commit bdc96fd636c71d4adf2034f09fe7097ee4573caa
author Gilles Peskine <Gilles.Peskine@arm.com> Wed Aug 07 12:08:04 2019 +0200
committer Gilles Peskine <Gilles.Peskine@arm.com> Wed Aug 07 13:47:28 2019 +0200
tree 7b68f0e5f5274c3638b6d51ce36331f1d802c528
parent a6b2f60b4c2ce28991e2b5f1f860c901ab6f8ab8

Add tests to generate more random than MBEDTLS_CTR_DRBG_MAX_REQUEST

Add tests that call psa_generate_random() (possibly via
psa_generate_key()) with a size that's larger than
MBEDTLS_CTR_DRBG_MAX_REQUEST. This causes psa_generate_random() to
fail because it calls mbedtls_ctr_drbg_random() without taking the
maximum request size of CTR_DRBG into account.

Non-regression test for #206

tests/suites/test_suite_psa_crypto.data

diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index ccbffff..b049840 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -2209,6 +2209,15 @@
 PSA generate random: 260 bytes
 generate_random:260
 
+PSA generate random: MBEDTLS_CTR_DRBG_MAX_REQUEST bytes
+generate_random:MBEDTLS_CTR_DRBG_MAX_REQUEST
+
+PSA generate random: MBEDTLS_CTR_DRBG_MAX_REQUEST+1 bytes
+generate_random:MBEDTLS_CTR_DRBG_MAX_REQUEST + 1
+
+PSA generate random: 2*MBEDTLS_CTR_DRBG_MAX_REQUEST+1 bytes
+generate_random:2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1
+
 PSA generate key: bad type (0)
 generate_key:PSA_KEY_TYPE_NONE:128:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_NOT_SUPPORTED
 
@@ -2227,6 +2236,12 @@
 PSA generate key: raw data, 8 bits
 generate_key:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS
 
+PSA generate key: raw data, (MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8 bits
+generate_key:PSA_KEY_TYPE_RAW_DATA:(MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS
+
+PSA generate key: raw data, (2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8 bits
+generate_key:PSA_KEY_TYPE_RAW_DATA:(2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS
+
 PSA generate key: raw data, 65528 bits (ok)
 depends_on:HAVE_RAM_AVAILABLE_128K
 generate_key:PSA_KEY_TYPE_RAW_DATA:65528:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS

tests/suites/test_suite_psa_crypto.function

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 69b49f3..81ccb4c 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -5,6 +5,10 @@
 #include "mbedtls/asn1write.h"
 #include "mbedtls/oid.h"
 
+/* For MBEDTLS_CTR_DRBG_MAX_REQUEST, knowing that psa_generate_random()
+ * uses mbedtls_ctr_drbg internally. */
+#include "mbedtls/ctr_drbg.h"
+
 #include "psa_crypto_helpers.h"
 
 /* Tests that require more than 128kB of RAM plus change have this symbol
@@ -14,6 +18,8 @@
  * platforms. */
 #define HAVE_RAM_AVAILABLE_128K
 
+#include "psa/crypto.h"
+
 /** An invalid export length that will never be set by psa_export_key(). */
 static const size_t INVALID_EXPORT_LENGTH = ~0U;