Skip to content

Test MBEDTLS_CTR_DRBG_USE_128_BIT_KEY #291

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Dec 20, 2019
Merged

Test MBEDTLS_CTR_DRBG_USE_128_BIT_KEY #291

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
02e79a4
MBEDTLS_CTR_DRBG_USE_128_BIT_KEY: add selftest data
gilles-peskine-arm Oct 7, 2019
bbf67b9
Remove selftest dependency in the test suite
gilles-peskine-arm Oct 7, 2019
80a6071
config.pl full: exclude MBEDTLS_ENTROPY_FORCE_SHA256
gilles-peskine-arm Oct 7, 2019
2ef377d
all.sh: support variable seedfile size
gilles-peskine-arm Oct 7, 2019
592f591
all.sh: test CTR_DRBG_USE_128_BIT_KEY and ENTROPY_FORCE_SHA256
gilles-peskine-arm Oct 7, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions library/ctr_drbg.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -712,13 +712,23 @@ static const unsigned char nonce_pers_nopr[16] =
{ 0x1b, 0x54, 0xb8, 0xff, 0x06, 0x42, 0xbf, 0xf5,
0x21, 0xf1, 0x5c, 0x1c, 0x0b, 0x66, 0x5f, 0x3f };

#if defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
static const unsigned char result_pr[16] =
{ 0x95, 0x3c, 0xa5, 0xbd, 0x44, 0x1, 0x34, 0xb7,
0x13, 0x58, 0x3e, 0x6a, 0x6c, 0x7e, 0x88, 0x8a };

static const unsigned char result_nopr[16] =
{ 0x6c, 0x25, 0x27, 0x95, 0xa3, 0x62, 0xd6, 0xdb,
0x90, 0xfd, 0x69, 0xb5, 0x42, 0x9, 0x4b, 0x84 };
#else /* MBEDTLS_CTR_DRBG_USE_128_BIT_KEY */
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't you think it would be more readable if there was added one extra line before and one after #else? Just as in the line 681?

static const unsigned char result_pr[16] =
{ 0x34, 0x01, 0x16, 0x56, 0xb4, 0x29, 0x00, 0x8f,
0x35, 0x63, 0xec, 0xb5, 0xf2, 0x59, 0x07, 0x23 };

static const unsigned char result_nopr[16] =
{ 0xa0, 0x54, 0x30, 0x3d, 0x8a, 0x7e, 0xa9, 0x88,
0x9d, 0x90, 0x3e, 0x07, 0x7c, 0x6f, 0x21, 0x8f };
#endif /* MBEDTLS_CTR_DRBG_USE_128_BIT_KEY */

static size_t test_offset;
static int ctr_drbg_self_test_entropy( void *data, unsigned char *buf,
Expand Down
1 change: 1 addition & 0 deletions scripts/config.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -168,6 +168,7 @@ def include_in_full(name):
'MBEDTLS_DEPRECATED_REMOVED',
'MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED',
'MBEDTLS_ECP_RESTARTABLE',
'MBEDTLS_ENTROPY_FORCE_SHA256', # Variant toggle, tested separately
'MBEDTLS_HAVE_SSE2',
'MBEDTLS_MEMORY_BACKTRACE',
'MBEDTLS_MEMORY_BUFFER_ALLOC_C',
Expand Down
53 changes: 46 additions & 7 deletions tests/scripts/all.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -403,12 +403,6 @@ pre_check_git () {
fi
}

pre_check_seedfile () {
if [ ! -f "./tests/seedfile" ]; then
dd if=/dev/urandom of=./tests/seedfile bs=32 count=1
fi
}

pre_setup_keep_going () {
failure_summary=
failure_count=0
Expand Down Expand Up @@ -926,6 +920,43 @@ component_test_aes_fewer_tables_and_rom_tables () {
make test
}

component_test_ctr_drbg_aes_256_sha_256 () {
msg "build: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)"
scripts/config.pl full
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
scripts/config.pl set MBEDTLS_ENTROPY_FORCE_SHA256
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make

msg "test: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)"
make test
}

component_test_ctr_drbg_aes_128_sha_512 () {
msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY (ASan build)"
scripts/config.pl full
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
scripts/config.pl set MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make

msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY (ASan build)"
make test
}

component_test_ctr_drbg_aes_128_sha_256 () {
msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)"
scripts/config.pl full
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
scripts/config.pl set MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
scripts/config.pl set MBEDTLS_ENTROPY_FORCE_SHA256
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make

msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)"
make test
}

component_test_se_default () {
msg "build: default config + MBEDTLS_PSA_CRYPTO_SE_C"
scripts/config.py set MBEDTLS_PSA_CRYPTO_SE_C
Expand Down Expand Up @@ -1272,7 +1303,16 @@ run_component () {
cp -p "$CONFIG_H" "$CONFIG_BAK"
current_component="$1"
export MBEDTLS_TEST_CONFIGURATION="$current_component"

# Unconditionally create a seedfile that's sufficiently long.
# Do this before each component, because a previous component may
# have messed it up or shortened it.
dd if=/dev/urandom of=./tests/seedfile bs=64 count=1

# Run the component code.
"$@"

# Restore the build tree to a clean state.
cleanup
}

Expand All @@ -1282,7 +1322,6 @@ pre_initialize_variables
pre_parse_command_line "$@"

pre_check_git
pre_check_seedfile

build_status=0
if [ $KEEP_GOING -eq 1 ]; then
Expand Down
2 changes: 0 additions & 2 deletions tests/suites/test_suite_ctr_drbg.data
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1097,6 +1097,4 @@ CTR_DRBG Special Behaviours
ctr_drbg_special_behaviours:

CTR_DRBG self test
depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_selftest: