Test the random generators in gnutls using the dieharder tool.

4 files changed, 204 insertions, 3 deletions

diff --git a/.gitignore b/.gitignore
index 0a7f695e11..32296c1d42 100644
--- a/.gitignore
+++ b/.gitignore
@@ -529,6 +529,7 @@ tests/mini-loss-time
 tests/mini-loss2
 tests/mini-record
 tests/suite/mini-record-timing
+tests/suite/rng
 tests/mini-rehandshake
 tests/mini-tdb
 tests/mini-termination
diff --git a/tests/suite/Makefile.am b/tests/suite/Makefile.am
index c1b87c1505..4e28acc706 100644
--- a/tests/suite/Makefile.am
+++ b/tests/suite/Makefile.am
@@ -30,7 +30,7 @@ AM_CPPFLAGS = \
 	-I$(top_srcdir)/tests/suite/ecore/src/include \
 	-I$(top_srcdir)/tests/suite/ecore/src/lib
 
-check_PROGRAMS =
+check_PROGRAMS = rng
 AM_LDFLAGS = -no-install
 LDADD = ../../lib/libgnutls.la \
 	../../gl/libgnu.la \
@@ -84,10 +84,10 @@ nodist_libecore_la_SOURCES = ecore/src/lib/ecore_anim.c			\
 
 
 nodist_check_SCRIPTS = eagain testsrn testcompat chain invalid-cert testrandom \
-	testpkcs11
+	testpkcs11 testrng
 
 TESTS = ciphersuite/test-ciphersuites.sh eagain testsrn testcompat chain invalid-cert \
-	testpkcs11
+	testpkcs11 testrng
 
 if ENABLE_PKCS11
 check_PROGRAMS += pkcs11-chainverify pkcs11-get-issuer
diff --git a/tests/suite/rng.c b/tests/suite/rng.c
new file mode 100644
index 0000000000..7396c8c719
--- /dev/null
+++ b/tests/suite/rng.c
@@ -0,0 +1,75 @@
+/*
+ * Copyright (C) 2014 Nikos Mavrogiannopouls
+ *
+ * This file is part of GnuTLS.
+ *
+ * GnuTLS is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GnuTLS.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+
+int main(int argc, char **argv)
+{
+	unsigned char buf[64];
+	unsigned level, nbytes;
+	FILE *fp;
+	unsigned i;
+
+	gnutls_global_init();
+
+	if (argc != 4) {
+		fprintf(stderr, "usage: %s [nonce|key] [nbytes] [outfile]\n", argv[0]);
+		exit(1);
+	}
+
+	if (strcasecmp(argv[1], "nonce")) {
+		level = GNUTLS_RND_NONCE;
+	} else if (strcasecmp(argv[1], "key")) {
+		level = GNUTLS_RND_KEY;
+	} else {
+		fprintf(stderr, "usage: %s [nonce|key] [nbytes] [outfile]\n", argv[0]);
+		exit(1);
+	}
+
+	nbytes = atoi(argv[2]);
+
+	fp = fopen(argv[3], "w");
+	if (fp == NULL) {
+		fprintf(stderr, "Cannot open %s\n", argv[3]);
+		exit(1);
+	}
+
+	for (i = 0; i < nbytes; i+=sizeof(buf)) {
+		if (gnutls_rnd(level, buf, sizeof(buf)) < 0)
+			exit(2);
+
+		fwrite(buf, 1, sizeof(buf), fp);
+	}
+	fclose(fp);
+
+	gnutls_global_deinit();
+	exit(0);
+}
diff --git a/tests/suite/testrng b/tests/suite/testrng
new file mode 100755
index 0000000000..07b009dbf9
--- /dev/null
+++ b/tests/suite/testrng
@@ -0,0 +1,125 @@
+#!/bin/sh
+
+# Copyright (C) 2014 Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+srcdir="${srcdir:-.}"
+
+if ! test -x "/usr/bin/dieharder";then
+  exit 77
+fi
+
+if test "$1" = "full";then
+  OPTIONS="-a"
+else
+  OPTIONS="-d 5"
+  OPTIONS2="-d 10"
+fi
+
+OUTFILE=rng.log
+RNGFILE=rng.rng
+
+rm -f $OUTFILE
+rm -f $RNGFILE
+
+. $srcdir/../scripts/common.sh
+
+RINPUTNO=`dieharder -g -1|grep file_input_raw|cut -d '|' -f 2|cut -d ' ' -f 1`
+
+if test -z "$RINPUTNO";then
+	echo "Cannot determine dieharder option for raw file input"
+	exit 1
+fi
+
+echo "Testing nonce PRNG"
+
+./rng nonce 100000000 $RNGFILE
+
+dieharder -q -f $RNGFILE -g $RINPUTNO $OPTIONS >$OUTFILE 2>&1
+if ! test -z "$OPTIONS2";then
+	dieharder -q -f $RNGFILE -g $RINPUTNO $OPTIONS2 >>$OUTFILE 2>&1
+fi
+grep FAILED $OUTFILE >/dev/null 2>&1
+ret=$?
+
+if test "$ret" = "0";then
+	echo "test failed for nonce"
+	exit 1
+fi
+
+grep PASSED $OUTFILE >/dev/null 2>&1
+ret=$?
+
+if test "$ret" != "0";then
+	echo "could not run dieharder test?"
+	exit 1
+fi
+
+rm -f $OUTFILE
+echo "Testing key PRNG"
+./rng key 100000000 $RNGFILE
+
+dieharder -q -f $RNGFILE -g $RINPUTNO $OPTIONS >$OUTFILE 2>&1
+if ! test -z "$OPTIONS2";then
+	dieharder -q -f $RNGFILE -g $RINPUTNO $OPTIONS2 >>$OUTFILE 2>&1
+fi
+grep FAILED $OUTFILE >/dev/null 2>&1 
+ret=$?
+
+
+if test "$ret" = "0";then
+	echo "test failed for key"
+	exit 1
+fi
+
+grep PASSED $OUTFILE >/dev/null 2>&1
+ret=$?
+
+if test "$ret" != "0";then
+	echo "could not run dieharder test?"
+	exit 1
+fi
+
+rm -f $OUTFILE
+echo "Testing /dev/zero PRNG"
+dd if=/dev/zero of=$RNGFILE bs=4 count=10000000 >/dev/null 2>&1
+
+dieharder -q -f $RNGFILE -g $RINPUTNO $OPTIONS >$OUTFILE 2>&1
+if ! test -z "$OPTIONS2";then
+	dieharder -q -f $RNGFILE -g $RINPUTNO $OPTIONS2 >>$OUTFILE 2>&1
+fi
+grep PASSED $OUTFILE >/dev/null 2>&1 
+ret=$?
+
+if test "$ret" = "0";then
+	echo "test succeeded for /dev/zero!!!"
+	exit 1
+fi
+
+grep FAILED $OUTFILE >/dev/null 2>&1
+ret=$?
+
+if test "$ret" != "0";then
+	echo "could not run dieharder test?"
+	exit 1
+fi
+
+rm -f $OUTFILE
+rm -f $RNGFILE
+
+exit 0