TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / fa6fa6850e2d8c45a6780eeb866ba32f6b3f785b / . / library / entropy.c
blob: caff22f42461fd6802f72a880b9d5b925848a11f [file] [log] [blame]
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]1/*
2 * Entropy accumulator implementation
3 *
Manuel Pégourié-Gonnarda658a402015-01-23 09:45:19 +0000[diff] [blame]4 * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]5 *
Manuel Pégourié-Gonnardfe446432015-03-06 13:17:10 +0000[diff] [blame]6 * This file is part of mbed TLS (https://tls.mbed.org)
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]7 *
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License along
19 * with this program; if not, write to the Free Software Foundation, Inc.,
20 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 */
22
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]23#if !defined(POLARSSL_CONFIG_FILE)
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]24#include "polarssl/config.h"
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]25#else
26#include POLARSSL_CONFIG_FILE
27#endif
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]28
29#if defined(POLARSSL_ENTROPY_C)
30
31#include "polarssl/entropy.h"
32#include "polarssl/entropy_poll.h"
33
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]34#include <string.h>
35
Paul Bakker66ff70d2014-03-26 11:54:05 +0100[diff] [blame]36#if defined(POLARSSL_FS_IO)
37#include <stdio.h>
38#endif
39
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]40#if defined(POLARSSL_SELF_TEST)
41#if defined(POLARSSL_PLATFORM_C)
42#include "polarssl/platform.h"
43#else
44#include <stdio.h>
45#define polarssl_printf printf
46#endif /* POLARSSL_PLATFORM_C */
47#endif /* POLARSSL_SELF_TEST */
48
Paul Bakker28c7e7f2011-12-15 19:49:30 +0000[diff] [blame]49#if defined(POLARSSL_HAVEGE_C)
50#include "polarssl/havege.h"
51#endif
52
Paul Bakker34617722014-06-13 17:20:13 +0200[diff] [blame]53/* Implementation that should never be optimized out by the compiler */
54static void polarssl_zeroize( void *v, size_t n ) {
55 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
56}
57
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]58#define ENTROPY_MAX_LOOP 256 /**< Maximum amount to loop before error */
59
60void entropy_init( entropy_context *ctx )
61{
62 memset( ctx, 0, sizeof(entropy_context) );
63
Paul Bakkerf4e7dc52013-09-28 15:23:57 +0200[diff] [blame]64#if defined(POLARSSL_THREADING_C)
65 polarssl_mutex_init( &ctx->mutex );
66#endif
67
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame]68#if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR)
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]69 sha512_starts( &ctx->accumulator, 0 );
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame]70#else
71 sha256_starts( &ctx->accumulator, 0 );
72#endif
Paul Bakker43655f42011-12-15 20:11:16 +0000[diff] [blame]73#if defined(POLARSSL_HAVEGE_C)
74 havege_init( &ctx->havege_data );
75#endif
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]76
Paul Bakker43655f42011-12-15 20:11:16 +0000[diff] [blame]77#if !defined(POLARSSL_NO_DEFAULT_ENTROPY_SOURCES)
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]78#if !defined(POLARSSL_NO_PLATFORM_ENTROPY)
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]79 entropy_add_source( ctx, platform_entropy_poll, NULL,
80 ENTROPY_MIN_PLATFORM );
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]81#endif
82#if defined(POLARSSL_TIMING_C)
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]83 entropy_add_source( ctx, hardclock_poll, NULL, ENTROPY_MIN_HARDCLOCK );
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]84#endif
Paul Bakker28c7e7f2011-12-15 19:49:30 +0000[diff] [blame]85#if defined(POLARSSL_HAVEGE_C)
Paul Bakker28c7e7f2011-12-15 19:49:30 +0000[diff] [blame]86 entropy_add_source( ctx, havege_poll, &ctx->havege_data,
87 ENTROPY_MIN_HAVEGE );
88#endif
Paul Bakker43655f42011-12-15 20:11:16 +0000[diff] [blame]89#endif /* POLARSSL_NO_DEFAULT_ENTROPY_SOURCES */
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]90}
91
Paul Bakker1ffefac2013-09-28 15:23:03 +0200[diff] [blame]92void entropy_free( entropy_context *ctx )
93{
Paul Bakkera317a982014-06-18 16:44:11 +0200[diff] [blame]94#if defined(POLARSSL_HAVEGE_C)
95 havege_free( &ctx->havege_data );
96#endif
Paul Bakkerf4e7dc52013-09-28 15:23:57 +0200[diff] [blame]97#if defined(POLARSSL_THREADING_C)
98 polarssl_mutex_free( &ctx->mutex );
99#endif
ptahpeteh638fa0b2015-06-01 12:28:29 +0200[diff] [blame]100 polarssl_zeroize( ctx, sizeof( entropy_context ) );
Paul Bakker1ffefac2013-09-28 15:23:03 +0200[diff] [blame]101}
102
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]103int entropy_add_source( entropy_context *ctx,
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]104 f_source_ptr f_source, void *p_source,
105 size_t threshold )
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]106{
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]107 int index, ret = 0;
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]108
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]109#if defined(POLARSSL_THREADING_C)
110 if( ( ret = polarssl_mutex_lock( &ctx->mutex ) ) != 0 )
111 return( ret );
112#endif
113
114 index = ctx->source_count;
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]115 if( index >= ENTROPY_MAX_SOURCES )
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]116 {
117 ret = POLARSSL_ERR_ENTROPY_MAX_SOURCES;
118 goto exit;
119 }
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]120
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]121 ctx->source[index].f_source = f_source;
122 ctx->source[index].p_source = p_source;
123 ctx->source[index].threshold = threshold;
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]124
125 ctx->source_count++;
126
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]127exit:
128#if defined(POLARSSL_THREADING_C)
129 if( polarssl_mutex_unlock( &ctx->mutex ) != 0 )
130 return( POLARSSL_ERR_THREADING_MUTEX_ERROR );
131#endif
132
133 return( ret );
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]134}
135
136/*
137 * Entropy accumulator update
138 */
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]139static int entropy_update( entropy_context *ctx, unsigned char source_id,
140 const unsigned char *data, size_t len )
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]141{
142 unsigned char header[2];
143 unsigned char tmp[ENTROPY_BLOCK_SIZE];
144 size_t use_len = len;
145 const unsigned char *p = data;
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]146
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]147 if( use_len > ENTROPY_BLOCK_SIZE )
148 {
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame]149#if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR)
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]150 sha512( data, len, tmp, 0 );
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame]151#else
152 sha256( data, len, tmp, 0 );
153#endif
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]154 p = tmp;
155 use_len = ENTROPY_BLOCK_SIZE;
156 }
157
158 header[0] = source_id;
159 header[1] = use_len & 0xFF;
160
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame]161#if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR)
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]162 sha512_update( &ctx->accumulator, header, 2 );
163 sha512_update( &ctx->accumulator, p, use_len );
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame]164#else
165 sha256_update( &ctx->accumulator, header, 2 );
166 sha256_update( &ctx->accumulator, p, use_len );
167#endif
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]168
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]169 return( 0 );
170}
171
172int entropy_update_manual( entropy_context *ctx,
173 const unsigned char *data, size_t len )
174{
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]175 int ret;
176
177#if defined(POLARSSL_THREADING_C)
178 if( ( ret = polarssl_mutex_lock( &ctx->mutex ) ) != 0 )
179 return( ret );
180#endif
181
182 ret = entropy_update( ctx, ENTROPY_SOURCE_MANUAL, data, len );
183
184#if defined(POLARSSL_THREADING_C)
185 if( polarssl_mutex_unlock( &ctx->mutex ) != 0 )
186 return( POLARSSL_ERR_THREADING_MUTEX_ERROR );
187#endif
188
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]189 return( ret );
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]190}
191
192/*
193 * Run through the different sources to add entropy to our accumulator
194 */
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]195static int entropy_gather_internal( entropy_context *ctx )
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]196{
197 int ret, i;
198 unsigned char buf[ENTROPY_MAX_GATHER];
199 size_t olen;
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]200
Paul Bakker43655f42011-12-15 20:11:16 +0000[diff] [blame]201 if( ctx->source_count == 0 )
202 return( POLARSSL_ERR_ENTROPY_NO_SOURCES_DEFINED );
203
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]204 /*
205 * Run through our entropy sources
206 */
207 for( i = 0; i < ctx->source_count; i++ )
208 {
209 olen = 0;
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]210 if( ( ret = ctx->source[i].f_source( ctx->source[i].p_source,
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]211 buf, ENTROPY_MAX_GATHER, &olen ) ) != 0 )
212 {
Andres Amaya Garciafa6fa682017-07-12 10:32:27 +0100[diff] [blame^]213 goto cleanup;
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]214 }
215
216 /*
217 * Add if we actually gathered something
218 */
219 if( olen > 0 )
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]220 {
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]221 entropy_update( ctx, (unsigned char) i, buf, olen );
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]222 ctx->source[i].size += olen;
223 }
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]224 }
225
Andres Amaya Garciafa6fa682017-07-12 10:32:27 +0100[diff] [blame^]226cleanup:
227 polarssl_zeroize( buf, sizeof( buf ) );
228
229 return( ret );
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]230}
231
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]232/*
233 * Thread-safe wrapper for entropy_gather_internal()
234 */
235int entropy_gather( entropy_context *ctx )
236{
Paul Bakkerddd427a2014-04-09 14:47:58 +0200[diff] [blame]237 int ret;
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]238
239#if defined(POLARSSL_THREADING_C)
Paul Bakkerddd427a2014-04-09 14:47:58 +0200[diff] [blame]240 if( ( ret = polarssl_mutex_lock( &ctx->mutex ) ) != 0 )
241 return( ret );
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]242#endif
243
Paul Bakkerddd427a2014-04-09 14:47:58 +0200[diff] [blame]244 ret = entropy_gather_internal( ctx );
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]245
246#if defined(POLARSSL_THREADING_C)
Paul Bakkerddd427a2014-04-09 14:47:58 +0200[diff] [blame]247 if( polarssl_mutex_unlock( &ctx->mutex ) != 0 )
248 return( POLARSSL_ERR_THREADING_MUTEX_ERROR );
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]249#endif
250
Paul Bakkerddd427a2014-04-09 14:47:58 +0200[diff] [blame]251 return( ret );
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]252}
253
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]254int entropy_func( void *data, unsigned char *output, size_t len )
255{
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]256 int ret, count = 0, i, reached;
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]257 entropy_context *ctx = (entropy_context *) data;
258 unsigned char buf[ENTROPY_BLOCK_SIZE];
259
260 if( len > ENTROPY_BLOCK_SIZE )
261 return( POLARSSL_ERR_ENTROPY_SOURCE_FAILED );
262
Paul Bakkerf4e7dc52013-09-28 15:23:57 +0200[diff] [blame]263#if defined(POLARSSL_THREADING_C)
264 if( ( ret = polarssl_mutex_lock( &ctx->mutex ) ) != 0 )
265 return( ret );
266#endif
267
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]268 /*
269 * Always gather extra entropy before a call
270 */
271 do
272 {
273 if( count++ > ENTROPY_MAX_LOOP )
Paul Bakkerf4e7dc52013-09-28 15:23:57 +0200[diff] [blame]274 {
275 ret = POLARSSL_ERR_ENTROPY_SOURCE_FAILED;
276 goto exit;
277 }
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]278
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]279 if( ( ret = entropy_gather_internal( ctx ) ) != 0 )
Paul Bakkerf4e7dc52013-09-28 15:23:57 +0200[diff] [blame]280 goto exit;
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]281
282 reached = 0;
283
284 for( i = 0; i < ctx->source_count; i++ )
285 if( ctx->source[i].size >= ctx->source[i].threshold )
286 reached++;
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]287 }
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]288 while( reached != ctx->source_count );
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]289
290 memset( buf, 0, ENTROPY_BLOCK_SIZE );
291
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame]292#if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR)
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]293 sha512_finish( &ctx->accumulator, buf );
294
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]295 /*
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]296 * Reset accumulator and counters and recycle existing entropy
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]297 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]298 memset( &ctx->accumulator, 0, sizeof( sha512_context ) );
299 sha512_starts( &ctx->accumulator, 0 );
300 sha512_update( &ctx->accumulator, buf, ENTROPY_BLOCK_SIZE );
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame]301
302 /*
Paul Bakkerb13d3ff2014-03-26 12:51:25 +0100[diff] [blame]303 * Perform second SHA-512 on entropy
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame]304 */
Paul Bakkerb13d3ff2014-03-26 12:51:25 +0100[diff] [blame]305 sha512( buf, ENTROPY_BLOCK_SIZE, buf, 0 );
306#else /* POLARSSL_ENTROPY_SHA512_ACCUMULATOR */
307 sha256_finish( &ctx->accumulator, buf );
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame]308
309 /*
310 * Reset accumulator and counters and recycle existing entropy
311 */
312 memset( &ctx->accumulator, 0, sizeof( sha256_context ) );
313 sha256_starts( &ctx->accumulator, 0 );
314 sha256_update( &ctx->accumulator, buf, ENTROPY_BLOCK_SIZE );
Paul Bakkerb13d3ff2014-03-26 12:51:25 +0100[diff] [blame]315
316 /*
317 * Perform second SHA-256 on entropy
318 */
319 sha256( buf, ENTROPY_BLOCK_SIZE, buf, 0 );
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame]320#endif /* POLARSSL_ENTROPY_SHA512_ACCUMULATOR */
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]321
322 for( i = 0; i < ctx->source_count; i++ )
323 ctx->source[i].size = 0;
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]324
325 memcpy( output, buf, len );
326
Paul Bakkerf4e7dc52013-09-28 15:23:57 +0200[diff] [blame]327 ret = 0;
328
329exit:
Andres Amaya Garciafa6fa682017-07-12 10:32:27 +0100[diff] [blame^]330 polarssl_zeroize( buf, sizeof( buf ) );
331
Paul Bakkerf4e7dc52013-09-28 15:23:57 +0200[diff] [blame]332#if defined(POLARSSL_THREADING_C)
333 if( polarssl_mutex_unlock( &ctx->mutex ) != 0 )
334 return( POLARSSL_ERR_THREADING_MUTEX_ERROR );
335#endif
336
337 return( ret );
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]338}
339
Paul Bakker66ff70d2014-03-26 11:54:05 +0100[diff] [blame]340#if defined(POLARSSL_FS_IO)
341int entropy_write_seed_file( entropy_context *ctx, const char *path )
342{
343 int ret = POLARSSL_ERR_ENTROPY_FILE_IO_ERROR;
344 FILE *f;
345 unsigned char buf[ENTROPY_BLOCK_SIZE];
346
347 if( ( f = fopen( path, "wb" ) ) == NULL )
348 return( POLARSSL_ERR_ENTROPY_FILE_IO_ERROR );
349
350 if( ( ret = entropy_func( ctx, buf, ENTROPY_BLOCK_SIZE ) ) != 0 )
351 goto exit;
352
353 if( fwrite( buf, 1, ENTROPY_BLOCK_SIZE, f ) != ENTROPY_BLOCK_SIZE )
354 {
355 ret = POLARSSL_ERR_ENTROPY_FILE_IO_ERROR;
356 goto exit;
357 }
358
359 ret = 0;
360
361exit:
Andres Amaya Garciafa6fa682017-07-12 10:32:27 +0100[diff] [blame^]362 polarssl_zeroize( buf, sizeof( buf ) );
363
Paul Bakker66ff70d2014-03-26 11:54:05 +0100[diff] [blame]364 fclose( f );
365 return( ret );
366}
367
368int entropy_update_seed_file( entropy_context *ctx, const char *path )
369{
Andres Amaya Garciafa6fa682017-07-12 10:32:27 +0100[diff] [blame^]370 int ret = 0;
Paul Bakker66ff70d2014-03-26 11:54:05 +0100[diff] [blame]371 FILE *f;
372 size_t n;
373 unsigned char buf[ ENTROPY_MAX_SEED_SIZE ];
374
375 if( ( f = fopen( path, "rb" ) ) == NULL )
376 return( POLARSSL_ERR_ENTROPY_FILE_IO_ERROR );
377
378 fseek( f, 0, SEEK_END );
379 n = (size_t) ftell( f );
380 fseek( f, 0, SEEK_SET );
381
382 if( n > ENTROPY_MAX_SEED_SIZE )
383 n = ENTROPY_MAX_SEED_SIZE;
384
385 if( fread( buf, 1, n, f ) != n )
Andres Amaya Garciafa6fa682017-07-12 10:32:27 +0100[diff] [blame^]386 ret = POLARSSL_ERR_ENTROPY_FILE_IO_ERROR;
387 else
388 ret = entropy_update_manual( ctx, buf, n );
Paul Bakker66ff70d2014-03-26 11:54:05 +0100[diff] [blame]389
390 fclose( f );
391
Andres Amaya Garciafa6fa682017-07-12 10:32:27 +0100[diff] [blame^]392 polarssl_zeroize( buf, sizeof( buf ) );
393
394 if( ret != 0 )
395 return( ret );
Paul Bakker66ff70d2014-03-26 11:54:05 +0100[diff] [blame]396
397 return( entropy_write_seed_file( ctx, path ) );
398}
399#endif /* POLARSSL_FS_IO */
400
Manuel Pégourié-Gonnard4dd73922014-05-30 10:34:15 +0200[diff] [blame]401#if defined(POLARSSL_SELF_TEST)
Manuel Pégourié-Gonnard4dd73922014-05-30 10:34:15 +0200[diff] [blame]402/*
403 * Dummy source function
404 */
405static int entropy_dummy_source( void *data, unsigned char *output,
406 size_t len, size_t *olen )
407{
408 ((void) data);
409
410 memset( output, 0x2a, len );
411 *olen = len;
412
413 return( 0 );
414}
415
416/*
417 * The actual entropy quality is hard to test, but we can at least
418 * test that the functions don't cause errors and write the correct
419 * amount of data to buffers.
420 */
421int entropy_self_test( int verbose )
422{
423 int ret = 0;
424 entropy_context ctx;
425 unsigned char buf[ENTROPY_BLOCK_SIZE] = { 0 };
426 unsigned char acc[ENTROPY_BLOCK_SIZE] = { 0 };
427 size_t i, j;
428
429 if( verbose != 0 )
430 polarssl_printf( " ENTROPY test: " );
431
432 entropy_init( &ctx );
433
434 ret = entropy_add_source( &ctx, entropy_dummy_source, NULL, 16 );
435 if( ret != 0 )
436 goto cleanup;
437
438 if( ( ret = entropy_gather( &ctx ) ) != 0 )
439 goto cleanup;
440
441 if( ( ret = entropy_update_manual( &ctx, buf, sizeof buf ) ) != 0 )
442 goto cleanup;
443
444 /*
445 * To test that entropy_func writes correct number of bytes:
446 * - use the whole buffer and rely on ASan to detect overruns
447 * - collect entropy 8 times and OR the result in an accumulator:
448 * any byte should then be 0 with probably 2^(-64), so requiring
449 * each of the 32 or 64 bytes to be non-zero has a false failure rate
450 * of at most 2^(-58) which is acceptable.
451 */
452 for( i = 0; i < 8; i++ )
453 {
454 if( ( ret = entropy_func( &ctx, buf, sizeof( buf ) ) ) != 0 )
455 goto cleanup;
456
457 for( j = 0; j < sizeof( buf ); j++ )
458 acc[j] |= buf[j];
459 }
460
461 for( j = 0; j < sizeof( buf ); j++ )
462 {
463 if( acc[j] == 0 )
464 {
465 ret = 1;
466 goto cleanup;
467 }
468 }
469
470cleanup:
471 entropy_free( &ctx );
472
473 if( verbose != 0 )
474 {
475 if( ret != 0 )
476 polarssl_printf( "failed\n" );
477 else
478 polarssl_printf( "passed\n" );
479
480 polarssl_printf( "\n" );
481 }
482
483 return( ret != 0 );
484}
485#endif /* POLARSSL_SELF_TEST */
486
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]487#endif /* POLARSSL_ENTROPY_C */