2 #include "mbedtls/entropy.h"
3 #include "mbedtls/ctr_drbg.h"
6 /* Modes for ctr_drbg_validate */
9 RESEED_NEVER, /* never reseed */
10 RESEED_FIRST, /* instantiate, reseed, generate, generate */
11 RESEED_SECOND, /* instantiate, generate, reseed, generate */
12 RESEED_ALWAYS /* prediction resistance, no explicit reseed */
15 static size_t test_offset_idx = 0;
16 static size_t test_max_idx = 0;
17 static int mbedtls_test_entropy_func( void *data, unsigned char *buf, size_t len )
19 const unsigned char *p = (unsigned char *) data;
20 if( test_offset_idx + len > test_max_idx )
21 return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
22 memcpy( buf, p + test_offset_idx, len );
23 test_offset_idx += len;
27 static void ctr_drbg_validate_internal( int reseed_mode, data_t * nonce,
28 int entropy_len_arg, data_t * entropy,
30 data_t * add1, data_t * add2,
33 mbedtls_ctr_drbg_context ctx;
34 unsigned char buf[64];
36 size_t entropy_chunk_len = (size_t) entropy_len_arg;
38 TEST_ASSERT( entropy_chunk_len <= sizeof( buf ) );
41 mbedtls_ctr_drbg_init( &ctx );
43 test_max_idx = entropy->len;
45 /* CTR_DRBG_Instantiate(entropy[:entropy->len], nonce, perso, <ignored>)
46 * where nonce||perso = nonce[nonce->len] */
47 TEST_ASSERT( mbedtls_ctr_drbg_seed_entropy_len(
49 mbedtls_test_entropy_func, entropy->x,
51 entropy_chunk_len ) == 0 );
52 if( reseed_mode == RESEED_ALWAYS )
53 mbedtls_ctr_drbg_set_prediction_resistance(
55 MBEDTLS_CTR_DRBG_PR_ON );
57 if( reseed_mode == RESEED_FIRST )
59 /* CTR_DRBG_Reseed(entropy[idx:idx+entropy->len],
60 * reseed[:reseed->len]) */
61 TEST_ASSERT( mbedtls_ctr_drbg_reseed(
63 reseed->x, reseed->len ) == 0 );
66 /* CTR_DRBG_Generate(result->len * 8 bits, add1[:add1->len]) -> buf */
67 /* Then reseed if prediction resistance is enabled. */
68 TEST_ASSERT( mbedtls_ctr_drbg_random_with_add(
71 add1->x, add1->len ) == 0 );
74 if( reseed_mode == RESEED_SECOND )
76 /* CTR_DRBG_Reseed(entropy[idx:idx+entropy->len],
77 * reseed[:reseed->len]) */
78 TEST_ASSERT( mbedtls_ctr_drbg_reseed(
80 reseed->x, reseed->len ) == 0 );
83 /* CTR_DRBG_Generate(result->len * 8 bits, add2->x[:add2->len]) -> buf */
84 /* Then reseed if prediction resistance is enabled. */
85 TEST_ASSERT( mbedtls_ctr_drbg_random_with_add(
88 add2->x, add2->len ) == 0 );
89 TEST_ASSERT( memcmp( buf, result->x, result->len ) == 0 );
92 mbedtls_ctr_drbg_free( &ctx );
98 * depends_on:MBEDTLS_CTR_DRBG_C
103 void ctr_drbg_special_behaviours( )
105 mbedtls_ctr_drbg_context ctx;
106 unsigned char output[512];
107 unsigned char additional[512];
109 mbedtls_ctr_drbg_init( &ctx );
110 memset( output, 0, sizeof( output ) );
111 memset( additional, 0, sizeof( additional ) );
113 TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx,
114 output, MBEDTLS_CTR_DRBG_MAX_REQUEST + 1,
116 MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG );
117 TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx,
119 additional, MBEDTLS_CTR_DRBG_MAX_INPUT + 1 ) ==
120 MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
122 TEST_ASSERT( mbedtls_ctr_drbg_reseed( &ctx, additional,
123 MBEDTLS_CTR_DRBG_MAX_SEED_INPUT + 1 ) ==
124 MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
126 mbedtls_ctr_drbg_set_entropy_len( &ctx, ~0 );
127 TEST_ASSERT( mbedtls_ctr_drbg_reseed( &ctx, additional,
128 MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ) ==
129 MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
131 mbedtls_ctr_drbg_free( &ctx );
137 void ctr_drbg_validate_no_reseed( data_t * add_init, data_t * entropy,
138 data_t * add1, data_t * add2,
139 data_t * result_string )
141 data_t empty = { 0, 0 };
142 ctr_drbg_validate_internal( RESEED_NEVER, add_init,
143 entropy->len, entropy,
146 goto exit; // goto is needed to avoid warning ( no test assertions in func)
151 void ctr_drbg_validate_pr( data_t * add_init, data_t * entropy,
152 data_t * add1, data_t * add2,
153 data_t * result_string )
155 data_t empty = { 0, 0 };
156 ctr_drbg_validate_internal( RESEED_ALWAYS, add_init,
157 entropy->len / 3, entropy,
160 goto exit; // goto is needed to avoid warning ( no test assertions in func)
165 void ctr_drbg_validate_reseed_between( data_t * add_init, data_t * entropy,
166 data_t * add1, data_t * add_reseed,
167 data_t * add2, data_t * result_string )
169 ctr_drbg_validate_internal( RESEED_SECOND, add_init,
170 entropy->len / 2, entropy,
171 add_reseed, add1, add2,
173 goto exit; // goto is needed to avoid warning ( no test assertions in func)
178 void ctr_drbg_validate_reseed_first( data_t * add_init, data_t * entropy,
179 data_t * add1, data_t * add_reseed,
180 data_t * add2, data_t * result_string )
182 ctr_drbg_validate_internal( RESEED_FIRST, add_init,
183 entropy->len / 2, entropy,
184 add_reseed, add1, add2,
186 goto exit; // goto is needed to avoid warning ( no test assertions in func)
193 void ctr_drbg_entropy_usage( )
195 unsigned char out[16];
196 unsigned char add[16];
197 unsigned char entropy[1024];
198 mbedtls_ctr_drbg_context ctx;
202 mbedtls_ctr_drbg_init( &ctx );
204 test_max_idx = sizeof( entropy );
205 memset( entropy, 0, sizeof( entropy ) );
206 memset( out, 0, sizeof( out ) );
207 memset( add, 0, sizeof( add ) );
209 /* Init must use entropy */
210 last_idx = test_offset_idx;
211 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctx, mbedtls_test_entropy_func, entropy, NULL, 0 ) == 0 );
212 TEST_ASSERT( last_idx < test_offset_idx );
214 /* By default, PR is off and reseed_interval is large,
215 * so the next few calls should not use entropy */
216 last_idx = test_offset_idx;
217 for( i = 0; i < reps; i++ )
219 TEST_ASSERT( mbedtls_ctr_drbg_random( &ctx, out, sizeof( out ) - 4 ) == 0 );
220 TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, out, sizeof( out ) - 4,
221 add, sizeof( add ) ) == 0 );
223 TEST_ASSERT( last_idx == test_offset_idx );
225 /* While at it, make sure we didn't write past the requested length */
226 TEST_ASSERT( out[sizeof( out ) - 4] == 0 );
227 TEST_ASSERT( out[sizeof( out ) - 3] == 0 );
228 TEST_ASSERT( out[sizeof( out ) - 2] == 0 );
229 TEST_ASSERT( out[sizeof( out ) - 1] == 0 );
231 /* Set reseed_interval to the number of calls done,
232 * so the next call should reseed */
233 mbedtls_ctr_drbg_set_reseed_interval( &ctx, 2 * reps );
234 TEST_ASSERT( mbedtls_ctr_drbg_random( &ctx, out, sizeof( out ) ) == 0 );
235 TEST_ASSERT( last_idx < test_offset_idx );
237 /* The new few calls should not reseed */
238 last_idx = test_offset_idx;
239 for( i = 0; i < reps / 2; i++ )
241 TEST_ASSERT( mbedtls_ctr_drbg_random( &ctx, out, sizeof( out ) ) == 0 );
242 TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, out, sizeof( out ) ,
243 add, sizeof( add ) ) == 0 );
245 TEST_ASSERT( last_idx == test_offset_idx );
247 /* Call update with too much data (sizeof entropy > MAX(_SEED)_INPUT).
248 * Make sure it's detected as an error and doesn't cause memory
250 TEST_ASSERT( mbedtls_ctr_drbg_update_ret(
251 &ctx, entropy, sizeof( entropy ) ) != 0 );
253 /* Now enable PR, so the next few calls should all reseed */
254 mbedtls_ctr_drbg_set_prediction_resistance( &ctx, MBEDTLS_CTR_DRBG_PR_ON );
255 TEST_ASSERT( mbedtls_ctr_drbg_random( &ctx, out, sizeof( out ) ) == 0 );
256 TEST_ASSERT( last_idx < test_offset_idx );
258 /* Finally, check setting entropy_len */
259 mbedtls_ctr_drbg_set_entropy_len( &ctx, 42 );
260 last_idx = test_offset_idx;
261 TEST_ASSERT( mbedtls_ctr_drbg_random( &ctx, out, sizeof( out ) ) == 0 );
262 TEST_ASSERT( test_offset_idx - last_idx == 42 );
264 mbedtls_ctr_drbg_set_entropy_len( &ctx, 13 );
265 last_idx = test_offset_idx;
266 TEST_ASSERT( mbedtls_ctr_drbg_random( &ctx, out, sizeof( out ) ) == 0 );
267 TEST_ASSERT( test_offset_idx - last_idx == 13 );
270 mbedtls_ctr_drbg_free( &ctx );
274 /* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
275 void ctr_drbg_seed_file( char * path, int ret )
277 mbedtls_ctr_drbg_context ctx;
279 mbedtls_ctr_drbg_init( &ctx );
281 TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctx, rnd_std_rand, NULL, NULL, 0 ) == 0 );
282 TEST_ASSERT( mbedtls_ctr_drbg_write_seed_file( &ctx, path ) == ret );
283 TEST_ASSERT( mbedtls_ctr_drbg_update_seed_file( &ctx, path ) == ret );
286 mbedtls_ctr_drbg_free( &ctx );
290 /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
291 void ctr_drbg_selftest( )
293 TEST_ASSERT( mbedtls_ctr_drbg_self_test( 1 ) == 0 );