blob: 881a0ac6f77354711c11a4669add81fc60805eaf [file] [log] [blame]
Paul Bakkere07c4312013-07-03 14:00:49 +02001#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
2#include "polarssl/memory.h"
3#endif
4
Paul Bakkerb3dcbc12011-03-13 16:57:25 +00005#ifdef _MSC_VER
6#include <basetsd.h>
7typedef UINT32 uint32_t;
8#else
9#include <inttypes.h>
10#endif
11
Paul Bakker19343182013-08-16 13:31:10 +020012#include <assert.h>
13#include <stdlib.h>
14#include <string.h>
15
Paul Bakkerb3dcbc12011-03-13 16:57:25 +000016/*
17 * 32-bit integer manipulation macros (big endian)
18 */
Paul Bakker5c2364c2012-10-01 14:41:15 +000019#ifndef GET_UINT32_BE
20#define GET_UINT32_BE(n,b,i) \
Paul Bakkerb3dcbc12011-03-13 16:57:25 +000021{ \
Paul Bakker5c2364c2012-10-01 14:41:15 +000022 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
23 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
24 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
25 | ( (uint32_t) (b)[(i) + 3] ); \
Paul Bakkerb3dcbc12011-03-13 16:57:25 +000026}
27#endif
28
Paul Bakker5c2364c2012-10-01 14:41:15 +000029#ifndef PUT_UINT32_BE
30#define PUT_UINT32_BE(n,b,i) \
Paul Bakkerb3dcbc12011-03-13 16:57:25 +000031{ \
32 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
33 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
34 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
35 (b)[(i) + 3] = (unsigned char) ( (n) ); \
36}
37#endif
38
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +020039static int unhexify(unsigned char *obuf, const char *ibuf)
Paul Bakker367dae42009-06-28 21:50:27 +000040{
41 unsigned char c, c2;
42 int len = strlen(ibuf) / 2;
43 assert(!(strlen(ibuf) %1)); // must be even number of bytes
44
45 while (*ibuf != 0)
46 {
47 c = *ibuf++;
48 if( c >= '0' && c <= '9' )
49 c -= '0';
50 else if( c >= 'a' && c <= 'f' )
51 c -= 'a' - 10;
52 else if( c >= 'A' && c <= 'F' )
53 c -= 'A' - 10;
54 else
55 assert( 0 );
56
57 c2 = *ibuf++;
58 if( c2 >= '0' && c2 <= '9' )
59 c2 -= '0';
60 else if( c2 >= 'a' && c2 <= 'f' )
61 c2 -= 'a' - 10;
62 else if( c2 >= 'A' && c2 <= 'F' )
63 c2 -= 'A' - 10;
64 else
65 assert( 0 );
66
67 *obuf++ = ( c << 4 ) | c2;
68 }
69
70 return len;
71}
72
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +020073static void hexify(unsigned char *obuf, const unsigned char *ibuf, int len)
Paul Bakker367dae42009-06-28 21:50:27 +000074{
75 unsigned char l, h;
76
77 while (len != 0)
78 {
79 h = (*ibuf) / 16;
80 l = (*ibuf) % 16;
81
82 if( h < 10 )
83 *obuf++ = '0' + h;
84 else
85 *obuf++ = 'a' + h - 10;
86
87 if( l < 10 )
88 *obuf++ = '0' + l;
89 else
90 *obuf++ = 'a' + l - 10;
91
92 ++ibuf;
93 len--;
94 }
95}
Paul Bakker9dcc3222011-03-08 14:16:06 +000096
97/**
98 * This function just returns data from rand().
Paul Bakker997bbd12011-03-13 15:45:42 +000099 * Although predictable and often similar on multiple
100 * runs, this does not result in identical random on
101 * each run. So do not use this if the results of a
102 * test depend on the random data that is generated.
Paul Bakker9dcc3222011-03-08 14:16:06 +0000103 *
104 * rng_state shall be NULL.
105 */
Paul Bakkera3d195c2011-11-27 21:07:34 +0000106static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len )
Paul Bakker9dcc3222011-03-08 14:16:06 +0000107{
Paul Bakkera3d195c2011-11-27 21:07:34 +0000108 size_t i;
109
Paul Bakker9dcc3222011-03-08 14:16:06 +0000110 if( rng_state != NULL )
111 rng_state = NULL;
112
Paul Bakkera3d195c2011-11-27 21:07:34 +0000113 for( i = 0; i < len; ++i )
114 output[i] = rand();
115
116 return( 0 );
Paul Bakker9dcc3222011-03-08 14:16:06 +0000117}
118
119/**
120 * This function only returns zeros
121 *
122 * rng_state shall be NULL.
123 */
Paul Bakkera3d195c2011-11-27 21:07:34 +0000124static int rnd_zero_rand( void *rng_state, unsigned char *output, size_t len )
Paul Bakker9dcc3222011-03-08 14:16:06 +0000125{
126 if( rng_state != NULL )
127 rng_state = NULL;
128
Paul Bakkera3d195c2011-11-27 21:07:34 +0000129 memset( output, 0, len );
130
Paul Bakker9dcc3222011-03-08 14:16:06 +0000131 return( 0 );
132}
133
134typedef struct
135{
136 unsigned char *buf;
Paul Bakkera3d195c2011-11-27 21:07:34 +0000137 size_t length;
Paul Bakker997bbd12011-03-13 15:45:42 +0000138} rnd_buf_info;
Paul Bakker9dcc3222011-03-08 14:16:06 +0000139
140/**
141 * This function returns random based on a buffer it receives.
142 *
Paul Bakker997bbd12011-03-13 15:45:42 +0000143 * rng_state shall be a pointer to a rnd_buf_info structure.
144 *
145 * The number of bytes released from the buffer on each call to
146 * the random function is specified by per_call. (Can be between
147 * 1 and 4)
Paul Bakker9dcc3222011-03-08 14:16:06 +0000148 *
149 * After the buffer is empty it will return rand();
150 */
Paul Bakkera3d195c2011-11-27 21:07:34 +0000151static int rnd_buffer_rand( void *rng_state, unsigned char *output, size_t len )
Paul Bakker9dcc3222011-03-08 14:16:06 +0000152{
Paul Bakker997bbd12011-03-13 15:45:42 +0000153 rnd_buf_info *info = (rnd_buf_info *) rng_state;
Paul Bakkera3d195c2011-11-27 21:07:34 +0000154 size_t use_len;
Paul Bakker9dcc3222011-03-08 14:16:06 +0000155
156 if( rng_state == NULL )
Paul Bakkera3d195c2011-11-27 21:07:34 +0000157 return( rnd_std_rand( NULL, output, len ) );
Paul Bakker9dcc3222011-03-08 14:16:06 +0000158
Paul Bakkera3d195c2011-11-27 21:07:34 +0000159 use_len = len;
160 if( len > info->length )
161 use_len = info->length;
Paul Bakker997bbd12011-03-13 15:45:42 +0000162
Paul Bakkera3d195c2011-11-27 21:07:34 +0000163 if( use_len )
Paul Bakker9dcc3222011-03-08 14:16:06 +0000164 {
Paul Bakkera3d195c2011-11-27 21:07:34 +0000165 memcpy( output, info->buf, use_len );
166 info->buf += use_len;
167 info->length -= use_len;
Paul Bakker9dcc3222011-03-08 14:16:06 +0000168 }
169
Paul Bakkera3d195c2011-11-27 21:07:34 +0000170 if( len - use_len > 0 )
171 return( rnd_std_rand( NULL, output + use_len, len - use_len ) );
172
173 return( 0 );
Paul Bakker9dcc3222011-03-08 14:16:06 +0000174}
Paul Bakker997bbd12011-03-13 15:45:42 +0000175
176/**
177 * Info structure for the pseudo random function
178 *
179 * Key should be set at the start to a test-unique value.
Paul Bakkerb3dcbc12011-03-13 16:57:25 +0000180 * Do not forget endianness!
Paul Bakker997bbd12011-03-13 15:45:42 +0000181 * State( v0, v1 ) should be set to zero.
182 */
183typedef struct
184{
Paul Bakkerb3dcbc12011-03-13 16:57:25 +0000185 uint32_t key[16];
Paul Bakker997bbd12011-03-13 15:45:42 +0000186 uint32_t v0, v1;
187} rnd_pseudo_info;
188
189/**
190 * This function returns random based on a pseudo random function.
191 * This means the results should be identical on all systems.
192 * Pseudo random is based on the XTEA encryption algorithm to
193 * generate pseudorandom.
194 *
195 * rng_state shall be a pointer to a rnd_pseudo_info structure.
196 */
Paul Bakkera3d195c2011-11-27 21:07:34 +0000197static int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len )
Paul Bakker997bbd12011-03-13 15:45:42 +0000198{
199 rnd_pseudo_info *info = (rnd_pseudo_info *) rng_state;
Paul Bakkera3d195c2011-11-27 21:07:34 +0000200 uint32_t i, *k, sum, delta=0x9E3779B9;
Paul Bakker40dd5302012-05-15 15:02:38 +0000201 unsigned char result[4];
Paul Bakker997bbd12011-03-13 15:45:42 +0000202
203 if( rng_state == NULL )
Paul Bakkera3d195c2011-11-27 21:07:34 +0000204 return( rnd_std_rand( NULL, output, len ) );
Paul Bakker997bbd12011-03-13 15:45:42 +0000205
Paul Bakkerb3dcbc12011-03-13 16:57:25 +0000206 k = info->key;
Paul Bakkera3d195c2011-11-27 21:07:34 +0000207
208 while( len > 0 )
Paul Bakker997bbd12011-03-13 15:45:42 +0000209 {
Paul Bakker40dd5302012-05-15 15:02:38 +0000210 size_t use_len = ( len > 4 ) ? 4 : len;
Paul Bakkera3d195c2011-11-27 21:07:34 +0000211 sum = 0;
212
Paul Bakkera3d195c2011-11-27 21:07:34 +0000213 for( i = 0; i < 32; i++ )
214 {
215 info->v0 += (((info->v1 << 4) ^ (info->v1 >> 5)) + info->v1) ^ (sum + k[sum & 3]);
216 sum += delta;
217 info->v1 += (((info->v0 << 4) ^ (info->v0 >> 5)) + info->v0) ^ (sum + k[(sum>>11) & 3]);
218 }
219
Paul Bakker5c2364c2012-10-01 14:41:15 +0000220 PUT_UINT32_BE( info->v0, result, 0 );
Paul Bakker40dd5302012-05-15 15:02:38 +0000221 memcpy( output, result, use_len );
Paul Bakkera3d195c2011-11-27 21:07:34 +0000222 len -= use_len;
Paul Bakker997bbd12011-03-13 15:45:42 +0000223 }
224
Paul Bakkera3d195c2011-11-27 21:07:34 +0000225 return( 0 );
Paul Bakker997bbd12011-03-13 15:45:42 +0000226}
Manuel Pégourié-Gonnard602a8972013-01-27 08:10:28 +0100227
228/**
229 * This function returns a buffer given as a hex string.
230 *
231 * The buffer is reversed so that the following are equivalent:
232 * mpi_fill_random( x, len, not_rnd, str );
233 * mpi_read_string( x, 16, str );
234 * (So, not random at all. Usefull to match test vectors.)
235 * Based on unhexify(), just reversed (changes marked by "sic")
236 */
237static int not_rnd( void *in, unsigned char *out, size_t len )
238{
239 unsigned char *obuf;
240 const char *ibuf = in;
241 unsigned char c, c2;
242 assert( len == strlen(ibuf) / 2 );
243 assert(!(strlen(ibuf) %1)); // must be even number of bytes
244
245 obuf = out + (len - 1); // sic
246 while (*ibuf != 0)
247 {
248 c = *ibuf++;
249 if( c >= '0' && c <= '9' )
250 c -= '0';
251 else if( c >= 'a' && c <= 'f' )
252 c -= 'a' - 10;
253 else if( c >= 'A' && c <= 'F' )
254 c -= 'A' - 10;
255 else
256 assert( 0 );
257
258 c2 = *ibuf++;
259 if( c2 >= '0' && c2 <= '9' )
260 c2 -= '0';
261 else if( c2 >= 'a' && c2 <= 'f' )
262 c2 -= 'a' - 10;
263 else if( c2 >= 'A' && c2 <= 'F' )
264 c2 -= 'A' - 10;
265 else
266 assert( 0 );
267
268 *obuf-- = ( c << 4 ) | c2; // sic
269 }
270
271 return( 0 );
272}