A library for setting up Secure Socket Layer (SSL) connections and verifying remote hosts using certificates. Contains only the source files for mbed platform implementation of the library.
Dependents: HTTPClient-SSL HTTPClient-SSL HTTPClient-SSL HTTPClient-SSL
Diff: ctaocrypt/src/random.c
- Revision:
- 0:b86d15c6ba29
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/ctaocrypt/src/random.c Mon Jan 19 21:45:42 2015 +0000 @@ -0,0 +1,996 @@ +/* random.c + * + * Copyright (C) 2006-2014 wolfSSL Inc. + * + * This file is part of CyaSSL. + * + * CyaSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * CyaSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H + #include <config.h> +#endif + +#include <cyassl/ctaocrypt/settings.h> + +/* on HPUX 11 you may need to install /dev/random see + http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=KRNG11I + +*/ + +#ifdef HAVE_FIPS + /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */ + #define FIPS_NO_WRAPPERS +#endif + +#include <cyassl/ctaocrypt/random.h> +#include <cyassl/ctaocrypt/error-crypt.h> + +#if defined(HAVE_HASHDRBG) || defined(NO_RC4) + + #include <cyassl/ctaocrypt/sha256.h> + + #ifdef NO_INLINE + #include <cyassl/ctaocrypt/misc.h> + #else + #include <ctaocrypt/src/misc.c> + #endif +#endif /* HAVE_HASHDRBG || NO_RC4 */ + +#if defined(USE_WINDOWS_API) + #ifndef _WIN32_WINNT + #define _WIN32_WINNT 0x0400 + #endif + #include <windows.h> + #include <wincrypt.h> +#else + #if !defined(NO_DEV_RANDOM) && !defined(CYASSL_MDK_ARM) \ + && !defined(CYASSL_IAR_ARM) + #include <fcntl.h> + #ifndef EBSNET + #include <unistd.h> + #endif + #else + /* include headers that may be needed to get good seed */ + #endif +#endif /* USE_WINDOWS_API */ + + +#if defined(HAVE_HASHDRBG) || defined(NO_RC4) + +/* Start NIST DRBG code */ + +#define OUTPUT_BLOCK_LEN (SHA256_DIGEST_SIZE) +#define MAX_REQUEST_LEN (0x10000) +#define RESEED_INTERVAL (1000000) +#define SECURITY_STRENGTH (256) +#define ENTROPY_SZ (SECURITY_STRENGTH/8) +#define NONCE_SZ (ENTROPY_SZ/2) +#define ENTROPY_NONCE_SZ (ENTROPY_SZ+NONCE_SZ) + +/* Internal return codes */ +#define DRBG_SUCCESS 0 +#define DRBG_ERROR 1 +#define DRBG_FAILURE 2 +#define DRBG_NEED_RESEED 3 +#define DRBG_CONT_FAILURE 4 + +/* RNG health states */ +#define DRBG_NOT_INIT 0 +#define DRBG_OK 1 +#define DRBG_FAILED 2 +#define DRBG_CONT_FAILED 3 + + +enum { + drbgInitC = 0, + drbgReseed = 1, + drbgGenerateW = 2, + drbgGenerateH = 3, + drbgInitV +}; + + +typedef struct DRBG { + Sha256 sha; + byte digest[SHA256_DIGEST_SIZE]; + byte V[DRBG_SEED_LEN]; + byte C[DRBG_SEED_LEN]; + word32 reseedCtr; + word32 lastBlock; + byte matchCount; +} DRBG; + + +/* Hash Derivation Function */ +/* Returns: DRBG_SUCCESS or DRBG_FAILURE */ +static int Hash_df(DRBG* drbg, byte* out, word32 outSz, byte type, + const byte* inA, word32 inASz, + const byte* inB, word32 inBSz) +{ + byte ctr; + int i; + int len; + word32 bits = (outSz * 8); /* reverse byte order */ + + #ifdef LITTLE_ENDIAN_ORDER + bits = ByteReverseWord32(bits); + #endif + len = (outSz / OUTPUT_BLOCK_LEN) + + ((outSz % OUTPUT_BLOCK_LEN) ? 1 : 0); + + for (i = 0, ctr = 1; i < len; i++, ctr++) + { + if (InitSha256(&drbg->sha) != 0) + return DRBG_FAILURE; + + if (Sha256Update(&drbg->sha, &ctr, sizeof(ctr)) != 0) + return DRBG_FAILURE; + + if (Sha256Update(&drbg->sha, (byte*)&bits, sizeof(bits)) != 0) + return DRBG_FAILURE; + + /* churning V is the only string that doesn't have + * the type added */ + if (type != drbgInitV) + if (Sha256Update(&drbg->sha, &type, sizeof(type)) != 0) + return DRBG_FAILURE; + + if (Sha256Update(&drbg->sha, inA, inASz) != 0) + return DRBG_FAILURE; + + if (inB != NULL && inBSz > 0) + if (Sha256Update(&drbg->sha, inB, inBSz) != 0) + return DRBG_FAILURE; + + if (Sha256Final(&drbg->sha, drbg->digest) != 0) + return DRBG_FAILURE; + + if (outSz > OUTPUT_BLOCK_LEN) { + XMEMCPY(out, drbg->digest, OUTPUT_BLOCK_LEN); + outSz -= OUTPUT_BLOCK_LEN; + out += OUTPUT_BLOCK_LEN; + } + else { + XMEMCPY(out, drbg->digest, outSz); + } + } + + return DRBG_SUCCESS; +} + + +/* Returns: DRBG_SUCCESS or DRBG_FAILURE */ +static int Hash_DRBG_Reseed(DRBG* drbg, const byte* entropy, word32 entropySz) +{ + byte seed[DRBG_SEED_LEN]; + + if (Hash_df(drbg, seed, sizeof(seed), drbgReseed, drbg->V, sizeof(drbg->V), + entropy, entropySz) != DRBG_SUCCESS) { + return DRBG_FAILURE; + } + + XMEMCPY(drbg->V, seed, sizeof(drbg->V)); + XMEMSET(seed, 0, sizeof(seed)); + + if (Hash_df(drbg, drbg->C, sizeof(drbg->C), drbgInitC, drbg->V, + sizeof(drbg->V), NULL, 0) != DRBG_SUCCESS) { + return DRBG_FAILURE; + } + + drbg->reseedCtr = 1; + drbg->lastBlock = 0; + drbg->matchCount = 0; + return DRBG_SUCCESS; +} + +static INLINE void array_add_one(byte* data, word32 dataSz) +{ + int i; + + for (i = dataSz - 1; i >= 0; i--) + { + data[i]++; + if (data[i] != 0) break; + } +} + + +/* Returns: DRBG_SUCCESS or DRBG_FAILURE */ +static int Hash_gen(DRBG* drbg, byte* out, word32 outSz, const byte* V) +{ + byte data[DRBG_SEED_LEN]; + int i; + int len; + word32 checkBlock; + + /* Special case: outSz is 0 and out is NULL. Generate a block to save for + * the continuous test. */ + + if (outSz == 0) outSz = 1; + + len = (outSz / OUTPUT_BLOCK_LEN) + ((outSz % OUTPUT_BLOCK_LEN) ? 1 : 0); + + XMEMCPY(data, V, sizeof(data)); + for (i = 0; i < len; i++) { + if (InitSha256(&drbg->sha) != 0 || + Sha256Update(&drbg->sha, data, sizeof(data)) != 0 || + Sha256Final(&drbg->sha, drbg->digest) != 0) { + + return DRBG_FAILURE; + } + + checkBlock = *(word32*)drbg->digest; + if (drbg->reseedCtr > 1 && checkBlock == drbg->lastBlock) { + if (drbg->matchCount == 1) { + return DRBG_CONT_FAILURE; + } + else { + if (i == len) { + len++; + } + drbg->matchCount = 1; + } + } + else { + drbg->matchCount = 0; + drbg->lastBlock = checkBlock; + } + + if (outSz >= OUTPUT_BLOCK_LEN) { + XMEMCPY(out, drbg->digest, OUTPUT_BLOCK_LEN); + outSz -= OUTPUT_BLOCK_LEN; + out += OUTPUT_BLOCK_LEN; + array_add_one(data, DRBG_SEED_LEN); + } + else if (out != NULL && outSz != 0) { + XMEMCPY(out, drbg->digest, outSz); + outSz = 0; + } + } + XMEMSET(data, 0, sizeof(data)); + + return DRBG_SUCCESS; +} + + +static INLINE void array_add(byte* d, word32 dLen, const byte* s, word32 sLen) +{ + word16 carry = 0; + + if (dLen > 0 && sLen > 0 && dLen >= sLen) { + int sIdx, dIdx; + + for (sIdx = sLen - 1, dIdx = dLen - 1; sIdx >= 0; dIdx--, sIdx--) + { + carry += d[dIdx] + s[sIdx]; + d[dIdx] = carry; + carry >>= 8; + } + + for (; carry != 0 && dIdx >= 0; dIdx--) { + carry += d[dIdx]; + d[dIdx] = carry; + carry >>= 8; + } + } +} + + +/* Returns: DRBG_SUCCESS, DRBG_NEED_RESEED, or DRBG_FAILURE */ +static int Hash_DRBG_Generate(DRBG* drbg, byte* out, word32 outSz) +{ + int ret = DRBG_NEED_RESEED; + + if (drbg->reseedCtr != RESEED_INTERVAL) { + byte type = drbgGenerateH; + word32 reseedCtr = drbg->reseedCtr; + + ret = Hash_gen(drbg, out, outSz, drbg->V); + if (ret == DRBG_SUCCESS) { + if (InitSha256(&drbg->sha) != 0 || + Sha256Update(&drbg->sha, &type, sizeof(type)) != 0 || + Sha256Update(&drbg->sha, drbg->V, sizeof(drbg->V)) != 0 || + Sha256Final(&drbg->sha, drbg->digest) != 0) { + + ret = DRBG_FAILURE; + } + else { + array_add(drbg->V, sizeof(drbg->V), + drbg->digest, sizeof(drbg->digest)); + array_add(drbg->V, sizeof(drbg->V), drbg->C, sizeof(drbg->C)); + #ifdef LITTLE_ENDIAN_ORDER + reseedCtr = ByteReverseWord32(reseedCtr); + #endif + array_add(drbg->V, sizeof(drbg->V), + (byte*)&reseedCtr, sizeof(reseedCtr)); + ret = DRBG_SUCCESS; + } + drbg->reseedCtr++; + } + } + + return ret; +} + + +/* Returns: DRBG_SUCCESS or DRBG_FAILURE */ +static int Hash_DRBG_Instantiate(DRBG* drbg, const byte* seed, word32 seedSz, + const byte* nonce, word32 nonceSz) +{ + int ret = DRBG_FAILURE; + + XMEMSET(drbg, 0, sizeof(DRBG)); + + if (Hash_df(drbg, drbg->V, sizeof(drbg->V), drbgInitV, seed, seedSz, + nonce, nonceSz) == DRBG_SUCCESS && + Hash_df(drbg, drbg->C, sizeof(drbg->C), drbgInitC, drbg->V, + sizeof(drbg->V), NULL, 0) == DRBG_SUCCESS) { + + drbg->reseedCtr = 1; + drbg->lastBlock = 0; + drbg->matchCount = 0; + ret = DRBG_SUCCESS; + } + + return ret; +} + + +/* Returns: DRBG_SUCCESS */ +static int Hash_DRBG_Uninstantiate(DRBG* drbg) +{ + XMEMSET(drbg, 0, sizeof(DRBG)); + + return DRBG_SUCCESS; +} + +/* End NIST DRBG Code */ + + +/* Get seed and key cipher */ +int InitRng(RNG* rng) +{ + int ret = BAD_FUNC_ARG; + + if (rng != NULL) { + byte entropy[ENTROPY_NONCE_SZ]; + + rng->drbg = (struct DRBG*)XMALLOC(sizeof(DRBG), NULL, DYNAMIC_TYPE_RNG); + if (rng->drbg == NULL) { + ret = MEMORY_E; + } + /* This doesn't use a separate nonce. The entropy input will be + * the default size plus the size of the nonce making the seed + * size. */ + else if (GenerateSeed(&rng->seed, entropy, ENTROPY_NONCE_SZ) == 0 && + Hash_DRBG_Instantiate(rng->drbg, entropy, ENTROPY_NONCE_SZ, + NULL, 0) == DRBG_SUCCESS) { + + ret = Hash_DRBG_Generate(rng->drbg, NULL, 0); + } + else + ret = DRBG_FAILURE; + + XMEMSET(entropy, 0, ENTROPY_NONCE_SZ); + + if (ret == DRBG_SUCCESS) { + rng->status = DRBG_OK; + ret = 0; + } + else if (ret == DRBG_CONT_FAILURE) { + rng->status = DRBG_CONT_FAILED; + ret = DRBG_CONT_FIPS_E; + } + else if (ret == DRBG_FAILURE) { + rng->status = DRBG_FAILED; + ret = RNG_FAILURE_E; + } + else { + rng->status = DRBG_FAILED; + } + } + + return ret; +} + + +/* place a generated block in output */ +int RNG_GenerateBlock(RNG* rng, byte* output, word32 sz) +{ + int ret; + + if (rng == NULL || output == NULL || sz > MAX_REQUEST_LEN) + return BAD_FUNC_ARG; + + if (rng->status != DRBG_OK) + return RNG_FAILURE_E; + + ret = Hash_DRBG_Generate(rng->drbg, output, sz); + + if (ret == DRBG_NEED_RESEED) { + byte entropy[ENTROPY_SZ]; + + if (GenerateSeed(&rng->seed, entropy, ENTROPY_SZ) == 0 && + Hash_DRBG_Reseed(rng->drbg, entropy, ENTROPY_SZ) == DRBG_SUCCESS) { + + ret = Hash_DRBG_Generate(rng->drbg, NULL, 0); + if (ret == DRBG_SUCCESS) + ret = Hash_DRBG_Generate(rng->drbg, output, sz); + } + else + ret = DRBG_FAILURE; + + XMEMSET(entropy, 0, ENTROPY_SZ); + } + + if (ret == DRBG_SUCCESS) { + ret = 0; + } + else if (ret == DRBG_CONT_FAILURE) { + ret = DRBG_CONT_FIPS_E; + rng->status = DRBG_CONT_FAILED; + } + else { + ret = RNG_FAILURE_E; + rng->status = DRBG_FAILED; + } + + return ret; +} + + +int RNG_GenerateByte(RNG* rng, byte* b) +{ + return RNG_GenerateBlock(rng, b, 1); +} + + +int FreeRng(RNG* rng) +{ + int ret = BAD_FUNC_ARG; + + if (rng != NULL) { + if (Hash_DRBG_Uninstantiate(rng->drbg) == DRBG_SUCCESS) + ret = 0; + else + ret = RNG_FAILURE_E; + + XFREE(rng->drbg, NULL, DYNAMIC_TYPE_RNG); + rng->drbg = NULL; + rng->status = DRBG_NOT_INIT; + } + + return ret; +} + + +int RNG_HealthTest(int reseed, const byte* entropyA, word32 entropyASz, + const byte* entropyB, word32 entropyBSz, + byte* output, word32 outputSz) +{ + DRBG drbg; + + if (entropyA == NULL || output == NULL) + return BAD_FUNC_ARG; + + if (reseed != 0 && entropyB == NULL) + return BAD_FUNC_ARG; + + if (outputSz != (SHA256_DIGEST_SIZE * 4)) + return -1; + + if (Hash_DRBG_Instantiate(&drbg, entropyA, entropyASz, NULL, 0) != 0) + return -1; + + if (reseed) { + if (Hash_DRBG_Reseed(&drbg, entropyB, entropyBSz) != 0) { + Hash_DRBG_Uninstantiate(&drbg); + return -1; + } + } + + if (Hash_DRBG_Generate(&drbg, output, outputSz) != 0) { + Hash_DRBG_Uninstantiate(&drbg); + return -1; + } + + if (Hash_DRBG_Generate(&drbg, output, outputSz) != 0) { + Hash_DRBG_Uninstantiate(&drbg); + return -1; + } + + Hash_DRBG_Uninstantiate(&drbg); + + return 0; +} + + +#else /* HAVE_HASHDRBG || NO_RC4 */ + +/* Get seed and key cipher */ +int InitRng(RNG* rng) +{ + int ret; +#ifdef CYASSL_SMALL_STACK + byte* key; + byte* junk; +#else + byte key[32]; + byte junk[256]; +#endif + +#ifdef HAVE_CAVIUM + if (rng->magic == CYASSL_RNG_CAVIUM_MAGIC) + return 0; +#endif + +#ifdef CYASSL_SMALL_STACK + key = (byte*)XMALLOC(32, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (key == NULL) + return MEMORY_E; + + junk = (byte*)XMALLOC(256, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (junk == NULL) { + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } +#endif + + ret = GenerateSeed(&rng->seed, key, 32); + + if (ret == 0) { + Arc4SetKey(&rng->cipher, key, sizeof(key)); + + ret = RNG_GenerateBlock(rng, junk, 256); /*rid initial state*/ + } + +#ifdef CYASSL_SMALL_STACK + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(junk, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} + +#ifdef HAVE_CAVIUM + static void CaviumRNG_GenerateBlock(RNG* rng, byte* output, word32 sz); +#endif + +/* place a generated block in output */ +int RNG_GenerateBlock(RNG* rng, byte* output, word32 sz) +{ +#ifdef HAVE_CAVIUM + if (rng->magic == CYASSL_RNG_CAVIUM_MAGIC) + return CaviumRNG_GenerateBlock(rng, output, sz); +#endif + XMEMSET(output, 0, sz); + Arc4Process(&rng->cipher, output, output, sz); + + return 0; +} + + +int RNG_GenerateByte(RNG* rng, byte* b) +{ + return RNG_GenerateBlock(rng, b, 1); +} + + +#ifdef HAVE_CAVIUM + +#include <cyassl/ctaocrypt/logging.h> +#include "cavium_common.h" + +/* Initiliaze RNG for use with Nitrox device */ +int InitRngCavium(RNG* rng, int devId) +{ + if (rng == NULL) + return -1; + + rng->devId = devId; + rng->magic = CYASSL_RNG_CAVIUM_MAGIC; + + return 0; +} + + +static void CaviumRNG_GenerateBlock(RNG* rng, byte* output, word32 sz) +{ + cyassl_word offset = 0; + word32 requestId; + + while (sz > CYASSL_MAX_16BIT) { + word16 slen = (word16)CYASSL_MAX_16BIT; + if (CspRandom(CAVIUM_BLOCKING, slen, output + offset, &requestId, + rng->devId) != 0) { + CYASSL_MSG("Cavium RNG failed"); + } + sz -= CYASSL_MAX_16BIT; + offset += CYASSL_MAX_16BIT; + } + if (sz) { + word16 slen = (word16)sz; + if (CspRandom(CAVIUM_BLOCKING, slen, output + offset, &requestId, + rng->devId) != 0) { + CYASSL_MSG("Cavium RNG failed"); + } + } +} + +#endif /* HAVE_CAVIUM */ + +#endif /* HAVE_HASHDRBG || NO_RC4 */ + + +#if defined(USE_WINDOWS_API) + + +int GenerateSeed(OS_Seed* os, byte* output, word32 sz) +{ + if(!CryptAcquireContext(&os->handle, 0, 0, PROV_RSA_FULL, + CRYPT_VERIFYCONTEXT)) + return WINCRYPT_E; + + if (!CryptGenRandom(os->handle, sz, output)) + return CRYPTGEN_E; + + CryptReleaseContext(os->handle, 0); + + return 0; +} + + +#elif defined(HAVE_RTP_SYS) || defined(EBSNET) + +#include "rtprand.h" /* rtp_rand () */ +#include "rtptime.h" /* rtp_get_system_msec() */ + + +int GenerateSeed(OS_Seed* os, byte* output, word32 sz) +{ + int i; + rtp_srand(rtp_get_system_msec()); + + for (i = 0; i < sz; i++ ) { + output[i] = rtp_rand() % 256; + if ( (i % 8) == 7) + rtp_srand(rtp_get_system_msec()); + } + + return 0; +} + + +#elif defined(MICRIUM) + +int GenerateSeed(OS_Seed* os, byte* output, word32 sz) +{ + #if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED) + NetSecure_InitSeed(output, sz); + #endif + return 0; +} + +#elif defined(MBED) + +/* write a real one !!!, just for testing board */ +int GenerateSeed(OS_Seed* os, byte* output, word32 sz) +{ + int i; + for (i = 0; i < sz; i++ ) + output[i] = i; + + return 0; +} + +#elif defined(MICROCHIP_PIC32) + +#ifdef MICROCHIP_MPLAB_HARMONY + #define PIC32_SEED_COUNT _CP0_GET_COUNT +#else + #if !defined(CYASSL_MICROCHIP_PIC32MZ) + #include <peripheral/timer.h> + #endif + #define PIC32_SEED_COUNT ReadCoreTimer +#endif + #ifdef CYASSL_MIC32MZ_RNG + #include "xc.h" + int GenerateSeed(OS_Seed* os, byte* output, word32 sz) + { + int i ; + byte rnd[8] ; + word32 *rnd32 = (word32 *)rnd ; + word32 size = sz ; + byte* op = output ; + + /* This part has to be replaced with better random seed */ + RNGNUMGEN1 = ReadCoreTimer(); + RNGPOLY1 = ReadCoreTimer(); + RNGPOLY2 = ReadCoreTimer(); + RNGNUMGEN2 = ReadCoreTimer(); +#ifdef DEBUG_CYASSL + printf("GenerateSeed::Seed=%08x, %08x\n", RNGNUMGEN1, RNGNUMGEN2) ; +#endif + RNGCONbits.PLEN = 0x40; + RNGCONbits.PRNGEN = 1; + for(i=0; i<5; i++) { /* wait for RNGNUMGEN ready */ + volatile int x ; + x = RNGNUMGEN1 ; + x = RNGNUMGEN2 ; + } + do { + rnd32[0] = RNGNUMGEN1; + rnd32[1] = RNGNUMGEN2; + + for(i=0; i<8; i++, op++) { + *op = rnd[i] ; + size -- ; + if(size==0)break ; + } + } while(size) ; + return 0; + } + #else /* CYASSL_MIC32MZ_RNG */ + /* uses the core timer, in nanoseconds to seed srand */ + int GenerateSeed(OS_Seed* os, byte* output, word32 sz) + { + int i; + srand(PIC32_SEED_COUNT() * 25); + + for (i = 0; i < sz; i++ ) { + output[i] = rand() % 256; + if ( (i % 8) == 7) + srand(PIC32_SEED_COUNT() * 25); + } + return 0; + } + #endif /* CYASSL_MIC32MZ_RNG */ + +#elif defined(FREESCALE_MQX) + + #ifdef FREESCALE_K70_RNGA + /* + * Generates a RNG seed using the Random Number Generator Accelerator + * on the Kinetis K70. Documentation located in Chapter 37 of + * K70 Sub-Family Reference Manual (see Note 3 in the README for link). + */ + int GenerateSeed(OS_Seed* os, byte* output, word32 sz) + { + int i; + + /* turn on RNGA module */ + SIM_SCGC3 |= SIM_SCGC3_RNGA_MASK; + + /* set SLP bit to 0 - "RNGA is not in sleep mode" */ + RNG_CR &= ~RNG_CR_SLP_MASK; + + /* set HA bit to 1 - "security violations masked" */ + RNG_CR |= RNG_CR_HA_MASK; + + /* set GO bit to 1 - "output register loaded with data" */ + RNG_CR |= RNG_CR_GO_MASK; + + for (i = 0; i < sz; i++) { + + /* wait for RNG FIFO to be full */ + while((RNG_SR & RNG_SR_OREG_LVL(0xF)) == 0) {} + + /* get value */ + output[i] = RNG_OR; + } + + return 0; + } + + #elif defined(FREESCALE_K53_RNGB) + /* + * Generates a RNG seed using the Random Number Generator (RNGB) + * on the Kinetis K53. Documentation located in Chapter 33 of + * K53 Sub-Family Reference Manual (see note in the README for link). + */ + int GenerateSeed(OS_Seed* os, byte* output, word32 sz) + { + int i; + + /* turn on RNGB module */ + SIM_SCGC3 |= SIM_SCGC3_RNGB_MASK; + + /* reset RNGB */ + RNG_CMD |= RNG_CMD_SR_MASK; + + /* FIFO generate interrupt, return all zeros on underflow, + * set auto reseed */ + RNG_CR |= (RNG_CR_FUFMOD_MASK | RNG_CR_AR_MASK); + + /* gen seed, clear interrupts, clear errors */ + RNG_CMD |= (RNG_CMD_GS_MASK | RNG_CMD_CI_MASK | RNG_CMD_CE_MASK); + + /* wait for seeding to complete */ + while ((RNG_SR & RNG_SR_SDN_MASK) == 0) {} + + for (i = 0; i < sz; i++) { + + /* wait for a word to be available from FIFO */ + while((RNG_SR & RNG_SR_FIFO_LVL_MASK) == 0) {} + + /* get value */ + output[i] = RNG_OUT; + } + + return 0; + } + + #else + #warning "write a real random seed!!!!, just for testing now" + + int GenerateSeed(OS_Seed* os, byte* output, word32 sz) + { + int i; + for (i = 0; i < sz; i++ ) + output[i] = i; + + return 0; + } + #endif /* FREESCALE_K70_RNGA */ + +#elif defined(CYASSL_SAFERTOS) || defined(CYASSL_LEANPSK) \ + || defined(CYASSL_IAR_ARM) || defined(CYASSL_MDK_ARM) + +#warning "write a real random seed!!!!, just for testing now" + +int GenerateSeed(OS_Seed* os, byte* output, word32 sz) +{ + word32 i; + for (i = 0; i < sz; i++ ) + output[i] = i; + + (void)os; + + return 0; +} + +#elif defined(STM32F2_RNG) + #undef RNG + #include "stm32f2xx_rng.h" + #include "stm32f2xx_rcc.h" + /* + * Generate a RNG seed using the hardware random number generator + * on the STM32F2. Documentation located in STM32F2xx Standard Peripheral + * Library document (See note in README). + */ + int GenerateSeed(OS_Seed* os, byte* output, word32 sz) + { + int i; + + /* enable RNG clock source */ + RCC_AHB2PeriphClockCmd(RCC_AHB2Periph_RNG, ENABLE); + + /* enable RNG peripheral */ + RNG_Cmd(ENABLE); + + for (i = 0; i < sz; i++) { + /* wait until RNG number is ready */ + while(RNG_GetFlagStatus(RNG_FLAG_DRDY)== RESET) { } + + /* get value */ + output[i] = RNG_GetRandomNumber(); + } + + return 0; + } +#elif defined(CYASSL_LPC43xx) || defined(CYASSL_STM32F2xx) + + #warning "write a real random seed!!!!, just for testing now" + + int GenerateSeed(OS_Seed* os, byte* output, word32 sz) + { + int i; + + for (i = 0; i < sz; i++ ) + output[i] = i; + + return 0; + } + +#elif defined(CYASSL_TIRTOS) + + #include <xdc/runtime/Timestamp.h> + #include <stdlib.h> + int GenerateSeed(OS_Seed* os, byte* output, word32 sz) + { + int i; + srand(xdc_runtime_Timestamp_get32()); + + for (i = 0; i < sz; i++ ) { + output[i] = rand() % 256; + if ((i % 8) == 7) { + srand(xdc_runtime_Timestamp_get32()); + } + } + + return 0; + } + +#elif defined(CUSTOM_RAND_GENERATE) + + /* Implement your own random generation function + * word32 rand_gen(void); + * #define CUSTOM_RAND_GENERATE rand_gen */ + + int GenerateSeed(OS_Seed* os, byte* output, word32 sz) + { + int i; + + for (i = 0; i < sz; i++ ) + output[i] = CUSTOM_RAND_GENERATE(); + + return 0; + } + +#elif defined(NO_DEV_RANDOM) + +#error "you need to write an os specific GenerateSeed() here" + +/* +int GenerateSeed(OS_Seed* os, byte* output, word32 sz) +{ + return 0; +} +*/ + + +#else /* !USE_WINDOWS_API && !HAVE_RPT_SYS && !MICRIUM && !NO_DEV_RANDOM */ + + +/* may block */ +int GenerateSeed(OS_Seed* os, byte* output, word32 sz) +{ + int ret = 0; + + os->fd = open("/dev/urandom",O_RDONLY); + if (os->fd == -1) { + /* may still have /dev/random */ + os->fd = open("/dev/random",O_RDONLY); + if (os->fd == -1) + return OPEN_RAN_E; + } + + while (sz) { + int len = (int)read(os->fd, output, sz); + if (len == -1) { + ret = READ_RAN_E; + break; + } + + sz -= len; + output += len; + + if (sz) { +#ifdef BLOCKING + sleep(0); /* context switch */ +#else + ret = RAN_BLOCK_E; + break; +#endif + } + } + close(os->fd); + + return ret; +} + +#endif /* USE_WINDOWS_API */ +