1/* BEGIN_HEADER */
2#include "mbedtls/ctr_drbg.h"
3
4int test_offset_idx;
5int mbedtls_entropy_func( void *data, unsigned char *buf, size_t len )
6{
7    const unsigned char *p = (unsigned char *) data;
8    memcpy( buf, p + test_offset_idx, len );
9    test_offset_idx += len;
10    return( 0 );
11}
12/* END_HEADER */
13
14/* BEGIN_DEPENDENCIES
15 * depends_on:MBEDTLS_CTR_DRBG_C
16 * END_DEPENDENCIES
17 */
18
19/* BEGIN_CASE */
20void ctr_drbg_validate_pr( char *add_init_string, char *entropy_string,
21                           char *add1_string, char *add2_string,
22                           char *result_str )
23{
24    unsigned char entropy[512];
25    unsigned char add_init[512];
26    unsigned char add1[512];
27    unsigned char add2[512];
28    mbedtls_ctr_drbg_context ctx;
29    unsigned char buf[512];
30    unsigned char output_str[512];
31    int add_init_len, add1_len, add2_len;
32
33    mbedtls_ctr_drbg_init( &ctx );
34    memset( output_str, 0, 512 );
35
36    unhexify( entropy, entropy_string );
37    add_init_len = unhexify( add_init, add_init_string );
38    add1_len = unhexify( add1, add1_string );
39    add2_len = unhexify( add2, add2_string );
40
41    test_offset_idx = 0;
42    TEST_ASSERT( mbedtls_ctr_drbg_seed_entropy_len( &ctx, mbedtls_entropy_func, entropy, add_init, add_init_len, 32 ) == 0 );
43    mbedtls_ctr_drbg_set_prediction_resistance( &ctx, MBEDTLS_CTR_DRBG_PR_ON );
44
45    TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, buf, 16, add1, add1_len ) == 0 );
46    TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, buf, 16, add2, add2_len ) == 0 );
47    hexify( output_str, buf, 16 );
48    TEST_ASSERT( strcmp( (char *) output_str, result_str ) == 0 );
49
50exit:
51    mbedtls_ctr_drbg_free( &ctx );
52}
53/* END_CASE */
54
55/* BEGIN_CASE */
56void ctr_drbg_validate_nopr( char *add_init_string, char *entropy_string,
57                             char *add1_string, char *add_reseed_string,
58                             char *add2_string, char *result_str )
59{
60    unsigned char entropy[512];
61    unsigned char add_init[512];
62    unsigned char add1[512];
63    unsigned char add_reseed[512];
64    unsigned char add2[512];
65    mbedtls_ctr_drbg_context ctx;
66    unsigned char buf[512];
67    unsigned char output_str[512];
68    int add_init_len, add1_len, add_reseed_len, add2_len;
69
70    mbedtls_ctr_drbg_init( &ctx );
71    memset( output_str, 0, 512 );
72
73    unhexify( entropy, entropy_string );
74    add_init_len = unhexify( add_init, add_init_string );
75    add1_len = unhexify( add1, add1_string );
76    add_reseed_len = unhexify( add_reseed, add_reseed_string );
77    add2_len = unhexify( add2, add2_string );
78
79    test_offset_idx = 0;
80    TEST_ASSERT( mbedtls_ctr_drbg_seed_entropy_len( &ctx, mbedtls_entropy_func, entropy, add_init, add_init_len, 32 ) == 0 );
81
82    TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, buf, 16, add1, add1_len ) == 0 );
83    TEST_ASSERT( mbedtls_ctr_drbg_reseed( &ctx, add_reseed, add_reseed_len ) == 0 );
84    TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, buf, 16, add2, add2_len ) == 0 );
85    hexify( output_str, buf, 16 );
86    TEST_ASSERT( strcmp( (char *) output_str, result_str ) == 0 );
87
88exit:
89    mbedtls_ctr_drbg_free( &ctx );
90}
91/* END_CASE */
92
93/* BEGIN_CASE */
94void ctr_drbg_entropy_usage( )
95{
96    unsigned char out[16];
97    unsigned char add[16];
98    unsigned char entropy[1024];
99    mbedtls_ctr_drbg_context ctx;
100    size_t i, reps = 10;
101    int last_idx;
102
103    mbedtls_ctr_drbg_init( &ctx );
104    test_offset_idx = 0;
105    memset( entropy, 0, sizeof( entropy ) );
106    memset( out, 0, sizeof( out ) );
107    memset( add, 0, sizeof( add ) );
108
109    /* Init must use entropy */
110    last_idx = test_offset_idx;
111    TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctx, mbedtls_entropy_func, entropy, NULL, 0 ) == 0 );
112    TEST_ASSERT( last_idx < test_offset_idx );
113
114    /* By default, PR is off and reseed_interval is large,
115     * so the next few calls should not use entropy */
116    last_idx = test_offset_idx;
117    for( i = 0; i < reps; i++ )
118    {
119        TEST_ASSERT( mbedtls_ctr_drbg_random( &ctx, out, sizeof( out ) - 4 ) == 0 );
120        TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, out, sizeof( out ) - 4,
121                                                add, sizeof( add ) ) == 0 );
122    }
123    TEST_ASSERT( last_idx == test_offset_idx );
124
125    /* While at it, make sure we didn't write past the requested length */
126    TEST_ASSERT( out[sizeof( out ) - 4] == 0 );
127    TEST_ASSERT( out[sizeof( out ) - 3] == 0 );
128    TEST_ASSERT( out[sizeof( out ) - 2] == 0 );
129    TEST_ASSERT( out[sizeof( out ) - 1] == 0 );
130
131    /* Set reseed_interval to the number of calls done,
132     * so the next call should reseed */
133    mbedtls_ctr_drbg_set_reseed_interval( &ctx, 2 * reps );
134    TEST_ASSERT( mbedtls_ctr_drbg_random( &ctx, out, sizeof( out ) ) == 0 );
135    TEST_ASSERT( last_idx < test_offset_idx );
136
137    /* The new few calls should not reseed */
138    last_idx = test_offset_idx;
139    for( i = 0; i < reps / 2; i++ )
140    {
141        TEST_ASSERT( mbedtls_ctr_drbg_random( &ctx, out, sizeof( out ) ) == 0 );
142        TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, out, sizeof( out ) ,
143                                                add, sizeof( add ) ) == 0 );
144    }
145    TEST_ASSERT( last_idx == test_offset_idx );
146
147    /* Call update with too much data (sizeof entropy > MAX(_SEED)_INPUT)
148     * (just make sure it doesn't cause memory corruption) */
149    mbedtls_ctr_drbg_update( &ctx, entropy, sizeof( entropy ) );
150
151    /* Now enable PR, so the next few calls should all reseed */
152    mbedtls_ctr_drbg_set_prediction_resistance( &ctx, MBEDTLS_CTR_DRBG_PR_ON );
153    TEST_ASSERT( mbedtls_ctr_drbg_random( &ctx, out, sizeof( out ) ) == 0 );
154    TEST_ASSERT( last_idx < test_offset_idx );
155
156    /* Finally, check setting entropy_len */
157    mbedtls_ctr_drbg_set_entropy_len( &ctx, 42 );
158    last_idx = test_offset_idx;
159    TEST_ASSERT( mbedtls_ctr_drbg_random( &ctx, out, sizeof( out ) ) == 0 );
160    TEST_ASSERT( test_offset_idx - last_idx == 42 );
161
162    mbedtls_ctr_drbg_set_entropy_len( &ctx, 13 );
163    last_idx = test_offset_idx;
164    TEST_ASSERT( mbedtls_ctr_drbg_random( &ctx, out, sizeof( out ) ) == 0 );
165    TEST_ASSERT( test_offset_idx - last_idx == 13 );
166
167exit:
168    mbedtls_ctr_drbg_free( &ctx );
169}
170/* END_CASE */
171
172/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
173void ctr_drbg_seed_file( char *path, int ret )
174{
175    mbedtls_ctr_drbg_context ctx;
176
177    mbedtls_ctr_drbg_init( &ctx );
178
179    TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctx, rnd_std_rand, NULL, NULL, 0 ) == 0 );
180    TEST_ASSERT( mbedtls_ctr_drbg_write_seed_file( &ctx, path ) == ret );
181    TEST_ASSERT( mbedtls_ctr_drbg_update_seed_file( &ctx, path ) == ret );
182
183exit:
184    mbedtls_ctr_drbg_free( &ctx );
185}
186/* END_CASE */
187
188/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
189void ctr_drbg_selftest( )
190{
191    TEST_ASSERT( mbedtls_ctr_drbg_self_test( 0 ) == 0 );
192}
193/* END_CASE */
194