69971662bf
The default entropy nonce length is either zero or nonzero depending on the desired security strength and the entropy length. The implementation calculates the actual entropy nonce length from the actual entropy length, and therefore it doesn't need a constant that indicates the default entropy nonce length. A portable application may be interested in this constant, however. And our test code could definitely use it. Define a constant MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN and use it in test code. Previously, test_suite_ctr_drbg had knowledge about the default entropy nonce length built in and test_suite_psa_crypto_init failed. Now both use MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN. This change means that the test ctr_drbg_entropy_usage no longer validates that the default entropy nonce length is sensible. So add a new test that checks that the default entropy length and the default entropy nonce length are sufficient to ensure the expected security strength.
67 lines
2.1 KiB
Plaintext
67 lines
2.1 KiB
Plaintext
Create NV seed file
|
|
create_nv_seed:
|
|
|
|
PSA init/deinit
|
|
init_deinit:2
|
|
|
|
PSA deinit without init
|
|
deinit_without_init:0
|
|
|
|
PSA deinit twice
|
|
deinit_without_init:1
|
|
|
|
No random without init
|
|
validate_module_init_generate_random:0
|
|
|
|
No key slot access without init
|
|
validate_module_init_key_based:0
|
|
|
|
No random after deinit
|
|
validate_module_init_generate_random:1
|
|
|
|
No key slot access after deinit
|
|
validate_module_init_key_based:1
|
|
|
|
Custom entropy sources: all standard
|
|
custom_entropy_sources:0x0000ffff:PSA_SUCCESS
|
|
|
|
Custom entropy sources: none
|
|
custom_entropy_sources:0:PSA_ERROR_INSUFFICIENT_ENTROPY
|
|
|
|
Fake entropy: never returns anything
|
|
fake_entropy_source:MBEDTLS_ENTROPY_BLOCK_SIZE:0:0:0:0:PSA_ERROR_INSUFFICIENT_ENTROPY
|
|
|
|
Fake entropy: less than the block size
|
|
fake_entropy_source:MBEDTLS_ENTROPY_BLOCK_SIZE:MBEDTLS_ENTROPY_BLOCK_SIZE - 1:-1:-1:-1:PSA_ERROR_INSUFFICIENT_ENTROPY
|
|
|
|
Fake entropy: not enough for a nonce
|
|
depends_on:ENTROPY_NONCE_LEN != 0
|
|
fake_entropy_source:MBEDTLS_ENTROPY_BLOCK_SIZE:ENTROPY_NONCE_LEN - 1:-1:-1:-1:PSA_ERROR_INSUFFICIENT_ENTROPY
|
|
|
|
Fake entropy: one block eventually
|
|
depends_on:ENTROPY_NONCE_LEN == 0
|
|
fake_entropy_source:MBEDTLS_ENTROPY_BLOCK_SIZE:0:0:0:MBEDTLS_ENTROPY_BLOCK_SIZE:PSA_SUCCESS
|
|
|
|
Fake entropy: one block in two steps
|
|
depends_on:ENTROPY_NONCE_LEN == 0
|
|
fake_entropy_source:MBEDTLS_ENTROPY_BLOCK_SIZE:MBEDTLS_ENTROPY_BLOCK_SIZE - 1:1:-1:-1:PSA_SUCCESS
|
|
|
|
Fake entropy: more than one block in two steps
|
|
depends_on:ENTROPY_NONCE_LEN == 0
|
|
fake_entropy_source:MBEDTLS_ENTROPY_BLOCK_SIZE:MBEDTLS_ENTROPY_BLOCK_SIZE - 1:MBEDTLS_ENTROPY_BLOCK_SIZE - 1:-1:-1:PSA_SUCCESS
|
|
|
|
Fake entropy: two blocks eventually
|
|
fake_entropy_source:MBEDTLS_ENTROPY_BLOCK_SIZE:0:MBEDTLS_ENTROPY_BLOCK_SIZE:0:MBEDTLS_ENTROPY_BLOCK_SIZE:PSA_SUCCESS
|
|
|
|
NV seed only: less than minimum
|
|
entropy_from_nv_seed:MBEDTLS_ENTROPY_MIN_PLATFORM - 1:PSA_ERROR_INSUFFICIENT_ENTROPY
|
|
|
|
NV seed only: less than one block
|
|
entropy_from_nv_seed:MBEDTLS_ENTROPY_BLOCK_SIZE - 1:PSA_ERROR_INSUFFICIENT_ENTROPY
|
|
|
|
NV seed only: just enough
|
|
entropy_from_nv_seed:ENTROPY_MIN_NV_SEED_SIZE:PSA_SUCCESS
|
|
|
|
Recreate NV seed file
|
|
create_nv_seed:
|