1/* BEGIN_HEADER */ 2 3/* Test random generation as a whole. */ 4 5#include "mbedtls/bignum.h" 6#include "mbedtls/ctr_drbg.h" 7#include "mbedtls/ecdsa.h" 8#include "mbedtls/entropy.h" 9#include "mbedtls/hmac_drbg.h" 10#include "mbedtls/psa_util.h" 11#include "psa/crypto.h" 12 13/* How many bytes to generate in each test case for repeated generation. 14 * This must be high enough that the probability of generating the same 15 * output twice is infinitesimal, but low enough that random generators 16 * are willing to deliver that much. */ 17#define OUTPUT_SIZE 32 18 19/* END_HEADER */ 20 21/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:!MBEDTLS_PSA_INJECT_ENTROPY:MBEDTLS_CTR_DRBG_C */ 22void random_twice_with_ctr_drbg() 23{ 24 mbedtls_entropy_context entropy; 25 mbedtls_ctr_drbg_context drbg; 26 unsigned char output1[OUTPUT_SIZE]; 27 unsigned char output2[OUTPUT_SIZE]; 28 29 MD_PSA_INIT(); 30 31 /* First round */ 32 mbedtls_entropy_init(&entropy); 33 mbedtls_ctr_drbg_init(&drbg); 34 TEST_EQUAL(0, mbedtls_ctr_drbg_seed(&drbg, 35 mbedtls_entropy_func, &entropy, 36 NULL, 0)); 37 TEST_EQUAL(0, mbedtls_ctr_drbg_random(&drbg, 38 output1, sizeof(output1))); 39 mbedtls_ctr_drbg_free(&drbg); 40 mbedtls_entropy_free(&entropy); 41 42 /* Second round */ 43 mbedtls_entropy_init(&entropy); 44 mbedtls_ctr_drbg_init(&drbg); 45 TEST_EQUAL(0, mbedtls_ctr_drbg_seed(&drbg, 46 mbedtls_entropy_func, &entropy, 47 NULL, 0)); 48 TEST_EQUAL(0, mbedtls_ctr_drbg_random(&drbg, 49 output2, sizeof(output2))); 50 mbedtls_ctr_drbg_free(&drbg); 51 mbedtls_entropy_free(&entropy); 52 53 /* The two rounds must generate different random data. */ 54 TEST_ASSERT(memcmp(output1, output2, OUTPUT_SIZE) != 0); 55 56exit: 57 mbedtls_ctr_drbg_free(&drbg); 58 mbedtls_entropy_free(&entropy); 59 MD_PSA_DONE(); 60} 61/* END_CASE */ 62 63/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:!MBEDTLS_PSA_INJECT_ENTROPY:MBEDTLS_HMAC_DRBG_C */ 64void random_twice_with_hmac_drbg(int md_type) 65{ 66 mbedtls_entropy_context entropy; 67 mbedtls_hmac_drbg_context drbg; 68 unsigned char output1[OUTPUT_SIZE]; 69 unsigned char output2[OUTPUT_SIZE]; 70 const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_type); 71 72 MD_PSA_INIT(); 73 74 /* First round */ 75 mbedtls_entropy_init(&entropy); 76 mbedtls_hmac_drbg_init(&drbg); 77 TEST_EQUAL(0, mbedtls_hmac_drbg_seed(&drbg, md_info, 78 mbedtls_entropy_func, &entropy, 79 NULL, 0)); 80 TEST_EQUAL(0, mbedtls_hmac_drbg_random(&drbg, 81 output1, sizeof(output1))); 82 mbedtls_hmac_drbg_free(&drbg); 83 mbedtls_entropy_free(&entropy); 84 85 /* Second round */ 86 mbedtls_entropy_init(&entropy); 87 mbedtls_hmac_drbg_init(&drbg); 88 TEST_EQUAL(0, mbedtls_hmac_drbg_seed(&drbg, md_info, 89 mbedtls_entropy_func, &entropy, 90 NULL, 0)); 91 TEST_EQUAL(0, mbedtls_hmac_drbg_random(&drbg, 92 output2, sizeof(output2))); 93 mbedtls_hmac_drbg_free(&drbg); 94 mbedtls_entropy_free(&entropy); 95 96 /* The two rounds must generate different random data. */ 97 TEST_ASSERT(memcmp(output1, output2, OUTPUT_SIZE) != 0); 98 99exit: 100 mbedtls_hmac_drbg_free(&drbg); 101 mbedtls_entropy_free(&entropy); 102 MD_PSA_DONE(); 103} 104/* END_CASE */ 105 106/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:!MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ 107void random_twice_with_psa_from_classic() 108{ 109 unsigned char output1[OUTPUT_SIZE]; 110 unsigned char output2[OUTPUT_SIZE]; 111 112 /* First round */ 113 PSA_ASSERT(psa_crypto_init()); 114 TEST_EQUAL(0, mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE, 115 output1, sizeof(output1))); 116 PSA_DONE(); 117 118 /* Second round */ 119 PSA_ASSERT(psa_crypto_init()); 120 TEST_EQUAL(0, mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE, 121 output2, sizeof(output2))); 122 PSA_DONE(); 123 124 /* The two rounds must generate different random data. */ 125 TEST_ASSERT(memcmp(output1, output2, OUTPUT_SIZE) != 0); 126 127exit: 128 PSA_DONE(); 129} 130/* END_CASE */ 131 132/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:!MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ 133void random_twice_with_psa_from_psa() 134{ 135 unsigned char output1[OUTPUT_SIZE]; 136 unsigned char output2[OUTPUT_SIZE]; 137 138 /* First round */ 139 PSA_ASSERT(psa_crypto_init()); 140 PSA_ASSERT(psa_generate_random(output1, sizeof(output1))); 141 PSA_DONE(); 142 143 /* Second round */ 144 PSA_ASSERT(psa_crypto_init()); 145 PSA_ASSERT(psa_generate_random(output2, sizeof(output2))); 146 PSA_DONE(); 147 148 /* The two rounds must generate different random data. */ 149 TEST_ASSERT(memcmp(output1, output2, OUTPUT_SIZE) != 0); 150 151exit: 152 PSA_DONE(); 153} 154/* END_CASE */ 155 156/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */ 157void mbedtls_psa_get_random_no_init() 158{ 159 unsigned char output[1]; 160 161 TEST_ASSERT(mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE, 162 output, sizeof(output)) != 0); 163} 164/* END_CASE */ 165 166/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */ 167void mbedtls_psa_get_random_length(int n) 168{ 169 unsigned char *output = NULL; 170 171 PSA_ASSERT(psa_crypto_init()); 172 TEST_CALLOC(output, n); 173 174 TEST_EQUAL(0, mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE, 175 output, n)); 176exit: 177 mbedtls_free(output); 178 PSA_DONE(); 179} 180/* END_CASE */ 181 182/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_ECDSA_C */ 183void mbedtls_psa_get_random_ecdsa_sign(int curve) 184{ 185 mbedtls_ecp_group grp; 186 mbedtls_mpi d, r, s; 187 unsigned char buf[] = "This is not a hash."; 188 189 mbedtls_ecp_group_init(&grp); 190 mbedtls_mpi_init(&d); 191 mbedtls_mpi_init(&r); 192 mbedtls_mpi_init(&s); 193 194 TEST_EQUAL(0, mbedtls_mpi_lset(&d, 123456789)); 195 TEST_EQUAL(0, mbedtls_ecp_group_load(&grp, curve)); 196 PSA_ASSERT(psa_crypto_init()); 197 TEST_EQUAL(0, mbedtls_ecdsa_sign(&grp, &r, &s, &d, 198 buf, sizeof(buf), 199 mbedtls_psa_get_random, 200 MBEDTLS_PSA_RANDOM_STATE)); 201exit: 202 mbedtls_mpi_free(&d); 203 mbedtls_mpi_free(&r); 204 mbedtls_mpi_free(&s); 205 mbedtls_ecp_group_free(&grp); 206 PSA_DONE(); 207} 208/* END_CASE */ 209