blob: b5004918806694fd056ef36834eb85541481584d [file] [log] [blame]
Paul Bakker6083fd22011-12-03 21:45:14 +00001/*
2 * Entropy accumulator implementation
3 *
Paul Bakker9af723c2014-05-01 13:03:14 +02004 * Copyright (C) 2006-2014, Brainspark B.V.
Paul Bakker6083fd22011-12-03 21:45:14 +00005 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8 *
9 * All rights reserved.
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +020026#if !defined(POLARSSL_CONFIG_FILE)
Paul Bakker6083fd22011-12-03 21:45:14 +000027#include "polarssl/config.h"
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +020028#else
29#include POLARSSL_CONFIG_FILE
30#endif
Paul Bakker6083fd22011-12-03 21:45:14 +000031
32#if defined(POLARSSL_ENTROPY_C)
33
34#include "polarssl/entropy.h"
35#include "polarssl/entropy_poll.h"
36
Paul Bakker66ff70d2014-03-26 11:54:05 +010037#if defined(POLARSSL_FS_IO)
38#include <stdio.h>
39#endif
40
Paul Bakker28c7e7f2011-12-15 19:49:30 +000041#if defined(POLARSSL_HAVEGE_C)
42#include "polarssl/havege.h"
43#endif
44
Paul Bakker6083fd22011-12-03 21:45:14 +000045#define ENTROPY_MAX_LOOP 256 /**< Maximum amount to loop before error */
46
47void entropy_init( entropy_context *ctx )
48{
49 memset( ctx, 0, sizeof(entropy_context) );
50
Paul Bakkerf4e7dc52013-09-28 15:23:57 +020051#if defined(POLARSSL_THREADING_C)
52 polarssl_mutex_init( &ctx->mutex );
53#endif
54
Paul Bakkerfb08fd22013-08-27 15:06:26 +020055#if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR)
Paul Bakker9e36f042013-06-30 14:34:05 +020056 sha512_starts( &ctx->accumulator, 0 );
Paul Bakkerfb08fd22013-08-27 15:06:26 +020057#else
58 sha256_starts( &ctx->accumulator, 0 );
59#endif
Paul Bakker43655f42011-12-15 20:11:16 +000060#if defined(POLARSSL_HAVEGE_C)
61 havege_init( &ctx->havege_data );
62#endif
Paul Bakker6083fd22011-12-03 21:45:14 +000063
Paul Bakker43655f42011-12-15 20:11:16 +000064#if !defined(POLARSSL_NO_DEFAULT_ENTROPY_SOURCES)
Paul Bakker6083fd22011-12-03 21:45:14 +000065#if !defined(POLARSSL_NO_PLATFORM_ENTROPY)
Paul Bakkerbd4a9d02011-12-10 17:02:19 +000066 entropy_add_source( ctx, platform_entropy_poll, NULL,
67 ENTROPY_MIN_PLATFORM );
Paul Bakker6083fd22011-12-03 21:45:14 +000068#endif
69#if defined(POLARSSL_TIMING_C)
Paul Bakkerbd4a9d02011-12-10 17:02:19 +000070 entropy_add_source( ctx, hardclock_poll, NULL, ENTROPY_MIN_HARDCLOCK );
Paul Bakker6083fd22011-12-03 21:45:14 +000071#endif
Paul Bakker28c7e7f2011-12-15 19:49:30 +000072#if defined(POLARSSL_HAVEGE_C)
Paul Bakker28c7e7f2011-12-15 19:49:30 +000073 entropy_add_source( ctx, havege_poll, &ctx->havege_data,
74 ENTROPY_MIN_HAVEGE );
75#endif
Paul Bakker43655f42011-12-15 20:11:16 +000076#endif /* POLARSSL_NO_DEFAULT_ENTROPY_SOURCES */
Paul Bakker6083fd22011-12-03 21:45:14 +000077}
78
Paul Bakker1ffefac2013-09-28 15:23:03 +020079void entropy_free( entropy_context *ctx )
80{
81 ((void) ctx);
Paul Bakkerf4e7dc52013-09-28 15:23:57 +020082#if defined(POLARSSL_THREADING_C)
83 polarssl_mutex_free( &ctx->mutex );
84#endif
Paul Bakker1ffefac2013-09-28 15:23:03 +020085}
86
Paul Bakker6083fd22011-12-03 21:45:14 +000087int entropy_add_source( entropy_context *ctx,
Paul Bakkerbd4a9d02011-12-10 17:02:19 +000088 f_source_ptr f_source, void *p_source,
89 size_t threshold )
Paul Bakker6083fd22011-12-03 21:45:14 +000090{
Paul Bakker47703a02014-02-06 15:01:20 +010091 int index, ret = 0;
Paul Bakkerbd4a9d02011-12-10 17:02:19 +000092
Paul Bakker47703a02014-02-06 15:01:20 +010093#if defined(POLARSSL_THREADING_C)
94 if( ( ret = polarssl_mutex_lock( &ctx->mutex ) ) != 0 )
95 return( ret );
96#endif
97
98 index = ctx->source_count;
Paul Bakkerbd4a9d02011-12-10 17:02:19 +000099 if( index >= ENTROPY_MAX_SOURCES )
Paul Bakker47703a02014-02-06 15:01:20 +0100100 {
101 ret = POLARSSL_ERR_ENTROPY_MAX_SOURCES;
102 goto exit;
103 }
Paul Bakker6083fd22011-12-03 21:45:14 +0000104
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000105 ctx->source[index].f_source = f_source;
106 ctx->source[index].p_source = p_source;
107 ctx->source[index].threshold = threshold;
Paul Bakker6083fd22011-12-03 21:45:14 +0000108
109 ctx->source_count++;
110
Paul Bakker47703a02014-02-06 15:01:20 +0100111exit:
112#if defined(POLARSSL_THREADING_C)
113 if( polarssl_mutex_unlock( &ctx->mutex ) != 0 )
114 return( POLARSSL_ERR_THREADING_MUTEX_ERROR );
115#endif
116
117 return( ret );
Paul Bakker6083fd22011-12-03 21:45:14 +0000118}
119
120/*
121 * Entropy accumulator update
122 */
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200123static int entropy_update( entropy_context *ctx, unsigned char source_id,
124 const unsigned char *data, size_t len )
Paul Bakker6083fd22011-12-03 21:45:14 +0000125{
126 unsigned char header[2];
127 unsigned char tmp[ENTROPY_BLOCK_SIZE];
128 size_t use_len = len;
129 const unsigned char *p = data;
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200130
Paul Bakker6083fd22011-12-03 21:45:14 +0000131 if( use_len > ENTROPY_BLOCK_SIZE )
132 {
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200133#if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR)
Paul Bakker9e36f042013-06-30 14:34:05 +0200134 sha512( data, len, tmp, 0 );
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200135#else
136 sha256( data, len, tmp, 0 );
137#endif
Paul Bakker6083fd22011-12-03 21:45:14 +0000138 p = tmp;
139 use_len = ENTROPY_BLOCK_SIZE;
140 }
141
142 header[0] = source_id;
143 header[1] = use_len & 0xFF;
144
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200145#if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR)
Paul Bakker9e36f042013-06-30 14:34:05 +0200146 sha512_update( &ctx->accumulator, header, 2 );
147 sha512_update( &ctx->accumulator, p, use_len );
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200148#else
149 sha256_update( &ctx->accumulator, header, 2 );
150 sha256_update( &ctx->accumulator, p, use_len );
151#endif
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200152
Paul Bakker6083fd22011-12-03 21:45:14 +0000153 return( 0 );
154}
155
156int entropy_update_manual( entropy_context *ctx,
157 const unsigned char *data, size_t len )
158{
Paul Bakker47703a02014-02-06 15:01:20 +0100159 int ret;
160
161#if defined(POLARSSL_THREADING_C)
162 if( ( ret = polarssl_mutex_lock( &ctx->mutex ) ) != 0 )
163 return( ret );
164#endif
165
166 ret = entropy_update( ctx, ENTROPY_SOURCE_MANUAL, data, len );
167
168#if defined(POLARSSL_THREADING_C)
169 if( polarssl_mutex_unlock( &ctx->mutex ) != 0 )
170 return( POLARSSL_ERR_THREADING_MUTEX_ERROR );
171#endif
172
173 return ( ret );
Paul Bakker6083fd22011-12-03 21:45:14 +0000174}
175
176/*
177 * Run through the different sources to add entropy to our accumulator
178 */
Paul Bakker47703a02014-02-06 15:01:20 +0100179static int entropy_gather_internal( entropy_context *ctx )
Paul Bakker6083fd22011-12-03 21:45:14 +0000180{
181 int ret, i;
182 unsigned char buf[ENTROPY_MAX_GATHER];
183 size_t olen;
Paul Bakker47703a02014-02-06 15:01:20 +0100184
Paul Bakker43655f42011-12-15 20:11:16 +0000185 if( ctx->source_count == 0 )
186 return( POLARSSL_ERR_ENTROPY_NO_SOURCES_DEFINED );
187
Paul Bakker6083fd22011-12-03 21:45:14 +0000188 /*
189 * Run through our entropy sources
190 */
191 for( i = 0; i < ctx->source_count; i++ )
192 {
193 olen = 0;
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000194 if ( ( ret = ctx->source[i].f_source( ctx->source[i].p_source,
Paul Bakker6083fd22011-12-03 21:45:14 +0000195 buf, ENTROPY_MAX_GATHER, &olen ) ) != 0 )
196 {
197 return( ret );
198 }
199
200 /*
201 * Add if we actually gathered something
202 */
203 if( olen > 0 )
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000204 {
Paul Bakker6083fd22011-12-03 21:45:14 +0000205 entropy_update( ctx, (unsigned char) i, buf, olen );
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000206 ctx->source[i].size += olen;
207 }
Paul Bakker6083fd22011-12-03 21:45:14 +0000208 }
209
210 return( 0 );
211}
212
Paul Bakker47703a02014-02-06 15:01:20 +0100213/*
214 * Thread-safe wrapper for entropy_gather_internal()
215 */
216int entropy_gather( entropy_context *ctx )
217{
Paul Bakkerddd427a2014-04-09 14:47:58 +0200218 int ret;
Paul Bakker47703a02014-02-06 15:01:20 +0100219
220#if defined(POLARSSL_THREADING_C)
Paul Bakkerddd427a2014-04-09 14:47:58 +0200221 if( ( ret = polarssl_mutex_lock( &ctx->mutex ) ) != 0 )
222 return( ret );
Paul Bakker47703a02014-02-06 15:01:20 +0100223#endif
224
Paul Bakkerddd427a2014-04-09 14:47:58 +0200225 ret = entropy_gather_internal( ctx );
Paul Bakker47703a02014-02-06 15:01:20 +0100226
227#if defined(POLARSSL_THREADING_C)
Paul Bakkerddd427a2014-04-09 14:47:58 +0200228 if( polarssl_mutex_unlock( &ctx->mutex ) != 0 )
229 return( POLARSSL_ERR_THREADING_MUTEX_ERROR );
Paul Bakker47703a02014-02-06 15:01:20 +0100230#endif
231
Paul Bakkerddd427a2014-04-09 14:47:58 +0200232 return( ret );
Paul Bakker47703a02014-02-06 15:01:20 +0100233}
234
Paul Bakker6083fd22011-12-03 21:45:14 +0000235int entropy_func( void *data, unsigned char *output, size_t len )
236{
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000237 int ret, count = 0, i, reached;
Paul Bakker6083fd22011-12-03 21:45:14 +0000238 entropy_context *ctx = (entropy_context *) data;
239 unsigned char buf[ENTROPY_BLOCK_SIZE];
240
241 if( len > ENTROPY_BLOCK_SIZE )
242 return( POLARSSL_ERR_ENTROPY_SOURCE_FAILED );
243
Paul Bakkerf4e7dc52013-09-28 15:23:57 +0200244#if defined(POLARSSL_THREADING_C)
245 if( ( ret = polarssl_mutex_lock( &ctx->mutex ) ) != 0 )
246 return( ret );
247#endif
248
Paul Bakker6083fd22011-12-03 21:45:14 +0000249 /*
250 * Always gather extra entropy before a call
251 */
252 do
253 {
254 if( count++ > ENTROPY_MAX_LOOP )
Paul Bakkerf4e7dc52013-09-28 15:23:57 +0200255 {
256 ret = POLARSSL_ERR_ENTROPY_SOURCE_FAILED;
257 goto exit;
258 }
Paul Bakker6083fd22011-12-03 21:45:14 +0000259
Paul Bakker47703a02014-02-06 15:01:20 +0100260 if( ( ret = entropy_gather_internal( ctx ) ) != 0 )
Paul Bakkerf4e7dc52013-09-28 15:23:57 +0200261 goto exit;
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000262
263 reached = 0;
264
265 for( i = 0; i < ctx->source_count; i++ )
266 if( ctx->source[i].size >= ctx->source[i].threshold )
267 reached++;
Paul Bakker6083fd22011-12-03 21:45:14 +0000268 }
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000269 while( reached != ctx->source_count );
Paul Bakker6083fd22011-12-03 21:45:14 +0000270
271 memset( buf, 0, ENTROPY_BLOCK_SIZE );
272
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200273#if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR)
Paul Bakker9e36f042013-06-30 14:34:05 +0200274 sha512_finish( &ctx->accumulator, buf );
275
Paul Bakker6083fd22011-12-03 21:45:14 +0000276 /*
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000277 * Reset accumulator and counters and recycle existing entropy
Paul Bakker6083fd22011-12-03 21:45:14 +0000278 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200279 memset( &ctx->accumulator, 0, sizeof( sha512_context ) );
280 sha512_starts( &ctx->accumulator, 0 );
281 sha512_update( &ctx->accumulator, buf, ENTROPY_BLOCK_SIZE );
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200282
283 /*
Paul Bakkerb13d3ff2014-03-26 12:51:25 +0100284 * Perform second SHA-512 on entropy
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200285 */
Paul Bakkerb13d3ff2014-03-26 12:51:25 +0100286 sha512( buf, ENTROPY_BLOCK_SIZE, buf, 0 );
287#else /* POLARSSL_ENTROPY_SHA512_ACCUMULATOR */
288 sha256_finish( &ctx->accumulator, buf );
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200289
290 /*
291 * Reset accumulator and counters and recycle existing entropy
292 */
293 memset( &ctx->accumulator, 0, sizeof( sha256_context ) );
294 sha256_starts( &ctx->accumulator, 0 );
295 sha256_update( &ctx->accumulator, buf, ENTROPY_BLOCK_SIZE );
Paul Bakkerb13d3ff2014-03-26 12:51:25 +0100296
297 /*
298 * Perform second SHA-256 on entropy
299 */
300 sha256( buf, ENTROPY_BLOCK_SIZE, buf, 0 );
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200301#endif /* POLARSSL_ENTROPY_SHA512_ACCUMULATOR */
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000302
303 for( i = 0; i < ctx->source_count; i++ )
304 ctx->source[i].size = 0;
Paul Bakker6083fd22011-12-03 21:45:14 +0000305
306 memcpy( output, buf, len );
307
Paul Bakkerf4e7dc52013-09-28 15:23:57 +0200308 ret = 0;
309
310exit:
311#if defined(POLARSSL_THREADING_C)
312 if( polarssl_mutex_unlock( &ctx->mutex ) != 0 )
313 return( POLARSSL_ERR_THREADING_MUTEX_ERROR );
314#endif
315
316 return( ret );
Paul Bakker6083fd22011-12-03 21:45:14 +0000317}
318
Paul Bakker66ff70d2014-03-26 11:54:05 +0100319#if defined(POLARSSL_FS_IO)
320int entropy_write_seed_file( entropy_context *ctx, const char *path )
321{
322 int ret = POLARSSL_ERR_ENTROPY_FILE_IO_ERROR;
323 FILE *f;
324 unsigned char buf[ENTROPY_BLOCK_SIZE];
325
326 if( ( f = fopen( path, "wb" ) ) == NULL )
327 return( POLARSSL_ERR_ENTROPY_FILE_IO_ERROR );
328
329 if( ( ret = entropy_func( ctx, buf, ENTROPY_BLOCK_SIZE ) ) != 0 )
330 goto exit;
331
332 if( fwrite( buf, 1, ENTROPY_BLOCK_SIZE, f ) != ENTROPY_BLOCK_SIZE )
333 {
334 ret = POLARSSL_ERR_ENTROPY_FILE_IO_ERROR;
335 goto exit;
336 }
337
338 ret = 0;
339
340exit:
341 fclose( f );
342 return( ret );
343}
344
345int entropy_update_seed_file( entropy_context *ctx, const char *path )
346{
347 FILE *f;
348 size_t n;
349 unsigned char buf[ ENTROPY_MAX_SEED_SIZE ];
350
351 if( ( f = fopen( path, "rb" ) ) == NULL )
352 return( POLARSSL_ERR_ENTROPY_FILE_IO_ERROR );
353
354 fseek( f, 0, SEEK_END );
355 n = (size_t) ftell( f );
356 fseek( f, 0, SEEK_SET );
357
358 if( n > ENTROPY_MAX_SEED_SIZE )
359 n = ENTROPY_MAX_SEED_SIZE;
360
361 if( fread( buf, 1, n, f ) != n )
362 {
363 fclose( f );
364 return( POLARSSL_ERR_ENTROPY_FILE_IO_ERROR );
365 }
366
367 fclose( f );
368
369 entropy_update_manual( ctx, buf, n );
370
371 return( entropy_write_seed_file( ctx, path ) );
372}
373#endif /* POLARSSL_FS_IO */
374
Paul Bakker9af723c2014-05-01 13:03:14 +0200375#endif /* POLARSSL_ENTROPY_C */