diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-04-28 22:36:25 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-04-28 23:04:54 +0200 |
commit | 66451df4e978ce91fc75caa42233034e4fafe3a0 (patch) | |
tree | 547da479e333c11e1e43182c211db4f651e040dd | |
parent | bcf944a94e914fba3872dc27c7f93fa158e4c5dc (diff) | |
download | gnutls-66451df4e978ce91fc75caa42233034e4fafe3a0.tar.gz |
Test the random generators in gnutls using the dieharder tool.
-rw-r--r-- | .gitignore | 1 | ||||
-rw-r--r-- | tests/suite/Makefile.am | 6 | ||||
-rw-r--r-- | tests/suite/rng.c | 75 | ||||
-rwxr-xr-x | tests/suite/testrng | 125 |
4 files changed, 204 insertions, 3 deletions
diff --git a/.gitignore b/.gitignore index 0a7f695e11..32296c1d42 100644 --- a/.gitignore +++ b/.gitignore @@ -529,6 +529,7 @@ tests/mini-loss-time tests/mini-loss2 tests/mini-record tests/suite/mini-record-timing +tests/suite/rng tests/mini-rehandshake tests/mini-tdb tests/mini-termination diff --git a/tests/suite/Makefile.am b/tests/suite/Makefile.am index c1b87c1505..4e28acc706 100644 --- a/tests/suite/Makefile.am +++ b/tests/suite/Makefile.am @@ -30,7 +30,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/tests/suite/ecore/src/include \ -I$(top_srcdir)/tests/suite/ecore/src/lib -check_PROGRAMS = +check_PROGRAMS = rng AM_LDFLAGS = -no-install LDADD = ../../lib/libgnutls.la \ ../../gl/libgnu.la \ @@ -84,10 +84,10 @@ nodist_libecore_la_SOURCES = ecore/src/lib/ecore_anim.c \ nodist_check_SCRIPTS = eagain testsrn testcompat chain invalid-cert testrandom \ - testpkcs11 + testpkcs11 testrng TESTS = ciphersuite/test-ciphersuites.sh eagain testsrn testcompat chain invalid-cert \ - testpkcs11 + testpkcs11 testrng if ENABLE_PKCS11 check_PROGRAMS += pkcs11-chainverify pkcs11-get-issuer diff --git a/tests/suite/rng.c b/tests/suite/rng.c new file mode 100644 index 0000000000..7396c8c719 --- /dev/null +++ b/tests/suite/rng.c @@ -0,0 +1,75 @@ +/* + * Copyright (C) 2014 Nikos Mavrogiannopouls + * + * This file is part of GnuTLS. + * + * GnuTLS is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS. If not, see <http://www.gnu.org/licenses/>. + * + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> +#include <sys/types.h> + +#include <gnutls/gnutls.h> +#include <gnutls/crypto.h> + +int main(int argc, char **argv) +{ + unsigned char buf[64]; + unsigned level, nbytes; + FILE *fp; + unsigned i; + + gnutls_global_init(); + + if (argc != 4) { + fprintf(stderr, "usage: %s [nonce|key] [nbytes] [outfile]\n", argv[0]); + exit(1); + } + + if (strcasecmp(argv[1], "nonce")) { + level = GNUTLS_RND_NONCE; + } else if (strcasecmp(argv[1], "key")) { + level = GNUTLS_RND_KEY; + } else { + fprintf(stderr, "usage: %s [nonce|key] [nbytes] [outfile]\n", argv[0]); + exit(1); + } + + nbytes = atoi(argv[2]); + + fp = fopen(argv[3], "w"); + if (fp == NULL) { + fprintf(stderr, "Cannot open %s\n", argv[3]); + exit(1); + } + + for (i = 0; i < nbytes; i+=sizeof(buf)) { + if (gnutls_rnd(level, buf, sizeof(buf)) < 0) + exit(2); + + fwrite(buf, 1, sizeof(buf), fp); + } + fclose(fp); + + gnutls_global_deinit(); + exit(0); +} diff --git a/tests/suite/testrng b/tests/suite/testrng new file mode 100755 index 0000000000..07b009dbf9 --- /dev/null +++ b/tests/suite/testrng @@ -0,0 +1,125 @@ +#!/bin/sh + +# Copyright (C) 2014 Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +srcdir="${srcdir:-.}" + +if ! test -x "/usr/bin/dieharder";then + exit 77 +fi + +if test "$1" = "full";then + OPTIONS="-a" +else + OPTIONS="-d 5" + OPTIONS2="-d 10" +fi + +OUTFILE=rng.log +RNGFILE=rng.rng + +rm -f $OUTFILE +rm -f $RNGFILE + +. $srcdir/../scripts/common.sh + +RINPUTNO=`dieharder -g -1|grep file_input_raw|cut -d '|' -f 2|cut -d ' ' -f 1` + +if test -z "$RINPUTNO";then + echo "Cannot determine dieharder option for raw file input" + exit 1 +fi + +echo "Testing nonce PRNG" + +./rng nonce 100000000 $RNGFILE + +dieharder -q -f $RNGFILE -g $RINPUTNO $OPTIONS >$OUTFILE 2>&1 +if ! test -z "$OPTIONS2";then + dieharder -q -f $RNGFILE -g $RINPUTNO $OPTIONS2 >>$OUTFILE 2>&1 +fi +grep FAILED $OUTFILE >/dev/null 2>&1 +ret=$? + +if test "$ret" = "0";then + echo "test failed for nonce" + exit 1 +fi + +grep PASSED $OUTFILE >/dev/null 2>&1 +ret=$? + +if test "$ret" != "0";then + echo "could not run dieharder test?" + exit 1 +fi + +rm -f $OUTFILE +echo "Testing key PRNG" +./rng key 100000000 $RNGFILE + +dieharder -q -f $RNGFILE -g $RINPUTNO $OPTIONS >$OUTFILE 2>&1 +if ! test -z "$OPTIONS2";then + dieharder -q -f $RNGFILE -g $RINPUTNO $OPTIONS2 >>$OUTFILE 2>&1 +fi +grep FAILED $OUTFILE >/dev/null 2>&1 +ret=$? + + +if test "$ret" = "0";then + echo "test failed for key" + exit 1 +fi + +grep PASSED $OUTFILE >/dev/null 2>&1 +ret=$? + +if test "$ret" != "0";then + echo "could not run dieharder test?" + exit 1 +fi + +rm -f $OUTFILE +echo "Testing /dev/zero PRNG" +dd if=/dev/zero of=$RNGFILE bs=4 count=10000000 >/dev/null 2>&1 + +dieharder -q -f $RNGFILE -g $RINPUTNO $OPTIONS >$OUTFILE 2>&1 +if ! test -z "$OPTIONS2";then + dieharder -q -f $RNGFILE -g $RINPUTNO $OPTIONS2 >>$OUTFILE 2>&1 +fi +grep PASSED $OUTFILE >/dev/null 2>&1 +ret=$? + +if test "$ret" = "0";then + echo "test succeeded for /dev/zero!!!" + exit 1 +fi + +grep FAILED $OUTFILE >/dev/null 2>&1 +ret=$? + +if test "$ret" != "0";then + echo "could not run dieharder test?" + exit 1 +fi + +rm -f $OUTFILE +rm -f $RNGFILE + +exit 0 |