Commit 6083fd25 authored by Paul Bakker's avatar Paul Bakker
Browse files

- Added a generic entropy accumulator that provides support for adding...

 -  Added a generic entropy accumulator that provides support for adding custom entropy sources and added some generic and platform dependent entropy sources

parent 1bc9efc0
......@@ -11,6 +11,9 @@ Features
* Added cipher_get_cipher_mode() and cipher_get_cipher_operation()
introspection functions (Closes ticket #40)
* Added CTR_DRBG based on AES-256-CTR (NIST SP 800-90) random generator
* Added a generic entropy accumulator that provides support for adding
custom entropy sources and added some generic and platform dependent
entropy sources
Changes
* Documentation for AES and Camellia in modes CTR and CFB128 clarified.
......
......@@ -7,7 +7,14 @@
* @addtogroup rng_module Random number generator (RNG) module
*
* The Random number generator (RNG) module provides random number
* generation, see \c havege_rand(). It uses the HAVEGE (HArdware Volatile
* generation, see \c ctr_dbrg_random() or \c havege_random().
*
* The former uses the block-cipher counter-mode based deterministic random
* bit generator (CTR_DBRG) as specified in NIST SP800-90. It needs an external
* source of entropy. For these purposes \c entropy_func() can be used. This is
* an implementation based on a simple entropy accumulator design.
*
* The latter random number generator uses the HAVEGE (HArdware Volatile
* Entropy Gathering and Expansion) software heuristic which is claimed
* to be an unpredictable or empirically strong* random number generation.
*
......
......@@ -154,6 +154,17 @@
*/
#define POLARSSL_FS_IO
/**
* \def POLARSSL_NO_PLATFORM_ENTROPY
*
* Do not use built-in platform entropy functions.
* This is useful if your platform does not support
* standards like the /dev/urandom or Windows CryptoAPI.
*
* Uncomment this macro to disable the built-in platform entropy functions.
#define POLARSSL_NO_PLATFORM_ENTROPY
*/
/**
* \def POLARSSL_PKCS1_V21
*
......@@ -208,6 +219,7 @@
* Module: library/aes.c
* Caller: library/ssl_tls.c
* library/pem.c
* library/ctr_drbg.c
*
* This module enables the following ciphersuites:
* SSL_RSA_AES_128_SHA
......@@ -314,6 +326,8 @@
* Module: library/ctr_drbg.c
* Caller:
*
* Requires: POLARSSL_AES_C
*
* This module provides the CTR_DRBG AES-256 random number generator.
*/
#define POLARSSL_CTR_DRBG_C
......@@ -362,6 +376,20 @@
*/
#define POLARSSL_DHM_C
/**
* \def POLARSSL_ENTROPY_C
*
* Enable the platform-specific entropy code.
*
* Module: library/entropy.c
* Caller:
*
* Requires: POLARSSL_SHA4_C
*
* This module provides a generic entropy pool
*/
#define POLARSSL_ENTROPY_C
/**
* \def POLARSSL_ERROR_C
*
......
/**
* \file entropy.h
*
* \brief Entropy accumulator implementation
*
* Copyright (C) 2006-2011, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
*
* All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef POLARSSL_ENTROPY_H
#define POLARSSL_ENTROPY_H
#include <string.h>
#include "sha4.h"
#define POLARSSL_ERR_ENTROPY_SOURCE_FAILED -0x003A /**< Critical entropy source failure. */
#define POLARSSL_ERR_ENTROPY_MAX_SOURCES -0x003C /**< No more sources can be added. */
#define ENTROPY_MIN_POOL 128 /**< Minimum amount of pool entropy needed for release */
#define ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */
#define ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */
#define ENTROPY_BLOCK_SIZE 64 /**< Block size of entropy accumulator (SHA-512) */
#define ENTROPY_SOURCE_MANUAL ENTROPY_MAX_SOURCES
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief Entropy poll callback pointer
*
* \param data Callback-specific data pointer
* \param output Data to fill
* \param len Maximum size to provide
* \param olen The actual amount of bytes put into the buffer (Can be 0)
*
* \return 0 if no critical failures occurred,
* POLARSSL_ERR_ENTROPY_SOURCE_FAILED otherwise
*/
typedef int (*f_source_ptr)(void *, unsigned char *, size_t, size_t *);
/**
* \brief Entropy context structure
*/
typedef struct
{
sha4_context accumulator;
size_t size;
int source_count;
f_source_ptr f_source[ENTROPY_MAX_SOURCES];
void * p_source[ENTROPY_MAX_SOURCES];
}
entropy_context;
/**
* \brief Initialize the context
*
* \param ctx Entropy context to initialize
*/
void entropy_init( entropy_context *ctx );
/**
* \brief Adds an entropy source to poll
*
* \param ctx Entropy context
* \param f_source Entropy function
* \param p_source Function data
*
* \return 0 is successful or POLARSSL_ERR_ENTROPY_MAX_SOURCES
*/
int entropy_add_source( entropy_context *ctx,
f_source_ptr f_source, void *p_source );
/**
* \brief Trigger an extra gather poll for the accumulator
*
* \param ctx Entropy context
*
* \return 0 if successful, or POLARSSL_ERR_ENTROPY_SOURCE_FAILED
*/
int entropy_gather( entropy_context *ctx );
/**
* \brief Retrieve entropy from the accumulator (Max ENTROPY_BLOCK_SIZE)
*
* \param data Entropy context
* \param output Buffer to fill
* \param len Length of buffer
*
* \return 0 if successful, or POLARSSL_ERR_ENTROPY_SOURCE_FAILED
*/
int entropy_func( void *data, unsigned char *output, size_t len );
/**
* \brief Add data to the accumulator manually
*
* \param ctx Entropy context
* \param data Data to add
* \param len Length of data
*
* \return 0 if successful
*/
int entropy_update_manual( entropy_context *ctx,
const unsigned char *data, size_t len );
#ifdef __cplusplus
}
#endif
#endif /* entropy.h */
/**
* \file entropy_poll.h
*
* \brief Platform-specific and custom entropy polling functions
*
* Copyright (C) 2006-2011, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
*
* All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef POLARSSL_ENTROPY_POLL_H
#define POLARSSL_ENTROPY_POLL_H
#include <string.h>
#include "config.h"
#ifdef __cplusplus
extern "C" {
#endif
#if !defined(POLARSSL_NO_PLATFORM_ENTROPY)
/**
* \brief Platform-specific entropy poll callback
*/
int platform_entropy_poll( void *data,
unsigned char *output, size_t len, size_t *olen );
#endif
#if defined(POLARSSL_HAVEGE_C)
/**
* \brief HAVEGE based entropy poll callback
*
* Requires an HAVEGE state as its data pointer.
*/
int havege_poll( void *data,
unsigned char *output, size_t len, size_t *olen );
#endif
#if defined(POLARSSL_TIMING_C)
/**
* \brief hardclock-based entropy poll callback
*/
int hardclock_poll( void *data,
unsigned char *output, size_t len, size_t *olen );
#endif
#ifdef __cplusplus
}
#endif
#endif /* entropy_poll.h */
......@@ -58,6 +58,7 @@
* DES 1 0x0032-0x0032
* NET 11 0x0040-0x0054
* CTR_DBRG 3 0x0034-0x0038
* ENTROPY 2 0x003A-0x003C
*
* High-level module nr (3 bits - 0x1...-0x8...)
* Name ID Nr of Errors
......
......@@ -14,6 +14,8 @@ set(src
debug.c
des.c
dhm.c
entropy.c
entropy_poll.c
error.c
havege.c
md.c
......
......@@ -22,18 +22,18 @@ DLEXT=so
# Windows shared library extension:
# DLEXT=dll
OBJS= aes.o arc4.o asn1parse.o \
base64.o bignum.o camellia.o \
OBJS= aes.o arc4.o asn1parse.o \
base64.o bignum.o camellia.o \
certs.o cipher.o cipher_wrap.o \
ctr_drbg.o debug.o \
des.o dhm.o havege.o \
error.o \
md.o md_wrap.o md2.o \
md4.o md5.o net.o \
padlock.o pem.o pkcs11.o \
rsa.o sha1.o sha2.o \
sha4.o ssl_cli.o ssl_srv.o \
ssl_tls.o timing.o version.o \
ctr_drbg.o debug.o des.o \
dhm.o entropy.o entropy_poll.o \
error.o havege.o \
md.o md_wrap.o md2.o \
md4.o md5.o net.o \
padlock.o pem.o pkcs11.o \
rsa.o sha1.o sha2.o \
sha4.o ssl_cli.o ssl_srv.o \
ssl_tls.o timing.o version.o \
x509parse.o xtea.o
......
/*
* Entropy accumulator implementation
*
* Copyright (C) 2006-2011, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
*
* All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#include "polarssl/config.h"
#if defined(POLARSSL_ENTROPY_C)
#include "polarssl/entropy.h"
#include "polarssl/entropy_poll.h"
#define ENTROPY_MAX_LOOP 256 /**< Maximum amount to loop before error */
void entropy_init( entropy_context *ctx )
{
memset( ctx, 0, sizeof(entropy_context) );
sha4_starts( &ctx->accumulator, 0 );
#if !defined(POLARSSL_NO_PLATFORM_ENTROPY)
entropy_add_source( ctx, platform_entropy_poll, NULL );
#endif
#if defined(POLARSSL_TIMING_C)
entropy_add_source( ctx, hardclock_poll, NULL );
#endif
}
int entropy_add_source( entropy_context *ctx,
f_source_ptr f_source, void *p_source )
{
if( ctx->source_count >= ENTROPY_MAX_SOURCES )
return( POLARSSL_ERR_ENTROPY_MAX_SOURCES );
ctx->f_source[ctx->source_count] = f_source;
ctx->p_source[ctx->source_count] = p_source;
ctx->source_count++;
return( 0 );
}
/*
* Entropy accumulator update
*/
int entropy_update( entropy_context *ctx, unsigned char source_id,
const unsigned char *data, size_t len )
{
unsigned char header[2];
unsigned char tmp[ENTROPY_BLOCK_SIZE];
size_t use_len = len;
const unsigned char *p = data;
if( use_len > ENTROPY_BLOCK_SIZE )
{
sha4( data, len, tmp, 0 );
p = tmp;
use_len = ENTROPY_BLOCK_SIZE;
}
header[0] = source_id;
header[1] = use_len & 0xFF;
sha4_update( &ctx->accumulator, header, 2 );
sha4_update( &ctx->accumulator, p, use_len );
ctx->size += use_len;
return( 0 );
}
int entropy_update_manual( entropy_context *ctx,
const unsigned char *data, size_t len )
{
return entropy_update( ctx, ENTROPY_SOURCE_MANUAL, data, len );
}
/*
* Run through the different sources to add entropy to our accumulator
*/
int entropy_gather( entropy_context *ctx )
{
int ret, i;
unsigned char buf[ENTROPY_MAX_GATHER];
size_t olen;
/*
* Run through our entropy sources
*/
for( i = 0; i < ctx->source_count; i++ )
{
olen = 0;
if ( ( ret = ctx->f_source[i]( ctx->p_source[i],
buf, ENTROPY_MAX_GATHER, &olen ) ) != 0 )
{
return( ret );
}
/*
* Add if we actually gathered something
*/
if( olen > 0 )
entropy_update( ctx, (unsigned char) i, buf, olen );
}
return( 0 );
}
int entropy_func( void *data, unsigned char *output, size_t len )
{
int ret, count = 0;
entropy_context *ctx = (entropy_context *) data;
unsigned char buf[ENTROPY_BLOCK_SIZE];
if( len > ENTROPY_BLOCK_SIZE )
return( POLARSSL_ERR_ENTROPY_SOURCE_FAILED );
/*
* Always gather extra entropy before a call
*/
do
{
if( count++ > ENTROPY_MAX_LOOP )
return( POLARSSL_ERR_ENTROPY_SOURCE_FAILED );
if( ( ret = entropy_gather( ctx ) ) != 0 )
return( ret );
}
while( ctx->size < ENTROPY_MIN_POOL );
memset( buf, 0, ENTROPY_BLOCK_SIZE );
sha4_finish( &ctx->accumulator, buf );
/*
* Perform second SHA-512 on entropy
*/
sha4( buf, ENTROPY_BLOCK_SIZE, buf, 0 );
/*
* Reset accumulator
*/
memset( &ctx->accumulator, 0, sizeof( sha4_context ) );
sha4_starts( &ctx->accumulator, 0 );
ctx->size = 0;
memcpy( output, buf, len );
return( 0 );
}
#endif
/*
* Platform-specific and custom entropy polling functions
*
* Copyright (C) 2006-2011, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
*
* All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#include "polarssl/config.h"
#if defined(POLARSSL_ENTROPY_C)
#include "polarssl/entropy.h"
#include "polarssl/entropy_poll.h"
#if defined(POLARSSL_TIMING_C)
#include "polarssl/timing.h"
#endif
#if defined(POLARSSL_HAVEGE_C)
#include "polarssl/havege.h"
#endif
#if !defined(POLARSSL_NO_PLATFORM_ENTROPY)
#if defined(_WIN32)
#include <windows.h>
#if !defined(_WIN32_WINNT)
#define _WIN32_WINNT 0x0400
#endif
#include <wincrypt.h>
int platform_entropy_poll( void *data, unsigned char *output, size_t len,
size_t *olen )
{
HCRYPTPROV provider;
*olen = 0;
if( CryptAcquireContext( &provider, NULL, NULL,
PROV_RSA_FULL, CRYPT_VERIFYCONTEXT ) == FALSE )
{
return POLARSSL_ERR_ENTROPY_SOURCE_FAILED;
}
if( CryptGenRandom( provider, len, output ) == FALSE )
return POLARSSL_ERR_ENTROPY_SOURCE_FAILED;
CryptReleaseContext( provider, 0 );
*olen = len;
return( 0 );
}
#else
#include <stdio.h>
int platform_entropy_poll( void *data,
unsigned char *output, size_t len, size_t *olen )
{
FILE *file;
size_t ret;
((void) data);
*olen = 0;
file = fopen( "/dev/urandom", "rb" );
if( file == NULL )
return POLARSSL_ERR_ENTROPY_SOURCE_FAILED;
ret = fread( output, 1, len, file );
if( ret != len )
{
fclose( file );
return POLARSSL_ERR_ENTROPY_SOURCE_FAILED;
}
fclose( file );
*olen = len;
return( 0 );
}
#endif
#endif
#if defined(POLARSSL_TIMING_C)
int hardclock_poll( void *data,
unsigned char *output, size_t len, size_t *olen )
{
unsigned long timer = hardclock();
((void) data);
*olen = 0;
if( len < sizeof(unsigned long) )
return( 0 );
memcpy( output, &timer, sizeof(unsigned long) );
*olen = sizeof(unsigned long);
return( 0 );
}
#endif
#if defined(POLARSSL_HAVEGE_C)
int havege_poll( void *data,
unsigned char *output, size_t len, size_t *olen )
{
havege_state *hs = (havege_state *) data;
*olen = 0;
if( havege_random( hs, output, len ) != 0 )
return POLARSSL_ERR_ENTROPY_SOURCE_FAILED;