EC600G/components/net/mbedtls/tests/suites/test_suite_ctr_drbg.function

/* BEGIN_HEADER */
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "string.h"

/* Modes for ctr_drbg_validate */
enum reseed_mode
{
    RESEED_NEVER, /* never reseed */
    RESEED_FIRST, /* instantiate, reseed, generate, generate */
    RESEED_SECOND, /* instantiate, generate, reseed, generate */
    RESEED_ALWAYS /* prediction resistance, no explicit reseed */
};

static size_t test_offset_idx = 0;
static size_t test_max_idx  = 0;
static int mbedtls_test_entropy_func( void *data, unsigned char *buf, size_t len )
{
    const unsigned char *p = (unsigned char *) data;
    if( test_offset_idx + len > test_max_idx )
        return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
    memcpy( buf, p + test_offset_idx, len );
    test_offset_idx += len;
    return( 0 );
}

static void ctr_drbg_validate_internal( int reseed_mode, data_t * nonce,
                        int entropy_len_arg, data_t * entropy,
                        data_t * reseed,
                        data_t * add1, data_t * add2,
                        data_t * result )
{
    mbedtls_ctr_drbg_context ctx;
    unsigned char buf[64];

    size_t entropy_chunk_len = (size_t) entropy_len_arg;

    TEST_ASSERT( entropy_chunk_len <= sizeof( buf ) );

    test_offset_idx = 0;
    mbedtls_ctr_drbg_init( &ctx );

    test_max_idx = entropy->len;

    /* CTR_DRBG_Instantiate(entropy[:entropy->len], nonce, perso, <ignored>)
     * where nonce||perso = nonce[nonce->len] */
    mbedtls_ctr_drbg_set_entropy_len( &ctx, entropy_chunk_len );
    mbedtls_ctr_drbg_set_nonce_len( &ctx, 0 );
    TEST_ASSERT( mbedtls_ctr_drbg_seed(
                     &ctx,
                     mbedtls_test_entropy_func, entropy->x,
                     nonce->x, nonce->len ) == 0 );
    if( reseed_mode == RESEED_ALWAYS )
        mbedtls_ctr_drbg_set_prediction_resistance(
            &ctx,
            MBEDTLS_CTR_DRBG_PR_ON );

    if( reseed_mode == RESEED_FIRST )
    {
        /* CTR_DRBG_Reseed(entropy[idx:idx+entropy->len],
         *                 reseed[:reseed->len]) */
        TEST_ASSERT( mbedtls_ctr_drbg_reseed(
                         &ctx,
                         reseed->x, reseed->len ) == 0 );
    }

    /* CTR_DRBG_Generate(result->len * 8 bits, add1[:add1->len]) -> buf */
    /* Then reseed if prediction resistance is enabled. */
    TEST_ASSERT( mbedtls_ctr_drbg_random_with_add(
                     &ctx,
                     buf, result->len,
                     add1->x, add1->len ) == 0 );


    if( reseed_mode == RESEED_SECOND )
    {
        /* CTR_DRBG_Reseed(entropy[idx:idx+entropy->len],
         *                 reseed[:reseed->len]) */
        TEST_ASSERT( mbedtls_ctr_drbg_reseed(
                         &ctx,
                         reseed->x, reseed->len ) == 0 );
    }

    /* CTR_DRBG_Generate(result->len * 8 bits, add2->x[:add2->len]) -> buf */
    /* Then reseed if prediction resistance is enabled. */
    TEST_ASSERT( mbedtls_ctr_drbg_random_with_add(
                     &ctx,
                     buf, result->len,
                     add2->x, add2->len ) == 0 );
    TEST_ASSERT( memcmp( buf, result->x, result->len ) == 0 );

exit:
    mbedtls_ctr_drbg_free( &ctx );
}

/* END_HEADER */

/* BEGIN_DEPENDENCIES
 * depends_on:MBEDTLS_CTR_DRBG_C
 * END_DEPENDENCIES
 */

/* BEGIN_CASE */
void ctr_drbg_special_behaviours( )
{
    mbedtls_ctr_drbg_context ctx;
    unsigned char output[512];
    unsigned char additional[512];

    mbedtls_ctr_drbg_init( &ctx );
    memset( output, 0, sizeof( output ) );
    memset( additional, 0, sizeof( additional ) );

    TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx,
                        output, MBEDTLS_CTR_DRBG_MAX_REQUEST + 1,
                        additional, 16 ) ==
                        MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG );
    TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx,
                        output, 16,
                        additional, MBEDTLS_CTR_DRBG_MAX_INPUT + 1 ) ==
                        MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );

    TEST_ASSERT( mbedtls_ctr_drbg_reseed( &ctx, additional,
                        MBEDTLS_CTR_DRBG_MAX_SEED_INPUT + 1 ) ==
                        MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );

    mbedtls_ctr_drbg_set_entropy_len( &ctx, ~0 );
    TEST_ASSERT( mbedtls_ctr_drbg_reseed( &ctx, additional,
                        MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ) ==
                        MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
exit:
    mbedtls_ctr_drbg_free( &ctx );
}
/* END_CASE */


/* BEGIN_CASE */
void ctr_drbg_validate_no_reseed( data_t * add_init, data_t * entropy,
                                  data_t * add1, data_t * add2,
                                  data_t * result_string )
{
    data_t empty = { 0, 0 };
    ctr_drbg_validate_internal( RESEED_NEVER, add_init,
                                entropy->len, entropy,
                                &empty, add1, add2,
                                result_string );
    goto exit; // goto is needed to avoid warning ( no test assertions in func)
}
/* END_CASE */

/* BEGIN_CASE */
void ctr_drbg_validate_pr( data_t * add_init, data_t * entropy,
                           data_t * add1, data_t * add2,
                           data_t * result_string )
{
    data_t empty = { 0, 0 };
    ctr_drbg_validate_internal( RESEED_ALWAYS, add_init,
                                entropy->len / 3, entropy,
                                &empty, add1, add2,
                                result_string );
    goto exit; // goto is needed to avoid warning ( no test assertions in func)
}
/* END_CASE */

/* BEGIN_CASE */
void ctr_drbg_validate_reseed_between( data_t * add_init, data_t * entropy,
                             data_t * add1, data_t * add_reseed,
                             data_t * add2, data_t * result_string )
{
    ctr_drbg_validate_internal( RESEED_SECOND, add_init,
                                entropy->len / 2, entropy,
                                add_reseed, add1, add2,
                                result_string );
    goto exit; // goto is needed to avoid warning ( no test assertions in func)
}
/* END_CASE */

/* BEGIN_CASE */
void ctr_drbg_validate_reseed_first( data_t * add_init, data_t * entropy,
                             data_t * add1, data_t * add_reseed,
                             data_t * add2, data_t * result_string )
{
    ctr_drbg_validate_internal( RESEED_FIRST, add_init,
                                entropy->len / 2, entropy,
                                add_reseed, add1, add2,
                                result_string );
    goto exit; // goto is needed to avoid warning ( no test assertions in func)
}
/* END_CASE */

/* BEGIN_CASE */
void ctr_drbg_entropy_strength( int expected_bit_strength )
{
    unsigned char entropy[/*initial entropy*/ MBEDTLS_CTR_DRBG_ENTROPY_LEN +
                          /*nonce*/     MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN +
                          /*reseed*/          MBEDTLS_CTR_DRBG_ENTROPY_LEN];
    mbedtls_ctr_drbg_context ctx;
    size_t last_idx;
    size_t byte_strength = expected_bit_strength / 8;

    mbedtls_ctr_drbg_init( &ctx );
    test_offset_idx = 0;
    test_max_idx = sizeof( entropy );
    memset( entropy, 0, sizeof( entropy ) );

    /* The initial seeding must grab at least byte_strength bytes of entropy
     * for the entropy input and byte_strength/2 bytes for a nonce. */
    TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctx,
                                        mbedtls_test_entropy_func, entropy,
                                        NULL, 0 ) == 0 );
    TEST_ASSERT( test_offset_idx >= ( byte_strength * 3 + 1 ) / 2 );
    last_idx = test_offset_idx;

    /* A reseed must grab at least byte_strength bytes of entropy. */
    TEST_ASSERT( mbedtls_ctr_drbg_reseed( &ctx, NULL, 0 ) == 0 );
    TEST_ASSERT( test_offset_idx - last_idx >= byte_strength );

exit:
    mbedtls_ctr_drbg_free( &ctx );
}
/* END_CASE */

/* BEGIN_CASE */
void ctr_drbg_entropy_usage( int entropy_nonce_len )
{
    unsigned char out[16];
    unsigned char add[16];
    unsigned char entropy[1024];
    mbedtls_ctr_drbg_context ctx;
    size_t i, reps = 10;
    size_t expected_idx = 0;

    mbedtls_ctr_drbg_init( &ctx );
    test_offset_idx = 0;
    test_max_idx = sizeof( entropy );
    memset( entropy, 0, sizeof( entropy ) );
    memset( out, 0, sizeof( out ) );
    memset( add, 0, sizeof( add ) );

    if( entropy_nonce_len >= 0 )
        TEST_ASSERT( mbedtls_ctr_drbg_set_nonce_len( &ctx, entropy_nonce_len ) == 0 );

    /* Set reseed interval before seed */
    mbedtls_ctr_drbg_set_reseed_interval( &ctx, 2 * reps );

    /* Init must use entropy */
    TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctx, mbedtls_test_entropy_func, entropy, NULL, 0 ) == 0 );
    expected_idx += MBEDTLS_CTR_DRBG_ENTROPY_LEN;
    if( entropy_nonce_len >= 0 )
        expected_idx += entropy_nonce_len;
    else
        expected_idx += MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN;
    TEST_EQUAL( test_offset_idx, expected_idx );

    /* By default, PR is off, and reseed interval was set to
     * 2 * reps so the next few calls should not use entropy */
    for( i = 0; i < reps; i++ )
    {
        TEST_ASSERT( mbedtls_ctr_drbg_random( &ctx, out, sizeof( out ) - 4 ) == 0 );
        TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, out, sizeof( out ) - 4,
                                                add, sizeof( add ) ) == 0 );
    }
    TEST_EQUAL( test_offset_idx, expected_idx );

    /* While at it, make sure we didn't write past the requested length */
    TEST_ASSERT( out[sizeof( out ) - 4] == 0 );
    TEST_ASSERT( out[sizeof( out ) - 3] == 0 );
    TEST_ASSERT( out[sizeof( out ) - 2] == 0 );
    TEST_ASSERT( out[sizeof( out ) - 1] == 0 );

    /* There have been 2 * reps calls to random. The next call should reseed */
    TEST_ASSERT( mbedtls_ctr_drbg_random( &ctx, out, sizeof( out ) ) == 0 );
    expected_idx += MBEDTLS_CTR_DRBG_ENTROPY_LEN;
    TEST_EQUAL( test_offset_idx, expected_idx );

    /* Set reseed interval after seed */
    mbedtls_ctr_drbg_set_reseed_interval( &ctx, 4 * reps + 1 );

    /* The next few calls should not reseed */
    for( i = 0; i < (2 * reps); i++ )
    {
        TEST_ASSERT( mbedtls_ctr_drbg_random( &ctx, out, sizeof( out ) ) == 0 );
        TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, out, sizeof( out ) ,
                                                add, sizeof( add ) ) == 0 );
    }
    TEST_EQUAL( test_offset_idx, expected_idx );

    /* Call update with too much data (sizeof entropy > MAX(_SEED)_INPUT).
     * Make sure it's detected as an error and doesn't cause memory
     * corruption. */
    TEST_ASSERT( mbedtls_ctr_drbg_update_ret(
                     &ctx, entropy, sizeof( entropy ) ) != 0 );

    /* Now enable PR, so the next few calls should all reseed */
    mbedtls_ctr_drbg_set_prediction_resistance( &ctx, MBEDTLS_CTR_DRBG_PR_ON );
    TEST_ASSERT( mbedtls_ctr_drbg_random( &ctx, out, sizeof( out ) ) == 0 );
    expected_idx += MBEDTLS_CTR_DRBG_ENTROPY_LEN;
    TEST_EQUAL( test_offset_idx, expected_idx );

    /* Finally, check setting entropy_len */
    mbedtls_ctr_drbg_set_entropy_len( &ctx, 42 );
    TEST_ASSERT( mbedtls_ctr_drbg_random( &ctx, out, sizeof( out ) ) == 0 );
    expected_idx += 42;
    TEST_EQUAL( test_offset_idx, expected_idx );

    mbedtls_ctr_drbg_set_entropy_len( &ctx, 13 );
    TEST_ASSERT( mbedtls_ctr_drbg_random( &ctx, out, sizeof( out ) ) == 0 );
    expected_idx += 13;
    TEST_EQUAL( test_offset_idx, expected_idx );

exit:
    mbedtls_ctr_drbg_free( &ctx );
}
/* END_CASE */

/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
void ctr_drbg_seed_file( char * path, int ret )
{
    mbedtls_ctr_drbg_context ctx;

    mbedtls_ctr_drbg_init( &ctx );

    TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctx, mbedtls_test_rnd_std_rand,
                                        NULL, NULL, 0 ) == 0 );
    TEST_ASSERT( mbedtls_ctr_drbg_write_seed_file( &ctx, path ) == ret );
    TEST_ASSERT( mbedtls_ctr_drbg_update_seed_file( &ctx, path ) == ret );

exit:
    mbedtls_ctr_drbg_free( &ctx );
}
/* END_CASE */

/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
void ctr_drbg_selftest(  )
{
    TEST_ASSERT( mbedtls_ctr_drbg_self_test( 1 ) == 0 );
}
/* END_CASE */