wolfSSL SSL/TLS library, support up to TLS1.3
Dependents: CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more
wolfcrypt/src/random.c@13:f67a6c6013ca, 2017-08-22 (annotated)
- Committer:
- wolfSSL
- Date:
- Tue Aug 22 10:48:22 2017 +0000
- Revision:
- 13:f67a6c6013ca
wolfSSL3.12.0 with TLS1.3
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
wolfSSL | 13:f67a6c6013ca | 1 | /* random.c |
wolfSSL | 13:f67a6c6013ca | 2 | * |
wolfSSL | 13:f67a6c6013ca | 3 | * Copyright (C) 2006-2016 wolfSSL Inc. |
wolfSSL | 13:f67a6c6013ca | 4 | * |
wolfSSL | 13:f67a6c6013ca | 5 | * This file is part of wolfSSL. |
wolfSSL | 13:f67a6c6013ca | 6 | * |
wolfSSL | 13:f67a6c6013ca | 7 | * wolfSSL is free software; you can redistribute it and/or modify |
wolfSSL | 13:f67a6c6013ca | 8 | * it under the terms of the GNU General Public License as published by |
wolfSSL | 13:f67a6c6013ca | 9 | * the Free Software Foundation; either version 2 of the License, or |
wolfSSL | 13:f67a6c6013ca | 10 | * (at your option) any later version. |
wolfSSL | 13:f67a6c6013ca | 11 | * |
wolfSSL | 13:f67a6c6013ca | 12 | * wolfSSL is distributed in the hope that it will be useful, |
wolfSSL | 13:f67a6c6013ca | 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
wolfSSL | 13:f67a6c6013ca | 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
wolfSSL | 13:f67a6c6013ca | 15 | * GNU General Public License for more details. |
wolfSSL | 13:f67a6c6013ca | 16 | * |
wolfSSL | 13:f67a6c6013ca | 17 | * You should have received a copy of the GNU General Public License |
wolfSSL | 13:f67a6c6013ca | 18 | * along with this program; if not, write to the Free Software |
wolfSSL | 13:f67a6c6013ca | 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA |
wolfSSL | 13:f67a6c6013ca | 20 | */ |
wolfSSL | 13:f67a6c6013ca | 21 | |
wolfSSL | 13:f67a6c6013ca | 22 | |
wolfSSL | 13:f67a6c6013ca | 23 | #ifdef HAVE_CONFIG_H |
wolfSSL | 13:f67a6c6013ca | 24 | #include <config.h> |
wolfSSL | 13:f67a6c6013ca | 25 | #endif |
wolfSSL | 13:f67a6c6013ca | 26 | |
wolfSSL | 13:f67a6c6013ca | 27 | #include <wolfssl/wolfcrypt/settings.h> |
wolfSSL | 13:f67a6c6013ca | 28 | |
wolfSSL | 13:f67a6c6013ca | 29 | /* on HPUX 11 you may need to install /dev/random see |
wolfSSL | 13:f67a6c6013ca | 30 | http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=KRNG11I |
wolfSSL | 13:f67a6c6013ca | 31 | |
wolfSSL | 13:f67a6c6013ca | 32 | */ |
wolfSSL | 13:f67a6c6013ca | 33 | |
wolfSSL | 13:f67a6c6013ca | 34 | #include <wolfssl/wolfcrypt/random.h> |
wolfSSL | 13:f67a6c6013ca | 35 | #include <wolfssl/wolfcrypt/cpuid.h> |
wolfSSL | 13:f67a6c6013ca | 36 | |
wolfSSL | 13:f67a6c6013ca | 37 | |
wolfSSL | 13:f67a6c6013ca | 38 | #ifdef HAVE_FIPS |
wolfSSL | 13:f67a6c6013ca | 39 | int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz) |
wolfSSL | 13:f67a6c6013ca | 40 | { |
wolfSSL | 13:f67a6c6013ca | 41 | return GenerateSeed(os, seed, sz); |
wolfSSL | 13:f67a6c6013ca | 42 | } |
wolfSSL | 13:f67a6c6013ca | 43 | |
wolfSSL | 13:f67a6c6013ca | 44 | int wc_InitRng_ex(WC_RNG* rng, void* heap, int devId) |
wolfSSL | 13:f67a6c6013ca | 45 | { |
wolfSSL | 13:f67a6c6013ca | 46 | (void)heap; |
wolfSSL | 13:f67a6c6013ca | 47 | (void)devId; |
wolfSSL | 13:f67a6c6013ca | 48 | return InitRng_fips(rng); |
wolfSSL | 13:f67a6c6013ca | 49 | } |
wolfSSL | 13:f67a6c6013ca | 50 | |
wolfSSL | 13:f67a6c6013ca | 51 | int wc_InitRng(WC_RNG* rng) |
wolfSSL | 13:f67a6c6013ca | 52 | { |
wolfSSL | 13:f67a6c6013ca | 53 | return InitRng_fips(rng); |
wolfSSL | 13:f67a6c6013ca | 54 | } |
wolfSSL | 13:f67a6c6013ca | 55 | |
wolfSSL | 13:f67a6c6013ca | 56 | |
wolfSSL | 13:f67a6c6013ca | 57 | int wc_RNG_GenerateBlock(WC_RNG* rng, byte* b, word32 sz) |
wolfSSL | 13:f67a6c6013ca | 58 | { |
wolfSSL | 13:f67a6c6013ca | 59 | return RNG_GenerateBlock_fips(rng, b, sz); |
wolfSSL | 13:f67a6c6013ca | 60 | } |
wolfSSL | 13:f67a6c6013ca | 61 | |
wolfSSL | 13:f67a6c6013ca | 62 | |
wolfSSL | 13:f67a6c6013ca | 63 | int wc_RNG_GenerateByte(WC_RNG* rng, byte* b) |
wolfSSL | 13:f67a6c6013ca | 64 | { |
wolfSSL | 13:f67a6c6013ca | 65 | return RNG_GenerateByte(rng, b); |
wolfSSL | 13:f67a6c6013ca | 66 | } |
wolfSSL | 13:f67a6c6013ca | 67 | |
wolfSSL | 13:f67a6c6013ca | 68 | #ifdef HAVE_HASHDRBG |
wolfSSL | 13:f67a6c6013ca | 69 | |
wolfSSL | 13:f67a6c6013ca | 70 | int wc_FreeRng(WC_RNG* rng) |
wolfSSL | 13:f67a6c6013ca | 71 | { |
wolfSSL | 13:f67a6c6013ca | 72 | return FreeRng_fips(rng); |
wolfSSL | 13:f67a6c6013ca | 73 | } |
wolfSSL | 13:f67a6c6013ca | 74 | |
wolfSSL | 13:f67a6c6013ca | 75 | int wc_RNG_HealthTest(int reseed, |
wolfSSL | 13:f67a6c6013ca | 76 | const byte* entropyA, word32 entropyASz, |
wolfSSL | 13:f67a6c6013ca | 77 | const byte* entropyB, word32 entropyBSz, |
wolfSSL | 13:f67a6c6013ca | 78 | byte* output, word32 outputSz) |
wolfSSL | 13:f67a6c6013ca | 79 | { |
wolfSSL | 13:f67a6c6013ca | 80 | return RNG_HealthTest_fips(reseed, entropyA, entropyASz, |
wolfSSL | 13:f67a6c6013ca | 81 | entropyB, entropyBSz, output, outputSz); |
wolfSSL | 13:f67a6c6013ca | 82 | } |
wolfSSL | 13:f67a6c6013ca | 83 | #endif /* HAVE_HASHDRBG */ |
wolfSSL | 13:f67a6c6013ca | 84 | |
wolfSSL | 13:f67a6c6013ca | 85 | #else /* else build without fips */ |
wolfSSL | 13:f67a6c6013ca | 86 | |
wolfSSL | 13:f67a6c6013ca | 87 | #ifndef WC_NO_RNG /* if not FIPS and RNG is disabled then do not compile */ |
wolfSSL | 13:f67a6c6013ca | 88 | |
wolfSSL | 13:f67a6c6013ca | 89 | #include <wolfssl/wolfcrypt/error-crypt.h> |
wolfSSL | 13:f67a6c6013ca | 90 | #include <wolfssl/wolfcrypt/sha256.h> |
wolfSSL | 13:f67a6c6013ca | 91 | |
wolfSSL | 13:f67a6c6013ca | 92 | #ifdef NO_INLINE |
wolfSSL | 13:f67a6c6013ca | 93 | #include <wolfssl/wolfcrypt/misc.h> |
wolfSSL | 13:f67a6c6013ca | 94 | #else |
wolfSSL | 13:f67a6c6013ca | 95 | #define WOLFSSL_MISC_INCLUDED |
wolfSSL | 13:f67a6c6013ca | 96 | #include <wolfcrypt/src/misc.c> |
wolfSSL | 13:f67a6c6013ca | 97 | #endif |
wolfSSL | 13:f67a6c6013ca | 98 | |
wolfSSL | 13:f67a6c6013ca | 99 | #if defined(WOLFSSL_SGX) |
wolfSSL | 13:f67a6c6013ca | 100 | #include <sgx_trts.h> |
wolfSSL | 13:f67a6c6013ca | 101 | #elif defined(USE_WINDOWS_API) |
wolfSSL | 13:f67a6c6013ca | 102 | #ifndef _WIN32_WINNT |
wolfSSL | 13:f67a6c6013ca | 103 | #define _WIN32_WINNT 0x0400 |
wolfSSL | 13:f67a6c6013ca | 104 | #endif |
wolfSSL | 13:f67a6c6013ca | 105 | #include <windows.h> |
wolfSSL | 13:f67a6c6013ca | 106 | #include <wincrypt.h> |
wolfSSL | 13:f67a6c6013ca | 107 | #elif defined(HAVE_WNR) |
wolfSSL | 13:f67a6c6013ca | 108 | #include <wnr.h> |
wolfSSL | 13:f67a6c6013ca | 109 | #include <wolfssl/wolfcrypt/logging.h> |
wolfSSL | 13:f67a6c6013ca | 110 | wolfSSL_Mutex wnr_mutex; /* global netRandom mutex */ |
wolfSSL | 13:f67a6c6013ca | 111 | int wnr_timeout = 0; /* entropy timeout, mililseconds */ |
wolfSSL | 13:f67a6c6013ca | 112 | int wnr_mutex_init = 0; /* flag for mutex init */ |
wolfSSL | 13:f67a6c6013ca | 113 | wnr_context* wnr_ctx; /* global netRandom context */ |
wolfSSL | 13:f67a6c6013ca | 114 | #elif defined(FREESCALE_KSDK_2_0_TRNG) |
wolfSSL | 13:f67a6c6013ca | 115 | #include "fsl_trng.h" |
wolfSSL | 13:f67a6c6013ca | 116 | #elif defined(FREESCALE_KSDK_2_0_RNGA) |
wolfSSL | 13:f67a6c6013ca | 117 | #include "fsl_rnga.h" |
wolfSSL | 13:f67a6c6013ca | 118 | |
wolfSSL | 13:f67a6c6013ca | 119 | #elif defined(NO_DEV_RANDOM) |
wolfSSL | 13:f67a6c6013ca | 120 | #elif defined(CUSTOM_RAND_GENERATE) |
wolfSSL | 13:f67a6c6013ca | 121 | #elif defined(CUSTOM_RAND_GENERATE_BLOCK) |
wolfSSL | 13:f67a6c6013ca | 122 | #elif defined(CUSTOM_RAND_GENERATE_SEED) |
wolfSSL | 13:f67a6c6013ca | 123 | #elif defined(WOLFSSL_GENSEED_FORTEST) |
wolfSSL | 13:f67a6c6013ca | 124 | #elif defined(WOLFSSL_MDK_ARM) |
wolfSSL | 13:f67a6c6013ca | 125 | #elif defined(WOLFSSL_IAR_ARM) |
wolfSSL | 13:f67a6c6013ca | 126 | #elif defined(WOLFSSL_ROWLEY_ARM) |
wolfSSL | 13:f67a6c6013ca | 127 | #elif defined(WOLFSSL_EMBOS) |
wolfSSL | 13:f67a6c6013ca | 128 | #else |
wolfSSL | 13:f67a6c6013ca | 129 | /* include headers that may be needed to get good seed */ |
wolfSSL | 13:f67a6c6013ca | 130 | #include <fcntl.h> |
wolfSSL | 13:f67a6c6013ca | 131 | #ifndef EBSNET |
wolfSSL | 13:f67a6c6013ca | 132 | #include <unistd.h> |
wolfSSL | 13:f67a6c6013ca | 133 | #endif |
wolfSSL | 13:f67a6c6013ca | 134 | #endif |
wolfSSL | 13:f67a6c6013ca | 135 | |
wolfSSL | 13:f67a6c6013ca | 136 | |
wolfSSL | 13:f67a6c6013ca | 137 | #if defined(HAVE_INTEL_RDRAND) || defined(HAVE_INTEL_RDSEED) |
wolfSSL | 13:f67a6c6013ca | 138 | static word32 intel_flags = 0; |
wolfSSL | 13:f67a6c6013ca | 139 | static void wc_InitRng_IntelRD(void) |
wolfSSL | 13:f67a6c6013ca | 140 | { |
wolfSSL | 13:f67a6c6013ca | 141 | intel_flags = cpuid_get_flags(); |
wolfSSL | 13:f67a6c6013ca | 142 | } |
wolfSSL | 13:f67a6c6013ca | 143 | #ifdef HAVE_INTEL_RDSEED |
wolfSSL | 13:f67a6c6013ca | 144 | static int wc_GenerateSeed_IntelRD(OS_Seed* os, byte* output, word32 sz); |
wolfSSL | 13:f67a6c6013ca | 145 | #endif |
wolfSSL | 13:f67a6c6013ca | 146 | #ifdef HAVE_INTEL_RDRAND |
wolfSSL | 13:f67a6c6013ca | 147 | static int wc_GenerateRand_IntelRD(OS_Seed* os, byte* output, word32 sz); |
wolfSSL | 13:f67a6c6013ca | 148 | #endif |
wolfSSL | 13:f67a6c6013ca | 149 | #endif |
wolfSSL | 13:f67a6c6013ca | 150 | |
wolfSSL | 13:f67a6c6013ca | 151 | /* Start NIST DRBG code */ |
wolfSSL | 13:f67a6c6013ca | 152 | #ifdef HAVE_HASHDRBG |
wolfSSL | 13:f67a6c6013ca | 153 | |
wolfSSL | 13:f67a6c6013ca | 154 | #define OUTPUT_BLOCK_LEN (SHA256_DIGEST_SIZE) |
wolfSSL | 13:f67a6c6013ca | 155 | #define MAX_REQUEST_LEN (0x10000) |
wolfSSL | 13:f67a6c6013ca | 156 | #define RESEED_INTERVAL (1000000) |
wolfSSL | 13:f67a6c6013ca | 157 | #define SECURITY_STRENGTH (256) |
wolfSSL | 13:f67a6c6013ca | 158 | #define ENTROPY_SZ (SECURITY_STRENGTH/8) |
wolfSSL | 13:f67a6c6013ca | 159 | #define NONCE_SZ (ENTROPY_SZ/2) |
wolfSSL | 13:f67a6c6013ca | 160 | #define ENTROPY_NONCE_SZ (ENTROPY_SZ+NONCE_SZ) |
wolfSSL | 13:f67a6c6013ca | 161 | |
wolfSSL | 13:f67a6c6013ca | 162 | /* Internal return codes */ |
wolfSSL | 13:f67a6c6013ca | 163 | #define DRBG_SUCCESS 0 |
wolfSSL | 13:f67a6c6013ca | 164 | #define DRBG_ERROR 1 |
wolfSSL | 13:f67a6c6013ca | 165 | #define DRBG_FAILURE 2 |
wolfSSL | 13:f67a6c6013ca | 166 | #define DRBG_NEED_RESEED 3 |
wolfSSL | 13:f67a6c6013ca | 167 | #define DRBG_CONT_FAILURE 4 |
wolfSSL | 13:f67a6c6013ca | 168 | |
wolfSSL | 13:f67a6c6013ca | 169 | /* RNG health states */ |
wolfSSL | 13:f67a6c6013ca | 170 | #define DRBG_NOT_INIT 0 |
wolfSSL | 13:f67a6c6013ca | 171 | #define DRBG_OK 1 |
wolfSSL | 13:f67a6c6013ca | 172 | #define DRBG_FAILED 2 |
wolfSSL | 13:f67a6c6013ca | 173 | #define DRBG_CONT_FAILED 3 |
wolfSSL | 13:f67a6c6013ca | 174 | |
wolfSSL | 13:f67a6c6013ca | 175 | #define RNG_HEALTH_TEST_CHECK_SIZE (SHA256_DIGEST_SIZE * 4) |
wolfSSL | 13:f67a6c6013ca | 176 | |
wolfSSL | 13:f67a6c6013ca | 177 | /* Verify max gen block len */ |
wolfSSL | 13:f67a6c6013ca | 178 | #if RNG_MAX_BLOCK_LEN > MAX_REQUEST_LEN |
wolfSSL | 13:f67a6c6013ca | 179 | #error RNG_MAX_BLOCK_LEN is larger than NIST DBRG max request length |
wolfSSL | 13:f67a6c6013ca | 180 | #endif |
wolfSSL | 13:f67a6c6013ca | 181 | |
wolfSSL | 13:f67a6c6013ca | 182 | enum { |
wolfSSL | 13:f67a6c6013ca | 183 | drbgInitC = 0, |
wolfSSL | 13:f67a6c6013ca | 184 | drbgReseed = 1, |
wolfSSL | 13:f67a6c6013ca | 185 | drbgGenerateW = 2, |
wolfSSL | 13:f67a6c6013ca | 186 | drbgGenerateH = 3, |
wolfSSL | 13:f67a6c6013ca | 187 | drbgInitV |
wolfSSL | 13:f67a6c6013ca | 188 | }; |
wolfSSL | 13:f67a6c6013ca | 189 | |
wolfSSL | 13:f67a6c6013ca | 190 | |
wolfSSL | 13:f67a6c6013ca | 191 | typedef struct DRBG { |
wolfSSL | 13:f67a6c6013ca | 192 | word32 reseedCtr; |
wolfSSL | 13:f67a6c6013ca | 193 | word32 lastBlock; |
wolfSSL | 13:f67a6c6013ca | 194 | byte V[DRBG_SEED_LEN]; |
wolfSSL | 13:f67a6c6013ca | 195 | byte C[DRBG_SEED_LEN]; |
wolfSSL | 13:f67a6c6013ca | 196 | #ifdef WOLFSSL_ASYNC_CRYPT |
wolfSSL | 13:f67a6c6013ca | 197 | void* heap; |
wolfSSL | 13:f67a6c6013ca | 198 | int devId; |
wolfSSL | 13:f67a6c6013ca | 199 | #endif |
wolfSSL | 13:f67a6c6013ca | 200 | byte matchCount; |
wolfSSL | 13:f67a6c6013ca | 201 | } DRBG; |
wolfSSL | 13:f67a6c6013ca | 202 | |
wolfSSL | 13:f67a6c6013ca | 203 | |
wolfSSL | 13:f67a6c6013ca | 204 | static int wc_RNG_HealthTestLocal(int reseed); |
wolfSSL | 13:f67a6c6013ca | 205 | |
wolfSSL | 13:f67a6c6013ca | 206 | /* Hash Derivation Function */ |
wolfSSL | 13:f67a6c6013ca | 207 | /* Returns: DRBG_SUCCESS or DRBG_FAILURE */ |
wolfSSL | 13:f67a6c6013ca | 208 | static int Hash_df(DRBG* drbg, byte* out, word32 outSz, byte type, |
wolfSSL | 13:f67a6c6013ca | 209 | const byte* inA, word32 inASz, |
wolfSSL | 13:f67a6c6013ca | 210 | const byte* inB, word32 inBSz) |
wolfSSL | 13:f67a6c6013ca | 211 | { |
wolfSSL | 13:f67a6c6013ca | 212 | int ret = DRBG_FAILURE; |
wolfSSL | 13:f67a6c6013ca | 213 | byte ctr; |
wolfSSL | 13:f67a6c6013ca | 214 | int i; |
wolfSSL | 13:f67a6c6013ca | 215 | int len; |
wolfSSL | 13:f67a6c6013ca | 216 | word32 bits = (outSz * 8); /* reverse byte order */ |
wolfSSL | 13:f67a6c6013ca | 217 | Sha256 sha; |
wolfSSL | 13:f67a6c6013ca | 218 | DECLARE_VAR(digest, byte, SHA256_DIGEST_SIZE, drbg->heap); |
wolfSSL | 13:f67a6c6013ca | 219 | |
wolfSSL | 13:f67a6c6013ca | 220 | (void)drbg; |
wolfSSL | 13:f67a6c6013ca | 221 | #ifdef WOLFSSL_ASYNC_CRYPT |
wolfSSL | 13:f67a6c6013ca | 222 | if (digest == NULL) |
wolfSSL | 13:f67a6c6013ca | 223 | return DRBG_FAILURE; |
wolfSSL | 13:f67a6c6013ca | 224 | #endif |
wolfSSL | 13:f67a6c6013ca | 225 | |
wolfSSL | 13:f67a6c6013ca | 226 | #ifdef LITTLE_ENDIAN_ORDER |
wolfSSL | 13:f67a6c6013ca | 227 | bits = ByteReverseWord32(bits); |
wolfSSL | 13:f67a6c6013ca | 228 | #endif |
wolfSSL | 13:f67a6c6013ca | 229 | len = (outSz / OUTPUT_BLOCK_LEN) |
wolfSSL | 13:f67a6c6013ca | 230 | + ((outSz % OUTPUT_BLOCK_LEN) ? 1 : 0); |
wolfSSL | 13:f67a6c6013ca | 231 | |
wolfSSL | 13:f67a6c6013ca | 232 | for (i = 0, ctr = 1; i < len; i++, ctr++) { |
wolfSSL | 13:f67a6c6013ca | 233 | #ifdef WOLFSSL_ASYNC_CRYPT |
wolfSSL | 13:f67a6c6013ca | 234 | ret = wc_InitSha256_ex(&sha, drbg->heap, drbg->devId); |
wolfSSL | 13:f67a6c6013ca | 235 | #else |
wolfSSL | 13:f67a6c6013ca | 236 | ret = wc_InitSha256(&sha); |
wolfSSL | 13:f67a6c6013ca | 237 | #endif |
wolfSSL | 13:f67a6c6013ca | 238 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 239 | break; |
wolfSSL | 13:f67a6c6013ca | 240 | |
wolfSSL | 13:f67a6c6013ca | 241 | if (ret == 0) |
wolfSSL | 13:f67a6c6013ca | 242 | ret = wc_Sha256Update(&sha, &ctr, sizeof(ctr)); |
wolfSSL | 13:f67a6c6013ca | 243 | if (ret == 0) |
wolfSSL | 13:f67a6c6013ca | 244 | ret = wc_Sha256Update(&sha, (byte*)&bits, sizeof(bits)); |
wolfSSL | 13:f67a6c6013ca | 245 | |
wolfSSL | 13:f67a6c6013ca | 246 | if (ret == 0) { |
wolfSSL | 13:f67a6c6013ca | 247 | /* churning V is the only string that doesn't have the type added */ |
wolfSSL | 13:f67a6c6013ca | 248 | if (type != drbgInitV) |
wolfSSL | 13:f67a6c6013ca | 249 | ret = wc_Sha256Update(&sha, &type, sizeof(type)); |
wolfSSL | 13:f67a6c6013ca | 250 | } |
wolfSSL | 13:f67a6c6013ca | 251 | if (ret == 0) |
wolfSSL | 13:f67a6c6013ca | 252 | ret = wc_Sha256Update(&sha, inA, inASz); |
wolfSSL | 13:f67a6c6013ca | 253 | if (ret == 0) { |
wolfSSL | 13:f67a6c6013ca | 254 | if (inB != NULL && inBSz > 0) |
wolfSSL | 13:f67a6c6013ca | 255 | ret = wc_Sha256Update(&sha, inB, inBSz); |
wolfSSL | 13:f67a6c6013ca | 256 | } |
wolfSSL | 13:f67a6c6013ca | 257 | if (ret == 0) |
wolfSSL | 13:f67a6c6013ca | 258 | ret = wc_Sha256Final(&sha, digest); |
wolfSSL | 13:f67a6c6013ca | 259 | |
wolfSSL | 13:f67a6c6013ca | 260 | wc_Sha256Free(&sha); |
wolfSSL | 13:f67a6c6013ca | 261 | if (ret == 0) { |
wolfSSL | 13:f67a6c6013ca | 262 | if (outSz > OUTPUT_BLOCK_LEN) { |
wolfSSL | 13:f67a6c6013ca | 263 | XMEMCPY(out, digest, OUTPUT_BLOCK_LEN); |
wolfSSL | 13:f67a6c6013ca | 264 | outSz -= OUTPUT_BLOCK_LEN; |
wolfSSL | 13:f67a6c6013ca | 265 | out += OUTPUT_BLOCK_LEN; |
wolfSSL | 13:f67a6c6013ca | 266 | } |
wolfSSL | 13:f67a6c6013ca | 267 | else { |
wolfSSL | 13:f67a6c6013ca | 268 | XMEMCPY(out, digest, outSz); |
wolfSSL | 13:f67a6c6013ca | 269 | } |
wolfSSL | 13:f67a6c6013ca | 270 | } |
wolfSSL | 13:f67a6c6013ca | 271 | } |
wolfSSL | 13:f67a6c6013ca | 272 | |
wolfSSL | 13:f67a6c6013ca | 273 | ForceZero(digest, SHA256_DIGEST_SIZE); |
wolfSSL | 13:f67a6c6013ca | 274 | |
wolfSSL | 13:f67a6c6013ca | 275 | FREE_VAR(digest, drbg->heap); |
wolfSSL | 13:f67a6c6013ca | 276 | |
wolfSSL | 13:f67a6c6013ca | 277 | return (ret == 0) ? DRBG_SUCCESS : DRBG_FAILURE; |
wolfSSL | 13:f67a6c6013ca | 278 | } |
wolfSSL | 13:f67a6c6013ca | 279 | |
wolfSSL | 13:f67a6c6013ca | 280 | /* Returns: DRBG_SUCCESS or DRBG_FAILURE */ |
wolfSSL | 13:f67a6c6013ca | 281 | static int Hash_DRBG_Reseed(DRBG* drbg, const byte* entropy, word32 entropySz) |
wolfSSL | 13:f67a6c6013ca | 282 | { |
wolfSSL | 13:f67a6c6013ca | 283 | byte seed[DRBG_SEED_LEN]; |
wolfSSL | 13:f67a6c6013ca | 284 | |
wolfSSL | 13:f67a6c6013ca | 285 | if (Hash_df(drbg, seed, sizeof(seed), drbgReseed, drbg->V, sizeof(drbg->V), |
wolfSSL | 13:f67a6c6013ca | 286 | entropy, entropySz) != DRBG_SUCCESS) { |
wolfSSL | 13:f67a6c6013ca | 287 | return DRBG_FAILURE; |
wolfSSL | 13:f67a6c6013ca | 288 | } |
wolfSSL | 13:f67a6c6013ca | 289 | |
wolfSSL | 13:f67a6c6013ca | 290 | XMEMCPY(drbg->V, seed, sizeof(drbg->V)); |
wolfSSL | 13:f67a6c6013ca | 291 | ForceZero(seed, sizeof(seed)); |
wolfSSL | 13:f67a6c6013ca | 292 | |
wolfSSL | 13:f67a6c6013ca | 293 | if (Hash_df(drbg, drbg->C, sizeof(drbg->C), drbgInitC, drbg->V, |
wolfSSL | 13:f67a6c6013ca | 294 | sizeof(drbg->V), NULL, 0) != DRBG_SUCCESS) { |
wolfSSL | 13:f67a6c6013ca | 295 | return DRBG_FAILURE; |
wolfSSL | 13:f67a6c6013ca | 296 | } |
wolfSSL | 13:f67a6c6013ca | 297 | |
wolfSSL | 13:f67a6c6013ca | 298 | drbg->reseedCtr = 1; |
wolfSSL | 13:f67a6c6013ca | 299 | drbg->lastBlock = 0; |
wolfSSL | 13:f67a6c6013ca | 300 | drbg->matchCount = 0; |
wolfSSL | 13:f67a6c6013ca | 301 | return DRBG_SUCCESS; |
wolfSSL | 13:f67a6c6013ca | 302 | } |
wolfSSL | 13:f67a6c6013ca | 303 | |
wolfSSL | 13:f67a6c6013ca | 304 | static INLINE void array_add_one(byte* data, word32 dataSz) |
wolfSSL | 13:f67a6c6013ca | 305 | { |
wolfSSL | 13:f67a6c6013ca | 306 | int i; |
wolfSSL | 13:f67a6c6013ca | 307 | |
wolfSSL | 13:f67a6c6013ca | 308 | for (i = dataSz - 1; i >= 0; i--) |
wolfSSL | 13:f67a6c6013ca | 309 | { |
wolfSSL | 13:f67a6c6013ca | 310 | data[i]++; |
wolfSSL | 13:f67a6c6013ca | 311 | if (data[i] != 0) break; |
wolfSSL | 13:f67a6c6013ca | 312 | } |
wolfSSL | 13:f67a6c6013ca | 313 | } |
wolfSSL | 13:f67a6c6013ca | 314 | |
wolfSSL | 13:f67a6c6013ca | 315 | /* Returns: DRBG_SUCCESS or DRBG_FAILURE */ |
wolfSSL | 13:f67a6c6013ca | 316 | static int Hash_gen(DRBG* drbg, byte* out, word32 outSz, const byte* V) |
wolfSSL | 13:f67a6c6013ca | 317 | { |
wolfSSL | 13:f67a6c6013ca | 318 | int ret = DRBG_FAILURE; |
wolfSSL | 13:f67a6c6013ca | 319 | byte data[DRBG_SEED_LEN]; |
wolfSSL | 13:f67a6c6013ca | 320 | int i; |
wolfSSL | 13:f67a6c6013ca | 321 | int len; |
wolfSSL | 13:f67a6c6013ca | 322 | word32 checkBlock; |
wolfSSL | 13:f67a6c6013ca | 323 | Sha256 sha; |
wolfSSL | 13:f67a6c6013ca | 324 | DECLARE_VAR(digest, byte, SHA256_DIGEST_SIZE, drbg->heap); |
wolfSSL | 13:f67a6c6013ca | 325 | |
wolfSSL | 13:f67a6c6013ca | 326 | /* Special case: outSz is 0 and out is NULL. wc_Generate a block to save for |
wolfSSL | 13:f67a6c6013ca | 327 | * the continuous test. */ |
wolfSSL | 13:f67a6c6013ca | 328 | |
wolfSSL | 13:f67a6c6013ca | 329 | if (outSz == 0) outSz = 1; |
wolfSSL | 13:f67a6c6013ca | 330 | |
wolfSSL | 13:f67a6c6013ca | 331 | len = (outSz / OUTPUT_BLOCK_LEN) + ((outSz % OUTPUT_BLOCK_LEN) ? 1 : 0); |
wolfSSL | 13:f67a6c6013ca | 332 | |
wolfSSL | 13:f67a6c6013ca | 333 | XMEMCPY(data, V, sizeof(data)); |
wolfSSL | 13:f67a6c6013ca | 334 | for (i = 0; i < len; i++) { |
wolfSSL | 13:f67a6c6013ca | 335 | #ifdef WOLFSSL_ASYNC_CRYPT |
wolfSSL | 13:f67a6c6013ca | 336 | ret = wc_InitSha256_ex(&sha, drbg->heap, drbg->devId); |
wolfSSL | 13:f67a6c6013ca | 337 | #else |
wolfSSL | 13:f67a6c6013ca | 338 | ret = wc_InitSha256(&sha); |
wolfSSL | 13:f67a6c6013ca | 339 | #endif |
wolfSSL | 13:f67a6c6013ca | 340 | if (ret == 0) |
wolfSSL | 13:f67a6c6013ca | 341 | ret = wc_Sha256Update(&sha, data, sizeof(data)); |
wolfSSL | 13:f67a6c6013ca | 342 | if (ret == 0) |
wolfSSL | 13:f67a6c6013ca | 343 | ret = wc_Sha256Final(&sha, digest); |
wolfSSL | 13:f67a6c6013ca | 344 | wc_Sha256Free(&sha); |
wolfSSL | 13:f67a6c6013ca | 345 | |
wolfSSL | 13:f67a6c6013ca | 346 | if (ret == 0) { |
wolfSSL | 13:f67a6c6013ca | 347 | XMEMCPY(&checkBlock, digest, sizeof(word32)); |
wolfSSL | 13:f67a6c6013ca | 348 | if (drbg->reseedCtr > 1 && checkBlock == drbg->lastBlock) { |
wolfSSL | 13:f67a6c6013ca | 349 | if (drbg->matchCount == 1) { |
wolfSSL | 13:f67a6c6013ca | 350 | return DRBG_CONT_FAILURE; |
wolfSSL | 13:f67a6c6013ca | 351 | } |
wolfSSL | 13:f67a6c6013ca | 352 | else { |
wolfSSL | 13:f67a6c6013ca | 353 | if (i == len) { |
wolfSSL | 13:f67a6c6013ca | 354 | len++; |
wolfSSL | 13:f67a6c6013ca | 355 | } |
wolfSSL | 13:f67a6c6013ca | 356 | drbg->matchCount = 1; |
wolfSSL | 13:f67a6c6013ca | 357 | } |
wolfSSL | 13:f67a6c6013ca | 358 | } |
wolfSSL | 13:f67a6c6013ca | 359 | else { |
wolfSSL | 13:f67a6c6013ca | 360 | drbg->matchCount = 0; |
wolfSSL | 13:f67a6c6013ca | 361 | drbg->lastBlock = checkBlock; |
wolfSSL | 13:f67a6c6013ca | 362 | } |
wolfSSL | 13:f67a6c6013ca | 363 | |
wolfSSL | 13:f67a6c6013ca | 364 | if (out != NULL && outSz != 0) { |
wolfSSL | 13:f67a6c6013ca | 365 | if (outSz >= OUTPUT_BLOCK_LEN) { |
wolfSSL | 13:f67a6c6013ca | 366 | XMEMCPY(out, digest, OUTPUT_BLOCK_LEN); |
wolfSSL | 13:f67a6c6013ca | 367 | outSz -= OUTPUT_BLOCK_LEN; |
wolfSSL | 13:f67a6c6013ca | 368 | out += OUTPUT_BLOCK_LEN; |
wolfSSL | 13:f67a6c6013ca | 369 | array_add_one(data, DRBG_SEED_LEN); |
wolfSSL | 13:f67a6c6013ca | 370 | } |
wolfSSL | 13:f67a6c6013ca | 371 | else { |
wolfSSL | 13:f67a6c6013ca | 372 | XMEMCPY(out, digest, outSz); |
wolfSSL | 13:f67a6c6013ca | 373 | outSz = 0; |
wolfSSL | 13:f67a6c6013ca | 374 | } |
wolfSSL | 13:f67a6c6013ca | 375 | } |
wolfSSL | 13:f67a6c6013ca | 376 | } |
wolfSSL | 13:f67a6c6013ca | 377 | } |
wolfSSL | 13:f67a6c6013ca | 378 | ForceZero(data, sizeof(data)); |
wolfSSL | 13:f67a6c6013ca | 379 | |
wolfSSL | 13:f67a6c6013ca | 380 | FREE_VAR(digest, drbg->heap); |
wolfSSL | 13:f67a6c6013ca | 381 | |
wolfSSL | 13:f67a6c6013ca | 382 | return (ret == 0) ? DRBG_SUCCESS : DRBG_FAILURE; |
wolfSSL | 13:f67a6c6013ca | 383 | } |
wolfSSL | 13:f67a6c6013ca | 384 | |
wolfSSL | 13:f67a6c6013ca | 385 | static INLINE void array_add(byte* d, word32 dLen, const byte* s, word32 sLen) |
wolfSSL | 13:f67a6c6013ca | 386 | { |
wolfSSL | 13:f67a6c6013ca | 387 | word16 carry = 0; |
wolfSSL | 13:f67a6c6013ca | 388 | |
wolfSSL | 13:f67a6c6013ca | 389 | if (dLen > 0 && sLen > 0 && dLen >= sLen) { |
wolfSSL | 13:f67a6c6013ca | 390 | int sIdx, dIdx; |
wolfSSL | 13:f67a6c6013ca | 391 | |
wolfSSL | 13:f67a6c6013ca | 392 | for (sIdx = sLen - 1, dIdx = dLen - 1; sIdx >= 0; dIdx--, sIdx--) |
wolfSSL | 13:f67a6c6013ca | 393 | { |
wolfSSL | 13:f67a6c6013ca | 394 | carry += d[dIdx] + s[sIdx]; |
wolfSSL | 13:f67a6c6013ca | 395 | d[dIdx] = (byte)carry; |
wolfSSL | 13:f67a6c6013ca | 396 | carry >>= 8; |
wolfSSL | 13:f67a6c6013ca | 397 | } |
wolfSSL | 13:f67a6c6013ca | 398 | |
wolfSSL | 13:f67a6c6013ca | 399 | for (; carry != 0 && dIdx >= 0; dIdx--) { |
wolfSSL | 13:f67a6c6013ca | 400 | carry += d[dIdx]; |
wolfSSL | 13:f67a6c6013ca | 401 | d[dIdx] = (byte)carry; |
wolfSSL | 13:f67a6c6013ca | 402 | carry >>= 8; |
wolfSSL | 13:f67a6c6013ca | 403 | } |
wolfSSL | 13:f67a6c6013ca | 404 | } |
wolfSSL | 13:f67a6c6013ca | 405 | } |
wolfSSL | 13:f67a6c6013ca | 406 | |
wolfSSL | 13:f67a6c6013ca | 407 | /* Returns: DRBG_SUCCESS, DRBG_NEED_RESEED, or DRBG_FAILURE */ |
wolfSSL | 13:f67a6c6013ca | 408 | static int Hash_DRBG_Generate(DRBG* drbg, byte* out, word32 outSz) |
wolfSSL | 13:f67a6c6013ca | 409 | { |
wolfSSL | 13:f67a6c6013ca | 410 | int ret = DRBG_NEED_RESEED; |
wolfSSL | 13:f67a6c6013ca | 411 | Sha256 sha; |
wolfSSL | 13:f67a6c6013ca | 412 | DECLARE_VAR(digest, byte, SHA256_DIGEST_SIZE, drbg->heap); |
wolfSSL | 13:f67a6c6013ca | 413 | |
wolfSSL | 13:f67a6c6013ca | 414 | if (drbg->reseedCtr != RESEED_INTERVAL) { |
wolfSSL | 13:f67a6c6013ca | 415 | byte type = drbgGenerateH; |
wolfSSL | 13:f67a6c6013ca | 416 | word32 reseedCtr = drbg->reseedCtr; |
wolfSSL | 13:f67a6c6013ca | 417 | |
wolfSSL | 13:f67a6c6013ca | 418 | ret = Hash_gen(drbg, out, outSz, drbg->V); |
wolfSSL | 13:f67a6c6013ca | 419 | if (ret == DRBG_SUCCESS) { |
wolfSSL | 13:f67a6c6013ca | 420 | #ifdef WOLFSSL_ASYNC_CRYPT |
wolfSSL | 13:f67a6c6013ca | 421 | ret = wc_InitSha256_ex(&sha, drbg->heap, drbg->devId); |
wolfSSL | 13:f67a6c6013ca | 422 | #else |
wolfSSL | 13:f67a6c6013ca | 423 | ret = wc_InitSha256(&sha); |
wolfSSL | 13:f67a6c6013ca | 424 | #endif |
wolfSSL | 13:f67a6c6013ca | 425 | if (ret == 0) |
wolfSSL | 13:f67a6c6013ca | 426 | ret = wc_Sha256Update(&sha, &type, sizeof(type)); |
wolfSSL | 13:f67a6c6013ca | 427 | if (ret == 0) |
wolfSSL | 13:f67a6c6013ca | 428 | ret = wc_Sha256Update(&sha, drbg->V, sizeof(drbg->V)); |
wolfSSL | 13:f67a6c6013ca | 429 | if (ret == 0) |
wolfSSL | 13:f67a6c6013ca | 430 | ret = wc_Sha256Final(&sha, digest); |
wolfSSL | 13:f67a6c6013ca | 431 | |
wolfSSL | 13:f67a6c6013ca | 432 | wc_Sha256Free(&sha); |
wolfSSL | 13:f67a6c6013ca | 433 | |
wolfSSL | 13:f67a6c6013ca | 434 | if (ret == 0) { |
wolfSSL | 13:f67a6c6013ca | 435 | array_add(drbg->V, sizeof(drbg->V), digest, SHA256_DIGEST_SIZE); |
wolfSSL | 13:f67a6c6013ca | 436 | array_add(drbg->V, sizeof(drbg->V), drbg->C, sizeof(drbg->C)); |
wolfSSL | 13:f67a6c6013ca | 437 | #ifdef LITTLE_ENDIAN_ORDER |
wolfSSL | 13:f67a6c6013ca | 438 | reseedCtr = ByteReverseWord32(reseedCtr); |
wolfSSL | 13:f67a6c6013ca | 439 | #endif |
wolfSSL | 13:f67a6c6013ca | 440 | array_add(drbg->V, sizeof(drbg->V), |
wolfSSL | 13:f67a6c6013ca | 441 | (byte*)&reseedCtr, sizeof(reseedCtr)); |
wolfSSL | 13:f67a6c6013ca | 442 | ret = DRBG_SUCCESS; |
wolfSSL | 13:f67a6c6013ca | 443 | } |
wolfSSL | 13:f67a6c6013ca | 444 | drbg->reseedCtr++; |
wolfSSL | 13:f67a6c6013ca | 445 | } |
wolfSSL | 13:f67a6c6013ca | 446 | } |
wolfSSL | 13:f67a6c6013ca | 447 | ForceZero(digest, SHA256_DIGEST_SIZE); |
wolfSSL | 13:f67a6c6013ca | 448 | |
wolfSSL | 13:f67a6c6013ca | 449 | FREE_VAR(digest, drbg->heap); |
wolfSSL | 13:f67a6c6013ca | 450 | |
wolfSSL | 13:f67a6c6013ca | 451 | return (ret == 0) ? DRBG_SUCCESS : DRBG_FAILURE; |
wolfSSL | 13:f67a6c6013ca | 452 | } |
wolfSSL | 13:f67a6c6013ca | 453 | |
wolfSSL | 13:f67a6c6013ca | 454 | /* Returns: DRBG_SUCCESS or DRBG_FAILURE */ |
wolfSSL | 13:f67a6c6013ca | 455 | static int Hash_DRBG_Instantiate(DRBG* drbg, const byte* seed, word32 seedSz, |
wolfSSL | 13:f67a6c6013ca | 456 | const byte* nonce, word32 nonceSz, |
wolfSSL | 13:f67a6c6013ca | 457 | void* heap, int devId) |
wolfSSL | 13:f67a6c6013ca | 458 | { |
wolfSSL | 13:f67a6c6013ca | 459 | int ret = DRBG_FAILURE; |
wolfSSL | 13:f67a6c6013ca | 460 | |
wolfSSL | 13:f67a6c6013ca | 461 | XMEMSET(drbg, 0, sizeof(DRBG)); |
wolfSSL | 13:f67a6c6013ca | 462 | #ifdef WOLFSSL_ASYNC_CRYPT |
wolfSSL | 13:f67a6c6013ca | 463 | drbg->heap = heap; |
wolfSSL | 13:f67a6c6013ca | 464 | drbg->devId = devId; |
wolfSSL | 13:f67a6c6013ca | 465 | #else |
wolfSSL | 13:f67a6c6013ca | 466 | (void)heap; |
wolfSSL | 13:f67a6c6013ca | 467 | (void)devId; |
wolfSSL | 13:f67a6c6013ca | 468 | #endif |
wolfSSL | 13:f67a6c6013ca | 469 | |
wolfSSL | 13:f67a6c6013ca | 470 | if (Hash_df(drbg, drbg->V, sizeof(drbg->V), drbgInitV, seed, seedSz, |
wolfSSL | 13:f67a6c6013ca | 471 | nonce, nonceSz) == DRBG_SUCCESS && |
wolfSSL | 13:f67a6c6013ca | 472 | Hash_df(drbg, drbg->C, sizeof(drbg->C), drbgInitC, drbg->V, |
wolfSSL | 13:f67a6c6013ca | 473 | sizeof(drbg->V), NULL, 0) == DRBG_SUCCESS) { |
wolfSSL | 13:f67a6c6013ca | 474 | |
wolfSSL | 13:f67a6c6013ca | 475 | drbg->reseedCtr = 1; |
wolfSSL | 13:f67a6c6013ca | 476 | drbg->lastBlock = 0; |
wolfSSL | 13:f67a6c6013ca | 477 | drbg->matchCount = 0; |
wolfSSL | 13:f67a6c6013ca | 478 | ret = DRBG_SUCCESS; |
wolfSSL | 13:f67a6c6013ca | 479 | } |
wolfSSL | 13:f67a6c6013ca | 480 | |
wolfSSL | 13:f67a6c6013ca | 481 | return ret; |
wolfSSL | 13:f67a6c6013ca | 482 | } |
wolfSSL | 13:f67a6c6013ca | 483 | |
wolfSSL | 13:f67a6c6013ca | 484 | /* Returns: DRBG_SUCCESS or DRBG_FAILURE */ |
wolfSSL | 13:f67a6c6013ca | 485 | static int Hash_DRBG_Uninstantiate(DRBG* drbg) |
wolfSSL | 13:f67a6c6013ca | 486 | { |
wolfSSL | 13:f67a6c6013ca | 487 | word32 i; |
wolfSSL | 13:f67a6c6013ca | 488 | int compareSum = 0; |
wolfSSL | 13:f67a6c6013ca | 489 | byte* compareDrbg = (byte*)drbg; |
wolfSSL | 13:f67a6c6013ca | 490 | |
wolfSSL | 13:f67a6c6013ca | 491 | ForceZero(drbg, sizeof(DRBG)); |
wolfSSL | 13:f67a6c6013ca | 492 | |
wolfSSL | 13:f67a6c6013ca | 493 | for (i = 0; i < sizeof(DRBG); i++) |
wolfSSL | 13:f67a6c6013ca | 494 | compareSum |= compareDrbg[i] ^ 0; |
wolfSSL | 13:f67a6c6013ca | 495 | |
wolfSSL | 13:f67a6c6013ca | 496 | return (compareSum == 0) ? DRBG_SUCCESS : DRBG_FAILURE; |
wolfSSL | 13:f67a6c6013ca | 497 | } |
wolfSSL | 13:f67a6c6013ca | 498 | #endif /* HAVE_HASHDRBG */ |
wolfSSL | 13:f67a6c6013ca | 499 | /* End NIST DRBG Code */ |
wolfSSL | 13:f67a6c6013ca | 500 | |
wolfSSL | 13:f67a6c6013ca | 501 | |
wolfSSL | 13:f67a6c6013ca | 502 | int wc_InitRng_ex(WC_RNG* rng, void* heap, int devId) |
wolfSSL | 13:f67a6c6013ca | 503 | { |
wolfSSL | 13:f67a6c6013ca | 504 | int ret = RNG_FAILURE_E; |
wolfSSL | 13:f67a6c6013ca | 505 | |
wolfSSL | 13:f67a6c6013ca | 506 | if (rng == NULL) |
wolfSSL | 13:f67a6c6013ca | 507 | return BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 508 | |
wolfSSL | 13:f67a6c6013ca | 509 | #ifdef WOLFSSL_HEAP_TEST |
wolfSSL | 13:f67a6c6013ca | 510 | rng->heap = (void*)WOLFSSL_HEAP_TEST; |
wolfSSL | 13:f67a6c6013ca | 511 | (void)heap; |
wolfSSL | 13:f67a6c6013ca | 512 | #else |
wolfSSL | 13:f67a6c6013ca | 513 | rng->heap = heap; |
wolfSSL | 13:f67a6c6013ca | 514 | #endif |
wolfSSL | 13:f67a6c6013ca | 515 | #ifdef WOLFSSL_ASYNC_CRYPT |
wolfSSL | 13:f67a6c6013ca | 516 | rng->devId = devId; |
wolfSSL | 13:f67a6c6013ca | 517 | #else |
wolfSSL | 13:f67a6c6013ca | 518 | (void)devId; |
wolfSSL | 13:f67a6c6013ca | 519 | #endif |
wolfSSL | 13:f67a6c6013ca | 520 | |
wolfSSL | 13:f67a6c6013ca | 521 | #ifdef HAVE_HASHDRBG |
wolfSSL | 13:f67a6c6013ca | 522 | /* init the DBRG to known values */ |
wolfSSL | 13:f67a6c6013ca | 523 | rng->drbg = NULL; |
wolfSSL | 13:f67a6c6013ca | 524 | rng->status = DRBG_NOT_INIT; |
wolfSSL | 13:f67a6c6013ca | 525 | #endif |
wolfSSL | 13:f67a6c6013ca | 526 | |
wolfSSL | 13:f67a6c6013ca | 527 | #if defined(HAVE_INTEL_RDSEED) || defined(HAVE_INTEL_RDRAND) |
wolfSSL | 13:f67a6c6013ca | 528 | /* init the intel RD seed and/or rand */ |
wolfSSL | 13:f67a6c6013ca | 529 | wc_InitRng_IntelRD(); |
wolfSSL | 13:f67a6c6013ca | 530 | #endif |
wolfSSL | 13:f67a6c6013ca | 531 | |
wolfSSL | 13:f67a6c6013ca | 532 | /* configure async RNG source if available */ |
wolfSSL | 13:f67a6c6013ca | 533 | #ifdef WOLFSSL_ASYNC_CRYPT |
wolfSSL | 13:f67a6c6013ca | 534 | ret = wolfAsync_DevCtxInit(&rng->asyncDev, WOLFSSL_ASYNC_MARKER_RNG, |
wolfSSL | 13:f67a6c6013ca | 535 | rng->heap, rng->devId); |
wolfSSL | 13:f67a6c6013ca | 536 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 537 | return ret; |
wolfSSL | 13:f67a6c6013ca | 538 | #endif |
wolfSSL | 13:f67a6c6013ca | 539 | |
wolfSSL | 13:f67a6c6013ca | 540 | #ifdef HAVE_INTEL_RDRAND |
wolfSSL | 13:f67a6c6013ca | 541 | /* if CPU supports RDRAND, use it directly and by-pass DRBG init */ |
wolfSSL | 13:f67a6c6013ca | 542 | if (IS_INTEL_RDRAND(intel_flags)) |
wolfSSL | 13:f67a6c6013ca | 543 | return 0; |
wolfSSL | 13:f67a6c6013ca | 544 | #endif |
wolfSSL | 13:f67a6c6013ca | 545 | |
wolfSSL | 13:f67a6c6013ca | 546 | #ifdef CUSTOM_RAND_GENERATE_BLOCK |
wolfSSL | 13:f67a6c6013ca | 547 | ret = 0; /* success */ |
wolfSSL | 13:f67a6c6013ca | 548 | #else |
wolfSSL | 13:f67a6c6013ca | 549 | #ifdef HAVE_HASHDRBG |
wolfSSL | 13:f67a6c6013ca | 550 | if (wc_RNG_HealthTestLocal(0) == 0) { |
wolfSSL | 13:f67a6c6013ca | 551 | DECLARE_VAR(entropy, byte, ENTROPY_NONCE_SZ, rng->heap); |
wolfSSL | 13:f67a6c6013ca | 552 | |
wolfSSL | 13:f67a6c6013ca | 553 | rng->drbg = |
wolfSSL | 13:f67a6c6013ca | 554 | (struct DRBG*)XMALLOC(sizeof(DRBG), rng->heap, |
wolfSSL | 13:f67a6c6013ca | 555 | DYNAMIC_TYPE_RNG); |
wolfSSL | 13:f67a6c6013ca | 556 | if (rng->drbg == NULL) { |
wolfSSL | 13:f67a6c6013ca | 557 | ret = MEMORY_E; |
wolfSSL | 13:f67a6c6013ca | 558 | } |
wolfSSL | 13:f67a6c6013ca | 559 | /* This doesn't use a separate nonce. The entropy input will be |
wolfSSL | 13:f67a6c6013ca | 560 | * the default size plus the size of the nonce making the seed |
wolfSSL | 13:f67a6c6013ca | 561 | * size. */ |
wolfSSL | 13:f67a6c6013ca | 562 | else if (wc_GenerateSeed(&rng->seed, entropy, ENTROPY_NONCE_SZ) == 0 && |
wolfSSL | 13:f67a6c6013ca | 563 | Hash_DRBG_Instantiate(rng->drbg, entropy, ENTROPY_NONCE_SZ, |
wolfSSL | 13:f67a6c6013ca | 564 | NULL, 0, rng->heap, devId) == DRBG_SUCCESS) { |
wolfSSL | 13:f67a6c6013ca | 565 | ret = Hash_DRBG_Generate(rng->drbg, NULL, 0); |
wolfSSL | 13:f67a6c6013ca | 566 | } |
wolfSSL | 13:f67a6c6013ca | 567 | else |
wolfSSL | 13:f67a6c6013ca | 568 | ret = DRBG_FAILURE; |
wolfSSL | 13:f67a6c6013ca | 569 | |
wolfSSL | 13:f67a6c6013ca | 570 | ForceZero(entropy, ENTROPY_NONCE_SZ); |
wolfSSL | 13:f67a6c6013ca | 571 | FREE_VAR(entropy, rng->heap); |
wolfSSL | 13:f67a6c6013ca | 572 | } |
wolfSSL | 13:f67a6c6013ca | 573 | else |
wolfSSL | 13:f67a6c6013ca | 574 | ret = DRBG_CONT_FAILURE; |
wolfSSL | 13:f67a6c6013ca | 575 | |
wolfSSL | 13:f67a6c6013ca | 576 | if (ret == DRBG_SUCCESS) { |
wolfSSL | 13:f67a6c6013ca | 577 | rng->status = DRBG_OK; |
wolfSSL | 13:f67a6c6013ca | 578 | ret = 0; |
wolfSSL | 13:f67a6c6013ca | 579 | } |
wolfSSL | 13:f67a6c6013ca | 580 | else if (ret == DRBG_CONT_FAILURE) { |
wolfSSL | 13:f67a6c6013ca | 581 | rng->status = DRBG_CONT_FAILED; |
wolfSSL | 13:f67a6c6013ca | 582 | ret = DRBG_CONT_FIPS_E; |
wolfSSL | 13:f67a6c6013ca | 583 | } |
wolfSSL | 13:f67a6c6013ca | 584 | else if (ret == DRBG_FAILURE) { |
wolfSSL | 13:f67a6c6013ca | 585 | rng->status = DRBG_FAILED; |
wolfSSL | 13:f67a6c6013ca | 586 | ret = RNG_FAILURE_E; |
wolfSSL | 13:f67a6c6013ca | 587 | } |
wolfSSL | 13:f67a6c6013ca | 588 | else { |
wolfSSL | 13:f67a6c6013ca | 589 | rng->status = DRBG_FAILED; |
wolfSSL | 13:f67a6c6013ca | 590 | } |
wolfSSL | 13:f67a6c6013ca | 591 | #endif /* HAVE_HASHDRBG */ |
wolfSSL | 13:f67a6c6013ca | 592 | #endif /* CUSTOM_RAND_GENERATE_BLOCK */ |
wolfSSL | 13:f67a6c6013ca | 593 | |
wolfSSL | 13:f67a6c6013ca | 594 | return ret; |
wolfSSL | 13:f67a6c6013ca | 595 | } |
wolfSSL | 13:f67a6c6013ca | 596 | |
wolfSSL | 13:f67a6c6013ca | 597 | int wc_InitRng(WC_RNG* rng) |
wolfSSL | 13:f67a6c6013ca | 598 | { |
wolfSSL | 13:f67a6c6013ca | 599 | return wc_InitRng_ex(rng, NULL, INVALID_DEVID); |
wolfSSL | 13:f67a6c6013ca | 600 | } |
wolfSSL | 13:f67a6c6013ca | 601 | |
wolfSSL | 13:f67a6c6013ca | 602 | |
wolfSSL | 13:f67a6c6013ca | 603 | /* place a generated block in output */ |
wolfSSL | 13:f67a6c6013ca | 604 | int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz) |
wolfSSL | 13:f67a6c6013ca | 605 | { |
wolfSSL | 13:f67a6c6013ca | 606 | int ret; |
wolfSSL | 13:f67a6c6013ca | 607 | |
wolfSSL | 13:f67a6c6013ca | 608 | if (rng == NULL || output == NULL) |
wolfSSL | 13:f67a6c6013ca | 609 | return BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 610 | |
wolfSSL | 13:f67a6c6013ca | 611 | #ifdef HAVE_INTEL_RDRAND |
wolfSSL | 13:f67a6c6013ca | 612 | if (IS_INTEL_RDRAND(intel_flags)) |
wolfSSL | 13:f67a6c6013ca | 613 | return wc_GenerateRand_IntelRD(NULL, output, sz); |
wolfSSL | 13:f67a6c6013ca | 614 | #endif |
wolfSSL | 13:f67a6c6013ca | 615 | |
wolfSSL | 13:f67a6c6013ca | 616 | #if defined(WOLFSSL_ASYNC_CRYPT) |
wolfSSL | 13:f67a6c6013ca | 617 | if (rng->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RNG) { |
wolfSSL | 13:f67a6c6013ca | 618 | /* these are blocking */ |
wolfSSL | 13:f67a6c6013ca | 619 | #ifdef HAVE_CAVIUM |
wolfSSL | 13:f67a6c6013ca | 620 | return NitroxRngGenerateBlock(rng, output, sz); |
wolfSSL | 13:f67a6c6013ca | 621 | #elif defined(HAVE_INTEL_QA) |
wolfSSL | 13:f67a6c6013ca | 622 | return IntelQaDrbg(&rng->asyncDev, output, sz); |
wolfSSL | 13:f67a6c6013ca | 623 | #else |
wolfSSL | 13:f67a6c6013ca | 624 | /* simulator not supported */ |
wolfSSL | 13:f67a6c6013ca | 625 | #endif |
wolfSSL | 13:f67a6c6013ca | 626 | } |
wolfSSL | 13:f67a6c6013ca | 627 | #endif |
wolfSSL | 13:f67a6c6013ca | 628 | |
wolfSSL | 13:f67a6c6013ca | 629 | #ifdef CUSTOM_RAND_GENERATE_BLOCK |
wolfSSL | 13:f67a6c6013ca | 630 | XMEMSET(output, 0, sz); |
wolfSSL | 13:f67a6c6013ca | 631 | ret = CUSTOM_RAND_GENERATE_BLOCK(output, sz); |
wolfSSL | 13:f67a6c6013ca | 632 | #else |
wolfSSL | 13:f67a6c6013ca | 633 | |
wolfSSL | 13:f67a6c6013ca | 634 | #ifdef HAVE_HASHDRBG |
wolfSSL | 13:f67a6c6013ca | 635 | if (sz > RNG_MAX_BLOCK_LEN) |
wolfSSL | 13:f67a6c6013ca | 636 | return BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 637 | |
wolfSSL | 13:f67a6c6013ca | 638 | if (rng->status != DRBG_OK) |
wolfSSL | 13:f67a6c6013ca | 639 | return RNG_FAILURE_E; |
wolfSSL | 13:f67a6c6013ca | 640 | |
wolfSSL | 13:f67a6c6013ca | 641 | ret = Hash_DRBG_Generate(rng->drbg, output, sz); |
wolfSSL | 13:f67a6c6013ca | 642 | if (ret == DRBG_NEED_RESEED) { |
wolfSSL | 13:f67a6c6013ca | 643 | if (wc_RNG_HealthTestLocal(1) == 0) { |
wolfSSL | 13:f67a6c6013ca | 644 | byte entropy[ENTROPY_SZ]; |
wolfSSL | 13:f67a6c6013ca | 645 | |
wolfSSL | 13:f67a6c6013ca | 646 | if (wc_GenerateSeed(&rng->seed, entropy, ENTROPY_SZ) == 0 && |
wolfSSL | 13:f67a6c6013ca | 647 | Hash_DRBG_Reseed(rng->drbg, entropy, ENTROPY_SZ) |
wolfSSL | 13:f67a6c6013ca | 648 | == DRBG_SUCCESS) { |
wolfSSL | 13:f67a6c6013ca | 649 | |
wolfSSL | 13:f67a6c6013ca | 650 | ret = Hash_DRBG_Generate(rng->drbg, NULL, 0); |
wolfSSL | 13:f67a6c6013ca | 651 | if (ret == DRBG_SUCCESS) |
wolfSSL | 13:f67a6c6013ca | 652 | ret = Hash_DRBG_Generate(rng->drbg, output, sz); |
wolfSSL | 13:f67a6c6013ca | 653 | } |
wolfSSL | 13:f67a6c6013ca | 654 | else |
wolfSSL | 13:f67a6c6013ca | 655 | ret = DRBG_FAILURE; |
wolfSSL | 13:f67a6c6013ca | 656 | |
wolfSSL | 13:f67a6c6013ca | 657 | ForceZero(entropy, ENTROPY_SZ); |
wolfSSL | 13:f67a6c6013ca | 658 | } |
wolfSSL | 13:f67a6c6013ca | 659 | else |
wolfSSL | 13:f67a6c6013ca | 660 | ret = DRBG_CONT_FAILURE; |
wolfSSL | 13:f67a6c6013ca | 661 | } |
wolfSSL | 13:f67a6c6013ca | 662 | |
wolfSSL | 13:f67a6c6013ca | 663 | if (ret == DRBG_SUCCESS) { |
wolfSSL | 13:f67a6c6013ca | 664 | ret = 0; |
wolfSSL | 13:f67a6c6013ca | 665 | } |
wolfSSL | 13:f67a6c6013ca | 666 | else if (ret == DRBG_CONT_FAILURE) { |
wolfSSL | 13:f67a6c6013ca | 667 | ret = DRBG_CONT_FIPS_E; |
wolfSSL | 13:f67a6c6013ca | 668 | rng->status = DRBG_CONT_FAILED; |
wolfSSL | 13:f67a6c6013ca | 669 | } |
wolfSSL | 13:f67a6c6013ca | 670 | else { |
wolfSSL | 13:f67a6c6013ca | 671 | ret = RNG_FAILURE_E; |
wolfSSL | 13:f67a6c6013ca | 672 | rng->status = DRBG_FAILED; |
wolfSSL | 13:f67a6c6013ca | 673 | } |
wolfSSL | 13:f67a6c6013ca | 674 | #else |
wolfSSL | 13:f67a6c6013ca | 675 | |
wolfSSL | 13:f67a6c6013ca | 676 | /* if we get here then there is an RNG configuration error */ |
wolfSSL | 13:f67a6c6013ca | 677 | ret = RNG_FAILURE_E; |
wolfSSL | 13:f67a6c6013ca | 678 | |
wolfSSL | 13:f67a6c6013ca | 679 | #endif /* HAVE_HASHDRBG */ |
wolfSSL | 13:f67a6c6013ca | 680 | #endif /* CUSTOM_RAND_GENERATE_BLOCK */ |
wolfSSL | 13:f67a6c6013ca | 681 | |
wolfSSL | 13:f67a6c6013ca | 682 | return ret; |
wolfSSL | 13:f67a6c6013ca | 683 | } |
wolfSSL | 13:f67a6c6013ca | 684 | |
wolfSSL | 13:f67a6c6013ca | 685 | |
wolfSSL | 13:f67a6c6013ca | 686 | int wc_RNG_GenerateByte(WC_RNG* rng, byte* b) |
wolfSSL | 13:f67a6c6013ca | 687 | { |
wolfSSL | 13:f67a6c6013ca | 688 | return wc_RNG_GenerateBlock(rng, b, 1); |
wolfSSL | 13:f67a6c6013ca | 689 | } |
wolfSSL | 13:f67a6c6013ca | 690 | |
wolfSSL | 13:f67a6c6013ca | 691 | |
wolfSSL | 13:f67a6c6013ca | 692 | int wc_FreeRng(WC_RNG* rng) |
wolfSSL | 13:f67a6c6013ca | 693 | { |
wolfSSL | 13:f67a6c6013ca | 694 | int ret = 0; |
wolfSSL | 13:f67a6c6013ca | 695 | |
wolfSSL | 13:f67a6c6013ca | 696 | if (rng == NULL) |
wolfSSL | 13:f67a6c6013ca | 697 | return BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 698 | |
wolfSSL | 13:f67a6c6013ca | 699 | #if defined(WOLFSSL_ASYNC_CRYPT) |
wolfSSL | 13:f67a6c6013ca | 700 | wolfAsync_DevCtxFree(&rng->asyncDev, WOLFSSL_ASYNC_MARKER_RNG); |
wolfSSL | 13:f67a6c6013ca | 701 | #endif |
wolfSSL | 13:f67a6c6013ca | 702 | |
wolfSSL | 13:f67a6c6013ca | 703 | #ifdef HAVE_HASHDRBG |
wolfSSL | 13:f67a6c6013ca | 704 | if (rng->drbg != NULL) { |
wolfSSL | 13:f67a6c6013ca | 705 | if (Hash_DRBG_Uninstantiate(rng->drbg) != DRBG_SUCCESS) |
wolfSSL | 13:f67a6c6013ca | 706 | ret = RNG_FAILURE_E; |
wolfSSL | 13:f67a6c6013ca | 707 | |
wolfSSL | 13:f67a6c6013ca | 708 | XFREE(rng->drbg, rng->heap, DYNAMIC_TYPE_RNG); |
wolfSSL | 13:f67a6c6013ca | 709 | rng->drbg = NULL; |
wolfSSL | 13:f67a6c6013ca | 710 | } |
wolfSSL | 13:f67a6c6013ca | 711 | |
wolfSSL | 13:f67a6c6013ca | 712 | rng->status = DRBG_NOT_INIT; |
wolfSSL | 13:f67a6c6013ca | 713 | #endif /* HAVE_HASHDRBG */ |
wolfSSL | 13:f67a6c6013ca | 714 | |
wolfSSL | 13:f67a6c6013ca | 715 | return ret; |
wolfSSL | 13:f67a6c6013ca | 716 | } |
wolfSSL | 13:f67a6c6013ca | 717 | |
wolfSSL | 13:f67a6c6013ca | 718 | #ifdef HAVE_HASHDRBG |
wolfSSL | 13:f67a6c6013ca | 719 | int wc_RNG_HealthTest(int reseed, const byte* entropyA, word32 entropyASz, |
wolfSSL | 13:f67a6c6013ca | 720 | const byte* entropyB, word32 entropyBSz, |
wolfSSL | 13:f67a6c6013ca | 721 | byte* output, word32 outputSz) |
wolfSSL | 13:f67a6c6013ca | 722 | { |
wolfSSL | 13:f67a6c6013ca | 723 | int ret = -1; |
wolfSSL | 13:f67a6c6013ca | 724 | DRBG* drbg; |
wolfSSL | 13:f67a6c6013ca | 725 | #ifndef WOLFSSL_SMALL_STACK |
wolfSSL | 13:f67a6c6013ca | 726 | DRBG drbg_var; |
wolfSSL | 13:f67a6c6013ca | 727 | #endif |
wolfSSL | 13:f67a6c6013ca | 728 | |
wolfSSL | 13:f67a6c6013ca | 729 | if (entropyA == NULL || output == NULL) { |
wolfSSL | 13:f67a6c6013ca | 730 | return BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 731 | } |
wolfSSL | 13:f67a6c6013ca | 732 | |
wolfSSL | 13:f67a6c6013ca | 733 | if (reseed != 0 && entropyB == NULL) { |
wolfSSL | 13:f67a6c6013ca | 734 | return BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 735 | } |
wolfSSL | 13:f67a6c6013ca | 736 | |
wolfSSL | 13:f67a6c6013ca | 737 | if (outputSz != RNG_HEALTH_TEST_CHECK_SIZE) { |
wolfSSL | 13:f67a6c6013ca | 738 | return ret; |
wolfSSL | 13:f67a6c6013ca | 739 | } |
wolfSSL | 13:f67a6c6013ca | 740 | |
wolfSSL | 13:f67a6c6013ca | 741 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 13:f67a6c6013ca | 742 | drbg = (struct DRBG*)XMALLOC(sizeof(DRBG), NULL, DYNAMIC_TYPE_RNG); |
wolfSSL | 13:f67a6c6013ca | 743 | if (drbg == NULL) { |
wolfSSL | 13:f67a6c6013ca | 744 | return MEMORY_E; |
wolfSSL | 13:f67a6c6013ca | 745 | } |
wolfSSL | 13:f67a6c6013ca | 746 | #else |
wolfSSL | 13:f67a6c6013ca | 747 | drbg = &drbg_var; |
wolfSSL | 13:f67a6c6013ca | 748 | #endif |
wolfSSL | 13:f67a6c6013ca | 749 | |
wolfSSL | 13:f67a6c6013ca | 750 | if (Hash_DRBG_Instantiate(drbg, entropyA, entropyASz, NULL, 0, NULL, |
wolfSSL | 13:f67a6c6013ca | 751 | INVALID_DEVID) != 0) { |
wolfSSL | 13:f67a6c6013ca | 752 | goto exit_rng_ht; |
wolfSSL | 13:f67a6c6013ca | 753 | } |
wolfSSL | 13:f67a6c6013ca | 754 | |
wolfSSL | 13:f67a6c6013ca | 755 | if (reseed) { |
wolfSSL | 13:f67a6c6013ca | 756 | if (Hash_DRBG_Reseed(drbg, entropyB, entropyBSz) != 0) { |
wolfSSL | 13:f67a6c6013ca | 757 | goto exit_rng_ht; |
wolfSSL | 13:f67a6c6013ca | 758 | } |
wolfSSL | 13:f67a6c6013ca | 759 | } |
wolfSSL | 13:f67a6c6013ca | 760 | |
wolfSSL | 13:f67a6c6013ca | 761 | if (Hash_DRBG_Generate(drbg, output, outputSz) != 0) { |
wolfSSL | 13:f67a6c6013ca | 762 | goto exit_rng_ht; |
wolfSSL | 13:f67a6c6013ca | 763 | } |
wolfSSL | 13:f67a6c6013ca | 764 | |
wolfSSL | 13:f67a6c6013ca | 765 | if (Hash_DRBG_Generate(drbg, output, outputSz) != 0) { |
wolfSSL | 13:f67a6c6013ca | 766 | goto exit_rng_ht; |
wolfSSL | 13:f67a6c6013ca | 767 | } |
wolfSSL | 13:f67a6c6013ca | 768 | |
wolfSSL | 13:f67a6c6013ca | 769 | /* Mark success */ |
wolfSSL | 13:f67a6c6013ca | 770 | ret = 0; |
wolfSSL | 13:f67a6c6013ca | 771 | |
wolfSSL | 13:f67a6c6013ca | 772 | exit_rng_ht: |
wolfSSL | 13:f67a6c6013ca | 773 | |
wolfSSL | 13:f67a6c6013ca | 774 | /* This is safe to call even if Hash_DRBG_Instantiate fails */ |
wolfSSL | 13:f67a6c6013ca | 775 | if (Hash_DRBG_Uninstantiate(drbg) != 0) { |
wolfSSL | 13:f67a6c6013ca | 776 | ret = -1; |
wolfSSL | 13:f67a6c6013ca | 777 | } |
wolfSSL | 13:f67a6c6013ca | 778 | |
wolfSSL | 13:f67a6c6013ca | 779 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 13:f67a6c6013ca | 780 | XFREE(drbg, NULL, DYNAMIC_TYPE_RNG); |
wolfSSL | 13:f67a6c6013ca | 781 | #endif |
wolfSSL | 13:f67a6c6013ca | 782 | |
wolfSSL | 13:f67a6c6013ca | 783 | return ret; |
wolfSSL | 13:f67a6c6013ca | 784 | } |
wolfSSL | 13:f67a6c6013ca | 785 | |
wolfSSL | 13:f67a6c6013ca | 786 | |
wolfSSL | 13:f67a6c6013ca | 787 | const byte entropyA[] = { |
wolfSSL | 13:f67a6c6013ca | 788 | 0x63, 0x36, 0x33, 0x77, 0xe4, 0x1e, 0x86, 0x46, 0x8d, 0xeb, 0x0a, 0xb4, |
wolfSSL | 13:f67a6c6013ca | 789 | 0xa8, 0xed, 0x68, 0x3f, 0x6a, 0x13, 0x4e, 0x47, 0xe0, 0x14, 0xc7, 0x00, |
wolfSSL | 13:f67a6c6013ca | 790 | 0x45, 0x4e, 0x81, 0xe9, 0x53, 0x58, 0xa5, 0x69, 0x80, 0x8a, 0xa3, 0x8f, |
wolfSSL | 13:f67a6c6013ca | 791 | 0x2a, 0x72, 0xa6, 0x23, 0x59, 0x91, 0x5a, 0x9f, 0x8a, 0x04, 0xca, 0x68 |
wolfSSL | 13:f67a6c6013ca | 792 | }; |
wolfSSL | 13:f67a6c6013ca | 793 | |
wolfSSL | 13:f67a6c6013ca | 794 | const byte reseedEntropyA[] = { |
wolfSSL | 13:f67a6c6013ca | 795 | 0xe6, 0x2b, 0x8a, 0x8e, 0xe8, 0xf1, 0x41, 0xb6, 0x98, 0x05, 0x66, 0xe3, |
wolfSSL | 13:f67a6c6013ca | 796 | 0xbf, 0xe3, 0xc0, 0x49, 0x03, 0xda, 0xd4, 0xac, 0x2c, 0xdf, 0x9f, 0x22, |
wolfSSL | 13:f67a6c6013ca | 797 | 0x80, 0x01, 0x0a, 0x67, 0x39, 0xbc, 0x83, 0xd3 |
wolfSSL | 13:f67a6c6013ca | 798 | }; |
wolfSSL | 13:f67a6c6013ca | 799 | |
wolfSSL | 13:f67a6c6013ca | 800 | const byte outputA[] = { |
wolfSSL | 13:f67a6c6013ca | 801 | 0x04, 0xee, 0xc6, 0x3b, 0xb2, 0x31, 0xdf, 0x2c, 0x63, 0x0a, 0x1a, 0xfb, |
wolfSSL | 13:f67a6c6013ca | 802 | 0xe7, 0x24, 0x94, 0x9d, 0x00, 0x5a, 0x58, 0x78, 0x51, 0xe1, 0xaa, 0x79, |
wolfSSL | 13:f67a6c6013ca | 803 | 0x5e, 0x47, 0x73, 0x47, 0xc8, 0xb0, 0x56, 0x62, 0x1c, 0x18, 0xbd, 0xdc, |
wolfSSL | 13:f67a6c6013ca | 804 | 0xdd, 0x8d, 0x99, 0xfc, 0x5f, 0xc2, 0xb9, 0x20, 0x53, 0xd8, 0xcf, 0xac, |
wolfSSL | 13:f67a6c6013ca | 805 | 0xfb, 0x0b, 0xb8, 0x83, 0x12, 0x05, 0xfa, 0xd1, 0xdd, 0xd6, 0xc0, 0x71, |
wolfSSL | 13:f67a6c6013ca | 806 | 0x31, 0x8a, 0x60, 0x18, 0xf0, 0x3b, 0x73, 0xf5, 0xed, 0xe4, 0xd4, 0xd0, |
wolfSSL | 13:f67a6c6013ca | 807 | 0x71, 0xf9, 0xde, 0x03, 0xfd, 0x7a, 0xea, 0x10, 0x5d, 0x92, 0x99, 0xb8, |
wolfSSL | 13:f67a6c6013ca | 808 | 0xaf, 0x99, 0xaa, 0x07, 0x5b, 0xdb, 0x4d, 0xb9, 0xaa, 0x28, 0xc1, 0x8d, |
wolfSSL | 13:f67a6c6013ca | 809 | 0x17, 0x4b, 0x56, 0xee, 0x2a, 0x01, 0x4d, 0x09, 0x88, 0x96, 0xff, 0x22, |
wolfSSL | 13:f67a6c6013ca | 810 | 0x82, 0xc9, 0x55, 0xa8, 0x19, 0x69, 0xe0, 0x69, 0xfa, 0x8c, 0xe0, 0x07, |
wolfSSL | 13:f67a6c6013ca | 811 | 0xa1, 0x80, 0x18, 0x3a, 0x07, 0xdf, 0xae, 0x17 |
wolfSSL | 13:f67a6c6013ca | 812 | }; |
wolfSSL | 13:f67a6c6013ca | 813 | |
wolfSSL | 13:f67a6c6013ca | 814 | const byte entropyB[] = { |
wolfSSL | 13:f67a6c6013ca | 815 | 0xa6, 0x5a, 0xd0, 0xf3, 0x45, 0xdb, 0x4e, 0x0e, 0xff, 0xe8, 0x75, 0xc3, |
wolfSSL | 13:f67a6c6013ca | 816 | 0xa2, 0xe7, 0x1f, 0x42, 0xc7, 0x12, 0x9d, 0x62, 0x0f, 0xf5, 0xc1, 0x19, |
wolfSSL | 13:f67a6c6013ca | 817 | 0xa9, 0xef, 0x55, 0xf0, 0x51, 0x85, 0xe0, 0xfb, 0x85, 0x81, 0xf9, 0x31, |
wolfSSL | 13:f67a6c6013ca | 818 | 0x75, 0x17, 0x27, 0x6e, 0x06, 0xe9, 0x60, 0x7d, 0xdb, 0xcb, 0xcc, 0x2e |
wolfSSL | 13:f67a6c6013ca | 819 | }; |
wolfSSL | 13:f67a6c6013ca | 820 | |
wolfSSL | 13:f67a6c6013ca | 821 | const byte outputB[] = { |
wolfSSL | 13:f67a6c6013ca | 822 | 0xd3, 0xe1, 0x60, 0xc3, 0x5b, 0x99, 0xf3, 0x40, 0xb2, 0x62, 0x82, 0x64, |
wolfSSL | 13:f67a6c6013ca | 823 | 0xd1, 0x75, 0x10, 0x60, 0xe0, 0x04, 0x5d, 0xa3, 0x83, 0xff, 0x57, 0xa5, |
wolfSSL | 13:f67a6c6013ca | 824 | 0x7d, 0x73, 0xa6, 0x73, 0xd2, 0xb8, 0xd8, 0x0d, 0xaa, 0xf6, 0xa6, 0xc3, |
wolfSSL | 13:f67a6c6013ca | 825 | 0x5a, 0x91, 0xbb, 0x45, 0x79, 0xd7, 0x3f, 0xd0, 0xc8, 0xfe, 0xd1, 0x11, |
wolfSSL | 13:f67a6c6013ca | 826 | 0xb0, 0x39, 0x13, 0x06, 0x82, 0x8a, 0xdf, 0xed, 0x52, 0x8f, 0x01, 0x81, |
wolfSSL | 13:f67a6c6013ca | 827 | 0x21, 0xb3, 0xfe, 0xbd, 0xc3, 0x43, 0xe7, 0x97, 0xb8, 0x7d, 0xbb, 0x63, |
wolfSSL | 13:f67a6c6013ca | 828 | 0xdb, 0x13, 0x33, 0xde, 0xd9, 0xd1, 0xec, 0xe1, 0x77, 0xcf, 0xa6, 0xb7, |
wolfSSL | 13:f67a6c6013ca | 829 | 0x1f, 0xe8, 0xab, 0x1d, 0xa4, 0x66, 0x24, 0xed, 0x64, 0x15, 0xe5, 0x1c, |
wolfSSL | 13:f67a6c6013ca | 830 | 0xcd, 0xe2, 0xc7, 0xca, 0x86, 0xe2, 0x83, 0x99, 0x0e, 0xea, 0xeb, 0x91, |
wolfSSL | 13:f67a6c6013ca | 831 | 0x12, 0x04, 0x15, 0x52, 0x8b, 0x22, 0x95, 0x91, 0x02, 0x81, 0xb0, 0x2d, |
wolfSSL | 13:f67a6c6013ca | 832 | 0xd4, 0x31, 0xf4, 0xc9, 0xf7, 0x04, 0x27, 0xdf |
wolfSSL | 13:f67a6c6013ca | 833 | }; |
wolfSSL | 13:f67a6c6013ca | 834 | |
wolfSSL | 13:f67a6c6013ca | 835 | |
wolfSSL | 13:f67a6c6013ca | 836 | static int wc_RNG_HealthTestLocal(int reseed) |
wolfSSL | 13:f67a6c6013ca | 837 | { |
wolfSSL | 13:f67a6c6013ca | 838 | int ret = 0; |
wolfSSL | 13:f67a6c6013ca | 839 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 13:f67a6c6013ca | 840 | byte* check; |
wolfSSL | 13:f67a6c6013ca | 841 | #else |
wolfSSL | 13:f67a6c6013ca | 842 | byte check[RNG_HEALTH_TEST_CHECK_SIZE]; |
wolfSSL | 13:f67a6c6013ca | 843 | #endif |
wolfSSL | 13:f67a6c6013ca | 844 | |
wolfSSL | 13:f67a6c6013ca | 845 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 13:f67a6c6013ca | 846 | check = (byte*)XMALLOC(RNG_HEALTH_TEST_CHECK_SIZE, NULL, |
wolfSSL | 13:f67a6c6013ca | 847 | DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 13:f67a6c6013ca | 848 | if (check == NULL) { |
wolfSSL | 13:f67a6c6013ca | 849 | return MEMORY_E; |
wolfSSL | 13:f67a6c6013ca | 850 | } |
wolfSSL | 13:f67a6c6013ca | 851 | #endif |
wolfSSL | 13:f67a6c6013ca | 852 | |
wolfSSL | 13:f67a6c6013ca | 853 | if (reseed) { |
wolfSSL | 13:f67a6c6013ca | 854 | ret = wc_RNG_HealthTest(1, entropyA, sizeof(entropyA), |
wolfSSL | 13:f67a6c6013ca | 855 | reseedEntropyA, sizeof(reseedEntropyA), |
wolfSSL | 13:f67a6c6013ca | 856 | check, RNG_HEALTH_TEST_CHECK_SIZE); |
wolfSSL | 13:f67a6c6013ca | 857 | if (ret == 0) { |
wolfSSL | 13:f67a6c6013ca | 858 | if (ConstantCompare(check, outputA, |
wolfSSL | 13:f67a6c6013ca | 859 | RNG_HEALTH_TEST_CHECK_SIZE) != 0) |
wolfSSL | 13:f67a6c6013ca | 860 | ret = -1; |
wolfSSL | 13:f67a6c6013ca | 861 | } |
wolfSSL | 13:f67a6c6013ca | 862 | } |
wolfSSL | 13:f67a6c6013ca | 863 | else { |
wolfSSL | 13:f67a6c6013ca | 864 | ret = wc_RNG_HealthTest(0, entropyB, sizeof(entropyB), |
wolfSSL | 13:f67a6c6013ca | 865 | NULL, 0, |
wolfSSL | 13:f67a6c6013ca | 866 | check, RNG_HEALTH_TEST_CHECK_SIZE); |
wolfSSL | 13:f67a6c6013ca | 867 | if (ret == 0) { |
wolfSSL | 13:f67a6c6013ca | 868 | if (ConstantCompare(check, outputB, |
wolfSSL | 13:f67a6c6013ca | 869 | RNG_HEALTH_TEST_CHECK_SIZE) != 0) |
wolfSSL | 13:f67a6c6013ca | 870 | ret = -1; |
wolfSSL | 13:f67a6c6013ca | 871 | } |
wolfSSL | 13:f67a6c6013ca | 872 | } |
wolfSSL | 13:f67a6c6013ca | 873 | |
wolfSSL | 13:f67a6c6013ca | 874 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 13:f67a6c6013ca | 875 | XFREE(check, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 13:f67a6c6013ca | 876 | #endif |
wolfSSL | 13:f67a6c6013ca | 877 | |
wolfSSL | 13:f67a6c6013ca | 878 | return ret; |
wolfSSL | 13:f67a6c6013ca | 879 | } |
wolfSSL | 13:f67a6c6013ca | 880 | |
wolfSSL | 13:f67a6c6013ca | 881 | #endif /* HAVE_HASHDRBG */ |
wolfSSL | 13:f67a6c6013ca | 882 | |
wolfSSL | 13:f67a6c6013ca | 883 | |
wolfSSL | 13:f67a6c6013ca | 884 | #ifdef HAVE_WNR |
wolfSSL | 13:f67a6c6013ca | 885 | |
wolfSSL | 13:f67a6c6013ca | 886 | /* |
wolfSSL | 13:f67a6c6013ca | 887 | * Init global Whitewood netRandom context |
wolfSSL | 13:f67a6c6013ca | 888 | * Returns 0 on success, negative on error |
wolfSSL | 13:f67a6c6013ca | 889 | */ |
wolfSSL | 13:f67a6c6013ca | 890 | int wc_InitNetRandom(const char* configFile, wnr_hmac_key hmac_cb, int timeout) |
wolfSSL | 13:f67a6c6013ca | 891 | { |
wolfSSL | 13:f67a6c6013ca | 892 | if (configFile == NULL || timeout < 0) |
wolfSSL | 13:f67a6c6013ca | 893 | return BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 894 | |
wolfSSL | 13:f67a6c6013ca | 895 | if (wnr_mutex_init > 0) { |
wolfSSL | 13:f67a6c6013ca | 896 | WOLFSSL_MSG("netRandom context already created, skipping"); |
wolfSSL | 13:f67a6c6013ca | 897 | return 0; |
wolfSSL | 13:f67a6c6013ca | 898 | } |
wolfSSL | 13:f67a6c6013ca | 899 | |
wolfSSL | 13:f67a6c6013ca | 900 | if (wc_InitMutex(&wnr_mutex) != 0) { |
wolfSSL | 13:f67a6c6013ca | 901 | WOLFSSL_MSG("Bad Init Mutex wnr_mutex"); |
wolfSSL | 13:f67a6c6013ca | 902 | return BAD_MUTEX_E; |
wolfSSL | 13:f67a6c6013ca | 903 | } |
wolfSSL | 13:f67a6c6013ca | 904 | wnr_mutex_init = 1; |
wolfSSL | 13:f67a6c6013ca | 905 | |
wolfSSL | 13:f67a6c6013ca | 906 | if (wc_LockMutex(&wnr_mutex) != 0) { |
wolfSSL | 13:f67a6c6013ca | 907 | WOLFSSL_MSG("Bad Lock Mutex wnr_mutex"); |
wolfSSL | 13:f67a6c6013ca | 908 | return BAD_MUTEX_E; |
wolfSSL | 13:f67a6c6013ca | 909 | } |
wolfSSL | 13:f67a6c6013ca | 910 | |
wolfSSL | 13:f67a6c6013ca | 911 | /* store entropy timeout */ |
wolfSSL | 13:f67a6c6013ca | 912 | wnr_timeout = timeout; |
wolfSSL | 13:f67a6c6013ca | 913 | |
wolfSSL | 13:f67a6c6013ca | 914 | /* create global wnr_context struct */ |
wolfSSL | 13:f67a6c6013ca | 915 | if (wnr_create(&wnr_ctx) != WNR_ERROR_NONE) { |
wolfSSL | 13:f67a6c6013ca | 916 | WOLFSSL_MSG("Error creating global netRandom context"); |
wolfSSL | 13:f67a6c6013ca | 917 | return RNG_FAILURE_E; |
wolfSSL | 13:f67a6c6013ca | 918 | } |
wolfSSL | 13:f67a6c6013ca | 919 | |
wolfSSL | 13:f67a6c6013ca | 920 | /* load config file */ |
wolfSSL | 13:f67a6c6013ca | 921 | if (wnr_config_loadf(wnr_ctx, (char*)configFile) != WNR_ERROR_NONE) { |
wolfSSL | 13:f67a6c6013ca | 922 | WOLFSSL_MSG("Error loading config file into netRandom context"); |
wolfSSL | 13:f67a6c6013ca | 923 | wnr_destroy(wnr_ctx); |
wolfSSL | 13:f67a6c6013ca | 924 | wnr_ctx = NULL; |
wolfSSL | 13:f67a6c6013ca | 925 | return RNG_FAILURE_E; |
wolfSSL | 13:f67a6c6013ca | 926 | } |
wolfSSL | 13:f67a6c6013ca | 927 | |
wolfSSL | 13:f67a6c6013ca | 928 | /* create/init polling mechanism */ |
wolfSSL | 13:f67a6c6013ca | 929 | if (wnr_poll_create() != WNR_ERROR_NONE) { |
wolfSSL | 13:f67a6c6013ca | 930 | printf("ERROR: wnr_poll_create() failed\n"); |
wolfSSL | 13:f67a6c6013ca | 931 | WOLFSSL_MSG("Error initializing netRandom polling mechanism"); |
wolfSSL | 13:f67a6c6013ca | 932 | wnr_destroy(wnr_ctx); |
wolfSSL | 13:f67a6c6013ca | 933 | wnr_ctx = NULL; |
wolfSSL | 13:f67a6c6013ca | 934 | return RNG_FAILURE_E; |
wolfSSL | 13:f67a6c6013ca | 935 | } |
wolfSSL | 13:f67a6c6013ca | 936 | |
wolfSSL | 13:f67a6c6013ca | 937 | /* validate config, set HMAC callback (optional) */ |
wolfSSL | 13:f67a6c6013ca | 938 | if (wnr_setup(wnr_ctx, hmac_cb) != WNR_ERROR_NONE) { |
wolfSSL | 13:f67a6c6013ca | 939 | WOLFSSL_MSG("Error setting up netRandom context"); |
wolfSSL | 13:f67a6c6013ca | 940 | wnr_destroy(wnr_ctx); |
wolfSSL | 13:f67a6c6013ca | 941 | wnr_ctx = NULL; |
wolfSSL | 13:f67a6c6013ca | 942 | wnr_poll_destroy(); |
wolfSSL | 13:f67a6c6013ca | 943 | return RNG_FAILURE_E; |
wolfSSL | 13:f67a6c6013ca | 944 | } |
wolfSSL | 13:f67a6c6013ca | 945 | |
wolfSSL | 13:f67a6c6013ca | 946 | wc_UnLockMutex(&wnr_mutex); |
wolfSSL | 13:f67a6c6013ca | 947 | |
wolfSSL | 13:f67a6c6013ca | 948 | return 0; |
wolfSSL | 13:f67a6c6013ca | 949 | } |
wolfSSL | 13:f67a6c6013ca | 950 | |
wolfSSL | 13:f67a6c6013ca | 951 | /* |
wolfSSL | 13:f67a6c6013ca | 952 | * Free global Whitewood netRandom context |
wolfSSL | 13:f67a6c6013ca | 953 | * Returns 0 on success, negative on error |
wolfSSL | 13:f67a6c6013ca | 954 | */ |
wolfSSL | 13:f67a6c6013ca | 955 | int wc_FreeNetRandom(void) |
wolfSSL | 13:f67a6c6013ca | 956 | { |
wolfSSL | 13:f67a6c6013ca | 957 | if (wnr_mutex_init > 0) { |
wolfSSL | 13:f67a6c6013ca | 958 | |
wolfSSL | 13:f67a6c6013ca | 959 | if (wc_LockMutex(&wnr_mutex) != 0) { |
wolfSSL | 13:f67a6c6013ca | 960 | WOLFSSL_MSG("Bad Lock Mutex wnr_mutex"); |
wolfSSL | 13:f67a6c6013ca | 961 | return BAD_MUTEX_E; |
wolfSSL | 13:f67a6c6013ca | 962 | } |
wolfSSL | 13:f67a6c6013ca | 963 | |
wolfSSL | 13:f67a6c6013ca | 964 | if (wnr_ctx != NULL) { |
wolfSSL | 13:f67a6c6013ca | 965 | wnr_destroy(wnr_ctx); |
wolfSSL | 13:f67a6c6013ca | 966 | wnr_ctx = NULL; |
wolfSSL | 13:f67a6c6013ca | 967 | } |
wolfSSL | 13:f67a6c6013ca | 968 | wnr_poll_destroy(); |
wolfSSL | 13:f67a6c6013ca | 969 | |
wolfSSL | 13:f67a6c6013ca | 970 | wc_UnLockMutex(&wnr_mutex); |
wolfSSL | 13:f67a6c6013ca | 971 | |
wolfSSL | 13:f67a6c6013ca | 972 | wc_FreeMutex(&wnr_mutex); |
wolfSSL | 13:f67a6c6013ca | 973 | wnr_mutex_init = 0; |
wolfSSL | 13:f67a6c6013ca | 974 | } |
wolfSSL | 13:f67a6c6013ca | 975 | |
wolfSSL | 13:f67a6c6013ca | 976 | return 0; |
wolfSSL | 13:f67a6c6013ca | 977 | } |
wolfSSL | 13:f67a6c6013ca | 978 | |
wolfSSL | 13:f67a6c6013ca | 979 | #endif /* HAVE_WNR */ |
wolfSSL | 13:f67a6c6013ca | 980 | |
wolfSSL | 13:f67a6c6013ca | 981 | |
wolfSSL | 13:f67a6c6013ca | 982 | #if defined(HAVE_INTEL_RDRAND) || defined(HAVE_INTEL_RDSEED) |
wolfSSL | 13:f67a6c6013ca | 983 | |
wolfSSL | 13:f67a6c6013ca | 984 | #ifdef WOLFSSL_ASYNC_CRYPT |
wolfSSL | 13:f67a6c6013ca | 985 | /* need more retries if multiple cores */ |
wolfSSL | 13:f67a6c6013ca | 986 | #define INTELRD_RETRY (32 * 8) |
wolfSSL | 13:f67a6c6013ca | 987 | #else |
wolfSSL | 13:f67a6c6013ca | 988 | #define INTELRD_RETRY 32 |
wolfSSL | 13:f67a6c6013ca | 989 | #endif |
wolfSSL | 13:f67a6c6013ca | 990 | |
wolfSSL | 13:f67a6c6013ca | 991 | #ifdef HAVE_INTEL_RDSEED |
wolfSSL | 13:f67a6c6013ca | 992 | |
wolfSSL | 13:f67a6c6013ca | 993 | /* return 0 on success */ |
wolfSSL | 13:f67a6c6013ca | 994 | static INLINE int IntelRDseed64(word64* seed) |
wolfSSL | 13:f67a6c6013ca | 995 | { |
wolfSSL | 13:f67a6c6013ca | 996 | unsigned char ok; |
wolfSSL | 13:f67a6c6013ca | 997 | |
wolfSSL | 13:f67a6c6013ca | 998 | __asm__ volatile("rdseed %0; setc %1":"=r"(*seed), "=qm"(ok)); |
wolfSSL | 13:f67a6c6013ca | 999 | return (ok) ? 0 : -1; |
wolfSSL | 13:f67a6c6013ca | 1000 | } |
wolfSSL | 13:f67a6c6013ca | 1001 | |
wolfSSL | 13:f67a6c6013ca | 1002 | /* return 0 on success */ |
wolfSSL | 13:f67a6c6013ca | 1003 | static INLINE int IntelRDseed64_r(word64* rnd) |
wolfSSL | 13:f67a6c6013ca | 1004 | { |
wolfSSL | 13:f67a6c6013ca | 1005 | int i; |
wolfSSL | 13:f67a6c6013ca | 1006 | for (i = 0; i < INTELRD_RETRY; i++) { |
wolfSSL | 13:f67a6c6013ca | 1007 | if (IntelRDseed64(rnd) == 0) |
wolfSSL | 13:f67a6c6013ca | 1008 | return 0; |
wolfSSL | 13:f67a6c6013ca | 1009 | } |
wolfSSL | 13:f67a6c6013ca | 1010 | return -1; |
wolfSSL | 13:f67a6c6013ca | 1011 | } |
wolfSSL | 13:f67a6c6013ca | 1012 | |
wolfSSL | 13:f67a6c6013ca | 1013 | /* return 0 on success */ |
wolfSSL | 13:f67a6c6013ca | 1014 | static int wc_GenerateSeed_IntelRD(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 13:f67a6c6013ca | 1015 | { |
wolfSSL | 13:f67a6c6013ca | 1016 | int ret; |
wolfSSL | 13:f67a6c6013ca | 1017 | word64 rndTmp; |
wolfSSL | 13:f67a6c6013ca | 1018 | |
wolfSSL | 13:f67a6c6013ca | 1019 | (void)os; |
wolfSSL | 13:f67a6c6013ca | 1020 | |
wolfSSL | 13:f67a6c6013ca | 1021 | if (!IS_INTEL_RDSEED(intel_flags)) |
wolfSSL | 13:f67a6c6013ca | 1022 | return -1; |
wolfSSL | 13:f67a6c6013ca | 1023 | |
wolfSSL | 13:f67a6c6013ca | 1024 | for (; (sz / sizeof(word64)) > 0; sz -= sizeof(word64), |
wolfSSL | 13:f67a6c6013ca | 1025 | output += sizeof(word64)) { |
wolfSSL | 13:f67a6c6013ca | 1026 | ret = IntelRDseed64_r((word64*)output); |
wolfSSL | 13:f67a6c6013ca | 1027 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 1028 | return ret; |
wolfSSL | 13:f67a6c6013ca | 1029 | } |
wolfSSL | 13:f67a6c6013ca | 1030 | if (sz == 0) |
wolfSSL | 13:f67a6c6013ca | 1031 | return 0; |
wolfSSL | 13:f67a6c6013ca | 1032 | |
wolfSSL | 13:f67a6c6013ca | 1033 | /* handle unaligned remainder */ |
wolfSSL | 13:f67a6c6013ca | 1034 | ret = IntelRDseed64_r(&rndTmp); |
wolfSSL | 13:f67a6c6013ca | 1035 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 1036 | return ret; |
wolfSSL | 13:f67a6c6013ca | 1037 | |
wolfSSL | 13:f67a6c6013ca | 1038 | XMEMCPY(output, &rndTmp, sz); |
wolfSSL | 13:f67a6c6013ca | 1039 | |
wolfSSL | 13:f67a6c6013ca | 1040 | return 0; |
wolfSSL | 13:f67a6c6013ca | 1041 | } |
wolfSSL | 13:f67a6c6013ca | 1042 | |
wolfSSL | 13:f67a6c6013ca | 1043 | #endif /* HAVE_INTEL_RDSEED */ |
wolfSSL | 13:f67a6c6013ca | 1044 | |
wolfSSL | 13:f67a6c6013ca | 1045 | #ifdef HAVE_INTEL_RDRAND |
wolfSSL | 13:f67a6c6013ca | 1046 | |
wolfSSL | 13:f67a6c6013ca | 1047 | /* return 0 on success */ |
wolfSSL | 13:f67a6c6013ca | 1048 | static INLINE int IntelRDrand64(word64 *rnd) |
wolfSSL | 13:f67a6c6013ca | 1049 | { |
wolfSSL | 13:f67a6c6013ca | 1050 | unsigned char ok; |
wolfSSL | 13:f67a6c6013ca | 1051 | |
wolfSSL | 13:f67a6c6013ca | 1052 | __asm__ volatile("rdrand %0; setc %1":"=r"(*rnd), "=qm"(ok)); |
wolfSSL | 13:f67a6c6013ca | 1053 | |
wolfSSL | 13:f67a6c6013ca | 1054 | return (ok) ? 0 : -1; |
wolfSSL | 13:f67a6c6013ca | 1055 | } |
wolfSSL | 13:f67a6c6013ca | 1056 | |
wolfSSL | 13:f67a6c6013ca | 1057 | /* return 0 on success */ |
wolfSSL | 13:f67a6c6013ca | 1058 | static INLINE int IntelRDrand64_r(word64 *rnd) |
wolfSSL | 13:f67a6c6013ca | 1059 | { |
wolfSSL | 13:f67a6c6013ca | 1060 | int i; |
wolfSSL | 13:f67a6c6013ca | 1061 | for (i = 0; i < INTELRD_RETRY; i++) { |
wolfSSL | 13:f67a6c6013ca | 1062 | if (IntelRDrand64(rnd) == 0) |
wolfSSL | 13:f67a6c6013ca | 1063 | return 0; |
wolfSSL | 13:f67a6c6013ca | 1064 | } |
wolfSSL | 13:f67a6c6013ca | 1065 | return -1; |
wolfSSL | 13:f67a6c6013ca | 1066 | } |
wolfSSL | 13:f67a6c6013ca | 1067 | |
wolfSSL | 13:f67a6c6013ca | 1068 | /* return 0 on success */ |
wolfSSL | 13:f67a6c6013ca | 1069 | static int wc_GenerateRand_IntelRD(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 13:f67a6c6013ca | 1070 | { |
wolfSSL | 13:f67a6c6013ca | 1071 | int ret; |
wolfSSL | 13:f67a6c6013ca | 1072 | word64 rndTmp; |
wolfSSL | 13:f67a6c6013ca | 1073 | |
wolfSSL | 13:f67a6c6013ca | 1074 | (void)os; |
wolfSSL | 13:f67a6c6013ca | 1075 | |
wolfSSL | 13:f67a6c6013ca | 1076 | if (!IS_INTEL_RDRAND(intel_flags)) |
wolfSSL | 13:f67a6c6013ca | 1077 | return -1; |
wolfSSL | 13:f67a6c6013ca | 1078 | |
wolfSSL | 13:f67a6c6013ca | 1079 | for (; (sz / sizeof(word64)) > 0; sz -= sizeof(word64), |
wolfSSL | 13:f67a6c6013ca | 1080 | output += sizeof(word64)) { |
wolfSSL | 13:f67a6c6013ca | 1081 | ret = IntelRDrand64_r((word64 *)output); |
wolfSSL | 13:f67a6c6013ca | 1082 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 1083 | return ret; |
wolfSSL | 13:f67a6c6013ca | 1084 | } |
wolfSSL | 13:f67a6c6013ca | 1085 | if (sz == 0) |
wolfSSL | 13:f67a6c6013ca | 1086 | return 0; |
wolfSSL | 13:f67a6c6013ca | 1087 | |
wolfSSL | 13:f67a6c6013ca | 1088 | /* handle unaligned remainder */ |
wolfSSL | 13:f67a6c6013ca | 1089 | ret = IntelRDrand64_r(&rndTmp); |
wolfSSL | 13:f67a6c6013ca | 1090 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 1091 | return ret; |
wolfSSL | 13:f67a6c6013ca | 1092 | |
wolfSSL | 13:f67a6c6013ca | 1093 | XMEMCPY(output, &rndTmp, sz); |
wolfSSL | 13:f67a6c6013ca | 1094 | |
wolfSSL | 13:f67a6c6013ca | 1095 | return 0; |
wolfSSL | 13:f67a6c6013ca | 1096 | } |
wolfSSL | 13:f67a6c6013ca | 1097 | |
wolfSSL | 13:f67a6c6013ca | 1098 | #endif /* HAVE_INTEL_RDRAND */ |
wolfSSL | 13:f67a6c6013ca | 1099 | #endif /* HAVE_INTEL_RDRAND || HAVE_INTEL_RDSEED */ |
wolfSSL | 13:f67a6c6013ca | 1100 | |
wolfSSL | 13:f67a6c6013ca | 1101 | |
wolfSSL | 13:f67a6c6013ca | 1102 | /* Begin wc_GenerateSeed Implementations */ |
wolfSSL | 13:f67a6c6013ca | 1103 | #if defined(CUSTOM_RAND_GENERATE_SEED) |
wolfSSL | 13:f67a6c6013ca | 1104 | |
wolfSSL | 13:f67a6c6013ca | 1105 | /* Implement your own random generation function |
wolfSSL | 13:f67a6c6013ca | 1106 | * Return 0 to indicate success |
wolfSSL | 13:f67a6c6013ca | 1107 | * int rand_gen_seed(byte* output, word32 sz); |
wolfSSL | 13:f67a6c6013ca | 1108 | * #define CUSTOM_RAND_GENERATE_SEED rand_gen_seed */ |
wolfSSL | 13:f67a6c6013ca | 1109 | |
wolfSSL | 13:f67a6c6013ca | 1110 | int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 13:f67a6c6013ca | 1111 | { |
wolfSSL | 13:f67a6c6013ca | 1112 | (void)os; /* Suppress unused arg warning */ |
wolfSSL | 13:f67a6c6013ca | 1113 | return CUSTOM_RAND_GENERATE_SEED(output, sz); |
wolfSSL | 13:f67a6c6013ca | 1114 | } |
wolfSSL | 13:f67a6c6013ca | 1115 | |
wolfSSL | 13:f67a6c6013ca | 1116 | #elif defined(CUSTOM_RAND_GENERATE_SEED_OS) |
wolfSSL | 13:f67a6c6013ca | 1117 | |
wolfSSL | 13:f67a6c6013ca | 1118 | /* Implement your own random generation function, |
wolfSSL | 13:f67a6c6013ca | 1119 | * which includes OS_Seed. |
wolfSSL | 13:f67a6c6013ca | 1120 | * Return 0 to indicate success |
wolfSSL | 13:f67a6c6013ca | 1121 | * int rand_gen_seed(OS_Seed* os, byte* output, word32 sz); |
wolfSSL | 13:f67a6c6013ca | 1122 | * #define CUSTOM_RAND_GENERATE_SEED_OS rand_gen_seed */ |
wolfSSL | 13:f67a6c6013ca | 1123 | |
wolfSSL | 13:f67a6c6013ca | 1124 | int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 13:f67a6c6013ca | 1125 | { |
wolfSSL | 13:f67a6c6013ca | 1126 | return CUSTOM_RAND_GENERATE_SEED_OS(os, output, sz); |
wolfSSL | 13:f67a6c6013ca | 1127 | } |
wolfSSL | 13:f67a6c6013ca | 1128 | |
wolfSSL | 13:f67a6c6013ca | 1129 | #elif defined(CUSTOM_RAND_GENERATE) |
wolfSSL | 13:f67a6c6013ca | 1130 | |
wolfSSL | 13:f67a6c6013ca | 1131 | /* Implement your own random generation function |
wolfSSL | 13:f67a6c6013ca | 1132 | * word32 rand_gen(void); |
wolfSSL | 13:f67a6c6013ca | 1133 | * #define CUSTOM_RAND_GENERATE rand_gen */ |
wolfSSL | 13:f67a6c6013ca | 1134 | |
wolfSSL | 13:f67a6c6013ca | 1135 | int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 13:f67a6c6013ca | 1136 | { |
wolfSSL | 13:f67a6c6013ca | 1137 | word32 i = 0; |
wolfSSL | 13:f67a6c6013ca | 1138 | |
wolfSSL | 13:f67a6c6013ca | 1139 | (void)os; |
wolfSSL | 13:f67a6c6013ca | 1140 | |
wolfSSL | 13:f67a6c6013ca | 1141 | while (i < sz) |
wolfSSL | 13:f67a6c6013ca | 1142 | { |
wolfSSL | 13:f67a6c6013ca | 1143 | /* If not aligned or there is odd/remainder */ |
wolfSSL | 13:f67a6c6013ca | 1144 | if( (i + sizeof(CUSTOM_RAND_TYPE)) > sz || |
wolfSSL | 13:f67a6c6013ca | 1145 | ((wolfssl_word)&output[i] % sizeof(CUSTOM_RAND_TYPE)) != 0 |
wolfSSL | 13:f67a6c6013ca | 1146 | ) { |
wolfSSL | 13:f67a6c6013ca | 1147 | /* Single byte at a time */ |
wolfSSL | 13:f67a6c6013ca | 1148 | output[i++] = (byte)CUSTOM_RAND_GENERATE(); |
wolfSSL | 13:f67a6c6013ca | 1149 | } |
wolfSSL | 13:f67a6c6013ca | 1150 | else { |
wolfSSL | 13:f67a6c6013ca | 1151 | /* Use native 8, 16, 32 or 64 copy instruction */ |
wolfSSL | 13:f67a6c6013ca | 1152 | *((CUSTOM_RAND_TYPE*)&output[i]) = CUSTOM_RAND_GENERATE(); |
wolfSSL | 13:f67a6c6013ca | 1153 | i += sizeof(CUSTOM_RAND_TYPE); |
wolfSSL | 13:f67a6c6013ca | 1154 | } |
wolfSSL | 13:f67a6c6013ca | 1155 | } |
wolfSSL | 13:f67a6c6013ca | 1156 | |
wolfSSL | 13:f67a6c6013ca | 1157 | return 0; |
wolfSSL | 13:f67a6c6013ca | 1158 | } |
wolfSSL | 13:f67a6c6013ca | 1159 | |
wolfSSL | 13:f67a6c6013ca | 1160 | #elif defined(WOLFSSL_SGX) |
wolfSSL | 13:f67a6c6013ca | 1161 | |
wolfSSL | 13:f67a6c6013ca | 1162 | int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 13:f67a6c6013ca | 1163 | { |
wolfSSL | 13:f67a6c6013ca | 1164 | int ret = !SGX_SUCCESS; |
wolfSSL | 13:f67a6c6013ca | 1165 | int i, read_max = 10; |
wolfSSL | 13:f67a6c6013ca | 1166 | |
wolfSSL | 13:f67a6c6013ca | 1167 | for (i = 0; i < read_max && ret != SGX_SUCCESS; i++) { |
wolfSSL | 13:f67a6c6013ca | 1168 | ret = sgx_read_rand(output, sz); |
wolfSSL | 13:f67a6c6013ca | 1169 | } |
wolfSSL | 13:f67a6c6013ca | 1170 | |
wolfSSL | 13:f67a6c6013ca | 1171 | (void)os; |
wolfSSL | 13:f67a6c6013ca | 1172 | return (ret == SGX_SUCCESS) ? 0 : 1; |
wolfSSL | 13:f67a6c6013ca | 1173 | } |
wolfSSL | 13:f67a6c6013ca | 1174 | |
wolfSSL | 13:f67a6c6013ca | 1175 | #elif defined(USE_WINDOWS_API) |
wolfSSL | 13:f67a6c6013ca | 1176 | |
wolfSSL | 13:f67a6c6013ca | 1177 | int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 13:f67a6c6013ca | 1178 | { |
wolfSSL | 13:f67a6c6013ca | 1179 | if(!CryptAcquireContext(&os->handle, 0, 0, PROV_RSA_FULL, |
wolfSSL | 13:f67a6c6013ca | 1180 | CRYPT_VERIFYCONTEXT)) |
wolfSSL | 13:f67a6c6013ca | 1181 | return WINCRYPT_E; |
wolfSSL | 13:f67a6c6013ca | 1182 | |
wolfSSL | 13:f67a6c6013ca | 1183 | if (!CryptGenRandom(os->handle, sz, output)) |
wolfSSL | 13:f67a6c6013ca | 1184 | return CRYPTGEN_E; |
wolfSSL | 13:f67a6c6013ca | 1185 | |
wolfSSL | 13:f67a6c6013ca | 1186 | CryptReleaseContext(os->handle, 0); |
wolfSSL | 13:f67a6c6013ca | 1187 | |
wolfSSL | 13:f67a6c6013ca | 1188 | return 0; |
wolfSSL | 13:f67a6c6013ca | 1189 | } |
wolfSSL | 13:f67a6c6013ca | 1190 | |
wolfSSL | 13:f67a6c6013ca | 1191 | |
wolfSSL | 13:f67a6c6013ca | 1192 | #elif defined(HAVE_RTP_SYS) || defined(EBSNET) |
wolfSSL | 13:f67a6c6013ca | 1193 | |
wolfSSL | 13:f67a6c6013ca | 1194 | #include "rtprand.h" /* rtp_rand () */ |
wolfSSL | 13:f67a6c6013ca | 1195 | #include "rtptime.h" /* rtp_get_system_msec() */ |
wolfSSL | 13:f67a6c6013ca | 1196 | |
wolfSSL | 13:f67a6c6013ca | 1197 | |
wolfSSL | 13:f67a6c6013ca | 1198 | int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 13:f67a6c6013ca | 1199 | { |
wolfSSL | 13:f67a6c6013ca | 1200 | int i; |
wolfSSL | 13:f67a6c6013ca | 1201 | rtp_srand(rtp_get_system_msec()); |
wolfSSL | 13:f67a6c6013ca | 1202 | |
wolfSSL | 13:f67a6c6013ca | 1203 | for (i = 0; i < sz; i++ ) { |
wolfSSL | 13:f67a6c6013ca | 1204 | output[i] = rtp_rand() % 256; |
wolfSSL | 13:f67a6c6013ca | 1205 | if ( (i % 8) == 7) |
wolfSSL | 13:f67a6c6013ca | 1206 | rtp_srand(rtp_get_system_msec()); |
wolfSSL | 13:f67a6c6013ca | 1207 | } |
wolfSSL | 13:f67a6c6013ca | 1208 | |
wolfSSL | 13:f67a6c6013ca | 1209 | return 0; |
wolfSSL | 13:f67a6c6013ca | 1210 | } |
wolfSSL | 13:f67a6c6013ca | 1211 | |
wolfSSL | 13:f67a6c6013ca | 1212 | |
wolfSSL | 13:f67a6c6013ca | 1213 | #elif defined(MICRIUM) |
wolfSSL | 13:f67a6c6013ca | 1214 | |
wolfSSL | 13:f67a6c6013ca | 1215 | int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 13:f67a6c6013ca | 1216 | { |
wolfSSL | 13:f67a6c6013ca | 1217 | #if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED) |
wolfSSL | 13:f67a6c6013ca | 1218 | NetSecure_InitSeed(output, sz); |
wolfSSL | 13:f67a6c6013ca | 1219 | #endif |
wolfSSL | 13:f67a6c6013ca | 1220 | return 0; |
wolfSSL | 13:f67a6c6013ca | 1221 | } |
wolfSSL | 13:f67a6c6013ca | 1222 | |
wolfSSL | 13:f67a6c6013ca | 1223 | #elif defined(MICROCHIP_PIC32) |
wolfSSL | 13:f67a6c6013ca | 1224 | |
wolfSSL | 13:f67a6c6013ca | 1225 | #ifdef MICROCHIP_MPLAB_HARMONY |
wolfSSL | 13:f67a6c6013ca | 1226 | #define PIC32_SEED_COUNT _CP0_GET_COUNT |
wolfSSL | 13:f67a6c6013ca | 1227 | #else |
wolfSSL | 13:f67a6c6013ca | 1228 | #if !defined(WOLFSSL_MICROCHIP_PIC32MZ) |
wolfSSL | 13:f67a6c6013ca | 1229 | #include <peripheral/timer.h> |
wolfSSL | 13:f67a6c6013ca | 1230 | #endif |
wolfSSL | 13:f67a6c6013ca | 1231 | extern word32 ReadCoreTimer(void); |
wolfSSL | 13:f67a6c6013ca | 1232 | #define PIC32_SEED_COUNT ReadCoreTimer |
wolfSSL | 13:f67a6c6013ca | 1233 | #endif |
wolfSSL | 13:f67a6c6013ca | 1234 | |
wolfSSL | 13:f67a6c6013ca | 1235 | #ifdef WOLFSSL_PIC32MZ_RNG |
wolfSSL | 13:f67a6c6013ca | 1236 | #include "xc.h" |
wolfSSL | 13:f67a6c6013ca | 1237 | int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 13:f67a6c6013ca | 1238 | { |
wolfSSL | 13:f67a6c6013ca | 1239 | int i; |
wolfSSL | 13:f67a6c6013ca | 1240 | byte rnd[8]; |
wolfSSL | 13:f67a6c6013ca | 1241 | word32 *rnd32 = (word32 *)rnd; |
wolfSSL | 13:f67a6c6013ca | 1242 | word32 size = sz; |
wolfSSL | 13:f67a6c6013ca | 1243 | byte* op = output; |
wolfSSL | 13:f67a6c6013ca | 1244 | |
wolfSSL | 13:f67a6c6013ca | 1245 | #if ((__PIC32_FEATURE_SET0 == 'E') && (__PIC32_FEATURE_SET1 == 'C')) |
wolfSSL | 13:f67a6c6013ca | 1246 | RNGNUMGEN1 = _CP0_GET_COUNT(); |
wolfSSL | 13:f67a6c6013ca | 1247 | RNGPOLY1 = _CP0_GET_COUNT(); |
wolfSSL | 13:f67a6c6013ca | 1248 | RNGPOLY2 = _CP0_GET_COUNT(); |
wolfSSL | 13:f67a6c6013ca | 1249 | RNGNUMGEN2 = _CP0_GET_COUNT(); |
wolfSSL | 13:f67a6c6013ca | 1250 | #else |
wolfSSL | 13:f67a6c6013ca | 1251 | // All others can be seeded from the TRNG |
wolfSSL | 13:f67a6c6013ca | 1252 | RNGCONbits.TRNGMODE = 1; |
wolfSSL | 13:f67a6c6013ca | 1253 | RNGCONbits.TRNGEN = 1; |
wolfSSL | 13:f67a6c6013ca | 1254 | while (RNGCNT < 64); |
wolfSSL | 13:f67a6c6013ca | 1255 | RNGCONbits.LOAD = 1; |
wolfSSL | 13:f67a6c6013ca | 1256 | while (RNGCONbits.LOAD == 1); |
wolfSSL | 13:f67a6c6013ca | 1257 | while (RNGCNT < 64); |
wolfSSL | 13:f67a6c6013ca | 1258 | RNGPOLY2 = RNGSEED2; |
wolfSSL | 13:f67a6c6013ca | 1259 | RNGPOLY1 = RNGSEED1; |
wolfSSL | 13:f67a6c6013ca | 1260 | #endif |
wolfSSL | 13:f67a6c6013ca | 1261 | |
wolfSSL | 13:f67a6c6013ca | 1262 | RNGCONbits.PLEN = 0x40; |
wolfSSL | 13:f67a6c6013ca | 1263 | RNGCONbits.PRNGEN = 1; |
wolfSSL | 13:f67a6c6013ca | 1264 | for (i=0; i<5; i++) { /* wait for RNGNUMGEN ready */ |
wolfSSL | 13:f67a6c6013ca | 1265 | volatile int x; |
wolfSSL | 13:f67a6c6013ca | 1266 | x = RNGNUMGEN1; |
wolfSSL | 13:f67a6c6013ca | 1267 | x = RNGNUMGEN2; |
wolfSSL | 13:f67a6c6013ca | 1268 | (void)x; |
wolfSSL | 13:f67a6c6013ca | 1269 | } |
wolfSSL | 13:f67a6c6013ca | 1270 | do { |
wolfSSL | 13:f67a6c6013ca | 1271 | rnd32[0] = RNGNUMGEN1; |
wolfSSL | 13:f67a6c6013ca | 1272 | rnd32[1] = RNGNUMGEN2; |
wolfSSL | 13:f67a6c6013ca | 1273 | |
wolfSSL | 13:f67a6c6013ca | 1274 | for(i=0; i<8; i++, op++) { |
wolfSSL | 13:f67a6c6013ca | 1275 | *op = rnd[i]; |
wolfSSL | 13:f67a6c6013ca | 1276 | size --; |
wolfSSL | 13:f67a6c6013ca | 1277 | if(size==0)break; |
wolfSSL | 13:f67a6c6013ca | 1278 | } |
wolfSSL | 13:f67a6c6013ca | 1279 | } while(size); |
wolfSSL | 13:f67a6c6013ca | 1280 | return 0; |
wolfSSL | 13:f67a6c6013ca | 1281 | } |
wolfSSL | 13:f67a6c6013ca | 1282 | #else /* WOLFSSL_PIC32MZ_RNG */ |
wolfSSL | 13:f67a6c6013ca | 1283 | /* uses the core timer, in nanoseconds to seed srand */ |
wolfSSL | 13:f67a6c6013ca | 1284 | int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 13:f67a6c6013ca | 1285 | { |
wolfSSL | 13:f67a6c6013ca | 1286 | int i; |
wolfSSL | 13:f67a6c6013ca | 1287 | srand(PIC32_SEED_COUNT() * 25); |
wolfSSL | 13:f67a6c6013ca | 1288 | |
wolfSSL | 13:f67a6c6013ca | 1289 | for (i = 0; i < sz; i++ ) { |
wolfSSL | 13:f67a6c6013ca | 1290 | output[i] = rand() % 256; |
wolfSSL | 13:f67a6c6013ca | 1291 | if ( (i % 8) == 7) |
wolfSSL | 13:f67a6c6013ca | 1292 | srand(PIC32_SEED_COUNT() * 25); |
wolfSSL | 13:f67a6c6013ca | 1293 | } |
wolfSSL | 13:f67a6c6013ca | 1294 | return 0; |
wolfSSL | 13:f67a6c6013ca | 1295 | } |
wolfSSL | 13:f67a6c6013ca | 1296 | #endif /* WOLFSSL_PIC32MZ_RNG */ |
wolfSSL | 13:f67a6c6013ca | 1297 | |
wolfSSL | 13:f67a6c6013ca | 1298 | #elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) || \ |
wolfSSL | 13:f67a6c6013ca | 1299 | defined(FREESCALE_KSDK_BM) || defined(FREESCALE_FREE_RTOS) |
wolfSSL | 13:f67a6c6013ca | 1300 | |
wolfSSL | 13:f67a6c6013ca | 1301 | #if defined(FREESCALE_K70_RNGA) || defined(FREESCALE_RNGA) |
wolfSSL | 13:f67a6c6013ca | 1302 | /* |
wolfSSL | 13:f67a6c6013ca | 1303 | * wc_Generates a RNG seed using the Random Number Generator Accelerator |
wolfSSL | 13:f67a6c6013ca | 1304 | * on the Kinetis K70. Documentation located in Chapter 37 of |
wolfSSL | 13:f67a6c6013ca | 1305 | * K70 Sub-Family Reference Manual (see Note 3 in the README for link). |
wolfSSL | 13:f67a6c6013ca | 1306 | */ |
wolfSSL | 13:f67a6c6013ca | 1307 | int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 13:f67a6c6013ca | 1308 | { |
wolfSSL | 13:f67a6c6013ca | 1309 | int i; |
wolfSSL | 13:f67a6c6013ca | 1310 | |
wolfSSL | 13:f67a6c6013ca | 1311 | /* turn on RNGA module */ |
wolfSSL | 13:f67a6c6013ca | 1312 | #if defined(SIM_SCGC3_RNGA_MASK) |
wolfSSL | 13:f67a6c6013ca | 1313 | SIM_SCGC3 |= SIM_SCGC3_RNGA_MASK; |
wolfSSL | 13:f67a6c6013ca | 1314 | #endif |
wolfSSL | 13:f67a6c6013ca | 1315 | #if defined(SIM_SCGC6_RNGA_MASK) |
wolfSSL | 13:f67a6c6013ca | 1316 | /* additionally needed for at least K64F */ |
wolfSSL | 13:f67a6c6013ca | 1317 | SIM_SCGC6 |= SIM_SCGC6_RNGA_MASK; |
wolfSSL | 13:f67a6c6013ca | 1318 | #endif |
wolfSSL | 13:f67a6c6013ca | 1319 | |
wolfSSL | 13:f67a6c6013ca | 1320 | /* set SLP bit to 0 - "RNGA is not in sleep mode" */ |
wolfSSL | 13:f67a6c6013ca | 1321 | RNG_CR &= ~RNG_CR_SLP_MASK; |
wolfSSL | 13:f67a6c6013ca | 1322 | |
wolfSSL | 13:f67a6c6013ca | 1323 | /* set HA bit to 1 - "security violations masked" */ |
wolfSSL | 13:f67a6c6013ca | 1324 | RNG_CR |= RNG_CR_HA_MASK; |
wolfSSL | 13:f67a6c6013ca | 1325 | |
wolfSSL | 13:f67a6c6013ca | 1326 | /* set GO bit to 1 - "output register loaded with data" */ |
wolfSSL | 13:f67a6c6013ca | 1327 | RNG_CR |= RNG_CR_GO_MASK; |
wolfSSL | 13:f67a6c6013ca | 1328 | |
wolfSSL | 13:f67a6c6013ca | 1329 | for (i = 0; i < sz; i++) { |
wolfSSL | 13:f67a6c6013ca | 1330 | |
wolfSSL | 13:f67a6c6013ca | 1331 | /* wait for RNG FIFO to be full */ |
wolfSSL | 13:f67a6c6013ca | 1332 | while((RNG_SR & RNG_SR_OREG_LVL(0xF)) == 0) {} |
wolfSSL | 13:f67a6c6013ca | 1333 | |
wolfSSL | 13:f67a6c6013ca | 1334 | /* get value */ |
wolfSSL | 13:f67a6c6013ca | 1335 | output[i] = RNG_OR; |
wolfSSL | 13:f67a6c6013ca | 1336 | } |
wolfSSL | 13:f67a6c6013ca | 1337 | |
wolfSSL | 13:f67a6c6013ca | 1338 | return 0; |
wolfSSL | 13:f67a6c6013ca | 1339 | } |
wolfSSL | 13:f67a6c6013ca | 1340 | |
wolfSSL | 13:f67a6c6013ca | 1341 | #elif defined(FREESCALE_K53_RNGB) || defined(FREESCALE_RNGB) |
wolfSSL | 13:f67a6c6013ca | 1342 | /* |
wolfSSL | 13:f67a6c6013ca | 1343 | * wc_Generates a RNG seed using the Random Number Generator (RNGB) |
wolfSSL | 13:f67a6c6013ca | 1344 | * on the Kinetis K53. Documentation located in Chapter 33 of |
wolfSSL | 13:f67a6c6013ca | 1345 | * K53 Sub-Family Reference Manual (see note in the README for link). |
wolfSSL | 13:f67a6c6013ca | 1346 | */ |
wolfSSL | 13:f67a6c6013ca | 1347 | int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 13:f67a6c6013ca | 1348 | { |
wolfSSL | 13:f67a6c6013ca | 1349 | int i; |
wolfSSL | 13:f67a6c6013ca | 1350 | |
wolfSSL | 13:f67a6c6013ca | 1351 | /* turn on RNGB module */ |
wolfSSL | 13:f67a6c6013ca | 1352 | SIM_SCGC3 |= SIM_SCGC3_RNGB_MASK; |
wolfSSL | 13:f67a6c6013ca | 1353 | |
wolfSSL | 13:f67a6c6013ca | 1354 | /* reset RNGB */ |
wolfSSL | 13:f67a6c6013ca | 1355 | RNG_CMD |= RNG_CMD_SR_MASK; |
wolfSSL | 13:f67a6c6013ca | 1356 | |
wolfSSL | 13:f67a6c6013ca | 1357 | /* FIFO generate interrupt, return all zeros on underflow, |
wolfSSL | 13:f67a6c6013ca | 1358 | * set auto reseed */ |
wolfSSL | 13:f67a6c6013ca | 1359 | RNG_CR |= (RNG_CR_FUFMOD_MASK | RNG_CR_AR_MASK); |
wolfSSL | 13:f67a6c6013ca | 1360 | |
wolfSSL | 13:f67a6c6013ca | 1361 | /* gen seed, clear interrupts, clear errors */ |
wolfSSL | 13:f67a6c6013ca | 1362 | RNG_CMD |= (RNG_CMD_GS_MASK | RNG_CMD_CI_MASK | RNG_CMD_CE_MASK); |
wolfSSL | 13:f67a6c6013ca | 1363 | |
wolfSSL | 13:f67a6c6013ca | 1364 | /* wait for seeding to complete */ |
wolfSSL | 13:f67a6c6013ca | 1365 | while ((RNG_SR & RNG_SR_SDN_MASK) == 0) {} |
wolfSSL | 13:f67a6c6013ca | 1366 | |
wolfSSL | 13:f67a6c6013ca | 1367 | for (i = 0; i < sz; i++) { |
wolfSSL | 13:f67a6c6013ca | 1368 | |
wolfSSL | 13:f67a6c6013ca | 1369 | /* wait for a word to be available from FIFO */ |
wolfSSL | 13:f67a6c6013ca | 1370 | while((RNG_SR & RNG_SR_FIFO_LVL_MASK) == 0) {} |
wolfSSL | 13:f67a6c6013ca | 1371 | |
wolfSSL | 13:f67a6c6013ca | 1372 | /* get value */ |
wolfSSL | 13:f67a6c6013ca | 1373 | output[i] = RNG_OUT; |
wolfSSL | 13:f67a6c6013ca | 1374 | } |
wolfSSL | 13:f67a6c6013ca | 1375 | |
wolfSSL | 13:f67a6c6013ca | 1376 | return 0; |
wolfSSL | 13:f67a6c6013ca | 1377 | } |
wolfSSL | 13:f67a6c6013ca | 1378 | |
wolfSSL | 13:f67a6c6013ca | 1379 | #elif defined(FREESCALE_KSDK_2_0_TRNG) |
wolfSSL | 13:f67a6c6013ca | 1380 | |
wolfSSL | 13:f67a6c6013ca | 1381 | int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 13:f67a6c6013ca | 1382 | { |
wolfSSL | 13:f67a6c6013ca | 1383 | status_t status; |
wolfSSL | 13:f67a6c6013ca | 1384 | status = TRNG_GetRandomData(TRNG0, output, sz); |
wolfSSL | 13:f67a6c6013ca | 1385 | if (status == kStatus_Success) |
wolfSSL | 13:f67a6c6013ca | 1386 | { |
wolfSSL | 13:f67a6c6013ca | 1387 | return(0); |
wolfSSL | 13:f67a6c6013ca | 1388 | } |
wolfSSL | 13:f67a6c6013ca | 1389 | else |
wolfSSL | 13:f67a6c6013ca | 1390 | { |
wolfSSL | 13:f67a6c6013ca | 1391 | return RAN_BLOCK_E; |
wolfSSL | 13:f67a6c6013ca | 1392 | } |
wolfSSL | 13:f67a6c6013ca | 1393 | } |
wolfSSL | 13:f67a6c6013ca | 1394 | |
wolfSSL | 13:f67a6c6013ca | 1395 | #elif defined(FREESCALE_KSDK_2_0_RNGA) |
wolfSSL | 13:f67a6c6013ca | 1396 | |
wolfSSL | 13:f67a6c6013ca | 1397 | int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 13:f67a6c6013ca | 1398 | { |
wolfSSL | 13:f67a6c6013ca | 1399 | status_t status; |
wolfSSL | 13:f67a6c6013ca | 1400 | status = RNGA_GetRandomData(RNG, output, sz); |
wolfSSL | 13:f67a6c6013ca | 1401 | if (status == kStatus_Success) |
wolfSSL | 13:f67a6c6013ca | 1402 | { |
wolfSSL | 13:f67a6c6013ca | 1403 | return(0); |
wolfSSL | 13:f67a6c6013ca | 1404 | } |
wolfSSL | 13:f67a6c6013ca | 1405 | else |
wolfSSL | 13:f67a6c6013ca | 1406 | { |
wolfSSL | 13:f67a6c6013ca | 1407 | return RAN_BLOCK_E; |
wolfSSL | 13:f67a6c6013ca | 1408 | } |
wolfSSL | 13:f67a6c6013ca | 1409 | } |
wolfSSL | 13:f67a6c6013ca | 1410 | |
wolfSSL | 13:f67a6c6013ca | 1411 | |
wolfSSL | 13:f67a6c6013ca | 1412 | #elif defined(FREESCALE_RNGA) |
wolfSSL | 13:f67a6c6013ca | 1413 | |
wolfSSL | 13:f67a6c6013ca | 1414 | int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 13:f67a6c6013ca | 1415 | { |
wolfSSL | 13:f67a6c6013ca | 1416 | RNGA_DRV_GetRandomData(RNGA_INSTANCE, output, sz); |
wolfSSL | 13:f67a6c6013ca | 1417 | return 0; |
wolfSSL | 13:f67a6c6013ca | 1418 | } |
wolfSSL | 13:f67a6c6013ca | 1419 | |
wolfSSL | 13:f67a6c6013ca | 1420 | #else |
wolfSSL | 13:f67a6c6013ca | 1421 | #define USE_TEST_GENSEED |
wolfSSL | 13:f67a6c6013ca | 1422 | #endif /* FREESCALE_K70_RNGA */ |
wolfSSL | 13:f67a6c6013ca | 1423 | |
wolfSSL | 13:f67a6c6013ca | 1424 | #elif defined(STM32F2_RNG) || defined(STM32F4_RNG) |
wolfSSL | 13:f67a6c6013ca | 1425 | /* |
wolfSSL | 13:f67a6c6013ca | 1426 | * wc_Generate a RNG seed using the hardware random number generator |
wolfSSL | 13:f67a6c6013ca | 1427 | * on the STM32F2/F4. */ |
wolfSSL | 13:f67a6c6013ca | 1428 | |
wolfSSL | 13:f67a6c6013ca | 1429 | #ifdef WOLFSSL_STM32_CUBEMX |
wolfSSL | 13:f67a6c6013ca | 1430 | int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 13:f67a6c6013ca | 1431 | { |
wolfSSL | 13:f67a6c6013ca | 1432 | RNG_HandleTypeDef hrng; |
wolfSSL | 13:f67a6c6013ca | 1433 | int i; |
wolfSSL | 13:f67a6c6013ca | 1434 | (void)os; |
wolfSSL | 13:f67a6c6013ca | 1435 | |
wolfSSL | 13:f67a6c6013ca | 1436 | /* enable RNG clock source */ |
wolfSSL | 13:f67a6c6013ca | 1437 | __HAL_RCC_RNG_CLK_ENABLE(); |
wolfSSL | 13:f67a6c6013ca | 1438 | |
wolfSSL | 13:f67a6c6013ca | 1439 | /* enable RNG peripheral */ |
wolfSSL | 13:f67a6c6013ca | 1440 | hrng.Instance = RNG; |
wolfSSL | 13:f67a6c6013ca | 1441 | HAL_RNG_Init(&hrng); |
wolfSSL | 13:f67a6c6013ca | 1442 | |
wolfSSL | 13:f67a6c6013ca | 1443 | for (i = 0; i < (int)sz; i++) { |
wolfSSL | 13:f67a6c6013ca | 1444 | /* get value */ |
wolfSSL | 13:f67a6c6013ca | 1445 | output[i] = (byte)HAL_RNG_GetRandomNumber(&hrng); |
wolfSSL | 13:f67a6c6013ca | 1446 | } |
wolfSSL | 13:f67a6c6013ca | 1447 | |
wolfSSL | 13:f67a6c6013ca | 1448 | return 0; |
wolfSSL | 13:f67a6c6013ca | 1449 | } |
wolfSSL | 13:f67a6c6013ca | 1450 | #else |
wolfSSL | 13:f67a6c6013ca | 1451 | int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 13:f67a6c6013ca | 1452 | { |
wolfSSL | 13:f67a6c6013ca | 1453 | int i; |
wolfSSL | 13:f67a6c6013ca | 1454 | (void)os; |
wolfSSL | 13:f67a6c6013ca | 1455 | |
wolfSSL | 13:f67a6c6013ca | 1456 | /* enable RNG clock source */ |
wolfSSL | 13:f67a6c6013ca | 1457 | RCC_AHB2PeriphClockCmd(RCC_AHB2Periph_RNG, ENABLE); |
wolfSSL | 13:f67a6c6013ca | 1458 | |
wolfSSL | 13:f67a6c6013ca | 1459 | /* enable RNG peripheral */ |
wolfSSL | 13:f67a6c6013ca | 1460 | RNG_Cmd(ENABLE); |
wolfSSL | 13:f67a6c6013ca | 1461 | |
wolfSSL | 13:f67a6c6013ca | 1462 | for (i = 0; i < (int)sz; i++) { |
wolfSSL | 13:f67a6c6013ca | 1463 | /* wait until RNG number is ready */ |
wolfSSL | 13:f67a6c6013ca | 1464 | while(RNG_GetFlagStatus(RNG_FLAG_DRDY)== RESET) { } |
wolfSSL | 13:f67a6c6013ca | 1465 | |
wolfSSL | 13:f67a6c6013ca | 1466 | /* get value */ |
wolfSSL | 13:f67a6c6013ca | 1467 | output[i] = RNG_GetRandomNumber(); |
wolfSSL | 13:f67a6c6013ca | 1468 | } |
wolfSSL | 13:f67a6c6013ca | 1469 | |
wolfSSL | 13:f67a6c6013ca | 1470 | return 0; |
wolfSSL | 13:f67a6c6013ca | 1471 | } |
wolfSSL | 13:f67a6c6013ca | 1472 | #endif /* WOLFSSL_STM32_CUBEMX */ |
wolfSSL | 13:f67a6c6013ca | 1473 | |
wolfSSL | 13:f67a6c6013ca | 1474 | #elif defined(WOLFSSL_TIRTOS) |
wolfSSL | 13:f67a6c6013ca | 1475 | |
wolfSSL | 13:f67a6c6013ca | 1476 | #include <xdc/runtime/Timestamp.h> |
wolfSSL | 13:f67a6c6013ca | 1477 | #include <stdlib.h> |
wolfSSL | 13:f67a6c6013ca | 1478 | int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 13:f67a6c6013ca | 1479 | { |
wolfSSL | 13:f67a6c6013ca | 1480 | int i; |
wolfSSL | 13:f67a6c6013ca | 1481 | srand(xdc_runtime_Timestamp_get32()); |
wolfSSL | 13:f67a6c6013ca | 1482 | |
wolfSSL | 13:f67a6c6013ca | 1483 | for (i = 0; i < sz; i++ ) { |
wolfSSL | 13:f67a6c6013ca | 1484 | output[i] = rand() % 256; |
wolfSSL | 13:f67a6c6013ca | 1485 | if ((i % 8) == 7) { |
wolfSSL | 13:f67a6c6013ca | 1486 | srand(xdc_runtime_Timestamp_get32()); |
wolfSSL | 13:f67a6c6013ca | 1487 | } |
wolfSSL | 13:f67a6c6013ca | 1488 | } |
wolfSSL | 13:f67a6c6013ca | 1489 | |
wolfSSL | 13:f67a6c6013ca | 1490 | return 0; |
wolfSSL | 13:f67a6c6013ca | 1491 | } |
wolfSSL | 13:f67a6c6013ca | 1492 | |
wolfSSL | 13:f67a6c6013ca | 1493 | #elif defined(WOLFSSL_VXWORKS) |
wolfSSL | 13:f67a6c6013ca | 1494 | |
wolfSSL | 13:f67a6c6013ca | 1495 | #include <randomNumGen.h> |
wolfSSL | 13:f67a6c6013ca | 1496 | |
wolfSSL | 13:f67a6c6013ca | 1497 | int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) { |
wolfSSL | 13:f67a6c6013ca | 1498 | STATUS status; |
wolfSSL | 13:f67a6c6013ca | 1499 | |
wolfSSL | 13:f67a6c6013ca | 1500 | #ifdef VXWORKS_SIM |
wolfSSL | 13:f67a6c6013ca | 1501 | /* cannot generate true entropy with VxWorks simulator */ |
wolfSSL | 13:f67a6c6013ca | 1502 | #warning "not enough entropy, simulator for testing only" |
wolfSSL | 13:f67a6c6013ca | 1503 | int i = 0; |
wolfSSL | 13:f67a6c6013ca | 1504 | |
wolfSSL | 13:f67a6c6013ca | 1505 | for (i = 0; i < 1000; i++) { |
wolfSSL | 13:f67a6c6013ca | 1506 | randomAddTimeStamp(); |
wolfSSL | 13:f67a6c6013ca | 1507 | } |
wolfSSL | 13:f67a6c6013ca | 1508 | #endif |
wolfSSL | 13:f67a6c6013ca | 1509 | |
wolfSSL | 13:f67a6c6013ca | 1510 | status = randBytes (output, sz); |
wolfSSL | 13:f67a6c6013ca | 1511 | if (status == ERROR) { |
wolfSSL | 13:f67a6c6013ca | 1512 | return RNG_FAILURE_E; |
wolfSSL | 13:f67a6c6013ca | 1513 | } |
wolfSSL | 13:f67a6c6013ca | 1514 | |
wolfSSL | 13:f67a6c6013ca | 1515 | return 0; |
wolfSSL | 13:f67a6c6013ca | 1516 | } |
wolfSSL | 13:f67a6c6013ca | 1517 | |
wolfSSL | 13:f67a6c6013ca | 1518 | #elif defined(WOLFSSL_NRF51) |
wolfSSL | 13:f67a6c6013ca | 1519 | #include "app_error.h" |
wolfSSL | 13:f67a6c6013ca | 1520 | #include "nrf_drv_rng.h" |
wolfSSL | 13:f67a6c6013ca | 1521 | int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 13:f67a6c6013ca | 1522 | { |
wolfSSL | 13:f67a6c6013ca | 1523 | int remaining = sz, length, pos = 0; |
wolfSSL | 13:f67a6c6013ca | 1524 | uint8_t available; |
wolfSSL | 13:f67a6c6013ca | 1525 | uint32_t err_code; |
wolfSSL | 13:f67a6c6013ca | 1526 | |
wolfSSL | 13:f67a6c6013ca | 1527 | (void)os; |
wolfSSL | 13:f67a6c6013ca | 1528 | |
wolfSSL | 13:f67a6c6013ca | 1529 | /* Make sure RNG is running */ |
wolfSSL | 13:f67a6c6013ca | 1530 | err_code = nrf_drv_rng_init(NULL); |
wolfSSL | 13:f67a6c6013ca | 1531 | if (err_code != NRF_SUCCESS && err_code != NRF_ERROR_INVALID_STATE) { |
wolfSSL | 13:f67a6c6013ca | 1532 | return -1; |
wolfSSL | 13:f67a6c6013ca | 1533 | } |
wolfSSL | 13:f67a6c6013ca | 1534 | |
wolfSSL | 13:f67a6c6013ca | 1535 | while (remaining > 0) { |
wolfSSL | 13:f67a6c6013ca | 1536 | err_code = nrf_drv_rng_bytes_available(&available); |
wolfSSL | 13:f67a6c6013ca | 1537 | if (err_code == NRF_SUCCESS) { |
wolfSSL | 13:f67a6c6013ca | 1538 | length = (remaining < available) ? remaining : available; |
wolfSSL | 13:f67a6c6013ca | 1539 | if (length > 0) { |
wolfSSL | 13:f67a6c6013ca | 1540 | err_code = nrf_drv_rng_rand(&output[pos], length); |
wolfSSL | 13:f67a6c6013ca | 1541 | remaining -= length; |
wolfSSL | 13:f67a6c6013ca | 1542 | pos += length; |
wolfSSL | 13:f67a6c6013ca | 1543 | } |
wolfSSL | 13:f67a6c6013ca | 1544 | } |
wolfSSL | 13:f67a6c6013ca | 1545 | |
wolfSSL | 13:f67a6c6013ca | 1546 | if (err_code != NRF_SUCCESS) { |
wolfSSL | 13:f67a6c6013ca | 1547 | break; |
wolfSSL | 13:f67a6c6013ca | 1548 | } |
wolfSSL | 13:f67a6c6013ca | 1549 | } |
wolfSSL | 13:f67a6c6013ca | 1550 | |
wolfSSL | 13:f67a6c6013ca | 1551 | return (err_code == NRF_SUCCESS) ? 0 : -1; |
wolfSSL | 13:f67a6c6013ca | 1552 | } |
wolfSSL | 13:f67a6c6013ca | 1553 | |
wolfSSL | 13:f67a6c6013ca | 1554 | #elif defined(HAVE_WNR) |
wolfSSL | 13:f67a6c6013ca | 1555 | |
wolfSSL | 13:f67a6c6013ca | 1556 | int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 13:f67a6c6013ca | 1557 | { |
wolfSSL | 13:f67a6c6013ca | 1558 | if (os == NULL || output == NULL || wnr_ctx == NULL || |
wolfSSL | 13:f67a6c6013ca | 1559 | wnr_timeout < 0) { |
wolfSSL | 13:f67a6c6013ca | 1560 | return BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 1561 | } |
wolfSSL | 13:f67a6c6013ca | 1562 | |
wolfSSL | 13:f67a6c6013ca | 1563 | if (wnr_mutex_init == 0) { |
wolfSSL | 13:f67a6c6013ca | 1564 | WOLFSSL_MSG("netRandom context must be created before use"); |
wolfSSL | 13:f67a6c6013ca | 1565 | return RNG_FAILURE_E; |
wolfSSL | 13:f67a6c6013ca | 1566 | } |
wolfSSL | 13:f67a6c6013ca | 1567 | |
wolfSSL | 13:f67a6c6013ca | 1568 | if (wc_LockMutex(&wnr_mutex) != 0) { |
wolfSSL | 13:f67a6c6013ca | 1569 | WOLFSSL_MSG("Bad Lock Mutex wnr_mutex\n"); |
wolfSSL | 13:f67a6c6013ca | 1570 | return BAD_MUTEX_E; |
wolfSSL | 13:f67a6c6013ca | 1571 | } |
wolfSSL | 13:f67a6c6013ca | 1572 | |
wolfSSL | 13:f67a6c6013ca | 1573 | if (wnr_get_entropy(wnr_ctx, wnr_timeout, output, sz, sz) != |
wolfSSL | 13:f67a6c6013ca | 1574 | WNR_ERROR_NONE) |
wolfSSL | 13:f67a6c6013ca | 1575 | return RNG_FAILURE_E; |
wolfSSL | 13:f67a6c6013ca | 1576 | |
wolfSSL | 13:f67a6c6013ca | 1577 | wc_UnLockMutex(&wnr_mutex); |
wolfSSL | 13:f67a6c6013ca | 1578 | |
wolfSSL | 13:f67a6c6013ca | 1579 | return 0; |
wolfSSL | 13:f67a6c6013ca | 1580 | } |
wolfSSL | 13:f67a6c6013ca | 1581 | |
wolfSSL | 13:f67a6c6013ca | 1582 | #elif defined(WOLFSSL_ATMEL) |
wolfSSL | 13:f67a6c6013ca | 1583 | #include <wolfssl/wolfcrypt/port/atmel/atmel.h> |
wolfSSL | 13:f67a6c6013ca | 1584 | |
wolfSSL | 13:f67a6c6013ca | 1585 | int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 13:f67a6c6013ca | 1586 | { |
wolfSSL | 13:f67a6c6013ca | 1587 | int ret = 0; |
wolfSSL | 13:f67a6c6013ca | 1588 | |
wolfSSL | 13:f67a6c6013ca | 1589 | (void)os; |
wolfSSL | 13:f67a6c6013ca | 1590 | if (output == NULL) { |
wolfSSL | 13:f67a6c6013ca | 1591 | return BUFFER_E; |
wolfSSL | 13:f67a6c6013ca | 1592 | } |
wolfSSL | 13:f67a6c6013ca | 1593 | |
wolfSSL | 13:f67a6c6013ca | 1594 | ret = atmel_get_random_number(sz, output); |
wolfSSL | 13:f67a6c6013ca | 1595 | |
wolfSSL | 13:f67a6c6013ca | 1596 | return ret; |
wolfSSL | 13:f67a6c6013ca | 1597 | } |
wolfSSL | 13:f67a6c6013ca | 1598 | |
wolfSSL | 13:f67a6c6013ca | 1599 | #elif defined(INTIME_RTOS) |
wolfSSL | 13:f67a6c6013ca | 1600 | int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 13:f67a6c6013ca | 1601 | { |
wolfSSL | 13:f67a6c6013ca | 1602 | int ret = 0; |
wolfSSL | 13:f67a6c6013ca | 1603 | |
wolfSSL | 13:f67a6c6013ca | 1604 | (void)os; |
wolfSSL | 13:f67a6c6013ca | 1605 | |
wolfSSL | 13:f67a6c6013ca | 1606 | if (output == NULL) { |
wolfSSL | 13:f67a6c6013ca | 1607 | return BUFFER_E; |
wolfSSL | 13:f67a6c6013ca | 1608 | } |
wolfSSL | 13:f67a6c6013ca | 1609 | |
wolfSSL | 13:f67a6c6013ca | 1610 | /* Note: Investigate better solution */ |
wolfSSL | 13:f67a6c6013ca | 1611 | /* no return to check */ |
wolfSSL | 13:f67a6c6013ca | 1612 | arc4random_buf(output, sz); |
wolfSSL | 13:f67a6c6013ca | 1613 | |
wolfSSL | 13:f67a6c6013ca | 1614 | return ret; |
wolfSSL | 13:f67a6c6013ca | 1615 | } |
wolfSSL | 13:f67a6c6013ca | 1616 | |
wolfSSL | 13:f67a6c6013ca | 1617 | #elif defined(IDIRECT_DEV_RANDOM) |
wolfSSL | 13:f67a6c6013ca | 1618 | |
wolfSSL | 13:f67a6c6013ca | 1619 | extern int getRandom( int sz, unsigned char *output ); |
wolfSSL | 13:f67a6c6013ca | 1620 | |
wolfSSL | 13:f67a6c6013ca | 1621 | int GenerateSeed(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 13:f67a6c6013ca | 1622 | { |
wolfSSL | 13:f67a6c6013ca | 1623 | int num_bytes_returned = 0; |
wolfSSL | 13:f67a6c6013ca | 1624 | |
wolfSSL | 13:f67a6c6013ca | 1625 | num_bytes_returned = getRandom( (int) sz, (unsigned char *) output ); |
wolfSSL | 13:f67a6c6013ca | 1626 | |
wolfSSL | 13:f67a6c6013ca | 1627 | return 0; |
wolfSSL | 13:f67a6c6013ca | 1628 | } |
wolfSSL | 13:f67a6c6013ca | 1629 | |
wolfSSL | 13:f67a6c6013ca | 1630 | #elif defined(CUSTOM_RAND_GENERATE_BLOCK) |
wolfSSL | 13:f67a6c6013ca | 1631 | /* #define CUSTOM_RAND_GENERATE_BLOCK myRngFunc |
wolfSSL | 13:f67a6c6013ca | 1632 | * extern int myRngFunc(byte* output, word32 sz); |
wolfSSL | 13:f67a6c6013ca | 1633 | */ |
wolfSSL | 13:f67a6c6013ca | 1634 | |
wolfSSL | 13:f67a6c6013ca | 1635 | #elif defined(WOLFSSL_SAFERTOS) || defined(WOLFSSL_LEANPSK) || \ |
wolfSSL | 13:f67a6c6013ca | 1636 | defined(WOLFSSL_IAR_ARM) || defined(WOLFSSL_MDK_ARM) || \ |
wolfSSL | 13:f67a6c6013ca | 1637 | defined(WOLFSSL_uITRON4) || defined(WOLFSSL_uTKERNEL2) || \ |
wolfSSL | 13:f67a6c6013ca | 1638 | defined(WOLFSSL_LPC43xx) || defined(WOLFSSL_STM32F2xx) || \ |
wolfSSL | 13:f67a6c6013ca | 1639 | defined(MBED) || defined(WOLFSSL_EMBOS) || \ |
wolfSSL | 13:f67a6c6013ca | 1640 | defined(WOLFSSL_GENSEED_FORTEST) |
wolfSSL | 13:f67a6c6013ca | 1641 | |
wolfSSL | 13:f67a6c6013ca | 1642 | /* these platforms do not have a default random seed and |
wolfSSL | 13:f67a6c6013ca | 1643 | you'll need to implement your own wc_GenerateSeed or define via |
wolfSSL | 13:f67a6c6013ca | 1644 | CUSTOM_RAND_GENERATE_BLOCK */ |
wolfSSL | 13:f67a6c6013ca | 1645 | |
wolfSSL | 13:f67a6c6013ca | 1646 | #define USE_TEST_GENSEED |
wolfSSL | 13:f67a6c6013ca | 1647 | |
wolfSSL | 13:f67a6c6013ca | 1648 | #elif defined(NO_DEV_RANDOM) |
wolfSSL | 13:f67a6c6013ca | 1649 | |
wolfSSL | 13:f67a6c6013ca | 1650 | #error "you need to write an os specific wc_GenerateSeed() here" |
wolfSSL | 13:f67a6c6013ca | 1651 | |
wolfSSL | 13:f67a6c6013ca | 1652 | /* |
wolfSSL | 13:f67a6c6013ca | 1653 | int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 13:f67a6c6013ca | 1654 | { |
wolfSSL | 13:f67a6c6013ca | 1655 | return 0; |
wolfSSL | 13:f67a6c6013ca | 1656 | } |
wolfSSL | 13:f67a6c6013ca | 1657 | */ |
wolfSSL | 13:f67a6c6013ca | 1658 | |
wolfSSL | 13:f67a6c6013ca | 1659 | #else |
wolfSSL | 13:f67a6c6013ca | 1660 | |
wolfSSL | 13:f67a6c6013ca | 1661 | /* may block */ |
wolfSSL | 13:f67a6c6013ca | 1662 | int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 13:f67a6c6013ca | 1663 | { |
wolfSSL | 13:f67a6c6013ca | 1664 | int ret = 0; |
wolfSSL | 13:f67a6c6013ca | 1665 | |
wolfSSL | 13:f67a6c6013ca | 1666 | #ifdef HAVE_INTEL_RDSEED |
wolfSSL | 13:f67a6c6013ca | 1667 | if (IS_INTEL_RDSEED(intel_flags)) { |
wolfSSL | 13:f67a6c6013ca | 1668 | ret = wc_GenerateSeed_IntelRD(NULL, output, sz); |
wolfSSL | 13:f67a6c6013ca | 1669 | if (ret == 0) { |
wolfSSL | 13:f67a6c6013ca | 1670 | /* success, we're done */ |
wolfSSL | 13:f67a6c6013ca | 1671 | return ret; |
wolfSSL | 13:f67a6c6013ca | 1672 | } |
wolfSSL | 13:f67a6c6013ca | 1673 | #ifdef FORCE_FAILURE_RDSEED |
wolfSSL | 13:f67a6c6013ca | 1674 | /* don't fallback to /dev/urandom */ |
wolfSSL | 13:f67a6c6013ca | 1675 | return ret; |
wolfSSL | 13:f67a6c6013ca | 1676 | #else |
wolfSSL | 13:f67a6c6013ca | 1677 | /* fallback to /dev/urandom attempt */ |
wolfSSL | 13:f67a6c6013ca | 1678 | ret = 0; |
wolfSSL | 13:f67a6c6013ca | 1679 | #endif |
wolfSSL | 13:f67a6c6013ca | 1680 | } |
wolfSSL | 13:f67a6c6013ca | 1681 | |
wolfSSL | 13:f67a6c6013ca | 1682 | #endif /* HAVE_INTEL_RDSEED */ |
wolfSSL | 13:f67a6c6013ca | 1683 | |
wolfSSL | 13:f67a6c6013ca | 1684 | os->fd = open("/dev/urandom",O_RDONLY); |
wolfSSL | 13:f67a6c6013ca | 1685 | if (os->fd == -1) { |
wolfSSL | 13:f67a6c6013ca | 1686 | /* may still have /dev/random */ |
wolfSSL | 13:f67a6c6013ca | 1687 | os->fd = open("/dev/random",O_RDONLY); |
wolfSSL | 13:f67a6c6013ca | 1688 | if (os->fd == -1) |
wolfSSL | 13:f67a6c6013ca | 1689 | return OPEN_RAN_E; |
wolfSSL | 13:f67a6c6013ca | 1690 | } |
wolfSSL | 13:f67a6c6013ca | 1691 | |
wolfSSL | 13:f67a6c6013ca | 1692 | while (sz) { |
wolfSSL | 13:f67a6c6013ca | 1693 | int len = (int)read(os->fd, output, sz); |
wolfSSL | 13:f67a6c6013ca | 1694 | if (len == -1) { |
wolfSSL | 13:f67a6c6013ca | 1695 | ret = READ_RAN_E; |
wolfSSL | 13:f67a6c6013ca | 1696 | break; |
wolfSSL | 13:f67a6c6013ca | 1697 | } |
wolfSSL | 13:f67a6c6013ca | 1698 | |
wolfSSL | 13:f67a6c6013ca | 1699 | sz -= len; |
wolfSSL | 13:f67a6c6013ca | 1700 | output += len; |
wolfSSL | 13:f67a6c6013ca | 1701 | |
wolfSSL | 13:f67a6c6013ca | 1702 | if (sz) { |
wolfSSL | 13:f67a6c6013ca | 1703 | #ifdef BLOCKING |
wolfSSL | 13:f67a6c6013ca | 1704 | sleep(0); /* context switch */ |
wolfSSL | 13:f67a6c6013ca | 1705 | #else |
wolfSSL | 13:f67a6c6013ca | 1706 | ret = RAN_BLOCK_E; |
wolfSSL | 13:f67a6c6013ca | 1707 | break; |
wolfSSL | 13:f67a6c6013ca | 1708 | #endif |
wolfSSL | 13:f67a6c6013ca | 1709 | } |
wolfSSL | 13:f67a6c6013ca | 1710 | } |
wolfSSL | 13:f67a6c6013ca | 1711 | close(os->fd); |
wolfSSL | 13:f67a6c6013ca | 1712 | |
wolfSSL | 13:f67a6c6013ca | 1713 | return ret; |
wolfSSL | 13:f67a6c6013ca | 1714 | } |
wolfSSL | 13:f67a6c6013ca | 1715 | |
wolfSSL | 13:f67a6c6013ca | 1716 | #endif |
wolfSSL | 13:f67a6c6013ca | 1717 | |
wolfSSL | 13:f67a6c6013ca | 1718 | #ifdef USE_TEST_GENSEED |
wolfSSL | 13:f67a6c6013ca | 1719 | #ifndef _MSC_VER |
wolfSSL | 13:f67a6c6013ca | 1720 | #warning "write a real random seed!!!!, just for testing now" |
wolfSSL | 13:f67a6c6013ca | 1721 | #else |
wolfSSL | 13:f67a6c6013ca | 1722 | #pragma message("Warning: write a real random seed!!!!, just for testing now") |
wolfSSL | 13:f67a6c6013ca | 1723 | #endif |
wolfSSL | 13:f67a6c6013ca | 1724 | |
wolfSSL | 13:f67a6c6013ca | 1725 | int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) |
wolfSSL | 13:f67a6c6013ca | 1726 | { |
wolfSSL | 13:f67a6c6013ca | 1727 | word32 i; |
wolfSSL | 13:f67a6c6013ca | 1728 | for (i = 0; i < sz; i++ ) |
wolfSSL | 13:f67a6c6013ca | 1729 | output[i] = i; |
wolfSSL | 13:f67a6c6013ca | 1730 | |
wolfSSL | 13:f67a6c6013ca | 1731 | (void)os; |
wolfSSL | 13:f67a6c6013ca | 1732 | |
wolfSSL | 13:f67a6c6013ca | 1733 | return 0; |
wolfSSL | 13:f67a6c6013ca | 1734 | } |
wolfSSL | 13:f67a6c6013ca | 1735 | #endif |
wolfSSL | 13:f67a6c6013ca | 1736 | |
wolfSSL | 13:f67a6c6013ca | 1737 | /* End wc_GenerateSeed */ |
wolfSSL | 13:f67a6c6013ca | 1738 | |
wolfSSL | 13:f67a6c6013ca | 1739 | #endif /* WC_NO_RNG */ |
wolfSSL | 13:f67a6c6013ca | 1740 | #endif /* HAVE_FIPS */ |
wolfSSL | 13:f67a6c6013ca | 1741 |