TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / fbaf4e98d898ece3d4f73bd1a8428052cdd54daa / . / tests / suites / test_suite_hmac_drbg.function
blob: 830155a32b00f1c84b9f7eaf6c26d678336cd6e8 [file] [log] [blame]
Manuel Pégourié-Gonnard6801f392014-01-30 17:22:14 +0100[diff] [blame]1/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]2#include "mbedtls/hmac_drbg.h"
Mohammad Azim Khan67735d52017-04-06 11:55:43 +0100[diff] [blame]3#include "string.h"
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]4
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]5typedef struct {
Manuel Pégourié-Gonnard6801f392014-01-30 17:22:14 +0100[diff] [blame]6 unsigned char *p;
7 size_t len;
8} entropy_ctx;
9
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]10static int mbedtls_test_entropy_func(void *data, unsigned char *buf, size_t len)
Manuel Pégourié-Gonnard6801f392014-01-30 17:22:14 +0100[diff] [blame]11{
12 entropy_ctx *ctx = (entropy_ctx *) data;
13
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]14 if (len > ctx->len) {
15 return -1;
16 }
Manuel Pégourié-Gonnard6801f392014-01-30 17:22:14 +0100[diff] [blame]17
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]18 memcpy(buf, ctx->p, len);
Manuel Pégourié-Gonnard6801f392014-01-30 17:22:14 +0100[diff] [blame]19
20 ctx->p += len;
21 ctx->len -= len;
22
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]23 return 0;
Manuel Pégourié-Gonnard6801f392014-01-30 17:22:14 +0100[diff] [blame]24}
25/* END_HEADER */
26
27/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]28 * depends_on:MBEDTLS_HMAC_DRBG_C
Manuel Pégourié-Gonnard6801f392014-01-30 17:22:14 +0100[diff] [blame]29 * END_DEPENDENCIES
30 */
31
Manuel Pégourié-Gonnard4f880a52014-01-30 22:39:42 +0100[diff] [blame]32/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]33void hmac_drbg_entropy_usage(int md_alg)
Manuel Pégourié-Gonnard4f880a52014-01-30 22:39:42 +0100[diff] [blame]34{
35 unsigned char out[16];
36 unsigned char buf[1024];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]37 const mbedtls_md_info_t *md_info;
38 mbedtls_hmac_drbg_context ctx;
Manuel Pégourié-Gonnard4f880a52014-01-30 22:39:42 +0100[diff] [blame]39 entropy_ctx entropy;
Gilles Peskine4d2d4ff2019-10-22 19:10:33 +0200[diff] [blame]40 size_t i, reps = 10;
41 size_t default_entropy_len;
42 size_t expected_consumed_entropy = 0;
Manuel Pégourié-Gonnard4f880a52014-01-30 22:39:42 +0100[diff] [blame]43
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]44 mbedtls_hmac_drbg_init(&ctx);
45 memset(buf, 0, sizeof(buf));
46 memset(out, 0, sizeof(out));
Manuel Pégourié-Gonnard4f880a52014-01-30 22:39:42 +0100[diff] [blame]47
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]48 entropy.len = sizeof(buf);
Manuel Pégourié-Gonnard4f880a52014-01-30 22:39:42 +0100[diff] [blame]49 entropy.p = buf;
50
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]51 md_info = mbedtls_md_info_from_type(md_alg);
52 TEST_ASSERT(md_info != NULL);
53 if (mbedtls_md_get_size(md_info) <= 20) {
Gilles Peskine4d2d4ff2019-10-22 19:10:33 +0200[diff] [blame]54 default_entropy_len = 16;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]55 } else if (mbedtls_md_get_size(md_info) <= 28) {
Gilles Peskine4d2d4ff2019-10-22 19:10:33 +0200[diff] [blame]56 default_entropy_len = 24;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]57 } else {
Gilles Peskine4d2d4ff2019-10-22 19:10:33 +0200[diff] [blame]58 default_entropy_len = 32;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]59 }
Manuel Pégourié-Gonnard4f880a52014-01-30 22:39:42 +0100[diff] [blame]60
Gavin Acquroff6aceb512020-03-01 17:06:11 -0800[diff] [blame]61 /* Set reseed interval before seed */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]62 mbedtls_hmac_drbg_set_reseed_interval(&ctx, 2 * reps);
Gavin Acquroff6aceb512020-03-01 17:06:11 -0800[diff] [blame]63
Manuel Pégourié-Gonnard4f880a52014-01-30 22:39:42 +0100[diff] [blame]64 /* Init must use entropy */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]65 TEST_ASSERT(mbedtls_hmac_drbg_seed(&ctx, md_info, mbedtls_test_entropy_func, &entropy,
66 NULL, 0) == 0);
Gilles Peskine4d2d4ff2019-10-22 19:10:33 +0200[diff] [blame]67 /* default_entropy_len of entropy, plus half as much for the nonce */
68 expected_consumed_entropy += default_entropy_len * 3 / 2;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]69 TEST_EQUAL(sizeof(buf) - entropy.len, expected_consumed_entropy);
Manuel Pégourié-Gonnard4f880a52014-01-30 22:39:42 +0100[diff] [blame]70
Gavin Acquroff6aceb512020-03-01 17:06:11 -0800[diff] [blame]71 /* By default, PR is off, and reseed interval was set to
72 * 2 * reps so the next few calls should not use entropy */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]73 for (i = 0; i < reps; i++) {
74 TEST_ASSERT(mbedtls_hmac_drbg_random(&ctx, out, sizeof(out) - 4) == 0);
75 TEST_ASSERT(mbedtls_hmac_drbg_random_with_add(&ctx, out, sizeof(out) - 4,
76 buf, 16) == 0);
Manuel Pégourié-Gonnard4f880a52014-01-30 22:39:42 +0100[diff] [blame]77 }
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]78 TEST_EQUAL(sizeof(buf) - entropy.len, expected_consumed_entropy);
Manuel Pégourié-Gonnard4f880a52014-01-30 22:39:42 +0100[diff] [blame]79
80 /* While at it, make sure we didn't write past the requested length */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]81 TEST_ASSERT(out[sizeof(out) - 4] == 0);
82 TEST_ASSERT(out[sizeof(out) - 3] == 0);
83 TEST_ASSERT(out[sizeof(out) - 2] == 0);
84 TEST_ASSERT(out[sizeof(out) - 1] == 0);
Manuel Pégourié-Gonnard4f880a52014-01-30 22:39:42 +0100[diff] [blame]85
Gavin Acquroff6aceb512020-03-01 17:06:11 -0800[diff] [blame]86 /* There have been 2 * reps calls to random. The next call should reseed */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]87 TEST_ASSERT(mbedtls_hmac_drbg_random(&ctx, out, sizeof(out)) == 0);
Gilles Peskine4d2d4ff2019-10-22 19:10:33 +0200[diff] [blame]88 expected_consumed_entropy += default_entropy_len;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]89 TEST_EQUAL(sizeof(buf) - entropy.len, expected_consumed_entropy);
Manuel Pégourié-Gonnard4f880a52014-01-30 22:39:42 +0100[diff] [blame]90
Gavin Acquroff6aceb512020-03-01 17:06:11 -0800[diff] [blame]91 /* Set reseed interval after seed */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]92 mbedtls_hmac_drbg_set_reseed_interval(&ctx, 4 * reps + 1);
Gavin Acquroff6aceb512020-03-01 17:06:11 -0800[diff] [blame]93
Manuel Pégourié-Gonnard4f880a52014-01-30 22:39:42 +0100[diff] [blame]94 /* The new few calls should not reseed */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]95 for (i = 0; i < (2 * reps); i++) {
96 TEST_ASSERT(mbedtls_hmac_drbg_random(&ctx, out, sizeof(out)) == 0);
97 TEST_ASSERT(mbedtls_hmac_drbg_random_with_add(&ctx, out, sizeof(out),
98 buf, 16) == 0);
Manuel Pégourié-Gonnard4f880a52014-01-30 22:39:42 +0100[diff] [blame]99 }
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]100 TEST_EQUAL(sizeof(buf) - entropy.len, expected_consumed_entropy);
Manuel Pégourié-Gonnard4f880a52014-01-30 22:39:42 +0100[diff] [blame]101
102 /* Now enable PR, so the next few calls should all reseed */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]103 mbedtls_hmac_drbg_set_prediction_resistance(&ctx, MBEDTLS_HMAC_DRBG_PR_ON);
104 TEST_ASSERT(mbedtls_hmac_drbg_random(&ctx, out, sizeof(out)) == 0);
Gilles Peskine4d2d4ff2019-10-22 19:10:33 +0200[diff] [blame]105 expected_consumed_entropy += default_entropy_len;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]106 TEST_EQUAL(sizeof(buf) - entropy.len, expected_consumed_entropy);
Manuel Pégourié-Gonnard4f880a52014-01-30 22:39:42 +0100[diff] [blame]107
108 /* Finally, check setting entropy_len */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]109 mbedtls_hmac_drbg_set_entropy_len(&ctx, 42);
110 TEST_ASSERT(mbedtls_hmac_drbg_random(&ctx, out, sizeof(out)) == 0);
Gilles Peskine4d2d4ff2019-10-22 19:10:33 +0200[diff] [blame]111 expected_consumed_entropy += 42;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]112 TEST_EQUAL(sizeof(buf) - entropy.len, expected_consumed_entropy);
Manuel Pégourié-Gonnard4f880a52014-01-30 22:39:42 +0100[diff] [blame]113
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]114 mbedtls_hmac_drbg_set_entropy_len(&ctx, 13);
115 TEST_ASSERT(mbedtls_hmac_drbg_random(&ctx, out, sizeof(out)) == 0);
Gilles Peskine4d2d4ff2019-10-22 19:10:33 +0200[diff] [blame]116 expected_consumed_entropy += 13;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]117 TEST_EQUAL(sizeof(buf) - entropy.len, expected_consumed_entropy);
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]118
119exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]120 mbedtls_hmac_drbg_free(&ctx);
Manuel Pégourié-Gonnard4f880a52014-01-30 22:39:42 +0100[diff] [blame]121}
122/* END_CASE */
123
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]124/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]125void hmac_drbg_seed_file(int md_alg, char *path, int ret)
Manuel Pégourié-Gonnard48bc3e82014-01-30 21:11:16 +0100[diff] [blame]126{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]127 const mbedtls_md_info_t *md_info;
128 mbedtls_hmac_drbg_context ctx;
Manuel Pégourié-Gonnard48bc3e82014-01-30 21:11:16 +0100[diff] [blame]129
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]130 mbedtls_hmac_drbg_init(&ctx);
Manuel Pégourié-Gonnardf9e94812015-04-28 22:07:14 +0200[diff] [blame]131
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]132 md_info = mbedtls_md_info_from_type(md_alg);
133 TEST_ASSERT(md_info != NULL);
Paul Bakker94b916c2014-04-17 16:07:20 +0200[diff] [blame]134
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]135 TEST_ASSERT(mbedtls_hmac_drbg_seed(&ctx, md_info,
136 mbedtls_test_rnd_std_rand, NULL,
137 NULL, 0) == 0);
Manuel Pégourié-Gonnard48bc3e82014-01-30 21:11:16 +0100[diff] [blame]138
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]139 TEST_ASSERT(mbedtls_hmac_drbg_write_seed_file(&ctx, path) == ret);
140 TEST_ASSERT(mbedtls_hmac_drbg_update_seed_file(&ctx, path) == ret);
Manuel Pégourié-Gonnard48bc3e82014-01-30 21:11:16 +0100[diff] [blame]141
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]142exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]143 mbedtls_hmac_drbg_free(&ctx);
Manuel Pégourié-Gonnard48bc3e82014-01-30 21:11:16 +0100[diff] [blame]144}
145/* END_CASE */
146
Manuel Pégourié-Gonnard6801f392014-01-30 17:22:14 +0100[diff] [blame]147/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]148void hmac_drbg_buf(int md_alg)
Manuel Pégourié-Gonnard4f880a52014-01-30 22:39:42 +0100[diff] [blame]149{
150 unsigned char out[16];
151 unsigned char buf[100];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]152 const mbedtls_md_info_t *md_info;
153 mbedtls_hmac_drbg_context ctx;
Manuel Pégourié-Gonnard4f880a52014-01-30 22:39:42 +0100[diff] [blame]154 size_t i;
155
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]156 mbedtls_hmac_drbg_init(&ctx);
157 memset(buf, 0, sizeof(buf));
158 memset(out, 0, sizeof(out));
Manuel Pégourié-Gonnard4f880a52014-01-30 22:39:42 +0100[diff] [blame]159
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]160 md_info = mbedtls_md_info_from_type(md_alg);
161 TEST_ASSERT(md_info != NULL);
162 TEST_ASSERT(mbedtls_hmac_drbg_seed_buf(&ctx, md_info, buf, sizeof(buf)) == 0);
Manuel Pégourié-Gonnard4f880a52014-01-30 22:39:42 +0100[diff] [blame]163
164 /* Make sure it never tries to reseed (would segfault otherwise) */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]165 mbedtls_hmac_drbg_set_reseed_interval(&ctx, 3);
166 mbedtls_hmac_drbg_set_prediction_resistance(&ctx, MBEDTLS_HMAC_DRBG_PR_ON);
Manuel Pégourié-Gonnard4f880a52014-01-30 22:39:42 +0100[diff] [blame]167
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]168 for (i = 0; i < 30; i++) {
169 TEST_ASSERT(mbedtls_hmac_drbg_random(&ctx, out, sizeof(out)) == 0);
170 }
Manuel Pégourié-Gonnard4f880a52014-01-30 22:39:42 +0100[diff] [blame]171
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]172exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]173 mbedtls_hmac_drbg_free(&ctx);
Manuel Pégourié-Gonnard4f880a52014-01-30 22:39:42 +0100[diff] [blame]174}
175/* END_CASE */
176
177/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]178void hmac_drbg_no_reseed(int md_alg, data_t *entropy,
179 data_t *custom, data_t *add1,
180 data_t *add2, data_t *output)
Manuel Pégourié-Gonnard6801f392014-01-30 17:22:14 +0100[diff] [blame]181{
Manuel Pégourié-Gonnarde6cdbbd2014-02-01 11:30:03 +0100[diff] [blame]182 unsigned char data[1024];
Manuel Pégourié-Gonnard6801f392014-01-30 17:22:14 +0100[diff] [blame]183 unsigned char my_output[512];
Manuel Pégourié-Gonnard6801f392014-01-30 17:22:14 +0100[diff] [blame]184 entropy_ctx p_entropy;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]185 const mbedtls_md_info_t *md_info;
186 mbedtls_hmac_drbg_context ctx;
Manuel Pégourié-Gonnard6801f392014-01-30 17:22:14 +0100[diff] [blame]187
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]188 mbedtls_hmac_drbg_init(&ctx);
Manuel Pégourié-Gonnard6801f392014-01-30 17:22:14 +0100[diff] [blame]189
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]190 p_entropy.p = entropy->x;
191 p_entropy.len = entropy->len;
Manuel Pégourié-Gonnard6801f392014-01-30 17:22:14 +0100[diff] [blame]192
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]193 md_info = mbedtls_md_info_from_type(md_alg);
194 TEST_ASSERT(md_info != NULL);
Manuel Pégourié-Gonnarde6cdbbd2014-02-01 11:30:03 +0100[diff] [blame]195
196 /* Test the simplified buffer-based variant */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]197 memcpy(data, entropy->x, p_entropy.len);
198 memcpy(data + p_entropy.len, custom->x, custom->len);
199 TEST_ASSERT(mbedtls_hmac_drbg_seed_buf(&ctx, md_info,
200 data, p_entropy.len + custom->len) == 0);
201 TEST_ASSERT(mbedtls_hmac_drbg_random_with_add(&ctx, my_output, output->len,
202 add1->x, add1->len) == 0);
203 TEST_ASSERT(mbedtls_hmac_drbg_random_with_add(&ctx, my_output, output->len,
204 add2->x, add2->len) == 0);
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]205
Gavin Acquroff6aceb512020-03-01 17:06:11 -0800[diff] [blame]206 /* Reset context for second run */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]207 mbedtls_hmac_drbg_free(&ctx);
Manuel Pégourié-Gonnarde6cdbbd2014-02-01 11:30:03 +0100[diff] [blame]208
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]209 TEST_ASSERT(memcmp(my_output, output->x, output->len) == 0);
Manuel Pégourié-Gonnarde6cdbbd2014-02-01 11:30:03 +0100[diff] [blame]210
211 /* And now the normal entropy-based variant */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]212 TEST_ASSERT(mbedtls_hmac_drbg_seed(&ctx, md_info, mbedtls_test_entropy_func, &p_entropy,
213 custom->x, custom->len) == 0);
214 TEST_ASSERT(mbedtls_hmac_drbg_random_with_add(&ctx, my_output, output->len,
215 add1->x, add1->len) == 0);
216 TEST_ASSERT(mbedtls_hmac_drbg_random_with_add(&ctx, my_output, output->len,
217 add2->x, add2->len) == 0);
218 TEST_ASSERT(memcmp(my_output, output->x, output->len) == 0);
Manuel Pégourié-Gonnarde6cdbbd2014-02-01 11:30:03 +0100[diff] [blame]219
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]220exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]221 mbedtls_hmac_drbg_free(&ctx);
Manuel Pégourié-Gonnard24600b72014-01-31 09:54:14 +0100[diff] [blame]222}
223/* END_CASE */
224
225/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]226void hmac_drbg_nopr(int md_alg, data_t *entropy, data_t *custom,
227 data_t *add1, data_t *add2, data_t *add3,
228 data_t *output)
Manuel Pégourié-Gonnard24600b72014-01-31 09:54:14 +0100[diff] [blame]229{
Manuel Pégourié-Gonnard24600b72014-01-31 09:54:14 +0100[diff] [blame]230 unsigned char my_output[512];
Manuel Pégourié-Gonnard24600b72014-01-31 09:54:14 +0100[diff] [blame]231 entropy_ctx p_entropy;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]232 const mbedtls_md_info_t *md_info;
233 mbedtls_hmac_drbg_context ctx;
Manuel Pégourié-Gonnard24600b72014-01-31 09:54:14 +0100[diff] [blame]234
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]235 mbedtls_hmac_drbg_init(&ctx);
Manuel Pégourié-Gonnard24600b72014-01-31 09:54:14 +0100[diff] [blame]236
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]237 p_entropy.p = entropy->x;
238 p_entropy.len = entropy->len;
Manuel Pégourié-Gonnard24600b72014-01-31 09:54:14 +0100[diff] [blame]239
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]240 md_info = mbedtls_md_info_from_type(md_alg);
241 TEST_ASSERT(md_info != NULL);
Paul Bakker94b916c2014-04-17 16:07:20 +0200[diff] [blame]242
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]243 TEST_ASSERT(mbedtls_hmac_drbg_seed(&ctx, md_info, mbedtls_test_entropy_func, &p_entropy,
244 custom->x, custom->len) == 0);
245 TEST_ASSERT(mbedtls_hmac_drbg_reseed(&ctx, add1->x, add1->len) == 0);
246 TEST_ASSERT(mbedtls_hmac_drbg_random_with_add(&ctx, my_output, output->len,
247 add2->x, add2->len) == 0);
248 TEST_ASSERT(mbedtls_hmac_drbg_random_with_add(&ctx, my_output, output->len,
249 add3->x, add3->len) == 0);
Manuel Pégourié-Gonnard24600b72014-01-31 09:54:14 +0100[diff] [blame]250
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]251 TEST_ASSERT(memcmp(my_output, output->x, output->len) == 0);
Manuel Pégourié-Gonnard6801f392014-01-30 17:22:14 +0100[diff] [blame]252
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]253exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]254 mbedtls_hmac_drbg_free(&ctx);
Manuel Pégourié-Gonnard6801f392014-01-30 17:22:14 +0100[diff] [blame]255}
256/* END_CASE */
257
Manuel Pégourié-Gonnard62273b82014-01-31 10:16:57 +0100[diff] [blame]258/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]259void hmac_drbg_pr(int md_alg, data_t *entropy, data_t *custom,
260 data_t *add1, data_t *add2, data_t *output)
Manuel Pégourié-Gonnard62273b82014-01-31 10:16:57 +0100[diff] [blame]261{
Manuel Pégourié-Gonnard62273b82014-01-31 10:16:57 +0100[diff] [blame]262 unsigned char my_output[512];
Manuel Pégourié-Gonnard62273b82014-01-31 10:16:57 +0100[diff] [blame]263 entropy_ctx p_entropy;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]264 const mbedtls_md_info_t *md_info;
265 mbedtls_hmac_drbg_context ctx;
Manuel Pégourié-Gonnard62273b82014-01-31 10:16:57 +0100[diff] [blame]266
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]267 mbedtls_hmac_drbg_init(&ctx);
Manuel Pégourié-Gonnard62273b82014-01-31 10:16:57 +0100[diff] [blame]268
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]269 p_entropy.p = entropy->x;
270 p_entropy.len = entropy->len;
Manuel Pégourié-Gonnard62273b82014-01-31 10:16:57 +0100[diff] [blame]271
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]272 md_info = mbedtls_md_info_from_type(md_alg);
273 TEST_ASSERT(md_info != NULL);
Paul Bakker94b916c2014-04-17 16:07:20 +0200[diff] [blame]274
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]275 TEST_ASSERT(mbedtls_hmac_drbg_seed(&ctx, md_info, mbedtls_test_entropy_func, &p_entropy,
276 custom->x, custom->len) == 0);
277 mbedtls_hmac_drbg_set_prediction_resistance(&ctx, MBEDTLS_HMAC_DRBG_PR_ON);
278 TEST_ASSERT(mbedtls_hmac_drbg_random_with_add(&ctx, my_output, output->len,
279 add1->x, add1->len) == 0);
280 TEST_ASSERT(mbedtls_hmac_drbg_random_with_add(&ctx, my_output, output->len,
281 add2->x, add2->len) == 0);
Manuel Pégourié-Gonnard62273b82014-01-31 10:16:57 +0100[diff] [blame]282
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]283 TEST_ASSERT(memcmp(my_output, output->x, output->len) == 0);
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]284
285exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]286 mbedtls_hmac_drbg_free(&ctx);
Manuel Pégourié-Gonnard62273b82014-01-31 10:16:57 +0100[diff] [blame]287}
288/* END_CASE */
289
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]290/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]291void hmac_drbg_selftest()
Manuel Pégourié-Gonnard79afaa02014-01-31 11:12:09 +0100[diff] [blame]292{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]293 TEST_ASSERT(mbedtls_hmac_drbg_self_test(1) == 0);
Manuel Pégourié-Gonnard79afaa02014-01-31 11:12:09 +0100[diff] [blame]294}
295/* END_CASE */