1/* BEGIN_HEADER */ 2 3/* Test random generation as a whole. */ 4 5#include "mbedtls/bignum.h" 6#include "mbedtls/ctr_drbg.h" 7#include "mbedtls/ecdsa.h" 8#include "mbedtls/entropy.h" 9#include "mbedtls/hmac_drbg.h" 10#include "mbedtls/psa_util.h" 11#include "psa/crypto.h" 12 13/* How many bytes to generate in each test case for repeated generation. 14 * This must be high enough that the probability of generating the same 15 * output twice is infinitesimal, but low enough that random generators 16 * are willing to deliver that much. */ 17#define OUTPUT_SIZE 32 18 19/* END_HEADER */ 20 21/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */ 22void random_twice_with_ctr_drbg() 23{ 24 mbedtls_entropy_context entropy; 25 mbedtls_ctr_drbg_context drbg; 26 unsigned char output1[OUTPUT_SIZE]; 27 unsigned char output2[OUTPUT_SIZE]; 28 29 /* First round */ 30 mbedtls_entropy_init(&entropy); 31 mbedtls_ctr_drbg_init(&drbg); 32 TEST_EQUAL(0, mbedtls_ctr_drbg_seed(&drbg, 33 mbedtls_entropy_func, &entropy, 34 NULL, 0)); 35 TEST_EQUAL(0, mbedtls_ctr_drbg_random(&drbg, 36 output1, sizeof(output1))); 37 mbedtls_ctr_drbg_free(&drbg); 38 mbedtls_entropy_free(&entropy); 39 40 /* Second round */ 41 mbedtls_entropy_init(&entropy); 42 mbedtls_ctr_drbg_init(&drbg); 43 TEST_EQUAL(0, mbedtls_ctr_drbg_seed(&drbg, 44 mbedtls_entropy_func, &entropy, 45 NULL, 0)); 46 TEST_EQUAL(0, mbedtls_ctr_drbg_random(&drbg, 47 output2, sizeof(output2))); 48 mbedtls_ctr_drbg_free(&drbg); 49 mbedtls_entropy_free(&entropy); 50 51 /* The two rounds must generate different random data. */ 52 TEST_ASSERT(memcmp(output1, output2, OUTPUT_SIZE) != 0); 53 54exit: 55 mbedtls_ctr_drbg_free(&drbg); 56 mbedtls_entropy_free(&entropy); 57} 58/* END_CASE */ 59 60/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:MBEDTLS_HMAC_DRBG_C */ 61void random_twice_with_hmac_drbg(int md_type) 62{ 63 mbedtls_entropy_context entropy; 64 mbedtls_hmac_drbg_context drbg; 65 unsigned char output1[OUTPUT_SIZE]; 66 unsigned char output2[OUTPUT_SIZE]; 67 const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_type); 68 69 /* First round */ 70 mbedtls_entropy_init(&entropy); 71 mbedtls_hmac_drbg_init(&drbg); 72 TEST_EQUAL(0, mbedtls_hmac_drbg_seed(&drbg, md_info, 73 mbedtls_entropy_func, &entropy, 74 NULL, 0)); 75 TEST_EQUAL(0, mbedtls_hmac_drbg_random(&drbg, 76 output1, sizeof(output1))); 77 mbedtls_hmac_drbg_free(&drbg); 78 mbedtls_entropy_free(&entropy); 79 80 /* Second round */ 81 mbedtls_entropy_init(&entropy); 82 mbedtls_hmac_drbg_init(&drbg); 83 TEST_EQUAL(0, mbedtls_hmac_drbg_seed(&drbg, md_info, 84 mbedtls_entropy_func, &entropy, 85 NULL, 0)); 86 TEST_EQUAL(0, mbedtls_hmac_drbg_random(&drbg, 87 output2, sizeof(output2))); 88 mbedtls_hmac_drbg_free(&drbg); 89 mbedtls_entropy_free(&entropy); 90 91 /* The two rounds must generate different random data. */ 92 TEST_ASSERT(memcmp(output1, output2, OUTPUT_SIZE) != 0); 93 94exit: 95 mbedtls_hmac_drbg_free(&drbg); 96 mbedtls_entropy_free(&entropy); 97} 98/* END_CASE */ 99 100/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:!MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ 101void random_twice_with_psa_from_classic() 102{ 103 unsigned char output1[OUTPUT_SIZE]; 104 unsigned char output2[OUTPUT_SIZE]; 105 106 /* First round */ 107 PSA_ASSERT(psa_crypto_init()); 108 TEST_EQUAL(0, mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE, 109 output1, sizeof(output1))); 110 PSA_DONE(); 111 112 /* Second round */ 113 PSA_ASSERT(psa_crypto_init()); 114 TEST_EQUAL(0, mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE, 115 output2, sizeof(output2))); 116 PSA_DONE(); 117 118 /* The two rounds must generate different random data. */ 119 TEST_ASSERT(memcmp(output1, output2, OUTPUT_SIZE) != 0); 120 121exit: 122 PSA_DONE(); 123} 124/* END_CASE */ 125 126/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:!MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ 127void random_twice_with_psa_from_psa() 128{ 129 unsigned char output1[OUTPUT_SIZE]; 130 unsigned char output2[OUTPUT_SIZE]; 131 132 /* First round */ 133 PSA_ASSERT(psa_crypto_init()); 134 PSA_ASSERT(psa_generate_random(output1, sizeof(output1))); 135 PSA_DONE(); 136 137 /* Second round */ 138 PSA_ASSERT(psa_crypto_init()); 139 PSA_ASSERT(psa_generate_random(output2, sizeof(output2))); 140 PSA_DONE(); 141 142 /* The two rounds must generate different random data. */ 143 TEST_ASSERT(memcmp(output1, output2, OUTPUT_SIZE) != 0); 144 145exit: 146 PSA_DONE(); 147} 148/* END_CASE */ 149 150/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */ 151void mbedtls_psa_get_random_no_init() 152{ 153 unsigned char output[1]; 154 155 TEST_ASSERT(mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE, 156 output, sizeof(output)) != 0); 157} 158/* END_CASE */ 159 160/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */ 161void mbedtls_psa_get_random_length(int n) 162{ 163 unsigned char *output = NULL; 164 165 PSA_ASSERT(psa_crypto_init()); 166 ASSERT_ALLOC(output, n); 167 168 TEST_EQUAL(0, mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE, 169 output, n)); 170exit: 171 mbedtls_free(output); 172 PSA_DONE(); 173} 174/* END_CASE */ 175 176/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_ECDSA_C */ 177void mbedtls_psa_get_random_ecdsa_sign(int curve) 178{ 179 mbedtls_ecp_group grp; 180 mbedtls_mpi d, r, s; 181 unsigned char buf[] = "This is not a hash."; 182 183 mbedtls_ecp_group_init(&grp); 184 mbedtls_mpi_init(&d); 185 mbedtls_mpi_init(&r); 186 mbedtls_mpi_init(&s); 187 188 TEST_EQUAL(0, mbedtls_mpi_lset(&d, 123456789)); 189 TEST_EQUAL(0, mbedtls_ecp_group_load(&grp, curve)); 190 PSA_ASSERT(psa_crypto_init()); 191 TEST_EQUAL(0, mbedtls_ecdsa_sign(&grp, &r, &s, &d, 192 buf, sizeof(buf), 193 mbedtls_psa_get_random, 194 MBEDTLS_PSA_RANDOM_STATE)); 195exit: 196 mbedtls_mpi_free(&d); 197 mbedtls_mpi_free(&r); 198 mbedtls_mpi_free(&s); 199 mbedtls_ecp_group_free(&grp); 200 PSA_DONE(); 201} 202/* END_CASE */ 203