Add tests to ensure that we gather as much entropy as expected

There were tests to ensure that each entropy source reaches its
threshold, but no test that covers the total amount of entropy. Add
test cases with a known set of entropy sources and make sure that we
always gather at least MBEDTLS_ENTROPY_BLOCK_SIZE bytes from a strong
source.
This commit is contained in:
Gilles Peskine 2019-10-08 15:01:34 +02:00
parent 7f246510d0
commit 65fc0686a7
2 changed files with 61 additions and 0 deletions

View File

@ -43,6 +43,24 @@ entropy_threshold:16:0:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
Entropy threshold: 1024 never reached Entropy threshold: 1024 never reached
entropy_threshold:1024:1:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED entropy_threshold:1024:1:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
Entropy calls: no strong
entropy_calls:MBEDTLS_ENTROPY_SOURCE_WEAK:MBEDTLS_ENTROPY_SOURCE_WEAK:1:MBEDTLS_ENTROPY_BLOCK_SIZE:MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE
Entropy calls: 1 strong, 1*BLOCK_SIZE
entropy_calls:MBEDTLS_ENTROPY_SOURCE_STRONG:MBEDTLS_ENTROPY_SOURCE_WEAK:1:MBEDTLS_ENTROPY_BLOCK_SIZE:1
Entropy calls: 1 strong, 2*(BLOCK_SIZE/2)
entropy_calls:MBEDTLS_ENTROPY_SOURCE_STRONG:MBEDTLS_ENTROPY_SOURCE_WEAK:1:(MBEDTLS_ENTROPY_BLOCK_SIZE+1)/2:2
Entropy calls: 1 strong, BLOCK_SIZE*1
entropy_calls:MBEDTLS_ENTROPY_SOURCE_STRONG:MBEDTLS_ENTROPY_SOURCE_WEAK:1:1:MBEDTLS_ENTROPY_BLOCK_SIZE
Entropy calls: 1 strong, 2*BLOCK_SIZE to reach threshold
entropy_calls:MBEDTLS_ENTROPY_SOURCE_STRONG:MBEDTLS_ENTROPY_SOURCE_WEAK:MBEDTLS_ENTROPY_BLOCK_SIZE+1:MBEDTLS_ENTROPY_BLOCK_SIZE:2
Entropy calls: 2 strong, BLOCK_SIZE/2 each
entropy_calls:MBEDTLS_ENTROPY_SOURCE_STRONG:MBEDTLS_ENTROPY_SOURCE_WEAK:(MBEDTLS_ENTROPY_BLOCK_SIZE+1)/2:(MBEDTLS_ENTROPY_BLOCK_SIZE+1)/2:2
Check NV seed standard IO Check NV seed standard IO
entropy_nv_seed_std_io: entropy_nv_seed_std_io:

View File

@ -286,6 +286,49 @@ exit:
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE */
void entropy_calls( int strength1, int strength2,
int threshold, int chunk_size,
int result )
{
/*
* if result >= 0: result = expected number of calls to source 1
* if result < 0: result = expected return code from mbedtls_entropy_func()
*/
mbedtls_entropy_context ctx;
entropy_dummy_context dummy1 = {DUMMY_CONSTANT_LENGTH, chunk_size, 0};
entropy_dummy_context dummy2 = {DUMMY_CONSTANT_LENGTH, chunk_size, 0};
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 };
int ret;
mbedtls_entropy_init( &ctx );
entropy_clear_sources( &ctx );
TEST_ASSERT( mbedtls_entropy_add_source( &ctx, entropy_dummy_source,
&dummy1, threshold,
strength1 ) == 0 );
TEST_ASSERT( mbedtls_entropy_add_source( &ctx, entropy_dummy_source,
&dummy2, threshold,
strength2 ) == 0 );
ret = mbedtls_entropy_func( &ctx, buf, sizeof( buf ) );
if( result >= 0 )
{
TEST_ASSERT( ret == 0 );
TEST_ASSERT( dummy1.calls == (size_t) result );
}
else
{
TEST_ASSERT( ret == result );
}
exit:
mbedtls_entropy_free( &ctx );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */ /* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */
void nv_seed_file_create( ) void nv_seed_file_create( )
{ {