TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 6275be34831cb6b07c1bf326cd795750dbe8886f / . / tests / suites / test_suite_ctr_drbg.function
blob: f0465d3826a5fd91323d39a956d0f5c1bed26c56 [file] [log] [blame]
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1/* BEGIN_HEADER */
Gilles Peskineef0624f2018-08-03 20:23:09 +0200[diff] [blame]2#include "mbedtls/entropy.h"
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]3#include "mbedtls/ctr_drbg.h"
Mohammad Azim Khan67735d52017-04-06 11:55:43 +0100[diff] [blame]4#include "string.h"
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]5
Gilles Peskine5ef5a9a2018-08-03 20:27:50 +0200[diff] [blame]6/* Modes for ctr_drbg_validate */
7enum reseed_mode
8{
9 RESEED_NEVER, /* never reseed */
10 RESEED_FIRST, /* instantiate, reseed, generate, generate */
11 RESEED_SECOND, /* instantiate, generate, reseed, generate */
12 RESEED_ALWAYS /* prediction resistance, no explicit reseed */
13};
14
Gilles Peskineef0624f2018-08-03 20:23:09 +0200[diff] [blame]15static size_t test_offset_idx;
16static size_t test_max_idx;
Reut Caspie278b362017-10-19 08:49:19 +0100[diff] [blame]17static int mbedtls_test_entropy_func( void *data, unsigned char *buf, size_t len )
Paul Bakker0e04d0e2011-11-27 14:46:59 +0000[diff] [blame]18{
Manuel Pégourié-Gonnard7575daa2014-01-31 12:16:54 +0100[diff] [blame]19 const unsigned char *p = (unsigned char *) data;
Gilles Peskineef0624f2018-08-03 20:23:09 +0200[diff] [blame]20 if( test_offset_idx + len > test_max_idx )
21 return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
Paul Bakker3ddfa662013-11-26 17:45:20 +0100[diff] [blame]22 memcpy( buf, p + test_offset_idx, len );
Manuel Pégourié-Gonnard7575daa2014-01-31 12:16:54 +0100[diff] [blame]23 test_offset_idx += len;
Paul Bakker0e04d0e2011-11-27 14:46:59 +0000[diff] [blame]24 return( 0 );
25}
Nir Sonnenschein6275be32018-08-29 10:25:30 +0300[diff] [blame^]26
27static int ctr_drbg_validate_internal( int reseed_mode, data_t * nonce,
28 int entropy_len_arg, data_t * entropy,
29 data_t * reseed,
30 data_t * add1, data_t * add2,
31 data_t * result )
32{
33 mbedtls_ctr_drbg_context ctx;
34 unsigned char buf[64];
35
36 size_t entropy_chunk_len = (size_t) entropy_len_arg;
37
38 test_offset_idx = 0;
39 mbedtls_ctr_drbg_init( &ctx );
40
41 test_max_idx = entropy->len;
42
43 /* CTR_DRBG_Instantiate(entropy[:entropy_len], nonce, perso, <ignored>)
44 * where nonce||perso = nonce[nonce_len] */
45 TEST_ASSERT( mbedtls_ctr_drbg_seed_entropy_len(
46 &ctx,
47 mbedtls_test_entropy_func, entropy->x,
48 nonce->x, nonce->len,
49 entropy_chunk_len ) == 0 );
50 if( reseed_mode == RESEED_ALWAYS )
51 mbedtls_ctr_drbg_set_prediction_resistance(
52 &ctx,
53 MBEDTLS_CTR_DRBG_PR_ON );
54
55 if( reseed_mode == RESEED_FIRST )
56 {
57 /* CTR_DRBG_Reseed(entropy[idx:idx+entropy_len],
58 * reseed[:reseed_len]) */
59 TEST_ASSERT( mbedtls_ctr_drbg_reseed(
60 &ctx,
61 reseed->x, reseed->len ) == 0 );
62 }
63
64 /* CTR_DRBG_Generate(result->len * 8 bits, add1[:add1_len]) -> buf */
65 /* Then reseed if prediction resistance is enabled. */
66 TEST_ASSERT( mbedtls_ctr_drbg_random_with_add(
67 &ctx,
68 buf, result->len,
69 add1->x, add1->len ) == 0 );
70
71
72 if( reseed_mode == RESEED_SECOND )
73 {
74 /* CTR_DRBG_Reseed(entropy[idx:idx+entropy_len],
75 * reseed[:reseed_len]) */
76 TEST_ASSERT( mbedtls_ctr_drbg_reseed(
77 &ctx,
78 reseed->x, reseed->len ) == 0 );
79 }
80
81 /* CTR_DRBG_Generate(result->len * 8 bits, add2->x[:add2->len]) -> buf */
82 /* Then reseed if prediction resistance is enabled. */
83 TEST_ASSERT( mbedtls_ctr_drbg_random_with_add(
84 &ctx,
85 buf, result->len,
86 add2->x, add2->len ) == 0 );
87 TEST_ASSERT( memcmp( buf, result->x, result->len ) == 0 );
88
89exit:
90 mbedtls_ctr_drbg_free( &ctx );
91 return 0;
92}
93
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]94/* END_HEADER */
Paul Bakker0e04d0e2011-11-27 14:46:59 +0000[diff] [blame]95
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]96/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]97 * depends_on:MBEDTLS_CTR_DRBG_C
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]98 * END_DEPENDENCIES
99 */
Paul Bakker0e04d0e2011-11-27 14:46:59 +0000[diff] [blame]100
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]101/* BEGIN_CASE */
Nir Sonnenschein6275be32018-08-29 10:25:30 +0300[diff] [blame^]102void ctr_drbg_special_behaviours( )
Paul Bakker185ccf72016-07-14 13:21:10 +0100[diff] [blame]103{
104 mbedtls_ctr_drbg_context ctx;
105 unsigned char output[512];
106 unsigned char additional[512];
107
108 mbedtls_ctr_drbg_init( &ctx );
109 memset( output, 0, sizeof( output ) );
110 memset( additional, 0, sizeof( additional ) );
111
112 TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx,
113 output, MBEDTLS_CTR_DRBG_MAX_REQUEST + 1,
114 additional, 16 ) ==
115 MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG );
116 TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx,
117 output, 16,
118 additional, MBEDTLS_CTR_DRBG_MAX_INPUT + 1 ) ==
119 MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
120
121 TEST_ASSERT( mbedtls_ctr_drbg_reseed( &ctx, additional,
122 MBEDTLS_CTR_DRBG_MAX_SEED_INPUT + 1 ) ==
123 MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
Andres Amaya Garcia6a543362017-01-17 23:04:22 +0000[diff] [blame]124
125 mbedtls_ctr_drbg_set_entropy_len( &ctx, ~0 );
126 TEST_ASSERT( mbedtls_ctr_drbg_reseed( &ctx, additional,
127 MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ) ==
128 MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
Paul Bakker185ccf72016-07-14 13:21:10 +0100[diff] [blame]129exit:
130 mbedtls_ctr_drbg_free( &ctx );
131}
132/* END_CASE */
133
134/* BEGIN_CASE */
Nir Sonnenschein6275be32018-08-29 10:25:30 +0300[diff] [blame^]135void ctr_drbg_validate( int reseed_mode, data_t * nonce,
136 int entropy_len_arg, data_t * entropy,
137 data_t * reseed,
138 data_t * add1, data_t * add2,
139 data_t * result_string )
Gilles Peskine4c786652018-08-03 20:24:54 +0200[diff] [blame]140{
Nir Sonnenschein6275be32018-08-29 10:25:30 +0300[diff] [blame^]141 TEST_ASSERT( ctr_drbg_validate_internal( reseed_mode, nonce,
142 entropy_len_arg, entropy,
143 reseed, add1,
144 add2, result_string) == 0 );
Gilles Peskine4c786652018-08-03 20:24:54 +0200[diff] [blame]145}
146/* END_CASE */
Gilles Peskine5ef5a9a2018-08-03 20:27:50 +0200[diff] [blame]147
148/* BEGIN_CASE */
Nir Sonnenschein6275be32018-08-29 10:25:30 +0300[diff] [blame^]149void ctr_drbg_validate_no_reseed( data_t * add_init, data_t * entropy,
150 data_t * add1, data_t * add2,
151 data_t * result_string )
Gilles Peskine5ef5a9a2018-08-03 20:27:50 +0200[diff] [blame]152{
Nir Sonnenschein6275be32018-08-29 10:25:30 +0300[diff] [blame^]153 data_t empty = {0};
154 TEST_ASSERT( ctr_drbg_validate_internal( RESEED_NEVER, add_init,
155 entropy->len, entropy,
156 &empty, add1, add2,
157 result_string ) == 0);
Gilles Peskine5ef5a9a2018-08-03 20:27:50 +0200[diff] [blame]158}
159/* END_CASE */
160
161/* BEGIN_CASE */
Nir Sonnenschein6275be32018-08-29 10:25:30 +0300[diff] [blame^]162void ctr_drbg_validate_pr( data_t * add_init, data_t * entropy,
163 data_t * add1, data_t * add2,
164 data_t * result_string )
Paul Bakker0e04d0e2011-11-27 14:46:59 +0000[diff] [blame]165{
Nir Sonnenschein6275be32018-08-29 10:25:30 +0300[diff] [blame^]166 data_t empty = {0};
167 TEST_ASSERT( ctr_drbg_validate_internal( RESEED_ALWAYS, add_init,
168 entropy->len / 3, entropy,
169 &empty, add1, add2,
170 result_string ) == 0);
Paul Bakker0e04d0e2011-11-27 14:46:59 +0000[diff] [blame]171}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]172/* END_CASE */
Paul Bakker0e04d0e2011-11-27 14:46:59 +0000[diff] [blame]173
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]174/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]175void ctr_drbg_validate_nopr( data_t * add_init, data_t * entropy,
176 data_t * add1, data_t * add_reseed,
Nir Sonnenschein6275be32018-08-29 10:25:30 +0300[diff] [blame^]177 data_t * add2, data_t * result_string )
Paul Bakker0e04d0e2011-11-27 14:46:59 +0000[diff] [blame]178{
Nir Sonnenschein6275be32018-08-29 10:25:30 +0300[diff] [blame^]179 TEST_ASSERT( ctr_drbg_validate_internal( RESEED_SECOND, add_init,
180 entropy->len / 2, entropy,
181 add_reseed, add1, add2,
182 result_string ) == 0);
Paul Bakker0e04d0e2011-11-27 14:46:59 +0000[diff] [blame]183}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]184/* END_CASE */
Manuel Pégourié-Gonnardb3b205e2014-01-31 12:04:06 +0100[diff] [blame]185
Manuel Pégourié-Gonnard7575daa2014-01-31 12:16:54 +0100[diff] [blame]186/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]187void ctr_drbg_entropy_usage( )
Manuel Pégourié-Gonnard7575daa2014-01-31 12:16:54 +0100[diff] [blame]188{
189 unsigned char out[16];
190 unsigned char add[16];
191 unsigned char entropy[1024];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]192 mbedtls_ctr_drbg_context ctx;
Manuel Pégourié-Gonnard7575daa2014-01-31 12:16:54 +0100[diff] [blame]193 size_t i, reps = 10;
Gilles Peskineef0624f2018-08-03 20:23:09 +0200[diff] [blame]194 size_t last_idx;
Manuel Pégourié-Gonnard7575daa2014-01-31 12:16:54 +0100[diff] [blame]195
Manuel Pégourié-Gonnard8d128ef2015-04-28 22:38:08 +0200[diff] [blame]196 mbedtls_ctr_drbg_init( &ctx );
Manuel Pégourié-Gonnard7575daa2014-01-31 12:16:54 +0100[diff] [blame]197 test_offset_idx = 0;
Gilles Peskineef0624f2018-08-03 20:23:09 +0200[diff] [blame]198 test_max_idx = sizeof( entropy );
Manuel Pégourié-Gonnard7575daa2014-01-31 12:16:54 +0100[diff] [blame]199 memset( entropy, 0, sizeof( entropy ) );
200 memset( out, 0, sizeof( out ) );
201 memset( add, 0, sizeof( add ) );
202
203 /* Init must use entropy */
204 last_idx = test_offset_idx;
Reut Caspie278b362017-10-19 08:49:19 +0100[diff] [blame]205 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctx, mbedtls_test_entropy_func, entropy, NULL, 0 ) == 0 );
Manuel Pégourié-Gonnard7575daa2014-01-31 12:16:54 +0100[diff] [blame]206 TEST_ASSERT( last_idx < test_offset_idx );
207
208 /* By default, PR is off and reseed_interval is large,
209 * so the next few calls should not use entropy */
210 last_idx = test_offset_idx;
211 for( i = 0; i < reps; i++ )
212 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]213 TEST_ASSERT( mbedtls_ctr_drbg_random( &ctx, out, sizeof( out ) - 4 ) == 0 );
214 TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, out, sizeof( out ) - 4,
Manuel Pégourié-Gonnard7575daa2014-01-31 12:16:54 +0100[diff] [blame]215 add, sizeof( add ) ) == 0 );
216 }
217 TEST_ASSERT( last_idx == test_offset_idx );
218
219 /* While at it, make sure we didn't write past the requested length */
220 TEST_ASSERT( out[sizeof( out ) - 4] == 0 );
221 TEST_ASSERT( out[sizeof( out ) - 3] == 0 );
222 TEST_ASSERT( out[sizeof( out ) - 2] == 0 );
223 TEST_ASSERT( out[sizeof( out ) - 1] == 0 );
224
225 /* Set reseed_interval to the number of calls done,
226 * so the next call should reseed */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]227 mbedtls_ctr_drbg_set_reseed_interval( &ctx, 2 * reps );
228 TEST_ASSERT( mbedtls_ctr_drbg_random( &ctx, out, sizeof( out ) ) == 0 );
Manuel Pégourié-Gonnard7575daa2014-01-31 12:16:54 +0100[diff] [blame]229 TEST_ASSERT( last_idx < test_offset_idx );
230
231 /* The new few calls should not reseed */
232 last_idx = test_offset_idx;
233 for( i = 0; i < reps / 2; i++ )
234 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]235 TEST_ASSERT( mbedtls_ctr_drbg_random( &ctx, out, sizeof( out ) ) == 0 );
236 TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, out, sizeof( out ) ,
Manuel Pégourié-Gonnard7575daa2014-01-31 12:16:54 +0100[diff] [blame]237 add, sizeof( add ) ) == 0 );
238 }
239 TEST_ASSERT( last_idx == test_offset_idx );
240
Manuel Pégourié-Gonnardf5f25b32014-11-27 14:04:56 +0100[diff] [blame]241 /* Call update with too much data (sizeof entropy > MAX(_SEED)_INPUT)
242 * (just make sure it doesn't cause memory corruption) */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]243 mbedtls_ctr_drbg_update( &ctx, entropy, sizeof( entropy ) );
Manuel Pégourié-Gonnardf5f25b32014-11-27 14:04:56 +0100[diff] [blame]244
Manuel Pégourié-Gonnard7575daa2014-01-31 12:16:54 +0100[diff] [blame]245 /* Now enable PR, so the next few calls should all reseed */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]246 mbedtls_ctr_drbg_set_prediction_resistance( &ctx, MBEDTLS_CTR_DRBG_PR_ON );
247 TEST_ASSERT( mbedtls_ctr_drbg_random( &ctx, out, sizeof( out ) ) == 0 );
Manuel Pégourié-Gonnard7575daa2014-01-31 12:16:54 +0100[diff] [blame]248 TEST_ASSERT( last_idx < test_offset_idx );
249
250 /* Finally, check setting entropy_len */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]251 mbedtls_ctr_drbg_set_entropy_len( &ctx, 42 );
Manuel Pégourié-Gonnard7575daa2014-01-31 12:16:54 +0100[diff] [blame]252 last_idx = test_offset_idx;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]253 TEST_ASSERT( mbedtls_ctr_drbg_random( &ctx, out, sizeof( out ) ) == 0 );
Manuel Pégourié-Gonnard7575daa2014-01-31 12:16:54 +0100[diff] [blame]254 TEST_ASSERT( test_offset_idx - last_idx == 42 );
255
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]256 mbedtls_ctr_drbg_set_entropy_len( &ctx, 13 );
Manuel Pégourié-Gonnard7575daa2014-01-31 12:16:54 +0100[diff] [blame]257 last_idx = test_offset_idx;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]258 TEST_ASSERT( mbedtls_ctr_drbg_random( &ctx, out, sizeof( out ) ) == 0 );
Manuel Pégourié-Gonnard7575daa2014-01-31 12:16:54 +0100[diff] [blame]259 TEST_ASSERT( test_offset_idx - last_idx == 13 );
Paul Bakkera317a982014-06-18 16:44:11 +0200[diff] [blame]260
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]261exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]262 mbedtls_ctr_drbg_free( &ctx );
Manuel Pégourié-Gonnard7575daa2014-01-31 12:16:54 +0100[diff] [blame]263}
264/* END_CASE */
265
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]266/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]267void ctr_drbg_seed_file( char * path, int ret )
Manuel Pégourié-Gonnard7575daa2014-01-31 12:16:54 +0100[diff] [blame]268{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]269 mbedtls_ctr_drbg_context ctx;
Manuel Pégourié-Gonnard7575daa2014-01-31 12:16:54 +0100[diff] [blame]270
Manuel Pégourié-Gonnard8d128ef2015-04-28 22:38:08 +0200[diff] [blame]271 mbedtls_ctr_drbg_init( &ctx );
272
273 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctx, rnd_std_rand, NULL, NULL, 0 ) == 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]274 TEST_ASSERT( mbedtls_ctr_drbg_write_seed_file( &ctx, path ) == ret );
275 TEST_ASSERT( mbedtls_ctr_drbg_update_seed_file( &ctx, path ) == ret );
Paul Bakkera317a982014-06-18 16:44:11 +0200[diff] [blame]276
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]277exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]278 mbedtls_ctr_drbg_free( &ctx );
Manuel Pégourié-Gonnard7575daa2014-01-31 12:16:54 +0100[diff] [blame]279}
280/* END_CASE */
281
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]282/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]283void ctr_drbg_selftest( )
Manuel Pégourié-Gonnardb3b205e2014-01-31 12:04:06 +0100[diff] [blame]284{
Andres AG93012e82016-09-09 09:10:28 +0100[diff] [blame]285 TEST_ASSERT( mbedtls_ctr_drbg_self_test( 1 ) == 0 );
Manuel Pégourié-Gonnardb3b205e2014-01-31 12:04:06 +0100[diff] [blame]286}
287/* END_CASE */