TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / OP-TEE / optee_os / 0fc9291f405157f935e0001622f91b759ce44be6 / . / lib / libmbedtls / mbedtls / library / entropy_poll.c
blob: 794ee03a831b1e9d5be2e9f4f258b9679443ae22 [file] [log] [blame]
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1/*
2 * Platform-specific and custom entropy polling functions
3 *
Jerome Forissier79013242021-07-28 10:24:04 +0200[diff] [blame]4 * Copyright The Mbed TLS Contributors
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]6 */
7
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]8#if defined(__linux__) || defined(__midipix__) && !defined(_GNU_SOURCE)
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]9/* Ensure that syscall() is available even when compiling with -std=c99 */
10#define _GNU_SOURCE
11#endif
12
Jerome Forissier79013242021-07-28 10:24:04 +0200[diff] [blame]13#include "common.h"
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]14
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]15#include <string.h>
16
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]17#if defined(MBEDTLS_ENTROPY_C)
18
19#include "mbedtls/entropy.h"
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]20#include "entropy_poll.h"
Jerome Forissier11fa71b2020-04-20 17:17:56 +0200[diff] [blame]21#include "mbedtls/error.h"
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]22
23#if defined(MBEDTLS_TIMING_C)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]24#include "mbedtls/timing.h"
25#endif
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]26#include "mbedtls/platform.h"
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]27
28#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
29
30#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]31 !defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) && \
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]32 !defined(__HAIKU__) && !defined(__midipix__) && !defined(__MVS__)
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]33#error \
34 "Platform entropy sources only work on Unix and Windows, see MBEDTLS_NO_PLATFORM_ENTROPY in mbedtls_config.h"
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]35#endif
36
37#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
38
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]39#include <windows.h>
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]40#include <bcrypt.h>
41#include <intsafe.h>
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]42
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]43int mbedtls_platform_entropy_poll(void *data, unsigned char *output, size_t len,
44 size_t *olen)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]45{
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]46 ((void) data);
47 *olen = 0;
48
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]49 /*
50 * BCryptGenRandom takes ULONG for size, which is smaller than size_t on
51 * 64-bit Windows platforms. Extract entropy in chunks of len (dependent
52 * on ULONG_MAX) size.
53 */
54 while (len != 0) {
55 unsigned long ulong_bytes =
56 (len > ULONG_MAX) ? ULONG_MAX : (unsigned long) len;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]57
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]58 if (!BCRYPT_SUCCESS(BCryptGenRandom(NULL, output, ulong_bytes,
59 BCRYPT_USE_SYSTEM_PREFERRED_RNG))) {
60 return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
61 }
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]62
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]63 *olen += ulong_bytes;
64 len -= ulong_bytes;
65 }
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]66
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]67 return 0;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]68}
69#else /* _WIN32 && !EFIX64 && !EFI32 */
70
71/*
72 * Test for Linux getrandom() support.
73 * Since there is no wrapper in the libc yet, use the generic syscall wrapper
74 * available in GNU libc and compatible libc's (eg uClibc).
75 */
Jerome Forissier79013242021-07-28 10:24:04 +0200[diff] [blame]76#if ((defined(__linux__) && defined(__GLIBC__)) || defined(__midipix__))
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]77#include <unistd.h>
78#include <sys/syscall.h>
79#if defined(SYS_getrandom)
80#define HAVE_GETRANDOM
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]81#include <errno.h>
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]82
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]83static int getrandom_wrapper(void *buf, size_t buflen, unsigned int flags)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]84{
85 /* MemSan cannot understand that the syscall writes to the buffer */
86#if defined(__has_feature)
87#if __has_feature(memory_sanitizer)
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]88 memset(buf, 0, buflen);
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]89#endif
90#endif
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]91 return (int) syscall(SYS_getrandom, buf, buflen, flags);
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]92}
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]93#endif /* SYS_getrandom */
Jerome Forissier79013242021-07-28 10:24:04 +0200[diff] [blame]94#endif /* __linux__ || __midipix__ */
95
96#if defined(__FreeBSD__) || defined(__DragonFly__)
97#include <sys/param.h>
98#if (defined(__FreeBSD__) && __FreeBSD_version >= 1200000) || \
99 (defined(__DragonFly__) && __DragonFly_version >= 500700)
100#include <errno.h>
101#include <sys/random.h>
102#define HAVE_GETRANDOM
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]103static int getrandom_wrapper(void *buf, size_t buflen, unsigned int flags)
Jerome Forissier79013242021-07-28 10:24:04 +0200[diff] [blame]104{
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]105 return (int) getrandom(buf, buflen, flags);
Jerome Forissier79013242021-07-28 10:24:04 +0200[diff] [blame]106}
107#endif /* (__FreeBSD__ && __FreeBSD_version >= 1200000) ||
108 (__DragonFly__ && __DragonFly_version >= 500700) */
109#endif /* __FreeBSD__ || __DragonFly__ */
110
111/*
112 * Some BSD systems provide KERN_ARND.
113 * This is equivalent to reading from /dev/urandom, only it doesn't require an
114 * open file descriptor, and provides up to 256 bytes per call (basically the
115 * same as getentropy(), but with a longer history).
116 *
117 * Documentation: https://netbsd.gw.com/cgi-bin/man-cgi?sysctl+7
118 */
119#if (defined(__FreeBSD__) || defined(__NetBSD__)) && !defined(HAVE_GETRANDOM)
120#include <sys/param.h>
121#include <sys/sysctl.h>
122#if defined(KERN_ARND)
123#define HAVE_SYSCTL_ARND
124
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]125static int sysctl_arnd_wrapper(unsigned char *buf, size_t buflen)
Jerome Forissier79013242021-07-28 10:24:04 +0200[diff] [blame]126{
127 int name[2];
128 size_t len;
129
130 name[0] = CTL_KERN;
131 name[1] = KERN_ARND;
132
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]133 while (buflen > 0) {
Jerome Forissier79013242021-07-28 10:24:04 +0200[diff] [blame]134 len = buflen > 256 ? 256 : buflen;
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]135 if (sysctl(name, 2, buf, &len, NULL, 0) == -1) {
136 return -1;
137 }
Jerome Forissier79013242021-07-28 10:24:04 +0200[diff] [blame]138 buflen -= len;
139 buf += len;
140 }
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]141 return 0;
Jerome Forissier79013242021-07-28 10:24:04 +0200[diff] [blame]142}
143#endif /* KERN_ARND */
144#endif /* __FreeBSD__ || __NetBSD__ */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]145
146#include <stdio.h>
147
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]148int mbedtls_platform_entropy_poll(void *data,
149 unsigned char *output, size_t len, size_t *olen)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]150{
151 FILE *file;
152 size_t read_len;
Jerome Forissier11fa71b2020-04-20 17:17:56 +0200[diff] [blame]153 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]154 ((void) data);
155
156#if defined(HAVE_GETRANDOM)
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]157 ret = getrandom_wrapper(output, len, 0);
158 if (ret >= 0) {
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]159 *olen = (size_t) ret;
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]160 return 0;
161 } else if (errno != ENOSYS) {
162 return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]163 }
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]164 /* Fall through if the system call isn't known. */
165#else
166 ((void) ret);
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]167#endif /* HAVE_GETRANDOM */
168
Jerome Forissier79013242021-07-28 10:24:04 +0200[diff] [blame]169#if defined(HAVE_SYSCTL_ARND)
170 ((void) file);
171 ((void) read_len);
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]172 if (sysctl_arnd_wrapper(output, len) == -1) {
173 return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
174 }
Jerome Forissier79013242021-07-28 10:24:04 +0200[diff] [blame]175 *olen = len;
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]176 return 0;
Jerome Forissier79013242021-07-28 10:24:04 +0200[diff] [blame]177#else
178
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]179 *olen = 0;
180
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]181 file = fopen("/dev/urandom", "rb");
182 if (file == NULL) {
183 return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]184 }
185
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]186 /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
187 mbedtls_setbuf(file, NULL);
188
189 read_len = fread(output, 1, len, file);
190 if (read_len != len) {
191 fclose(file);
192 return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
193 }
194
195 fclose(file);
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]196 *olen = len;
197
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]198 return 0;
Jerome Forissier79013242021-07-28 10:24:04 +0200[diff] [blame]199#endif /* HAVE_SYSCTL_ARND */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]200}
201#endif /* _WIN32 && !EFIX64 && !EFI32 */
202#endif /* !MBEDTLS_NO_PLATFORM_ENTROPY */
203
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]204#if defined(MBEDTLS_ENTROPY_NV_SEED)
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]205int mbedtls_nv_seed_poll(void *data,
206 unsigned char *output, size_t len, size_t *olen)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]207{
208 unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
209 size_t use_len = MBEDTLS_ENTROPY_BLOCK_SIZE;
210 ((void) data);
211
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]212 memset(buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE);
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]213
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]214 if (mbedtls_nv_seed_read(buf, MBEDTLS_ENTROPY_BLOCK_SIZE) < 0) {
215 return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
216 }
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]217
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]218 if (len < use_len) {
219 use_len = len;
220 }
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]221
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]222 memcpy(output, buf, use_len);
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]223 *olen = use_len;
224
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]225 return 0;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]226}
227#endif /* MBEDTLS_ENTROPY_NV_SEED */
228
229#endif /* MBEDTLS_ENTROPY_C */