wolf SSL / wolfSSL

wolfSSL SSL/TLS library, support up to TLS1.3

Dependents:   CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more

wolfcrypt/src/random.c@13:f67a6c6013ca, 2017-08-22 (annotated)

Committer:
wolfSSL
Date:
Tue Aug 22 10:48:22 2017 +0000
Revision:
13:f67a6c6013ca
wolfSSL3.12.0 with TLS1.3

Who changed what in which revision?

UserRevisionLine numberNew contents of line
wolfSSL 13:f67a6c6013ca 1 /* random.c
wolfSSL 13:f67a6c6013ca 2 *
wolfSSL 13:f67a6c6013ca 3 * Copyright (C) 2006-2016 wolfSSL Inc.
wolfSSL 13:f67a6c6013ca 4 *
wolfSSL 13:f67a6c6013ca 5 * This file is part of wolfSSL.
wolfSSL 13:f67a6c6013ca 6 *
wolfSSL 13:f67a6c6013ca 7 * wolfSSL is free software; you can redistribute it and/or modify
wolfSSL 13:f67a6c6013ca 8 * it under the terms of the GNU General Public License as published by
wolfSSL 13:f67a6c6013ca 9 * the Free Software Foundation; either version 2 of the License, or
wolfSSL 13:f67a6c6013ca 10 * (at your option) any later version.
wolfSSL 13:f67a6c6013ca 11 *
wolfSSL 13:f67a6c6013ca 12 * wolfSSL is distributed in the hope that it will be useful,
wolfSSL 13:f67a6c6013ca 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL 13:f67a6c6013ca 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL 13:f67a6c6013ca 15 * GNU General Public License for more details.
wolfSSL 13:f67a6c6013ca 16 *
wolfSSL 13:f67a6c6013ca 17 * You should have received a copy of the GNU General Public License
wolfSSL 13:f67a6c6013ca 18 * along with this program; if not, write to the Free Software
wolfSSL 13:f67a6c6013ca 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
wolfSSL 13:f67a6c6013ca 20 */
wolfSSL 13:f67a6c6013ca 21
wolfSSL 13:f67a6c6013ca 22
wolfSSL 13:f67a6c6013ca 23 #ifdef HAVE_CONFIG_H
wolfSSL 13:f67a6c6013ca 24 #include <config.h>
wolfSSL 13:f67a6c6013ca 25 #endif
wolfSSL 13:f67a6c6013ca 26
wolfSSL 13:f67a6c6013ca 27 #include <wolfssl/wolfcrypt/settings.h>
wolfSSL 13:f67a6c6013ca 28
wolfSSL 13:f67a6c6013ca 29 /* on HPUX 11 you may need to install /dev/random see
wolfSSL 13:f67a6c6013ca 30 http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=KRNG11I
wolfSSL 13:f67a6c6013ca 31
wolfSSL 13:f67a6c6013ca 32 */
wolfSSL 13:f67a6c6013ca 33
wolfSSL 13:f67a6c6013ca 34 #include <wolfssl/wolfcrypt/random.h>
wolfSSL 13:f67a6c6013ca 35 #include <wolfssl/wolfcrypt/cpuid.h>
wolfSSL 13:f67a6c6013ca 36
wolfSSL 13:f67a6c6013ca 37
wolfSSL 13:f67a6c6013ca 38 #ifdef HAVE_FIPS
wolfSSL 13:f67a6c6013ca 39 int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz)
wolfSSL 13:f67a6c6013ca 40 {
wolfSSL 13:f67a6c6013ca 41 return GenerateSeed(os, seed, sz);
wolfSSL 13:f67a6c6013ca 42 }
wolfSSL 13:f67a6c6013ca 43
wolfSSL 13:f67a6c6013ca 44 int wc_InitRng_ex(WC_RNG* rng, void* heap, int devId)
wolfSSL 13:f67a6c6013ca 45 {
wolfSSL 13:f67a6c6013ca 46 (void)heap;
wolfSSL 13:f67a6c6013ca 47 (void)devId;
wolfSSL 13:f67a6c6013ca 48 return InitRng_fips(rng);
wolfSSL 13:f67a6c6013ca 49 }
wolfSSL 13:f67a6c6013ca 50
wolfSSL 13:f67a6c6013ca 51 int wc_InitRng(WC_RNG* rng)
wolfSSL 13:f67a6c6013ca 52 {
wolfSSL 13:f67a6c6013ca 53 return InitRng_fips(rng);
wolfSSL 13:f67a6c6013ca 54 }
wolfSSL 13:f67a6c6013ca 55
wolfSSL 13:f67a6c6013ca 56
wolfSSL 13:f67a6c6013ca 57 int wc_RNG_GenerateBlock(WC_RNG* rng, byte* b, word32 sz)
wolfSSL 13:f67a6c6013ca 58 {
wolfSSL 13:f67a6c6013ca 59 return RNG_GenerateBlock_fips(rng, b, sz);
wolfSSL 13:f67a6c6013ca 60 }
wolfSSL 13:f67a6c6013ca 61
wolfSSL 13:f67a6c6013ca 62
wolfSSL 13:f67a6c6013ca 63 int wc_RNG_GenerateByte(WC_RNG* rng, byte* b)
wolfSSL 13:f67a6c6013ca 64 {
wolfSSL 13:f67a6c6013ca 65 return RNG_GenerateByte(rng, b);
wolfSSL 13:f67a6c6013ca 66 }
wolfSSL 13:f67a6c6013ca 67
wolfSSL 13:f67a6c6013ca 68 #ifdef HAVE_HASHDRBG
wolfSSL 13:f67a6c6013ca 69
wolfSSL 13:f67a6c6013ca 70 int wc_FreeRng(WC_RNG* rng)
wolfSSL 13:f67a6c6013ca 71 {
wolfSSL 13:f67a6c6013ca 72 return FreeRng_fips(rng);
wolfSSL 13:f67a6c6013ca 73 }
wolfSSL 13:f67a6c6013ca 74
wolfSSL 13:f67a6c6013ca 75 int wc_RNG_HealthTest(int reseed,
wolfSSL 13:f67a6c6013ca 76 const byte* entropyA, word32 entropyASz,
wolfSSL 13:f67a6c6013ca 77 const byte* entropyB, word32 entropyBSz,
wolfSSL 13:f67a6c6013ca 78 byte* output, word32 outputSz)
wolfSSL 13:f67a6c6013ca 79 {
wolfSSL 13:f67a6c6013ca 80 return RNG_HealthTest_fips(reseed, entropyA, entropyASz,
wolfSSL 13:f67a6c6013ca 81 entropyB, entropyBSz, output, outputSz);
wolfSSL 13:f67a6c6013ca 82 }
wolfSSL 13:f67a6c6013ca 83 #endif /* HAVE_HASHDRBG */
wolfSSL 13:f67a6c6013ca 84
wolfSSL 13:f67a6c6013ca 85 #else /* else build without fips */
wolfSSL 13:f67a6c6013ca 86
wolfSSL 13:f67a6c6013ca 87 #ifndef WC_NO_RNG /* if not FIPS and RNG is disabled then do not compile */
wolfSSL 13:f67a6c6013ca 88
wolfSSL 13:f67a6c6013ca 89 #include <wolfssl/wolfcrypt/error-crypt.h>
wolfSSL 13:f67a6c6013ca 90 #include <wolfssl/wolfcrypt/sha256.h>
wolfSSL 13:f67a6c6013ca 91
wolfSSL 13:f67a6c6013ca 92 #ifdef NO_INLINE
wolfSSL 13:f67a6c6013ca 93 #include <wolfssl/wolfcrypt/misc.h>
wolfSSL 13:f67a6c6013ca 94 #else
wolfSSL 13:f67a6c6013ca 95 #define WOLFSSL_MISC_INCLUDED
wolfSSL 13:f67a6c6013ca 96 #include <wolfcrypt/src/misc.c>
wolfSSL 13:f67a6c6013ca 97 #endif
wolfSSL 13:f67a6c6013ca 98
wolfSSL 13:f67a6c6013ca 99 #if defined(WOLFSSL_SGX)
wolfSSL 13:f67a6c6013ca 100 #include <sgx_trts.h>
wolfSSL 13:f67a6c6013ca 101 #elif defined(USE_WINDOWS_API)
wolfSSL 13:f67a6c6013ca 102 #ifndef _WIN32_WINNT
wolfSSL 13:f67a6c6013ca 103 #define _WIN32_WINNT 0x0400
wolfSSL 13:f67a6c6013ca 104 #endif
wolfSSL 13:f67a6c6013ca 105 #include <windows.h>
wolfSSL 13:f67a6c6013ca 106 #include <wincrypt.h>
wolfSSL 13:f67a6c6013ca 107 #elif defined(HAVE_WNR)
wolfSSL 13:f67a6c6013ca 108 #include <wnr.h>
wolfSSL 13:f67a6c6013ca 109 #include <wolfssl/wolfcrypt/logging.h>
wolfSSL 13:f67a6c6013ca 110 wolfSSL_Mutex wnr_mutex; /* global netRandom mutex */
wolfSSL 13:f67a6c6013ca 111 int wnr_timeout = 0; /* entropy timeout, mililseconds */
wolfSSL 13:f67a6c6013ca 112 int wnr_mutex_init = 0; /* flag for mutex init */
wolfSSL 13:f67a6c6013ca 113 wnr_context* wnr_ctx; /* global netRandom context */
wolfSSL 13:f67a6c6013ca 114 #elif defined(FREESCALE_KSDK_2_0_TRNG)
wolfSSL 13:f67a6c6013ca 115 #include "fsl_trng.h"
wolfSSL 13:f67a6c6013ca 116 #elif defined(FREESCALE_KSDK_2_0_RNGA)
wolfSSL 13:f67a6c6013ca 117 #include "fsl_rnga.h"
wolfSSL 13:f67a6c6013ca 118
wolfSSL 13:f67a6c6013ca 119 #elif defined(NO_DEV_RANDOM)
wolfSSL 13:f67a6c6013ca 120 #elif defined(CUSTOM_RAND_GENERATE)
wolfSSL 13:f67a6c6013ca 121 #elif defined(CUSTOM_RAND_GENERATE_BLOCK)
wolfSSL 13:f67a6c6013ca 122 #elif defined(CUSTOM_RAND_GENERATE_SEED)
wolfSSL 13:f67a6c6013ca 123 #elif defined(WOLFSSL_GENSEED_FORTEST)
wolfSSL 13:f67a6c6013ca 124 #elif defined(WOLFSSL_MDK_ARM)
wolfSSL 13:f67a6c6013ca 125 #elif defined(WOLFSSL_IAR_ARM)
wolfSSL 13:f67a6c6013ca 126 #elif defined(WOLFSSL_ROWLEY_ARM)
wolfSSL 13:f67a6c6013ca 127 #elif defined(WOLFSSL_EMBOS)
wolfSSL 13:f67a6c6013ca 128 #else
wolfSSL 13:f67a6c6013ca 129 /* include headers that may be needed to get good seed */
wolfSSL 13:f67a6c6013ca 130 #include <fcntl.h>
wolfSSL 13:f67a6c6013ca 131 #ifndef EBSNET
wolfSSL 13:f67a6c6013ca 132 #include <unistd.h>
wolfSSL 13:f67a6c6013ca 133 #endif
wolfSSL 13:f67a6c6013ca 134 #endif
wolfSSL 13:f67a6c6013ca 135
wolfSSL 13:f67a6c6013ca 136
wolfSSL 13:f67a6c6013ca 137 #if defined(HAVE_INTEL_RDRAND) || defined(HAVE_INTEL_RDSEED)
wolfSSL 13:f67a6c6013ca 138 static word32 intel_flags = 0;
wolfSSL 13:f67a6c6013ca 139 static void wc_InitRng_IntelRD(void)
wolfSSL 13:f67a6c6013ca 140 {
wolfSSL 13:f67a6c6013ca 141 intel_flags = cpuid_get_flags();
wolfSSL 13:f67a6c6013ca 142 }
wolfSSL 13:f67a6c6013ca 143 #ifdef HAVE_INTEL_RDSEED
wolfSSL 13:f67a6c6013ca 144 static int wc_GenerateSeed_IntelRD(OS_Seed* os, byte* output, word32 sz);
wolfSSL 13:f67a6c6013ca 145 #endif
wolfSSL 13:f67a6c6013ca 146 #ifdef HAVE_INTEL_RDRAND
wolfSSL 13:f67a6c6013ca 147 static int wc_GenerateRand_IntelRD(OS_Seed* os, byte* output, word32 sz);
wolfSSL 13:f67a6c6013ca 148 #endif
wolfSSL 13:f67a6c6013ca 149 #endif
wolfSSL 13:f67a6c6013ca 150
wolfSSL 13:f67a6c6013ca 151 /* Start NIST DRBG code */
wolfSSL 13:f67a6c6013ca 152 #ifdef HAVE_HASHDRBG
wolfSSL 13:f67a6c6013ca 153
wolfSSL 13:f67a6c6013ca 154 #define OUTPUT_BLOCK_LEN (SHA256_DIGEST_SIZE)
wolfSSL 13:f67a6c6013ca 155 #define MAX_REQUEST_LEN (0x10000)
wolfSSL 13:f67a6c6013ca 156 #define RESEED_INTERVAL (1000000)
wolfSSL 13:f67a6c6013ca 157 #define SECURITY_STRENGTH (256)
wolfSSL 13:f67a6c6013ca 158 #define ENTROPY_SZ (SECURITY_STRENGTH/8)
wolfSSL 13:f67a6c6013ca 159 #define NONCE_SZ (ENTROPY_SZ/2)
wolfSSL 13:f67a6c6013ca 160 #define ENTROPY_NONCE_SZ (ENTROPY_SZ+NONCE_SZ)
wolfSSL 13:f67a6c6013ca 161
wolfSSL 13:f67a6c6013ca 162 /* Internal return codes */
wolfSSL 13:f67a6c6013ca 163 #define DRBG_SUCCESS 0
wolfSSL 13:f67a6c6013ca 164 #define DRBG_ERROR 1
wolfSSL 13:f67a6c6013ca 165 #define DRBG_FAILURE 2
wolfSSL 13:f67a6c6013ca 166 #define DRBG_NEED_RESEED 3
wolfSSL 13:f67a6c6013ca 167 #define DRBG_CONT_FAILURE 4
wolfSSL 13:f67a6c6013ca 168
wolfSSL 13:f67a6c6013ca 169 /* RNG health states */
wolfSSL 13:f67a6c6013ca 170 #define DRBG_NOT_INIT 0
wolfSSL 13:f67a6c6013ca 171 #define DRBG_OK 1
wolfSSL 13:f67a6c6013ca 172 #define DRBG_FAILED 2
wolfSSL 13:f67a6c6013ca 173 #define DRBG_CONT_FAILED 3
wolfSSL 13:f67a6c6013ca 174
wolfSSL 13:f67a6c6013ca 175 #define RNG_HEALTH_TEST_CHECK_SIZE (SHA256_DIGEST_SIZE * 4)
wolfSSL 13:f67a6c6013ca 176
wolfSSL 13:f67a6c6013ca 177 /* Verify max gen block len */
wolfSSL 13:f67a6c6013ca 178 #if RNG_MAX_BLOCK_LEN > MAX_REQUEST_LEN
wolfSSL 13:f67a6c6013ca 179 #error RNG_MAX_BLOCK_LEN is larger than NIST DBRG max request length
wolfSSL 13:f67a6c6013ca 180 #endif
wolfSSL 13:f67a6c6013ca 181
wolfSSL 13:f67a6c6013ca 182 enum {
wolfSSL 13:f67a6c6013ca 183 drbgInitC = 0,
wolfSSL 13:f67a6c6013ca 184 drbgReseed = 1,
wolfSSL 13:f67a6c6013ca 185 drbgGenerateW = 2,
wolfSSL 13:f67a6c6013ca 186 drbgGenerateH = 3,
wolfSSL 13:f67a6c6013ca 187 drbgInitV
wolfSSL 13:f67a6c6013ca 188 };
wolfSSL 13:f67a6c6013ca 189
wolfSSL 13:f67a6c6013ca 190
wolfSSL 13:f67a6c6013ca 191 typedef struct DRBG {
wolfSSL 13:f67a6c6013ca 192 word32 reseedCtr;
wolfSSL 13:f67a6c6013ca 193 word32 lastBlock;
wolfSSL 13:f67a6c6013ca 194 byte V[DRBG_SEED_LEN];
wolfSSL 13:f67a6c6013ca 195 byte C[DRBG_SEED_LEN];
wolfSSL 13:f67a6c6013ca 196 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 197 void* heap;
wolfSSL 13:f67a6c6013ca 198 int devId;
wolfSSL 13:f67a6c6013ca 199 #endif
wolfSSL 13:f67a6c6013ca 200 byte matchCount;
wolfSSL 13:f67a6c6013ca 201 } DRBG;
wolfSSL 13:f67a6c6013ca 202
wolfSSL 13:f67a6c6013ca 203
wolfSSL 13:f67a6c6013ca 204 static int wc_RNG_HealthTestLocal(int reseed);
wolfSSL 13:f67a6c6013ca 205
wolfSSL 13:f67a6c6013ca 206 /* Hash Derivation Function */
wolfSSL 13:f67a6c6013ca 207 /* Returns: DRBG_SUCCESS or DRBG_FAILURE */
wolfSSL 13:f67a6c6013ca 208 static int Hash_df(DRBG* drbg, byte* out, word32 outSz, byte type,
wolfSSL 13:f67a6c6013ca 209 const byte* inA, word32 inASz,
wolfSSL 13:f67a6c6013ca 210 const byte* inB, word32 inBSz)
wolfSSL 13:f67a6c6013ca 211 {
wolfSSL 13:f67a6c6013ca 212 int ret = DRBG_FAILURE;
wolfSSL 13:f67a6c6013ca 213 byte ctr;
wolfSSL 13:f67a6c6013ca 214 int i;
wolfSSL 13:f67a6c6013ca 215 int len;
wolfSSL 13:f67a6c6013ca 216 word32 bits = (outSz * 8); /* reverse byte order */
wolfSSL 13:f67a6c6013ca 217 Sha256 sha;
wolfSSL 13:f67a6c6013ca 218 DECLARE_VAR(digest, byte, SHA256_DIGEST_SIZE, drbg->heap);
wolfSSL 13:f67a6c6013ca 219
wolfSSL 13:f67a6c6013ca 220 (void)drbg;
wolfSSL 13:f67a6c6013ca 221 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 222 if (digest == NULL)
wolfSSL 13:f67a6c6013ca 223 return DRBG_FAILURE;
wolfSSL 13:f67a6c6013ca 224 #endif
wolfSSL 13:f67a6c6013ca 225
wolfSSL 13:f67a6c6013ca 226 #ifdef LITTLE_ENDIAN_ORDER
wolfSSL 13:f67a6c6013ca 227 bits = ByteReverseWord32(bits);
wolfSSL 13:f67a6c6013ca 228 #endif
wolfSSL 13:f67a6c6013ca 229 len = (outSz / OUTPUT_BLOCK_LEN)
wolfSSL 13:f67a6c6013ca 230 + ((outSz % OUTPUT_BLOCK_LEN) ? 1 : 0);
wolfSSL 13:f67a6c6013ca 231
wolfSSL 13:f67a6c6013ca 232 for (i = 0, ctr = 1; i < len; i++, ctr++) {
wolfSSL 13:f67a6c6013ca 233 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 234 ret = wc_InitSha256_ex(&sha, drbg->heap, drbg->devId);
wolfSSL 13:f67a6c6013ca 235 #else
wolfSSL 13:f67a6c6013ca 236 ret = wc_InitSha256(&sha);
wolfSSL 13:f67a6c6013ca 237 #endif
wolfSSL 13:f67a6c6013ca 238 if (ret != 0)
wolfSSL 13:f67a6c6013ca 239 break;
wolfSSL 13:f67a6c6013ca 240
wolfSSL 13:f67a6c6013ca 241 if (ret == 0)
wolfSSL 13:f67a6c6013ca 242 ret = wc_Sha256Update(&sha, &ctr, sizeof(ctr));
wolfSSL 13:f67a6c6013ca 243 if (ret == 0)
wolfSSL 13:f67a6c6013ca 244 ret = wc_Sha256Update(&sha, (byte*)&bits, sizeof(bits));
wolfSSL 13:f67a6c6013ca 245
wolfSSL 13:f67a6c6013ca 246 if (ret == 0) {
wolfSSL 13:f67a6c6013ca 247 /* churning V is the only string that doesn't have the type added */
wolfSSL 13:f67a6c6013ca 248 if (type != drbgInitV)
wolfSSL 13:f67a6c6013ca 249 ret = wc_Sha256Update(&sha, &type, sizeof(type));
wolfSSL 13:f67a6c6013ca 250 }
wolfSSL 13:f67a6c6013ca 251 if (ret == 0)
wolfSSL 13:f67a6c6013ca 252 ret = wc_Sha256Update(&sha, inA, inASz);
wolfSSL 13:f67a6c6013ca 253 if (ret == 0) {
wolfSSL 13:f67a6c6013ca 254 if (inB != NULL && inBSz > 0)
wolfSSL 13:f67a6c6013ca 255 ret = wc_Sha256Update(&sha, inB, inBSz);
wolfSSL 13:f67a6c6013ca 256 }
wolfSSL 13:f67a6c6013ca 257 if (ret == 0)
wolfSSL 13:f67a6c6013ca 258 ret = wc_Sha256Final(&sha, digest);
wolfSSL 13:f67a6c6013ca 259
wolfSSL 13:f67a6c6013ca 260 wc_Sha256Free(&sha);
wolfSSL 13:f67a6c6013ca 261 if (ret == 0) {
wolfSSL 13:f67a6c6013ca 262 if (outSz > OUTPUT_BLOCK_LEN) {
wolfSSL 13:f67a6c6013ca 263 XMEMCPY(out, digest, OUTPUT_BLOCK_LEN);
wolfSSL 13:f67a6c6013ca 264 outSz -= OUTPUT_BLOCK_LEN;
wolfSSL 13:f67a6c6013ca 265 out += OUTPUT_BLOCK_LEN;
wolfSSL 13:f67a6c6013ca 266 }
wolfSSL 13:f67a6c6013ca 267 else {
wolfSSL 13:f67a6c6013ca 268 XMEMCPY(out, digest, outSz);
wolfSSL 13:f67a6c6013ca 269 }
wolfSSL 13:f67a6c6013ca 270 }
wolfSSL 13:f67a6c6013ca 271 }
wolfSSL 13:f67a6c6013ca 272
wolfSSL 13:f67a6c6013ca 273 ForceZero(digest, SHA256_DIGEST_SIZE);
wolfSSL 13:f67a6c6013ca 274
wolfSSL 13:f67a6c6013ca 275 FREE_VAR(digest, drbg->heap);
wolfSSL 13:f67a6c6013ca 276
wolfSSL 13:f67a6c6013ca 277 return (ret == 0) ? DRBG_SUCCESS : DRBG_FAILURE;
wolfSSL 13:f67a6c6013ca 278 }
wolfSSL 13:f67a6c6013ca 279
wolfSSL 13:f67a6c6013ca 280 /* Returns: DRBG_SUCCESS or DRBG_FAILURE */
wolfSSL 13:f67a6c6013ca 281 static int Hash_DRBG_Reseed(DRBG* drbg, const byte* entropy, word32 entropySz)
wolfSSL 13:f67a6c6013ca 282 {
wolfSSL 13:f67a6c6013ca 283 byte seed[DRBG_SEED_LEN];
wolfSSL 13:f67a6c6013ca 284
wolfSSL 13:f67a6c6013ca 285 if (Hash_df(drbg, seed, sizeof(seed), drbgReseed, drbg->V, sizeof(drbg->V),
wolfSSL 13:f67a6c6013ca 286 entropy, entropySz) != DRBG_SUCCESS) {
wolfSSL 13:f67a6c6013ca 287 return DRBG_FAILURE;
wolfSSL 13:f67a6c6013ca 288 }
wolfSSL 13:f67a6c6013ca 289
wolfSSL 13:f67a6c6013ca 290 XMEMCPY(drbg->V, seed, sizeof(drbg->V));
wolfSSL 13:f67a6c6013ca 291 ForceZero(seed, sizeof(seed));
wolfSSL 13:f67a6c6013ca 292
wolfSSL 13:f67a6c6013ca 293 if (Hash_df(drbg, drbg->C, sizeof(drbg->C), drbgInitC, drbg->V,
wolfSSL 13:f67a6c6013ca 294 sizeof(drbg->V), NULL, 0) != DRBG_SUCCESS) {
wolfSSL 13:f67a6c6013ca 295 return DRBG_FAILURE;
wolfSSL 13:f67a6c6013ca 296 }
wolfSSL 13:f67a6c6013ca 297
wolfSSL 13:f67a6c6013ca 298 drbg->reseedCtr = 1;
wolfSSL 13:f67a6c6013ca 299 drbg->lastBlock = 0;
wolfSSL 13:f67a6c6013ca 300 drbg->matchCount = 0;
wolfSSL 13:f67a6c6013ca 301 return DRBG_SUCCESS;
wolfSSL 13:f67a6c6013ca 302 }
wolfSSL 13:f67a6c6013ca 303
wolfSSL 13:f67a6c6013ca 304 static INLINE void array_add_one(byte* data, word32 dataSz)
wolfSSL 13:f67a6c6013ca 305 {
wolfSSL 13:f67a6c6013ca 306 int i;
wolfSSL 13:f67a6c6013ca 307
wolfSSL 13:f67a6c6013ca 308 for (i = dataSz - 1; i >= 0; i--)
wolfSSL 13:f67a6c6013ca 309 {
wolfSSL 13:f67a6c6013ca 310 data[i]++;
wolfSSL 13:f67a6c6013ca 311 if (data[i] != 0) break;
wolfSSL 13:f67a6c6013ca 312 }
wolfSSL 13:f67a6c6013ca 313 }
wolfSSL 13:f67a6c6013ca 314
wolfSSL 13:f67a6c6013ca 315 /* Returns: DRBG_SUCCESS or DRBG_FAILURE */
wolfSSL 13:f67a6c6013ca 316 static int Hash_gen(DRBG* drbg, byte* out, word32 outSz, const byte* V)
wolfSSL 13:f67a6c6013ca 317 {
wolfSSL 13:f67a6c6013ca 318 int ret = DRBG_FAILURE;
wolfSSL 13:f67a6c6013ca 319 byte data[DRBG_SEED_LEN];
wolfSSL 13:f67a6c6013ca 320 int i;
wolfSSL 13:f67a6c6013ca 321 int len;
wolfSSL 13:f67a6c6013ca 322 word32 checkBlock;
wolfSSL 13:f67a6c6013ca 323 Sha256 sha;
wolfSSL 13:f67a6c6013ca 324 DECLARE_VAR(digest, byte, SHA256_DIGEST_SIZE, drbg->heap);
wolfSSL 13:f67a6c6013ca 325
wolfSSL 13:f67a6c6013ca 326 /* Special case: outSz is 0 and out is NULL. wc_Generate a block to save for
wolfSSL 13:f67a6c6013ca 327 * the continuous test. */
wolfSSL 13:f67a6c6013ca 328
wolfSSL 13:f67a6c6013ca 329 if (outSz == 0) outSz = 1;
wolfSSL 13:f67a6c6013ca 330
wolfSSL 13:f67a6c6013ca 331 len = (outSz / OUTPUT_BLOCK_LEN) + ((outSz % OUTPUT_BLOCK_LEN) ? 1 : 0);
wolfSSL 13:f67a6c6013ca 332
wolfSSL 13:f67a6c6013ca 333 XMEMCPY(data, V, sizeof(data));
wolfSSL 13:f67a6c6013ca 334 for (i = 0; i < len; i++) {
wolfSSL 13:f67a6c6013ca 335 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 336 ret = wc_InitSha256_ex(&sha, drbg->heap, drbg->devId);
wolfSSL 13:f67a6c6013ca 337 #else
wolfSSL 13:f67a6c6013ca 338 ret = wc_InitSha256(&sha);
wolfSSL 13:f67a6c6013ca 339 #endif
wolfSSL 13:f67a6c6013ca 340 if (ret == 0)
wolfSSL 13:f67a6c6013ca 341 ret = wc_Sha256Update(&sha, data, sizeof(data));
wolfSSL 13:f67a6c6013ca 342 if (ret == 0)
wolfSSL 13:f67a6c6013ca 343 ret = wc_Sha256Final(&sha, digest);
wolfSSL 13:f67a6c6013ca 344 wc_Sha256Free(&sha);
wolfSSL 13:f67a6c6013ca 345
wolfSSL 13:f67a6c6013ca 346 if (ret == 0) {
wolfSSL 13:f67a6c6013ca 347 XMEMCPY(&checkBlock, digest, sizeof(word32));
wolfSSL 13:f67a6c6013ca 348 if (drbg->reseedCtr > 1 && checkBlock == drbg->lastBlock) {
wolfSSL 13:f67a6c6013ca 349 if (drbg->matchCount == 1) {
wolfSSL 13:f67a6c6013ca 350 return DRBG_CONT_FAILURE;
wolfSSL 13:f67a6c6013ca 351 }
wolfSSL 13:f67a6c6013ca 352 else {
wolfSSL 13:f67a6c6013ca 353 if (i == len) {
wolfSSL 13:f67a6c6013ca 354 len++;
wolfSSL 13:f67a6c6013ca 355 }
wolfSSL 13:f67a6c6013ca 356 drbg->matchCount = 1;
wolfSSL 13:f67a6c6013ca 357 }
wolfSSL 13:f67a6c6013ca 358 }
wolfSSL 13:f67a6c6013ca 359 else {
wolfSSL 13:f67a6c6013ca 360 drbg->matchCount = 0;
wolfSSL 13:f67a6c6013ca 361 drbg->lastBlock = checkBlock;
wolfSSL 13:f67a6c6013ca 362 }
wolfSSL 13:f67a6c6013ca 363
wolfSSL 13:f67a6c6013ca 364 if (out != NULL && outSz != 0) {
wolfSSL 13:f67a6c6013ca 365 if (outSz >= OUTPUT_BLOCK_LEN) {
wolfSSL 13:f67a6c6013ca 366 XMEMCPY(out, digest, OUTPUT_BLOCK_LEN);
wolfSSL 13:f67a6c6013ca 367 outSz -= OUTPUT_BLOCK_LEN;
wolfSSL 13:f67a6c6013ca 368 out += OUTPUT_BLOCK_LEN;
wolfSSL 13:f67a6c6013ca 369 array_add_one(data, DRBG_SEED_LEN);
wolfSSL 13:f67a6c6013ca 370 }
wolfSSL 13:f67a6c6013ca 371 else {
wolfSSL 13:f67a6c6013ca 372 XMEMCPY(out, digest, outSz);
wolfSSL 13:f67a6c6013ca 373 outSz = 0;
wolfSSL 13:f67a6c6013ca 374 }
wolfSSL 13:f67a6c6013ca 375 }
wolfSSL 13:f67a6c6013ca 376 }
wolfSSL 13:f67a6c6013ca 377 }
wolfSSL 13:f67a6c6013ca 378 ForceZero(data, sizeof(data));
wolfSSL 13:f67a6c6013ca 379
wolfSSL 13:f67a6c6013ca 380 FREE_VAR(digest, drbg->heap);
wolfSSL 13:f67a6c6013ca 381
wolfSSL 13:f67a6c6013ca 382 return (ret == 0) ? DRBG_SUCCESS : DRBG_FAILURE;
wolfSSL 13:f67a6c6013ca 383 }
wolfSSL 13:f67a6c6013ca 384
wolfSSL 13:f67a6c6013ca 385 static INLINE void array_add(byte* d, word32 dLen, const byte* s, word32 sLen)
wolfSSL 13:f67a6c6013ca 386 {
wolfSSL 13:f67a6c6013ca 387 word16 carry = 0;
wolfSSL 13:f67a6c6013ca 388
wolfSSL 13:f67a6c6013ca 389 if (dLen > 0 && sLen > 0 && dLen >= sLen) {
wolfSSL 13:f67a6c6013ca 390 int sIdx, dIdx;
wolfSSL 13:f67a6c6013ca 391
wolfSSL 13:f67a6c6013ca 392 for (sIdx = sLen - 1, dIdx = dLen - 1; sIdx >= 0; dIdx--, sIdx--)
wolfSSL 13:f67a6c6013ca 393 {
wolfSSL 13:f67a6c6013ca 394 carry += d[dIdx] + s[sIdx];
wolfSSL 13:f67a6c6013ca 395 d[dIdx] = (byte)carry;
wolfSSL 13:f67a6c6013ca 396 carry >>= 8;
wolfSSL 13:f67a6c6013ca 397 }
wolfSSL 13:f67a6c6013ca 398
wolfSSL 13:f67a6c6013ca 399 for (; carry != 0 && dIdx >= 0; dIdx--) {
wolfSSL 13:f67a6c6013ca 400 carry += d[dIdx];
wolfSSL 13:f67a6c6013ca 401 d[dIdx] = (byte)carry;
wolfSSL 13:f67a6c6013ca 402 carry >>= 8;
wolfSSL 13:f67a6c6013ca 403 }
wolfSSL 13:f67a6c6013ca 404 }
wolfSSL 13:f67a6c6013ca 405 }
wolfSSL 13:f67a6c6013ca 406
wolfSSL 13:f67a6c6013ca 407 /* Returns: DRBG_SUCCESS, DRBG_NEED_RESEED, or DRBG_FAILURE */
wolfSSL 13:f67a6c6013ca 408 static int Hash_DRBG_Generate(DRBG* drbg, byte* out, word32 outSz)
wolfSSL 13:f67a6c6013ca 409 {
wolfSSL 13:f67a6c6013ca 410 int ret = DRBG_NEED_RESEED;
wolfSSL 13:f67a6c6013ca 411 Sha256 sha;
wolfSSL 13:f67a6c6013ca 412 DECLARE_VAR(digest, byte, SHA256_DIGEST_SIZE, drbg->heap);
wolfSSL 13:f67a6c6013ca 413
wolfSSL 13:f67a6c6013ca 414 if (drbg->reseedCtr != RESEED_INTERVAL) {
wolfSSL 13:f67a6c6013ca 415 byte type = drbgGenerateH;
wolfSSL 13:f67a6c6013ca 416 word32 reseedCtr = drbg->reseedCtr;
wolfSSL 13:f67a6c6013ca 417
wolfSSL 13:f67a6c6013ca 418 ret = Hash_gen(drbg, out, outSz, drbg->V);
wolfSSL 13:f67a6c6013ca 419 if (ret == DRBG_SUCCESS) {
wolfSSL 13:f67a6c6013ca 420 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 421 ret = wc_InitSha256_ex(&sha, drbg->heap, drbg->devId);
wolfSSL 13:f67a6c6013ca 422 #else
wolfSSL 13:f67a6c6013ca 423 ret = wc_InitSha256(&sha);
wolfSSL 13:f67a6c6013ca 424 #endif
wolfSSL 13:f67a6c6013ca 425 if (ret == 0)
wolfSSL 13:f67a6c6013ca 426 ret = wc_Sha256Update(&sha, &type, sizeof(type));
wolfSSL 13:f67a6c6013ca 427 if (ret == 0)
wolfSSL 13:f67a6c6013ca 428 ret = wc_Sha256Update(&sha, drbg->V, sizeof(drbg->V));
wolfSSL 13:f67a6c6013ca 429 if (ret == 0)
wolfSSL 13:f67a6c6013ca 430 ret = wc_Sha256Final(&sha, digest);
wolfSSL 13:f67a6c6013ca 431
wolfSSL 13:f67a6c6013ca 432 wc_Sha256Free(&sha);
wolfSSL 13:f67a6c6013ca 433
wolfSSL 13:f67a6c6013ca 434 if (ret == 0) {
wolfSSL 13:f67a6c6013ca 435 array_add(drbg->V, sizeof(drbg->V), digest, SHA256_DIGEST_SIZE);
wolfSSL 13:f67a6c6013ca 436 array_add(drbg->V, sizeof(drbg->V), drbg->C, sizeof(drbg->C));
wolfSSL 13:f67a6c6013ca 437 #ifdef LITTLE_ENDIAN_ORDER
wolfSSL 13:f67a6c6013ca 438 reseedCtr = ByteReverseWord32(reseedCtr);
wolfSSL 13:f67a6c6013ca 439 #endif
wolfSSL 13:f67a6c6013ca 440 array_add(drbg->V, sizeof(drbg->V),
wolfSSL 13:f67a6c6013ca 441 (byte*)&reseedCtr, sizeof(reseedCtr));
wolfSSL 13:f67a6c6013ca 442 ret = DRBG_SUCCESS;
wolfSSL 13:f67a6c6013ca 443 }
wolfSSL 13:f67a6c6013ca 444 drbg->reseedCtr++;
wolfSSL 13:f67a6c6013ca 445 }
wolfSSL 13:f67a6c6013ca 446 }
wolfSSL 13:f67a6c6013ca 447 ForceZero(digest, SHA256_DIGEST_SIZE);
wolfSSL 13:f67a6c6013ca 448
wolfSSL 13:f67a6c6013ca 449 FREE_VAR(digest, drbg->heap);
wolfSSL 13:f67a6c6013ca 450
wolfSSL 13:f67a6c6013ca 451 return (ret == 0) ? DRBG_SUCCESS : DRBG_FAILURE;
wolfSSL 13:f67a6c6013ca 452 }
wolfSSL 13:f67a6c6013ca 453
wolfSSL 13:f67a6c6013ca 454 /* Returns: DRBG_SUCCESS or DRBG_FAILURE */
wolfSSL 13:f67a6c6013ca 455 static int Hash_DRBG_Instantiate(DRBG* drbg, const byte* seed, word32 seedSz,
wolfSSL 13:f67a6c6013ca 456 const byte* nonce, word32 nonceSz,
wolfSSL 13:f67a6c6013ca 457 void* heap, int devId)
wolfSSL 13:f67a6c6013ca 458 {
wolfSSL 13:f67a6c6013ca 459 int ret = DRBG_FAILURE;
wolfSSL 13:f67a6c6013ca 460
wolfSSL 13:f67a6c6013ca 461 XMEMSET(drbg, 0, sizeof(DRBG));
wolfSSL 13:f67a6c6013ca 462 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 463 drbg->heap = heap;
wolfSSL 13:f67a6c6013ca 464 drbg->devId = devId;
wolfSSL 13:f67a6c6013ca 465 #else
wolfSSL 13:f67a6c6013ca 466 (void)heap;
wolfSSL 13:f67a6c6013ca 467 (void)devId;
wolfSSL 13:f67a6c6013ca 468 #endif
wolfSSL 13:f67a6c6013ca 469
wolfSSL 13:f67a6c6013ca 470 if (Hash_df(drbg, drbg->V, sizeof(drbg->V), drbgInitV, seed, seedSz,
wolfSSL 13:f67a6c6013ca 471 nonce, nonceSz) == DRBG_SUCCESS &&
wolfSSL 13:f67a6c6013ca 472 Hash_df(drbg, drbg->C, sizeof(drbg->C), drbgInitC, drbg->V,
wolfSSL 13:f67a6c6013ca 473 sizeof(drbg->V), NULL, 0) == DRBG_SUCCESS) {
wolfSSL 13:f67a6c6013ca 474
wolfSSL 13:f67a6c6013ca 475 drbg->reseedCtr = 1;
wolfSSL 13:f67a6c6013ca 476 drbg->lastBlock = 0;
wolfSSL 13:f67a6c6013ca 477 drbg->matchCount = 0;
wolfSSL 13:f67a6c6013ca 478 ret = DRBG_SUCCESS;
wolfSSL 13:f67a6c6013ca 479 }
wolfSSL 13:f67a6c6013ca 480
wolfSSL 13:f67a6c6013ca 481 return ret;
wolfSSL 13:f67a6c6013ca 482 }
wolfSSL 13:f67a6c6013ca 483
wolfSSL 13:f67a6c6013ca 484 /* Returns: DRBG_SUCCESS or DRBG_FAILURE */
wolfSSL 13:f67a6c6013ca 485 static int Hash_DRBG_Uninstantiate(DRBG* drbg)
wolfSSL 13:f67a6c6013ca 486 {
wolfSSL 13:f67a6c6013ca 487 word32 i;
wolfSSL 13:f67a6c6013ca 488 int compareSum = 0;
wolfSSL 13:f67a6c6013ca 489 byte* compareDrbg = (byte*)drbg;
wolfSSL 13:f67a6c6013ca 490
wolfSSL 13:f67a6c6013ca 491 ForceZero(drbg, sizeof(DRBG));
wolfSSL 13:f67a6c6013ca 492
wolfSSL 13:f67a6c6013ca 493 for (i = 0; i < sizeof(DRBG); i++)
wolfSSL 13:f67a6c6013ca 494 compareSum |= compareDrbg[i] ^ 0;
wolfSSL 13:f67a6c6013ca 495
wolfSSL 13:f67a6c6013ca 496 return (compareSum == 0) ? DRBG_SUCCESS : DRBG_FAILURE;
wolfSSL 13:f67a6c6013ca 497 }
wolfSSL 13:f67a6c6013ca 498 #endif /* HAVE_HASHDRBG */
wolfSSL 13:f67a6c6013ca 499 /* End NIST DRBG Code */
wolfSSL 13:f67a6c6013ca 500
wolfSSL 13:f67a6c6013ca 501
wolfSSL 13:f67a6c6013ca 502 int wc_InitRng_ex(WC_RNG* rng, void* heap, int devId)
wolfSSL 13:f67a6c6013ca 503 {
wolfSSL 13:f67a6c6013ca 504 int ret = RNG_FAILURE_E;
wolfSSL 13:f67a6c6013ca 505
wolfSSL 13:f67a6c6013ca 506 if (rng == NULL)
wolfSSL 13:f67a6c6013ca 507 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 508
wolfSSL 13:f67a6c6013ca 509 #ifdef WOLFSSL_HEAP_TEST
wolfSSL 13:f67a6c6013ca 510 rng->heap = (void*)WOLFSSL_HEAP_TEST;
wolfSSL 13:f67a6c6013ca 511 (void)heap;
wolfSSL 13:f67a6c6013ca 512 #else
wolfSSL 13:f67a6c6013ca 513 rng->heap = heap;
wolfSSL 13:f67a6c6013ca 514 #endif
wolfSSL 13:f67a6c6013ca 515 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 516 rng->devId = devId;
wolfSSL 13:f67a6c6013ca 517 #else
wolfSSL 13:f67a6c6013ca 518 (void)devId;
wolfSSL 13:f67a6c6013ca 519 #endif
wolfSSL 13:f67a6c6013ca 520
wolfSSL 13:f67a6c6013ca 521 #ifdef HAVE_HASHDRBG
wolfSSL 13:f67a6c6013ca 522 /* init the DBRG to known values */
wolfSSL 13:f67a6c6013ca 523 rng->drbg = NULL;
wolfSSL 13:f67a6c6013ca 524 rng->status = DRBG_NOT_INIT;
wolfSSL 13:f67a6c6013ca 525 #endif
wolfSSL 13:f67a6c6013ca 526
wolfSSL 13:f67a6c6013ca 527 #if defined(HAVE_INTEL_RDSEED) || defined(HAVE_INTEL_RDRAND)
wolfSSL 13:f67a6c6013ca 528 /* init the intel RD seed and/or rand */
wolfSSL 13:f67a6c6013ca 529 wc_InitRng_IntelRD();
wolfSSL 13:f67a6c6013ca 530 #endif
wolfSSL 13:f67a6c6013ca 531
wolfSSL 13:f67a6c6013ca 532 /* configure async RNG source if available */
wolfSSL 13:f67a6c6013ca 533 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 534 ret = wolfAsync_DevCtxInit(&rng->asyncDev, WOLFSSL_ASYNC_MARKER_RNG,
wolfSSL 13:f67a6c6013ca 535 rng->heap, rng->devId);
wolfSSL 13:f67a6c6013ca 536 if (ret != 0)
wolfSSL 13:f67a6c6013ca 537 return ret;
wolfSSL 13:f67a6c6013ca 538 #endif
wolfSSL 13:f67a6c6013ca 539
wolfSSL 13:f67a6c6013ca 540 #ifdef HAVE_INTEL_RDRAND
wolfSSL 13:f67a6c6013ca 541 /* if CPU supports RDRAND, use it directly and by-pass DRBG init */
wolfSSL 13:f67a6c6013ca 542 if (IS_INTEL_RDRAND(intel_flags))
wolfSSL 13:f67a6c6013ca 543 return 0;
wolfSSL 13:f67a6c6013ca 544 #endif
wolfSSL 13:f67a6c6013ca 545
wolfSSL 13:f67a6c6013ca 546 #ifdef CUSTOM_RAND_GENERATE_BLOCK
wolfSSL 13:f67a6c6013ca 547 ret = 0; /* success */
wolfSSL 13:f67a6c6013ca 548 #else
wolfSSL 13:f67a6c6013ca 549 #ifdef HAVE_HASHDRBG
wolfSSL 13:f67a6c6013ca 550 if (wc_RNG_HealthTestLocal(0) == 0) {
wolfSSL 13:f67a6c6013ca 551 DECLARE_VAR(entropy, byte, ENTROPY_NONCE_SZ, rng->heap);
wolfSSL 13:f67a6c6013ca 552
wolfSSL 13:f67a6c6013ca 553 rng->drbg =
wolfSSL 13:f67a6c6013ca 554 (struct DRBG*)XMALLOC(sizeof(DRBG), rng->heap,
wolfSSL 13:f67a6c6013ca 555 DYNAMIC_TYPE_RNG);
wolfSSL 13:f67a6c6013ca 556 if (rng->drbg == NULL) {
wolfSSL 13:f67a6c6013ca 557 ret = MEMORY_E;
wolfSSL 13:f67a6c6013ca 558 }
wolfSSL 13:f67a6c6013ca 559 /* This doesn't use a separate nonce. The entropy input will be
wolfSSL 13:f67a6c6013ca 560 * the default size plus the size of the nonce making the seed
wolfSSL 13:f67a6c6013ca 561 * size. */
wolfSSL 13:f67a6c6013ca 562 else if (wc_GenerateSeed(&rng->seed, entropy, ENTROPY_NONCE_SZ) == 0 &&
wolfSSL 13:f67a6c6013ca 563 Hash_DRBG_Instantiate(rng->drbg, entropy, ENTROPY_NONCE_SZ,
wolfSSL 13:f67a6c6013ca 564 NULL, 0, rng->heap, devId) == DRBG_SUCCESS) {
wolfSSL 13:f67a6c6013ca 565 ret = Hash_DRBG_Generate(rng->drbg, NULL, 0);
wolfSSL 13:f67a6c6013ca 566 }
wolfSSL 13:f67a6c6013ca 567 else
wolfSSL 13:f67a6c6013ca 568 ret = DRBG_FAILURE;
wolfSSL 13:f67a6c6013ca 569
wolfSSL 13:f67a6c6013ca 570 ForceZero(entropy, ENTROPY_NONCE_SZ);
wolfSSL 13:f67a6c6013ca 571 FREE_VAR(entropy, rng->heap);
wolfSSL 13:f67a6c6013ca 572 }
wolfSSL 13:f67a6c6013ca 573 else
wolfSSL 13:f67a6c6013ca 574 ret = DRBG_CONT_FAILURE;
wolfSSL 13:f67a6c6013ca 575
wolfSSL 13:f67a6c6013ca 576 if (ret == DRBG_SUCCESS) {
wolfSSL 13:f67a6c6013ca 577 rng->status = DRBG_OK;
wolfSSL 13:f67a6c6013ca 578 ret = 0;
wolfSSL 13:f67a6c6013ca 579 }
wolfSSL 13:f67a6c6013ca 580 else if (ret == DRBG_CONT_FAILURE) {
wolfSSL 13:f67a6c6013ca 581 rng->status = DRBG_CONT_FAILED;
wolfSSL 13:f67a6c6013ca 582 ret = DRBG_CONT_FIPS_E;
wolfSSL 13:f67a6c6013ca 583 }
wolfSSL 13:f67a6c6013ca 584 else if (ret == DRBG_FAILURE) {
wolfSSL 13:f67a6c6013ca 585 rng->status = DRBG_FAILED;
wolfSSL 13:f67a6c6013ca 586 ret = RNG_FAILURE_E;
wolfSSL 13:f67a6c6013ca 587 }
wolfSSL 13:f67a6c6013ca 588 else {
wolfSSL 13:f67a6c6013ca 589 rng->status = DRBG_FAILED;
wolfSSL 13:f67a6c6013ca 590 }
wolfSSL 13:f67a6c6013ca 591 #endif /* HAVE_HASHDRBG */
wolfSSL 13:f67a6c6013ca 592 #endif /* CUSTOM_RAND_GENERATE_BLOCK */
wolfSSL 13:f67a6c6013ca 593
wolfSSL 13:f67a6c6013ca 594 return ret;
wolfSSL 13:f67a6c6013ca 595 }
wolfSSL 13:f67a6c6013ca 596
wolfSSL 13:f67a6c6013ca 597 int wc_InitRng(WC_RNG* rng)
wolfSSL 13:f67a6c6013ca 598 {
wolfSSL 13:f67a6c6013ca 599 return wc_InitRng_ex(rng, NULL, INVALID_DEVID);
wolfSSL 13:f67a6c6013ca 600 }
wolfSSL 13:f67a6c6013ca 601
wolfSSL 13:f67a6c6013ca 602
wolfSSL 13:f67a6c6013ca 603 /* place a generated block in output */
wolfSSL 13:f67a6c6013ca 604 int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz)
wolfSSL 13:f67a6c6013ca 605 {
wolfSSL 13:f67a6c6013ca 606 int ret;
wolfSSL 13:f67a6c6013ca 607
wolfSSL 13:f67a6c6013ca 608 if (rng == NULL || output == NULL)
wolfSSL 13:f67a6c6013ca 609 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 610
wolfSSL 13:f67a6c6013ca 611 #ifdef HAVE_INTEL_RDRAND
wolfSSL 13:f67a6c6013ca 612 if (IS_INTEL_RDRAND(intel_flags))
wolfSSL 13:f67a6c6013ca 613 return wc_GenerateRand_IntelRD(NULL, output, sz);
wolfSSL 13:f67a6c6013ca 614 #endif
wolfSSL 13:f67a6c6013ca 615
wolfSSL 13:f67a6c6013ca 616 #if defined(WOLFSSL_ASYNC_CRYPT)
wolfSSL 13:f67a6c6013ca 617 if (rng->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RNG) {
wolfSSL 13:f67a6c6013ca 618 /* these are blocking */
wolfSSL 13:f67a6c6013ca 619 #ifdef HAVE_CAVIUM
wolfSSL 13:f67a6c6013ca 620 return NitroxRngGenerateBlock(rng, output, sz);
wolfSSL 13:f67a6c6013ca 621 #elif defined(HAVE_INTEL_QA)
wolfSSL 13:f67a6c6013ca 622 return IntelQaDrbg(&rng->asyncDev, output, sz);
wolfSSL 13:f67a6c6013ca 623 #else
wolfSSL 13:f67a6c6013ca 624 /* simulator not supported */
wolfSSL 13:f67a6c6013ca 625 #endif
wolfSSL 13:f67a6c6013ca 626 }
wolfSSL 13:f67a6c6013ca 627 #endif
wolfSSL 13:f67a6c6013ca 628
wolfSSL 13:f67a6c6013ca 629 #ifdef CUSTOM_RAND_GENERATE_BLOCK
wolfSSL 13:f67a6c6013ca 630 XMEMSET(output, 0, sz);
wolfSSL 13:f67a6c6013ca 631 ret = CUSTOM_RAND_GENERATE_BLOCK(output, sz);
wolfSSL 13:f67a6c6013ca 632 #else
wolfSSL 13:f67a6c6013ca 633
wolfSSL 13:f67a6c6013ca 634 #ifdef HAVE_HASHDRBG
wolfSSL 13:f67a6c6013ca 635 if (sz > RNG_MAX_BLOCK_LEN)
wolfSSL 13:f67a6c6013ca 636 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 637
wolfSSL 13:f67a6c6013ca 638 if (rng->status != DRBG_OK)
wolfSSL 13:f67a6c6013ca 639 return RNG_FAILURE_E;
wolfSSL 13:f67a6c6013ca 640
wolfSSL 13:f67a6c6013ca 641 ret = Hash_DRBG_Generate(rng->drbg, output, sz);
wolfSSL 13:f67a6c6013ca 642 if (ret == DRBG_NEED_RESEED) {
wolfSSL 13:f67a6c6013ca 643 if (wc_RNG_HealthTestLocal(1) == 0) {
wolfSSL 13:f67a6c6013ca 644 byte entropy[ENTROPY_SZ];
wolfSSL 13:f67a6c6013ca 645
wolfSSL 13:f67a6c6013ca 646 if (wc_GenerateSeed(&rng->seed, entropy, ENTROPY_SZ) == 0 &&
wolfSSL 13:f67a6c6013ca 647 Hash_DRBG_Reseed(rng->drbg, entropy, ENTROPY_SZ)
wolfSSL 13:f67a6c6013ca 648 == DRBG_SUCCESS) {
wolfSSL 13:f67a6c6013ca 649
wolfSSL 13:f67a6c6013ca 650 ret = Hash_DRBG_Generate(rng->drbg, NULL, 0);
wolfSSL 13:f67a6c6013ca 651 if (ret == DRBG_SUCCESS)
wolfSSL 13:f67a6c6013ca 652 ret = Hash_DRBG_Generate(rng->drbg, output, sz);
wolfSSL 13:f67a6c6013ca 653 }
wolfSSL 13:f67a6c6013ca 654 else
wolfSSL 13:f67a6c6013ca 655 ret = DRBG_FAILURE;
wolfSSL 13:f67a6c6013ca 656
wolfSSL 13:f67a6c6013ca 657 ForceZero(entropy, ENTROPY_SZ);
wolfSSL 13:f67a6c6013ca 658 }
wolfSSL 13:f67a6c6013ca 659 else
wolfSSL 13:f67a6c6013ca 660 ret = DRBG_CONT_FAILURE;
wolfSSL 13:f67a6c6013ca 661 }
wolfSSL 13:f67a6c6013ca 662
wolfSSL 13:f67a6c6013ca 663 if (ret == DRBG_SUCCESS) {
wolfSSL 13:f67a6c6013ca 664 ret = 0;
wolfSSL 13:f67a6c6013ca 665 }
wolfSSL 13:f67a6c6013ca 666 else if (ret == DRBG_CONT_FAILURE) {
wolfSSL 13:f67a6c6013ca 667 ret = DRBG_CONT_FIPS_E;
wolfSSL 13:f67a6c6013ca 668 rng->status = DRBG_CONT_FAILED;
wolfSSL 13:f67a6c6013ca 669 }
wolfSSL 13:f67a6c6013ca 670 else {
wolfSSL 13:f67a6c6013ca 671 ret = RNG_FAILURE_E;
wolfSSL 13:f67a6c6013ca 672 rng->status = DRBG_FAILED;
wolfSSL 13:f67a6c6013ca 673 }
wolfSSL 13:f67a6c6013ca 674 #else
wolfSSL 13:f67a6c6013ca 675
wolfSSL 13:f67a6c6013ca 676 /* if we get here then there is an RNG configuration error */
wolfSSL 13:f67a6c6013ca 677 ret = RNG_FAILURE_E;
wolfSSL 13:f67a6c6013ca 678
wolfSSL 13:f67a6c6013ca 679 #endif /* HAVE_HASHDRBG */
wolfSSL 13:f67a6c6013ca 680 #endif /* CUSTOM_RAND_GENERATE_BLOCK */
wolfSSL 13:f67a6c6013ca 681
wolfSSL 13:f67a6c6013ca 682 return ret;
wolfSSL 13:f67a6c6013ca 683 }
wolfSSL 13:f67a6c6013ca 684
wolfSSL 13:f67a6c6013ca 685
wolfSSL 13:f67a6c6013ca 686 int wc_RNG_GenerateByte(WC_RNG* rng, byte* b)
wolfSSL 13:f67a6c6013ca 687 {
wolfSSL 13:f67a6c6013ca 688 return wc_RNG_GenerateBlock(rng, b, 1);
wolfSSL 13:f67a6c6013ca 689 }
wolfSSL 13:f67a6c6013ca 690
wolfSSL 13:f67a6c6013ca 691
wolfSSL 13:f67a6c6013ca 692 int wc_FreeRng(WC_RNG* rng)
wolfSSL 13:f67a6c6013ca 693 {
wolfSSL 13:f67a6c6013ca 694 int ret = 0;
wolfSSL 13:f67a6c6013ca 695
wolfSSL 13:f67a6c6013ca 696 if (rng == NULL)
wolfSSL 13:f67a6c6013ca 697 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 698
wolfSSL 13:f67a6c6013ca 699 #if defined(WOLFSSL_ASYNC_CRYPT)
wolfSSL 13:f67a6c6013ca 700 wolfAsync_DevCtxFree(&rng->asyncDev, WOLFSSL_ASYNC_MARKER_RNG);
wolfSSL 13:f67a6c6013ca 701 #endif
wolfSSL 13:f67a6c6013ca 702
wolfSSL 13:f67a6c6013ca 703 #ifdef HAVE_HASHDRBG
wolfSSL 13:f67a6c6013ca 704 if (rng->drbg != NULL) {
wolfSSL 13:f67a6c6013ca 705 if (Hash_DRBG_Uninstantiate(rng->drbg) != DRBG_SUCCESS)
wolfSSL 13:f67a6c6013ca 706 ret = RNG_FAILURE_E;
wolfSSL 13:f67a6c6013ca 707
wolfSSL 13:f67a6c6013ca 708 XFREE(rng->drbg, rng->heap, DYNAMIC_TYPE_RNG);
wolfSSL 13:f67a6c6013ca 709 rng->drbg = NULL;
wolfSSL 13:f67a6c6013ca 710 }
wolfSSL 13:f67a6c6013ca 711
wolfSSL 13:f67a6c6013ca 712 rng->status = DRBG_NOT_INIT;
wolfSSL 13:f67a6c6013ca 713 #endif /* HAVE_HASHDRBG */
wolfSSL 13:f67a6c6013ca 714
wolfSSL 13:f67a6c6013ca 715 return ret;
wolfSSL 13:f67a6c6013ca 716 }
wolfSSL 13:f67a6c6013ca 717
wolfSSL 13:f67a6c6013ca 718 #ifdef HAVE_HASHDRBG
wolfSSL 13:f67a6c6013ca 719 int wc_RNG_HealthTest(int reseed, const byte* entropyA, word32 entropyASz,
wolfSSL 13:f67a6c6013ca 720 const byte* entropyB, word32 entropyBSz,
wolfSSL 13:f67a6c6013ca 721 byte* output, word32 outputSz)
wolfSSL 13:f67a6c6013ca 722 {
wolfSSL 13:f67a6c6013ca 723 int ret = -1;
wolfSSL 13:f67a6c6013ca 724 DRBG* drbg;
wolfSSL 13:f67a6c6013ca 725 #ifndef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 726 DRBG drbg_var;
wolfSSL 13:f67a6c6013ca 727 #endif
wolfSSL 13:f67a6c6013ca 728
wolfSSL 13:f67a6c6013ca 729 if (entropyA == NULL || output == NULL) {
wolfSSL 13:f67a6c6013ca 730 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 731 }
wolfSSL 13:f67a6c6013ca 732
wolfSSL 13:f67a6c6013ca 733 if (reseed != 0 && entropyB == NULL) {
wolfSSL 13:f67a6c6013ca 734 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 735 }
wolfSSL 13:f67a6c6013ca 736
wolfSSL 13:f67a6c6013ca 737 if (outputSz != RNG_HEALTH_TEST_CHECK_SIZE) {
wolfSSL 13:f67a6c6013ca 738 return ret;
wolfSSL 13:f67a6c6013ca 739 }
wolfSSL 13:f67a6c6013ca 740
wolfSSL 13:f67a6c6013ca 741 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 742 drbg = (struct DRBG*)XMALLOC(sizeof(DRBG), NULL, DYNAMIC_TYPE_RNG);
wolfSSL 13:f67a6c6013ca 743 if (drbg == NULL) {
wolfSSL 13:f67a6c6013ca 744 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 745 }
wolfSSL 13:f67a6c6013ca 746 #else
wolfSSL 13:f67a6c6013ca 747 drbg = &drbg_var;
wolfSSL 13:f67a6c6013ca 748 #endif
wolfSSL 13:f67a6c6013ca 749
wolfSSL 13:f67a6c6013ca 750 if (Hash_DRBG_Instantiate(drbg, entropyA, entropyASz, NULL, 0, NULL,
wolfSSL 13:f67a6c6013ca 751 INVALID_DEVID) != 0) {
wolfSSL 13:f67a6c6013ca 752 goto exit_rng_ht;
wolfSSL 13:f67a6c6013ca 753 }
wolfSSL 13:f67a6c6013ca 754
wolfSSL 13:f67a6c6013ca 755 if (reseed) {
wolfSSL 13:f67a6c6013ca 756 if (Hash_DRBG_Reseed(drbg, entropyB, entropyBSz) != 0) {
wolfSSL 13:f67a6c6013ca 757 goto exit_rng_ht;
wolfSSL 13:f67a6c6013ca 758 }
wolfSSL 13:f67a6c6013ca 759 }
wolfSSL 13:f67a6c6013ca 760
wolfSSL 13:f67a6c6013ca 761 if (Hash_DRBG_Generate(drbg, output, outputSz) != 0) {
wolfSSL 13:f67a6c6013ca 762 goto exit_rng_ht;
wolfSSL 13:f67a6c6013ca 763 }
wolfSSL 13:f67a6c6013ca 764
wolfSSL 13:f67a6c6013ca 765 if (Hash_DRBG_Generate(drbg, output, outputSz) != 0) {
wolfSSL 13:f67a6c6013ca 766 goto exit_rng_ht;
wolfSSL 13:f67a6c6013ca 767 }
wolfSSL 13:f67a6c6013ca 768
wolfSSL 13:f67a6c6013ca 769 /* Mark success */
wolfSSL 13:f67a6c6013ca 770 ret = 0;
wolfSSL 13:f67a6c6013ca 771
wolfSSL 13:f67a6c6013ca 772 exit_rng_ht:
wolfSSL 13:f67a6c6013ca 773
wolfSSL 13:f67a6c6013ca 774 /* This is safe to call even if Hash_DRBG_Instantiate fails */
wolfSSL 13:f67a6c6013ca 775 if (Hash_DRBG_Uninstantiate(drbg) != 0) {
wolfSSL 13:f67a6c6013ca 776 ret = -1;
wolfSSL 13:f67a6c6013ca 777 }
wolfSSL 13:f67a6c6013ca 778
wolfSSL 13:f67a6c6013ca 779 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 780 XFREE(drbg, NULL, DYNAMIC_TYPE_RNG);
wolfSSL 13:f67a6c6013ca 781 #endif
wolfSSL 13:f67a6c6013ca 782
wolfSSL 13:f67a6c6013ca 783 return ret;
wolfSSL 13:f67a6c6013ca 784 }
wolfSSL 13:f67a6c6013ca 785
wolfSSL 13:f67a6c6013ca 786
wolfSSL 13:f67a6c6013ca 787 const byte entropyA[] = {
wolfSSL 13:f67a6c6013ca 788 0x63, 0x36, 0x33, 0x77, 0xe4, 0x1e, 0x86, 0x46, 0x8d, 0xeb, 0x0a, 0xb4,
wolfSSL 13:f67a6c6013ca 789 0xa8, 0xed, 0x68, 0x3f, 0x6a, 0x13, 0x4e, 0x47, 0xe0, 0x14, 0xc7, 0x00,
wolfSSL 13:f67a6c6013ca 790 0x45, 0x4e, 0x81, 0xe9, 0x53, 0x58, 0xa5, 0x69, 0x80, 0x8a, 0xa3, 0x8f,
wolfSSL 13:f67a6c6013ca 791 0x2a, 0x72, 0xa6, 0x23, 0x59, 0x91, 0x5a, 0x9f, 0x8a, 0x04, 0xca, 0x68
wolfSSL 13:f67a6c6013ca 792 };
wolfSSL 13:f67a6c6013ca 793
wolfSSL 13:f67a6c6013ca 794 const byte reseedEntropyA[] = {
wolfSSL 13:f67a6c6013ca 795 0xe6, 0x2b, 0x8a, 0x8e, 0xe8, 0xf1, 0x41, 0xb6, 0x98, 0x05, 0x66, 0xe3,
wolfSSL 13:f67a6c6013ca 796 0xbf, 0xe3, 0xc0, 0x49, 0x03, 0xda, 0xd4, 0xac, 0x2c, 0xdf, 0x9f, 0x22,
wolfSSL 13:f67a6c6013ca 797 0x80, 0x01, 0x0a, 0x67, 0x39, 0xbc, 0x83, 0xd3
wolfSSL 13:f67a6c6013ca 798 };
wolfSSL 13:f67a6c6013ca 799
wolfSSL 13:f67a6c6013ca 800 const byte outputA[] = {
wolfSSL 13:f67a6c6013ca 801 0x04, 0xee, 0xc6, 0x3b, 0xb2, 0x31, 0xdf, 0x2c, 0x63, 0x0a, 0x1a, 0xfb,
wolfSSL 13:f67a6c6013ca 802 0xe7, 0x24, 0x94, 0x9d, 0x00, 0x5a, 0x58, 0x78, 0x51, 0xe1, 0xaa, 0x79,
wolfSSL 13:f67a6c6013ca 803 0x5e, 0x47, 0x73, 0x47, 0xc8, 0xb0, 0x56, 0x62, 0x1c, 0x18, 0xbd, 0xdc,
wolfSSL 13:f67a6c6013ca 804 0xdd, 0x8d, 0x99, 0xfc, 0x5f, 0xc2, 0xb9, 0x20, 0x53, 0xd8, 0xcf, 0xac,
wolfSSL 13:f67a6c6013ca 805 0xfb, 0x0b, 0xb8, 0x83, 0x12, 0x05, 0xfa, 0xd1, 0xdd, 0xd6, 0xc0, 0x71,
wolfSSL 13:f67a6c6013ca 806 0x31, 0x8a, 0x60, 0x18, 0xf0, 0x3b, 0x73, 0xf5, 0xed, 0xe4, 0xd4, 0xd0,
wolfSSL 13:f67a6c6013ca 807 0x71, 0xf9, 0xde, 0x03, 0xfd, 0x7a, 0xea, 0x10, 0x5d, 0x92, 0x99, 0xb8,
wolfSSL 13:f67a6c6013ca 808 0xaf, 0x99, 0xaa, 0x07, 0x5b, 0xdb, 0x4d, 0xb9, 0xaa, 0x28, 0xc1, 0x8d,
wolfSSL 13:f67a6c6013ca 809 0x17, 0x4b, 0x56, 0xee, 0x2a, 0x01, 0x4d, 0x09, 0x88, 0x96, 0xff, 0x22,
wolfSSL 13:f67a6c6013ca 810 0x82, 0xc9, 0x55, 0xa8, 0x19, 0x69, 0xe0, 0x69, 0xfa, 0x8c, 0xe0, 0x07,
wolfSSL 13:f67a6c6013ca 811 0xa1, 0x80, 0x18, 0x3a, 0x07, 0xdf, 0xae, 0x17
wolfSSL 13:f67a6c6013ca 812 };
wolfSSL 13:f67a6c6013ca 813
wolfSSL 13:f67a6c6013ca 814 const byte entropyB[] = {
wolfSSL 13:f67a6c6013ca 815 0xa6, 0x5a, 0xd0, 0xf3, 0x45, 0xdb, 0x4e, 0x0e, 0xff, 0xe8, 0x75, 0xc3,
wolfSSL 13:f67a6c6013ca 816 0xa2, 0xe7, 0x1f, 0x42, 0xc7, 0x12, 0x9d, 0x62, 0x0f, 0xf5, 0xc1, 0x19,
wolfSSL 13:f67a6c6013ca 817 0xa9, 0xef, 0x55, 0xf0, 0x51, 0x85, 0xe0, 0xfb, 0x85, 0x81, 0xf9, 0x31,
wolfSSL 13:f67a6c6013ca 818 0x75, 0x17, 0x27, 0x6e, 0x06, 0xe9, 0x60, 0x7d, 0xdb, 0xcb, 0xcc, 0x2e
wolfSSL 13:f67a6c6013ca 819 };
wolfSSL 13:f67a6c6013ca 820
wolfSSL 13:f67a6c6013ca 821 const byte outputB[] = {
wolfSSL 13:f67a6c6013ca 822 0xd3, 0xe1, 0x60, 0xc3, 0x5b, 0x99, 0xf3, 0x40, 0xb2, 0x62, 0x82, 0x64,
wolfSSL 13:f67a6c6013ca 823 0xd1, 0x75, 0x10, 0x60, 0xe0, 0x04, 0x5d, 0xa3, 0x83, 0xff, 0x57, 0xa5,
wolfSSL 13:f67a6c6013ca 824 0x7d, 0x73, 0xa6, 0x73, 0xd2, 0xb8, 0xd8, 0x0d, 0xaa, 0xf6, 0xa6, 0xc3,
wolfSSL 13:f67a6c6013ca 825 0x5a, 0x91, 0xbb, 0x45, 0x79, 0xd7, 0x3f, 0xd0, 0xc8, 0xfe, 0xd1, 0x11,
wolfSSL 13:f67a6c6013ca 826 0xb0, 0x39, 0x13, 0x06, 0x82, 0x8a, 0xdf, 0xed, 0x52, 0x8f, 0x01, 0x81,
wolfSSL 13:f67a6c6013ca 827 0x21, 0xb3, 0xfe, 0xbd, 0xc3, 0x43, 0xe7, 0x97, 0xb8, 0x7d, 0xbb, 0x63,
wolfSSL 13:f67a6c6013ca 828 0xdb, 0x13, 0x33, 0xde, 0xd9, 0xd1, 0xec, 0xe1, 0x77, 0xcf, 0xa6, 0xb7,
wolfSSL 13:f67a6c6013ca 829 0x1f, 0xe8, 0xab, 0x1d, 0xa4, 0x66, 0x24, 0xed, 0x64, 0x15, 0xe5, 0x1c,
wolfSSL 13:f67a6c6013ca 830 0xcd, 0xe2, 0xc7, 0xca, 0x86, 0xe2, 0x83, 0x99, 0x0e, 0xea, 0xeb, 0x91,
wolfSSL 13:f67a6c6013ca 831 0x12, 0x04, 0x15, 0x52, 0x8b, 0x22, 0x95, 0x91, 0x02, 0x81, 0xb0, 0x2d,
wolfSSL 13:f67a6c6013ca 832 0xd4, 0x31, 0xf4, 0xc9, 0xf7, 0x04, 0x27, 0xdf
wolfSSL 13:f67a6c6013ca 833 };
wolfSSL 13:f67a6c6013ca 834
wolfSSL 13:f67a6c6013ca 835
wolfSSL 13:f67a6c6013ca 836 static int wc_RNG_HealthTestLocal(int reseed)
wolfSSL 13:f67a6c6013ca 837 {
wolfSSL 13:f67a6c6013ca 838 int ret = 0;
wolfSSL 13:f67a6c6013ca 839 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 840 byte* check;
wolfSSL 13:f67a6c6013ca 841 #else
wolfSSL 13:f67a6c6013ca 842 byte check[RNG_HEALTH_TEST_CHECK_SIZE];
wolfSSL 13:f67a6c6013ca 843 #endif
wolfSSL 13:f67a6c6013ca 844
wolfSSL 13:f67a6c6013ca 845 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 846 check = (byte*)XMALLOC(RNG_HEALTH_TEST_CHECK_SIZE, NULL,
wolfSSL 13:f67a6c6013ca 847 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 848 if (check == NULL) {
wolfSSL 13:f67a6c6013ca 849 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 850 }
wolfSSL 13:f67a6c6013ca 851 #endif
wolfSSL 13:f67a6c6013ca 852
wolfSSL 13:f67a6c6013ca 853 if (reseed) {
wolfSSL 13:f67a6c6013ca 854 ret = wc_RNG_HealthTest(1, entropyA, sizeof(entropyA),
wolfSSL 13:f67a6c6013ca 855 reseedEntropyA, sizeof(reseedEntropyA),
wolfSSL 13:f67a6c6013ca 856 check, RNG_HEALTH_TEST_CHECK_SIZE);
wolfSSL 13:f67a6c6013ca 857 if (ret == 0) {
wolfSSL 13:f67a6c6013ca 858 if (ConstantCompare(check, outputA,
wolfSSL 13:f67a6c6013ca 859 RNG_HEALTH_TEST_CHECK_SIZE) != 0)
wolfSSL 13:f67a6c6013ca 860 ret = -1;
wolfSSL 13:f67a6c6013ca 861 }
wolfSSL 13:f67a6c6013ca 862 }
wolfSSL 13:f67a6c6013ca 863 else {
wolfSSL 13:f67a6c6013ca 864 ret = wc_RNG_HealthTest(0, entropyB, sizeof(entropyB),
wolfSSL 13:f67a6c6013ca 865 NULL, 0,
wolfSSL 13:f67a6c6013ca 866 check, RNG_HEALTH_TEST_CHECK_SIZE);
wolfSSL 13:f67a6c6013ca 867 if (ret == 0) {
wolfSSL 13:f67a6c6013ca 868 if (ConstantCompare(check, outputB,
wolfSSL 13:f67a6c6013ca 869 RNG_HEALTH_TEST_CHECK_SIZE) != 0)
wolfSSL 13:f67a6c6013ca 870 ret = -1;
wolfSSL 13:f67a6c6013ca 871 }
wolfSSL 13:f67a6c6013ca 872 }
wolfSSL 13:f67a6c6013ca 873
wolfSSL 13:f67a6c6013ca 874 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 875 XFREE(check, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 876 #endif
wolfSSL 13:f67a6c6013ca 877
wolfSSL 13:f67a6c6013ca 878 return ret;
wolfSSL 13:f67a6c6013ca 879 }
wolfSSL 13:f67a6c6013ca 880
wolfSSL 13:f67a6c6013ca 881 #endif /* HAVE_HASHDRBG */
wolfSSL 13:f67a6c6013ca 882
wolfSSL 13:f67a6c6013ca 883
wolfSSL 13:f67a6c6013ca 884 #ifdef HAVE_WNR
wolfSSL 13:f67a6c6013ca 885
wolfSSL 13:f67a6c6013ca 886 /*
wolfSSL 13:f67a6c6013ca 887 * Init global Whitewood netRandom context
wolfSSL 13:f67a6c6013ca 888 * Returns 0 on success, negative on error
wolfSSL 13:f67a6c6013ca 889 */
wolfSSL 13:f67a6c6013ca 890 int wc_InitNetRandom(const char* configFile, wnr_hmac_key hmac_cb, int timeout)
wolfSSL 13:f67a6c6013ca 891 {
wolfSSL 13:f67a6c6013ca 892 if (configFile == NULL || timeout < 0)
wolfSSL 13:f67a6c6013ca 893 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 894
wolfSSL 13:f67a6c6013ca 895 if (wnr_mutex_init > 0) {
wolfSSL 13:f67a6c6013ca 896 WOLFSSL_MSG("netRandom context already created, skipping");
wolfSSL 13:f67a6c6013ca 897 return 0;
wolfSSL 13:f67a6c6013ca 898 }
wolfSSL 13:f67a6c6013ca 899
wolfSSL 13:f67a6c6013ca 900 if (wc_InitMutex(&wnr_mutex) != 0) {
wolfSSL 13:f67a6c6013ca 901 WOLFSSL_MSG("Bad Init Mutex wnr_mutex");
wolfSSL 13:f67a6c6013ca 902 return BAD_MUTEX_E;
wolfSSL 13:f67a6c6013ca 903 }
wolfSSL 13:f67a6c6013ca 904 wnr_mutex_init = 1;
wolfSSL 13:f67a6c6013ca 905
wolfSSL 13:f67a6c6013ca 906 if (wc_LockMutex(&wnr_mutex) != 0) {
wolfSSL 13:f67a6c6013ca 907 WOLFSSL_MSG("Bad Lock Mutex wnr_mutex");
wolfSSL 13:f67a6c6013ca 908 return BAD_MUTEX_E;
wolfSSL 13:f67a6c6013ca 909 }
wolfSSL 13:f67a6c6013ca 910
wolfSSL 13:f67a6c6013ca 911 /* store entropy timeout */
wolfSSL 13:f67a6c6013ca 912 wnr_timeout = timeout;
wolfSSL 13:f67a6c6013ca 913
wolfSSL 13:f67a6c6013ca 914 /* create global wnr_context struct */
wolfSSL 13:f67a6c6013ca 915 if (wnr_create(&wnr_ctx) != WNR_ERROR_NONE) {
wolfSSL 13:f67a6c6013ca 916 WOLFSSL_MSG("Error creating global netRandom context");
wolfSSL 13:f67a6c6013ca 917 return RNG_FAILURE_E;
wolfSSL 13:f67a6c6013ca 918 }
wolfSSL 13:f67a6c6013ca 919
wolfSSL 13:f67a6c6013ca 920 /* load config file */
wolfSSL 13:f67a6c6013ca 921 if (wnr_config_loadf(wnr_ctx, (char*)configFile) != WNR_ERROR_NONE) {
wolfSSL 13:f67a6c6013ca 922 WOLFSSL_MSG("Error loading config file into netRandom context");
wolfSSL 13:f67a6c6013ca 923 wnr_destroy(wnr_ctx);
wolfSSL 13:f67a6c6013ca 924 wnr_ctx = NULL;
wolfSSL 13:f67a6c6013ca 925 return RNG_FAILURE_E;
wolfSSL 13:f67a6c6013ca 926 }
wolfSSL 13:f67a6c6013ca 927
wolfSSL 13:f67a6c6013ca 928 /* create/init polling mechanism */
wolfSSL 13:f67a6c6013ca 929 if (wnr_poll_create() != WNR_ERROR_NONE) {
wolfSSL 13:f67a6c6013ca 930 printf("ERROR: wnr_poll_create() failed\n");
wolfSSL 13:f67a6c6013ca 931 WOLFSSL_MSG("Error initializing netRandom polling mechanism");
wolfSSL 13:f67a6c6013ca 932 wnr_destroy(wnr_ctx);
wolfSSL 13:f67a6c6013ca 933 wnr_ctx = NULL;
wolfSSL 13:f67a6c6013ca 934 return RNG_FAILURE_E;
wolfSSL 13:f67a6c6013ca 935 }
wolfSSL 13:f67a6c6013ca 936
wolfSSL 13:f67a6c6013ca 937 /* validate config, set HMAC callback (optional) */
wolfSSL 13:f67a6c6013ca 938 if (wnr_setup(wnr_ctx, hmac_cb) != WNR_ERROR_NONE) {
wolfSSL 13:f67a6c6013ca 939 WOLFSSL_MSG("Error setting up netRandom context");
wolfSSL 13:f67a6c6013ca 940 wnr_destroy(wnr_ctx);
wolfSSL 13:f67a6c6013ca 941 wnr_ctx = NULL;
wolfSSL 13:f67a6c6013ca 942 wnr_poll_destroy();
wolfSSL 13:f67a6c6013ca 943 return RNG_FAILURE_E;
wolfSSL 13:f67a6c6013ca 944 }
wolfSSL 13:f67a6c6013ca 945
wolfSSL 13:f67a6c6013ca 946 wc_UnLockMutex(&wnr_mutex);
wolfSSL 13:f67a6c6013ca 947
wolfSSL 13:f67a6c6013ca 948 return 0;
wolfSSL 13:f67a6c6013ca 949 }
wolfSSL 13:f67a6c6013ca 950
wolfSSL 13:f67a6c6013ca 951 /*
wolfSSL 13:f67a6c6013ca 952 * Free global Whitewood netRandom context
wolfSSL 13:f67a6c6013ca 953 * Returns 0 on success, negative on error
wolfSSL 13:f67a6c6013ca 954 */
wolfSSL 13:f67a6c6013ca 955 int wc_FreeNetRandom(void)
wolfSSL 13:f67a6c6013ca 956 {
wolfSSL 13:f67a6c6013ca 957 if (wnr_mutex_init > 0) {
wolfSSL 13:f67a6c6013ca 958
wolfSSL 13:f67a6c6013ca 959 if (wc_LockMutex(&wnr_mutex) != 0) {
wolfSSL 13:f67a6c6013ca 960 WOLFSSL_MSG("Bad Lock Mutex wnr_mutex");
wolfSSL 13:f67a6c6013ca 961 return BAD_MUTEX_E;
wolfSSL 13:f67a6c6013ca 962 }
wolfSSL 13:f67a6c6013ca 963
wolfSSL 13:f67a6c6013ca 964 if (wnr_ctx != NULL) {
wolfSSL 13:f67a6c6013ca 965 wnr_destroy(wnr_ctx);
wolfSSL 13:f67a6c6013ca 966 wnr_ctx = NULL;
wolfSSL 13:f67a6c6013ca 967 }
wolfSSL 13:f67a6c6013ca 968 wnr_poll_destroy();
wolfSSL 13:f67a6c6013ca 969
wolfSSL 13:f67a6c6013ca 970 wc_UnLockMutex(&wnr_mutex);
wolfSSL 13:f67a6c6013ca 971
wolfSSL 13:f67a6c6013ca 972 wc_FreeMutex(&wnr_mutex);
wolfSSL 13:f67a6c6013ca 973 wnr_mutex_init = 0;
wolfSSL 13:f67a6c6013ca 974 }
wolfSSL 13:f67a6c6013ca 975
wolfSSL 13:f67a6c6013ca 976 return 0;
wolfSSL 13:f67a6c6013ca 977 }
wolfSSL 13:f67a6c6013ca 978
wolfSSL 13:f67a6c6013ca 979 #endif /* HAVE_WNR */
wolfSSL 13:f67a6c6013ca 980
wolfSSL 13:f67a6c6013ca 981
wolfSSL 13:f67a6c6013ca 982 #if defined(HAVE_INTEL_RDRAND) || defined(HAVE_INTEL_RDSEED)
wolfSSL 13:f67a6c6013ca 983
wolfSSL 13:f67a6c6013ca 984 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 985 /* need more retries if multiple cores */
wolfSSL 13:f67a6c6013ca 986 #define INTELRD_RETRY (32 * 8)
wolfSSL 13:f67a6c6013ca 987 #else
wolfSSL 13:f67a6c6013ca 988 #define INTELRD_RETRY 32
wolfSSL 13:f67a6c6013ca 989 #endif
wolfSSL 13:f67a6c6013ca 990
wolfSSL 13:f67a6c6013ca 991 #ifdef HAVE_INTEL_RDSEED
wolfSSL 13:f67a6c6013ca 992
wolfSSL 13:f67a6c6013ca 993 /* return 0 on success */
wolfSSL 13:f67a6c6013ca 994 static INLINE int IntelRDseed64(word64* seed)
wolfSSL 13:f67a6c6013ca 995 {
wolfSSL 13:f67a6c6013ca 996 unsigned char ok;
wolfSSL 13:f67a6c6013ca 997
wolfSSL 13:f67a6c6013ca 998 __asm__ volatile("rdseed %0; setc %1":"=r"(*seed), "=qm"(ok));
wolfSSL 13:f67a6c6013ca 999 return (ok) ? 0 : -1;
wolfSSL 13:f67a6c6013ca 1000 }
wolfSSL 13:f67a6c6013ca 1001
wolfSSL 13:f67a6c6013ca 1002 /* return 0 on success */
wolfSSL 13:f67a6c6013ca 1003 static INLINE int IntelRDseed64_r(word64* rnd)
wolfSSL 13:f67a6c6013ca 1004 {
wolfSSL 13:f67a6c6013ca 1005 int i;
wolfSSL 13:f67a6c6013ca 1006 for (i = 0; i < INTELRD_RETRY; i++) {
wolfSSL 13:f67a6c6013ca 1007 if (IntelRDseed64(rnd) == 0)
wolfSSL 13:f67a6c6013ca 1008 return 0;
wolfSSL 13:f67a6c6013ca 1009 }
wolfSSL 13:f67a6c6013ca 1010 return -1;
wolfSSL 13:f67a6c6013ca 1011 }
wolfSSL 13:f67a6c6013ca 1012
wolfSSL 13:f67a6c6013ca 1013 /* return 0 on success */
wolfSSL 13:f67a6c6013ca 1014 static int wc_GenerateSeed_IntelRD(OS_Seed* os, byte* output, word32 sz)
wolfSSL 13:f67a6c6013ca 1015 {
wolfSSL 13:f67a6c6013ca 1016 int ret;
wolfSSL 13:f67a6c6013ca 1017 word64 rndTmp;
wolfSSL 13:f67a6c6013ca 1018
wolfSSL 13:f67a6c6013ca 1019 (void)os;
wolfSSL 13:f67a6c6013ca 1020
wolfSSL 13:f67a6c6013ca 1021 if (!IS_INTEL_RDSEED(intel_flags))
wolfSSL 13:f67a6c6013ca 1022 return -1;
wolfSSL 13:f67a6c6013ca 1023
wolfSSL 13:f67a6c6013ca 1024 for (; (sz / sizeof(word64)) > 0; sz -= sizeof(word64),
wolfSSL 13:f67a6c6013ca 1025 output += sizeof(word64)) {
wolfSSL 13:f67a6c6013ca 1026 ret = IntelRDseed64_r((word64*)output);
wolfSSL 13:f67a6c6013ca 1027 if (ret != 0)
wolfSSL 13:f67a6c6013ca 1028 return ret;
wolfSSL 13:f67a6c6013ca 1029 }
wolfSSL 13:f67a6c6013ca 1030 if (sz == 0)
wolfSSL 13:f67a6c6013ca 1031 return 0;
wolfSSL 13:f67a6c6013ca 1032
wolfSSL 13:f67a6c6013ca 1033 /* handle unaligned remainder */
wolfSSL 13:f67a6c6013ca 1034 ret = IntelRDseed64_r(&rndTmp);
wolfSSL 13:f67a6c6013ca 1035 if (ret != 0)
wolfSSL 13:f67a6c6013ca 1036 return ret;
wolfSSL 13:f67a6c6013ca 1037
wolfSSL 13:f67a6c6013ca 1038 XMEMCPY(output, &rndTmp, sz);
wolfSSL 13:f67a6c6013ca 1039
wolfSSL 13:f67a6c6013ca 1040 return 0;
wolfSSL 13:f67a6c6013ca 1041 }
wolfSSL 13:f67a6c6013ca 1042
wolfSSL 13:f67a6c6013ca 1043 #endif /* HAVE_INTEL_RDSEED */
wolfSSL 13:f67a6c6013ca 1044
wolfSSL 13:f67a6c6013ca 1045 #ifdef HAVE_INTEL_RDRAND
wolfSSL 13:f67a6c6013ca 1046
wolfSSL 13:f67a6c6013ca 1047 /* return 0 on success */
wolfSSL 13:f67a6c6013ca 1048 static INLINE int IntelRDrand64(word64 *rnd)
wolfSSL 13:f67a6c6013ca 1049 {
wolfSSL 13:f67a6c6013ca 1050 unsigned char ok;
wolfSSL 13:f67a6c6013ca 1051
wolfSSL 13:f67a6c6013ca 1052 __asm__ volatile("rdrand %0; setc %1":"=r"(*rnd), "=qm"(ok));
wolfSSL 13:f67a6c6013ca 1053
wolfSSL 13:f67a6c6013ca 1054 return (ok) ? 0 : -1;
wolfSSL 13:f67a6c6013ca 1055 }
wolfSSL 13:f67a6c6013ca 1056
wolfSSL 13:f67a6c6013ca 1057 /* return 0 on success */
wolfSSL 13:f67a6c6013ca 1058 static INLINE int IntelRDrand64_r(word64 *rnd)
wolfSSL 13:f67a6c6013ca 1059 {
wolfSSL 13:f67a6c6013ca 1060 int i;
wolfSSL 13:f67a6c6013ca 1061 for (i = 0; i < INTELRD_RETRY; i++) {
wolfSSL 13:f67a6c6013ca 1062 if (IntelRDrand64(rnd) == 0)
wolfSSL 13:f67a6c6013ca 1063 return 0;
wolfSSL 13:f67a6c6013ca 1064 }
wolfSSL 13:f67a6c6013ca 1065 return -1;
wolfSSL 13:f67a6c6013ca 1066 }
wolfSSL 13:f67a6c6013ca 1067
wolfSSL 13:f67a6c6013ca 1068 /* return 0 on success */
wolfSSL 13:f67a6c6013ca 1069 static int wc_GenerateRand_IntelRD(OS_Seed* os, byte* output, word32 sz)
wolfSSL 13:f67a6c6013ca 1070 {
wolfSSL 13:f67a6c6013ca 1071 int ret;
wolfSSL 13:f67a6c6013ca 1072 word64 rndTmp;
wolfSSL 13:f67a6c6013ca 1073
wolfSSL 13:f67a6c6013ca 1074 (void)os;
wolfSSL 13:f67a6c6013ca 1075
wolfSSL 13:f67a6c6013ca 1076 if (!IS_INTEL_RDRAND(intel_flags))
wolfSSL 13:f67a6c6013ca 1077 return -1;
wolfSSL 13:f67a6c6013ca 1078
wolfSSL 13:f67a6c6013ca 1079 for (; (sz / sizeof(word64)) > 0; sz -= sizeof(word64),
wolfSSL 13:f67a6c6013ca 1080 output += sizeof(word64)) {
wolfSSL 13:f67a6c6013ca 1081 ret = IntelRDrand64_r((word64 *)output);
wolfSSL 13:f67a6c6013ca 1082 if (ret != 0)
wolfSSL 13:f67a6c6013ca 1083 return ret;
wolfSSL 13:f67a6c6013ca 1084 }
wolfSSL 13:f67a6c6013ca 1085 if (sz == 0)
wolfSSL 13:f67a6c6013ca 1086 return 0;
wolfSSL 13:f67a6c6013ca 1087
wolfSSL 13:f67a6c6013ca 1088 /* handle unaligned remainder */
wolfSSL 13:f67a6c6013ca 1089 ret = IntelRDrand64_r(&rndTmp);
wolfSSL 13:f67a6c6013ca 1090 if (ret != 0)
wolfSSL 13:f67a6c6013ca 1091 return ret;
wolfSSL 13:f67a6c6013ca 1092
wolfSSL 13:f67a6c6013ca 1093 XMEMCPY(output, &rndTmp, sz);
wolfSSL 13:f67a6c6013ca 1094
wolfSSL 13:f67a6c6013ca 1095 return 0;
wolfSSL 13:f67a6c6013ca 1096 }
wolfSSL 13:f67a6c6013ca 1097
wolfSSL 13:f67a6c6013ca 1098 #endif /* HAVE_INTEL_RDRAND */
wolfSSL 13:f67a6c6013ca 1099 #endif /* HAVE_INTEL_RDRAND || HAVE_INTEL_RDSEED */
wolfSSL 13:f67a6c6013ca 1100
wolfSSL 13:f67a6c6013ca 1101
wolfSSL 13:f67a6c6013ca 1102 /* Begin wc_GenerateSeed Implementations */
wolfSSL 13:f67a6c6013ca 1103 #if defined(CUSTOM_RAND_GENERATE_SEED)
wolfSSL 13:f67a6c6013ca 1104
wolfSSL 13:f67a6c6013ca 1105 /* Implement your own random generation function
wolfSSL 13:f67a6c6013ca 1106 * Return 0 to indicate success
wolfSSL 13:f67a6c6013ca 1107 * int rand_gen_seed(byte* output, word32 sz);
wolfSSL 13:f67a6c6013ca 1108 * #define CUSTOM_RAND_GENERATE_SEED rand_gen_seed */
wolfSSL 13:f67a6c6013ca 1109
wolfSSL 13:f67a6c6013ca 1110 int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
wolfSSL 13:f67a6c6013ca 1111 {
wolfSSL 13:f67a6c6013ca 1112 (void)os; /* Suppress unused arg warning */
wolfSSL 13:f67a6c6013ca 1113 return CUSTOM_RAND_GENERATE_SEED(output, sz);
wolfSSL 13:f67a6c6013ca 1114 }
wolfSSL 13:f67a6c6013ca 1115
wolfSSL 13:f67a6c6013ca 1116 #elif defined(CUSTOM_RAND_GENERATE_SEED_OS)
wolfSSL 13:f67a6c6013ca 1117
wolfSSL 13:f67a6c6013ca 1118 /* Implement your own random generation function,
wolfSSL 13:f67a6c6013ca 1119 * which includes OS_Seed.
wolfSSL 13:f67a6c6013ca 1120 * Return 0 to indicate success
wolfSSL 13:f67a6c6013ca 1121 * int rand_gen_seed(OS_Seed* os, byte* output, word32 sz);
wolfSSL 13:f67a6c6013ca 1122 * #define CUSTOM_RAND_GENERATE_SEED_OS rand_gen_seed */
wolfSSL 13:f67a6c6013ca 1123
wolfSSL 13:f67a6c6013ca 1124 int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
wolfSSL 13:f67a6c6013ca 1125 {
wolfSSL 13:f67a6c6013ca 1126 return CUSTOM_RAND_GENERATE_SEED_OS(os, output, sz);
wolfSSL 13:f67a6c6013ca 1127 }
wolfSSL 13:f67a6c6013ca 1128
wolfSSL 13:f67a6c6013ca 1129 #elif defined(CUSTOM_RAND_GENERATE)
wolfSSL 13:f67a6c6013ca 1130
wolfSSL 13:f67a6c6013ca 1131 /* Implement your own random generation function
wolfSSL 13:f67a6c6013ca 1132 * word32 rand_gen(void);
wolfSSL 13:f67a6c6013ca 1133 * #define CUSTOM_RAND_GENERATE rand_gen */
wolfSSL 13:f67a6c6013ca 1134
wolfSSL 13:f67a6c6013ca 1135 int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
wolfSSL 13:f67a6c6013ca 1136 {
wolfSSL 13:f67a6c6013ca 1137 word32 i = 0;
wolfSSL 13:f67a6c6013ca 1138
wolfSSL 13:f67a6c6013ca 1139 (void)os;
wolfSSL 13:f67a6c6013ca 1140
wolfSSL 13:f67a6c6013ca 1141 while (i < sz)
wolfSSL 13:f67a6c6013ca 1142 {
wolfSSL 13:f67a6c6013ca 1143 /* If not aligned or there is odd/remainder */
wolfSSL 13:f67a6c6013ca 1144 if( (i + sizeof(CUSTOM_RAND_TYPE)) > sz ||
wolfSSL 13:f67a6c6013ca 1145 ((wolfssl_word)&output[i] % sizeof(CUSTOM_RAND_TYPE)) != 0
wolfSSL 13:f67a6c6013ca 1146 ) {
wolfSSL 13:f67a6c6013ca 1147 /* Single byte at a time */
wolfSSL 13:f67a6c6013ca 1148 output[i++] = (byte)CUSTOM_RAND_GENERATE();
wolfSSL 13:f67a6c6013ca 1149 }
wolfSSL 13:f67a6c6013ca 1150 else {
wolfSSL 13:f67a6c6013ca 1151 /* Use native 8, 16, 32 or 64 copy instruction */
wolfSSL 13:f67a6c6013ca 1152 *((CUSTOM_RAND_TYPE*)&output[i]) = CUSTOM_RAND_GENERATE();
wolfSSL 13:f67a6c6013ca 1153 i += sizeof(CUSTOM_RAND_TYPE);
wolfSSL 13:f67a6c6013ca 1154 }
wolfSSL 13:f67a6c6013ca 1155 }
wolfSSL 13:f67a6c6013ca 1156
wolfSSL 13:f67a6c6013ca 1157 return 0;
wolfSSL 13:f67a6c6013ca 1158 }
wolfSSL 13:f67a6c6013ca 1159
wolfSSL 13:f67a6c6013ca 1160 #elif defined(WOLFSSL_SGX)
wolfSSL 13:f67a6c6013ca 1161
wolfSSL 13:f67a6c6013ca 1162 int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
wolfSSL 13:f67a6c6013ca 1163 {
wolfSSL 13:f67a6c6013ca 1164 int ret = !SGX_SUCCESS;
wolfSSL 13:f67a6c6013ca 1165 int i, read_max = 10;
wolfSSL 13:f67a6c6013ca 1166
wolfSSL 13:f67a6c6013ca 1167 for (i = 0; i < read_max && ret != SGX_SUCCESS; i++) {
wolfSSL 13:f67a6c6013ca 1168 ret = sgx_read_rand(output, sz);
wolfSSL 13:f67a6c6013ca 1169 }
wolfSSL 13:f67a6c6013ca 1170
wolfSSL 13:f67a6c6013ca 1171 (void)os;
wolfSSL 13:f67a6c6013ca 1172 return (ret == SGX_SUCCESS) ? 0 : 1;
wolfSSL 13:f67a6c6013ca 1173 }
wolfSSL 13:f67a6c6013ca 1174
wolfSSL 13:f67a6c6013ca 1175 #elif defined(USE_WINDOWS_API)
wolfSSL 13:f67a6c6013ca 1176
wolfSSL 13:f67a6c6013ca 1177 int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
wolfSSL 13:f67a6c6013ca 1178 {
wolfSSL 13:f67a6c6013ca 1179 if(!CryptAcquireContext(&os->handle, 0, 0, PROV_RSA_FULL,
wolfSSL 13:f67a6c6013ca 1180 CRYPT_VERIFYCONTEXT))
wolfSSL 13:f67a6c6013ca 1181 return WINCRYPT_E;
wolfSSL 13:f67a6c6013ca 1182
wolfSSL 13:f67a6c6013ca 1183 if (!CryptGenRandom(os->handle, sz, output))
wolfSSL 13:f67a6c6013ca 1184 return CRYPTGEN_E;
wolfSSL 13:f67a6c6013ca 1185
wolfSSL 13:f67a6c6013ca 1186 CryptReleaseContext(os->handle, 0);
wolfSSL 13:f67a6c6013ca 1187
wolfSSL 13:f67a6c6013ca 1188 return 0;
wolfSSL 13:f67a6c6013ca 1189 }
wolfSSL 13:f67a6c6013ca 1190
wolfSSL 13:f67a6c6013ca 1191
wolfSSL 13:f67a6c6013ca 1192 #elif defined(HAVE_RTP_SYS) || defined(EBSNET)
wolfSSL 13:f67a6c6013ca 1193
wolfSSL 13:f67a6c6013ca 1194 #include "rtprand.h" /* rtp_rand () */
wolfSSL 13:f67a6c6013ca 1195 #include "rtptime.h" /* rtp_get_system_msec() */
wolfSSL 13:f67a6c6013ca 1196
wolfSSL 13:f67a6c6013ca 1197
wolfSSL 13:f67a6c6013ca 1198 int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
wolfSSL 13:f67a6c6013ca 1199 {
wolfSSL 13:f67a6c6013ca 1200 int i;
wolfSSL 13:f67a6c6013ca 1201 rtp_srand(rtp_get_system_msec());
wolfSSL 13:f67a6c6013ca 1202
wolfSSL 13:f67a6c6013ca 1203 for (i = 0; i < sz; i++ ) {
wolfSSL 13:f67a6c6013ca 1204 output[i] = rtp_rand() % 256;
wolfSSL 13:f67a6c6013ca 1205 if ( (i % 8) == 7)
wolfSSL 13:f67a6c6013ca 1206 rtp_srand(rtp_get_system_msec());
wolfSSL 13:f67a6c6013ca 1207 }
wolfSSL 13:f67a6c6013ca 1208
wolfSSL 13:f67a6c6013ca 1209 return 0;
wolfSSL 13:f67a6c6013ca 1210 }
wolfSSL 13:f67a6c6013ca 1211
wolfSSL 13:f67a6c6013ca 1212
wolfSSL 13:f67a6c6013ca 1213 #elif defined(MICRIUM)
wolfSSL 13:f67a6c6013ca 1214
wolfSSL 13:f67a6c6013ca 1215 int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
wolfSSL 13:f67a6c6013ca 1216 {
wolfSSL 13:f67a6c6013ca 1217 #if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED)
wolfSSL 13:f67a6c6013ca 1218 NetSecure_InitSeed(output, sz);
wolfSSL 13:f67a6c6013ca 1219 #endif
wolfSSL 13:f67a6c6013ca 1220 return 0;
wolfSSL 13:f67a6c6013ca 1221 }
wolfSSL 13:f67a6c6013ca 1222
wolfSSL 13:f67a6c6013ca 1223 #elif defined(MICROCHIP_PIC32)
wolfSSL 13:f67a6c6013ca 1224
wolfSSL 13:f67a6c6013ca 1225 #ifdef MICROCHIP_MPLAB_HARMONY
wolfSSL 13:f67a6c6013ca 1226 #define PIC32_SEED_COUNT _CP0_GET_COUNT
wolfSSL 13:f67a6c6013ca 1227 #else
wolfSSL 13:f67a6c6013ca 1228 #if !defined(WOLFSSL_MICROCHIP_PIC32MZ)
wolfSSL 13:f67a6c6013ca 1229 #include <peripheral/timer.h>
wolfSSL 13:f67a6c6013ca 1230 #endif
wolfSSL 13:f67a6c6013ca 1231 extern word32 ReadCoreTimer(void);
wolfSSL 13:f67a6c6013ca 1232 #define PIC32_SEED_COUNT ReadCoreTimer
wolfSSL 13:f67a6c6013ca 1233 #endif
wolfSSL 13:f67a6c6013ca 1234
wolfSSL 13:f67a6c6013ca 1235 #ifdef WOLFSSL_PIC32MZ_RNG
wolfSSL 13:f67a6c6013ca 1236 #include "xc.h"
wolfSSL 13:f67a6c6013ca 1237 int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
wolfSSL 13:f67a6c6013ca 1238 {
wolfSSL 13:f67a6c6013ca 1239 int i;
wolfSSL 13:f67a6c6013ca 1240 byte rnd[8];
wolfSSL 13:f67a6c6013ca 1241 word32 *rnd32 = (word32 *)rnd;
wolfSSL 13:f67a6c6013ca 1242 word32 size = sz;
wolfSSL 13:f67a6c6013ca 1243 byte* op = output;
wolfSSL 13:f67a6c6013ca 1244
wolfSSL 13:f67a6c6013ca 1245 #if ((__PIC32_FEATURE_SET0 == 'E') && (__PIC32_FEATURE_SET1 == 'C'))
wolfSSL 13:f67a6c6013ca 1246 RNGNUMGEN1 = _CP0_GET_COUNT();
wolfSSL 13:f67a6c6013ca 1247 RNGPOLY1 = _CP0_GET_COUNT();
wolfSSL 13:f67a6c6013ca 1248 RNGPOLY2 = _CP0_GET_COUNT();
wolfSSL 13:f67a6c6013ca 1249 RNGNUMGEN2 = _CP0_GET_COUNT();
wolfSSL 13:f67a6c6013ca 1250 #else
wolfSSL 13:f67a6c6013ca 1251 // All others can be seeded from the TRNG
wolfSSL 13:f67a6c6013ca 1252 RNGCONbits.TRNGMODE = 1;
wolfSSL 13:f67a6c6013ca 1253 RNGCONbits.TRNGEN = 1;
wolfSSL 13:f67a6c6013ca 1254 while (RNGCNT < 64);
wolfSSL 13:f67a6c6013ca 1255 RNGCONbits.LOAD = 1;
wolfSSL 13:f67a6c6013ca 1256 while (RNGCONbits.LOAD == 1);
wolfSSL 13:f67a6c6013ca 1257 while (RNGCNT < 64);
wolfSSL 13:f67a6c6013ca 1258 RNGPOLY2 = RNGSEED2;
wolfSSL 13:f67a6c6013ca 1259 RNGPOLY1 = RNGSEED1;
wolfSSL 13:f67a6c6013ca 1260 #endif
wolfSSL 13:f67a6c6013ca 1261
wolfSSL 13:f67a6c6013ca 1262 RNGCONbits.PLEN = 0x40;
wolfSSL 13:f67a6c6013ca 1263 RNGCONbits.PRNGEN = 1;
wolfSSL 13:f67a6c6013ca 1264 for (i=0; i<5; i++) { /* wait for RNGNUMGEN ready */
wolfSSL 13:f67a6c6013ca 1265 volatile int x;
wolfSSL 13:f67a6c6013ca 1266 x = RNGNUMGEN1;
wolfSSL 13:f67a6c6013ca 1267 x = RNGNUMGEN2;
wolfSSL 13:f67a6c6013ca 1268 (void)x;
wolfSSL 13:f67a6c6013ca 1269 }
wolfSSL 13:f67a6c6013ca 1270 do {
wolfSSL 13:f67a6c6013ca 1271 rnd32[0] = RNGNUMGEN1;
wolfSSL 13:f67a6c6013ca 1272 rnd32[1] = RNGNUMGEN2;
wolfSSL 13:f67a6c6013ca 1273
wolfSSL 13:f67a6c6013ca 1274 for(i=0; i<8; i++, op++) {
wolfSSL 13:f67a6c6013ca 1275 *op = rnd[i];
wolfSSL 13:f67a6c6013ca 1276 size --;
wolfSSL 13:f67a6c6013ca 1277 if(size==0)break;
wolfSSL 13:f67a6c6013ca 1278 }
wolfSSL 13:f67a6c6013ca 1279 } while(size);
wolfSSL 13:f67a6c6013ca 1280 return 0;
wolfSSL 13:f67a6c6013ca 1281 }
wolfSSL 13:f67a6c6013ca 1282 #else /* WOLFSSL_PIC32MZ_RNG */
wolfSSL 13:f67a6c6013ca 1283 /* uses the core timer, in nanoseconds to seed srand */
wolfSSL 13:f67a6c6013ca 1284 int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
wolfSSL 13:f67a6c6013ca 1285 {
wolfSSL 13:f67a6c6013ca 1286 int i;
wolfSSL 13:f67a6c6013ca 1287 srand(PIC32_SEED_COUNT() * 25);
wolfSSL 13:f67a6c6013ca 1288
wolfSSL 13:f67a6c6013ca 1289 for (i = 0; i < sz; i++ ) {
wolfSSL 13:f67a6c6013ca 1290 output[i] = rand() % 256;
wolfSSL 13:f67a6c6013ca 1291 if ( (i % 8) == 7)
wolfSSL 13:f67a6c6013ca 1292 srand(PIC32_SEED_COUNT() * 25);
wolfSSL 13:f67a6c6013ca 1293 }
wolfSSL 13:f67a6c6013ca 1294 return 0;
wolfSSL 13:f67a6c6013ca 1295 }
wolfSSL 13:f67a6c6013ca 1296 #endif /* WOLFSSL_PIC32MZ_RNG */
wolfSSL 13:f67a6c6013ca 1297
wolfSSL 13:f67a6c6013ca 1298 #elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) || \
wolfSSL 13:f67a6c6013ca 1299 defined(FREESCALE_KSDK_BM) || defined(FREESCALE_FREE_RTOS)
wolfSSL 13:f67a6c6013ca 1300
wolfSSL 13:f67a6c6013ca 1301 #if defined(FREESCALE_K70_RNGA) || defined(FREESCALE_RNGA)
wolfSSL 13:f67a6c6013ca 1302 /*
wolfSSL 13:f67a6c6013ca 1303 * wc_Generates a RNG seed using the Random Number Generator Accelerator
wolfSSL 13:f67a6c6013ca 1304 * on the Kinetis K70. Documentation located in Chapter 37 of
wolfSSL 13:f67a6c6013ca 1305 * K70 Sub-Family Reference Manual (see Note 3 in the README for link).
wolfSSL 13:f67a6c6013ca 1306 */
wolfSSL 13:f67a6c6013ca 1307 int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
wolfSSL 13:f67a6c6013ca 1308 {
wolfSSL 13:f67a6c6013ca 1309 int i;
wolfSSL 13:f67a6c6013ca 1310
wolfSSL 13:f67a6c6013ca 1311 /* turn on RNGA module */
wolfSSL 13:f67a6c6013ca 1312 #if defined(SIM_SCGC3_RNGA_MASK)
wolfSSL 13:f67a6c6013ca 1313 SIM_SCGC3 |= SIM_SCGC3_RNGA_MASK;
wolfSSL 13:f67a6c6013ca 1314 #endif
wolfSSL 13:f67a6c6013ca 1315 #if defined(SIM_SCGC6_RNGA_MASK)
wolfSSL 13:f67a6c6013ca 1316 /* additionally needed for at least K64F */
wolfSSL 13:f67a6c6013ca 1317 SIM_SCGC6 |= SIM_SCGC6_RNGA_MASK;
wolfSSL 13:f67a6c6013ca 1318 #endif
wolfSSL 13:f67a6c6013ca 1319
wolfSSL 13:f67a6c6013ca 1320 /* set SLP bit to 0 - "RNGA is not in sleep mode" */
wolfSSL 13:f67a6c6013ca 1321 RNG_CR &= ~RNG_CR_SLP_MASK;
wolfSSL 13:f67a6c6013ca 1322
wolfSSL 13:f67a6c6013ca 1323 /* set HA bit to 1 - "security violations masked" */
wolfSSL 13:f67a6c6013ca 1324 RNG_CR |= RNG_CR_HA_MASK;
wolfSSL 13:f67a6c6013ca 1325
wolfSSL 13:f67a6c6013ca 1326 /* set GO bit to 1 - "output register loaded with data" */
wolfSSL 13:f67a6c6013ca 1327 RNG_CR |= RNG_CR_GO_MASK;
wolfSSL 13:f67a6c6013ca 1328
wolfSSL 13:f67a6c6013ca 1329 for (i = 0; i < sz; i++) {
wolfSSL 13:f67a6c6013ca 1330
wolfSSL 13:f67a6c6013ca 1331 /* wait for RNG FIFO to be full */
wolfSSL 13:f67a6c6013ca 1332 while((RNG_SR & RNG_SR_OREG_LVL(0xF)) == 0) {}
wolfSSL 13:f67a6c6013ca 1333
wolfSSL 13:f67a6c6013ca 1334 /* get value */
wolfSSL 13:f67a6c6013ca 1335 output[i] = RNG_OR;
wolfSSL 13:f67a6c6013ca 1336 }
wolfSSL 13:f67a6c6013ca 1337
wolfSSL 13:f67a6c6013ca 1338 return 0;
wolfSSL 13:f67a6c6013ca 1339 }
wolfSSL 13:f67a6c6013ca 1340
wolfSSL 13:f67a6c6013ca 1341 #elif defined(FREESCALE_K53_RNGB) || defined(FREESCALE_RNGB)
wolfSSL 13:f67a6c6013ca 1342 /*
wolfSSL 13:f67a6c6013ca 1343 * wc_Generates a RNG seed using the Random Number Generator (RNGB)
wolfSSL 13:f67a6c6013ca 1344 * on the Kinetis K53. Documentation located in Chapter 33 of
wolfSSL 13:f67a6c6013ca 1345 * K53 Sub-Family Reference Manual (see note in the README for link).
wolfSSL 13:f67a6c6013ca 1346 */
wolfSSL 13:f67a6c6013ca 1347 int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
wolfSSL 13:f67a6c6013ca 1348 {
wolfSSL 13:f67a6c6013ca 1349 int i;
wolfSSL 13:f67a6c6013ca 1350
wolfSSL 13:f67a6c6013ca 1351 /* turn on RNGB module */
wolfSSL 13:f67a6c6013ca 1352 SIM_SCGC3 |= SIM_SCGC3_RNGB_MASK;
wolfSSL 13:f67a6c6013ca 1353
wolfSSL 13:f67a6c6013ca 1354 /* reset RNGB */
wolfSSL 13:f67a6c6013ca 1355 RNG_CMD |= RNG_CMD_SR_MASK;
wolfSSL 13:f67a6c6013ca 1356
wolfSSL 13:f67a6c6013ca 1357 /* FIFO generate interrupt, return all zeros on underflow,
wolfSSL 13:f67a6c6013ca 1358 * set auto reseed */
wolfSSL 13:f67a6c6013ca 1359 RNG_CR |= (RNG_CR_FUFMOD_MASK | RNG_CR_AR_MASK);
wolfSSL 13:f67a6c6013ca 1360
wolfSSL 13:f67a6c6013ca 1361 /* gen seed, clear interrupts, clear errors */
wolfSSL 13:f67a6c6013ca 1362 RNG_CMD |= (RNG_CMD_GS_MASK | RNG_CMD_CI_MASK | RNG_CMD_CE_MASK);
wolfSSL 13:f67a6c6013ca 1363
wolfSSL 13:f67a6c6013ca 1364 /* wait for seeding to complete */
wolfSSL 13:f67a6c6013ca 1365 while ((RNG_SR & RNG_SR_SDN_MASK) == 0) {}
wolfSSL 13:f67a6c6013ca 1366
wolfSSL 13:f67a6c6013ca 1367 for (i = 0; i < sz; i++) {
wolfSSL 13:f67a6c6013ca 1368
wolfSSL 13:f67a6c6013ca 1369 /* wait for a word to be available from FIFO */
wolfSSL 13:f67a6c6013ca 1370 while((RNG_SR & RNG_SR_FIFO_LVL_MASK) == 0) {}
wolfSSL 13:f67a6c6013ca 1371
wolfSSL 13:f67a6c6013ca 1372 /* get value */
wolfSSL 13:f67a6c6013ca 1373 output[i] = RNG_OUT;
wolfSSL 13:f67a6c6013ca 1374 }
wolfSSL 13:f67a6c6013ca 1375
wolfSSL 13:f67a6c6013ca 1376 return 0;
wolfSSL 13:f67a6c6013ca 1377 }
wolfSSL 13:f67a6c6013ca 1378
wolfSSL 13:f67a6c6013ca 1379 #elif defined(FREESCALE_KSDK_2_0_TRNG)
wolfSSL 13:f67a6c6013ca 1380
wolfSSL 13:f67a6c6013ca 1381 int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
wolfSSL 13:f67a6c6013ca 1382 {
wolfSSL 13:f67a6c6013ca 1383 status_t status;
wolfSSL 13:f67a6c6013ca 1384 status = TRNG_GetRandomData(TRNG0, output, sz);
wolfSSL 13:f67a6c6013ca 1385 if (status == kStatus_Success)
wolfSSL 13:f67a6c6013ca 1386 {
wolfSSL 13:f67a6c6013ca 1387 return(0);
wolfSSL 13:f67a6c6013ca 1388 }
wolfSSL 13:f67a6c6013ca 1389 else
wolfSSL 13:f67a6c6013ca 1390 {
wolfSSL 13:f67a6c6013ca 1391 return RAN_BLOCK_E;
wolfSSL 13:f67a6c6013ca 1392 }
wolfSSL 13:f67a6c6013ca 1393 }
wolfSSL 13:f67a6c6013ca 1394
wolfSSL 13:f67a6c6013ca 1395 #elif defined(FREESCALE_KSDK_2_0_RNGA)
wolfSSL 13:f67a6c6013ca 1396
wolfSSL 13:f67a6c6013ca 1397 int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
wolfSSL 13:f67a6c6013ca 1398 {
wolfSSL 13:f67a6c6013ca 1399 status_t status;
wolfSSL 13:f67a6c6013ca 1400 status = RNGA_GetRandomData(RNG, output, sz);
wolfSSL 13:f67a6c6013ca 1401 if (status == kStatus_Success)
wolfSSL 13:f67a6c6013ca 1402 {
wolfSSL 13:f67a6c6013ca 1403 return(0);
wolfSSL 13:f67a6c6013ca 1404 }
wolfSSL 13:f67a6c6013ca 1405 else
wolfSSL 13:f67a6c6013ca 1406 {
wolfSSL 13:f67a6c6013ca 1407 return RAN_BLOCK_E;
wolfSSL 13:f67a6c6013ca 1408 }
wolfSSL 13:f67a6c6013ca 1409 }
wolfSSL 13:f67a6c6013ca 1410
wolfSSL 13:f67a6c6013ca 1411
wolfSSL 13:f67a6c6013ca 1412 #elif defined(FREESCALE_RNGA)
wolfSSL 13:f67a6c6013ca 1413
wolfSSL 13:f67a6c6013ca 1414 int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
wolfSSL 13:f67a6c6013ca 1415 {
wolfSSL 13:f67a6c6013ca 1416 RNGA_DRV_GetRandomData(RNGA_INSTANCE, output, sz);
wolfSSL 13:f67a6c6013ca 1417 return 0;
wolfSSL 13:f67a6c6013ca 1418 }
wolfSSL 13:f67a6c6013ca 1419
wolfSSL 13:f67a6c6013ca 1420 #else
wolfSSL 13:f67a6c6013ca 1421 #define USE_TEST_GENSEED
wolfSSL 13:f67a6c6013ca 1422 #endif /* FREESCALE_K70_RNGA */
wolfSSL 13:f67a6c6013ca 1423
wolfSSL 13:f67a6c6013ca 1424 #elif defined(STM32F2_RNG) || defined(STM32F4_RNG)
wolfSSL 13:f67a6c6013ca 1425 /*
wolfSSL 13:f67a6c6013ca 1426 * wc_Generate a RNG seed using the hardware random number generator
wolfSSL 13:f67a6c6013ca 1427 * on the STM32F2/F4. */
wolfSSL 13:f67a6c6013ca 1428
wolfSSL 13:f67a6c6013ca 1429 #ifdef WOLFSSL_STM32_CUBEMX
wolfSSL 13:f67a6c6013ca 1430 int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
wolfSSL 13:f67a6c6013ca 1431 {
wolfSSL 13:f67a6c6013ca 1432 RNG_HandleTypeDef hrng;
wolfSSL 13:f67a6c6013ca 1433 int i;
wolfSSL 13:f67a6c6013ca 1434 (void)os;
wolfSSL 13:f67a6c6013ca 1435
wolfSSL 13:f67a6c6013ca 1436 /* enable RNG clock source */
wolfSSL 13:f67a6c6013ca 1437 __HAL_RCC_RNG_CLK_ENABLE();
wolfSSL 13:f67a6c6013ca 1438
wolfSSL 13:f67a6c6013ca 1439 /* enable RNG peripheral */
wolfSSL 13:f67a6c6013ca 1440 hrng.Instance = RNG;
wolfSSL 13:f67a6c6013ca 1441 HAL_RNG_Init(&hrng);
wolfSSL 13:f67a6c6013ca 1442
wolfSSL 13:f67a6c6013ca 1443 for (i = 0; i < (int)sz; i++) {
wolfSSL 13:f67a6c6013ca 1444 /* get value */
wolfSSL 13:f67a6c6013ca 1445 output[i] = (byte)HAL_RNG_GetRandomNumber(&hrng);
wolfSSL 13:f67a6c6013ca 1446 }
wolfSSL 13:f67a6c6013ca 1447
wolfSSL 13:f67a6c6013ca 1448 return 0;
wolfSSL 13:f67a6c6013ca 1449 }
wolfSSL 13:f67a6c6013ca 1450 #else
wolfSSL 13:f67a6c6013ca 1451 int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
wolfSSL 13:f67a6c6013ca 1452 {
wolfSSL 13:f67a6c6013ca 1453 int i;
wolfSSL 13:f67a6c6013ca 1454 (void)os;
wolfSSL 13:f67a6c6013ca 1455
wolfSSL 13:f67a6c6013ca 1456 /* enable RNG clock source */
wolfSSL 13:f67a6c6013ca 1457 RCC_AHB2PeriphClockCmd(RCC_AHB2Periph_RNG, ENABLE);
wolfSSL 13:f67a6c6013ca 1458
wolfSSL 13:f67a6c6013ca 1459 /* enable RNG peripheral */
wolfSSL 13:f67a6c6013ca 1460 RNG_Cmd(ENABLE);
wolfSSL 13:f67a6c6013ca 1461
wolfSSL 13:f67a6c6013ca 1462 for (i = 0; i < (int)sz; i++) {
wolfSSL 13:f67a6c6013ca 1463 /* wait until RNG number is ready */
wolfSSL 13:f67a6c6013ca 1464 while(RNG_GetFlagStatus(RNG_FLAG_DRDY)== RESET) { }
wolfSSL 13:f67a6c6013ca 1465
wolfSSL 13:f67a6c6013ca 1466 /* get value */
wolfSSL 13:f67a6c6013ca 1467 output[i] = RNG_GetRandomNumber();
wolfSSL 13:f67a6c6013ca 1468 }
wolfSSL 13:f67a6c6013ca 1469
wolfSSL 13:f67a6c6013ca 1470 return 0;
wolfSSL 13:f67a6c6013ca 1471 }
wolfSSL 13:f67a6c6013ca 1472 #endif /* WOLFSSL_STM32_CUBEMX */
wolfSSL 13:f67a6c6013ca 1473
wolfSSL 13:f67a6c6013ca 1474 #elif defined(WOLFSSL_TIRTOS)
wolfSSL 13:f67a6c6013ca 1475
wolfSSL 13:f67a6c6013ca 1476 #include <xdc/runtime/Timestamp.h>
wolfSSL 13:f67a6c6013ca 1477 #include <stdlib.h>
wolfSSL 13:f67a6c6013ca 1478 int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
wolfSSL 13:f67a6c6013ca 1479 {
wolfSSL 13:f67a6c6013ca 1480 int i;
wolfSSL 13:f67a6c6013ca 1481 srand(xdc_runtime_Timestamp_get32());
wolfSSL 13:f67a6c6013ca 1482
wolfSSL 13:f67a6c6013ca 1483 for (i = 0; i < sz; i++ ) {
wolfSSL 13:f67a6c6013ca 1484 output[i] = rand() % 256;
wolfSSL 13:f67a6c6013ca 1485 if ((i % 8) == 7) {
wolfSSL 13:f67a6c6013ca 1486 srand(xdc_runtime_Timestamp_get32());
wolfSSL 13:f67a6c6013ca 1487 }
wolfSSL 13:f67a6c6013ca 1488 }
wolfSSL 13:f67a6c6013ca 1489
wolfSSL 13:f67a6c6013ca 1490 return 0;
wolfSSL 13:f67a6c6013ca 1491 }
wolfSSL 13:f67a6c6013ca 1492
wolfSSL 13:f67a6c6013ca 1493 #elif defined(WOLFSSL_VXWORKS)
wolfSSL 13:f67a6c6013ca 1494
wolfSSL 13:f67a6c6013ca 1495 #include <randomNumGen.h>
wolfSSL 13:f67a6c6013ca 1496
wolfSSL 13:f67a6c6013ca 1497 int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) {
wolfSSL 13:f67a6c6013ca 1498 STATUS status;
wolfSSL 13:f67a6c6013ca 1499
wolfSSL 13:f67a6c6013ca 1500 #ifdef VXWORKS_SIM
wolfSSL 13:f67a6c6013ca 1501 /* cannot generate true entropy with VxWorks simulator */
wolfSSL 13:f67a6c6013ca 1502 #warning "not enough entropy, simulator for testing only"
wolfSSL 13:f67a6c6013ca 1503 int i = 0;
wolfSSL 13:f67a6c6013ca 1504
wolfSSL 13:f67a6c6013ca 1505 for (i = 0; i < 1000; i++) {
wolfSSL 13:f67a6c6013ca 1506 randomAddTimeStamp();
wolfSSL 13:f67a6c6013ca 1507 }
wolfSSL 13:f67a6c6013ca 1508 #endif
wolfSSL 13:f67a6c6013ca 1509
wolfSSL 13:f67a6c6013ca 1510 status = randBytes (output, sz);
wolfSSL 13:f67a6c6013ca 1511 if (status == ERROR) {
wolfSSL 13:f67a6c6013ca 1512 return RNG_FAILURE_E;
wolfSSL 13:f67a6c6013ca 1513 }
wolfSSL 13:f67a6c6013ca 1514
wolfSSL 13:f67a6c6013ca 1515 return 0;
wolfSSL 13:f67a6c6013ca 1516 }
wolfSSL 13:f67a6c6013ca 1517
wolfSSL 13:f67a6c6013ca 1518 #elif defined(WOLFSSL_NRF51)
wolfSSL 13:f67a6c6013ca 1519 #include "app_error.h"
wolfSSL 13:f67a6c6013ca 1520 #include "nrf_drv_rng.h"
wolfSSL 13:f67a6c6013ca 1521 int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
wolfSSL 13:f67a6c6013ca 1522 {
wolfSSL 13:f67a6c6013ca 1523 int remaining = sz, length, pos = 0;
wolfSSL 13:f67a6c6013ca 1524 uint8_t available;
wolfSSL 13:f67a6c6013ca 1525 uint32_t err_code;
wolfSSL 13:f67a6c6013ca 1526
wolfSSL 13:f67a6c6013ca 1527 (void)os;
wolfSSL 13:f67a6c6013ca 1528
wolfSSL 13:f67a6c6013ca 1529 /* Make sure RNG is running */
wolfSSL 13:f67a6c6013ca 1530 err_code = nrf_drv_rng_init(NULL);
wolfSSL 13:f67a6c6013ca 1531 if (err_code != NRF_SUCCESS && err_code != NRF_ERROR_INVALID_STATE) {
wolfSSL 13:f67a6c6013ca 1532 return -1;
wolfSSL 13:f67a6c6013ca 1533 }
wolfSSL 13:f67a6c6013ca 1534
wolfSSL 13:f67a6c6013ca 1535 while (remaining > 0) {
wolfSSL 13:f67a6c6013ca 1536 err_code = nrf_drv_rng_bytes_available(&available);
wolfSSL 13:f67a6c6013ca 1537 if (err_code == NRF_SUCCESS) {
wolfSSL 13:f67a6c6013ca 1538 length = (remaining < available) ? remaining : available;
wolfSSL 13:f67a6c6013ca 1539 if (length > 0) {
wolfSSL 13:f67a6c6013ca 1540 err_code = nrf_drv_rng_rand(&output[pos], length);
wolfSSL 13:f67a6c6013ca 1541 remaining -= length;
wolfSSL 13:f67a6c6013ca 1542 pos += length;
wolfSSL 13:f67a6c6013ca 1543 }
wolfSSL 13:f67a6c6013ca 1544 }
wolfSSL 13:f67a6c6013ca 1545
wolfSSL 13:f67a6c6013ca 1546 if (err_code != NRF_SUCCESS) {
wolfSSL 13:f67a6c6013ca 1547 break;
wolfSSL 13:f67a6c6013ca 1548 }
wolfSSL 13:f67a6c6013ca 1549 }
wolfSSL 13:f67a6c6013ca 1550
wolfSSL 13:f67a6c6013ca 1551 return (err_code == NRF_SUCCESS) ? 0 : -1;
wolfSSL 13:f67a6c6013ca 1552 }
wolfSSL 13:f67a6c6013ca 1553
wolfSSL 13:f67a6c6013ca 1554 #elif defined(HAVE_WNR)
wolfSSL 13:f67a6c6013ca 1555
wolfSSL 13:f67a6c6013ca 1556 int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
wolfSSL 13:f67a6c6013ca 1557 {
wolfSSL 13:f67a6c6013ca 1558 if (os == NULL || output == NULL || wnr_ctx == NULL ||
wolfSSL 13:f67a6c6013ca 1559 wnr_timeout < 0) {
wolfSSL 13:f67a6c6013ca 1560 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 1561 }
wolfSSL 13:f67a6c6013ca 1562
wolfSSL 13:f67a6c6013ca 1563 if (wnr_mutex_init == 0) {
wolfSSL 13:f67a6c6013ca 1564 WOLFSSL_MSG("netRandom context must be created before use");
wolfSSL 13:f67a6c6013ca 1565 return RNG_FAILURE_E;
wolfSSL 13:f67a6c6013ca 1566 }
wolfSSL 13:f67a6c6013ca 1567
wolfSSL 13:f67a6c6013ca 1568 if (wc_LockMutex(&wnr_mutex) != 0) {
wolfSSL 13:f67a6c6013ca 1569 WOLFSSL_MSG("Bad Lock Mutex wnr_mutex\n");
wolfSSL 13:f67a6c6013ca 1570 return BAD_MUTEX_E;
wolfSSL 13:f67a6c6013ca 1571 }
wolfSSL 13:f67a6c6013ca 1572
wolfSSL 13:f67a6c6013ca 1573 if (wnr_get_entropy(wnr_ctx, wnr_timeout, output, sz, sz) !=
wolfSSL 13:f67a6c6013ca 1574 WNR_ERROR_NONE)
wolfSSL 13:f67a6c6013ca 1575 return RNG_FAILURE_E;
wolfSSL 13:f67a6c6013ca 1576
wolfSSL 13:f67a6c6013ca 1577 wc_UnLockMutex(&wnr_mutex);
wolfSSL 13:f67a6c6013ca 1578
wolfSSL 13:f67a6c6013ca 1579 return 0;
wolfSSL 13:f67a6c6013ca 1580 }
wolfSSL 13:f67a6c6013ca 1581
wolfSSL 13:f67a6c6013ca 1582 #elif defined(WOLFSSL_ATMEL)
wolfSSL 13:f67a6c6013ca 1583 #include <wolfssl/wolfcrypt/port/atmel/atmel.h>
wolfSSL 13:f67a6c6013ca 1584
wolfSSL 13:f67a6c6013ca 1585 int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
wolfSSL 13:f67a6c6013ca 1586 {
wolfSSL 13:f67a6c6013ca 1587 int ret = 0;
wolfSSL 13:f67a6c6013ca 1588
wolfSSL 13:f67a6c6013ca 1589 (void)os;
wolfSSL 13:f67a6c6013ca 1590 if (output == NULL) {
wolfSSL 13:f67a6c6013ca 1591 return BUFFER_E;
wolfSSL 13:f67a6c6013ca 1592 }
wolfSSL 13:f67a6c6013ca 1593
wolfSSL 13:f67a6c6013ca 1594 ret = atmel_get_random_number(sz, output);
wolfSSL 13:f67a6c6013ca 1595
wolfSSL 13:f67a6c6013ca 1596 return ret;
wolfSSL 13:f67a6c6013ca 1597 }
wolfSSL 13:f67a6c6013ca 1598
wolfSSL 13:f67a6c6013ca 1599 #elif defined(INTIME_RTOS)
wolfSSL 13:f67a6c6013ca 1600 int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
wolfSSL 13:f67a6c6013ca 1601 {
wolfSSL 13:f67a6c6013ca 1602 int ret = 0;
wolfSSL 13:f67a6c6013ca 1603
wolfSSL 13:f67a6c6013ca 1604 (void)os;
wolfSSL 13:f67a6c6013ca 1605
wolfSSL 13:f67a6c6013ca 1606 if (output == NULL) {
wolfSSL 13:f67a6c6013ca 1607 return BUFFER_E;
wolfSSL 13:f67a6c6013ca 1608 }
wolfSSL 13:f67a6c6013ca 1609
wolfSSL 13:f67a6c6013ca 1610 /* Note: Investigate better solution */
wolfSSL 13:f67a6c6013ca 1611 /* no return to check */
wolfSSL 13:f67a6c6013ca 1612 arc4random_buf(output, sz);
wolfSSL 13:f67a6c6013ca 1613
wolfSSL 13:f67a6c6013ca 1614 return ret;
wolfSSL 13:f67a6c6013ca 1615 }
wolfSSL 13:f67a6c6013ca 1616
wolfSSL 13:f67a6c6013ca 1617 #elif defined(IDIRECT_DEV_RANDOM)
wolfSSL 13:f67a6c6013ca 1618
wolfSSL 13:f67a6c6013ca 1619 extern int getRandom( int sz, unsigned char *output );
wolfSSL 13:f67a6c6013ca 1620
wolfSSL 13:f67a6c6013ca 1621 int GenerateSeed(OS_Seed* os, byte* output, word32 sz)
wolfSSL 13:f67a6c6013ca 1622 {
wolfSSL 13:f67a6c6013ca 1623 int num_bytes_returned = 0;
wolfSSL 13:f67a6c6013ca 1624
wolfSSL 13:f67a6c6013ca 1625 num_bytes_returned = getRandom( (int) sz, (unsigned char *) output );
wolfSSL 13:f67a6c6013ca 1626
wolfSSL 13:f67a6c6013ca 1627 return 0;
wolfSSL 13:f67a6c6013ca 1628 }
wolfSSL 13:f67a6c6013ca 1629
wolfSSL 13:f67a6c6013ca 1630 #elif defined(CUSTOM_RAND_GENERATE_BLOCK)
wolfSSL 13:f67a6c6013ca 1631 /* #define CUSTOM_RAND_GENERATE_BLOCK myRngFunc
wolfSSL 13:f67a6c6013ca 1632 * extern int myRngFunc(byte* output, word32 sz);
wolfSSL 13:f67a6c6013ca 1633 */
wolfSSL 13:f67a6c6013ca 1634
wolfSSL 13:f67a6c6013ca 1635 #elif defined(WOLFSSL_SAFERTOS) || defined(WOLFSSL_LEANPSK) || \
wolfSSL 13:f67a6c6013ca 1636 defined(WOLFSSL_IAR_ARM) || defined(WOLFSSL_MDK_ARM) || \
wolfSSL 13:f67a6c6013ca 1637 defined(WOLFSSL_uITRON4) || defined(WOLFSSL_uTKERNEL2) || \
wolfSSL 13:f67a6c6013ca 1638 defined(WOLFSSL_LPC43xx) || defined(WOLFSSL_STM32F2xx) || \
wolfSSL 13:f67a6c6013ca 1639 defined(MBED) || defined(WOLFSSL_EMBOS) || \
wolfSSL 13:f67a6c6013ca 1640 defined(WOLFSSL_GENSEED_FORTEST)
wolfSSL 13:f67a6c6013ca 1641
wolfSSL 13:f67a6c6013ca 1642 /* these platforms do not have a default random seed and
wolfSSL 13:f67a6c6013ca 1643 you'll need to implement your own wc_GenerateSeed or define via
wolfSSL 13:f67a6c6013ca 1644 CUSTOM_RAND_GENERATE_BLOCK */
wolfSSL 13:f67a6c6013ca 1645
wolfSSL 13:f67a6c6013ca 1646 #define USE_TEST_GENSEED
wolfSSL 13:f67a6c6013ca 1647
wolfSSL 13:f67a6c6013ca 1648 #elif defined(NO_DEV_RANDOM)
wolfSSL 13:f67a6c6013ca 1649
wolfSSL 13:f67a6c6013ca 1650 #error "you need to write an os specific wc_GenerateSeed() here"
wolfSSL 13:f67a6c6013ca 1651
wolfSSL 13:f67a6c6013ca 1652 /*
wolfSSL 13:f67a6c6013ca 1653 int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
wolfSSL 13:f67a6c6013ca 1654 {
wolfSSL 13:f67a6c6013ca 1655 return 0;
wolfSSL 13:f67a6c6013ca 1656 }
wolfSSL 13:f67a6c6013ca 1657 */
wolfSSL 13:f67a6c6013ca 1658
wolfSSL 13:f67a6c6013ca 1659 #else
wolfSSL 13:f67a6c6013ca 1660
wolfSSL 13:f67a6c6013ca 1661 /* may block */
wolfSSL 13:f67a6c6013ca 1662 int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
wolfSSL 13:f67a6c6013ca 1663 {
wolfSSL 13:f67a6c6013ca 1664 int ret = 0;
wolfSSL 13:f67a6c6013ca 1665
wolfSSL 13:f67a6c6013ca 1666 #ifdef HAVE_INTEL_RDSEED
wolfSSL 13:f67a6c6013ca 1667 if (IS_INTEL_RDSEED(intel_flags)) {
wolfSSL 13:f67a6c6013ca 1668 ret = wc_GenerateSeed_IntelRD(NULL, output, sz);
wolfSSL 13:f67a6c6013ca 1669 if (ret == 0) {
wolfSSL 13:f67a6c6013ca 1670 /* success, we're done */
wolfSSL 13:f67a6c6013ca 1671 return ret;
wolfSSL 13:f67a6c6013ca 1672 }
wolfSSL 13:f67a6c6013ca 1673 #ifdef FORCE_FAILURE_RDSEED
wolfSSL 13:f67a6c6013ca 1674 /* don't fallback to /dev/urandom */
wolfSSL 13:f67a6c6013ca 1675 return ret;
wolfSSL 13:f67a6c6013ca 1676 #else
wolfSSL 13:f67a6c6013ca 1677 /* fallback to /dev/urandom attempt */
wolfSSL 13:f67a6c6013ca 1678 ret = 0;
wolfSSL 13:f67a6c6013ca 1679 #endif
wolfSSL 13:f67a6c6013ca 1680 }
wolfSSL 13:f67a6c6013ca 1681
wolfSSL 13:f67a6c6013ca 1682 #endif /* HAVE_INTEL_RDSEED */
wolfSSL 13:f67a6c6013ca 1683
wolfSSL 13:f67a6c6013ca 1684 os->fd = open("/dev/urandom",O_RDONLY);
wolfSSL 13:f67a6c6013ca 1685 if (os->fd == -1) {
wolfSSL 13:f67a6c6013ca 1686 /* may still have /dev/random */
wolfSSL 13:f67a6c6013ca 1687 os->fd = open("/dev/random",O_RDONLY);
wolfSSL 13:f67a6c6013ca 1688 if (os->fd == -1)
wolfSSL 13:f67a6c6013ca 1689 return OPEN_RAN_E;
wolfSSL 13:f67a6c6013ca 1690 }
wolfSSL 13:f67a6c6013ca 1691
wolfSSL 13:f67a6c6013ca 1692 while (sz) {
wolfSSL 13:f67a6c6013ca 1693 int len = (int)read(os->fd, output, sz);
wolfSSL 13:f67a6c6013ca 1694 if (len == -1) {
wolfSSL 13:f67a6c6013ca 1695 ret = READ_RAN_E;
wolfSSL 13:f67a6c6013ca 1696 break;
wolfSSL 13:f67a6c6013ca 1697 }
wolfSSL 13:f67a6c6013ca 1698
wolfSSL 13:f67a6c6013ca 1699 sz -= len;
wolfSSL 13:f67a6c6013ca 1700 output += len;
wolfSSL 13:f67a6c6013ca 1701
wolfSSL 13:f67a6c6013ca 1702 if (sz) {
wolfSSL 13:f67a6c6013ca 1703 #ifdef BLOCKING
wolfSSL 13:f67a6c6013ca 1704 sleep(0); /* context switch */
wolfSSL 13:f67a6c6013ca 1705 #else
wolfSSL 13:f67a6c6013ca 1706 ret = RAN_BLOCK_E;
wolfSSL 13:f67a6c6013ca 1707 break;
wolfSSL 13:f67a6c6013ca 1708 #endif
wolfSSL 13:f67a6c6013ca 1709 }
wolfSSL 13:f67a6c6013ca 1710 }
wolfSSL 13:f67a6c6013ca 1711 close(os->fd);
wolfSSL 13:f67a6c6013ca 1712
wolfSSL 13:f67a6c6013ca 1713 return ret;
wolfSSL 13:f67a6c6013ca 1714 }
wolfSSL 13:f67a6c6013ca 1715
wolfSSL 13:f67a6c6013ca 1716 #endif
wolfSSL 13:f67a6c6013ca 1717
wolfSSL 13:f67a6c6013ca 1718 #ifdef USE_TEST_GENSEED
wolfSSL 13:f67a6c6013ca 1719 #ifndef _MSC_VER
wolfSSL 13:f67a6c6013ca 1720 #warning "write a real random seed!!!!, just for testing now"
wolfSSL 13:f67a6c6013ca 1721 #else
wolfSSL 13:f67a6c6013ca 1722 #pragma message("Warning: write a real random seed!!!!, just for testing now")
wolfSSL 13:f67a6c6013ca 1723 #endif
wolfSSL 13:f67a6c6013ca 1724
wolfSSL 13:f67a6c6013ca 1725 int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
wolfSSL 13:f67a6c6013ca 1726 {
wolfSSL 13:f67a6c6013ca 1727 word32 i;
wolfSSL 13:f67a6c6013ca 1728 for (i = 0; i < sz; i++ )
wolfSSL 13:f67a6c6013ca 1729 output[i] = i;
wolfSSL 13:f67a6c6013ca 1730
wolfSSL 13:f67a6c6013ca 1731 (void)os;
wolfSSL 13:f67a6c6013ca 1732
wolfSSL 13:f67a6c6013ca 1733 return 0;
wolfSSL 13:f67a6c6013ca 1734 }
wolfSSL 13:f67a6c6013ca 1735 #endif
wolfSSL 13:f67a6c6013ca 1736
wolfSSL 13:f67a6c6013ca 1737 /* End wc_GenerateSeed */
wolfSSL 13:f67a6c6013ca 1738
wolfSSL 13:f67a6c6013ca 1739 #endif /* WC_NO_RNG */
wolfSSL 13:f67a6c6013ca 1740 #endif /* HAVE_FIPS */
wolfSSL 13:f67a6c6013ca 1741