cyassl re-port with cellular comms, PSK test
Dependencies: VodafoneUSBModem_bleedingedge2 mbed-rtos mbed-src
Diff: cyassllib/ctaocrypt/src/random.c
- Revision:
- 0:e979170e02e7
diff -r 000000000000 -r e979170e02e7 cyassllib/ctaocrypt/src/random.c --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/cyassllib/ctaocrypt/src/random.c Fri Apr 26 16:54:58 2013 +0000 @@ -0,0 +1,615 @@ +/* random.c + * + * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * + * This file is part of CyaSSL. + * + * CyaSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * CyaSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + +#ifdef HAVE_CONFIG_H + #include <config.h> +#endif + +/* on HPUX 11 you may need to install /dev/random see + http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=KRNG11I + +*/ + +#include <cyassl/ctaocrypt/random.h> +#include <cyassl/ctaocrypt/error.h> + +#ifdef NO_RC4 + #include <cyassl/ctaocrypt/sha256.h> + + #ifdef NO_INLINE + #include <cyassl/ctaocrypt/misc.h> + #else + #include <ctaocrypt/src/misc.c> + #endif +#endif + +#if defined(USE_WINDOWS_API) + #ifndef _WIN32_WINNT + #define _WIN32_WINNT 0x0400 + #endif + #include <windows.h> + #include <wincrypt.h> +#else + #ifndef NO_DEV_RANDOM + #include <fcntl.h> + #ifndef EBSNET + #include <unistd.h> + #endif + #else + /* include headers that may be needed to get good seed */ + #endif +#endif /* USE_WINDOWS_API */ + + +#ifdef NO_RC4 + +/* Start NIST DRBG code */ + +#define OUTPUT_BLOCK_LEN (256/8) +#define MAX_REQUEST_LEN (0x1000) +#define MAX_STRING_LEN (0x100000000) +#define RESEED_MAX (0x100000000000LL) +#define ENTROPY_SZ 256 + +#define DBRG_SUCCESS 0 +#define DBRG_ERROR 1 +#define DBRG_NEED_RESEED 2 + + +enum { + dbrgInitC = 0, + dbrgReseed = 1, + dbrgGenerateW = 2, + dbrgGenerateH = 3, + dbrgInitV +}; + + +static int Hash_df(RNG* rng, byte* out, word32 outSz, byte type, byte* inA, word32 inASz, + byte* inB, word32 inBSz, byte* inC, word32 inCSz) +{ + byte ctr; + int i; + int len; + word32 bits = (outSz * 8); // reverse byte order + + #ifdef LITTLE_ENDIAN_ORDER + bits = ByteReverseWord32(bits); + #endif + len = (outSz / SHA256_DIGEST_SIZE) + + ((outSz % SHA256_DIGEST_SIZE) ? 1 : 0); + + for (i = 0, ctr = 1; i < len; i++, ctr++) + { + InitSha256(&rng->sha); + Sha256Update(&rng->sha, &ctr, sizeof(ctr)); + Sha256Update(&rng->sha, (byte*)&bits, sizeof(bits)); + /* churning V is the only string that doesn't have + * the type added */ + if (type != dbrgInitV) + Sha256Update(&rng->sha, &type, sizeof(type)); + Sha256Update(&rng->sha, inA, inASz); + if (inB != NULL && inBSz > 0) + Sha256Update(&rng->sha, inB, inBSz); + if (inC != NULL && inCSz > 0) + Sha256Update(&rng->sha, inC, inCSz); + Sha256Final(&rng->sha, rng->digest); + + if (outSz > SHA256_DIGEST_SIZE) { + XMEMCPY(out, rng->digest, SHA256_DIGEST_SIZE); + outSz -= SHA256_DIGEST_SIZE; + out += SHA256_DIGEST_SIZE; + } + else { + XMEMCPY(out, rng->digest, outSz); + } + } + + return DBRG_SUCCESS; +} + + +static int Hash_DBRG_Reseed(RNG* rng, byte* entropy, word32 entropySz) +{ + byte seed[DBRG_SEED_LEN]; + + Hash_df(rng, seed, sizeof(seed), dbrgInitV, rng->V, sizeof(rng->V), + entropy, entropySz, NULL, 0); + XMEMCPY(rng->V, seed, sizeof(rng->V)); + XMEMSET(seed, 0, sizeof(seed)); + + Hash_df(rng, rng->C, sizeof(rng->C), dbrgInitC, rng->V, sizeof(rng->V), + NULL, 0, NULL, 0); + rng->reseed_ctr = 1; + return 0; +} + +static INLINE void array_add_one(byte* data, word32 dataSz) +{ + int i; + + for (i = dataSz - 1; i >= 0; i--) + { + data[i]++; + if (data[i] != 0) break; + } +} + +static void Hash_gen(RNG* rng, byte* out, word32 outSz, byte* V) +{ + byte data[DBRG_SEED_LEN]; + int i; + int len = (outSz / SHA256_DIGEST_SIZE) + + ((outSz % SHA256_DIGEST_SIZE) ? 1 : 0); + + XMEMCPY(data, V, sizeof(data)); + for (i = 0; i < len; i++) { + InitSha256(&rng->sha); + Sha256Update(&rng->sha, data, sizeof(data)); + Sha256Final(&rng->sha, rng->digest); + if (outSz > SHA256_DIGEST_SIZE) { + XMEMCPY(out, rng->digest, SHA256_DIGEST_SIZE); + outSz -= SHA256_DIGEST_SIZE; + out += SHA256_DIGEST_SIZE; + array_add_one(data, DBRG_SEED_LEN); + } + else { + XMEMCPY(out, rng->digest, outSz); + } + } + XMEMSET(data, 0, sizeof(data)); +} + + +static INLINE void array_add(byte* d, word32 dLen, byte* s, word32 sLen) +{ + word16 carry = 0; + + if (dLen > 0 && sLen > 0 && dLen >= sLen) { + int sIdx, dIdx; + + for (sIdx = sLen - 1, dIdx = dLen - 1; sIdx >= 0; dIdx--, sIdx--) + { + carry += d[dIdx] + s[sIdx]; + d[dIdx] = carry; + carry >>= 8; + } + if (dIdx > 0) + d[dIdx] += carry; + } +} + + +static int Hash_DBRG_Generate(RNG* rng, byte* out, word32 outSz) +{ + int ret; + + if (rng->reseed_ctr != RESEED_MAX) { + byte type = dbrgGenerateH; + + Hash_gen(rng, out, outSz, rng->V); + InitSha256(&rng->sha); + Sha256Update(&rng->sha, &type, sizeof(type)); + Sha256Update(&rng->sha, rng->V, sizeof(rng->V)); + Sha256Final(&rng->sha, rng->digest); + array_add(rng->V, sizeof(rng->V), rng->digest, sizeof(rng->digest)); + array_add(rng->V, sizeof(rng->V), rng->C, sizeof(rng->C)); + array_add(rng->V, sizeof(rng->V), + (byte*)&rng->reseed_ctr, sizeof(rng->reseed_ctr)); + rng->reseed_ctr++; + ret = DBRG_SUCCESS; + } + else { + ret = DBRG_NEED_RESEED; + } + return ret; +} + + +static void Hash_DBRG_Instantiate(RNG* rng, byte* seed, word32 seedSz) +{ + XMEMSET(rng, 0, sizeof(*rng)); + Hash_df(rng, rng->V, sizeof(rng->V), dbrgInitV, seed, seedSz, NULL, 0, NULL, 0); + Hash_df(rng, rng->C, sizeof(rng->C), dbrgInitC, rng->V, sizeof(rng->V), + NULL, 0, NULL, 0); + rng->reseed_ctr = 1; +} + + +static int Hash_DBRG_Uninstantiate(RNG* rng) +{ + int result = DBRG_ERROR; + + if (rng != NULL) { + XMEMSET(rng, 0, sizeof(*rng)); + result = DBRG_SUCCESS; + } + + return result; +} + +/* End NIST DRBG Code */ + + + +/* Get seed and key cipher */ +int InitRng(RNG* rng) +{ + byte entropy[ENTROPY_SZ]; + int ret = DBRG_ERROR; + + if (GenerateSeed(&rng->seed, entropy, sizeof(entropy)) == 0) { + Hash_DBRG_Instantiate(rng, entropy, sizeof(entropy)); + ret = DBRG_SUCCESS; + } + XMEMSET(entropy, 0, sizeof(entropy)); + return ret; +} + + +/* place a generated block in output */ +void RNG_GenerateBlock(RNG* rng, byte* output, word32 sz) +{ + int ret; + + XMEMSET(output, 0, sz); + ret = Hash_DBRG_Generate(rng, output, sz); + if (ret == DBRG_NEED_RESEED) { + byte entropy[ENTROPY_SZ]; + ret = GenerateSeed(&rng->seed, entropy, sizeof(entropy)); + if (ret == 0) { + Hash_DBRG_Reseed(rng, entropy, sizeof(entropy)); + ret = Hash_DBRG_Generate(rng, output, sz); + } + else + ret = DBRG_ERROR; + XMEMSET(entropy, 0, sizeof(entropy)); + } +} + + +byte RNG_GenerateByte(RNG* rng) +{ + byte b; + RNG_GenerateBlock(rng, &b, 1); + + return b; +} + + +void FreeRng(RNG* rng) +{ + Hash_DBRG_Uninstantiate(rng); +} + +#else /* NO_RC4 */ + +/* Get seed and key cipher */ +int InitRng(RNG* rng) +{ + byte key[32]; + byte junk[256]; + int ret; + +#ifdef HAVE_CAVIUM + if (rng->magic == CYASSL_RNG_CAVIUM_MAGIC) + return 0; +#endif + ret = GenerateSeed(&rng->seed, key, sizeof(key)); + + if (ret == 0) { + Arc4SetKey(&rng->cipher, key, sizeof(key)); + RNG_GenerateBlock(rng, junk, sizeof(junk)); /* rid initial state */ + } + + return ret; +} + +#ifdef HAVE_CAVIUM + static void CaviumRNG_GenerateBlock(RNG* rng, byte* output, word32 sz); +#endif + +/* place a generated block in output */ +void RNG_GenerateBlock(RNG* rng, byte* output, word32 sz) +{ +#ifdef HAVE_CAVIUM + if (rng->magic == CYASSL_RNG_CAVIUM_MAGIC) + return CaviumRNG_GenerateBlock(rng, output, sz); +#endif + XMEMSET(output, 0, sz); + Arc4Process(&rng->cipher, output, output, sz); +} + + +byte RNG_GenerateByte(RNG* rng) +{ + byte b; + RNG_GenerateBlock(rng, &b, 1); + + return b; +} + + +#ifdef HAVE_CAVIUM + +#include <cyassl/ctaocrypt/logging.h> +#include "cavium_common.h" + +/* Initiliaze RNG for use with Nitrox device */ +int InitRngCavium(RNG* rng, int devId) +{ + if (rng == NULL) + return -1; + + rng->devId = devId; + rng->magic = CYASSL_RNG_CAVIUM_MAGIC; + + return 0; +} + + +static void CaviumRNG_GenerateBlock(RNG* rng, byte* output, word32 sz) +{ + word offset = 0; + word32 requestId; + + while (sz > CYASSL_MAX_16BIT) { + word16 slen = (word16)CYASSL_MAX_16BIT; + if (CspRandom(CAVIUM_BLOCKING, slen, output + offset, &requestId, + rng->devId) != 0) { + CYASSL_MSG("Cavium RNG failed"); + } + sz -= CYASSL_MAX_16BIT; + offset += CYASSL_MAX_16BIT; + } + if (sz) { + word16 slen = (word16)sz; + if (CspRandom(CAVIUM_BLOCKING, slen, output + offset, &requestId, + rng->devId) != 0) { + CYASSL_MSG("Cavium RNG failed"); + } + } +} + +#endif /* HAVE_CAVIUM */ + +#endif /* NO_RC4 */ + + +#if defined(USE_WINDOWS_API) + + +int GenerateSeed(OS_Seed* os, byte* output, word32 sz) +{ + if(!CryptAcquireContext(&os->handle, 0, 0, PROV_RSA_FULL, + CRYPT_VERIFYCONTEXT)) + return WINCRYPT_E; + + if (!CryptGenRandom(os->handle, sz, output)) + return CRYPTGEN_E; + + CryptReleaseContext(os->handle, 0); + + return 0; +} + + +#elif defined(THREADX) || defined(EBSNET) + +#include "rtprand.h" /* rtp_rand () */ +#include "rtptime.h" /* rtp_get_system_msec() */ + + +int GenerateSeed(OS_Seed* os, byte* output, word32 sz) +{ + int i; + rtp_srand(rtp_get_system_msec()); + + for (i = 0; i < sz; i++ ) { + output[i] = rtp_rand() % 256; + if ( (i % 8) == 7) + rtp_srand(rtp_get_system_msec()); + } + + return 0; +} + + +#elif defined(MICRIUM) + +int GenerateSeed(OS_Seed* os, byte* output, word32 sz) +{ + #if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED) + NetSecure_InitSeed(output, sz); + #endif + return 0; +} + +#elif defined(MBED) + +/* write a real one !!!, just for testing board */ +int GenerateSeed(OS_Seed* os, byte* output, word32 sz) +{ + int i; + for (i = 0; i < sz; i++ ) + output[i] = i; + + return 0; +} + +#elif defined(MICROCHIP_PIC32) + +#include <peripheral/timer.h> + +/* uses the core timer, in nanoseconds to seed srand */ +int GenerateSeed(OS_Seed* os, byte* output, word32 sz) +{ + int i; + srand(ReadCoreTimer() * 25); + + for (i = 0; i < sz; i++ ) { + output[i] = rand() % 256; + if ( (i % 8) == 7) + srand(ReadCoreTimer() * 25); + } + + return 0; +} + +#elif defined(CYASSL_SAFERTOS) || defined(CYASSL_LEANPSK) + +#warning "write a real random seed!!!!, just for testing now" + +int GenerateSeed(OS_Seed* os, byte* output, word32 sz) +{ + word32 i; + for (i = 0; i < sz; i++ ) + output[i] = i; + + (void)os; + + return 0; +} + +#elif defined(FREESCALE_MQX) + + #ifdef FREESCALE_K70_RNGA + /* + * Generates a RNG seed using the Random Number Generator Accelerator + * on the Kinetis K70. Documentation located in Chapter 37 of + * K70 Sub-Family Reference Manual (see Note 3 in the README for link). + */ + int GenerateSeed(OS_Seed* os, byte* output, word32 sz) + { + int i; + + /* turn on RNGA module */ + SIM_SCGC3 |= SIM_SCGC3_RNGA_MASK; + + /* set SLP bit to 0 - "RNGA is not in sleep mode" */ + RNG_CR &= ~RNG_CR_SLP_MASK; + + /* set HA bit to 1 - "security violations masked" */ + RNG_CR |= RNG_CR_HA_MASK; + + /* set GO bit to 1 - "output register loaded with data" */ + RNG_CR |= RNG_CR_GO_MASK; + + for (i = 0; i < sz; i++) { + + /* wait for RNG FIFO to be full */ + while((RNG_SR & RNG_SR_OREG_LVL(0xF)) == 0) {} + + /* get value */ + output[i] = RNG_OR; + } + + return 0; + } + #else + #warning "write a real random seed!!!!, just for testing now" + + int GenerateSeed(OS_Seed* os, byte* output, word32 sz) + { + int i; + for (i = 0; i < sz; i++ ) + output[i] = i; + + return 0; + } + #endif /* FREESCALE_K70_RNGA */ + +#elif defined(STM32F2_RNG) + + #include "stm32f2xx_rng.h" + /* + * Generate a RNG seed using the hardware random number generator + * on the STM32F2. Documentation located in STM32F2xx Standard Peripheral + * Library document (See note in README). + */ + int GenerateSeed(OS_Seed* os, byte* output, word32 sz) + { + int i; + + /* enable RNG clock source */ + RCC_AHB2PeriphClockCmd(RCC_AHB2Periph_RNG, ENABLE); + + /* enable RNG peripheral */ + RNG_Cmd(ENABLE); + + for (i = 0; i < sz; i++) { + /* wait until RNG number is ready */ + while(RNG_GetFlagStatus(RNG_FLAG_DRDY)== RESET) { } + + /* get value */ + output[i] = RNG_GetRandomNumber(); + } + + return 0; + } + +#elif defined(NO_DEV_RANDOM) + +#error "you need to write an os specific GenerateSeed() here" + + +#else /* !USE_WINDOWS_API && !THREADX && !MICRIUM && !NO_DEV_RANDOM */ + + +/* may block */ +int GenerateSeed(OS_Seed* os, byte* output, word32 sz) +{ + int ret = 0; + + os->fd = open("/dev/urandom",O_RDONLY); + if (os->fd == -1) { + /* may still have /dev/random */ + os->fd = open("/dev/random",O_RDONLY); + if (os->fd == -1) + return OPEN_RAN_E; + } + + while (sz) { + int len = (int)read(os->fd, output, sz); + if (len == -1) { + ret = READ_RAN_E; + break; + } + + sz -= len; + output += len; + + if (sz) { +#ifdef BLOCKING + sleep(0); /* context switch */ +#else + ret = RAN_BLOCK_E; + break; +#endif + } + } + close(os->fd); + + return ret; +} + +#endif /* USE_WINDOWS_API */ +