TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 935182fe2b5f4801e29026ea504f168ca450150b / . / library / entropy_poll.c
blob: bd21e2d226dafa2f88531be1c7166f4e63cd0c7c [file] [log] [blame]
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]1/*
2 * Platform-specific and custom entropy polling functions
3 *
Bence Szépkúti1e148272020-08-07 13:07:28 +0200[diff] [blame]4 * Copyright The Mbed TLS Contributors
Dave Rodgman16799db2023-11-02 19:47:20 +0000[diff] [blame]5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]6 */
7
Gilles Peskinea1f9ef02020-09-30 22:18:13 +0200[diff] [blame]8#if defined(__linux__) && !defined(_GNU_SOURCE)
Nicholas Wilson2682edf2017-12-05 12:08:15 +0000[diff] [blame]9/* Ensure that syscall() is available even when compiling with -std=c99 */
10#define _GNU_SOURCE
11#endif
12
Gilles Peskinedb09ef62020-06-03 01:43:33 +0200[diff] [blame]13#include "common.h"
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]14
Gilles Peskine02b93292018-06-01 14:38:45 +0200[diff] [blame]15#include <string.h>
16
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]17#if defined(MBEDTLS_ENTROPY_C)
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]18
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]19#include "mbedtls/entropy.h"
Chris Jonesea0a8652021-03-09 19:11:19 +0000[diff] [blame]20#include "entropy_poll.h"
Janos Follath24eed8d2019-11-22 13:21:35 +0000[diff] [blame]21#include "mbedtls/error.h"
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]22
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]23#if defined(MBEDTLS_TIMING_C)
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]24#include "mbedtls/timing.h"
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]25#endif
Paul Bakker9988d6b2016-06-01 11:29:42 +0100[diff] [blame]26#include "mbedtls/platform.h"
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]27
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]28#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
Manuel Pégourié-Gonnard325ce092016-02-22 10:33:34 +0100[diff] [blame]29
30#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \
Augustin Cavalier60bc47d2018-04-11 20:27:32 -0400[diff] [blame]31 !defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) && \
v1gnesh3c129dd2024-01-22 15:59:49 +0530[diff] [blame]32 !defined(__HAIKU__) && !defined(__midipix__) && !defined(__MVS__)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]33#error \
34 "Platform entropy sources only work on Unix and Windows, see MBEDTLS_NO_PLATFORM_ENTROPY in mbedtls_config.h"
Manuel Pégourié-Gonnard325ce092016-02-22 10:33:34 +0100[diff] [blame]35#endif
36
Paul Bakkerfa6a6202013-10-28 18:48:30 +0100[diff] [blame]37#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]38
Paul Bakker4a2bd0d2012-11-02 11:06:08 +0000[diff] [blame]39#include <windows.h>
Kevin Kane0ec1e682016-12-15 09:27:16 -0800[diff] [blame]40#include <bcrypt.h>
Kevin Kane0ec1e682016-12-15 09:27:16 -0800[diff] [blame]41#include <intsafe.h>
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]42
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]43int mbedtls_platform_entropy_poll(void *data, unsigned char *output, size_t len,
44 size_t *olen)
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]45{
Paul Bakker6bcfc672011-12-05 13:54:00 +0000[diff] [blame]46 ((void) data);
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]47 *olen = 0;
48
Kevin Kane0ec1e682016-12-15 09:27:16 -0800[diff] [blame]49 /*
Simon Butcherdef90f42018-03-14 17:02:16 +0000[diff] [blame]50 * BCryptGenRandom takes ULONG for size, which is smaller than size_t on
Minos Galanakise8a5d1a2023-09-08 14:47:37 +0100[diff] [blame]51 * 64-bit Windows platforms. Extract entropy in chunks of len (dependent
52 * on ULONG_MAX) size.
Kevin Kane0ec1e682016-12-15 09:27:16 -0800[diff] [blame]53 */
Minos Galanakis2c6e5612023-09-06 15:00:58 +0100[diff] [blame]54 while (len != 0) {
55 unsigned long ulong_bytes =
56 (len > ULONG_MAX) ? ULONG_MAX : (unsigned long) len;
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]57
Minos Galanakis2c6e5612023-09-06 15:00:58 +0100[diff] [blame]58 if (!BCRYPT_SUCCESS(BCryptGenRandom(NULL, output, ulong_bytes,
59 BCRYPT_USE_SYSTEM_PREFERRED_RNG))) {
60 return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
61 }
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]62
Minos Galanakis2c6e5612023-09-06 15:00:58 +0100[diff] [blame]63 *olen += ulong_bytes;
64 len -= ulong_bytes;
65 }
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]66
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]67 return 0;
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]68}
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]69#else /* _WIN32 && !EFIX64 && !EFI32 */
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]70
Manuel Pégourié-Gonnard18292452015-01-09 14:34:13 +0100[diff] [blame]71/*
72 * Test for Linux getrandom() support.
Gilles Peskinec6468ee2020-09-30 22:11:13 +0200[diff] [blame]73 * Since there is no wrapper in the libc yet, use the generic syscall wrapper
Manuel Pégourié-Gonnard18292452015-01-09 14:34:13 +0100[diff] [blame]74 * available in GNU libc and compatible libc's (eg uClibc).
75 */
Gilles Peskinec6468ee2020-09-30 22:11:13 +0200[diff] [blame]76#if ((defined(__linux__) && defined(__GLIBC__)) || defined(__midipix__))
Manuel Pégourié-Gonnard18292452015-01-09 14:34:13 +0100[diff] [blame]77#include <unistd.h>
78#include <sys/syscall.h>
79#if defined(SYS_getrandom)
80#define HAVE_GETRANDOM
Hanno Becker27516972018-10-18 11:49:25 +0100[diff] [blame]81#include <errno.h>
Manuel Pégourié-Gonnardbcf13ba2015-06-22 18:06:17 +0200[diff] [blame]82
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]83static int getrandom_wrapper(void *buf, size_t buflen, unsigned int flags)
Manuel Pégourié-Gonnard18292452015-01-09 14:34:13 +0100[diff] [blame]84{
Manuel Pégourié-Gonnardbcf13ba2015-06-22 18:06:17 +0200[diff] [blame]85 /* MemSan cannot understand that the syscall writes to the buffer */
86#if defined(__has_feature)
87#if __has_feature(memory_sanitizer)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]88 memset(buf, 0, buflen);
Manuel Pégourié-Gonnardbcf13ba2015-06-22 18:06:17 +0200[diff] [blame]89#endif
90#endif
Dave Rodgmanb2e84192023-11-03 23:32:39 +0000[diff] [blame]91 return (int) syscall(SYS_getrandom, buf, buflen, flags);
Manuel Pégourié-Gonnard18292452015-01-09 14:34:13 +0100[diff] [blame]92}
Manuel Pégourié-Gonnardd97828e2015-04-29 14:03:28 +0200[diff] [blame]93#endif /* SYS_getrandom */
Ørjan Malde479d8de2020-05-20 09:32:39 +0000[diff] [blame]94#endif /* __linux__ || __midipix__ */
Manuel Pégourié-Gonnard18292452015-01-09 14:34:13 +0100[diff] [blame]95
David Carlier2b8c2652020-12-28 15:51:14 +0000[diff] [blame]96#if defined(__FreeBSD__) || defined(__DragonFly__)
97#include <sys/param.h>
98#if (defined(__FreeBSD__) && __FreeBSD_version >= 1200000) || \
99 (defined(__DragonFly__) && __DragonFly_version >= 500700)
100#include <errno.h>
101#include <sys/random.h>
102#define HAVE_GETRANDOM
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]103static int getrandom_wrapper(void *buf, size_t buflen, unsigned int flags)
David Carlier2b8c2652020-12-28 15:51:14 +0000[diff] [blame]104{
Dave Rodgmanb2e84192023-11-03 23:32:39 +0000[diff] [blame]105 return (int) getrandom(buf, buflen, flags);
David Carlier2b8c2652020-12-28 15:51:14 +0000[diff] [blame]106}
107#endif /* (__FreeBSD__ && __FreeBSD_version >= 1200000) ||
108 (__DragonFly__ && __DragonFly_version >= 500700) */
109#endif /* __FreeBSD__ || __DragonFly__ */
110
nia9f5312c2020-06-11 13:32:13 +0100[diff] [blame]111/*
112 * Some BSD systems provide KERN_ARND.
113 * This is equivalent to reading from /dev/urandom, only it doesn't require an
114 * open file descriptor, and provides up to 256 bytes per call (basically the
115 * same as getentropy(), but with a longer history).
116 *
117 * Documentation: https://netbsd.gw.com/cgi-bin/man-cgi?sysctl+7
118 */
119#if (defined(__FreeBSD__) || defined(__NetBSD__)) && !defined(HAVE_GETRANDOM)
120#include <sys/param.h>
121#include <sys/sysctl.h>
122#if defined(KERN_ARND)
123#define HAVE_SYSCTL_ARND
124
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]125static int sysctl_arnd_wrapper(unsigned char *buf, size_t buflen)
nia9f5312c2020-06-11 13:32:13 +0100[diff] [blame]126{
127 int name[2];
128 size_t len;
129
130 name[0] = CTL_KERN;
131 name[1] = KERN_ARND;
132
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]133 while (buflen > 0) {
nia9f5312c2020-06-11 13:32:13 +0100[diff] [blame]134 len = buflen > 256 ? 256 : buflen;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]135 if (sysctl(name, 2, buf, &len, NULL, 0) == -1) {
136 return -1;
137 }
nia9f5312c2020-06-11 13:32:13 +0100[diff] [blame]138 buflen -= len;
nia8373c862020-06-24 17:15:02 +0100[diff] [blame]139 buf += len;
nia9f5312c2020-06-11 13:32:13 +0100[diff] [blame]140 }
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]141 return 0;
nia9f5312c2020-06-11 13:32:13 +0100[diff] [blame]142}
143#endif /* KERN_ARND */
144#endif /* __FreeBSD__ || __NetBSD__ */
145
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]146#include <stdio.h>
147
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]148int mbedtls_platform_entropy_poll(void *data,
149 unsigned char *output, size_t len, size_t *olen)
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]150{
151 FILE *file;
Manuel Pégourié-Gonnardea356662015-08-27 12:02:40 +0200[diff] [blame]152 size_t read_len;
Janos Follath24eed8d2019-11-22 13:21:35 +0000[diff] [blame]153 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]154 ((void) data);
155
Manuel Pégourié-Gonnardd97828e2015-04-29 14:03:28 +0200[diff] [blame]156#if defined(HAVE_GETRANDOM)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]157 ret = getrandom_wrapper(output, len, 0);
158 if (ret >= 0) {
Dave Rodgmanb2e84192023-11-03 23:32:39 +0000[diff] [blame]159 *olen = (size_t) ret;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]160 return 0;
161 } else if (errno != ENOSYS) {
162 return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
Manuel Pégourié-Gonnardd97828e2015-04-29 14:03:28 +0200[diff] [blame]163 }
Hanno Becker27516972018-10-18 11:49:25 +0100[diff] [blame]164 /* Fall through if the system call isn't known. */
165#else
Hanno Becker9772da82018-11-05 11:43:07 +0000[diff] [blame]166 ((void) ret);
Manuel Pégourié-Gonnardd97828e2015-04-29 14:03:28 +0200[diff] [blame]167#endif /* HAVE_GETRANDOM */
168
nia9f5312c2020-06-11 13:32:13 +0100[diff] [blame]169#if defined(HAVE_SYSCTL_ARND)
170 ((void) file);
171 ((void) read_len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]172 if (sysctl_arnd_wrapper(output, len) == -1) {
173 return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
174 }
nia9f5312c2020-06-11 13:32:13 +0100[diff] [blame]175 *olen = len;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]176 return 0;
nia9f5312c2020-06-11 13:32:13 +0100[diff] [blame]177#else
178
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]179 *olen = 0;
180
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]181 file = fopen("/dev/urandom", "rb");
182 if (file == NULL) {
183 return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]184 }
185
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]186 /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
187 mbedtls_setbuf(file, NULL);
188
189 read_len = fread(output, 1, len, file);
190 if (read_len != len) {
191 fclose(file);
192 return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
193 }
194
195 fclose(file);
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]196 *olen = len;
197
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]198 return 0;
nia9f5312c2020-06-11 13:32:13 +0100[diff] [blame]199#endif /* HAVE_SYSCTL_ARND */
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]200}
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]201#endif /* _WIN32 && !EFIX64 && !EFI32 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]202#endif /* !MBEDTLS_NO_PLATFORM_ENTROPY */
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]203
Paul Bakker9988d6b2016-06-01 11:29:42 +0100[diff] [blame]204#if defined(MBEDTLS_ENTROPY_NV_SEED)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]205int mbedtls_nv_seed_poll(void *data,
206 unsigned char *output, size_t len, size_t *olen)
Paul Bakker9988d6b2016-06-01 11:29:42 +0100[diff] [blame]207{
208 unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
209 size_t use_len = MBEDTLS_ENTROPY_BLOCK_SIZE;
210 ((void) data);
211
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]212 memset(buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE);
Paul Bakker9988d6b2016-06-01 11:29:42 +0100[diff] [blame]213
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]214 if (mbedtls_nv_seed_read(buf, MBEDTLS_ENTROPY_BLOCK_SIZE) < 0) {
215 return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
216 }
Paul Bakker9988d6b2016-06-01 11:29:42 +0100[diff] [blame]217
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]218 if (len < use_len) {
219 use_len = len;
220 }
Paul Bakker9988d6b2016-06-01 11:29:42 +0100[diff] [blame]221
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]222 memcpy(output, buf, use_len);
Paul Bakker9988d6b2016-06-01 11:29:42 +0100[diff] [blame]223 *olen = use_len;
224
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]225 return 0;
Paul Bakker9988d6b2016-06-01 11:29:42 +0100[diff] [blame]226}
227#endif /* MBEDTLS_ENTROPY_NV_SEED */
228
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]229#endif /* MBEDTLS_ENTROPY_C */