New test suite for random generation

Test random generation as a whole. This is different from
test_suite_*_drbg and test_suite_entropy, which respectively test PRNG
modules and entropy collection.

Start with basic tests: good-case tests, and do it twice and compare
the results to validate that entropy collection doesn't repeat itself.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

tests/CMakeLists.txt

@@ -150,6 +150,7 @@ add_test_suite(psa_crypto_se_driver_hal)
 add_test_suite(psa_crypto_se_driver_hal_mocks)
 add_test_suite(psa_crypto_slot_management)
 add_test_suite(psa_its)
+add_test_suite(random)
 add_test_suite(rsa)
 add_test_suite(shax)
 add_test_suite(ssl)

tests/suites/test_suite_random.data

@@ -0,0 +1,17 @@
+Generate random twice with CTR_DRBG
+random_twice_with_ctr_drbg:
+
+Generate random twice with HMAC_DRBG(SHA-1)
+depends_on:MBEDTLS_SHA1_C
+random_twice_with_hmac_drbg:MBEDTLS_MD_SHA1
+
+Generate random twice with HMAC_DRBG(SHA-256)
+depends_on:MBEDTLS_SHA256_C
+random_twice_with_hmac_drbg:MBEDTLS_MD_SHA256
+
+Generate random twice with HMAC_DRBG(SHA-512)
+depends_on:MBEDTLS_SHA512_C
+random_twice_with_hmac_drbg:MBEDTLS_MD_SHA512
+
+Generate random twice with PSA API
+random_twice_with_psa_from_psa:

tests/suites/test_suite_random.function

@@ -0,0 +1,119 @@
+/* BEGIN_HEADER */
+
+/* Test random generation as a whole. */
+
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/hmac_drbg.h"
+#include "psa/crypto.h"
+
+/* How many bytes to generate in each test case for repeated generation.
+ * This must be high enough that the probability of generating the same
+ * output twice is infinitesimal, but low enough that random generators
+ * are willing to deliver that much. */
+#define OUTPUT_SIZE 32
+
+/* END_HEADER */
+
+/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+void random_twice_with_ctr_drbg( )
+{
+    mbedtls_entropy_context entropy;
+    mbedtls_ctr_drbg_context drbg;
+    unsigned char output1[OUTPUT_SIZE];
+    unsigned char output2[OUTPUT_SIZE];
+
+    /* First round */
+    mbedtls_entropy_init( &entropy );
+    mbedtls_ctr_drbg_init( &drbg );
+    TEST_EQUAL( 0, mbedtls_ctr_drbg_seed( &drbg,
+                                          mbedtls_entropy_func, &entropy,
+                                          NULL, 0 ) );
+    TEST_EQUAL( 0, mbedtls_ctr_drbg_random( &drbg,
+                                            output1, sizeof( output1 ) ) );
+    mbedtls_ctr_drbg_free( &drbg );
+    mbedtls_entropy_free( &entropy );
+
+    /* Second round */
+    mbedtls_entropy_init( &entropy );
+    mbedtls_ctr_drbg_init( &drbg );
+    TEST_EQUAL( 0, mbedtls_ctr_drbg_seed( &drbg,
+                                          mbedtls_entropy_func, &entropy,
+                                          NULL, 0 ) );
+    TEST_EQUAL( 0, mbedtls_ctr_drbg_random( &drbg,
+                                            output2, sizeof( output2 ) ) );
+    mbedtls_ctr_drbg_free( &drbg );
+    mbedtls_entropy_free( &entropy );
+
+    /* The two rounds must generate different random data. */
+    TEST_ASSERT( memcmp( output1, output2, OUTPUT_SIZE ) != 0 );
+
+exit:
+    mbedtls_ctr_drbg_free( &drbg );
+    mbedtls_entropy_free( &entropy );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:MBEDTLS_HMAC_DRBG_C */
+void random_twice_with_hmac_drbg( int md_type )
+{
+    mbedtls_entropy_context entropy;
+    mbedtls_hmac_drbg_context drbg;
+    unsigned char output1[OUTPUT_SIZE];
+    unsigned char output2[OUTPUT_SIZE];
+    const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_type );
+
+    /* First round */
+    mbedtls_entropy_init( &entropy );
+    mbedtls_hmac_drbg_init( &drbg );
+    TEST_EQUAL( 0, mbedtls_hmac_drbg_seed( &drbg, md_info,
+                                           mbedtls_entropy_func, &entropy,
+                                           NULL, 0 ) );
+    TEST_EQUAL( 0, mbedtls_hmac_drbg_random( &drbg,
+                                             output1, sizeof( output1 ) ) );
+    mbedtls_hmac_drbg_free( &drbg );
+    mbedtls_entropy_free( &entropy );
+
+    /* Second round */
+    mbedtls_entropy_init( &entropy );
+    mbedtls_hmac_drbg_init( &drbg );
+    TEST_EQUAL( 0, mbedtls_hmac_drbg_seed( &drbg, md_info,
+                                           mbedtls_entropy_func, &entropy,
+                                           NULL, 0 ) );
+    TEST_EQUAL( 0, mbedtls_hmac_drbg_random( &drbg,
+                                             output2, sizeof( output2 ) ) );
+    mbedtls_hmac_drbg_free( &drbg );
+    mbedtls_entropy_free( &entropy );
+
+    /* The two rounds must generate different random data. */
+    TEST_ASSERT( memcmp( output1, output2, OUTPUT_SIZE ) != 0 );
+
+exit:
+    mbedtls_hmac_drbg_free( &drbg );
+    mbedtls_entropy_free( &entropy );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:!MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
+void random_twice_with_psa_from_psa( )
+{
+    unsigned char output1[OUTPUT_SIZE];
+    unsigned char output2[OUTPUT_SIZE];
+
+    /* First round */
+    PSA_ASSERT( psa_crypto_init( ) );
+    PSA_ASSERT( psa_generate_random( output1, sizeof( output1 ) ) );
+    PSA_DONE( );
+
+    /* Second round */
+    PSA_ASSERT( psa_crypto_init( ) );
+    PSA_ASSERT( psa_generate_random( output2, sizeof( output2 ) ) );
+    PSA_DONE( );
+
+    /* The two rounds must generate different random data. */
+    TEST_ASSERT( memcmp( output1, output2, OUTPUT_SIZE ) != 0 );
+
+exit:
+    PSA_DONE( );
+}
+/* END_CASE */