From 077599ad85b07976e17d2f8c451d62fa8764c2a6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 3 Feb 2021 18:55:39 +0100 Subject: [PATCH] New test suite for random generation Test random generation as a whole. This is different from test_suite_*_drbg and test_suite_entropy, which respectively test PRNG modules and entropy collection. Start with basic tests: good-case tests, and do it twice and compare the results to validate that entropy collection doesn't repeat itself. Signed-off-by: Gilles Peskine --- tests/CMakeLists.txt | 1 + tests/suites/test_suite_random.data | 17 ++++ tests/suites/test_suite_random.function | 119 ++++++++++++++++++++++++ 3 files changed, 137 insertions(+) create mode 100644 tests/suites/test_suite_random.data create mode 100644 tests/suites/test_suite_random.function diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index f8ce925df..97369b2c2 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -150,6 +150,7 @@ add_test_suite(psa_crypto_se_driver_hal) add_test_suite(psa_crypto_se_driver_hal_mocks) add_test_suite(psa_crypto_slot_management) add_test_suite(psa_its) +add_test_suite(random) add_test_suite(rsa) add_test_suite(shax) add_test_suite(ssl) diff --git a/tests/suites/test_suite_random.data b/tests/suites/test_suite_random.data new file mode 100644 index 000000000..47f2ec7eb --- /dev/null +++ b/tests/suites/test_suite_random.data @@ -0,0 +1,17 @@ +Generate random twice with CTR_DRBG +random_twice_with_ctr_drbg: + +Generate random twice with HMAC_DRBG(SHA-1) +depends_on:MBEDTLS_SHA1_C +random_twice_with_hmac_drbg:MBEDTLS_MD_SHA1 + +Generate random twice with HMAC_DRBG(SHA-256) +depends_on:MBEDTLS_SHA256_C +random_twice_with_hmac_drbg:MBEDTLS_MD_SHA256 + +Generate random twice with HMAC_DRBG(SHA-512) +depends_on:MBEDTLS_SHA512_C +random_twice_with_hmac_drbg:MBEDTLS_MD_SHA512 + +Generate random twice with PSA API +random_twice_with_psa_from_psa: diff --git a/tests/suites/test_suite_random.function b/tests/suites/test_suite_random.function new file mode 100644 index 000000000..744daf59c --- /dev/null +++ b/tests/suites/test_suite_random.function @@ -0,0 +1,119 @@ +/* BEGIN_HEADER */ + +/* Test random generation as a whole. */ + +#include "mbedtls/ctr_drbg.h" +#include "mbedtls/entropy.h" +#include "mbedtls/hmac_drbg.h" +#include "psa/crypto.h" + +/* How many bytes to generate in each test case for repeated generation. + * This must be high enough that the probability of generating the same + * output twice is infinitesimal, but low enough that random generators + * are willing to deliver that much. */ +#define OUTPUT_SIZE 32 + +/* END_HEADER */ + +/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */ +void random_twice_with_ctr_drbg( ) +{ + mbedtls_entropy_context entropy; + mbedtls_ctr_drbg_context drbg; + unsigned char output1[OUTPUT_SIZE]; + unsigned char output2[OUTPUT_SIZE]; + + /* First round */ + mbedtls_entropy_init( &entropy ); + mbedtls_ctr_drbg_init( &drbg ); + TEST_EQUAL( 0, mbedtls_ctr_drbg_seed( &drbg, + mbedtls_entropy_func, &entropy, + NULL, 0 ) ); + TEST_EQUAL( 0, mbedtls_ctr_drbg_random( &drbg, + output1, sizeof( output1 ) ) ); + mbedtls_ctr_drbg_free( &drbg ); + mbedtls_entropy_free( &entropy ); + + /* Second round */ + mbedtls_entropy_init( &entropy ); + mbedtls_ctr_drbg_init( &drbg ); + TEST_EQUAL( 0, mbedtls_ctr_drbg_seed( &drbg, + mbedtls_entropy_func, &entropy, + NULL, 0 ) ); + TEST_EQUAL( 0, mbedtls_ctr_drbg_random( &drbg, + output2, sizeof( output2 ) ) ); + mbedtls_ctr_drbg_free( &drbg ); + mbedtls_entropy_free( &entropy ); + + /* The two rounds must generate different random data. */ + TEST_ASSERT( memcmp( output1, output2, OUTPUT_SIZE ) != 0 ); + +exit: + mbedtls_ctr_drbg_free( &drbg ); + mbedtls_entropy_free( &entropy ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:MBEDTLS_HMAC_DRBG_C */ +void random_twice_with_hmac_drbg( int md_type ) +{ + mbedtls_entropy_context entropy; + mbedtls_hmac_drbg_context drbg; + unsigned char output1[OUTPUT_SIZE]; + unsigned char output2[OUTPUT_SIZE]; + const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_type ); + + /* First round */ + mbedtls_entropy_init( &entropy ); + mbedtls_hmac_drbg_init( &drbg ); + TEST_EQUAL( 0, mbedtls_hmac_drbg_seed( &drbg, md_info, + mbedtls_entropy_func, &entropy, + NULL, 0 ) ); + TEST_EQUAL( 0, mbedtls_hmac_drbg_random( &drbg, + output1, sizeof( output1 ) ) ); + mbedtls_hmac_drbg_free( &drbg ); + mbedtls_entropy_free( &entropy ); + + /* Second round */ + mbedtls_entropy_init( &entropy ); + mbedtls_hmac_drbg_init( &drbg ); + TEST_EQUAL( 0, mbedtls_hmac_drbg_seed( &drbg, md_info, + mbedtls_entropy_func, &entropy, + NULL, 0 ) ); + TEST_EQUAL( 0, mbedtls_hmac_drbg_random( &drbg, + output2, sizeof( output2 ) ) ); + mbedtls_hmac_drbg_free( &drbg ); + mbedtls_entropy_free( &entropy ); + + /* The two rounds must generate different random data. */ + TEST_ASSERT( memcmp( output1, output2, OUTPUT_SIZE ) != 0 ); + +exit: + mbedtls_hmac_drbg_free( &drbg ); + mbedtls_entropy_free( &entropy ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:!MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ +void random_twice_with_psa_from_psa( ) +{ + unsigned char output1[OUTPUT_SIZE]; + unsigned char output2[OUTPUT_SIZE]; + + /* First round */ + PSA_ASSERT( psa_crypto_init( ) ); + PSA_ASSERT( psa_generate_random( output1, sizeof( output1 ) ) ); + PSA_DONE( ); + + /* Second round */ + PSA_ASSERT( psa_crypto_init( ) ); + PSA_ASSERT( psa_generate_random( output2, sizeof( output2 ) ) ); + PSA_DONE( ); + + /* The two rounds must generate different random data. */ + TEST_ASSERT( memcmp( output1, output2, OUTPUT_SIZE ) != 0 ); + +exit: + PSA_DONE( ); +} +/* END_CASE */