TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / c6088eceb41727ff9e66c577e53e0a0baf4d4935 / . / tests / suites / test_suite_random.function
blob: 155b8e708396f87b4fef93a62bdb55ad9e1f1142 [file] [log] [blame]
Gilles Peskine077599a2021-02-03 18:55:39 +0100[diff] [blame]1/* BEGIN_HEADER */
2
3/* Test random generation as a whole. */
4
Gilles Peskinee3ed8022021-02-03 20:04:08 +0100[diff] [blame]5#include "mbedtls/bignum.h"
Gilles Peskine077599a2021-02-03 18:55:39 +0100[diff] [blame]6#include "mbedtls/ctr_drbg.h"
Gilles Peskinee3ed8022021-02-03 20:04:08 +0100[diff] [blame]7#include "mbedtls/ecdsa.h"
Gilles Peskine077599a2021-02-03 18:55:39 +0100[diff] [blame]8#include "mbedtls/entropy.h"
9#include "mbedtls/hmac_drbg.h"
Gilles Peskinee3ed8022021-02-03 20:04:08 +0100[diff] [blame]10#include "mbedtls/psa_util.h"
Gilles Peskine077599a2021-02-03 18:55:39 +0100[diff] [blame]11#include "psa/crypto.h"
12
13/* How many bytes to generate in each test case for repeated generation.
14 * This must be high enough that the probability of generating the same
15 * output twice is infinitesimal, but low enough that random generators
16 * are willing to deliver that much. */
17#define OUTPUT_SIZE 32
18
19/* END_HEADER */
20
Gilles Peskinec5484682023-04-28 23:41:38 +0200[diff] [blame]21/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:!MBEDTLS_PSA_INJECT_ENTROPY:MBEDTLS_CTR_DRBG_C */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]22void random_twice_with_ctr_drbg()
Gilles Peskine077599a2021-02-03 18:55:39 +0100[diff] [blame]23{
24 mbedtls_entropy_context entropy;
25 mbedtls_ctr_drbg_context drbg;
26 unsigned char output1[OUTPUT_SIZE];
27 unsigned char output2[OUTPUT_SIZE];
28
Valerio Settidc32ac22023-11-13 10:27:56 +0100[diff] [blame]29#if defined(MBEDTLS_AES_C)
Manuel Pégourié-Gonnarde9319772023-03-21 18:09:40 +0100[diff] [blame]30 MD_PSA_INIT();
Valerio Settidc32ac22023-11-13 10:27:56 +0100[diff] [blame]31#else
32 USE_PSA_INIT();
33#endif
34
Manuel Pégourié-Gonnarde9319772023-03-21 18:09:40 +0100[diff] [blame]35
Gilles Peskine077599a2021-02-03 18:55:39 +0100[diff] [blame]36 /* First round */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]37 mbedtls_entropy_init(&entropy);
38 mbedtls_ctr_drbg_init(&drbg);
39 TEST_EQUAL(0, mbedtls_ctr_drbg_seed(&drbg,
40 mbedtls_entropy_func, &entropy,
41 NULL, 0));
42 TEST_EQUAL(0, mbedtls_ctr_drbg_random(&drbg,
43 output1, sizeof(output1)));
44 mbedtls_ctr_drbg_free(&drbg);
45 mbedtls_entropy_free(&entropy);
Gilles Peskine077599a2021-02-03 18:55:39 +0100[diff] [blame]46
47 /* Second round */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]48 mbedtls_entropy_init(&entropy);
49 mbedtls_ctr_drbg_init(&drbg);
50 TEST_EQUAL(0, mbedtls_ctr_drbg_seed(&drbg,
51 mbedtls_entropy_func, &entropy,
52 NULL, 0));
53 TEST_EQUAL(0, mbedtls_ctr_drbg_random(&drbg,
54 output2, sizeof(output2)));
55 mbedtls_ctr_drbg_free(&drbg);
56 mbedtls_entropy_free(&entropy);
Gilles Peskine077599a2021-02-03 18:55:39 +0100[diff] [blame]57
58 /* The two rounds must generate different random data. */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]59 TEST_ASSERT(memcmp(output1, output2, OUTPUT_SIZE) != 0);
Gilles Peskine077599a2021-02-03 18:55:39 +0100[diff] [blame]60
61exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]62 mbedtls_ctr_drbg_free(&drbg);
63 mbedtls_entropy_free(&entropy);
Valerio Settidc32ac22023-11-13 10:27:56 +0100[diff] [blame]64#if defined(MBEDTLS_AES_C)
Manuel Pégourié-Gonnarde9319772023-03-21 18:09:40 +0100[diff] [blame]65 MD_PSA_DONE();
Valerio Settidc32ac22023-11-13 10:27:56 +0100[diff] [blame]66#else
67 USE_PSA_DONE();
68#endif
Gilles Peskine077599a2021-02-03 18:55:39 +0100[diff] [blame]69}
70/* END_CASE */
71
Gilles Peskinec5484682023-04-28 23:41:38 +0200[diff] [blame]72/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:!MBEDTLS_PSA_INJECT_ENTROPY:MBEDTLS_HMAC_DRBG_C */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]73void random_twice_with_hmac_drbg(int md_type)
Gilles Peskine077599a2021-02-03 18:55:39 +0100[diff] [blame]74{
75 mbedtls_entropy_context entropy;
76 mbedtls_hmac_drbg_context drbg;
77 unsigned char output1[OUTPUT_SIZE];
78 unsigned char output2[OUTPUT_SIZE];
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]79 const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_type);
Gilles Peskine077599a2021-02-03 18:55:39 +0100[diff] [blame]80
Manuel Pégourié-Gonnarde9319772023-03-21 18:09:40 +0100[diff] [blame]81 MD_PSA_INIT();
82
Gilles Peskine077599a2021-02-03 18:55:39 +0100[diff] [blame]83 /* First round */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]84 mbedtls_entropy_init(&entropy);
85 mbedtls_hmac_drbg_init(&drbg);
86 TEST_EQUAL(0, mbedtls_hmac_drbg_seed(&drbg, md_info,
87 mbedtls_entropy_func, &entropy,
88 NULL, 0));
89 TEST_EQUAL(0, mbedtls_hmac_drbg_random(&drbg,
90 output1, sizeof(output1)));
91 mbedtls_hmac_drbg_free(&drbg);
92 mbedtls_entropy_free(&entropy);
Gilles Peskine077599a2021-02-03 18:55:39 +0100[diff] [blame]93
94 /* Second round */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]95 mbedtls_entropy_init(&entropy);
96 mbedtls_hmac_drbg_init(&drbg);
97 TEST_EQUAL(0, mbedtls_hmac_drbg_seed(&drbg, md_info,
98 mbedtls_entropy_func, &entropy,
99 NULL, 0));
100 TEST_EQUAL(0, mbedtls_hmac_drbg_random(&drbg,
101 output2, sizeof(output2)));
102 mbedtls_hmac_drbg_free(&drbg);
103 mbedtls_entropy_free(&entropy);
Gilles Peskine077599a2021-02-03 18:55:39 +0100[diff] [blame]104
105 /* The two rounds must generate different random data. */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]106 TEST_ASSERT(memcmp(output1, output2, OUTPUT_SIZE) != 0);
Gilles Peskine077599a2021-02-03 18:55:39 +0100[diff] [blame]107
108exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]109 mbedtls_hmac_drbg_free(&drbg);
110 mbedtls_entropy_free(&entropy);
Manuel Pégourié-Gonnarde9319772023-03-21 18:09:40 +0100[diff] [blame]111 MD_PSA_DONE();
Gilles Peskine077599a2021-02-03 18:55:39 +0100[diff] [blame]112}
113/* END_CASE */
114
Mateusz Starzyk72f60df2021-04-30 13:28:22 +0200[diff] [blame]115/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:!MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]116void random_twice_with_psa_from_classic()
Gilles Peskinee3ed8022021-02-03 20:04:08 +0100[diff] [blame]117{
118 unsigned char output1[OUTPUT_SIZE];
119 unsigned char output2[OUTPUT_SIZE];
120
121 /* First round */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]122 PSA_ASSERT(psa_crypto_init());
123 TEST_EQUAL(0, mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE,
124 output1, sizeof(output1)));
125 PSA_DONE();
Gilles Peskinee3ed8022021-02-03 20:04:08 +0100[diff] [blame]126
127 /* Second round */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]128 PSA_ASSERT(psa_crypto_init());
129 TEST_EQUAL(0, mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE,
130 output2, sizeof(output2)));
131 PSA_DONE();
Gilles Peskinee3ed8022021-02-03 20:04:08 +0100[diff] [blame]132
133 /* The two rounds must generate different random data. */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]134 TEST_ASSERT(memcmp(output1, output2, OUTPUT_SIZE) != 0);
Gilles Peskinee3ed8022021-02-03 20:04:08 +0100[diff] [blame]135
136exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]137 PSA_DONE();
Gilles Peskinee3ed8022021-02-03 20:04:08 +0100[diff] [blame]138}
139/* END_CASE */
140
Mateusz Starzyk72f60df2021-04-30 13:28:22 +0200[diff] [blame]141/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:!MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]142void random_twice_with_psa_from_psa()
Gilles Peskine077599a2021-02-03 18:55:39 +0100[diff] [blame]143{
144 unsigned char output1[OUTPUT_SIZE];
145 unsigned char output2[OUTPUT_SIZE];
146
147 /* First round */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]148 PSA_ASSERT(psa_crypto_init());
149 PSA_ASSERT(psa_generate_random(output1, sizeof(output1)));
150 PSA_DONE();
Gilles Peskine077599a2021-02-03 18:55:39 +0100[diff] [blame]151
152 /* Second round */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]153 PSA_ASSERT(psa_crypto_init());
154 PSA_ASSERT(psa_generate_random(output2, sizeof(output2)));
155 PSA_DONE();
Gilles Peskine077599a2021-02-03 18:55:39 +0100[diff] [blame]156
157 /* The two rounds must generate different random data. */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]158 TEST_ASSERT(memcmp(output1, output2, OUTPUT_SIZE) != 0);
Gilles Peskine077599a2021-02-03 18:55:39 +0100[diff] [blame]159
160exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]161 PSA_DONE();
Gilles Peskine077599a2021-02-03 18:55:39 +0100[diff] [blame]162}
163/* END_CASE */
Gilles Peskinee3ed8022021-02-03 20:04:08 +0100[diff] [blame]164
165/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]166void mbedtls_psa_get_random_no_init()
Gilles Peskinee3ed8022021-02-03 20:04:08 +0100[diff] [blame]167{
168 unsigned char output[1];
169
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]170 TEST_ASSERT(mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE,
171 output, sizeof(output)) != 0);
Gilles Peskinee3ed8022021-02-03 20:04:08 +0100[diff] [blame]172}
173/* END_CASE */
174
175/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]176void mbedtls_psa_get_random_length(int n)
Gilles Peskinee3ed8022021-02-03 20:04:08 +0100[diff] [blame]177{
178 unsigned char *output = NULL;
179
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]180 PSA_ASSERT(psa_crypto_init());
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]181 TEST_CALLOC(output, n);
Gilles Peskinee3ed8022021-02-03 20:04:08 +0100[diff] [blame]182
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]183 TEST_EQUAL(0, mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE,
184 output, n));
Gilles Peskinee3ed8022021-02-03 20:04:08 +0100[diff] [blame]185exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]186 mbedtls_free(output);
187 PSA_DONE();
Gilles Peskinee3ed8022021-02-03 20:04:08 +0100[diff] [blame]188}
189/* END_CASE */
190
191/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_ECDSA_C */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]192void mbedtls_psa_get_random_ecdsa_sign(int curve)
Gilles Peskinee3ed8022021-02-03 20:04:08 +0100[diff] [blame]193{
194 mbedtls_ecp_group grp;
195 mbedtls_mpi d, r, s;
196 unsigned char buf[] = "This is not a hash.";
197
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]198 mbedtls_ecp_group_init(&grp);
199 mbedtls_mpi_init(&d);
200 mbedtls_mpi_init(&r);
201 mbedtls_mpi_init(&s);
Gilles Peskinee3ed8022021-02-03 20:04:08 +0100[diff] [blame]202
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]203 TEST_EQUAL(0, mbedtls_mpi_lset(&d, 123456789));
204 TEST_EQUAL(0, mbedtls_ecp_group_load(&grp, curve));
205 PSA_ASSERT(psa_crypto_init());
206 TEST_EQUAL(0, mbedtls_ecdsa_sign(&grp, &r, &s, &d,
207 buf, sizeof(buf),
208 mbedtls_psa_get_random,
209 MBEDTLS_PSA_RANDOM_STATE));
Gilles Peskinee3ed8022021-02-03 20:04:08 +0100[diff] [blame]210exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]211 mbedtls_mpi_free(&d);
212 mbedtls_mpi_free(&r);
213 mbedtls_mpi_free(&s);
214 mbedtls_ecp_group_free(&grp);
215 PSA_DONE();
Gilles Peskinee3ed8022021-02-03 20:04:08 +0100[diff] [blame]216}
217/* END_CASE */