]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
Test the random generators in gnutls using the dieharder tool.
authorNikos Mavrogiannopoulos <nmav@gnutls.org>
Mon, 28 Apr 2014 20:36:25 +0000 (22:36 +0200)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Mon, 28 Apr 2014 21:04:54 +0000 (23:04 +0200)
.gitignore
tests/suite/Makefile.am
tests/suite/rng.c [new file with mode: 0644]
tests/suite/testrng [new file with mode: 0755]

index 0a7f695e11ebe9dcf939f4f537fa8fc395cee10d..32296c1d423bdb3540b9956e53e57809f13db4e4 100644 (file)
@@ -529,6 +529,7 @@ tests/mini-loss-time
 tests/mini-loss2
 tests/mini-record
 tests/suite/mini-record-timing
+tests/suite/rng
 tests/mini-rehandshake
 tests/mini-tdb
 tests/mini-termination
index c1b87c150560176c3e762963b2778c53a30825b8..4e28acc706284f9b2c3cf473f9a3df0dce57b74f 100644 (file)
@@ -30,7 +30,7 @@ AM_CPPFLAGS = \
        -I$(top_srcdir)/tests/suite/ecore/src/include \
        -I$(top_srcdir)/tests/suite/ecore/src/lib
 
-check_PROGRAMS =
+check_PROGRAMS = rng
 AM_LDFLAGS = -no-install
 LDADD = ../../lib/libgnutls.la \
        ../../gl/libgnu.la \
@@ -84,10 +84,10 @@ nodist_libecore_la_SOURCES = ecore/src/lib/ecore_anim.c                     \
 
 
 nodist_check_SCRIPTS = eagain testsrn testcompat chain invalid-cert testrandom \
-       testpkcs11
+       testpkcs11 testrng
 
 TESTS = ciphersuite/test-ciphersuites.sh eagain testsrn testcompat chain invalid-cert \
-       testpkcs11
+       testpkcs11 testrng
 
 if ENABLE_PKCS11
 check_PROGRAMS += pkcs11-chainverify pkcs11-get-issuer
diff --git a/tests/suite/rng.c b/tests/suite/rng.c
new file mode 100644 (file)
index 0000000..7396c8c
--- /dev/null
@@ -0,0 +1,75 @@
+/*
+ * Copyright (C) 2014 Nikos Mavrogiannopouls
+ *
+ * This file is part of GnuTLS.
+ *
+ * GnuTLS is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GnuTLS.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+
+int main(int argc, char **argv)
+{
+       unsigned char buf[64];
+       unsigned level, nbytes;
+       FILE *fp;
+       unsigned i;
+
+       gnutls_global_init();
+
+       if (argc != 4) {
+               fprintf(stderr, "usage: %s [nonce|key] [nbytes] [outfile]\n", argv[0]);
+               exit(1);
+       }
+
+       if (strcasecmp(argv[1], "nonce")) {
+               level = GNUTLS_RND_NONCE;
+       } else if (strcasecmp(argv[1], "key")) {
+               level = GNUTLS_RND_KEY;
+       } else {
+               fprintf(stderr, "usage: %s [nonce|key] [nbytes] [outfile]\n", argv[0]);
+               exit(1);
+       }
+
+       nbytes = atoi(argv[2]);
+
+       fp = fopen(argv[3], "w");
+       if (fp == NULL) {
+               fprintf(stderr, "Cannot open %s\n", argv[3]);
+               exit(1);
+       }
+
+       for (i = 0; i < nbytes; i+=sizeof(buf)) {
+               if (gnutls_rnd(level, buf, sizeof(buf)) < 0)
+                       exit(2);
+
+               fwrite(buf, 1, sizeof(buf), fp);
+       }
+       fclose(fp);
+
+       gnutls_global_deinit();
+       exit(0);
+}
diff --git a/tests/suite/testrng b/tests/suite/testrng
new file mode 100755 (executable)
index 0000000..07b009d
--- /dev/null
@@ -0,0 +1,125 @@
+#!/bin/sh
+
+# Copyright (C) 2014 Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+srcdir="${srcdir:-.}"
+
+if ! test -x "/usr/bin/dieharder";then
+  exit 77
+fi
+
+if test "$1" = "full";then
+  OPTIONS="-a"
+else
+  OPTIONS="-d 5"
+  OPTIONS2="-d 10"
+fi
+
+OUTFILE=rng.log
+RNGFILE=rng.rng
+
+rm -f $OUTFILE
+rm -f $RNGFILE
+
+. $srcdir/../scripts/common.sh
+
+RINPUTNO=`dieharder -g -1|grep file_input_raw|cut -d '|' -f 2|cut -d ' ' -f 1`
+
+if test -z "$RINPUTNO";then
+       echo "Cannot determine dieharder option for raw file input"
+       exit 1
+fi
+
+echo "Testing nonce PRNG"
+
+./rng nonce 100000000 $RNGFILE
+
+dieharder -q -f $RNGFILE -g $RINPUTNO $OPTIONS >$OUTFILE 2>&1
+if ! test -z "$OPTIONS2";then
+       dieharder -q -f $RNGFILE -g $RINPUTNO $OPTIONS2 >>$OUTFILE 2>&1
+fi
+grep FAILED $OUTFILE >/dev/null 2>&1
+ret=$?
+
+if test "$ret" = "0";then
+       echo "test failed for nonce"
+       exit 1
+fi
+
+grep PASSED $OUTFILE >/dev/null 2>&1
+ret=$?
+
+if test "$ret" != "0";then
+       echo "could not run dieharder test?"
+       exit 1
+fi
+
+rm -f $OUTFILE
+echo "Testing key PRNG"
+./rng key 100000000 $RNGFILE
+
+dieharder -q -f $RNGFILE -g $RINPUTNO $OPTIONS >$OUTFILE 2>&1
+if ! test -z "$OPTIONS2";then
+       dieharder -q -f $RNGFILE -g $RINPUTNO $OPTIONS2 >>$OUTFILE 2>&1
+fi
+grep FAILED $OUTFILE >/dev/null 2>&1 
+ret=$?
+
+
+if test "$ret" = "0";then
+       echo "test failed for key"
+       exit 1
+fi
+
+grep PASSED $OUTFILE >/dev/null 2>&1
+ret=$?
+
+if test "$ret" != "0";then
+       echo "could not run dieharder test?"
+       exit 1
+fi
+
+rm -f $OUTFILE
+echo "Testing /dev/zero PRNG"
+dd if=/dev/zero of=$RNGFILE bs=4 count=10000000 >/dev/null 2>&1
+
+dieharder -q -f $RNGFILE -g $RINPUTNO $OPTIONS >$OUTFILE 2>&1
+if ! test -z "$OPTIONS2";then
+       dieharder -q -f $RNGFILE -g $RINPUTNO $OPTIONS2 >>$OUTFILE 2>&1
+fi
+grep PASSED $OUTFILE >/dev/null 2>&1 
+ret=$?
+
+if test "$ret" = "0";then
+       echo "test succeeded for /dev/zero!!!"
+       exit 1
+fi
+
+grep FAILED $OUTFILE >/dev/null 2>&1
+ret=$?
+
+if test "$ret" != "0";then
+       echo "could not run dieharder test?"
+       exit 1
+fi
+
+rm -f $OUTFILE
+rm -f $RNGFILE
+
+exit 0