commit 7580ba475d60990cb9049e724a0bb106504b7a4d
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Fri Jun 19 10:26:32 2015 +0200
committer Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon Jun 22 14:40:56 2015 +0200
tree 27f66192fab835fee2e3f2c98e3cec40e494faa7
parent 3f77dfbd520b1360dd05b06e23004dd23846b0ea

Add a concept of entropy source strength.

The main goal is, we want and error if cycle counter is the only source.

include/mbedtls/entropy.h

diff --git a/include/mbedtls/entropy.h b/include/mbedtls/entropy.h
index a99d20d..597f03d 100644
--- a/include/mbedtls/entropy.h
+++ b/include/mbedtls/entropy.h
@@ -53,7 +53,8 @@
 #define MBEDTLS_ERR_ENTROPY_SOURCE_FAILED                 -0x003C  /**< Critical entropy source failure. */
 #define MBEDTLS_ERR_ENTROPY_MAX_SOURCES                   -0x003E  /**< No more sources can be added. */
 #define MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED            -0x0040  /**< No sources have been added to poll. */
-#define MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR                 -0x0058  /**< Read/write error in file. */
+#define MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE              -0x003D  /**< No strong sources have been added to poll. */
+#define MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR                 -0x003F  /**< Read/write error in file. */
 
 /**
  * \name SECTION: Module settings
@@ -82,6 +83,9 @@
 #define MBEDTLS_ENTROPY_MAX_SEED_SIZE   1024    /**< Maximum size of seed we read from seed file */
 #define MBEDTLS_ENTROPY_SOURCE_MANUAL   MBEDTLS_ENTROPY_MAX_SOURCES
 
+#define MBEDTLS_ENTROPY_SOURCE_STRONG   1       /**< Entropy source is strong   */
+#define MBEDTLS_ENTROPY_SOURCE_WEAK     0       /**< Entropy source is weak     */
+
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -109,6 +113,7 @@
     void *          p_source;   /**< The callback data pointer */
     size_t          size;       /**< Amount received in bytes */
     size_t          threshold;  /**< Minimum bytes required before release */
+    int             strong;     /**< Is the source strong? */
 }
 mbedtls_entropy_source_state;
 
@@ -156,12 +161,17 @@
  * \param p_source  Function data
  * \param threshold Minimum required from source before entropy is released
  *                  ( with mbedtls_entropy_func() ) (in bytes)
+ * \param strong    MBEDTLS_ENTROPY_SOURCE_STRONG or
+ *                  MBEDTSL_ENTROPY_SOURCE_WEAK.
+ *                  At least one strong source needs to be added.
+ *                  Weaker sources (such as the cycle counter) can be used as
+ *                  a complement.
  *
  * \return          0 if successful or MBEDTLS_ERR_ENTROPY_MAX_SOURCES
  */
 int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx,
                         mbedtls_entropy_f_source_ptr f_source, void *p_source,
-                        size_t threshold );
+                        size_t threshold, int strong );
 
 /**
  * \brief           Trigger an extra gather poll for the accumulator

include/mbedtls/error.h

diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h
index 9244249..4f43018 100644
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@@ -61,9 +61,8 @@
  * PADLOCK   1  0x0030-0x0030
  * DES       1  0x0032-0x0032
  * CTR_DBRG  4  0x0034-0x003A
- * ENTROPY   3  0x003C-0x0040
+ * ENTROPY   3  0x003C-0x0040   0x003D-0x003F
  * NET       9  0x0042-0x0052   0x0043-0x0043
- * ENTROPY   1  0x0058-0x0058
  * ASN1      7  0x0060-0x006C
  * PBKDF2    1  0x007C-0x007C
  * HMAC_DRBG 4  0x0003-0x0009