1 /*
2  * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  */
6 
7 
8 #include <stdio.h>
9 #include <stdlib.h>
10 #include <stdint.h>
11 #include <string.h>
12 
13 #include <limits.h>
14 
15 /* mbedtls lib */
16 #include "mbedtls/timing.h"
17 #include "mbedtls/ctr_drbg.h"
18 
19 /* local */
20 #include "run_integration_pal_log.h"
21 #include "run_integration_test.h"
22 #include "run_integration_helper.h"
23 
24 #if defined(MBEDTLS_CTR_DRBG_C)
25 /************************************************************
26  *
27  * static function prototypes
28  *
29  ************************************************************/
30 static RunItError_t runIt_ctrDrbgEntropyUsageTest(void);
31 static RunItError_t runIt_ctrDrbgVectorTest(void);
32 static int runIt_ctrDrbgSelfTestEntropy(void *data, unsigned char *buf, size_t len);
33 
34 /************************************************************
35  *
36  * variables
37  *
38  ************************************************************/
39 static size_t test_offset;
40 
41 /************************************************************
42  *
43  * static functions
44  *
45  ************************************************************/
runIt_ctrDrbgSelfTestEntropy(void * data,unsigned char * buf,size_t len)46 static int runIt_ctrDrbgSelfTestEntropy(void *data, unsigned char *buf, size_t len)
47 {
48     const unsigned char *p = data;
49     memcpy(buf, p + test_offset, len);
50     test_offset += len;
51     return (0);
52 }
53 
runIt_ctrDrbgEntropyUsageTest(void)54 static RunItError_t runIt_ctrDrbgEntropyUsageTest(void)
55 {
56     RunItError_t rc = RUNIT_ERROR__OK;
57 
58     unsigned char out[16];
59     unsigned char add[16];
60 
61     unsigned char *pEntropy = NULL;
62     mbedtls_ctr_drbg_context *pCtx = NULL;
63 
64     RunItPtr entropyPtr;
65     RunItPtr ctxPtr;
66 
67     size_t i, reps = 10;
68     size_t last_idx;
69 
70     const char* TEST_NAME = "CTR-DRBG Entropy Usage";
71     RUNIT_SUB_TEST_START(TEST_NAME);
72 
73     ALLOC(entropyPtr, pEntropy, 1024);
74     ALLOC_STRUCT(mbedtls_ctr_drbg_context, ctxPtr, pCtx);
75 
76     RUNIT_API(mbedtls_ctr_drbg_init(pCtx));
77     test_offset = 0;
78     memset(pEntropy, 0, 1024);
79     memset(out, 0, sizeof(out));
80     memset(add, 0, sizeof(add));
81 
82     /* Init must use entropy */
83     last_idx = test_offset;
84     RUNIT_ASSERT_API(mbedtls_ctr_drbg_seed(pCtx, runIt_ctrDrbgSelfTestEntropy, pEntropy, NULL, 0) == 0);
85     RUNIT_ASSERT(last_idx < test_offset);
86 
87     /* By default, PR is off and reseed_interval is large,
88      * so the next few calls should not use entropy */
89     last_idx = test_offset;
90     for (i = 0; i < reps; i++)
91     {
92         RUNIT_ASSERT_API(mbedtls_ctr_drbg_random(pCtx, out, sizeof(out) - 4) == 0);
93         RUNIT_ASSERT_API(mbedtls_ctr_drbg_random_with_add(pCtx, out, sizeof(out) - 4, add, sizeof(add)) == 0);
94     }
95     RUNIT_ASSERT(last_idx == test_offset);
96 
97     /* While at it, make sure we didn't write past the requested length */
98     RUNIT_ASSERT(out[sizeof(out) - 4] == 0);
99     RUNIT_ASSERT(out[sizeof(out) - 3] == 0);
100     RUNIT_ASSERT(out[sizeof(out) - 2] == 0);
101     RUNIT_ASSERT(out[sizeof(out) - 1] == 0);
102 
103     /* Set reseed_interval to the number of calls done,
104      * so the next call should reseed */
105     RUNIT_API(mbedtls_ctr_drbg_set_reseed_interval(pCtx, 2 * reps));
106     RUNIT_ASSERT_API(mbedtls_ctr_drbg_random(pCtx, out, sizeof(out)) == 0);
107     RUNIT_ASSERT(last_idx < test_offset);
108 
109     /* The new few calls should not reseed */
110     last_idx = test_offset;
111     for (i = 0; i < reps / 2; i++)
112     {
113         RUNIT_ASSERT_API(mbedtls_ctr_drbg_random(pCtx, out, sizeof(out)) == 0);
114         RUNIT_ASSERT_API(mbedtls_ctr_drbg_random_with_add(pCtx, out, sizeof(out), add, sizeof(add)) == 0);
115     }
116     RUNIT_ASSERT(last_idx == test_offset);
117 
118     /* Call update with too much data (sizeof entropy > MAX(_SEED)_INPUT)
119      * (just make sure it doesn't cause memory corruption) */
120     RUNIT_API(mbedtls_ctr_drbg_update(pCtx, pEntropy, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT));
121 
122     /* Now enable PR, so the next few calls should all reseed */
123     RUNIT_API(mbedtls_ctr_drbg_set_prediction_resistance(pCtx, MBEDTLS_CTR_DRBG_PR_ON));
124     RUNIT_ASSERT_API(mbedtls_ctr_drbg_random(pCtx, out, sizeof(out)) == 0);
125     RUNIT_ASSERT(last_idx < test_offset);
126 
127     /* Finally, check setting entropy_len */
128     RUNIT_API(mbedtls_ctr_drbg_set_entropy_len(pCtx, 42));
129     last_idx = test_offset;
130     RUNIT_ASSERT_API(mbedtls_ctr_drbg_random(pCtx, out, sizeof(out)) == 0);
131     RUNIT_ASSERT(test_offset - last_idx == 42);
132 
133     RUNIT_API(mbedtls_ctr_drbg_set_entropy_len(pCtx, 13));
134     last_idx = test_offset;
135     RUNIT_ASSERT_API(mbedtls_ctr_drbg_random(pCtx, out, sizeof(out)) == 0);
136     RUNIT_ASSERT(test_offset - last_idx == 13);
137 
138 bail:
139     RUNIT_API(mbedtls_ctr_drbg_free(pCtx));
140 
141     FREE_IF_NOT_NULL(ctxPtr);
142     FREE_IF_NOT_NULL(entropyPtr);
143 
144     RUNIT_SUB_TEST_RESULT(TEST_NAME);
145     return rc;
146 }
147 
runIt_ctrDrbgVectorTest(void)148 static RunItError_t runIt_ctrDrbgVectorTest(void)
149 {
150     RunItError_t rc = RUNIT_ERROR__OK;
151 
152     static const unsigned char nonce_pers_pr[16] = { 0xd2, 0x54, 0xfc, 0xff, 0x02, 0x1e, 0x69, 0xd2, 0x29, 0xc9, 0xcf, 0xad, 0x85, 0xfa, 0x48, 0x6c };
153     static const unsigned char nonce_pers_nopr[16] = { 0x1b, 0x54, 0xb8, 0xff, 0x06, 0x42, 0xbf, 0xf5, 0x21, 0xf1, 0x5c, 0x1c, 0x0b, 0x66, 0x5f, 0x3f };
154     static const unsigned char entropy_source_pr[96] = { 0xc1, 0x80, 0x81, 0xa6, 0x5d, 0x44, 0x02, 0x16, 0x19, 0xb3, 0xf1, 0x80, 0xb1, 0xc9, 0x20, 0x02, 0x6a, 0x54, 0x6f, 0x0c, 0x70, 0x81, 0x49, 0x8b, 0x6e, 0xa6, 0x62, 0x52, 0x6d, 0x51, 0xb1, 0xcb, 0x58, 0x3b, 0xfa, 0xd5, 0x37, 0x5f, 0xfb, 0xc9, 0xff, 0x46, 0xd2, 0x19, 0xc7, 0x22, 0x3e, 0x95, 0x45, 0x9d, 0x82, 0xe1, 0xe7, 0x22, 0x9f, 0x63, 0x31, 0x69, 0xd2, 0x6b, 0x57, 0x47, 0x4f, 0xa3, 0x37, 0xc9, 0x98, 0x1c, 0x0b, 0xfb, 0x91, 0x31, 0x4d, 0x55, 0xb9, 0xe9, 0x1c, 0x5a, 0x5e, 0xe4, 0x93, 0x92, 0xcf, 0xc5, 0x23, 0x12, 0xd5, 0x56, 0x2c, 0x4a, 0x6e, 0xff, 0xdc, 0x10, 0xd0, 0x68 };
155     static const unsigned char entropy_source_nopr[64] = { 0x5a, 0x19, 0x4d, 0x5e, 0x2b, 0x31, 0x58, 0x14, 0x54, 0xde, 0xf6, 0x75, 0xfb, 0x79, 0x58, 0xfe, 0xc7, 0xdb, 0x87, 0x3e, 0x56, 0x89, 0xfc, 0x9d, 0x03, 0x21, 0x7c, 0x68, 0xd8, 0x03, 0x38, 0x20, 0xf9, 0xe6, 0x5e, 0x04, 0xd8, 0x56, 0xf3, 0xa9, 0xc4, 0x4a, 0x4c, 0xbd, 0xc1, 0xd0, 0x08, 0x46, 0xf5, 0x98, 0x3d, 0x77, 0x1c, 0x1b, 0x13, 0x7e, 0x4e, 0x0f, 0x9d, 0x8e, 0xf4, 0x09, 0xf9, 0x2e };
156     static const unsigned char result_nopr[16] = { 0xa0, 0x54, 0x30, 0x3d, 0x8a, 0x7e, 0xa9, 0x88, 0x9d, 0x90, 0x3e, 0x07, 0x7c, 0x6f, 0x21, 0x8f };
157     static const unsigned char result_pr[16] = { 0x34, 0x01, 0x16, 0x56, 0xb4, 0x29, 0x00, 0x8f, 0x35, 0x63, 0xec, 0xb5, 0xf2, 0x59, 0x07, 0x23 };
158 
159     mbedtls_ctr_drbg_context *pCtx = NULL;
160     RunItPtr ctxPtr;
161 
162     unsigned char buf[16];
163 
164     const char* TEST_NAME = "CTR-DRBG Vectors";
165     RUNIT_SUB_TEST_START(TEST_NAME);
166 
167     ALLOC_STRUCT(mbedtls_ctr_drbg_context, ctxPtr, pCtx);
168 
169     RUNIT_API(mbedtls_ctr_drbg_init(pCtx));
170 
171     /*
172      * Based on a NIST CTR_DRBG test vector (PR = True)
173      */
174     test_offset = 0;
175     RUNIT_ASSERT_API(mbedtls_ctr_drbg_seed_entropy_len(pCtx, runIt_ctrDrbgSelfTestEntropy, (void * ) entropy_source_pr, nonce_pers_pr, 16, 32) == 0);
176     RUNIT_API(mbedtls_ctr_drbg_set_prediction_resistance(pCtx, MBEDTLS_CTR_DRBG_PR_ON));
177     RUNIT_ASSERT_API(mbedtls_ctr_drbg_random(pCtx, buf, MBEDTLS_CTR_DRBG_BLOCKSIZE) == 0);
178     RUNIT_ASSERT_API(mbedtls_ctr_drbg_random(pCtx, buf, MBEDTLS_CTR_DRBG_BLOCKSIZE) == 0);
179     RUNIT_ASSERT(memcmp( buf, result_pr, MBEDTLS_CTR_DRBG_BLOCKSIZE) == 0);
180 
181     RUNIT_API(mbedtls_ctr_drbg_free(pCtx));
182 
183     /*
184      * Based on a NIST CTR_DRBG test vector (PR = FALSE)
185      */
186     RUNIT_API(mbedtls_ctr_drbg_init(pCtx));
187 
188     test_offset = 0;
189     RUNIT_ASSERT_API(mbedtls_ctr_drbg_seed_entropy_len(pCtx, runIt_ctrDrbgSelfTestEntropy, (void * ) entropy_source_nopr, nonce_pers_nopr, 16, 32) == 0);
190     RUNIT_ASSERT_API(mbedtls_ctr_drbg_random(pCtx, buf, 16) == 0);
191     RUNIT_ASSERT_API(mbedtls_ctr_drbg_reseed(pCtx, NULL, 0 ) == 0);
192     RUNIT_ASSERT_API(mbedtls_ctr_drbg_random(pCtx, buf, 16) == 0);
193     RUNIT_ASSERT(memcmp(buf, result_nopr, 16) == 0);
194 
195 bail:
196     RUNIT_API(mbedtls_ctr_drbg_free(pCtx));
197 
198     FREE_IF_NOT_NULL(ctxPtr);
199 
200     RUNIT_SUB_TEST_RESULT(TEST_NAME);
201     return rc;
202 }
203 
204 /************************************************************
205  *
206  * public functions
207  *
208  ************************************************************/
runIt_ctrDrbgTest(void)209 RunItError_t runIt_ctrDrbgTest(void)
210 {
211     RunItError_t rc = RUNIT_ERROR__OK;
212     const char* TEST_NAME = "CTR-DRBG";
213     RUNIT_TEST_START(TEST_NAME);
214 
215     RUNIT_ASSERT(runIt_ctrDrbgEntropyUsageTest() == RUNIT_ERROR__OK);
216     RUNIT_ASSERT(runIt_ctrDrbgVectorTest() == RUNIT_ERROR__OK);
217 
218 bail:
219     RUNIT_TEST_RESULT(TEST_NAME);
220     return rc;
221 
222 }
223 #endif /* MBEDTLS_CTR_DRBG_C */
224