diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index 281dc4fe1..3f1be4302 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -713,6 +713,15 @@ static const unsigned char nonce_pers_nopr[16] = { 0x1b, 0x54, 0xb8, 0xff, 0x06, 0x42, 0xbf, 0xf5, 0x21, 0xf1, 0x5c, 0x1c, 0x0b, 0x66, 0x5f, 0x3f }; +#if defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY) +static const unsigned char result_pr[16] = + { 0x95, 0x3c, 0xa5, 0xbd, 0x44, 0x1, 0x34, 0xb7, + 0x13, 0x58, 0x3e, 0x6a, 0x6c, 0x7e, 0x88, 0x8a }; + +static const unsigned char result_nopr[16] = + { 0x6c, 0x25, 0x27, 0x95, 0xa3, 0x62, 0xd6, 0xdb, + 0x90, 0xfd, 0x69, 0xb5, 0x42, 0x9, 0x4b, 0x84 }; +#else /* MBEDTLS_CTR_DRBG_USE_128_BIT_KEY */ static const unsigned char result_pr[16] = { 0x34, 0x01, 0x16, 0x56, 0xb4, 0x29, 0x00, 0x8f, 0x35, 0x63, 0xec, 0xb5, 0xf2, 0x59, 0x07, 0x23 }; @@ -720,6 +729,7 @@ static const unsigned char result_pr[16] = static const unsigned char result_nopr[16] = { 0xa0, 0x54, 0x30, 0x3d, 0x8a, 0x7e, 0xa9, 0x88, 0x9d, 0x90, 0x3e, 0x07, 0x7c, 0x6f, 0x21, 0x8f }; +#endif /* MBEDTLS_CTR_DRBG_USE_128_BIT_KEY */ static size_t test_offset; static int ctr_drbg_self_test_entropy( void *data, unsigned char *buf, diff --git a/scripts/config.py b/scripts/config.py index db2661c92..cb0e1c5fe 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -168,6 +168,7 @@ def include_in_full(name): 'MBEDTLS_DEPRECATED_REMOVED', 'MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED', 'MBEDTLS_ECP_RESTARTABLE', + 'MBEDTLS_ENTROPY_FORCE_SHA256', # Variant toggle, tested separately 'MBEDTLS_HAVE_SSE2', 'MBEDTLS_MEMORY_BACKTRACE', 'MBEDTLS_MEMORY_BUFFER_ALLOC_C', diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index d9e9c82a4..99caeb3e0 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -403,12 +403,6 @@ pre_check_git () { fi } -pre_check_seedfile () { - if [ ! -f "./tests/seedfile" ]; then - dd if=/dev/urandom of=./tests/seedfile bs=32 count=1 - fi -} - pre_setup_keep_going () { failure_summary= failure_count=0 @@ -930,6 +924,43 @@ component_test_aes_fewer_tables_and_rom_tables () { make test } +component_test_ctr_drbg_aes_256_sha_256 () { + msg "build: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" + scripts/config.pl full + scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C + scripts/config.pl set MBEDTLS_ENTROPY_FORCE_SHA256 + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make + + msg "test: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" + make test +} + +component_test_ctr_drbg_aes_128_sha_512 () { + msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY (ASan build)" + scripts/config.pl full + scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C + scripts/config.pl set MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make + + msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY (ASan build)" + make test +} + +component_test_ctr_drbg_aes_128_sha_256 () { + msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" + scripts/config.pl full + scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C + scripts/config.pl set MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + scripts/config.pl set MBEDTLS_ENTROPY_FORCE_SHA256 + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make + + msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" + make test +} + component_test_se_default () { msg "build: default config + MBEDTLS_PSA_CRYPTO_SE_C" scripts/config.py set MBEDTLS_PSA_CRYPTO_SE_C @@ -1276,7 +1307,16 @@ run_component () { cp -p "$CONFIG_H" "$CONFIG_BAK" current_component="$1" export MBEDTLS_TEST_CONFIGURATION="$current_component" + + # Unconditionally create a seedfile that's sufficiently long. + # Do this before each component, because a previous component may + # have messed it up or shortened it. + dd if=/dev/urandom of=./tests/seedfile bs=64 count=1 + + # Run the component code. "$@" + + # Restore the build tree to a clean state. cleanup } @@ -1286,7 +1326,6 @@ pre_initialize_variables pre_parse_command_line "$@" pre_check_git -pre_check_seedfile build_status=0 if [ $KEEP_GOING -eq 1 ]; then diff --git a/tests/suites/test_suite_ctr_drbg.data b/tests/suites/test_suite_ctr_drbg.data index b50df2ba3..09195f04b 100644 --- a/tests/suites/test_suite_ctr_drbg.data +++ b/tests/suites/test_suite_ctr_drbg.data @@ -1097,6 +1097,4 @@ CTR_DRBG Special Behaviours ctr_drbg_special_behaviours: CTR_DRBG self test -depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_selftest: -