWS_LC_VERSION_STRING "" CACHE STRING "Git version of AWS-LC used in this build")
@@ -51,6 +52,10 @@ if (EXPERIMENTAL_FIPS)
     set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DEXPERIMENTAL_FIPS_BUILD")
 endif()
 
+if (FIPS_SELF_TEST_SKIP_ABORT)
+    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DFIPS_SELF_TEST_SKIP_ABORT")
+endif()
+
 if (USE_CLANG_TIDY)
     # https://releases.llvm.org/9.0.0/tools/clang/tools/extra/docs/clang-tidy/checks/list.html
     # https://clang.llvm.org/extra/clang-tidy/#suppressing-undesired-diagnostics
@@ -294,6 +299,7 @@ set(C_SRC
     csrc/util.cpp
     csrc/util_class.cpp
     csrc/fips_kat_self_test.cpp
+    csrc/fips_status.cpp
     ${JNI_HEADER_DIR}/generated-headers.h)
 
 if(FIPS)
@@ -504,7 +510,7 @@ if(NOT ENABLE_NATIVE_TEST_HOOKS)
     CHECK_LINKER_FLAG_SUPPORT(USE_VERSION_SCRIPT "-Wl,--version-script -Wl,${CMAKE_CURRENT_SOURCE_DIR}/final-link.version")
 
 # This does the same thing as the version script, but works on Darwin platforms
-    CHECK_LINKER_FLAG_SUPPORT(USE_EXPORTED_SYMBOL "-Wl,-exported_symbol '-Wl,_Java_*' -Wl,-exported_symbol '-Wl,_JNI_*'")
+    CHECK_LINKER_FLAG_SUPPORT(USE_EXPORTED_SYMBOL "-Wl,-exported_symbol '-Wl,_Java_*' '-Wl,_AWS_LC_fips_failure_callback' -Wl,-exported_symbol '-Wl,_JNI_*'")
 endif()
 
 # Attempt to drop unused sections; the idea here is to exclude unreferenced
@@ -681,6 +687,7 @@ add_custom_target(check-junit
         --select-package=com.amazon.corretto.crypto.provider.test
         --exclude-package=com.amazon.corretto.crypto.provider.test.integration
         --exclude-classname=com.amazon.corretto.crypto.provider.test.SecurityManagerTest
+        --exclude-classname=com.amazon.corretto.crypto.provider.test.FipsStatusTest
 
     DEPENDS accp-jar tests-jar)
 
@@ -702,6 +709,15 @@ add_custom_target(check-junit-SecurityManager
 
     DEPENDS accp-jar tests-jar)
 
+add_custom_target(check-junit-FipsStatus
+    COMMAND ${TEST_JAVA_EXECUTABLE}
+        ${TEST_RUNNER_ARGUMENTS}
+        --select-class=com.amazon.corretto.crypto.provider.test.AesTest # Force loading ciphers
+        --select-class=com.amazon.corretto.crypto.provider.test.SHA1Test # Force loading digests
+        --select-class=com.amazon.corretto.crypto.provider.test.FipsStatusTest
+
+    DEPENDS accp-jar tests-jar)
+
 add_custom_target(check-with-jni-flag
     COMMAND ${TEST_JAVA_EXECUTABLE}
         -Xcheck:jni
@@ -749,6 +765,7 @@ add_custom_target(check-junit-extra-checks
         ${TEST_RUNNER_ARGUMENTS}
         --select-package=com.amazon.corretto.crypto.provider.test
         --exclude-package=com.amazon.corretto.crypto.provider.test.integration
+        --exclude-classname=com.amazon.corretto.crypto.provider.test.FipsStatusTest
         --exclude-classname=com.amazon.corretto.crypto.provider.test.SecurityManagerTest
 
     DEPENDS accp-jar tests-jar)
@@ -845,7 +862,8 @@ add_custom_target(check-junit-edKeyFactory
 
     DEPENDS accp-jar tests-jar)
 
-set(check_targets check-recursive-init
+set(check_targets
+    check-recursive-init
     check-install-via-properties
     check-install-via-properties-with-debug
     check-junit
@@ -854,7 +872,8 @@ set(check_targets check-recursive-init
     check-junit-AesLazy
     check-junit-AesEager
     check-junit-DifferentTempDir
-    check-junit-edKeyFactory)
+    check-junit-edKeyFactory
+    check-junit-FipsStatus)
 
 if(${CMAKE_SYSTEM_NAME} MATCHES "Linux")
   set(check_targets ${check_targets} check-with-jni-flag)

build.gradle

@@ -32,6 +32,16 @@ if (System.properties["AWSLC_GITVERSION"]) {
 }
 
 ext.isLegacyBuild = Boolean.getBoolean('LEGACY_BUILD')
+ext.allowFipsTestBreak = Boolean.getBoolean('ALLOW_FIPS_TEST_BREAK')
+ext.isFipsSelfTestFailureSkipAbort = Boolean.getBoolean('FIPS_SELF_TEST_SKIP_ABORT')
+
+if (allowFipsTestBreak && !isFips) {
+    throw new GradleException("ALLOW_FIPS_TEST_BREAK can only be set if FIPS is also set to true")
+}
+
+if (isFipsSelfTestFailureSkipAbort && !isFips) {
+    throw new GradleException("FIPS_SELF_TEST_SKIP_ABORT can only be set if FIPS is also set to true")
+}
 
 ext.lcovIgnore = System.properties['LCOV_IGNORE']
 if (ext.lcovIgnore == null) {
@@ -253,9 +263,20 @@ task buildAwsLc {
 
 
                 if (isFips) {
+                    println "Building AWS-LC in FIPS mode"
                     args '-DFIPS=1'
                 }
 
+                if (allowFipsTestBreak) {
+                    println "Building AWS-LC with hooks to break FIPS tests"
+                    args '-DFIPS_BREAK_TEST=TESTS'
+                }
+
+                if (isFipsSelfTestFailureSkipAbort) {
+                    println "Building AWS-LC to call callback instead of aborting on self-test failure"
+                    args '-DCMAKE_C_FLAGS="-DAWSLC_FIPS_FAILURE_CALLBACK"'
+                }
+
                 args '.'
             }
         }
@@ -342,6 +363,9 @@ task executeCmake(type: Exec) {
     if (isExperimentalFips) {
         args '-DEXPERIMENTAL_FIPS=ON'
     }
+    if (isFipsSelfTestFailureSkipAbort) {
+        args '-DFIPS_SELF_TEST_SKIP_ABORT=ON'
+    }
 
     if (prebuiltJar != null) {
        args '-DSIGNED_JAR=' + prebuiltJar
@@ -555,11 +579,9 @@ task coverage_cmake(type: Exec) {
     if (isExperimentalFips) {
         args '-DEXPERIMENTAL_FIPS=ON'
     }
-
     if (System.properties['JAVA_HOME'] != null) {
         args '-DJAVA_HOME=' + System.properties['JAVA_HOME']
     }
-
     if (System.properties['SINGLE_TEST'] != null) {
         args '-DSINGLE_TEST=' + System.properties['SINGLE_TEST']
 

csrc/ed_gen.cpp

@@ -7,12 +7,12 @@
 
 using namespace AmazonCorrettoCryptoProvider;
 
-void generateEdKey(EVP_PKEY_auto& key)
+static void generateEdKey(EVP_PKEY_auto& key)
 {
     EVP_PKEY_CTX_auto ctx = EVP_PKEY_CTX_auto::from(EVP_PKEY_CTX_new_id(EVP_PKEY_ED25519, nullptr));
     CHECK_OPENSSL(ctx.isInitialized());
     CHECK_OPENSSL(EVP_PKEY_keygen_init(ctx) == 1);
-    CHECK_OPENSSL(EVP_PKEY_keygen(ctx, key.getAddressOfPtr()));
+    CHECK_OPENSSL(EVP_PKEY_keygen(ctx, key.getAddressOfPtr()) == 1);
 }
 
 JNIEXPORT jlong JNICALL Java_com_amazon_corretto_crypto_provider_EdGen_generateEvpEdKey(JNIEnv* pEnv, jclass)

csrc/fips_status.cpp

@@ -0,0 +1,87 @@
+// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+#include <cstdio>
+#include <functional>
+#include <jni.h>
+#include <string.h>
+#include <vector>
+
+#include "string_vector.h"
+
+static AmazonCorrettoCryptoProvider::ConcurrentStringVector fipsStatusErrors(1024);
+
+// To have this symbol exported, one needs to modify the final-link.version and the CMakeLists.txt
+extern "C" void AWS_LC_fips_failure_callback(char const* message);
+
+#if defined(FIPS_SELF_TEST_SKIP_ABORT)
+void AWS_LC_fips_failure_callback(char const* message)
+{
+    const size_t char_limit = 128;
+    if (strnlen(message, char_limit + 1) > char_limit) {
+        fprintf(stderr, "AWS_LC_fips_failure_callback invoked with message message exceeding %lu chars\n", char_limit);
+        return;
+    }
+    fprintf(stderr, "AWS_LC_fips_failure_callback invoked with message: '%s'\n", message);
+    fipsStatusErrors.push_back(message);
+}
+#else
+void AWS_LC_fips_failure_callback(char const* message)
+{
+    fprintf(stderr, "AWS_LC_fips_failure_callback invoked with message: '%s'\n", message);
+    abort();
+}
+#endif
+
+extern "C" JNIEXPORT jobject JNICALL
+Java_com_amazon_corretto_crypto_provider_AmazonCorrettoCryptoProvider_getFipsSelfTestFailuresInternal(
+    JNIEnv* env, jobject thisObj)
+{
+    std::vector<std::string> errors = fipsStatusErrors.to_std();
+
+    // Construct a Java ArrayList, get a handle for the |add| method
+    jclass arrayListClass = env->FindClass("java/util/ArrayList");
+    if (arrayListClass == NULL) {
+        abort();
+    }
+    jmethodID constructor = env->GetMethodID(arrayListClass, "<init>", "()V");
+    if (constructor == NULL) {
+        abort();
+    }
+    jobject arrayList = env->NewObject(arrayListClass, constructor);
+    if (arrayList == NULL) {
+        abort();
+    }
+    jmethodID addMethod = env->GetMethodID(arrayListClass, "add", "(Ljava/lang/Object;)Z");
+    if (addMethod == NULL) {
+        abort();
+    }
+
+    // Copy the errors over to |arrayList| and clean up temporary local reference
+    for (size_t i = 0; i < errors.size(); i++) {
+        jstring javaString = env->NewStringUTF(errors[i].c_str());
+        env->CallVoidMethod(arrayList, addMethod, javaString);
+        env->DeleteLocalRef(javaString);
+    }
+
+    return arrayList;
+}
+
+extern "C" JNIEXPORT int JNICALL
+Java_com_amazon_corretto_crypto_provider_AmazonCorrettoCryptoProvider_fipsStatusErrorCount(JNIEnv* env, jobject thisObj)
+{
+    return fipsStatusErrors.size();
+}
+
+// TEST methods below
+
+extern "C" JNIEXPORT void JNICALL Java_com_amazon_corretto_crypto_provider_test_NativeTestHooks_resetFipsStatus(
+    JNIEnv*, jclass)
+{
+    fipsStatusErrors.clear();
+}
+
+extern "C" JNIEXPORT void JNICALL
+Java_com_amazon_corretto_crypto_provider_test_NativeTestHooks_callAwsLcFipsFailureCallback(JNIEnv*, jclass)
+{
+    AWS_LC_fips_failure_callback("called by a test");
+}

csrc/loader.cpp

@@ -56,6 +56,16 @@ JNIEXPORT jboolean JNICALL Java_com_amazon_corretto_crypto_provider_Loader_isExp
 #endif
 }
 
+JNIEXPORT jboolean JNICALL Java_com_amazon_corretto_crypto_provider_Loader_isFipsSelfTestFailureSkipAbort(
+    JNIEnv*, jclass)
+{
+#ifdef FIPS_SELF_TEST_SKIP_ABORT
+    return JNI_TRUE;
+#else
+    return JNI_FALSE;
+#endif
+}
+
 JNIEXPORT jstring JNICALL Java_com_amazon_corretto_crypto_provider_Loader_getNativeLibraryVersion(JNIEnv* pEnv, jclass)
 {
     try {

csrc/string_vector.h

@@ -0,0 +1,71 @@
+// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+#ifndef STRING_VECTOR_H
+#define STRING_VECTOR_H
+
+#include "compiler.h"
+
+#include <cstdio>
+#include <cstdlib>
+#include <deque>
+#include <pthread.h>
+#include <string>
+
+namespace AmazonCorrettoCryptoProvider {
+
+class ConcurrentStringVector {
+private:
+    std::deque<std::string> vec;
+    const size_t limit;
+    mutable pthread_rwlock_t lock;
+
+public:
+    ConcurrentStringVector(size_t limit)
+        : limit(limit)
+    {
+        pthread_rwlock_init(&lock, nullptr);
+    }
+
+    ~ConcurrentStringVector() { pthread_rwlock_destroy(&lock); }
+
+    // Disable copy constructors
+    ConcurrentStringVector(const ConcurrentStringVector&);
+    ConcurrentStringVector& operator=(const ConcurrentStringVector&);
+
+    void push_back(const std::string& value)
+    {
+        pthread_rwlock_wrlock(&lock);
+        if (vec.size() >= limit) { // If we're at the limit, pop FIFO
+            vec.pop_front();
+        }
+        vec.push_back(std::string(value));
+        pthread_rwlock_unlock(&lock);
+    }
+
+    void clear()
+    {
+        pthread_rwlock_wrlock(&lock);
+        vec.clear();
+        pthread_rwlock_unlock(&lock);
+    }
+
+    size_t size() const
+    {
+        pthread_rwlock_rdlock(&lock);
+        size_t vec_size = vec.size();
+        pthread_rwlock_unlock(&lock);
+        return vec_size;
+    }
+
+    std::vector<std::string> to_std() const
+    {
+        pthread_rwlock_rdlock(&lock);
+        std::vector<std::string> out(vec.begin(), vec.end()); // Use copy constructor, no references
+        pthread_rwlock_unlock(&lock);
+        return out;
+    }
+};
+
+} // namespace AmazonCorrettoCryptoProvider
+
+#endif // STRING_VECTOR_H

csrc/test_util.cpp

@@ -64,4 +64,32 @@ extern "C" JNIEXPORT jbyteArray JNICALL Java_com_amazon_corretto_crypto_provider
     }
 }
 
+/*
+ * Class:     com_amazon_corretto_crypto_provider_test_TestUtil
+ * Method:    setEnv
+ * Signature: (Ljava/lang/String;Ljava/lang/String;)V
+ */
+extern "C" JNIEXPORT void JNICALL Java_com_amazon_corretto_crypto_provider_test_TestUtil_setEnv(
+    JNIEnv* pEnv, jclass, jstring nameJava, jstring valueJava)
+{
+    int ret;
+    try {
+        raii_env env(pEnv);
+        const char* name = env->GetStringUTFChars(nameJava, 0);
+        if (valueJava == nullptr) {
+            ret = unsetenv(name);
+        } else {
+            const char* value = env->GetStringUTFChars(valueJava, 0);
+            ret = setenv(name, value, /*overwrite*/ 1);
+            env->ReleaseStringUTFChars(valueJava, value);
+        }
+        env->ReleaseStringUTFChars(nameJava, name);
+        if (ret != 0) { // non-zero indicates failure https://man7.org/linux/man-pages/man3/setenv.3.html
+            throw_java_ex(EX_RUNTIME_CRYPTO, "Error calling POSIX setenv or unsetenv");
+        }
+    } catch (java_ex& ex) {
+        ex.throw_to_java(pEnv);
+    }
+}
+
 } // namespace

final-link.version

@@ -1,6 +1,7 @@
 {
     global:
         Java_*;
+        AWS_LC_fips_failure_callback;
         JNI_*;
         hook_*;
     local:

src/com/amazon/corretto/crypto/provider/AesGcmSpi.java

@@ -316,7 +316,6 @@ protected void engineInit(
       final AlgorithmParameterSpec algorithmParameterSpec,
       final SecureRandom secureRandom)
       throws InvalidKeyException, InvalidAlgorithmParameterException {
-
     final int opMode = checkOperation(jceOpMode);
 
     final GCMParameterSpec spec = checkSpecAndTag(algorithmParameterSpec);