wolfSSL SSL/TLS library, support up to TLS1.3
Dependents: CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more
wolfcrypt/src/random.c@4:1b0d80432c79, 2016-04-28 (annotated)
- Committer:
- wolfSSL
- Date:
- Thu Apr 28 00:57:21 2016 +0000
- Revision:
- 4:1b0d80432c79
wolfSSL 3.9.0
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
wolfSSL | 4:1b0d80432c79 | 1 | /* random.c |
wolfSSL | 4:1b0d80432c79 | 2 | * |
wolfSSL | 4:1b0d80432c79 | 3 | * Copyright (C) 2006-2016 wolfSSL Inc. |
wolfSSL | 4:1b0d80432c79 | 4 | * |
wolfSSL | 4:1b0d80432c79 | 5 | * This file is part of wolfSSL. |
wolfSSL | 4:1b0d80432c79 | 6 | * |
wolfSSL | 4:1b0d80432c79 | 7 | * wolfSSL is free software; you can redistribute it and/or modify |
wolfSSL | 4:1b0d80432c79 | 8 | * it under the terms of the GNU General Public License as published by |
wolfSSL | 4:1b0d80432c79 | 9 | * the Free Software Foundation; either version 2 of the License, or |
wolfSSL | 4:1b0d80432c79 | 10 | * (at your option) any later version. |
wolfSSL | 4:1b0d80432c79 | 11 | * |
wolfSSL | 4:1b0d80432c79 | 12 | * wolfSSL is distributed in the hope that it will be useful, |
wolfSSL | 4:1b0d80432c79 | 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
wolfSSL | 4:1b0d80432c79 | 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
wolfSSL | 4:1b0d80432c79 | 15 | * GNU General Public License for more details. |
wolfSSL | 4:1b0d80432c79 | 16 | * |
wolfSSL | 4:1b0d80432c79 | 17 | * You should have received a copy of the GNU General Public License |
wolfSSL | 4:1b0d80432c79 | 18 | * along with this program; if not, write to the Free Software |
wolfSSL | 4:1b0d80432c79 | 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA |
wolfSSL | 4:1b0d80432c79 | 20 | */ |
wolfSSL | 4:1b0d80432c79 | 21 | |
wolfSSL | 4:1b0d80432c79 | 22 | |
wolfSSL | 4:1b0d80432c79 | 23 | #ifdef HAVE_CONFIG_H |
wolfSSL | 4:1b0d80432c79 | 24 | #include <config.h> |
wolfSSL | 4:1b0d80432c79 | 25 | #endif |
wolfSSL | 4:1b0d80432c79 | 26 | |
wolfSSL | 4:1b0d80432c79 | 27 | #include <wolfssl/wolfcrypt/settings.h> |
wolfSSL | 4:1b0d80432c79 | 28 | |
wolfSSL | 4:1b0d80432c79 | 29 | /* on HPUX 11 you may need to install /dev/random see |
wolfSSL | 4:1b0d80432c79 | 30 | http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=KRNG11I |
wolfSSL | 4:1b0d80432c79 | 31 | |
wolfSSL | 4:1b0d80432c79 | 32 | */ |
wolfSSL | 4:1b0d80432c79 | 33 | |
wolfSSL | 4:1b0d80432c79 | 34 | #include <wolfssl/wolfcrypt/random.h> |
wolfSSL | 4:1b0d80432c79 | 35 | |
wolfSSL | 4:1b0d80432c79 | 36 | #if defined(CUSTOM_RAND_GENERATE) && !defined(CUSTOM_RAND_TYPE) |
wolfSSL | 4:1b0d80432c79 | 37 | /* To maintain compatibility the default return value from CUSTOM_RAND_GENERATE is byte */ |
wolfSSL | 4:1b0d80432c79 | 38 | #define CUSTOM_RAND_TYPE byte |
wolfSSL | 4:1b0d80432c79 | 39 | #endif |
wolfSSL | 4:1b0d80432c79 | 40 | |
wolfSSL | 4:1b0d80432c79 | 41 | |
wolfSSL | 4:1b0d80432c79 | 42 | #ifdef HAVE_FIPS |
wolfSSL | 4:1b0d80432c79 | 43 | int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz) |
wolfSSL | 4:1b0d80432c79 | 44 | { |
wolfSSL | 4:1b0d80432c79 | 45 | return GenerateSeed(os, seed, sz); |
wolfSSL | 4:1b0d80432c79 | 46 | } |
wolfSSL | 4:1b0d80432c79 | 47 | |
wolfSSL | 4:1b0d80432c79 | 48 | #ifdef HAVE_CAVIUM |
wolfSSL | 4:1b0d80432c79 | 49 | int wc_InitRngCavium(WC_RNG* rng, int i) |
wolfSSL | 4:1b0d80432c79 | 50 | { |
wolfSSL | 4:1b0d80432c79 | 51 | return InitRngCavium(rng, i); |
wolfSSL | 4:1b0d80432c79 | 52 | } |
wolfSSL | 4:1b0d80432c79 | 53 | #endif |
wolfSSL | 4:1b0d80432c79 | 54 | |
wolfSSL | 4:1b0d80432c79 | 55 | |
wolfSSL | 4:1b0d80432c79 | 56 | int wc_InitRng(WC_RNG* rng) |
wolfSSL | 4:1b0d80432c79 | 57 | { |
wolfSSL | 4:1b0d80432c79 | 58 | return InitRng_fips(rng); |
wolfSSL | 4:1b0d80432c79 | 59 | } |
wolfSSL | 4:1b0d80432c79 | 60 | |
wolfSSL | 4:1b0d80432c79 | 61 | |
wolfSSL | 4:1b0d80432c79 | 62 | int wc_RNG_GenerateBlock(WC_RNG* rng, byte* b, word32 sz) |
wolfSSL | 4:1b0d80432c79 | 63 | { |
wolfSSL | 4:1b0d80432c79 | 64 | return RNG_GenerateBlock_fips(rng, b, sz); |
wolfSSL | 4:1b0d80432c79 | 65 | } |
wolfSSL | 4:1b0d80432c79 | 66 | |
wolfSSL | 4:1b0d80432c79 | 67 | |
wolfSSL | 4:1b0d80432c79 | 68 | int wc_RNG_GenerateByte(WC_RNG* rng, byte* b) |
wolfSSL | 4:1b0d80432c79 | 69 | { |
wolfSSL | 4:1b0d80432c79 | 70 | return RNG_GenerateByte(rng, b); |
wolfSSL | 4:1b0d80432c79 | 71 | } |
wolfSSL | 4:1b0d80432c79 | 72 | |
wolfSSL | 4:1b0d80432c79 | 73 | #if defined(HAVE_HASHDRBG) || defined(NO_RC4) |
wolfSSL | 4:1b0d80432c79 | 74 | |
wolfSSL | 4:1b0d80432c79 | 75 | int wc_FreeRng(WC_RNG* rng) |
wolfSSL | 4:1b0d80432c79 | 76 | { |
wolfSSL | 4:1b0d80432c79 | 77 | return FreeRng_fips(rng); |
wolfSSL | 4:1b0d80432c79 | 78 | } |
wolfSSL | 4:1b0d80432c79 | 79 | |
wolfSSL | 4:1b0d80432c79 | 80 | |
wolfSSL | 4:1b0d80432c79 | 81 | int wc_RNG_HealthTest(int reseed, |
wolfSSL | 4:1b0d80432c79 | 82 | const byte* entropyA, word32 entropyASz, |
wolfSSL | 4:1b0d80432c79 | 83 | const byte* entropyB, word32 entropyBSz, |
wolfSSL | 4:1b0d80432c79 | 84 | byte* output, word32 outputSz) |
wolfSSL | 4:1b0d80432c79 | 85 | { |
wolfSSL | 4:1b0d80432c79 | 86 | return RNG_HealthTest_fips(reseed, entropyA, entropyASz, |
wolfSSL | 4:1b0d80432c79 | 87 | entropyB, entropyBSz, output, outputSz); |
wolfSSL | 4:1b0d80432c79 | 88 | } |
wolfSSL | 4:1b0d80432c79 | 89 | #endif /* HAVE_HASHDRBG || NO_RC4 */ |
wolfSSL | 4:1b0d80432c79 | 90 | #else /* else build without fips */ |
wolfSSL | 4:1b0d80432c79 | 91 | #include <wolfssl/wolfcrypt/error-crypt.h> |
wolfSSL | 4:1b0d80432c79 | 92 | |
wolfSSL | 4:1b0d80432c79 | 93 | /* Allow custom RNG system */ |
wolfSSL | 4:1b0d80432c79 | 94 | #ifdef CUSTOM_RAND_GENERATE_BLOCK |
wolfSSL | 4:1b0d80432c79 | 95 | |
wolfSSL | 4:1b0d80432c79 | 96 | int wc_InitRng(WC_RNG* rng) |
wolfSSL | 4:1b0d80432c79 | 97 | { |
wolfSSL | 4:1b0d80432c79 | 98 | (void)rng; |
wolfSSL | 4:1b0d80432c79 | 99 | return 0; |
wolfSSL | 4:1b0d80432c79 | 100 | } |
wolfSSL | 4:1b0d80432c79 | 101 | |
wolfSSL | 4:1b0d80432c79 | 102 | int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz) |
wolfSSL | 4:1b0d80432c79 | 103 | { |
wolfSSL | 4:1b0d80432c79 | 104 | (void)rng; |
wolfSSL | 4:1b0d80432c79 | 105 | XMEMSET(output, 0, sz); |
wolfSSL | 4:1b0d80432c79 | 106 | return CUSTOM_RAND_GENERATE_BLOCK(output, sz); |
wolfSSL | 4:1b0d80432c79 | 107 | } |
wolfSSL | 4:1b0d80432c79 | 108 | |
wolfSSL | 4:1b0d80432c79 | 109 | |
wolfSSL | 4:1b0d80432c79 | 110 | int wc_RNG_GenerateByte(WC_RNG* rng, byte* b) |
wolfSSL | 4:1b0d80432c79 | 111 | { |
wolfSSL | 4:1b0d80432c79 | 112 | return wc_RNG_GenerateBlock(rng, b, 1); |
wolfSSL | 4:1b0d80432c79 | 113 | } |
wolfSSL | 4:1b0d80432c79 | 114 | |
wolfSSL | 4:1b0d80432c79 | 115 | |
wolfSSL | 4:1b0d80432c79 | 116 | int wc_FreeRng(WC_RNG* rng) |
wolfSSL | 4:1b0d80432c79 | 117 | { |
wolfSSL | 4:1b0d80432c79 | 118 | (void)rng; |
wolfSSL | 4:1b0d80432c79 | 119 | return 0; |
wolfSSL | 4:1b0d80432c79 | 120 | } |
wolfSSL | 4:1b0d80432c79 | 121 | |
wolfSSL | 4:1b0d80432c79 | 122 | #else |
wolfSSL | 4:1b0d80432c79 | 123 | |
wolfSSL | 4:1b0d80432c79 | 124 | /* Use HASHDRGB with SHA256 */ |
wolfSSL | 4:1b0d80432c79 | 125 | #if defined(HAVE_HASHDRBG) || defined(NO_RC4) |
wolfSSL | 4:1b0d80432c79 | 126 | |
wolfSSL | 4:1b0d80432c79 | 127 | #include <wolfssl/wolfcrypt/sha256.h> |
wolfSSL | 4:1b0d80432c79 | 128 | |
wolfSSL | 4:1b0d80432c79 | 129 | #ifdef NO_INLINE |
wolfSSL | 4:1b0d80432c79 | 130 | #include <wolfssl/wolfcrypt/misc.h> |
wolfSSL | 4:1b0d80432c79 | 131 | #else |
wolfSSL | 4:1b0d80432c79 | 132 | #include <wolfcrypt/src/misc.c> |
wolfSSL | 4:1b0d80432c79 | 133 | #endif |
wolfSSL | 4:1b0d80432c79 | 134 | #endif /* HAVE_HASHDRBG || NO_RC4 */ |
wolfSSL | 4:1b0d80432c79 | 135 | |
wolfSSL | 4:1b0d80432c79 | 136 | #if defined(USE_WINDOWS_API) |
wolfSSL | 4:1b0d80432c79 | 137 | #ifndef _WIN32_WINNT |
wolfSSL | 4:1b0d80432c79 | 138 | #define _WIN32_WINNT 0x0400 |
wolfSSL | 4:1b0d80432c79 | 139 | #endif |
wolfSSL | 4:1b0d80432c79 | 140 | #include <windows.h> |
wolfSSL | 4:1b0d80432c79 | 141 | #include <wincrypt.h> |
wolfSSL | 4:1b0d80432c79 | 142 | #else |
wolfSSL | 4:1b0d80432c79 | 143 | #if !defined(NO_DEV_RANDOM) && !defined(CUSTOM_RAND_GENERATE) && \ |
wolfSSL | 4:1b0d80432c79 | 144 | !defined(WOLFSSL_GENSEED_FORTEST) && !defined(WOLFSSL_MDK_ARM) && \ |
wolfSSL | 4:1b0d80432c79 | 145 | !defined(WOLFSSL_IAR_ARM) && !defined(WOLFSSL_ROWLEY_ARM) |
wolfSSL | 4:1b0d80432c79 | 146 | #include <fcntl.h> |
wolfSSL | 4:1b0d80432c79 | 147 | #ifndef EBSNET |
wolfSSL | 4:1b0d80432c79 | 148 | #include <unistd.h> |
wolfSSL | 4:1b0d80432c79 | 149 | #endif |
wolfSSL | 4:1b0d80432c79 | 150 | #else |
wolfSSL | 4:1b0d80432c79 | 151 | /* include headers that may be needed to get good seed */ |
wolfSSL | 4:1b0d80432c79 | 152 | #endif |
wolfSSL | 4:1b0d80432c79 | 153 | #endif /* USE_WINDOWS_API */ |
wolfSSL | 4:1b0d80432c79 | 154 | |
wolfSSL | 4:1b0d80432c79 | 155 | #ifdef HAVE_INTEL_RDGEN |
wolfSSL | 4:1b0d80432c79 | 156 | static int wc_InitRng_IntelRD(void) ; |
wolfSSL | 4:1b0d80432c79 | 157 | #if defined(HAVE_HASHDRBG) || defined(NO_RC4) |
wolfSSL | 4:1b0d80432c79 | 158 | static int wc_GenerateSeed_IntelRD(OS_Seed* os, byte* output, word32 sz) ; |
wolfSSL | 4:1b0d80432c79 | 159 | #else |
wolfSSL | 4:1b0d80432c79 | 160 | static int wc_GenerateRand_IntelRD(OS_Seed* os, byte* output, word32 sz) ; |
wolfSSL | 4:1b0d80432c79 | 161 | #endif |
wolfSSL | 4:1b0d80432c79 | 162 | static word32 cpuid_check = 0 ; |
wolfSSL | 4:1b0d80432c79 | 163 | static word32 cpuid_flags = 0 ; |
wolfSSL | 4:1b0d80432c79 | 164 | #define CPUID_RDRAND 0x4 |
wolfSSL | 4:1b0d80432c79 | 165 | #define CPUID_RDSEED 0x8 |
wolfSSL | 4:1b0d80432c79 | 166 | #define IS_INTEL_RDRAND (cpuid_flags&CPUID_RDRAND) |
wolfSSL | 4:1b0d80432c79 | 167 | #define IS_INTEL_RDSEED (cpuid_flags&CPUID_RDSEED) |
wolfSSL | 4:1b0d80432c79 | 168 | #endif |
wolfSSL | 4:1b0d80432c79 | 169 | |
wolfSSL | 4:1b0d80432c79 | 170 | #if defined(HAVE_HASHDRBG) || defined(NO_RC4) |
wolfSSL | 4:1b0d80432c79 | 171 | |
wolfSSL | 4:1b0d80432c79 | 172 | /* Start NIST DRBG code */ |
wolfSSL | 4:1b0d80432c79 | 173 | |
wolfSSL | 4:1b0d80432c79 | 174 | #define OUTPUT_BLOCK_LEN (SHA256_DIGEST_SIZE) |
wolfSSL | 4:1b0d80432c79 | 175 | #define MAX_REQUEST_LEN (0x10000) |
wolfSSL | 4:1b0d80432c79 | 176 | #define RESEED_INTERVAL (1000000) |
wolfSSL | 4:1b0d80432c79 | 177 | #define SECURITY_STRENGTH (256) |
wolfSSL | 4:1b0d80432c79 | 178 | #define ENTROPY_SZ (SECURITY_STRENGTH/8) |
wolfSSL | 4:1b0d80432c79 | 179 | #define NONCE_SZ (ENTROPY_SZ/2) |
wolfSSL | 4:1b0d80432c79 | 180 | #define ENTROPY_NONCE_SZ (ENTROPY_SZ+NONCE_SZ) |
wolfSSL | 4:1b0d80432c79 | 181 | |
wolfSSL | 4:1b0d80432c79 | 182 | /* Internal return codes */ |
wolfSSL | 4:1b0d80432c79 | 183 | #define DRBG_SUCCESS 0 |
wolfSSL | 4:1b0d80432c79 | 184 | #define DRBG_ERROR 1 |
wolfSSL | 4:1b0d80432c79 | 185 | #define DRBG_FAILURE 2 |
wolfSSL | 4:1b0d80432c79 | 186 | #define DRBG_NEED_RESEED 3 |
wolfSSL | 4:1b0d80432c79 | 187 | #define DRBG_CONT_FAILURE 4 |
wolfSSL | 4:1b0d80432c79 | 188 | |
wolfSSL | 4:1b0d80432c79 | 189 | /* RNG health states */ |
wolfSSL | 4:1b0d80432c79 | 190 | #define DRBG_NOT_INIT 0 |
wolfSSL | 4:1b0d80432c79 | 191 | #define DRBG_OK 1 |
wolfSSL | 4:1b0d80432c79 | 192 | #define DRBG_FAILED 2 |
wolfSSL | 4:1b0d80432c79 | 193 | #define DRBG_CONT_FAILED 3 |
wolfSSL | 4:1b0d80432c79 | 194 | |
wolfSSL | 4:1b0d80432c79 | 195 | |
wolfSSL | 4:1b0d80432c79 | 196 | enum { |
wolfSSL | 4:1b0d80432c79 | 197 | drbgInitC = 0, |
wolfSSL | 4:1b0d80432c79 | 198 | drbgReseed = 1, |
wolfSSL | 4:1b0d80432c79 | 199 | drbgGenerateW = 2, |
wolfSSL | 4:1b0d80432c79 | 200 | drbgGenerateH = 3, |
wolfSSL | 4:1b0d80432c79 | 201 | drbgInitV |
wolfSSL | 4:1b0d80432c79 | 202 | }; |
wolfSSL | 4:1b0d80432c79 | 203 | |
wolfSSL | 4:1b0d80432c79 | 204 | |
wolfSSL | 4:1b0d80432c79 | 205 | typedef struct DRBG { |
wolfSSL | 4:1b0d80432c79 | 206 | word32 reseedCtr; |
wolfSSL | 4:1b0d80432c79 | 207 | word32 lastBlock; |
wolfSSL | 4:1b0d80432c79 | 208 | byte V[DRBG_SEED_LEN]; |
wolfSSL | 4:1b0d80432c79 | 209 | byte C[DRBG_SEED_LEN]; |
wolfSSL | 4:1b0d80432c79 | 210 | byte matchCount; |
wolfSSL | 4:1b0d80432c79 | 211 | } DRBG; |
wolfSSL | 4:1b0d80432c79 | 212 | |
wolfSSL | 4:1b0d80432c79 | 213 | |
wolfSSL | 4:1b0d80432c79 | 214 | static int wc_RNG_HealthTestLocal(int reseed); |
wolfSSL | 4:1b0d80432c79 | 215 | |
wolfSSL | 4:1b0d80432c79 | 216 | /* Hash Derivation Function */ |
wolfSSL | 4:1b0d80432c79 | 217 | /* Returns: DRBG_SUCCESS or DRBG_FAILURE */ |
wolfSSL | 4:1b0d80432c79 | 218 | static int Hash_df(DRBG* drbg, byte* out, word32 outSz, byte type, |
wolfSSL | 4:1b0d80432c79 | 219 | const byte* inA, word32 inASz, |
wolfSSL | 4:1b0d80432c79 | 220 | const byte* inB, word32 inBSz) |
wolfSSL | 4:1b0d80432c79 | 221 | { |
wolfSSL | 4:1b0d80432c79 | 222 | byte ctr; |
wolfSSL | 4:1b0d80432c79 | 223 | int i; |
wolfSSL | 4:1b0d80432c79 | 224 | int len; |
wolfSSL | 4:1b0d80432c79 | 225 | word32 bits = (outSz * 8); /* reverse byte order */ |
wolfSSL | 4:1b0d80432c79 | 226 | Sha256 sha; |
wolfSSL | 4:1b0d80432c79 | 227 | byte digest[SHA256_DIGEST_SIZE]; |
wolfSSL | 4:1b0d80432c79 | 228 | |
wolfSSL | 4:1b0d80432c79 | 229 | (void)drbg; |
wolfSSL | 4:1b0d80432c79 | 230 | #ifdef LITTLE_ENDIAN_ORDER |
wolfSSL | 4:1b0d80432c79 | 231 | bits = ByteReverseWord32(bits); |
wolfSSL | 4:1b0d80432c79 | 232 | #endif |
wolfSSL | 4:1b0d80432c79 | 233 | len = (outSz / OUTPUT_BLOCK_LEN) |
wolfSSL | 4:1b0d80432c79 | 234 | + ((outSz % OUTPUT_BLOCK_LEN) ? 1 : 0); |
wolfSSL | 4:1b0d80432c79 | 235 | |
wolfSSL | 4:1b0d80432c79 | 236 | for (i = 0, ctr = 1; i < len; i++, ctr++) |
wolfSSL | 4:1b0d80432c79 | 237 | { |
wolfSSL | 4:1b0d80432c79 | 238 | if (wc_InitSha256(&sha) != 0) |
wolfSSL | 4:1b0d80432c79 | 239 | return DRBG_FAILURE; |
wolfSSL | 4:1b0d80432c79 | 240 | |
wolfSSL | 4:1b0d80432c79 | 241 | if (wc_Sha256Update(&sha, &ctr, sizeof(ctr)) != 0) |
wolfSSL | 4:1b0d80432c79 | 242 | return DRBG_FAILURE; |
wolfSSL | 4:1b0d80432c79 | 243 | |
wolfSSL | 4:1b0d80432c79 | 244 | if (wc_Sha256Update(&sha, (byte*)&bits, sizeof(bits)) != 0) |
wolfSSL | 4:1b0d80432c79 | 245 | return DRBG_FAILURE; |
wolfSSL | 4:1b0d80432c79 | 246 | |
wolfSSL | 4:1b0d80432c79 | 247 | /* churning V is the only string that doesn't have the type added */ |
wolfSSL | 4:1b0d80432c79 | 248 | if (type != drbgInitV) |
wolfSSL | 4:1b0d80432c79 | 249 | if (wc_Sha256Update(&sha, &type, sizeof(type)) != 0) |
wolfSSL | 4:1b0d80432c79 | 250 | return DRBG_FAILURE; |
wolfSSL | 4:1b0d80432c79 | 251 | |
wolfSSL | 4:1b0d80432c79 | 252 | if (wc_Sha256Update(&sha, inA, inASz) != 0) |
wolfSSL | 4:1b0d80432c79 | 253 | return DRBG_FAILURE; |
wolfSSL | 4:1b0d80432c79 | 254 | |
wolfSSL | 4:1b0d80432c79 | 255 | if (inB != NULL && inBSz > 0) |
wolfSSL | 4:1b0d80432c79 | 256 | if (wc_Sha256Update(&sha, inB, inBSz) != 0) |
wolfSSL | 4:1b0d80432c79 | 257 | return DRBG_FAILURE; |
wolfSSL | 4:1b0d80432c79 | 258 | |
wolfSSL | 4:1b0d80432c79 | 259 | if (wc_Sha256Final(&sha, digest) != 0) |
wolfSSL | 4:1b0d80432c79 | 260 | return DRBG_FAILURE; |
wolfSSL | 4:1b0d80432c79 | 261 | |
wolfSSL | 4:1b0d80432c79 | 262 | if (outSz > OUTPUT_BLOCK_LEN) { |
wolfSSL | 4:1b0d80432c79 | 263 | XMEMCPY(out, digest, OUTPUT_BLOCK_LEN); |
wolfSSL | 4:1b0d80432c79 | 264 | outSz -= OUTPUT_BLOCK_LEN; |
wolfSSL | 4:1b0d80432c79 | 265 | out += OUTPUT_BLOCK_LEN; |
wolfSSL | 4:1b0d80432c79 | 266 | } |
wolfSSL | 4:1b0d80432c79 | 267 | else { |
wolfSSL | 4:1b0d80432c79 | 268 | XMEMCPY(out, digest, outSz); |
wolfSSL | 4:1b0d80432c79 | 269 | } |
wolfSSL | 4:1b0d80432c79 | 270 | } |
wolfSSL | 4:1b0d80432c79 | 271 | ForceZero(digest, sizeof(digest)); |
wolfSSL | 4:1b0d80432c79 | 272 | |
wolfSSL | 4:1b0d80432c79 | 273 | return DRBG_SUCCESS; |
wolfSSL | 4:1b0d80432c79 | 274 | } |
wolfSSL | 4:1b0d80432c79 | 275 | |
wolfSSL | 4:1b0d80432c79 | 276 | |
wolfSSL | 4:1b0d80432c79 | 277 | /* Returns: DRBG_SUCCESS or DRBG_FAILURE */ |
wolfSSL | 4:1b0d80432c79 | 278 | static int Hash_DRBG_Reseed(DRBG* drbg, const byte* entropy, word32 entropySz) |
wolfSSL | 4:1b0d80432c79 | 279 | { |
wolfSSL | 4:1b0d80432c79 | 280 | byte seed[DRBG_SEED_LEN]; |
wolfSSL | 4:1b0d80432c79 | 281 | |
wolfSSL | 4:1b0d80432c79 | 282 | if (Hash_df(drbg, seed, sizeof(seed), drbgReseed, drbg->V, sizeof(drbg->V), |
wolfSSL | 4:1b0d80432c79 | 283 | entropy, entropySz) != DRBG_SUCCESS) { |
wolfSSL | 4:1b0d80432c79 | 284 | return DRBG_FAILURE; |
wolfSSL | 4:1b0d80432c79 | 285 | } |
wolfSSL | 4:1b0d80432c79 | 286 | |
wolfSSL | 4:1b0d80432c79 | 287 | XMEMCPY(drbg->V, seed, sizeof(drbg->V)); |
wolfSSL | 4:1b0d80432c79 | 288 | ForceZero(seed, sizeof(seed)); |
wolfSSL | 4:1b0d80432c79 | 289 | |
wolfSSL | 4:1b0d80432c79 | 290 | if (Hash_df(drbg, drbg->C, sizeof(drbg->C), drbgInitC, drbg->V, |
wolfSSL | 4:1b0d80432c79 | 291 | sizeof(drbg->V), NULL, 0) != DRBG_SUCCESS) { |
wolfSSL | 4:1b0d80432c79 | 292 | return DRBG_FAILURE; |
wolfSSL | 4:1b0d80432c79 | 293 | } |
wolfSSL | 4:1b0d80432c79 | 294 | |
wolfSSL | 4:1b0d80432c79 | 295 | drbg->reseedCtr = 1; |
wolfSSL | 4:1b0d80432c79 | 296 | drbg->lastBlock = 0; |
wolfSSL | 4:1b0d80432c79 | 297 | drbg->matchCount = 0; |
wolfSSL | 4:1b0d80432c79 | 298 | return DRBG_SUCCESS; |
wolfSSL | 4:1b0d80432c79 | 299 | } |
wolfSSL | 4:1b0d80432c79 | 300 | |
wolfSSL | 4:1b0d80432c79 | 301 | static INLINE void array_add_one(byte* data, word32 dataSz) |
wolfSSL | 4:1b0d80432c79 | 302 | { |
wolfSSL | 4:1b0d80432c79 | 303 | int i; |
wolfSSL | 4:1b0d80432c79 | 304 | |
wolfSSL | 4:1b0d80432c79 | 305 | for (i = dataSz - 1; i >= 0; i--) |
wolfSSL | 4:1b0d80432c79 | 306 | { |
wolfSSL | 4:1b0d80432c79 | 307 | data[i]++; |
wolfSSL | 4:1b0d80432c79 | 308 | if (data[i] != 0) break; |
wolfSSL | 4:1b0d80432c79 | 309 | } |
wolfSSL | 4:1b0d80432c79 | 310 | } |
wolfSSL | 4:1b0d80432c79 | 311 | |
wolfSSL | 4:1b0d80432c79 | 312 | |
wolfSSL | 4:1b0d80432c79 | 313 | /* Returns: DRBG_SUCCESS or DRBG_FAILURE */ |
wolfSSL | 4:1b0d80432c79 | 314 | static int Hash_gen(DRBG* drbg, byte* out, word32 outSz, const byte* V) |
wolfSSL | 4:1b0d80432c79 | 315 | { |
wolfSSL | 4:1b0d80432c79 | 316 | byte data[DRBG_SEED_LEN]; |
wolfSSL | 4:1b0d80432c79 | 317 | int i; |
wolfSSL | 4:1b0d80432c79 | 318 | int len; |
wolfSSL | 4:1b0d80432c79 | 319 | word32 checkBlock; |
wolfSSL | 4:1b0d80432c79 | 320 | Sha256 sha; |
wolfSSL | 4:1b0d80432c79 | 321 | byte digest[SHA256_DIGEST_SIZE]; |
wolfSSL | 4:1b0d80432c79 | 322 | |
wolfSSL | 4:1b0d80432c79 | 323 | /* Special case: outSz is 0 and out is NULL. wc_Generate a block to save for |
wolfSSL | 4:1b0d80432c79 | 324 | * the continuous test. */ |
wolfSSL | 4:1b0d80432c79 | 325 | |
wolfSSL | 4:1b0d80432c79 | 326 | if (outSz == 0) outSz = 1; |
wolfSSL | 4:1b0d80432c79 | 327 | |
wolfSSL | 4:1b0d80432c79 | 328 | len = (outSz / OUTPUT_BLOCK_LEN) + ((outSz % OUTPUT_BLOCK_LEN) ? 1 : 0); |
wolfSSL | 4:1b0d80432c79 | 329 | |
wolfSSL | 4:1b0d80432c79 | 330 | XMEMCPY(data, V, sizeof(data)); |
wolfSSL | 4:1b0d80432c79 | 331 | for (i = 0; i < len; i++) { |
wolfSSL | 4:1b0d80432c79 | 332 | if (wc_InitSha256(&sha) != 0 || |
wolfSSL | 4:1b0d80432c79 | 333 | wc_Sha256Update(&sha, data, sizeof(data)) != 0 || |
wolfSSL | 4:1b0d80432c79 | 334 | wc_Sha256Final(&sha, digest) != 0) { |
wolfSSL | 4:1b0d80432c79 | 335 | |
wolfSSL | 4:1b0d80432c79 | 336 | return DRBG_FAILURE; |
wolfSSL | 4:1b0d80432c79 | 337 | } |
wolfSSL | 4:1b0d80432c79 | 338 | |
wolfSSL | 4:1b0d80432c79 | 339 | XMEMCPY(&checkBlock, digest, sizeof(word32)); |
wolfSSL | 4:1b0d80432c79 | 340 | if (drbg->reseedCtr > 1 && checkBlock == drbg->lastBlock) { |
wolfSSL | 4:1b0d80432c79 | 341 | if (drbg->matchCount == 1) { |
wolfSSL | 4:1b0d80432c79 | 342 | return DRBG_CONT_FAILURE; |
wolfSSL | 4:1b0d80432c79 | 343 | } |
wolfSSL | 4:1b0d80432c79 | 344 | else { |
wolfSSL | 4:1b0d80432c79 | 345 | if (i == len) { |
wolfSSL | 4:1b0d80432c79 | 346 | len++; |
wolfSSL | 4:1b0d80432c79 | 347 | } |
wolfSSL | 4:1b0d80432c79 | 348 | drbg->matchCount = 1; |
wolfSSL | 4:1b0d80432c79 | 349 | } |
wolfSSL | 4:1b0d80432c79 | 350 | } |
wolfSSL | 4:1b0d80432c79 | 351 | else { |
wolfSSL | 4:1b0d80432c79 | 352 | drbg->matchCount = 0; |
wolfSSL | 4:1b0d80432c79 | 353 | drbg->lastBlock = checkBlock; |
wolfSSL | 4:1b0d80432c79 | 354 | } |
wolfSSL | 4:1b0d80432c79 | 355 | |
wolfSSL | 4:1b0d80432c79 | 356 | if (outSz >= OUTPUT_BLOCK_LEN) { |
wolfSSL | 4:1b0d80432c79 | 357 | XMEMCPY(out, digest, OUTPUT_BLOCK_LEN); |
wolfSSL | 4:1b0d80432c79 | 358 | outSz -= OUTPUT_BLOCK_LEN; |
wolfSSL | 4:1b0d80432c79 | 359 | out += OUTPUT_BLOCK_LEN; |
wolfSSL | 4:1b0d80432c79 | 360 | array_add_one(data, DRBG_SEED_LEN); |
wolfSSL | 4:1b0d80432c79 | 361 | } |
wolfSSL | 4:1b0d80432c79 | 362 | else if (out != NULL && outSz != 0) { |
wolfSSL | 4:1b0d80432c79 | 363 | XMEMCPY(out, digest, outSz); |
wolfSSL | 4:1b0d80432c79 | 364 | outSz = 0; |
wolfSSL | 4:1b0d80432c79 | 365 | } |
wolfSSL | 4:1b0d80432c79 | 366 | } |
wolfSSL | 4:1b0d80432c79 | 367 | ForceZero(data, sizeof(data)); |
wolfSSL | 4:1b0d80432c79 | 368 | |
wolfSSL | 4:1b0d80432c79 | 369 | return DRBG_SUCCESS; |
wolfSSL | 4:1b0d80432c79 | 370 | } |
wolfSSL | 4:1b0d80432c79 | 371 | |
wolfSSL | 4:1b0d80432c79 | 372 | |
wolfSSL | 4:1b0d80432c79 | 373 | static INLINE void array_add(byte* d, word32 dLen, const byte* s, word32 sLen) |
wolfSSL | 4:1b0d80432c79 | 374 | { |
wolfSSL | 4:1b0d80432c79 | 375 | word16 carry = 0; |
wolfSSL | 4:1b0d80432c79 | 376 | |
wolfSSL | 4:1b0d80432c79 | 377 | if (dLen > 0 && sLen > 0 && dLen >= sLen) { |
wolfSSL | 4:1b0d80432c79 | 378 | int sIdx, dIdx; |
wolfSSL | 4:1b0d80432c79 | 379 | |
wolfSSL | 4:1b0d80432c79 | 380 | for (sIdx = sLen - 1, dIdx = dLen - 1; sIdx >= 0; dIdx--, sIdx--) |
wolfSSL | 4:1b0d80432c79 | 381 | { |
wolfSSL | 4:1b0d80432c79 | 382 | carry += d[dIdx] + s[sIdx]; |
wolfSSL | 4:1b0d80432c79 | 383 | d[dIdx] = (byte)carry; |
wolfSSL | 4:1b0d80432c79 | 384 | carry >>= 8; |
wolfSSL | 4:1b0d80432c79 | 385 | } |
wolfSSL | 4:1b0d80432c79 | 386 | |
wolfSSL | 4:1b0d80432c79 | 387 | for (; carry != 0 && dIdx >= 0; dIdx--) { |
wolfSSL | 4:1b0d80432c79 | 388 | carry += d[dIdx]; |
wolfSSL | 4:1b0d80432c79 | 389 | d[dIdx] = (byte)carry; |
wolfSSL | 4:1b0d80432c79 | 390 | carry >>= 8; |
wolfSSL | 4:1b0d80432c79 | 391 | } |
wolfSSL | 4:1b0d80432c79 | 392 | } |
wolfSSL | 4:1b0d80432c79 | 393 | } |
wolfSSL | 4:1b0d80432c79 | 394 | |
wolfSSL | 4:1b0d80432c79 | 395 | |
wolfSSL | 4:1b0d80432c79 | 396 | /* Returns: DRBG_SUCCESS, DRBG_NEED_RESEED, or DRBG_FAILURE */ |
wolfSSL | 4:1b0d80432c79 | 397 | static int Hash_DRBG_Generate(DRBG* drbg, byte* out, word32 outSz) |
wolfSSL | 4:1b0d80432c79 | 398 | { |
wolfSSL | 4:1b0d80432c79 | 399 | int ret = DRBG_NEED_RESEED; |
wolfSSL | 4:1b0d80432c79 | 400 | Sha256 sha; |
wolfSSL | 4:1b0d80432c79 | 401 | byte digest[SHA256_DIGEST_SIZE]; |
wolfSSL | 4:1b0d80432c79 | 402 | |
wolfSSL | 4:1b0d80432c79 | 403 | if (drbg->reseedCtr != RESEED_INTERVAL) { |
wolfSSL | 4:1b0d80432c79 | 404 | byte type = drbgGenerateH; |
wolfSSL | 4:1b0d80432c79 | 405 | word32 reseedCtr = drbg->reseedCtr; |
wolfSSL | 4:1b0d80432c79 | 406 | |
wolfSSL | 4:1b0d80432c79 | 407 | ret = Hash_gen(drbg, out, outSz, drbg->V); |
wolfSSL | 4:1b0d80432c79 | 408 | if (ret == DRBG_SUCCESS) { |
wolfSSL | 4:1b0d80432c79 | 409 | if (wc_InitSha256(&sha) != 0 || |
wolfSSL | 4:1b0d80432c79 | 410 | wc_Sha256Update(&sha, &type, sizeof(type)) != 0 || |
wolfSSL | 4:1b0d80432c79 | 411 | wc_Sha256Update(&sha, drbg->V, sizeof(drbg->V)) != 0 || |
wolfSSL | 4:1b0d80432c79 | 412 | wc_Sha256Final(&sha, digest) != 0) { |
wolfSSL | 4:1b0d80432c79 | 413 | |
wolfSSL | 4:1b0d80432c79 | 414 | ret = DRBG_FAILURE; |
wolfSSL | 4:1b0d80432c79 | 415 | } |
wolfSSL | 4:1b0d80432c79 | 416 | else { |
wolfSSL | 4:1b0d80432c79 | 417 | array_add(drbg->V, sizeof(drbg->V), digest, sizeof(digest)); |
wolfSSL | 4:1b0d80432c79 | 418 | array_add(drbg->V, sizeof(drbg->V), drbg->C, sizeof(drbg->C)); |
wolfSSL | 4:1b0d80432c79 | 419 | #ifdef LITTLE_ENDIAN_ORDER |
wolfSSL | 4:1b0d80432c79 | 420 | reseedCtr = ByteReverseWord32(reseedCtr); |
wolfSSL | 4:1b0d80432c79 | 421 | #endif |
wolfSSL | 4:1b0d80432c79 | 422 | array_add(drbg->V, sizeof(drbg->V), |
wolfSSL | 4:1b0d80432c79 | 423 | (byte*)&reseedCtr, sizeof(reseedCtr)); |
wolfSSL | 4:1b0d80432c79 | 424 | ret = DRBG_SUCCESS; |
wolfSSL | 4:1b0d80432c79 | 425 | } |
wolfSSL | 4:1b0d80432c79 | 426 | drbg->reseedCtr++; |
wolfSSL | 4:1b0d80432c79 | 427 | } |
wolfSSL | 4:1b0d80432c79 | 428 | } |
wolfSSL | 4:1b0d80432c79 | 429 | ForceZero(digest, sizeof(digest)); |
wolfSSL | 4:1b0d80432c79 | 430 | |
wolfSSL | 4:1b0d80432c79 | 431 | return ret; |
wolfSSL | 4:1b0d80432c79 | 432 | } |
wolfSSL | 4:1b0d80432c79 | 433 | |
wolfSSL | 4:1b0d80432c79 | 434 | |
wolfSSL | 4:1b0d80432c79 | 435 | /* Returns: DRBG_SUCCESS or DRBG_FAILURE */ |
wolfSSL | 4:1b0d80432c79 | 436 | static int Hash_DRBG_Instantiate(DRBG* drbg, const byte* seed, word32 seedSz, |
wolfSSL | 4:1b0d80432c79 | 437 | const byte* nonce, word32 nonceSz) |
wolfSSL | 4:1b0d80432c79 | 438 | { |
wolfSSL | 4:1b0d80432c79 | 439 | int ret = DRBG_FAILURE; |
wolfSSL | 4:1b0d80432c79 | 440 | |
wolfSSL | 4:1b0d80432c79 | 441 | XMEMSET(drbg, 0, sizeof(DRBG)); |
wolfSSL | 4:1b0d80432c79 | 442 | |
wolfSSL | 4:1b0d80432c79 | 443 | if (Hash_df(drbg, drbg->V, sizeof(drbg->V), drbgInitV, seed, seedSz, |
wolfSSL | 4:1b0d80432c79 | 444 | nonce, nonceSz) == DRBG_SUCCESS && |
wolfSSL | 4:1b0d80432c79 | 445 | Hash_df(drbg, drbg->C, sizeof(drbg->C), drbgInitC, drbg->V, |
wolfSSL | 4:1b0d80432c79 | 446 | sizeof(drbg->V), NULL, 0) == DRBG_SUCCESS) { |
wolfSSL | 4:1b0d80432c79 | 447 | |
wolfSSL | 4:1b0d80432c79 | 448 | drbg->reseedCtr = 1; |
wolfSSL | 4:1b0d80432c79 | 449 | drbg->lastBlock = 0; |
wolfSSL | 4:1b0d80432c79 | 450 | drbg->matchCount = 0; |
wolfSSL | 4:1b0d80432c79 | 451 | ret = DRBG_SUCCESS; |
wolfSSL | 4:1b0d80432c79 | 452 | } |
wolfSSL | 4:1b0d80432c79 | 453 | |
wolfSSL | 4:1b0d80432c79 | 454 | return ret; |
wolfSSL | 4:1b0d80432c79 | 455 | } |
wolfSSL | 4:1b0d80432c79 | 456 | |
wolfSSL | 4:1b0d80432c79 | 457 | |
wolfSSL | 4:1b0d80432c79 | 458 | /* Returns: DRBG_SUCCESS or DRBG_FAILURE */ |
wolfSSL | 4:1b0d80432c79 | 459 | static int Hash_DRBG_Uninstantiate(DRBG* drbg) |
wolfSSL | 4:1b0d80432c79 | 460 | { |
wolfSSL | 4:1b0d80432c79 | 461 | word32 i; |
wolfSSL | 4:1b0d80432c79 | 462 | int compareSum = 0; |
wolfSSL | 4:1b0d80432c79 | 463 | byte* compareDrbg = (byte*)drbg; |
wolfSSL | 4:1b0d80432c79 | 464 | |
wolfSSL | 4:1b0d80432c79 | 465 | ForceZero(drbg, sizeof(DRBG)); |
wolfSSL | 4:1b0d80432c79 | 466 | |
wolfSSL | 4:1b0d80432c79 | 467 | for (i = 0; i < sizeof(DRBG); i++) |
wolfSSL | 4:1b0d80432c79 | 468 | compareSum |= compareDrbg[i] ^ 0; |
wolfSSL | 4:1b0d80432c79 | 469 | |
wolfSSL | 4:1b0d80432c79 | 470 | return (compareSum == 0) ? DRBG_SUCCESS : DRBG_FAILURE; |
wolfSSL | 4:1b0d80432c79 | 471 | } |
wolfSSL | 4:1b0d80432c79 | 472 | |
wolfSSL | 4:1b0d80432c79 | 473 | /* End NIST DRBG Code */ |
wolfSSL | 4:1b0d80432c79 | 474 | |
wolfSSL | 4:1b0d80432c79 | 475 | |
wolfSSL | 4:1b0d80432c79 | 476 | /* Get seed and key cipher */ |
wolfSSL | 4:1b0d80432c79 | 477 | int wc_InitRng(WC_RNG* rng) |
wolfSSL | 4:1b0d80432c79 | 478 | { |
wolfSSL | 4:1b0d80432c79 | 479 | int ret = BAD_FUNC_ARG; |
wolfSSL | 4:1b0d80432c79 | 480 | |
wolfSSL | 4:1b0d80432c79 | 481 | if (rng != NULL) { |
wolfSSL | 4:1b0d80432c79 | 482 | if (wc_RNG_HealthTestLocal(0) == 0) { |
wolfSSL | 4:1b0d80432c79 | 483 | byte entropy[ENTROPY_NONCE_SZ]; |
wolfSSL | 4:1b0d80432c79 | 484 | |
wolfSSL | 4:1b0d80432c79 | 485 | rng->drbg = |
wolfSSL | 4:1b0d80432c79 | 486 | (struct DRBG*)XMALLOC(sizeof(DRBG), NULL, DYNAMIC_TYPE_RNG); |
wolfSSL | 4:1b0d80432c79 | 487 | if (rng->drbg == NULL) { |
wolfSSL | 4:1b0d80432c79 | 488 | ret = MEMORY_E; |
wolfSSL | 4:1b0d80432c79 | 489 | } |
wolfSSL | 4:1b0d80432c79 | 490 | /* This doesn't use a separate nonce. The entropy input will be |
wolfSSL | 4:1b0d80432c79 | 491 | * the default size plus the size of the nonce making the seed |
wolfSSL | 4:1b0d80432c79 | 492 | * size. */ |
wolfSSL | 4:1b0d80432c79 | 493 | else if (wc_GenerateSeed(&rng->seed, |
wolfSSL | 4:1b0d80432c79 | 494 | entropy, ENTROPY_NONCE_SZ) == 0 && |
wolfSSL | 4:1b0d80432c79 | 495 | Hash_DRBG_Instantiate(rng->drbg, |
wolfSSL | 4:1b0d80432c79 | 496 | entropy, ENTROPY_NONCE_SZ, NULL, 0) == DRBG_SUCCESS) { |
wolfSSL | 4:1b0d80432c79 | 497 | |
wolfSSL | 4:1b0d80432c79 | 498 | ret = Hash_DRBG_Generate(rng->drbg, NULL, 0); |
wolfSSL | 4:1b0d80432c79 | 499 | } |
wolfSSL | 4:1b0d80432c79 | 500 | else |
wolfSSL | 4:1b0d80432c79 | 501 | ret = DRBG_FAILURE; |
wolfSSL | 4:1b0d80432c79 | 502 | |
wolfSSL | 4:1b0d80432c79 | 503 | ForceZero(entropy, ENTROPY_NONCE_SZ); |
wolfSSL | 4:1b0d80432c79 | 504 | } |
wolfSSL | 4:1b0d80432c79 | 505 | else |
wolfSSL | 4:1b0d80432c79 | 506 | ret = DRBG_CONT_FAILURE; |
wolfSSL | 4:1b0d80432c79 | 507 | |
wolfSSL | 4:1b0d80432c79 | 508 | if (ret == DRBG_SUCCESS) { |
wolfSSL | 4:1b0d80432c79 | 509 | rng->status = DRBG_OK; |
wolfSSL | 4:1b0d80432c79 | 510 | ret = 0; |
wolfSSL | 4:1b0d80432c79 | 511 | } |
wolfSSL | 4:1b0d80432c79 | 512 | else if (ret == DRBG_CONT_FAILURE) { |
wolfSSL | 4:1b0d80432c79 | 513 | rng->status = DRBG_CONT_FAILED; |
wolfSSL | 4:1b0d80432c79 | 514 | ret = DRBG_CONT_FIPS_E; |
wolfSSL | 4:1b0d80432c79 | 515 | } |
wolfSSL | 4:1b0d80432c79 | 516 | else if (ret == DRBG_FAILURE) { |
wolfSSL | 4:1b0d80432c79 | 517 | rng->status = DRBG_FAILED; |
wolfSSL | 4:1b0d80432c79 | 518 | ret = RNG_FAILURE_E; |
wolfSSL | 4:1b0d80432c79 | 519 | } |
wolfSSL | 4:1b0d80432c79 | 520 | else { |
wolfSSL | 4:1b0d80432c79 | 521 | rng->status = DRBG_FAILED; |
wolfSSL | 4:1b0d80432c79 | 522 | } |
wolfSSL | 4:1b0d80432c79 | 523 | } |
wolfSSL | 4:1b0d80432c79 | 524 | |
wolfSSL | 4:1b0d80432c79 | 525 | return ret; |
wolfSSL | 4:1b0d80432c79 | 526 | } |
wolfSSL | 4:1b0d80432c79 | 527 | |
wolfSSL | 4:1b0d80432c79 | 528 | |
wolfSSL | 4:1b0d80432c79 | 529 | /* place a generated block in output */ |
wolfSSL | 4:1b0d80432c79 | 530 | int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz) |
wolfSSL | 4:1b0d80432c79 | 531 | { |
wolfSSL | 4:1b0d80432c79 | 532 | int ret; |
wolfSSL | 4:1b0d80432c79 | 533 | |
wolfSSL | 4:1b0d80432c79 | 534 | if (rng == NULL || output == NULL || sz > MAX_REQUEST_LEN) |
wolfSSL | 4:1b0d80432c79 | 535 | return BAD_FUNC_ARG; |
wolfSSL | 4:1b0d80432c79 | 536 | |
wolfSSL | 4:1b0d80432c79 | 537 | if (rng->status != DRBG_OK) |
wolfSSL | 4:1b0d80432c79 | 538 | return RNG_FAILURE_E; |
wolfSSL | 4:1b0d80432c79 | 539 | |
wolfSSL | 4:1b0d80432c79 | 540 | ret = Hash_DRBG_Generate(rng->drbg, output, sz); |
wolfSSL | 4:1b0d80432c79 | 541 | |
wolfSSL | 4:1b0d80432c79 | 542 | if (ret == DRBG_NEED_RESEED) { |
wolfSSL | 4:1b0d80432c79 | 543 | if (wc_RNG_HealthTestLocal(1) == 0) { |
wolfSSL | 4:1b0d80432c79 | 544 | byte entropy[ENTROPY_SZ]; |
wolfSSL | 4:1b0d80432c79 | 545 | |
wolfSSL | 4:1b0d80432c79 | 546 | if (wc_GenerateSeed(&rng->seed, entropy, ENTROPY_SZ) == 0 && |
wolfSSL | 4:1b0d80432c79 | 547 | Hash_DRBG_Reseed(rng->drbg, entropy, ENTROPY_SZ) |
wolfSSL | 4:1b0d80432c79 | 548 | == DRBG_SUCCESS) { |
wolfSSL | 4:1b0d80432c79 | 549 | |
wolfSSL | 4:1b0d80432c79 | 550 | ret = Hash_DRBG_Generate(rng->drbg, NULL, 0); |
wolfSSL | 4:1b0d80432c79 | 551 | if (ret == DRBG_SUCCESS) |
wolfSSL | 4:1b0d80432c79 | 552 | ret = Hash_DRBG_Generate(rng->drbg, output, sz); |
wolfSSL | 4:1b0d80432c79 | 553 | } |
wolfSSL | 4:1b0d80432c79 | 554 | else |
wolfSSL | 4:1b0d80432c79 | 555 | ret = DRBG_FAILURE; |
wolfSSL | 4:1b0d80432c79 | 556 | |
wolfSSL | 4:1b0d80432c79 | 557 | ForceZero(entropy, ENTROPY_SZ); |
wolfSSL | 4:1b0d80432c79 | 558 | } |
wolfSSL | 4:1b0d80432c79 | 559 | else |
wolfSSL | 4:1b0d80432c79 | 560 | ret = DRBG_CONT_FAILURE; |
wolfSSL | 4:1b0d80432c79 | 561 | } |
wolfSSL | 4:1b0d80432c79 | 562 | |
wolfSSL | 4:1b0d80432c79 | 563 | if (ret == DRBG_SUCCESS) { |
wolfSSL | 4:1b0d80432c79 | 564 | ret = 0; |
wolfSSL | 4:1b0d80432c79 | 565 | } |
wolfSSL | 4:1b0d80432c79 | 566 | else if (ret == DRBG_CONT_FAILURE) { |
wolfSSL | 4:1b0d80432c79 | 567 | ret = DRBG_CONT_FIPS_E; |
wolfSSL | 4:1b0d80432c79 | 568 | rng->status = DRBG_CONT_FAILED; |
wolfSSL | 4:1b0d80432c79 | 569 | } |
wolfSSL | 4:1b0d80432c79 | 570 | else { |
wolfSSL | 4:1b0d80432c79 | 571 | ret = RNG_FAILURE_E; |
wolfSSL | 4:1b0d80432c79 | 572 | rng->status = DRBG_FAILED; |
wolfSSL | 4:1b0d80432c79 | 573 | } |
wolfSSL | 4:1b0d80432c79 | 574 | |
wolfSSL | 4:1b0d80432c79 | 575 | return ret; |
wolfSSL | 4:1b0d80432c79 | 576 | } |
wolfSSL | 4:1b0d80432c79 | 577 | |
wolfSSL | 4:1b0d80432c79 | 578 | |
wolfSSL | 4:1b0d80432c79 | 579 | int wc_RNG_GenerateByte(WC_RNG* rng, byte* b) |
wolfSSL | 4:1b0d80432c79 | 580 | { |
wolfSSL | 4:1b0d80432c79 | 581 | return wc_RNG_GenerateBlock(rng, b, 1); |
wolfSSL | 4:1b0d80432c79 | 582 | } |
wolfSSL | 4:1b0d80432c79 | 583 | |
wolfSSL | 4:1b0d80432c79 | 584 | |
wolfSSL | 4:1b0d80432c79 | 585 | int wc_FreeRng(WC_RNG* rng) |
wolfSSL | 4:1b0d80432c79 | 586 | { |
wolfSSL | 4:1b0d80432c79 | 587 | int ret = BAD_FUNC_ARG; |
wolfSSL | 4:1b0d80432c79 | 588 | |
wolfSSL | 4:1b0d80432c79 | 589 | if (rng != NULL) { |
wolfSSL | 4:1b0d80432c79 | 590 | if (rng->drbg != NULL) { |
wolfSSL | 4:1b0d80432c79 | 591 | if (Hash_DRBG_Uninstantiate(rng->drbg) == DRBG_SUCCESS) |
wolfSSL | 4:1b0d80432c79 | 592 | ret = 0; |
wolfSSL | 4:1b0d80432c79 | 593 | else |
wolfSSL | 4:1b0d80432c79 | 594 | ret = RNG_FAILURE_E; |
wolfSSL | 4:1b0d80432c79 | 595 | |
wolfSSL | 4:1b0d80432c79 | 596 | XFREE(rng->drbg, NULL, DYNAMIC_TYPE_RNG); |
wolfSSL | 4:1b0d80432c79 | 597 | rng->drbg = NULL; |
wolfSSL | 4:1b0d80432c79 | 598 | } |
wolfSSL | 4:1b0d80432c79 | 599 | |
wolfSSL | 4:1b0d80432c79 | 600 | rng->status = DRBG_NOT_INIT; |
wolfSSL | 4:1b0d80432c79 | 601 | } |
wolfSSL | 4:1b0d80432c79 | 602 | |
wolfSSL | 4:1b0d80432c79 | 603 | return ret; |
wolfSSL | 4:1b0d80432c79 | 604 | } |
wolfSSL | 4:1b0d80432c79 | 605 | |
wolfSSL | 4:1b0d80432c79 | 606 | |
wolfSSL | 4:1b0d80432c79 | 607 | int wc_RNG_HealthTest(int reseed, const byte* entropyA, word32 entropyASz, |
wolfSSL | 4:1b0d80432c79 | 608 | const byte* entropyB, word32 entropyBSz, |
wolfSSL | 4:1b0d80432c79 | 609 | byte* output, word32 outputSz) |
wolfSSL | 4:1b0d80432c79 | 610 | { |
wolfSSL | 4:1b0d80432c79 | 611 | DRBG drbg; |
wolfSSL | 4:1b0d80432c79 | 612 | |
wolfSSL | 4:1b0d80432c79 | 613 | if (entropyA == NULL || output == NULL) |
wolfSSL | 4:1b0d80432c79 | 614 | return BAD_FUNC_ARG; |
wolfSSL | 4:1b0d80432c79 | 615 | |
wolfSSL | 4:1b0d80432c79 | 616 | if (reseed != 0 && entropyB == NULL) |
wolfSSL | 4:1b0d80432c79 | 617 | return BAD_FUNC_ARG; |
wolfSSL | 4:1b0d80432c79 | 618 | |
wolfSSL | 4:1b0d80432c79 | 619 | if (outputSz != (SHA256_DIGEST_SIZE * 4)) |
wolfSSL | 4:1b0d80432c79 | 620 | return -1; |
wolfSSL | 4:1b0d80432c79 | 621 | |
wolfSSL | 4:1b0d80432c79 | 622 | if (Hash_DRBG_Instantiate(&drbg, entropyA, entropyASz, NULL, 0) != 0) |
wolfSSL | 4:1b0d80432c79 | 623 | return -1; |
wolfSSL | 4:1b0d80432c79 | 624 | |
wolfSSL | 4:1b0d80432c79 | 625 | if (reseed) { |
wolfSSL | 4:1b0d80432c79 | 626 | if (Hash_DRBG_Reseed(&drbg, entropyB, entropyBSz) != 0) { |
wolfSSL | 4:1b0d80432c79 | 627 | Hash_DRBG_Uninstantiate(&drbg); |
wolfSSL | 4:1b0d80432c79 | 628 | return -1; |
wolfSSL | 4:1b0d80432c79 | 629 | } |
wolfSSL | 4:1b0d80432c79 | 630 | } |
wolfSSL | 4:1b0d80432c79 | 631 | |
wolfSSL | 4:1b0d80432c79 | 632 | if (Hash_DRBG_Generate(&drbg, output, outputSz) != 0) { |
wolfSSL | 4:1b0d80432c79 | 633 | Hash_DRBG_Uninstantiate(&drbg); |
wolfSSL | 4:1b0d80432c79 | 634 | return -1; |
wolfSSL | 4:1b0d80432c79 | 635 | } |
wolfSSL | 4:1b0d80432c79 | 636 | |
wolfSSL | 4:1b0d80432c79 | 637 | if (Hash_DRBG_Generate(&drbg, output, outputSz) != 0) { |
wolfSSL | 4:1b0d80432c79 | 638 | Hash_DRBG_Uninstantiate(&drbg); |
wolfSSL | 4:1b0d80432c79 | 639 | return -1; |
wolfSSL | 4:1b0d80432c79 | 640 | } |
wolfSSL | 4:1b0d80432c79 | 641 | |
wolfSSL | 4:1b0d80432c79 | 642 | if (Hash_DRBG_Uninstantiate(&drbg) != 0) { |
wolfSSL | 4:1b0d80432c79 | 643 | return -1; |
wolfSSL | 4:1b0d80432c79 | 644 | } |
wolfSSL | 4:1b0d80432c79 | 645 | |
wolfSSL | 4:1b0d80432c79 | 646 | return 0; |
wolfSSL | 4:1b0d80432c79 | 647 | } |
wolfSSL | 4:1b0d80432c79 | 648 | |
wolfSSL | 4:1b0d80432c79 | 649 | |
wolfSSL | 4:1b0d80432c79 | 650 | const byte entropyA[] = { |
wolfSSL | 4:1b0d80432c79 | 651 | 0x63, 0x36, 0x33, 0x77, 0xe4, 0x1e, 0x86, 0x46, 0x8d, 0xeb, 0x0a, 0xb4, |
wolfSSL | 4:1b0d80432c79 | 652 | 0xa8, 0xed, 0x68, 0x3f, 0x6a, 0x13, 0x4e, 0x47, 0xe0, 0x14, 0xc7, 0x00, |
wolfSSL | 4:1b0d80432c79 | 653 | 0x45, 0x4e, 0x81, 0xe9, 0x53, 0x58, 0xa5, 0x69, 0x80, 0x8a, 0xa3, 0x8f, |
wolfSSL | 4:1b0d80432c79 | 654 | 0x2a, 0x72, 0xa6, 0x23, 0x59, 0x91, 0x5a, 0x9f, 0x8a, 0x04, 0xca, 0x68 |
wolfSSL | 4:1b0d80432c79 | 655 | }; |
wolfSSL | 4:1b0d80432c79 | 656 | |
wolfSSL | 4:1b0d80432c79 | 657 | const byte reseedEntropyA[] = { |
wolfSSL | 4:1b0d80432c79 | 658 | 0xe6, 0x2b, 0x8a, 0x8e, 0xe8, 0xf1, 0x41, 0xb6, 0x98, 0x05, 0x66, 0xe3, |
wolfSSL | 4:1b0d80432c79 | 659 | 0xbf, 0xe3, 0xc0, 0x49, 0x03, 0xda, 0xd4, 0xac, 0x2c, 0xdf, 0x9f, 0x22, |
wolfSSL | 4:1b0d80432c79 | 660 | 0x80, 0x01, 0x0a, 0x67, 0x39, 0xbc, 0x83, 0xd3 |
wolfSSL | 4:1b0d80432c79 | 661 | }; |
wolfSSL | 4:1b0d80432c79 | 662 | |
wolfSSL | 4:1b0d80432c79 | 663 | const byte outputA[] = { |
wolfSSL | 4:1b0d80432c79 | 664 | 0x04, 0xee, 0xc6, 0x3b, 0xb2, 0x31, 0xdf, 0x2c, 0x63, 0x0a, 0x1a, 0xfb, |
wolfSSL | 4:1b0d80432c79 | 665 | 0xe7, 0x24, 0x94, 0x9d, 0x00, 0x5a, 0x58, 0x78, 0x51, 0xe1, 0xaa, 0x79, |
wolfSSL | 4:1b0d80432c79 | 666 | 0x5e, 0x47, 0x73, 0x47, 0xc8, 0xb0, 0x56, 0x62, 0x1c, 0x18, 0xbd, 0xdc, |
wolfSSL | 4:1b0d80432c79 | 667 | 0xdd, 0x8d, 0x99, 0xfc, 0x5f, 0xc2, 0xb9, 0x20, 0x53, 0xd8, 0xcf, 0xac, |
wolfSSL | 4:1b0d80432c79 | 668 | 0xfb, 0x0b, 0xb8, 0x83, 0x12, 0x05, 0xfa, 0xd1, 0xdd, 0xd6, 0xc0, 0x71, |
wolfSSL | 4:1b0d80432c79 | 669 | 0x31, 0x8a, 0x60, 0x18, 0xf0, 0x3b, 0x73, 0xf5, 0xed, 0xe4, 0xd4, 0xd0, |
wolfSSL | 4:1b0d80432c79 | 670 | 0x71, 0xf9, 0xde, 0x03, 0xfd, 0x7a, 0xea, 0x10, 0x5d, 0x92, 0x99, 0xb8, |
wolfSSL | 4:1b0d80432c79 | 671 | 0xaf, 0x99, 0xaa, 0x07, 0x5b, 0xdb, 0x4d, 0xb9, 0xaa, 0x28, 0xc1, 0x8d, |
wolfSSL | 4:1b0d80432c79 | 672 | 0x17, 0x4b, 0x56, 0xee, 0x2a, 0x01, 0x4d, 0x09, 0x88, 0x96, 0xff, 0x22, |
wolfSSL | 4:1b0d80432c79 | 673 | 0x82, 0xc9, 0x55, 0xa8, 0x19, 0x69, 0xe0, 0x69, 0xfa, 0x8c, 0xe0, 0x07, |
wolfSSL | 4:1b0d80432c79 | 674 | 0xa1, 0x80, 0x18, 0x3a, 0x07, 0xdf, 0xae, 0x17 |
wolfSSL | 4:1b0d80432c79 | 675 | }; |
wolfSSL | 4:1b0d80432c79 | 676 | |
wolfSSL | 4:1b0d80432c79 | 677 | const byte entropyB[] = { |
wolfSSL | 4:1b0d80432c79 | 678 | 0xa6, 0x5a, 0xd0, 0xf3, 0x45, 0xdb, 0x4e, 0x0e, 0xff, 0xe8, 0x75, 0xc3, |
wolfSSL | 4:1b0d80432c79 | 679 | 0xa2, 0xe7, 0x1f, 0x42, 0xc7, 0x12, 0x9d, 0x62, 0x0f, 0xf5, 0xc1, 0x19, |
wolfSSL | 4:1b0d80432c79 | 680 | 0xa9, 0xef, 0x55, 0xf0, 0x51, 0x85, 0xe0, 0xfb, 0x85, 0x81, 0xf9, 0x31, |
wolfSSL | 4:1b0d80432c79 | 681 | 0x75, 0x17, 0x27, 0x6e, 0x06, 0xe9, 0x60, 0x7d, 0xdb, 0xcb, 0xcc, 0x2e |
wolfSSL | 4:1b0d80432c79 | 682 | }; |
wolfSSL | 4:1b0d80432c79 | 683 | |
wolfSSL | 4:1b0d80432c79 | 684 | const byte outputB[] = { |
wolfSSL | 4:1b0d80432c79 | 685 | 0xd3, 0xe1, 0x60, 0xc3, 0x5b, 0x99, 0xf3, 0x40, 0xb2, 0x62, 0x82, 0x64, |
wolfSSL | 4:1b0d80432c79 | 686 | 0xd1, 0x75, 0x10, 0x60, 0xe0, 0x04, 0x5d, 0xa3, 0x83, 0xff, 0x57, 0xa5, |
wolfSSL | 4:1b0d80432c79 | 687 | 0x7d, 0x73, 0xa6, 0x73, 0xd2, 0xb8, 0xd8, 0x0d, 0xaa, 0xf6, 0xa6, 0xc3, |
wolfSSL | 4:1b0d80432c79 | 688 | 0x5a, 0x91, 0xbb, 0x45, 0x79, 0xd7, 0x3f, 0xd0, 0xc8, 0xfe, 0xd1, 0x11, |
wolfSSL | 4:1b0d80432c79 | 689 | 0xb0, 0x39, 0x13, 0x06, 0x82, 0x8a, 0xdf, 0xed, 0x52, 0x8f, 0x01, 0x81, |
wolfSSL | 4:1b0d80432c79 | 690 | 0x21, 0xb3, 0xfe, 0xbd, 0xc3, 0x43, 0xe7, 0x97, 0xb8, 0x7d, 0xbb, 0x63, |
wolfSSL | 4:1b0d80432c79 | 691 | 0xdb, 0x13, 0x33, 0xde, 0xd9, 0xd1, 0xec, 0xe1, 0x77, 0xcf, 0xa6, 0xb7, |
wolfSSL | 4:1b0d80432c79 | 692 | 0x1f, 0xe8, 0xab, 0x1d, 0xa4, 0x66, 0x24, 0xed, 0x64, 0x15, 0xe5, 0x1c, |
wolfSSL | 4:1b0d80432c79 | 693 | 0xcd, 0xe2, 0xc7, 0xca, 0x86, 0xe2, 0x83, 0x99, 0x0e, 0xea, 0xeb, 0x91, |
wolfSSL | 4:1b0d80432c79 | 694 | 0x12, 0x04, 0x15, 0x52, 0x8b, 0x22, 0x95, 0x91, 0x02, 0x81, 0xb0, 0x2d, |
wolfSSL | 4:1b0d80432c79 | 695 | 0xd4, 0x31, 0xf4, 0xc9, 0xf7, 0x04, 0x27, 0xdf |
wolfSSL | 4:1b0d80432c79 | 696 | }; |
wolfSSL | 4:1b0d80432c79 | 697 | |
wolfSSL | 4:1b0d80432c79 | 698 | |
wolfSSL | 4:1b0d80432c79 | 699 | static int wc_RNG_HealthTestLocal(int reseed) |
wolfSSL | 4:1b0d80432c79 | 700 | { |
wolfSSL | 4:1b0d80432c79 | 701 | int ret = 0; |
wolfSSL | 4:1b0d80432c79 | 702 | byte check[SHA256_DIGEST_SIZE * 4]; |
wolfSSL | 4:1b0d80432c79 | 703 | |
wolfSSL | 4:1b0d80432c79 | 704 | if (reseed) { |
wolfSSL | 4:1b0d80432c79 | 705 | ret = wc_RNG_HealthTest(1, entropyA, sizeof(entropyA), |
wolfSSL | 4:1b0d80432c79 | 706 | reseedEntropyA, sizeof(reseedEntropyA), |
wolfSSL | 4:1b0d80432c79 | 707 | check, sizeof(check)); |
wolfSSL | 4:1b0d80432c79 | 708 | if (ret == 0) { |
wolfSSL | 4:1b0d80432c79 | 709 | if (ConstantCompare(check, outputA, sizeof(check)) != 0) |
wolfSSL | 4:1b0d80432c79 | 710 | ret = -1; |
wolfSSL | 4:1b0d80432c79 | 711 | } |
wolfSSL | 4:1b0d80432c79 | 712 | } |
wolfSSL | 4:1b0d80432c79 | 713 | else { |
wolfSSL | 4:1b0d80432c79 | 714 | ret = wc_RNG_HealthTest(0, entropyB, sizeof(entropyB), |
wolfSSL | 4:1b0d80432c79 | 715 | NULL, 0, |
wolfSSL | 4:1b0d80432c79 | 716 | check, sizeof(check)); |
wolfSSL | 4:1b0d80432c79 | 717 | if (ret == 0) { |
wolfSSL | 4:1b0d80432c79 | 718 | if (ConstantCompare(check, outputB, sizeof(check)) != 0) |
wolfSSL | 4:1b0d80432c79 | 719 | ret = -1; |
wolfSSL | 4:1b0d80432c79 | 720 | } |
wolfSSL | 4:1b0d80432c79 | 721 | } |
wolfSSL | 4:1b0d80432c79 | 722 | |
wolfSSL | 4:1b0d80432c79 | 723 | return ret; |
wolfSSL | 4:1b0d80432c79 | 724 | } |
wolfSSL | 4:1b0d80432c79 | 725 | |
wolfSSL | 4:1b0d80432c79 | 726 | |
wolfSSL | 4:1b0d80432c79 | 727 | #else /* HAVE_HASHDRBG || NO_RC4 */ |
wolfSSL | 4:1b0d80432c79 | 728 | |
wolfSSL | 4:1b0d80432c79 | 729 | /* Get seed and key cipher */ |
wolfSSL | 4:1b0d80432c79 | 730 | int wc_InitRng(WC_RNG* rng) |
wolfSSL | 4:1b0d80432c79 | 731 | { |
wolfSSL | 4:1b0d80432c79 | 732 | int ret; |
wolfSSL | 4:1b0d80432c79 | 733 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 4:1b0d80432c79 | 734 | byte* key; |
wolfSSL | 4:1b0d80432c79 | 735 | byte* junk; |
wolfSSL | 4:1b0d80432c79 | 736 | #else |
wolfSSL | 4:1b0d80432c79 | 737 | byte key[32]; |
wolfSSL | 4:1b0d80432c79 | 738 | byte junk[256]; |
wolfSSL | 4:1b0d80432c79 | 739 | #endif |
wolfSSL | 4:1b0d80432c79 | 740 | |
wolfSSL | 4:1b0d80432c79 | 741 | #ifdef HAVE_INTEL_RDGEN |
wolfSSL | 4:1b0d80432c79 | 742 | wc_InitRng_IntelRD() ; |
wolfSSL | 4:1b0d80432c79 | 743 | if(IS_INTEL_RDRAND)return 0 ; |
wolfSSL | 4:1b0d80432c79 | 744 | #endif |
wolfSSL | 4:1b0d80432c79 | 745 | #ifdef HAVE_CAVIUM |
wolfSSL | 4:1b0d80432c79 | 746 | if (rng->magic == WOLFSSL_RNG_CAVIUM_MAGIC) |
wolfSSL | 4:1b0d80432c79 | 747 | return 0; |
wolfSSL | 4:1b0d80432c79 | 748 | #endif |
wolfSSL | 4:1b0d80432c79 | 749 | |
wolfSSL | 4:1b0d80432c79 | 750 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 4:1b0d80432c79 | 751 | key = (byte*)XMALLOC(32, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 4:1b0d80432c79 | 752 | if (key == NULL) |
wolfSSL | 4:1b0d80432c79 | 753 | return MEMORY_E; |
wolfSSL | 4:1b0d80432c79 | 754 | |
wolfSSL | 4:1b0d80432c79 | 755 | junk = (byte*)XMALLOC(256, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 4:1b0d80432c79 | 756 | if (junk == NULL) { |
wolfSSL | 4:1b0d80432c79 | 757 | XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 4:1b0d80432c79 | 758 | return MEMORY_E; |
wolfSSL | 4:1b0d80432c79 | 759 | } |
wolfSSL | 4:1b0d80432c79 | 760 | #endif |
wolfSSL | 4:1b0d80432c79 | 761 | |
wolfSSL | 4:1b0d80432c79 | 762 | ret = wc_GenerateSeed(&rng->seed, key, 32); |
wolfSSL | 4:1b0d80432c79 | 763 | |
wolfSSL | 4:1b0d80432c79 | 764 | if (ret == 0) { |
wolfSSL | 4:1b0d80432c79 | 765 | wc_Arc4SetKey(&rng->cipher, key, sizeof(key)); |
wolfSSL | 4:1b0d80432c79 | 766 | |
wolfSSL | 4:1b0d80432c79 | 767 | ret = wc_RNG_GenerateBlock(rng, junk, 256); /*rid initial state*/ |
wolfSSL | 4:1b0d80432c79 | 768 | } |
wolfSSL | 4:1b0d80432c79 | 769 | |
wolfSSL | 4:1b0d80432c79 | 770 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 4:1b0d80432c79 | 771 | XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 4:1b0d80432c79 | 772 | XFREE(junk, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 4:1b0d80432c79 | 773 | #endif |
wolfSSL | 4:1b0d80432c79 | 774 | |
wolfSSL | 4:1b0d80432c79 | 775 | return ret; |
wolfSSL | 4:1b0d80432c79 | 776 | } |
wolfSSL | 4:1b0d80432c79 | 777 | |
wolfSSL | 4:1b0d80432c79 | 778 | #ifdef HAVE_CAVIUM |
wolfSSL | 4:1b0d80432c79 | 779 | static void CaviumRNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz); |
wolfSSL | 4:1b0d80432c79 | 780 | #endif |
wolfSSL | 4:1b0d80432c79 | 781 | |
wolfSSL | 4:1b0d80432c79 | 782 | /* place a generated block in output */ |
wolfSSL | 4:1b0d80432c79 | 783 | int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz) |
wolfSSL | 4:1b0d80432c79 | 784 | { |
wolfSSL | 4:1b0d80432c79 | 785 | #ifdef HAVE_INTEL_RDGEN |
wolfSSL | 4:1b0d80432c79 | 786 | if(IS_INTEL_RDRAND) |
wolfSSL | 4:1b0d80432c79 | 787 | return wc_GenerateRand_IntelRD(NULL, output, sz) ; |
wolfSSL | 4:1b0d80432c79 | 788 | #endif |
wolfSSL | 4:1b0d80432c79 | 789 | #ifdef HAVE_CAVIUM |
wolfSSL | 4:1b0d80432c79 | 790 | if (rng->magic == WOLFSSL_RNG_CAVIUM_MAGIC) |
wolfSSL | 4:1b0d80432c79 | 791 | return CaviumRNG_GenerateBlock(rng, output, sz); |
wolfSSL | 4:1b0d80432c79 | 792 | #endif |
wolfSSL | 4:1b0d80432c79 | 793 | XMEMSET(output, 0, sz); |
wolfSSL | 4:1b0d80432c79 | 794 | wc_Arc4Process(&rng->cipher, output, output, sz); |
wolfSSL | 4:1b0d80432c79 | 795 | |
wolfSSL | 4:1b0d80432c79 | 796 | return 0; |
wolfSSL | 4:1b0d80432c79 | 797 | } |
wolfSSL | 4:1b0d80432c79 | 798 | |
wolfSSL | 4:1b0d80432c79 | 799 | |
wolfSSL | 4:1b0d80432c79 | 800 | int wc_RNG_GenerateByte(WC_RNG* rng, byte* b) |
wolfSSL | 4:1b0d80432c79 | 801 | { |
wolfSSL | 4:1b0d80432c79 | 802 | return wc_RNG_GenerateBlock(rng, b, 1); |
wolfSSL | 4:1b0d80432c79 | 803 | } |
wolfSSL | 4:1b0d80432c79 | 804 | |
wolfSSL | 4:1b0d80432c79 | 805 | |
wolfSSL | 4:1b0d80432c79 | 806 | int wc_FreeRng(WC_RNG* rng) |
wolfSSL | 4:1b0d80432c79 | 807 | { |
wolfSSL | 4:1b0d80432c79 | 808 | (void)rng; |
wolfSSL | 4:1b0d80432c79 | 809 | return 0; |
wolfSSL | 4:1b0d80432c79 | 810 | } |
wolfSSL | 4:1b0d80432c79 | 811 | |
wolfSSL | 4:1b0d80432c79 | 812 | |
wolfSSL | 4:1b0d80432c79 | 813 | #ifdef HAVE_CAVIUM |
wolfSSL | 4:1b0d80432c79 | 814 | |
wolfSSL | 4:1b0d80432c79 | 815 | #include <wolfssl/ctaocrypt/logging.h> |
wolfSSL | 4:1b0d80432c79 | 816 | #include "cavium_common.h" |
wolfSSL | 4:1b0d80432c79 | 817 | |
wolfSSL | 4:1b0d80432c79 | 818 | /* Initialize RNG for use with Nitrox device */ |
wolfSSL | 4:1b0d80432c79 | 819 | int wc_InitRngCavium(WC_RNG* rng, int devId) |
wolfSSL | 4:1b0d80432c79 | 820 | { |
wolfSSL | 4:1b0d80432c79 | 821 | if (rng == NULL) |
wolfSSL | 4:1b0d80432c79 | 822 | return -1; |
wolfSSL | 4:1b0d80432c79 | 823 | |
wolfSSL | 4:1b0d80432c79 | 824 | rng->devId = devId; |
wolfSSL | 4:1b0d80432c79 | 825 | rng->magic = WOLFSSL_RNG_CAVIUM_MAGIC; |
wolfSSL | 4:1b0d80432c79 | 826 | |
wolfSSL | 4:1b0d80432c79 | 827 | return 0; |
wolfSSL | 4:1b0d80432c79 | 828 | } |
wolfSSL | 4:1b0d80432c79 | 829 | |
wolfSSL | 4:1b0d80432c79 | 830 | |
wolfSSL | 4:1b0d80432c79 | 831 | static void CaviumRNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz) |
wolfSSL | 4:1b0d80432c79 | 832 | { |
wolfSSL | 4:1b0d80432c79 | 833 | wolfssl_word offset = 0; |
wolfSSL | 4:1b0d80432c79 | 834 | word32 requestId; |
wolfSSL | 4:1b0d80432c79 | 835 | |
wolfSSL | 4:1b0d80432c79 | 836 | while (sz > WOLFSSL_MAX_16BIT) { |
wolfSSL | 4:1b0d80432c79 | 837 | word16 slen = (word16)WOLFSSL_MAX_16BIT; |
wolfSSL | 4:1b0d80432c79 | 838 | if (CspRandom(CAVIUM_BLOCKING, slen, output + offset, &requestId, |
wolfSSL | 4:1b0d80432c79 | 839 | rng->devId) != 0) { |
wolfSSL | 4:1b0d80432c79 | 840 | WOLFSSL_MSG("Cavium RNG failed"); |
wolfSSL | 4:1b0d80432c79 | 841 | } |
wolfSSL | 4:1b0d80432c79 | 842 | sz -= WOLFSSL_MAX_16BIT; |
wolfSSL | 4:1b0d80432c79 | 843 | offset += WOLFSSL_MAX_16BIT; |
wolfSSL | 4:1b0d80432c79 | 844 | } |
wolfSSL | 4:1b0d80432c79 | 845 | if (sz) { |
wolfSSL | 4:1b0d80432c79 | 846 | word16 slen = (word16)sz; |
wolfSSL | 4:1b0d80432c79 | 847 | if (CspRandom(CAVIUM_BLOCKING, slen, output + offset, &requestId, |
wolfSSL | 4:1b0d80432c79 | 848 | rng->devId) != 0) { |
wolfSSL | 4:1b0d80432c79 | 849 | WOLFSSL_MSG("Cavium RNG failed"); |
wolfSSL | 4:1b0d80432c79 | 850 | } |
wolfSSL | 4:1b0d80432c79 | 851 | } |
wolfSSL | 4:1b0d80432c79 | 852 | } |
wolfSSL | 4:1b0d80432c79 | 853 | |
wolfSSL | 4:1b0d80432c79 | 854 | #endif /* HAVE_CAVIUM */ |
wolfSSL | 4:1b0d80432c79 | 855 | |
wolfSSL | 4:1b0d80432c79 | 856 | #endif /* HAVE_HASHDRBG || NO_RC4 */ |
wolfSSL | 4:1b0d80432c79 | 857 | |
wolfSSL | 4:1b0d80432c79 | 858 | |
wolfSSL | 4:1b0d80432c79 | 859 | #if defined(HAVE_INTEL_RDGEN) |
wolfSSL | 4:1b0d80432c79 | 860 | |
wolfSSL | 4:1b0d80432c79 | 861 | #ifndef _MSC_VER |
wolfSSL | 4:1b0d80432c79 | 862 | #define cpuid(reg, leaf, sub)\ |
wolfSSL | 4:1b0d80432c79 | 863 | __asm__ __volatile__ ("cpuid":\ |
wolfSSL | 4:1b0d80432c79 | 864 | "=a" (reg[0]), "=b" (reg[1]), "=c" (reg[2]), "=d" (reg[3]) :\ |
wolfSSL | 4:1b0d80432c79 | 865 | "a" (leaf), "c"(sub)); |
wolfSSL | 4:1b0d80432c79 | 866 | |
wolfSSL | 4:1b0d80432c79 | 867 | #define XASM_LINK(f) asm(f) |
wolfSSL | 4:1b0d80432c79 | 868 | #else |
wolfSSL | 4:1b0d80432c79 | 869 | |
wolfSSL | 4:1b0d80432c79 | 870 | #include <intrin.h> |
wolfSSL | 4:1b0d80432c79 | 871 | #define cpuid(a,b) __cpuid((int*)a,b) |
wolfSSL | 4:1b0d80432c79 | 872 | |
wolfSSL | 4:1b0d80432c79 | 873 | #define XASM_LINK(f) |
wolfSSL | 4:1b0d80432c79 | 874 | |
wolfSSL | 4:1b0d80432c79 | 875 | #endif /* _MSC_VER */ |
wolfSSL | 4:1b0d80432c79 | 876 | |
wolfSSL | 4:1b0d80432c79 | 877 | #define EAX 0 |
wolfSSL | 4:1b0d80432c79 | 878 | #define EBX 1 |
wolfSSL | 4:1b0d80432c79 | 879 | #define ECX 2 |
wolfSSL | 4:1b0d80432c79 | 880 | #define EDX 3 |
wolfSSL | 4:1b0d80432c79 | 881 | |
wolfSSL | 4:1b0d80432c79 | 882 | static word32 cpuid_flag(word32 leaf, word32 sub, word32 num, word32 bit) { |
wolfSSL | 4:1b0d80432c79 | 883 | int got_intel_cpu=0; |
wolfSSL | 4:1b0d80432c79 | 884 | unsigned int reg[5]; |
wolfSSL | 4:1b0d80432c79 | 885 | |
wolfSSL | 4:1b0d80432c79 | 886 | reg[4] = '\0' ; |
wolfSSL | 4:1b0d80432c79 | 887 | cpuid(reg, 0, 0); |
wolfSSL | 4:1b0d80432c79 | 888 | if(memcmp((char *)&(reg[EBX]), "Genu", 4) == 0 && |
wolfSSL | 4:1b0d80432c79 | 889 | memcmp((char *)&(reg[EDX]), "ineI", 4) == 0 && |
wolfSSL | 4:1b0d80432c79 | 890 | memcmp((char *)&(reg[ECX]), "ntel", 4) == 0) { |
wolfSSL | 4:1b0d80432c79 | 891 | got_intel_cpu = 1; |
wolfSSL | 4:1b0d80432c79 | 892 | } |
wolfSSL | 4:1b0d80432c79 | 893 | if (got_intel_cpu) { |
wolfSSL | 4:1b0d80432c79 | 894 | cpuid(reg, leaf, sub); |
wolfSSL | 4:1b0d80432c79 | 895 | return((reg[num]>>bit)&0x1) ; |
wolfSSL | 4:1b0d80432c79 | 896 | } |
wolfSSL | 4:1b0d80432c79 | 897 | return 0 ; |
wolfSSL | 4:1b0d80432c79 | 898 | } |
wolfSSL | 4:1b0d80432c79 | 899 | |
wolfSSL | 4:1b0d80432c79 | 900 | static int wc_InitRng_IntelRD() |
wolfSSL | 4:1b0d80432c79 | 901 | { |
wolfSSL | 4:1b0d80432c79 | 902 | if(cpuid_check==0) { |
wolfSSL | 4:1b0d80432c79 | 903 | if(cpuid_flag(1, 0, ECX, 30)){ cpuid_flags |= CPUID_RDRAND ;} |
wolfSSL | 4:1b0d80432c79 | 904 | if(cpuid_flag(7, 0, EBX, 18)){ cpuid_flags |= CPUID_RDSEED ;} |
wolfSSL | 4:1b0d80432c79 | 905 | cpuid_check = 1 ; |
wolfSSL | 4:1b0d80432c79 | 906 | } |
wolfSSL | 4:1b0d80432c79 | 907 | return 1 ; |
wolfSSL | 4:1b0d80432c79 | 908 | } |
wolfSSL | 4:1b0d80432c79 | 909 | |
wolfSSL | 4:1b0d80432c79 | 910 | #define INTELRD_RETRY 10 |
wolfSSL | 4:1b0d80432c79 | 911 | |
wolfSSL | 4:1b0d80432c79 | 912 | #if defined(HAVE_HASHDRBG) || defined(NO_RC4) |
wolfSSL | 4:1b0d80432c79 | 913 | |
wolfSSL | 4:1b0d80432c79 | 914 | /* return 0 on success */ |
wolfSSL | 4:1b0d80432c79 | 915 | static INLINE int IntelRDseed32(unsigned int *seed) |
wolfSSL | 4:1b0d80432c79 | 916 | { |
wolfSSL | 4:1b0d80432c79 | 917 | int rdseed; unsigned char ok ; |
wolfSSL | 4:1b0d80432c79 | 918 | |
wolfSSL | 4:1b0d80432c79 | 919 | __asm__ volatile("rdseed %0; setc %1":"=r"(rdseed), "=qm"(ok)); |
wolfSSL | 4:1b0d80432c79 | 920 | if(ok){ |
wolfSSL | 4:1b0d80432c79 | 921 | *seed = rdseed ; |
wolfSSL | 4:1b0d80432c79 | 922 | return 0 ; |
wolfSSL | 4:1b0d80432c79 | 923 | } else |
wolfSSL | 4:1b0d80432c79 | 924 | return 1; |
wolfSSL | 4:1b0d80432c79 | 925 | } |
wolfSSL | 4:1b0d80432c79 | 926 | |
wolfSSL | 4:1b0d80432c79 | 927 | /* return 0 on success */ |
wolfSSL | 4:1b0d80432c79 | 928 | static INLINE int IntelRDseed32_r(unsigned int *rnd) |
wolfSSL | 4:1b0d80432c79 | 929 | { |
wolfSSL | 4:1b0d80432c79 | 930 | int i ; |
wolfSSL | 4:1b0d80432c79 | 931 | for(i=0; i<INTELRD_RETRY;i++) { |
wolfSSL | 4:1b0d80432c79 | 932 | if(IntelRDseed32(rnd) == 0) return 0 ; |
wolfSSL | 4:1b0d80432c79 | 933 | } |
wolfSSL | 4:1b0d80432c79 | 934 | return 1 ; |
wolfSSL | 4:1b0d80432c79 | 935 | } |
wolfSSL | 4:1b0d80432c79 | 936 | |
wolfSSL | 4:1b0d80432c79 | 937 | /* return 0 on success */ |
wolfSSL | 4:1b0d80432c79 | 938 | static int wc_GenerateSeed_IntelRD(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 4:1b0d80432c79 | 939 | { |
wolfSSL | 4:1b0d80432c79 | 940 | (void) os ; |
wolfSSL | 4:1b0d80432c79 | 941 | int ret ; |
wolfSSL | 4:1b0d80432c79 | 942 | unsigned int rndTmp ; |
wolfSSL | 4:1b0d80432c79 | 943 | |
wolfSSL | 4:1b0d80432c79 | 944 | for( ; sz/4 > 0; sz-=4, output+=4) { |
wolfSSL | 4:1b0d80432c79 | 945 | if(IS_INTEL_RDSEED)ret = IntelRDseed32_r((word32 *)output) ; |
wolfSSL | 4:1b0d80432c79 | 946 | else return 1 ; |
wolfSSL | 4:1b0d80432c79 | 947 | if(ret) |
wolfSSL | 4:1b0d80432c79 | 948 | return 1 ; |
wolfSSL | 4:1b0d80432c79 | 949 | } |
wolfSSL | 4:1b0d80432c79 | 950 | if(sz == 0)return 0 ; |
wolfSSL | 4:1b0d80432c79 | 951 | |
wolfSSL | 4:1b0d80432c79 | 952 | if(IS_INTEL_RDSEED)ret = IntelRDseed32_r(&rndTmp) ; |
wolfSSL | 4:1b0d80432c79 | 953 | else return 1 ; |
wolfSSL | 4:1b0d80432c79 | 954 | if(ret) |
wolfSSL | 4:1b0d80432c79 | 955 | return 1 ; |
wolfSSL | 4:1b0d80432c79 | 956 | XMEMCPY(output, &rndTmp, sz) ; |
wolfSSL | 4:1b0d80432c79 | 957 | return 0; |
wolfSSL | 4:1b0d80432c79 | 958 | } |
wolfSSL | 4:1b0d80432c79 | 959 | |
wolfSSL | 4:1b0d80432c79 | 960 | #else |
wolfSSL | 4:1b0d80432c79 | 961 | |
wolfSSL | 4:1b0d80432c79 | 962 | /* return 0 on success */ |
wolfSSL | 4:1b0d80432c79 | 963 | static INLINE int IntelRDrand32(unsigned int *rnd) |
wolfSSL | 4:1b0d80432c79 | 964 | { |
wolfSSL | 4:1b0d80432c79 | 965 | int rdrand; unsigned char ok ; |
wolfSSL | 4:1b0d80432c79 | 966 | __asm__ volatile("rdrand %0; setc %1":"=r"(rdrand), "=qm"(ok)); |
wolfSSL | 4:1b0d80432c79 | 967 | if(ok){ |
wolfSSL | 4:1b0d80432c79 | 968 | *rnd = rdrand; |
wolfSSL | 4:1b0d80432c79 | 969 | return 0 ; |
wolfSSL | 4:1b0d80432c79 | 970 | } else |
wolfSSL | 4:1b0d80432c79 | 971 | return 1; |
wolfSSL | 4:1b0d80432c79 | 972 | } |
wolfSSL | 4:1b0d80432c79 | 973 | |
wolfSSL | 4:1b0d80432c79 | 974 | /* return 0 on success */ |
wolfSSL | 4:1b0d80432c79 | 975 | static INLINE int IntelRDrand32_r(unsigned int *rnd) |
wolfSSL | 4:1b0d80432c79 | 976 | { |
wolfSSL | 4:1b0d80432c79 | 977 | int i ; |
wolfSSL | 4:1b0d80432c79 | 978 | for(i=0; i<INTELRD_RETRY;i++) { |
wolfSSL | 4:1b0d80432c79 | 979 | if(IntelRDrand32(rnd) == 0) return 0 ; |
wolfSSL | 4:1b0d80432c79 | 980 | } |
wolfSSL | 4:1b0d80432c79 | 981 | return 1 ; |
wolfSSL | 4:1b0d80432c79 | 982 | } |
wolfSSL | 4:1b0d80432c79 | 983 | |
wolfSSL | 4:1b0d80432c79 | 984 | /* return 0 on success */ |
wolfSSL | 4:1b0d80432c79 | 985 | static int wc_GenerateRand_IntelRD(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 4:1b0d80432c79 | 986 | { |
wolfSSL | 4:1b0d80432c79 | 987 | (void) os ; |
wolfSSL | 4:1b0d80432c79 | 988 | int ret ; |
wolfSSL | 4:1b0d80432c79 | 989 | unsigned int rndTmp; |
wolfSSL | 4:1b0d80432c79 | 990 | |
wolfSSL | 4:1b0d80432c79 | 991 | for( ; sz/4 > 0; sz-=4, output+=4) { |
wolfSSL | 4:1b0d80432c79 | 992 | if(IS_INTEL_RDRAND)ret = IntelRDrand32_r((word32 *)output); |
wolfSSL | 4:1b0d80432c79 | 993 | else return 1 ; |
wolfSSL | 4:1b0d80432c79 | 994 | if(ret) |
wolfSSL | 4:1b0d80432c79 | 995 | return 1 ; |
wolfSSL | 4:1b0d80432c79 | 996 | } |
wolfSSL | 4:1b0d80432c79 | 997 | if(sz == 0)return 0 ; |
wolfSSL | 4:1b0d80432c79 | 998 | |
wolfSSL | 4:1b0d80432c79 | 999 | if(IS_INTEL_RDRAND)ret = IntelRDrand32_r(&rndTmp); |
wolfSSL | 4:1b0d80432c79 | 1000 | else return 1 ; |
wolfSSL | 4:1b0d80432c79 | 1001 | if(ret) |
wolfSSL | 4:1b0d80432c79 | 1002 | return 1 ; |
wolfSSL | 4:1b0d80432c79 | 1003 | XMEMCPY(output, &rndTmp, sz) ; |
wolfSSL | 4:1b0d80432c79 | 1004 | return 0; |
wolfSSL | 4:1b0d80432c79 | 1005 | } |
wolfSSL | 4:1b0d80432c79 | 1006 | #endif /* defined(HAVE_HASHDRBG) || defined(NO_RC4) */ |
wolfSSL | 4:1b0d80432c79 | 1007 | |
wolfSSL | 4:1b0d80432c79 | 1008 | #endif /* HAVE_INTEL_RDGEN */ |
wolfSSL | 4:1b0d80432c79 | 1009 | |
wolfSSL | 4:1b0d80432c79 | 1010 | |
wolfSSL | 4:1b0d80432c79 | 1011 | /* wc_GenerateSeed Implementations */ |
wolfSSL | 4:1b0d80432c79 | 1012 | #if defined(CUSTOM_RAND_GENERATE_SEED) |
wolfSSL | 4:1b0d80432c79 | 1013 | |
wolfSSL | 4:1b0d80432c79 | 1014 | /* Implement your own random generation function |
wolfSSL | 4:1b0d80432c79 | 1015 | * Return 0 to indicate success |
wolfSSL | 4:1b0d80432c79 | 1016 | * int rand_gen_seed(byte* output, word32 sz); |
wolfSSL | 4:1b0d80432c79 | 1017 | * #define CUSTOM_RAND_GENERATE_SEED rand_gen_seed */ |
wolfSSL | 4:1b0d80432c79 | 1018 | |
wolfSSL | 4:1b0d80432c79 | 1019 | int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 4:1b0d80432c79 | 1020 | { |
wolfSSL | 4:1b0d80432c79 | 1021 | (void)os; /* Suppress unused arg warning */ |
wolfSSL | 4:1b0d80432c79 | 1022 | return CUSTOM_RAND_GENERATE_SEED(output, sz); |
wolfSSL | 4:1b0d80432c79 | 1023 | } |
wolfSSL | 4:1b0d80432c79 | 1024 | |
wolfSSL | 4:1b0d80432c79 | 1025 | #elif defined(CUSTOM_RAND_GENERATE_SEED_OS) |
wolfSSL | 4:1b0d80432c79 | 1026 | |
wolfSSL | 4:1b0d80432c79 | 1027 | /* Implement your own random generation function, |
wolfSSL | 4:1b0d80432c79 | 1028 | * which includes OS_Seed. |
wolfSSL | 4:1b0d80432c79 | 1029 | * Return 0 to indicate success |
wolfSSL | 4:1b0d80432c79 | 1030 | * int rand_gen_seed(OS_Seed* os, byte* output, word32 sz); |
wolfSSL | 4:1b0d80432c79 | 1031 | * #define CUSTOM_RAND_GENERATE_SEED_OS rand_gen_seed */ |
wolfSSL | 4:1b0d80432c79 | 1032 | |
wolfSSL | 4:1b0d80432c79 | 1033 | int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 4:1b0d80432c79 | 1034 | { |
wolfSSL | 4:1b0d80432c79 | 1035 | return CUSTOM_RAND_GENERATE_SEED_OS(os, output, sz); |
wolfSSL | 4:1b0d80432c79 | 1036 | } |
wolfSSL | 4:1b0d80432c79 | 1037 | |
wolfSSL | 4:1b0d80432c79 | 1038 | |
wolfSSL | 4:1b0d80432c79 | 1039 | #elif defined(USE_WINDOWS_API) |
wolfSSL | 4:1b0d80432c79 | 1040 | |
wolfSSL | 4:1b0d80432c79 | 1041 | int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 4:1b0d80432c79 | 1042 | { |
wolfSSL | 4:1b0d80432c79 | 1043 | if(!CryptAcquireContext(&os->handle, 0, 0, PROV_RSA_FULL, |
wolfSSL | 4:1b0d80432c79 | 1044 | CRYPT_VERIFYCONTEXT)) |
wolfSSL | 4:1b0d80432c79 | 1045 | return WINCRYPT_E; |
wolfSSL | 4:1b0d80432c79 | 1046 | |
wolfSSL | 4:1b0d80432c79 | 1047 | if (!CryptGenRandom(os->handle, sz, output)) |
wolfSSL | 4:1b0d80432c79 | 1048 | return CRYPTGEN_E; |
wolfSSL | 4:1b0d80432c79 | 1049 | |
wolfSSL | 4:1b0d80432c79 | 1050 | CryptReleaseContext(os->handle, 0); |
wolfSSL | 4:1b0d80432c79 | 1051 | |
wolfSSL | 4:1b0d80432c79 | 1052 | return 0; |
wolfSSL | 4:1b0d80432c79 | 1053 | } |
wolfSSL | 4:1b0d80432c79 | 1054 | |
wolfSSL | 4:1b0d80432c79 | 1055 | |
wolfSSL | 4:1b0d80432c79 | 1056 | #elif defined(HAVE_RTP_SYS) || defined(EBSNET) |
wolfSSL | 4:1b0d80432c79 | 1057 | |
wolfSSL | 4:1b0d80432c79 | 1058 | #include "rtprand.h" /* rtp_rand () */ |
wolfSSL | 4:1b0d80432c79 | 1059 | #include "rtptime.h" /* rtp_get_system_msec() */ |
wolfSSL | 4:1b0d80432c79 | 1060 | |
wolfSSL | 4:1b0d80432c79 | 1061 | |
wolfSSL | 4:1b0d80432c79 | 1062 | int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 4:1b0d80432c79 | 1063 | { |
wolfSSL | 4:1b0d80432c79 | 1064 | int i; |
wolfSSL | 4:1b0d80432c79 | 1065 | rtp_srand(rtp_get_system_msec()); |
wolfSSL | 4:1b0d80432c79 | 1066 | |
wolfSSL | 4:1b0d80432c79 | 1067 | for (i = 0; i < sz; i++ ) { |
wolfSSL | 4:1b0d80432c79 | 1068 | output[i] = rtp_rand() % 256; |
wolfSSL | 4:1b0d80432c79 | 1069 | if ( (i % 8) == 7) |
wolfSSL | 4:1b0d80432c79 | 1070 | rtp_srand(rtp_get_system_msec()); |
wolfSSL | 4:1b0d80432c79 | 1071 | } |
wolfSSL | 4:1b0d80432c79 | 1072 | |
wolfSSL | 4:1b0d80432c79 | 1073 | return 0; |
wolfSSL | 4:1b0d80432c79 | 1074 | } |
wolfSSL | 4:1b0d80432c79 | 1075 | |
wolfSSL | 4:1b0d80432c79 | 1076 | |
wolfSSL | 4:1b0d80432c79 | 1077 | #elif defined(MICRIUM) |
wolfSSL | 4:1b0d80432c79 | 1078 | |
wolfSSL | 4:1b0d80432c79 | 1079 | int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 4:1b0d80432c79 | 1080 | { |
wolfSSL | 4:1b0d80432c79 | 1081 | #if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED) |
wolfSSL | 4:1b0d80432c79 | 1082 | NetSecure_InitSeed(output, sz); |
wolfSSL | 4:1b0d80432c79 | 1083 | #endif |
wolfSSL | 4:1b0d80432c79 | 1084 | return 0; |
wolfSSL | 4:1b0d80432c79 | 1085 | } |
wolfSSL | 4:1b0d80432c79 | 1086 | |
wolfSSL | 4:1b0d80432c79 | 1087 | #elif defined(MICROCHIP_PIC32) |
wolfSSL | 4:1b0d80432c79 | 1088 | |
wolfSSL | 4:1b0d80432c79 | 1089 | #ifdef MICROCHIP_MPLAB_HARMONY |
wolfSSL | 4:1b0d80432c79 | 1090 | #define PIC32_SEED_COUNT _CP0_GET_COUNT |
wolfSSL | 4:1b0d80432c79 | 1091 | #else |
wolfSSL | 4:1b0d80432c79 | 1092 | #if !defined(WOLFSSL_MICROCHIP_PIC32MZ) |
wolfSSL | 4:1b0d80432c79 | 1093 | #include <peripheral/timer.h> |
wolfSSL | 4:1b0d80432c79 | 1094 | #endif |
wolfSSL | 4:1b0d80432c79 | 1095 | #define PIC32_SEED_COUNT ReadCoreTimer |
wolfSSL | 4:1b0d80432c79 | 1096 | #endif |
wolfSSL | 4:1b0d80432c79 | 1097 | #ifdef WOLFSSL_MIC32MZ_RNG |
wolfSSL | 4:1b0d80432c79 | 1098 | #include "xc.h" |
wolfSSL | 4:1b0d80432c79 | 1099 | int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 4:1b0d80432c79 | 1100 | { |
wolfSSL | 4:1b0d80432c79 | 1101 | int i ; |
wolfSSL | 4:1b0d80432c79 | 1102 | byte rnd[8] ; |
wolfSSL | 4:1b0d80432c79 | 1103 | word32 *rnd32 = (word32 *)rnd ; |
wolfSSL | 4:1b0d80432c79 | 1104 | word32 size = sz ; |
wolfSSL | 4:1b0d80432c79 | 1105 | byte* op = output ; |
wolfSSL | 4:1b0d80432c79 | 1106 | |
wolfSSL | 4:1b0d80432c79 | 1107 | /* This part has to be replaced with better random seed */ |
wolfSSL | 4:1b0d80432c79 | 1108 | RNGNUMGEN1 = ReadCoreTimer(); |
wolfSSL | 4:1b0d80432c79 | 1109 | RNGPOLY1 = ReadCoreTimer(); |
wolfSSL | 4:1b0d80432c79 | 1110 | RNGPOLY2 = ReadCoreTimer(); |
wolfSSL | 4:1b0d80432c79 | 1111 | RNGNUMGEN2 = ReadCoreTimer(); |
wolfSSL | 4:1b0d80432c79 | 1112 | #ifdef DEBUG_WOLFSSL |
wolfSSL | 4:1b0d80432c79 | 1113 | printf("GenerateSeed::Seed=%08x, %08x\n", RNGNUMGEN1, RNGNUMGEN2) ; |
wolfSSL | 4:1b0d80432c79 | 1114 | #endif |
wolfSSL | 4:1b0d80432c79 | 1115 | RNGCONbits.PLEN = 0x40; |
wolfSSL | 4:1b0d80432c79 | 1116 | RNGCONbits.PRNGEN = 1; |
wolfSSL | 4:1b0d80432c79 | 1117 | for(i=0; i<5; i++) { /* wait for RNGNUMGEN ready */ |
wolfSSL | 4:1b0d80432c79 | 1118 | volatile int x ; |
wolfSSL | 4:1b0d80432c79 | 1119 | x = RNGNUMGEN1 ; |
wolfSSL | 4:1b0d80432c79 | 1120 | x = RNGNUMGEN2 ; |
wolfSSL | 4:1b0d80432c79 | 1121 | } |
wolfSSL | 4:1b0d80432c79 | 1122 | do { |
wolfSSL | 4:1b0d80432c79 | 1123 | rnd32[0] = RNGNUMGEN1; |
wolfSSL | 4:1b0d80432c79 | 1124 | rnd32[1] = RNGNUMGEN2; |
wolfSSL | 4:1b0d80432c79 | 1125 | |
wolfSSL | 4:1b0d80432c79 | 1126 | for(i=0; i<8; i++, op++) { |
wolfSSL | 4:1b0d80432c79 | 1127 | *op = rnd[i] ; |
wolfSSL | 4:1b0d80432c79 | 1128 | size -- ; |
wolfSSL | 4:1b0d80432c79 | 1129 | if(size==0)break ; |
wolfSSL | 4:1b0d80432c79 | 1130 | } |
wolfSSL | 4:1b0d80432c79 | 1131 | } while(size) ; |
wolfSSL | 4:1b0d80432c79 | 1132 | return 0; |
wolfSSL | 4:1b0d80432c79 | 1133 | } |
wolfSSL | 4:1b0d80432c79 | 1134 | #else /* WOLFSSL_MIC32MZ_RNG */ |
wolfSSL | 4:1b0d80432c79 | 1135 | /* uses the core timer, in nanoseconds to seed srand */ |
wolfSSL | 4:1b0d80432c79 | 1136 | int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 4:1b0d80432c79 | 1137 | { |
wolfSSL | 4:1b0d80432c79 | 1138 | int i; |
wolfSSL | 4:1b0d80432c79 | 1139 | srand(PIC32_SEED_COUNT() * 25); |
wolfSSL | 4:1b0d80432c79 | 1140 | |
wolfSSL | 4:1b0d80432c79 | 1141 | for (i = 0; i < sz; i++ ) { |
wolfSSL | 4:1b0d80432c79 | 1142 | output[i] = rand() % 256; |
wolfSSL | 4:1b0d80432c79 | 1143 | if ( (i % 8) == 7) |
wolfSSL | 4:1b0d80432c79 | 1144 | srand(PIC32_SEED_COUNT() * 25); |
wolfSSL | 4:1b0d80432c79 | 1145 | } |
wolfSSL | 4:1b0d80432c79 | 1146 | return 0; |
wolfSSL | 4:1b0d80432c79 | 1147 | } |
wolfSSL | 4:1b0d80432c79 | 1148 | #endif /* WOLFSSL_MIC32MZ_RNG */ |
wolfSSL | 4:1b0d80432c79 | 1149 | |
wolfSSL | 4:1b0d80432c79 | 1150 | #elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) || \ |
wolfSSL | 4:1b0d80432c79 | 1151 | defined(FREESCALE_KSDK_BM) || defined(FREESCALE_FREE_RTOS) |
wolfSSL | 4:1b0d80432c79 | 1152 | |
wolfSSL | 4:1b0d80432c79 | 1153 | #if defined(FREESCALE_K70_RNGA) || defined(FREESCALE_RNGA) |
wolfSSL | 4:1b0d80432c79 | 1154 | /* |
wolfSSL | 4:1b0d80432c79 | 1155 | * wc_Generates a RNG seed using the Random Number Generator Accelerator |
wolfSSL | 4:1b0d80432c79 | 1156 | * on the Kinetis K70. Documentation located in Chapter 37 of |
wolfSSL | 4:1b0d80432c79 | 1157 | * K70 Sub-Family Reference Manual (see Note 3 in the README for link). |
wolfSSL | 4:1b0d80432c79 | 1158 | */ |
wolfSSL | 4:1b0d80432c79 | 1159 | int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 4:1b0d80432c79 | 1160 | { |
wolfSSL | 4:1b0d80432c79 | 1161 | int i; |
wolfSSL | 4:1b0d80432c79 | 1162 | |
wolfSSL | 4:1b0d80432c79 | 1163 | /* turn on RNGA module */ |
wolfSSL | 4:1b0d80432c79 | 1164 | #if defined(SIM_SCGC3_RNGA_MASK) |
wolfSSL | 4:1b0d80432c79 | 1165 | SIM_SCGC3 |= SIM_SCGC3_RNGA_MASK; |
wolfSSL | 4:1b0d80432c79 | 1166 | #endif |
wolfSSL | 4:1b0d80432c79 | 1167 | #if defined(SIM_SCGC6_RNGA_MASK) |
wolfSSL | 4:1b0d80432c79 | 1168 | /* additionally needed for at least K64F */ |
wolfSSL | 4:1b0d80432c79 | 1169 | SIM_SCGC6 |= SIM_SCGC6_RNGA_MASK; |
wolfSSL | 4:1b0d80432c79 | 1170 | #endif |
wolfSSL | 4:1b0d80432c79 | 1171 | |
wolfSSL | 4:1b0d80432c79 | 1172 | /* set SLP bit to 0 - "RNGA is not in sleep mode" */ |
wolfSSL | 4:1b0d80432c79 | 1173 | RNG_CR &= ~RNG_CR_SLP_MASK; |
wolfSSL | 4:1b0d80432c79 | 1174 | |
wolfSSL | 4:1b0d80432c79 | 1175 | /* set HA bit to 1 - "security violations masked" */ |
wolfSSL | 4:1b0d80432c79 | 1176 | RNG_CR |= RNG_CR_HA_MASK; |
wolfSSL | 4:1b0d80432c79 | 1177 | |
wolfSSL | 4:1b0d80432c79 | 1178 | /* set GO bit to 1 - "output register loaded with data" */ |
wolfSSL | 4:1b0d80432c79 | 1179 | RNG_CR |= RNG_CR_GO_MASK; |
wolfSSL | 4:1b0d80432c79 | 1180 | |
wolfSSL | 4:1b0d80432c79 | 1181 | for (i = 0; i < sz; i++) { |
wolfSSL | 4:1b0d80432c79 | 1182 | |
wolfSSL | 4:1b0d80432c79 | 1183 | /* wait for RNG FIFO to be full */ |
wolfSSL | 4:1b0d80432c79 | 1184 | while((RNG_SR & RNG_SR_OREG_LVL(0xF)) == 0) {} |
wolfSSL | 4:1b0d80432c79 | 1185 | |
wolfSSL | 4:1b0d80432c79 | 1186 | /* get value */ |
wolfSSL | 4:1b0d80432c79 | 1187 | output[i] = RNG_OR; |
wolfSSL | 4:1b0d80432c79 | 1188 | } |
wolfSSL | 4:1b0d80432c79 | 1189 | |
wolfSSL | 4:1b0d80432c79 | 1190 | return 0; |
wolfSSL | 4:1b0d80432c79 | 1191 | } |
wolfSSL | 4:1b0d80432c79 | 1192 | |
wolfSSL | 4:1b0d80432c79 | 1193 | #elif defined(FREESCALE_K53_RNGB) || defined(FREESCALE_RNGB) |
wolfSSL | 4:1b0d80432c79 | 1194 | /* |
wolfSSL | 4:1b0d80432c79 | 1195 | * wc_Generates a RNG seed using the Random Number Generator (RNGB) |
wolfSSL | 4:1b0d80432c79 | 1196 | * on the Kinetis K53. Documentation located in Chapter 33 of |
wolfSSL | 4:1b0d80432c79 | 1197 | * K53 Sub-Family Reference Manual (see note in the README for link). |
wolfSSL | 4:1b0d80432c79 | 1198 | */ |
wolfSSL | 4:1b0d80432c79 | 1199 | int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 4:1b0d80432c79 | 1200 | { |
wolfSSL | 4:1b0d80432c79 | 1201 | int i; |
wolfSSL | 4:1b0d80432c79 | 1202 | |
wolfSSL | 4:1b0d80432c79 | 1203 | /* turn on RNGB module */ |
wolfSSL | 4:1b0d80432c79 | 1204 | SIM_SCGC3 |= SIM_SCGC3_RNGB_MASK; |
wolfSSL | 4:1b0d80432c79 | 1205 | |
wolfSSL | 4:1b0d80432c79 | 1206 | /* reset RNGB */ |
wolfSSL | 4:1b0d80432c79 | 1207 | RNG_CMD |= RNG_CMD_SR_MASK; |
wolfSSL | 4:1b0d80432c79 | 1208 | |
wolfSSL | 4:1b0d80432c79 | 1209 | /* FIFO generate interrupt, return all zeros on underflow, |
wolfSSL | 4:1b0d80432c79 | 1210 | * set auto reseed */ |
wolfSSL | 4:1b0d80432c79 | 1211 | RNG_CR |= (RNG_CR_FUFMOD_MASK | RNG_CR_AR_MASK); |
wolfSSL | 4:1b0d80432c79 | 1212 | |
wolfSSL | 4:1b0d80432c79 | 1213 | /* gen seed, clear interrupts, clear errors */ |
wolfSSL | 4:1b0d80432c79 | 1214 | RNG_CMD |= (RNG_CMD_GS_MASK | RNG_CMD_CI_MASK | RNG_CMD_CE_MASK); |
wolfSSL | 4:1b0d80432c79 | 1215 | |
wolfSSL | 4:1b0d80432c79 | 1216 | /* wait for seeding to complete */ |
wolfSSL | 4:1b0d80432c79 | 1217 | while ((RNG_SR & RNG_SR_SDN_MASK) == 0) {} |
wolfSSL | 4:1b0d80432c79 | 1218 | |
wolfSSL | 4:1b0d80432c79 | 1219 | for (i = 0; i < sz; i++) { |
wolfSSL | 4:1b0d80432c79 | 1220 | |
wolfSSL | 4:1b0d80432c79 | 1221 | /* wait for a word to be available from FIFO */ |
wolfSSL | 4:1b0d80432c79 | 1222 | while((RNG_SR & RNG_SR_FIFO_LVL_MASK) == 0) {} |
wolfSSL | 4:1b0d80432c79 | 1223 | |
wolfSSL | 4:1b0d80432c79 | 1224 | /* get value */ |
wolfSSL | 4:1b0d80432c79 | 1225 | output[i] = RNG_OUT; |
wolfSSL | 4:1b0d80432c79 | 1226 | } |
wolfSSL | 4:1b0d80432c79 | 1227 | |
wolfSSL | 4:1b0d80432c79 | 1228 | return 0; |
wolfSSL | 4:1b0d80432c79 | 1229 | } |
wolfSSL | 4:1b0d80432c79 | 1230 | |
wolfSSL | 4:1b0d80432c79 | 1231 | #elif defined(FREESCALE_TRNG) |
wolfSSL | 4:1b0d80432c79 | 1232 | |
wolfSSL | 4:1b0d80432c79 | 1233 | int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 4:1b0d80432c79 | 1234 | { |
wolfSSL | 4:1b0d80432c79 | 1235 | TRNG_DRV_GetRandomData(TRNG_INSTANCE, output, sz); |
wolfSSL | 4:1b0d80432c79 | 1236 | return 0; |
wolfSSL | 4:1b0d80432c79 | 1237 | } |
wolfSSL | 4:1b0d80432c79 | 1238 | |
wolfSSL | 4:1b0d80432c79 | 1239 | |
wolfSSL | 4:1b0d80432c79 | 1240 | #elif defined(FREESCALE_RNGA) |
wolfSSL | 4:1b0d80432c79 | 1241 | |
wolfSSL | 4:1b0d80432c79 | 1242 | int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 4:1b0d80432c79 | 1243 | { |
wolfSSL | 4:1b0d80432c79 | 1244 | RNGA_DRV_GetRandomData(RNGA_INSTANCE, output, sz); |
wolfSSL | 4:1b0d80432c79 | 1245 | return 0; |
wolfSSL | 4:1b0d80432c79 | 1246 | } |
wolfSSL | 4:1b0d80432c79 | 1247 | |
wolfSSL | 4:1b0d80432c79 | 1248 | #else |
wolfSSL | 4:1b0d80432c79 | 1249 | #warning "write a real random seed!!!!, just for testing now" |
wolfSSL | 4:1b0d80432c79 | 1250 | |
wolfSSL | 4:1b0d80432c79 | 1251 | int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 4:1b0d80432c79 | 1252 | { |
wolfSSL | 4:1b0d80432c79 | 1253 | int i; |
wolfSSL | 4:1b0d80432c79 | 1254 | for (i = 0; i < sz; i++ ) |
wolfSSL | 4:1b0d80432c79 | 1255 | output[i] = i; |
wolfSSL | 4:1b0d80432c79 | 1256 | |
wolfSSL | 4:1b0d80432c79 | 1257 | return 0; |
wolfSSL | 4:1b0d80432c79 | 1258 | } |
wolfSSL | 4:1b0d80432c79 | 1259 | #endif /* FREESCALE_K70_RNGA */ |
wolfSSL | 4:1b0d80432c79 | 1260 | |
wolfSSL | 4:1b0d80432c79 | 1261 | #elif defined(WOLFSSL_SAFERTOS) || defined(WOLFSSL_LEANPSK) \ |
wolfSSL | 4:1b0d80432c79 | 1262 | || defined(WOLFSSL_IAR_ARM) || defined(WOLFSSL_MDK_ARM) \ |
wolfSSL | 4:1b0d80432c79 | 1263 | || defined(WOLFSSL_uITRON4) || defined(WOLFSSL_uTKERNEL2)\ |
wolfSSL | 4:1b0d80432c79 | 1264 | || defined(WOLFSSL_GENSEED_FORTEST) |
wolfSSL | 4:1b0d80432c79 | 1265 | |
wolfSSL | 4:1b0d80432c79 | 1266 | #ifndef _MSC_VER |
wolfSSL | 4:1b0d80432c79 | 1267 | #warning "write a real random seed!!!!, just for testing now" |
wolfSSL | 4:1b0d80432c79 | 1268 | #else |
wolfSSL | 4:1b0d80432c79 | 1269 | #pragma message("Warning: write a real random seed!!!!, just for testing now") |
wolfSSL | 4:1b0d80432c79 | 1270 | #endif |
wolfSSL | 4:1b0d80432c79 | 1271 | |
wolfSSL | 4:1b0d80432c79 | 1272 | int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 4:1b0d80432c79 | 1273 | { |
wolfSSL | 4:1b0d80432c79 | 1274 | word32 i; |
wolfSSL | 4:1b0d80432c79 | 1275 | for (i = 0; i < sz; i++ ) |
wolfSSL | 4:1b0d80432c79 | 1276 | output[i] = i; |
wolfSSL | 4:1b0d80432c79 | 1277 | |
wolfSSL | 4:1b0d80432c79 | 1278 | (void)os; |
wolfSSL | 4:1b0d80432c79 | 1279 | |
wolfSSL | 4:1b0d80432c79 | 1280 | return 0; |
wolfSSL | 4:1b0d80432c79 | 1281 | } |
wolfSSL | 4:1b0d80432c79 | 1282 | |
wolfSSL | 4:1b0d80432c79 | 1283 | #elif defined(STM32F2_RNG) |
wolfSSL | 4:1b0d80432c79 | 1284 | #undef RNG |
wolfSSL | 4:1b0d80432c79 | 1285 | #include "stm32f2xx_rng.h" |
wolfSSL | 4:1b0d80432c79 | 1286 | #include "stm32f2xx_rcc.h" |
wolfSSL | 4:1b0d80432c79 | 1287 | /* |
wolfSSL | 4:1b0d80432c79 | 1288 | * wc_Generate a RNG seed using the hardware random number generator |
wolfSSL | 4:1b0d80432c79 | 1289 | * on the STM32F2. Documentation located in STM32F2xx Standard Peripheral |
wolfSSL | 4:1b0d80432c79 | 1290 | * Library document (See note in README). |
wolfSSL | 4:1b0d80432c79 | 1291 | */ |
wolfSSL | 4:1b0d80432c79 | 1292 | int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 4:1b0d80432c79 | 1293 | { |
wolfSSL | 4:1b0d80432c79 | 1294 | int i; |
wolfSSL | 4:1b0d80432c79 | 1295 | |
wolfSSL | 4:1b0d80432c79 | 1296 | /* enable RNG clock source */ |
wolfSSL | 4:1b0d80432c79 | 1297 | RCC_AHB2PeriphClockCmd(RCC_AHB2Periph_RNG, ENABLE); |
wolfSSL | 4:1b0d80432c79 | 1298 | |
wolfSSL | 4:1b0d80432c79 | 1299 | /* enable RNG peripheral */ |
wolfSSL | 4:1b0d80432c79 | 1300 | RNG_Cmd(ENABLE); |
wolfSSL | 4:1b0d80432c79 | 1301 | |
wolfSSL | 4:1b0d80432c79 | 1302 | for (i = 0; i < sz; i++) { |
wolfSSL | 4:1b0d80432c79 | 1303 | /* wait until RNG number is ready */ |
wolfSSL | 4:1b0d80432c79 | 1304 | while(RNG_GetFlagStatus(RNG_FLAG_DRDY)== RESET) { } |
wolfSSL | 4:1b0d80432c79 | 1305 | |
wolfSSL | 4:1b0d80432c79 | 1306 | /* get value */ |
wolfSSL | 4:1b0d80432c79 | 1307 | output[i] = RNG_GetRandomNumber(); |
wolfSSL | 4:1b0d80432c79 | 1308 | } |
wolfSSL | 4:1b0d80432c79 | 1309 | |
wolfSSL | 4:1b0d80432c79 | 1310 | return 0; |
wolfSSL | 4:1b0d80432c79 | 1311 | } |
wolfSSL | 4:1b0d80432c79 | 1312 | #elif defined(WOLFSSL_LPC43xx) || defined(WOLFSSL_STM32F2xx) || defined(MBED) |
wolfSSL | 4:1b0d80432c79 | 1313 | |
wolfSSL | 4:1b0d80432c79 | 1314 | #warning "write a real random seed!!!!, just for testing now" |
wolfSSL | 4:1b0d80432c79 | 1315 | |
wolfSSL | 4:1b0d80432c79 | 1316 | int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 4:1b0d80432c79 | 1317 | { |
wolfSSL | 4:1b0d80432c79 | 1318 | int i; |
wolfSSL | 4:1b0d80432c79 | 1319 | |
wolfSSL | 4:1b0d80432c79 | 1320 | for (i = 0; i < sz; i++ ) |
wolfSSL | 4:1b0d80432c79 | 1321 | output[i] = i; |
wolfSSL | 4:1b0d80432c79 | 1322 | |
wolfSSL | 4:1b0d80432c79 | 1323 | return 0; |
wolfSSL | 4:1b0d80432c79 | 1324 | } |
wolfSSL | 4:1b0d80432c79 | 1325 | |
wolfSSL | 4:1b0d80432c79 | 1326 | #elif defined(WOLFSSL_TIRTOS) |
wolfSSL | 4:1b0d80432c79 | 1327 | |
wolfSSL | 4:1b0d80432c79 | 1328 | #include <xdc/runtime/Timestamp.h> |
wolfSSL | 4:1b0d80432c79 | 1329 | #include <stdlib.h> |
wolfSSL | 4:1b0d80432c79 | 1330 | int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 4:1b0d80432c79 | 1331 | { |
wolfSSL | 4:1b0d80432c79 | 1332 | int i; |
wolfSSL | 4:1b0d80432c79 | 1333 | srand(xdc_runtime_Timestamp_get32()); |
wolfSSL | 4:1b0d80432c79 | 1334 | |
wolfSSL | 4:1b0d80432c79 | 1335 | for (i = 0; i < sz; i++ ) { |
wolfSSL | 4:1b0d80432c79 | 1336 | output[i] = rand() % 256; |
wolfSSL | 4:1b0d80432c79 | 1337 | if ((i % 8) == 7) { |
wolfSSL | 4:1b0d80432c79 | 1338 | srand(xdc_runtime_Timestamp_get32()); |
wolfSSL | 4:1b0d80432c79 | 1339 | } |
wolfSSL | 4:1b0d80432c79 | 1340 | } |
wolfSSL | 4:1b0d80432c79 | 1341 | |
wolfSSL | 4:1b0d80432c79 | 1342 | return 0; |
wolfSSL | 4:1b0d80432c79 | 1343 | } |
wolfSSL | 4:1b0d80432c79 | 1344 | |
wolfSSL | 4:1b0d80432c79 | 1345 | #elif defined(WOLFSSL_VXWORKS) |
wolfSSL | 4:1b0d80432c79 | 1346 | |
wolfSSL | 4:1b0d80432c79 | 1347 | #include <randomNumGen.h> |
wolfSSL | 4:1b0d80432c79 | 1348 | |
wolfSSL | 4:1b0d80432c79 | 1349 | int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) { |
wolfSSL | 4:1b0d80432c79 | 1350 | STATUS status; |
wolfSSL | 4:1b0d80432c79 | 1351 | |
wolfSSL | 4:1b0d80432c79 | 1352 | #ifdef VXWORKS_SIM |
wolfSSL | 4:1b0d80432c79 | 1353 | /* cannot generate true entropy with VxWorks simulator */ |
wolfSSL | 4:1b0d80432c79 | 1354 | #warning "not enough entropy, simulator for testing only" |
wolfSSL | 4:1b0d80432c79 | 1355 | int i = 0; |
wolfSSL | 4:1b0d80432c79 | 1356 | |
wolfSSL | 4:1b0d80432c79 | 1357 | for (i = 0; i < 1000; i++) { |
wolfSSL | 4:1b0d80432c79 | 1358 | randomAddTimeStamp(); |
wolfSSL | 4:1b0d80432c79 | 1359 | } |
wolfSSL | 4:1b0d80432c79 | 1360 | #endif |
wolfSSL | 4:1b0d80432c79 | 1361 | |
wolfSSL | 4:1b0d80432c79 | 1362 | status = randBytes (output, sz); |
wolfSSL | 4:1b0d80432c79 | 1363 | if (status == ERROR) { |
wolfSSL | 4:1b0d80432c79 | 1364 | return RNG_FAILURE_E; |
wolfSSL | 4:1b0d80432c79 | 1365 | } |
wolfSSL | 4:1b0d80432c79 | 1366 | |
wolfSSL | 4:1b0d80432c79 | 1367 | return 0; |
wolfSSL | 4:1b0d80432c79 | 1368 | } |
wolfSSL | 4:1b0d80432c79 | 1369 | |
wolfSSL | 4:1b0d80432c79 | 1370 | #elif defined(WOLFSSL_NRF51) |
wolfSSL | 4:1b0d80432c79 | 1371 | #include "app_error.h" |
wolfSSL | 4:1b0d80432c79 | 1372 | #include "nrf_drv_rng.h" |
wolfSSL | 4:1b0d80432c79 | 1373 | int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 4:1b0d80432c79 | 1374 | { |
wolfSSL | 4:1b0d80432c79 | 1375 | int remaining = sz, length, pos = 0; |
wolfSSL | 4:1b0d80432c79 | 1376 | uint8_t available; |
wolfSSL | 4:1b0d80432c79 | 1377 | uint32_t err_code; |
wolfSSL | 4:1b0d80432c79 | 1378 | |
wolfSSL | 4:1b0d80432c79 | 1379 | (void)os; |
wolfSSL | 4:1b0d80432c79 | 1380 | |
wolfSSL | 4:1b0d80432c79 | 1381 | /* Make sure RNG is running */ |
wolfSSL | 4:1b0d80432c79 | 1382 | err_code = nrf_drv_rng_init(NULL); |
wolfSSL | 4:1b0d80432c79 | 1383 | if (err_code != NRF_SUCCESS && err_code != NRF_ERROR_INVALID_STATE) { |
wolfSSL | 4:1b0d80432c79 | 1384 | return -1; |
wolfSSL | 4:1b0d80432c79 | 1385 | } |
wolfSSL | 4:1b0d80432c79 | 1386 | |
wolfSSL | 4:1b0d80432c79 | 1387 | while (remaining > 0) { |
wolfSSL | 4:1b0d80432c79 | 1388 | err_code = nrf_drv_rng_bytes_available(&available); |
wolfSSL | 4:1b0d80432c79 | 1389 | if (err_code == NRF_SUCCESS) { |
wolfSSL | 4:1b0d80432c79 | 1390 | length = (remaining < available) ? remaining : available; |
wolfSSL | 4:1b0d80432c79 | 1391 | if (length > 0) { |
wolfSSL | 4:1b0d80432c79 | 1392 | err_code = nrf_drv_rng_rand(&output[pos], length); |
wolfSSL | 4:1b0d80432c79 | 1393 | remaining -= length; |
wolfSSL | 4:1b0d80432c79 | 1394 | pos += length; |
wolfSSL | 4:1b0d80432c79 | 1395 | } |
wolfSSL | 4:1b0d80432c79 | 1396 | } |
wolfSSL | 4:1b0d80432c79 | 1397 | |
wolfSSL | 4:1b0d80432c79 | 1398 | if (err_code != NRF_SUCCESS) { |
wolfSSL | 4:1b0d80432c79 | 1399 | break; |
wolfSSL | 4:1b0d80432c79 | 1400 | } |
wolfSSL | 4:1b0d80432c79 | 1401 | } |
wolfSSL | 4:1b0d80432c79 | 1402 | |
wolfSSL | 4:1b0d80432c79 | 1403 | return (err_code == NRF_SUCCESS) ? 0 : -1; |
wolfSSL | 4:1b0d80432c79 | 1404 | } |
wolfSSL | 4:1b0d80432c79 | 1405 | |
wolfSSL | 4:1b0d80432c79 | 1406 | #elif defined(CUSTOM_RAND_GENERATE) |
wolfSSL | 4:1b0d80432c79 | 1407 | |
wolfSSL | 4:1b0d80432c79 | 1408 | /* Implement your own random generation function |
wolfSSL | 4:1b0d80432c79 | 1409 | * word32 rand_gen(void); |
wolfSSL | 4:1b0d80432c79 | 1410 | * #define CUSTOM_RAND_GENERATE rand_gen */ |
wolfSSL | 4:1b0d80432c79 | 1411 | |
wolfSSL | 4:1b0d80432c79 | 1412 | int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 4:1b0d80432c79 | 1413 | { |
wolfSSL | 4:1b0d80432c79 | 1414 | word32 i = 0; |
wolfSSL | 4:1b0d80432c79 | 1415 | |
wolfSSL | 4:1b0d80432c79 | 1416 | (void)os; |
wolfSSL | 4:1b0d80432c79 | 1417 | |
wolfSSL | 4:1b0d80432c79 | 1418 | while (i < sz) |
wolfSSL | 4:1b0d80432c79 | 1419 | { |
wolfSSL | 4:1b0d80432c79 | 1420 | /* If not aligned or there is odd/remainder */ |
wolfSSL | 4:1b0d80432c79 | 1421 | if( (i + sizeof(CUSTOM_RAND_TYPE)) > sz || |
wolfSSL | 4:1b0d80432c79 | 1422 | ((wolfssl_word)&output[i] % sizeof(CUSTOM_RAND_TYPE)) != 0 |
wolfSSL | 4:1b0d80432c79 | 1423 | ) { |
wolfSSL | 4:1b0d80432c79 | 1424 | /* Single byte at a time */ |
wolfSSL | 4:1b0d80432c79 | 1425 | output[i++] = (byte)CUSTOM_RAND_GENERATE(); |
wolfSSL | 4:1b0d80432c79 | 1426 | } |
wolfSSL | 4:1b0d80432c79 | 1427 | else { |
wolfSSL | 4:1b0d80432c79 | 1428 | /* Use native 8, 16, 32 or 64 copy instruction */ |
wolfSSL | 4:1b0d80432c79 | 1429 | *((CUSTOM_RAND_TYPE*)&output[i]) = CUSTOM_RAND_GENERATE(); |
wolfSSL | 4:1b0d80432c79 | 1430 | i += sizeof(CUSTOM_RAND_TYPE); |
wolfSSL | 4:1b0d80432c79 | 1431 | } |
wolfSSL | 4:1b0d80432c79 | 1432 | } |
wolfSSL | 4:1b0d80432c79 | 1433 | |
wolfSSL | 4:1b0d80432c79 | 1434 | return 0; |
wolfSSL | 4:1b0d80432c79 | 1435 | } |
wolfSSL | 4:1b0d80432c79 | 1436 | |
wolfSSL | 4:1b0d80432c79 | 1437 | #elif defined(NO_DEV_RANDOM) |
wolfSSL | 4:1b0d80432c79 | 1438 | |
wolfSSL | 4:1b0d80432c79 | 1439 | #error "you need to write an os specific wc_GenerateSeed() here" |
wolfSSL | 4:1b0d80432c79 | 1440 | |
wolfSSL | 4:1b0d80432c79 | 1441 | /* |
wolfSSL | 4:1b0d80432c79 | 1442 | int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 4:1b0d80432c79 | 1443 | { |
wolfSSL | 4:1b0d80432c79 | 1444 | return 0; |
wolfSSL | 4:1b0d80432c79 | 1445 | } |
wolfSSL | 4:1b0d80432c79 | 1446 | */ |
wolfSSL | 4:1b0d80432c79 | 1447 | |
wolfSSL | 4:1b0d80432c79 | 1448 | |
wolfSSL | 4:1b0d80432c79 | 1449 | #elif defined(IDIRECT_DEV_RANDOM) |
wolfSSL | 4:1b0d80432c79 | 1450 | |
wolfSSL | 4:1b0d80432c79 | 1451 | extern int getRandom( int sz, unsigned char *output ); |
wolfSSL | 4:1b0d80432c79 | 1452 | |
wolfSSL | 4:1b0d80432c79 | 1453 | int GenerateSeed(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 4:1b0d80432c79 | 1454 | { |
wolfSSL | 4:1b0d80432c79 | 1455 | int num_bytes_returned = 0; |
wolfSSL | 4:1b0d80432c79 | 1456 | |
wolfSSL | 4:1b0d80432c79 | 1457 | num_bytes_returned = getRandom( (int) sz, (unsigned char *) output ); |
wolfSSL | 4:1b0d80432c79 | 1458 | |
wolfSSL | 4:1b0d80432c79 | 1459 | return 0; |
wolfSSL | 4:1b0d80432c79 | 1460 | } |
wolfSSL | 4:1b0d80432c79 | 1461 | |
wolfSSL | 4:1b0d80432c79 | 1462 | |
wolfSSL | 4:1b0d80432c79 | 1463 | #else /* !USE_WINDOWS_API && !HAVE_RPT_SYS && !MICRIUM && !NO_DEV_RANDOM */ |
wolfSSL | 4:1b0d80432c79 | 1464 | |
wolfSSL | 4:1b0d80432c79 | 1465 | /* may block */ |
wolfSSL | 4:1b0d80432c79 | 1466 | int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 4:1b0d80432c79 | 1467 | { |
wolfSSL | 4:1b0d80432c79 | 1468 | int ret = 0; |
wolfSSL | 4:1b0d80432c79 | 1469 | |
wolfSSL | 4:1b0d80432c79 | 1470 | |
wolfSSL | 4:1b0d80432c79 | 1471 | #if defined(HAVE_INTEL_RDGEN) && (defined(HAVE_HASHDRBG) || defined(NO_RC4)) |
wolfSSL | 4:1b0d80432c79 | 1472 | wc_InitRng_IntelRD() ; /* set cpuid_flags if not yet */ |
wolfSSL | 4:1b0d80432c79 | 1473 | if(IS_INTEL_RDSEED) |
wolfSSL | 4:1b0d80432c79 | 1474 | return wc_GenerateSeed_IntelRD(NULL, output, sz) ; |
wolfSSL | 4:1b0d80432c79 | 1475 | #endif |
wolfSSL | 4:1b0d80432c79 | 1476 | |
wolfSSL | 4:1b0d80432c79 | 1477 | os->fd = open("/dev/urandom",O_RDONLY); |
wolfSSL | 4:1b0d80432c79 | 1478 | if (os->fd == -1) { |
wolfSSL | 4:1b0d80432c79 | 1479 | /* may still have /dev/random */ |
wolfSSL | 4:1b0d80432c79 | 1480 | os->fd = open("/dev/random",O_RDONLY); |
wolfSSL | 4:1b0d80432c79 | 1481 | if (os->fd == -1) |
wolfSSL | 4:1b0d80432c79 | 1482 | return OPEN_RAN_E; |
wolfSSL | 4:1b0d80432c79 | 1483 | } |
wolfSSL | 4:1b0d80432c79 | 1484 | |
wolfSSL | 4:1b0d80432c79 | 1485 | while (sz) { |
wolfSSL | 4:1b0d80432c79 | 1486 | int len = (int)read(os->fd, output, sz); |
wolfSSL | 4:1b0d80432c79 | 1487 | if (len == -1) { |
wolfSSL | 4:1b0d80432c79 | 1488 | ret = READ_RAN_E; |
wolfSSL | 4:1b0d80432c79 | 1489 | break; |
wolfSSL | 4:1b0d80432c79 | 1490 | } |
wolfSSL | 4:1b0d80432c79 | 1491 | |
wolfSSL | 4:1b0d80432c79 | 1492 | sz -= len; |
wolfSSL | 4:1b0d80432c79 | 1493 | output += len; |
wolfSSL | 4:1b0d80432c79 | 1494 | |
wolfSSL | 4:1b0d80432c79 | 1495 | if (sz) { |
wolfSSL | 4:1b0d80432c79 | 1496 | #ifdef BLOCKING |
wolfSSL | 4:1b0d80432c79 | 1497 | sleep(0); /* context switch */ |
wolfSSL | 4:1b0d80432c79 | 1498 | #else |
wolfSSL | 4:1b0d80432c79 | 1499 | ret = RAN_BLOCK_E; |
wolfSSL | 4:1b0d80432c79 | 1500 | break; |
wolfSSL | 4:1b0d80432c79 | 1501 | #endif |
wolfSSL | 4:1b0d80432c79 | 1502 | } |
wolfSSL | 4:1b0d80432c79 | 1503 | } |
wolfSSL | 4:1b0d80432c79 | 1504 | close(os->fd); |
wolfSSL | 4:1b0d80432c79 | 1505 | |
wolfSSL | 4:1b0d80432c79 | 1506 | return ret; |
wolfSSL | 4:1b0d80432c79 | 1507 | } |
wolfSSL | 4:1b0d80432c79 | 1508 | |
wolfSSL | 4:1b0d80432c79 | 1509 | #endif /* USE_WINDOWS_API */ |
wolfSSL | 4:1b0d80432c79 | 1510 | #endif /* CUSTOM_RAND_GENERATE_BLOCK */ |
wolfSSL | 4:1b0d80432c79 | 1511 | #endif /* HAVE_FIPS */ |
wolfSSL | 4:1b0d80432c79 | 1512 | |
wolfSSL | 4:1b0d80432c79 | 1513 |