TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-crypto / b5904d25ef38ec06f34a69a5a62b1743eddd4680 / . / library / entropy.c
blob: fe271d33b970a4f8c00063c1bf250d13f69730b3 [file] [log] [blame]
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]1/*
2 * Entropy accumulator implementation
3 *
Manuel Pégourié-Gonnarda658a402015-01-23 09:45:19 +0000[diff] [blame]4 * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]5 *
Manuel Pégourié-Gonnardfe446432015-03-06 13:17:10 +0000[diff] [blame]6 * This file is part of mbed TLS (https://tls.mbed.org)
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]7 *
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License along
19 * with this program; if not, write to the Free Software Foundation, Inc.,
20 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 */
22
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]23#if !defined(POLARSSL_CONFIG_FILE)
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]24#include "mbedtls/config.h"
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]25#else
26#include POLARSSL_CONFIG_FILE
27#endif
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]28
29#if defined(POLARSSL_ENTROPY_C)
30
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]31#include "mbedtls/entropy.h"
32#include "mbedtls/entropy_poll.h"
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]33
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]34#include <string.h>
35
Paul Bakker66ff70d2014-03-26 11:54:05 +0100[diff] [blame]36#if defined(POLARSSL_FS_IO)
37#include <stdio.h>
38#endif
39
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]40#if defined(POLARSSL_SELF_TEST)
41#if defined(POLARSSL_PLATFORM_C)
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]42#include "mbedtls/platform.h"
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]43#else
44#include <stdio.h>
45#define polarssl_printf printf
46#endif /* POLARSSL_PLATFORM_C */
47#endif /* POLARSSL_SELF_TEST */
48
Paul Bakker28c7e7f2011-12-15 19:49:30 +0000[diff] [blame]49#if defined(POLARSSL_HAVEGE_C)
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]50#include "mbedtls/havege.h"
Paul Bakker28c7e7f2011-12-15 19:49:30 +0000[diff] [blame]51#endif
52
Paul Bakker34617722014-06-13 17:20:13 +0200[diff] [blame]53/* Implementation that should never be optimized out by the compiler */
54static void polarssl_zeroize( void *v, size_t n ) {
55 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
56}
57
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]58#define ENTROPY_MAX_LOOP 256 /**< Maximum amount to loop before error */
59
60void entropy_init( entropy_context *ctx )
61{
62 memset( ctx, 0, sizeof(entropy_context) );
63
Paul Bakkerf4e7dc52013-09-28 15:23:57 +0200[diff] [blame]64#if defined(POLARSSL_THREADING_C)
65 polarssl_mutex_init( &ctx->mutex );
66#endif
67
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame]68#if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR)
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]69 sha512_starts( &ctx->accumulator, 0 );
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame]70#else
71 sha256_starts( &ctx->accumulator, 0 );
72#endif
Paul Bakker43655f42011-12-15 20:11:16 +0000[diff] [blame]73#if defined(POLARSSL_HAVEGE_C)
74 havege_init( &ctx->havege_data );
75#endif
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]76
Paul Bakker43655f42011-12-15 20:11:16 +0000[diff] [blame]77#if !defined(POLARSSL_NO_DEFAULT_ENTROPY_SOURCES)
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]78#if !defined(POLARSSL_NO_PLATFORM_ENTROPY)
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]79 entropy_add_source( ctx, platform_entropy_poll, NULL,
80 ENTROPY_MIN_PLATFORM );
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]81#endif
82#if defined(POLARSSL_TIMING_C)
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]83 entropy_add_source( ctx, hardclock_poll, NULL, ENTROPY_MIN_HARDCLOCK );
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]84#endif
Paul Bakker28c7e7f2011-12-15 19:49:30 +0000[diff] [blame]85#if defined(POLARSSL_HAVEGE_C)
Paul Bakker28c7e7f2011-12-15 19:49:30 +0000[diff] [blame]86 entropy_add_source( ctx, havege_poll, &ctx->havege_data,
87 ENTROPY_MIN_HAVEGE );
88#endif
Paul Bakker43655f42011-12-15 20:11:16 +0000[diff] [blame]89#endif /* POLARSSL_NO_DEFAULT_ENTROPY_SOURCES */
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]90}
91
Paul Bakker1ffefac2013-09-28 15:23:03 +0200[diff] [blame]92void entropy_free( entropy_context *ctx )
93{
Paul Bakkera317a982014-06-18 16:44:11 +0200[diff] [blame]94#if defined(POLARSSL_HAVEGE_C)
95 havege_free( &ctx->havege_data );
96#endif
Paul Bakker34617722014-06-13 17:20:13 +0200[diff] [blame]97 polarssl_zeroize( ctx, sizeof( entropy_context ) );
Paul Bakkerf4e7dc52013-09-28 15:23:57 +0200[diff] [blame]98#if defined(POLARSSL_THREADING_C)
99 polarssl_mutex_free( &ctx->mutex );
100#endif
Paul Bakker1ffefac2013-09-28 15:23:03 +0200[diff] [blame]101}
102
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]103int entropy_add_source( entropy_context *ctx,
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]104 f_source_ptr f_source, void *p_source,
105 size_t threshold )
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]106{
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]107 int index, ret = 0;
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]108
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]109#if defined(POLARSSL_THREADING_C)
110 if( ( ret = polarssl_mutex_lock( &ctx->mutex ) ) != 0 )
111 return( ret );
112#endif
113
114 index = ctx->source_count;
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]115 if( index >= ENTROPY_MAX_SOURCES )
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]116 {
117 ret = POLARSSL_ERR_ENTROPY_MAX_SOURCES;
118 goto exit;
119 }
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]120
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]121 ctx->source[index].f_source = f_source;
122 ctx->source[index].p_source = p_source;
123 ctx->source[index].threshold = threshold;
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]124
125 ctx->source_count++;
126
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]127exit:
128#if defined(POLARSSL_THREADING_C)
129 if( polarssl_mutex_unlock( &ctx->mutex ) != 0 )
130 return( POLARSSL_ERR_THREADING_MUTEX_ERROR );
131#endif
132
133 return( ret );
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]134}
135
136/*
137 * Entropy accumulator update
138 */
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]139static int entropy_update( entropy_context *ctx, unsigned char source_id,
140 const unsigned char *data, size_t len )
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]141{
142 unsigned char header[2];
143 unsigned char tmp[ENTROPY_BLOCK_SIZE];
144 size_t use_len = len;
145 const unsigned char *p = data;
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]146
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]147 if( use_len > ENTROPY_BLOCK_SIZE )
148 {
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame]149#if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR)
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]150 sha512( data, len, tmp, 0 );
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame]151#else
152 sha256( data, len, tmp, 0 );
153#endif
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]154 p = tmp;
155 use_len = ENTROPY_BLOCK_SIZE;
156 }
157
158 header[0] = source_id;
159 header[1] = use_len & 0xFF;
160
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame]161#if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR)
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]162 sha512_update( &ctx->accumulator, header, 2 );
163 sha512_update( &ctx->accumulator, p, use_len );
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame]164#else
165 sha256_update( &ctx->accumulator, header, 2 );
166 sha256_update( &ctx->accumulator, p, use_len );
167#endif
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]168
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]169 return( 0 );
170}
171
172int entropy_update_manual( entropy_context *ctx,
173 const unsigned char *data, size_t len )
174{
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]175 int ret;
176
177#if defined(POLARSSL_THREADING_C)
178 if( ( ret = polarssl_mutex_lock( &ctx->mutex ) ) != 0 )
179 return( ret );
180#endif
181
182 ret = entropy_update( ctx, ENTROPY_SOURCE_MANUAL, data, len );
183
184#if defined(POLARSSL_THREADING_C)
185 if( polarssl_mutex_unlock( &ctx->mutex ) != 0 )
186 return( POLARSSL_ERR_THREADING_MUTEX_ERROR );
187#endif
188
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]189 return( ret );
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]190}
191
192/*
193 * Run through the different sources to add entropy to our accumulator
194 */
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]195static int entropy_gather_internal( entropy_context *ctx )
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]196{
197 int ret, i;
198 unsigned char buf[ENTROPY_MAX_GATHER];
199 size_t olen;
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]200
Paul Bakker43655f42011-12-15 20:11:16 +0000[diff] [blame]201 if( ctx->source_count == 0 )
202 return( POLARSSL_ERR_ENTROPY_NO_SOURCES_DEFINED );
203
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]204 /*
205 * Run through our entropy sources
206 */
207 for( i = 0; i < ctx->source_count; i++ )
208 {
209 olen = 0;
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]210 if( ( ret = ctx->source[i].f_source( ctx->source[i].p_source,
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]211 buf, ENTROPY_MAX_GATHER, &olen ) ) != 0 )
212 {
213 return( ret );
214 }
215
216 /*
217 * Add if we actually gathered something
218 */
219 if( olen > 0 )
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]220 {
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]221 entropy_update( ctx, (unsigned char) i, buf, olen );
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]222 ctx->source[i].size += olen;
223 }
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]224 }
225
226 return( 0 );
227}
228
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]229/*
230 * Thread-safe wrapper for entropy_gather_internal()
231 */
232int entropy_gather( entropy_context *ctx )
233{
Paul Bakkerddd427a2014-04-09 14:47:58 +0200[diff] [blame]234 int ret;
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]235
236#if defined(POLARSSL_THREADING_C)
Paul Bakkerddd427a2014-04-09 14:47:58 +0200[diff] [blame]237 if( ( ret = polarssl_mutex_lock( &ctx->mutex ) ) != 0 )
238 return( ret );
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]239#endif
240
Paul Bakkerddd427a2014-04-09 14:47:58 +0200[diff] [blame]241 ret = entropy_gather_internal( ctx );
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]242
243#if defined(POLARSSL_THREADING_C)
Paul Bakkerddd427a2014-04-09 14:47:58 +0200[diff] [blame]244 if( polarssl_mutex_unlock( &ctx->mutex ) != 0 )
245 return( POLARSSL_ERR_THREADING_MUTEX_ERROR );
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]246#endif
247
Paul Bakkerddd427a2014-04-09 14:47:58 +0200[diff] [blame]248 return( ret );
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]249}
250
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]251int entropy_func( void *data, unsigned char *output, size_t len )
252{
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]253 int ret, count = 0, i, reached;
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]254 entropy_context *ctx = (entropy_context *) data;
255 unsigned char buf[ENTROPY_BLOCK_SIZE];
256
257 if( len > ENTROPY_BLOCK_SIZE )
258 return( POLARSSL_ERR_ENTROPY_SOURCE_FAILED );
259
Paul Bakkerf4e7dc52013-09-28 15:23:57 +0200[diff] [blame]260#if defined(POLARSSL_THREADING_C)
261 if( ( ret = polarssl_mutex_lock( &ctx->mutex ) ) != 0 )
262 return( ret );
263#endif
264
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]265 /*
266 * Always gather extra entropy before a call
267 */
268 do
269 {
270 if( count++ > ENTROPY_MAX_LOOP )
Paul Bakkerf4e7dc52013-09-28 15:23:57 +0200[diff] [blame]271 {
272 ret = POLARSSL_ERR_ENTROPY_SOURCE_FAILED;
273 goto exit;
274 }
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]275
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]276 if( ( ret = entropy_gather_internal( ctx ) ) != 0 )
Paul Bakkerf4e7dc52013-09-28 15:23:57 +0200[diff] [blame]277 goto exit;
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]278
279 reached = 0;
280
281 for( i = 0; i < ctx->source_count; i++ )
282 if( ctx->source[i].size >= ctx->source[i].threshold )
283 reached++;
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]284 }
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]285 while( reached != ctx->source_count );
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]286
287 memset( buf, 0, ENTROPY_BLOCK_SIZE );
288
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame]289#if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR)
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]290 sha512_finish( &ctx->accumulator, buf );
291
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]292 /*
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]293 * Reset accumulator and counters and recycle existing entropy
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]294 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]295 memset( &ctx->accumulator, 0, sizeof( sha512_context ) );
296 sha512_starts( &ctx->accumulator, 0 );
297 sha512_update( &ctx->accumulator, buf, ENTROPY_BLOCK_SIZE );
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame]298
299 /*
Paul Bakkerb13d3ff2014-03-26 12:51:25 +0100[diff] [blame]300 * Perform second SHA-512 on entropy
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame]301 */
Paul Bakkerb13d3ff2014-03-26 12:51:25 +0100[diff] [blame]302 sha512( buf, ENTROPY_BLOCK_SIZE, buf, 0 );
303#else /* POLARSSL_ENTROPY_SHA512_ACCUMULATOR */
304 sha256_finish( &ctx->accumulator, buf );
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame]305
306 /*
307 * Reset accumulator and counters and recycle existing entropy
308 */
309 memset( &ctx->accumulator, 0, sizeof( sha256_context ) );
310 sha256_starts( &ctx->accumulator, 0 );
311 sha256_update( &ctx->accumulator, buf, ENTROPY_BLOCK_SIZE );
Paul Bakkerb13d3ff2014-03-26 12:51:25 +0100[diff] [blame]312
313 /*
314 * Perform second SHA-256 on entropy
315 */
316 sha256( buf, ENTROPY_BLOCK_SIZE, buf, 0 );
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame]317#endif /* POLARSSL_ENTROPY_SHA512_ACCUMULATOR */
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]318
319 for( i = 0; i < ctx->source_count; i++ )
320 ctx->source[i].size = 0;
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]321
322 memcpy( output, buf, len );
323
Paul Bakkerf4e7dc52013-09-28 15:23:57 +0200[diff] [blame]324 ret = 0;
325
326exit:
327#if defined(POLARSSL_THREADING_C)
328 if( polarssl_mutex_unlock( &ctx->mutex ) != 0 )
329 return( POLARSSL_ERR_THREADING_MUTEX_ERROR );
330#endif
331
332 return( ret );
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]333}
334
Paul Bakker66ff70d2014-03-26 11:54:05 +0100[diff] [blame]335#if defined(POLARSSL_FS_IO)
336int entropy_write_seed_file( entropy_context *ctx, const char *path )
337{
338 int ret = POLARSSL_ERR_ENTROPY_FILE_IO_ERROR;
339 FILE *f;
340 unsigned char buf[ENTROPY_BLOCK_SIZE];
341
342 if( ( f = fopen( path, "wb" ) ) == NULL )
343 return( POLARSSL_ERR_ENTROPY_FILE_IO_ERROR );
344
345 if( ( ret = entropy_func( ctx, buf, ENTROPY_BLOCK_SIZE ) ) != 0 )
346 goto exit;
347
348 if( fwrite( buf, 1, ENTROPY_BLOCK_SIZE, f ) != ENTROPY_BLOCK_SIZE )
349 {
350 ret = POLARSSL_ERR_ENTROPY_FILE_IO_ERROR;
351 goto exit;
352 }
353
354 ret = 0;
355
356exit:
357 fclose( f );
358 return( ret );
359}
360
361int entropy_update_seed_file( entropy_context *ctx, const char *path )
362{
363 FILE *f;
364 size_t n;
365 unsigned char buf[ ENTROPY_MAX_SEED_SIZE ];
366
367 if( ( f = fopen( path, "rb" ) ) == NULL )
368 return( POLARSSL_ERR_ENTROPY_FILE_IO_ERROR );
369
370 fseek( f, 0, SEEK_END );
371 n = (size_t) ftell( f );
372 fseek( f, 0, SEEK_SET );
373
374 if( n > ENTROPY_MAX_SEED_SIZE )
375 n = ENTROPY_MAX_SEED_SIZE;
376
377 if( fread( buf, 1, n, f ) != n )
378 {
379 fclose( f );
380 return( POLARSSL_ERR_ENTROPY_FILE_IO_ERROR );
381 }
382
383 fclose( f );
384
385 entropy_update_manual( ctx, buf, n );
386
387 return( entropy_write_seed_file( ctx, path ) );
388}
389#endif /* POLARSSL_FS_IO */
390
Manuel Pégourié-Gonnard4dd73922014-05-30 10:34:15 +0200[diff] [blame]391#if defined(POLARSSL_SELF_TEST)
Manuel Pégourié-Gonnard4dd73922014-05-30 10:34:15 +0200[diff] [blame]392/*
393 * Dummy source function
394 */
395static int entropy_dummy_source( void *data, unsigned char *output,
396 size_t len, size_t *olen )
397{
398 ((void) data);
399
400 memset( output, 0x2a, len );
401 *olen = len;
402
403 return( 0 );
404}
405
406/*
407 * The actual entropy quality is hard to test, but we can at least
408 * test that the functions don't cause errors and write the correct
409 * amount of data to buffers.
410 */
411int entropy_self_test( int verbose )
412{
413 int ret = 0;
414 entropy_context ctx;
415 unsigned char buf[ENTROPY_BLOCK_SIZE] = { 0 };
416 unsigned char acc[ENTROPY_BLOCK_SIZE] = { 0 };
417 size_t i, j;
418
419 if( verbose != 0 )
420 polarssl_printf( " ENTROPY test: " );
421
422 entropy_init( &ctx );
423
424 ret = entropy_add_source( &ctx, entropy_dummy_source, NULL, 16 );
425 if( ret != 0 )
426 goto cleanup;
427
428 if( ( ret = entropy_gather( &ctx ) ) != 0 )
429 goto cleanup;
430
431 if( ( ret = entropy_update_manual( &ctx, buf, sizeof buf ) ) != 0 )
432 goto cleanup;
433
434 /*
435 * To test that entropy_func writes correct number of bytes:
436 * - use the whole buffer and rely on ASan to detect overruns
437 * - collect entropy 8 times and OR the result in an accumulator:
438 * any byte should then be 0 with probably 2^(-64), so requiring
439 * each of the 32 or 64 bytes to be non-zero has a false failure rate
440 * of at most 2^(-58) which is acceptable.
441 */
442 for( i = 0; i < 8; i++ )
443 {
444 if( ( ret = entropy_func( &ctx, buf, sizeof( buf ) ) ) != 0 )
445 goto cleanup;
446
447 for( j = 0; j < sizeof( buf ); j++ )
448 acc[j] |= buf[j];
449 }
450
451 for( j = 0; j < sizeof( buf ); j++ )
452 {
453 if( acc[j] == 0 )
454 {
455 ret = 1;
456 goto cleanup;
457 }
458 }
459
460cleanup:
461 entropy_free( &ctx );
462
463 if( verbose != 0 )
464 {
465 if( ret != 0 )
466 polarssl_printf( "failed\n" );
467 else
468 polarssl_printf( "passed\n" );
469
470 polarssl_printf( "\n" );
471 }
472
473 return( ret != 0 );
474}
475#endif /* POLARSSL_SELF_TEST */
476
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]477#endif /* POLARSSL_ENTROPY_C */