TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / fb08fd2e23536bf60ab92fd87717b52edc86d1fc / . / library / entropy.c
blob: 2352bcff4dcd4e5a741cfa97a10f8309343275d7 [file] [log] [blame]
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]1/*
2 * Entropy accumulator implementation
3 *
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]4 * Copyright (C) 2006-2013, Brainspark B.V.
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8 *
9 * All rights reserved.
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25
26#include "polarssl/config.h"
27
28#if defined(POLARSSL_ENTROPY_C)
29
30#include "polarssl/entropy.h"
31#include "polarssl/entropy_poll.h"
32
Paul Bakker28c7e7f2011-12-15 19:49:30 +0000[diff] [blame]33#if defined(POLARSSL_HAVEGE_C)
34#include "polarssl/havege.h"
35#endif
36
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]37#define ENTROPY_MAX_LOOP 256 /**< Maximum amount to loop before error */
38
39void entropy_init( entropy_context *ctx )
40{
41 memset( ctx, 0, sizeof(entropy_context) );
42
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame^]43#if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR)
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]44 sha512_starts( &ctx->accumulator, 0 );
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame^]45#else
46 sha256_starts( &ctx->accumulator, 0 );
47#endif
Paul Bakker43655f42011-12-15 20:11:16 +0000[diff] [blame]48#if defined(POLARSSL_HAVEGE_C)
49 havege_init( &ctx->havege_data );
50#endif
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]51
Paul Bakker43655f42011-12-15 20:11:16 +0000[diff] [blame]52#if !defined(POLARSSL_NO_DEFAULT_ENTROPY_SOURCES)
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]53#if !defined(POLARSSL_NO_PLATFORM_ENTROPY)
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]54 entropy_add_source( ctx, platform_entropy_poll, NULL,
55 ENTROPY_MIN_PLATFORM );
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]56#endif
57#if defined(POLARSSL_TIMING_C)
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]58 entropy_add_source( ctx, hardclock_poll, NULL, ENTROPY_MIN_HARDCLOCK );
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]59#endif
Paul Bakker28c7e7f2011-12-15 19:49:30 +0000[diff] [blame]60#if defined(POLARSSL_HAVEGE_C)
Paul Bakker28c7e7f2011-12-15 19:49:30 +0000[diff] [blame]61 entropy_add_source( ctx, havege_poll, &ctx->havege_data,
62 ENTROPY_MIN_HAVEGE );
63#endif
Paul Bakker43655f42011-12-15 20:11:16 +0000[diff] [blame]64#endif /* POLARSSL_NO_DEFAULT_ENTROPY_SOURCES */
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]65}
66
67int entropy_add_source( entropy_context *ctx,
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]68 f_source_ptr f_source, void *p_source,
69 size_t threshold )
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]70{
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]71 int index = ctx->source_count;
72
73 if( index >= ENTROPY_MAX_SOURCES )
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]74 return( POLARSSL_ERR_ENTROPY_MAX_SOURCES );
75
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]76 ctx->source[index].f_source = f_source;
77 ctx->source[index].p_source = p_source;
78 ctx->source[index].threshold = threshold;
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]79
80 ctx->source_count++;
81
82 return( 0 );
83}
84
85/*
86 * Entropy accumulator update
87 */
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]88static int entropy_update( entropy_context *ctx, unsigned char source_id,
89 const unsigned char *data, size_t len )
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]90{
91 unsigned char header[2];
92 unsigned char tmp[ENTROPY_BLOCK_SIZE];
93 size_t use_len = len;
94 const unsigned char *p = data;
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]95
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]96 if( use_len > ENTROPY_BLOCK_SIZE )
97 {
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame^]98#if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR)
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]99 sha512( data, len, tmp, 0 );
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame^]100#else
101 sha256( data, len, tmp, 0 );
102#endif
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]103 p = tmp;
104 use_len = ENTROPY_BLOCK_SIZE;
105 }
106
107 header[0] = source_id;
108 header[1] = use_len & 0xFF;
109
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame^]110#if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR)
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]111 sha512_update( &ctx->accumulator, header, 2 );
112 sha512_update( &ctx->accumulator, p, use_len );
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame^]113#else
114 sha256_update( &ctx->accumulator, header, 2 );
115 sha256_update( &ctx->accumulator, p, use_len );
116#endif
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]117
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]118 return( 0 );
119}
120
121int entropy_update_manual( entropy_context *ctx,
122 const unsigned char *data, size_t len )
123{
124 return entropy_update( ctx, ENTROPY_SOURCE_MANUAL, data, len );
125}
126
127/*
128 * Run through the different sources to add entropy to our accumulator
129 */
130int entropy_gather( entropy_context *ctx )
131{
132 int ret, i;
133 unsigned char buf[ENTROPY_MAX_GATHER];
134 size_t olen;
135
Paul Bakker43655f42011-12-15 20:11:16 +0000[diff] [blame]136 if( ctx->source_count == 0 )
137 return( POLARSSL_ERR_ENTROPY_NO_SOURCES_DEFINED );
138
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]139 /*
140 * Run through our entropy sources
141 */
142 for( i = 0; i < ctx->source_count; i++ )
143 {
144 olen = 0;
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]145 if ( ( ret = ctx->source[i].f_source( ctx->source[i].p_source,
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]146 buf, ENTROPY_MAX_GATHER, &olen ) ) != 0 )
147 {
148 return( ret );
149 }
150
151 /*
152 * Add if we actually gathered something
153 */
154 if( olen > 0 )
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]155 {
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]156 entropy_update( ctx, (unsigned char) i, buf, olen );
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]157 ctx->source[i].size += olen;
158 }
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]159 }
160
161 return( 0 );
162}
163
164int entropy_func( void *data, unsigned char *output, size_t len )
165{
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]166 int ret, count = 0, i, reached;
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]167 entropy_context *ctx = (entropy_context *) data;
168 unsigned char buf[ENTROPY_BLOCK_SIZE];
169
170 if( len > ENTROPY_BLOCK_SIZE )
171 return( POLARSSL_ERR_ENTROPY_SOURCE_FAILED );
172
173 /*
174 * Always gather extra entropy before a call
175 */
176 do
177 {
178 if( count++ > ENTROPY_MAX_LOOP )
179 return( POLARSSL_ERR_ENTROPY_SOURCE_FAILED );
180
181 if( ( ret = entropy_gather( ctx ) ) != 0 )
182 return( ret );
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]183
184 reached = 0;
185
186 for( i = 0; i < ctx->source_count; i++ )
187 if( ctx->source[i].size >= ctx->source[i].threshold )
188 reached++;
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]189 }
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]190 while( reached != ctx->source_count );
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]191
192 memset( buf, 0, ENTROPY_BLOCK_SIZE );
193
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame^]194#if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR)
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]195 sha512_finish( &ctx->accumulator, buf );
196
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]197 /*
198 * Perform second SHA-512 on entropy
199 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]200 sha512( buf, ENTROPY_BLOCK_SIZE, buf, 0 );
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]201
202 /*
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]203 * Reset accumulator and counters and recycle existing entropy
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]204 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]205 memset( &ctx->accumulator, 0, sizeof( sha512_context ) );
206 sha512_starts( &ctx->accumulator, 0 );
207 sha512_update( &ctx->accumulator, buf, ENTROPY_BLOCK_SIZE );
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame^]208#else /* POLARSSL_ENTROPY_SHA512_ACCUMULATOR */
209 sha256_finish( &ctx->accumulator, buf );
210
211 /*
212 * Perform second SHA-256 on entropy
213 */
214 sha256( buf, ENTROPY_BLOCK_SIZE, buf, 0 );
215
216 /*
217 * Reset accumulator and counters and recycle existing entropy
218 */
219 memset( &ctx->accumulator, 0, sizeof( sha256_context ) );
220 sha256_starts( &ctx->accumulator, 0 );
221 sha256_update( &ctx->accumulator, buf, ENTROPY_BLOCK_SIZE );
222#endif /* POLARSSL_ENTROPY_SHA512_ACCUMULATOR */
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]223
224 for( i = 0; i < ctx->source_count; i++ )
225 ctx->source[i].size = 0;
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]226
227 memcpy( output, buf, len );
228
229 return( 0 );
230}
231
232#endif