TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / refs/heads/mbedtls-1.3 / . / library / entropy.c
blob: e5e4b4674963870e612666350f22bbe5971121cd [file] [log] [blame]
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]1/*
2 * Entropy accumulator implementation
3 *
Manuel Pégourié-Gonnarda658a402015-01-23 09:45:19 +0000[diff] [blame]4 * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]5 *
Manuel Pégourié-Gonnardfe446432015-03-06 13:17:10 +0000[diff] [blame]6 * This file is part of mbed TLS (https://tls.mbed.org)
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]7 *
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License along
19 * with this program; if not, write to the Free Software Foundation, Inc.,
20 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 */
22
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]23#if !defined(POLARSSL_CONFIG_FILE)
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]24#include "polarssl/config.h"
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]25#else
26#include POLARSSL_CONFIG_FILE
27#endif
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]28
29#if defined(POLARSSL_ENTROPY_C)
30
31#include "polarssl/entropy.h"
32#include "polarssl/entropy_poll.h"
33
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]34#include <string.h>
35
Paul Bakker66ff70d2014-03-26 11:54:05 +0100[diff] [blame]36#if defined(POLARSSL_FS_IO)
37#include <stdio.h>
38#endif
39
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]40#if defined(POLARSSL_SELF_TEST)
41#if defined(POLARSSL_PLATFORM_C)
42#include "polarssl/platform.h"
43#else
44#include <stdio.h>
45#define polarssl_printf printf
46#endif /* POLARSSL_PLATFORM_C */
47#endif /* POLARSSL_SELF_TEST */
48
Paul Bakker28c7e7f2011-12-15 19:49:30 +0000[diff] [blame]49#if defined(POLARSSL_HAVEGE_C)
50#include "polarssl/havege.h"
51#endif
52
Paul Bakker34617722014-06-13 17:20:13 +0200[diff] [blame]53/* Implementation that should never be optimized out by the compiler */
54static void polarssl_zeroize( void *v, size_t n ) {
55 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
56}
57
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]58#define ENTROPY_MAX_LOOP 256 /**< Maximum amount to loop before error */
59
60void entropy_init( entropy_context *ctx )
61{
62 memset( ctx, 0, sizeof(entropy_context) );
63
Hanno Beckeradb9bd22017-09-08 10:53:30 +0100[diff] [blame]64 /* Reminder: Update ENTROPY_HAVE_DEFAULT in the test files
65 * when adding more strong entropy sources here. */
66
Paul Bakkerf4e7dc52013-09-28 15:23:57 +0200[diff] [blame]67#if defined(POLARSSL_THREADING_C)
68 polarssl_mutex_init( &ctx->mutex );
69#endif
70
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame]71#if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR)
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]72 sha512_starts( &ctx->accumulator, 0 );
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame]73#else
74 sha256_starts( &ctx->accumulator, 0 );
75#endif
Paul Bakker43655f42011-12-15 20:11:16 +0000[diff] [blame]76#if defined(POLARSSL_HAVEGE_C)
77 havege_init( &ctx->havege_data );
78#endif
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]79
Paul Bakker43655f42011-12-15 20:11:16 +0000[diff] [blame]80#if !defined(POLARSSL_NO_DEFAULT_ENTROPY_SOURCES)
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]81#if !defined(POLARSSL_NO_PLATFORM_ENTROPY)
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]82 entropy_add_source( ctx, platform_entropy_poll, NULL,
83 ENTROPY_MIN_PLATFORM );
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]84#endif
85#if defined(POLARSSL_TIMING_C)
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]86 entropy_add_source( ctx, hardclock_poll, NULL, ENTROPY_MIN_HARDCLOCK );
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]87#endif
Paul Bakker28c7e7f2011-12-15 19:49:30 +0000[diff] [blame]88#if defined(POLARSSL_HAVEGE_C)
Paul Bakker28c7e7f2011-12-15 19:49:30 +0000[diff] [blame]89 entropy_add_source( ctx, havege_poll, &ctx->havege_data,
90 ENTROPY_MIN_HAVEGE );
91#endif
Paul Bakker43655f42011-12-15 20:11:16 +0000[diff] [blame]92#endif /* POLARSSL_NO_DEFAULT_ENTROPY_SOURCES */
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]93}
94
Paul Bakker1ffefac2013-09-28 15:23:03 +0200[diff] [blame]95void entropy_free( entropy_context *ctx )
96{
Paul Bakkera317a982014-06-18 16:44:11 +0200[diff] [blame]97#if defined(POLARSSL_HAVEGE_C)
98 havege_free( &ctx->havege_data );
99#endif
Paul Bakkerf4e7dc52013-09-28 15:23:57 +0200[diff] [blame]100#if defined(POLARSSL_THREADING_C)
101 polarssl_mutex_free( &ctx->mutex );
102#endif
ptahpeteh638fa0b2015-06-01 12:28:29 +0200[diff] [blame]103 polarssl_zeroize( ctx, sizeof( entropy_context ) );
Paul Bakker1ffefac2013-09-28 15:23:03 +0200[diff] [blame]104}
105
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]106int entropy_add_source( entropy_context *ctx,
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]107 f_source_ptr f_source, void *p_source,
108 size_t threshold )
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]109{
Hanno Beckerab3fbc22017-04-26 15:01:23 +0100[diff] [blame]110 int idx, ret = 0;
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]111
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]112#if defined(POLARSSL_THREADING_C)
113 if( ( ret = polarssl_mutex_lock( &ctx->mutex ) ) != 0 )
114 return( ret );
115#endif
116
Hanno Beckerab3fbc22017-04-26 15:01:23 +0100[diff] [blame]117 idx = ctx->source_count;
118 if( idx >= ENTROPY_MAX_SOURCES )
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]119 {
120 ret = POLARSSL_ERR_ENTROPY_MAX_SOURCES;
121 goto exit;
122 }
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]123
Hanno Beckerab3fbc22017-04-26 15:01:23 +0100[diff] [blame]124 ctx->source[idx].f_source = f_source;
125 ctx->source[idx].p_source = p_source;
126 ctx->source[idx].threshold = threshold;
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]127
128 ctx->source_count++;
129
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]130exit:
131#if defined(POLARSSL_THREADING_C)
132 if( polarssl_mutex_unlock( &ctx->mutex ) != 0 )
133 return( POLARSSL_ERR_THREADING_MUTEX_ERROR );
134#endif
135
136 return( ret );
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]137}
138
139/*
140 * Entropy accumulator update
141 */
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]142static int entropy_update( entropy_context *ctx, unsigned char source_id,
143 const unsigned char *data, size_t len )
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]144{
145 unsigned char header[2];
146 unsigned char tmp[ENTROPY_BLOCK_SIZE];
147 size_t use_len = len;
148 const unsigned char *p = data;
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]149
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]150 if( use_len > ENTROPY_BLOCK_SIZE )
151 {
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame]152#if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR)
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]153 sha512( data, len, tmp, 0 );
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame]154#else
155 sha256( data, len, tmp, 0 );
156#endif
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]157 p = tmp;
158 use_len = ENTROPY_BLOCK_SIZE;
159 }
160
161 header[0] = source_id;
162 header[1] = use_len & 0xFF;
163
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame]164#if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR)
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]165 sha512_update( &ctx->accumulator, header, 2 );
166 sha512_update( &ctx->accumulator, p, use_len );
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame]167#else
168 sha256_update( &ctx->accumulator, header, 2 );
169 sha256_update( &ctx->accumulator, p, use_len );
170#endif
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]171
Andres Amaya Garcia1bfa46a2017-07-12 11:00:02 +0100[diff] [blame]172 polarssl_zeroize( tmp, sizeof( tmp ) );
173
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]174 return( 0 );
175}
176
177int entropy_update_manual( entropy_context *ctx,
178 const unsigned char *data, size_t len )
179{
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]180 int ret;
181
182#if defined(POLARSSL_THREADING_C)
183 if( ( ret = polarssl_mutex_lock( &ctx->mutex ) ) != 0 )
184 return( ret );
185#endif
186
187 ret = entropy_update( ctx, ENTROPY_SOURCE_MANUAL, data, len );
188
189#if defined(POLARSSL_THREADING_C)
190 if( polarssl_mutex_unlock( &ctx->mutex ) != 0 )
191 return( POLARSSL_ERR_THREADING_MUTEX_ERROR );
192#endif
193
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]194 return( ret );
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]195}
196
197/*
198 * Run through the different sources to add entropy to our accumulator
199 */
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]200static int entropy_gather_internal( entropy_context *ctx )
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]201{
Gilles Peskineb662cc12017-11-24 18:55:19 +0100[diff] [blame]202 int ret = POLARSSL_ERR_ENTROPY_NO_SOURCES_DEFINED;
203 int i;
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]204 unsigned char buf[ENTROPY_MAX_GATHER];
205 size_t olen;
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]206
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]207 /*
208 * Run through our entropy sources
209 */
210 for( i = 0; i < ctx->source_count; i++ )
211 {
212 olen = 0;
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]213 if( ( ret = ctx->source[i].f_source( ctx->source[i].p_source,
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]214 buf, ENTROPY_MAX_GATHER, &olen ) ) != 0 )
215 {
Andres Amaya Garciafa6fa682017-07-12 10:32:27 +0100[diff] [blame]216 goto cleanup;
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]217 }
218
219 /*
220 * Add if we actually gathered something
221 */
222 if( olen > 0 )
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]223 {
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]224 entropy_update( ctx, (unsigned char) i, buf, olen );
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]225 ctx->source[i].size += olen;
226 }
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]227 }
228
Andres Amaya Garciafa6fa682017-07-12 10:32:27 +0100[diff] [blame]229cleanup:
230 polarssl_zeroize( buf, sizeof( buf ) );
231
232 return( ret );
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]233}
234
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]235/*
236 * Thread-safe wrapper for entropy_gather_internal()
237 */
238int entropy_gather( entropy_context *ctx )
239{
Paul Bakkerddd427a2014-04-09 14:47:58 +0200[diff] [blame]240 int ret;
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]241
242#if defined(POLARSSL_THREADING_C)
Paul Bakkerddd427a2014-04-09 14:47:58 +0200[diff] [blame]243 if( ( ret = polarssl_mutex_lock( &ctx->mutex ) ) != 0 )
244 return( ret );
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]245#endif
246
Paul Bakkerddd427a2014-04-09 14:47:58 +0200[diff] [blame]247 ret = entropy_gather_internal( ctx );
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]248
249#if defined(POLARSSL_THREADING_C)
Paul Bakkerddd427a2014-04-09 14:47:58 +0200[diff] [blame]250 if( polarssl_mutex_unlock( &ctx->mutex ) != 0 )
251 return( POLARSSL_ERR_THREADING_MUTEX_ERROR );
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]252#endif
253
Paul Bakkerddd427a2014-04-09 14:47:58 +0200[diff] [blame]254 return( ret );
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]255}
256
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]257int entropy_func( void *data, unsigned char *output, size_t len )
258{
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]259 int ret, count = 0, i, reached;
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]260 entropy_context *ctx = (entropy_context *) data;
261 unsigned char buf[ENTROPY_BLOCK_SIZE];
262
263 if( len > ENTROPY_BLOCK_SIZE )
264 return( POLARSSL_ERR_ENTROPY_SOURCE_FAILED );
265
Paul Bakkerf4e7dc52013-09-28 15:23:57 +0200[diff] [blame]266#if defined(POLARSSL_THREADING_C)
267 if( ( ret = polarssl_mutex_lock( &ctx->mutex ) ) != 0 )
268 return( ret );
269#endif
270
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]271 /*
272 * Always gather extra entropy before a call
273 */
274 do
275 {
276 if( count++ > ENTROPY_MAX_LOOP )
Paul Bakkerf4e7dc52013-09-28 15:23:57 +0200[diff] [blame]277 {
278 ret = POLARSSL_ERR_ENTROPY_SOURCE_FAILED;
279 goto exit;
280 }
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]281
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]282 if( ( ret = entropy_gather_internal( ctx ) ) != 0 )
Paul Bakkerf4e7dc52013-09-28 15:23:57 +0200[diff] [blame]283 goto exit;
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]284
285 reached = 0;
286
287 for( i = 0; i < ctx->source_count; i++ )
288 if( ctx->source[i].size >= ctx->source[i].threshold )
289 reached++;
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]290 }
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]291 while( reached != ctx->source_count );
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]292
293 memset( buf, 0, ENTROPY_BLOCK_SIZE );
294
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame]295#if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR)
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]296 sha512_finish( &ctx->accumulator, buf );
297
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]298 /*
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]299 * Reset accumulator and counters and recycle existing entropy
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]300 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]301 memset( &ctx->accumulator, 0, sizeof( sha512_context ) );
302 sha512_starts( &ctx->accumulator, 0 );
303 sha512_update( &ctx->accumulator, buf, ENTROPY_BLOCK_SIZE );
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame]304
305 /*
Paul Bakkerb13d3ff2014-03-26 12:51:25 +0100[diff] [blame]306 * Perform second SHA-512 on entropy
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame]307 */
Paul Bakkerb13d3ff2014-03-26 12:51:25 +0100[diff] [blame]308 sha512( buf, ENTROPY_BLOCK_SIZE, buf, 0 );
309#else /* POLARSSL_ENTROPY_SHA512_ACCUMULATOR */
310 sha256_finish( &ctx->accumulator, buf );
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame]311
312 /*
313 * Reset accumulator and counters and recycle existing entropy
314 */
315 memset( &ctx->accumulator, 0, sizeof( sha256_context ) );
316 sha256_starts( &ctx->accumulator, 0 );
317 sha256_update( &ctx->accumulator, buf, ENTROPY_BLOCK_SIZE );
Paul Bakkerb13d3ff2014-03-26 12:51:25 +0100[diff] [blame]318
319 /*
320 * Perform second SHA-256 on entropy
321 */
322 sha256( buf, ENTROPY_BLOCK_SIZE, buf, 0 );
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame]323#endif /* POLARSSL_ENTROPY_SHA512_ACCUMULATOR */
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]324
325 for( i = 0; i < ctx->source_count; i++ )
326 ctx->source[i].size = 0;
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]327
328 memcpy( output, buf, len );
329
Paul Bakkerf4e7dc52013-09-28 15:23:57 +0200[diff] [blame]330 ret = 0;
331
332exit:
Andres Amaya Garciafa6fa682017-07-12 10:32:27 +0100[diff] [blame]333 polarssl_zeroize( buf, sizeof( buf ) );
334
Paul Bakkerf4e7dc52013-09-28 15:23:57 +0200[diff] [blame]335#if defined(POLARSSL_THREADING_C)
336 if( polarssl_mutex_unlock( &ctx->mutex ) != 0 )
337 return( POLARSSL_ERR_THREADING_MUTEX_ERROR );
338#endif
339
340 return( ret );
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]341}
342
Paul Bakker66ff70d2014-03-26 11:54:05 +0100[diff] [blame]343#if defined(POLARSSL_FS_IO)
344int entropy_write_seed_file( entropy_context *ctx, const char *path )
345{
346 int ret = POLARSSL_ERR_ENTROPY_FILE_IO_ERROR;
347 FILE *f;
348 unsigned char buf[ENTROPY_BLOCK_SIZE];
349
350 if( ( f = fopen( path, "wb" ) ) == NULL )
351 return( POLARSSL_ERR_ENTROPY_FILE_IO_ERROR );
352
353 if( ( ret = entropy_func( ctx, buf, ENTROPY_BLOCK_SIZE ) ) != 0 )
354 goto exit;
355
356 if( fwrite( buf, 1, ENTROPY_BLOCK_SIZE, f ) != ENTROPY_BLOCK_SIZE )
357 {
358 ret = POLARSSL_ERR_ENTROPY_FILE_IO_ERROR;
359 goto exit;
360 }
361
362 ret = 0;
363
364exit:
Andres Amaya Garciafa6fa682017-07-12 10:32:27 +0100[diff] [blame]365 polarssl_zeroize( buf, sizeof( buf ) );
366
Paul Bakker66ff70d2014-03-26 11:54:05 +0100[diff] [blame]367 fclose( f );
368 return( ret );
369}
370
371int entropy_update_seed_file( entropy_context *ctx, const char *path )
372{
Andres Amaya Garciafa6fa682017-07-12 10:32:27 +0100[diff] [blame]373 int ret = 0;
Paul Bakker66ff70d2014-03-26 11:54:05 +0100[diff] [blame]374 FILE *f;
375 size_t n;
376 unsigned char buf[ ENTROPY_MAX_SEED_SIZE ];
377
378 if( ( f = fopen( path, "rb" ) ) == NULL )
379 return( POLARSSL_ERR_ENTROPY_FILE_IO_ERROR );
380
381 fseek( f, 0, SEEK_END );
382 n = (size_t) ftell( f );
383 fseek( f, 0, SEEK_SET );
384
385 if( n > ENTROPY_MAX_SEED_SIZE )
386 n = ENTROPY_MAX_SEED_SIZE;
387
388 if( fread( buf, 1, n, f ) != n )
Andres Amaya Garciafa6fa682017-07-12 10:32:27 +0100[diff] [blame]389 ret = POLARSSL_ERR_ENTROPY_FILE_IO_ERROR;
390 else
391 ret = entropy_update_manual( ctx, buf, n );
Paul Bakker66ff70d2014-03-26 11:54:05 +0100[diff] [blame]392
393 fclose( f );
394
Andres Amaya Garciafa6fa682017-07-12 10:32:27 +0100[diff] [blame]395 polarssl_zeroize( buf, sizeof( buf ) );
396
397 if( ret != 0 )
398 return( ret );
Paul Bakker66ff70d2014-03-26 11:54:05 +0100[diff] [blame]399
400 return( entropy_write_seed_file( ctx, path ) );
401}
402#endif /* POLARSSL_FS_IO */
403
Manuel Pégourié-Gonnard4dd73922014-05-30 10:34:15 +0200[diff] [blame]404#if defined(POLARSSL_SELF_TEST)
Manuel Pégourié-Gonnard4dd73922014-05-30 10:34:15 +0200[diff] [blame]405/*
406 * Dummy source function
407 */
408static int entropy_dummy_source( void *data, unsigned char *output,
409 size_t len, size_t *olen )
410{
411 ((void) data);
412
413 memset( output, 0x2a, len );
414 *olen = len;
415
416 return( 0 );
417}
418
419/*
420 * The actual entropy quality is hard to test, but we can at least
421 * test that the functions don't cause errors and write the correct
422 * amount of data to buffers.
423 */
424int entropy_self_test( int verbose )
425{
426 int ret = 0;
427 entropy_context ctx;
428 unsigned char buf[ENTROPY_BLOCK_SIZE] = { 0 };
429 unsigned char acc[ENTROPY_BLOCK_SIZE] = { 0 };
430 size_t i, j;
431
432 if( verbose != 0 )
433 polarssl_printf( " ENTROPY test: " );
434
435 entropy_init( &ctx );
436
437 ret = entropy_add_source( &ctx, entropy_dummy_source, NULL, 16 );
438 if( ret != 0 )
439 goto cleanup;
440
441 if( ( ret = entropy_gather( &ctx ) ) != 0 )
442 goto cleanup;
443
444 if( ( ret = entropy_update_manual( &ctx, buf, sizeof buf ) ) != 0 )
445 goto cleanup;
446
447 /*
448 * To test that entropy_func writes correct number of bytes:
449 * - use the whole buffer and rely on ASan to detect overruns
450 * - collect entropy 8 times and OR the result in an accumulator:
451 * any byte should then be 0 with probably 2^(-64), so requiring
452 * each of the 32 or 64 bytes to be non-zero has a false failure rate
453 * of at most 2^(-58) which is acceptable.
454 */
455 for( i = 0; i < 8; i++ )
456 {
457 if( ( ret = entropy_func( &ctx, buf, sizeof( buf ) ) ) != 0 )
458 goto cleanup;
459
460 for( j = 0; j < sizeof( buf ); j++ )
461 acc[j] |= buf[j];
462 }
463
464 for( j = 0; j < sizeof( buf ); j++ )
465 {
466 if( acc[j] == 0 )
467 {
468 ret = 1;
469 goto cleanup;
470 }
471 }
472
473cleanup:
474 entropy_free( &ctx );
475
476 if( verbose != 0 )
477 {
478 if( ret != 0 )
479 polarssl_printf( "failed\n" );
480 else
481 polarssl_printf( "passed\n" );
482
483 polarssl_printf( "\n" );
484 }
485
486 return( ret != 0 );
487}
488#endif /* POLARSSL_SELF_TEST */
489
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]490#endif /* POLARSSL_ENTROPY_C */