Expand DRBG tests to test the nonce length support and other parameters #3985
Labels
component-crypto
Crypto primitives and low-level interfaces
enhancement
help-wanted
This issue is not being actively worked on, but PRs welcome.
Comments
gilles-peskine-arm
added
enhancement
help-wanted
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
ARMmbed/mbed-crypto#305 added support for grabbing the nonce of a CTR_DRBG instance from the entropy with
mbedtls_ctr_drbg_set_nonce_len. It also adds test code that checks that the correct amount of entropy is read to set the nonce, but not that the correct slice of entropy is read. There was a bug in the initial implementation that caused the nonce to replace the initial entropy instead of being added to it.At a minimum, to complete this task, add known-answer tests that validate that the CTR_DRBG produces the expected output with a non-empty nonce. This should be a non-regression test for #3973.
More generally, make sure that HMAC_DRBG and CTR_DRBG have sufficient known-answer test to have confidence that they behave correctly with non-default settings (
set_entropy_len,set_nonce_len,set_reseed_interval, …).The text was updated successfully, but these errors were encountered: