- Moved all examples programs to use the new entropy and CTR_DRBG
diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c
index 7b13e91..e4307f3 100644
--- a/programs/pkey/dh_client.c
+++ b/programs/pkey/dh_client.c
@@ -37,23 +37,25 @@
#include "polarssl/dhm.h"
#include "polarssl/rsa.h"
#include "polarssl/sha1.h"
-#include "polarssl/havege.h"
+#include "polarssl/entropy.h"
+#include "polarssl/ctr_drbg.h"
#define SERVER_NAME "localhost"
#define SERVER_PORT 11999
#if !defined(POLARSSL_AES_C) || !defined(POLARSSL_DHM_C) || \
- !defined(POLARSSL_HAVEGE_C) || !defined(POLARSSL_NET_C) || \
+ !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_NET_C) || \
!defined(POLARSSL_RSA_C) || !defined(POLARSSL_SHA1_C) || \
- !defined(POLARSSL_FS_IO)
+ !defined(POLARSSL_FS_IO) || !defined(POLARSSL_CTR_DRBG_C)
int main( int argc, char *argv[] )
{
((void) argc);
((void) argv);
- printf("POLARSSL_AES_C and/or POLARSSL_DHM_C and/or POLARSSL_HAVEGE_C "
+ printf("POLARSSL_AES_C and/or POLARSSL_DHM_C and/or POLARSSL_ENTROPY_C "
"and/or POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
- "POLARSSL_SHA1_C and/or POLARSSL_FS_IO not defined.\n");
+ "POLARSSL_SHA1_C and/or POLARSSL_FS_IO and/or "
+ "POLARSSL_CTR_DRBG_C not defined.\n");
return( 0 );
}
#else
@@ -68,8 +70,10 @@
unsigned char *p, *end;
unsigned char buf[1024];
unsigned char hash[20];
+ char *pers = "dh_client";
- havege_state hs;
+ entropy_context entropy;
+ ctr_drbg_context ctr_drbg;
rsa_context rsa;
dhm_context dhm;
aes_context aes;
@@ -86,7 +90,13 @@
printf( "\n . Seeding the random number generator" );
fflush( stdout );
- havege_init( &hs );
+ entropy_init( &entropy );
+ if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
+ (unsigned char *) pers, strlen( pers ) ) ) != 0 )
+ {
+ printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
+ goto exit;
+ }
/*
* 2. Read the server's public RSA key
@@ -207,7 +217,7 @@
n = dhm.len;
if( ( ret = dhm_make_public( &dhm, 256, buf, n,
- havege_random, &hs ) ) != 0 )
+ ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
printf( " failed\n ! dhm_make_public returned %d\n\n", ret );
goto exit;
@@ -273,6 +283,6 @@
return( ret );
}
-#endif /* POLARSSL_AES_C && POLARSSL_DHM_C && POLARSSL_HAVEGE_C &&
+#endif /* POLARSSL_AES_C && POLARSSL_DHM_C && POLARSSL_ENTROPY_C &&
POLARSSL_NET_C && POLARSSL_RSA_C && POLARSSL_SHA1_C &&
- POLARSSL_FS_IO */
+ POLARSSL_FS_IO && POLARSSL_CTR_DRBG_C */
diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c
index ae31a1e..fc37f5c 100644
--- a/programs/pkey/dh_genprime.c
+++ b/programs/pkey/dh_genprime.c
@@ -32,7 +32,8 @@
#include "polarssl/config.h"
#include "polarssl/bignum.h"
-#include "polarssl/havege.h"
+#include "polarssl/entropy.h"
+#include "polarssl/ctr_drbg.h"
/*
* Note: G = 4 is always a quadratic residue mod P,
@@ -41,15 +42,15 @@
#define DH_P_SIZE 1024
#define GENERATOR "4"
-#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_HAVEGE_C) || \
- !defined(POLARSSL_FS_IO)
+#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \
+ !defined(POLARSSL_FS_IO) || !defined(POLARSSL_CTR_DRBG_C)
int main( int argc, char *argv[] )
{
((void) argc);
((void) argv);
- printf("POLARSSL_BIGNUM_C and/or POLARSSL_HAVEGE_C and/or "
- "POLARSSL_FS_IO not defined.\n");
+ printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
+ "POLARSSL_FS_IO and/or POLARSSL_CTR_DRBG_C not defined.\n");
return( 0 );
}
#else
@@ -59,7 +60,9 @@
#if defined(POLARSSL_GENPRIME)
mpi G, P, Q;
- havege_state hs;
+ entropy_context entropy;
+ ctr_drbg_context ctr_drbg;
+ char *pers = "dh_genprime";
FILE *fout;
((void) argc);
@@ -71,7 +74,13 @@
printf( "\n . Seeding the random number generator..." );
fflush( stdout );
- havege_init( &hs );
+ entropy_init( &entropy );
+ if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
+ (unsigned char *) pers, strlen( pers ) ) ) != 0 )
+ {
+ printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
+ goto exit;
+ }
printf( " ok\n . Generating the modulus, please wait..." );
fflush( stdout );
@@ -80,7 +89,7 @@
* This can take a long time...
*/
if( ( ret = mpi_gen_prime( &P, DH_P_SIZE, 1,
- havege_random, &hs ) ) != 0 )
+ ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
printf( " failed\n ! mpi_gen_prime returned %d\n\n", ret );
goto exit;
@@ -101,7 +110,7 @@
goto exit;
}
- if( ( ret = mpi_is_prime( &Q, havege_random, &hs ) ) != 0 )
+ if( ( ret = mpi_is_prime( &Q, ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
printf( " failed\n ! mpi_is_prime returned %d\n\n", ret );
goto exit;
@@ -141,4 +150,5 @@
return( ret );
}
-#endif /* POLARSSL_BIGNUM_C && POLARSSL_HAVEGE_C && POLARSSL_FS_IO */
+#endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && POLARSSL_FS_IO &&
+ POLARSSL_CTR_DRBG_C */
diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c
index 70af54c..d7133f7 100644
--- a/programs/pkey/dh_server.c
+++ b/programs/pkey/dh_server.c
@@ -37,23 +37,25 @@
#include "polarssl/dhm.h"
#include "polarssl/rsa.h"
#include "polarssl/sha1.h"
-#include "polarssl/havege.h"
+#include "polarssl/entropy.h"
+#include "polarssl/ctr_drbg.h"
#define SERVER_PORT 11999
#define PLAINTEXT "==Hello there!=="
#if !defined(POLARSSL_AES_C) || !defined(POLARSSL_DHM_C) || \
- !defined(POLARSSL_HAVEGE_C) || !defined(POLARSSL_NET_C) || \
+ !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_NET_C) || \
!defined(POLARSSL_RSA_C) || !defined(POLARSSL_SHA1_C) || \
- !defined(POLARSSL_FS_IO)
+ !defined(POLARSSL_FS_IO) || !defined(POLARSSL_CTR_DRBG_C)
int main( int argc, char *argv[] )
{
((void) argc);
((void) argv);
- printf("POLARSSL_AES_C and/or POLARSSL_DHM_C and/or POLARSSL_HAVEGE_C "
+ printf("POLARSSL_AES_C and/or POLARSSL_DHM_C and/or POLARSSL_ENTROPY_C "
"and/or POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
- "POLARSSL_SHA1_C and/or POLARSSL_FS_IO not defined.\n");
+ "POLARSSL_SHA1_C and/or POLARSSL_FS_IO and/or "
+ "POLARSSL_CTR_DBRG_C not defined.\n");
return( 0 );
}
#else
@@ -69,8 +71,10 @@
unsigned char buf[1024];
unsigned char hash[20];
unsigned char buf2[2];
+ char *pers = "dh_server";
- havege_state hs;
+ entropy_context entropy;
+ ctr_drbg_context ctr_drbg;
rsa_context rsa;
dhm_context dhm;
aes_context aes;
@@ -87,7 +91,13 @@
printf( "\n . Seeding the random number generator" );
fflush( stdout );
- havege_init( &hs );
+ entropy_init( &entropy );
+ if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
+ (unsigned char *) pers, strlen( pers ) ) ) != 0 )
+ {
+ printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
+ goto exit;
+ }
/*
* 2a. Read the server's private RSA key
@@ -172,7 +182,7 @@
memset( buf, 0, sizeof( buf ) );
if( ( ret = dhm_make_params( &dhm, 256, buf, &n,
- havege_random, &hs ) ) != 0 )
+ ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
printf( " failed\n ! dhm_make_params returned %d\n\n", ret );
goto exit;
@@ -276,6 +286,6 @@
return( ret );
}
-#endif /* POLARSSL_AES_C && POLARSSL_DHM_C && POLARSSL_HAVEGE_C &&
+#endif /* POLARSSL_AES_C && POLARSSL_DHM_C && POLARSSL_ENTROPY_C &&
POLARSSL_NET_C && POLARSSL_RSA_C && POLARSSL_SHA1_C &&
- POLARSSL_FS_IO */
+ POLARSSL_FS_IO && POLARSSL_CTR_DRBG_C */
diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c
index 63e2f13..aa6ca0e 100644
--- a/programs/pkey/rsa_encrypt.c
+++ b/programs/pkey/rsa_encrypt.c
@@ -33,17 +33,20 @@
#include "polarssl/config.h"
#include "polarssl/rsa.h"
-#include "polarssl/havege.h"
+#include "polarssl/entropy.h"
+#include "polarssl/ctr_drbg.h"
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_RSA_C) || \
- !defined(POLARSSL_HAVEGE_C) || !defined(POLARSSL_FS_IO)
+ !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_FS_IO) || \
+ !defined(POLARSSL_CTR_DRBG_C)
int main( int argc, char *argv[] )
{
((void) argc);
((void) argv);
printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or "
- "POLARSSL_HAVEGE_C and/or POLARSSL_FS_IO not defined.\n");
+ "POLARSSL_ENTROPY_C and/or POLARSSL_FS_IO and/or "
+ "POLARSSL_CTR_DRBG_C not defined.\n");
return( 0 );
}
#else
@@ -53,11 +56,11 @@
int ret;
size_t i;
rsa_context rsa;
- havege_state hs;
+ entropy_context entropy;
+ ctr_drbg_context ctr_drbg;
unsigned char input[1024];
unsigned char buf[512];
-
- havege_init( &hs );
+ char *pers = "rsa_encrypt";
ret = 1;
@@ -72,6 +75,17 @@
goto exit;
}
+ printf( "\n . Seeding the random number generator..." );
+ fflush( stdout );
+
+ entropy_init( &entropy );
+ if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
+ (unsigned char *) pers, strlen( pers ) ) ) != 0 )
+ {
+ printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
+ goto exit;
+ }
+
printf( "\n . Reading public key from rsa_pub.txt" );
fflush( stdout );
@@ -110,7 +124,9 @@
printf( "\n . Generating the RSA encrypted value" );
fflush( stdout );
- if( ( ret = rsa_pkcs1_encrypt( &rsa, havege_random, &hs, RSA_PUBLIC, strlen( argv[1] ), input, buf ) ) != 0 )
+ if( ( ret = rsa_pkcs1_encrypt( &rsa, ctr_drbg_random, &ctr_drbg,
+ RSA_PUBLIC, strlen( argv[1] ),
+ input, buf ) ) != 0 )
{
printf( " failed\n ! rsa_pkcs1_encrypt returned %d\n\n", ret );
goto exit;
@@ -143,5 +159,5 @@
return( ret );
}
-#endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && POLARSSL_HAVEGE_C &&
- POLARSSL_FS_IO */
+#endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && POLARSSL_ENTROPY_C &&
+ POLARSSL_FS_IO && POLARSSL_CTR_DRBG_C */
diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c
index e2d06fa..424097e 100644
--- a/programs/pkey/rsa_genkey.c
+++ b/programs/pkey/rsa_genkey.c
@@ -31,7 +31,8 @@
#include "polarssl/config.h"
-#include "polarssl/havege.h"
+#include "polarssl/entropy.h"
+#include "polarssl/ctr_drbg.h"
#include "polarssl/bignum.h"
#include "polarssl/x509.h"
#include "polarssl/rsa.h"
@@ -39,17 +40,17 @@
#define KEY_SIZE 1024
#define EXPONENT 65537
-#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_HAVEGE_C) || \
+#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \
!defined(POLARSSL_RSA_C) || !defined(POLARSSL_GENPRIME) || \
- !defined(POLARSSL_FS_IO)
+ !defined(POLARSSL_FS_IO) || !defined(POLARSSL_CTR_DRBG_C)
int main( int argc, char *argv[] )
{
((void) argc);
((void) argv);
- printf("POLARSSL_BIGNUM_C and/or POLARSSL_HAVEGE_C and/or "
+ printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
"POLARSSL_RSA_C and/or POLARSSL_GENPRIME and/or "
- "POLARSSL_FS_IO not defined.\n");
+ "POLARSSL_FS_IO and/or POLARSSL_CTR_DRBG_C not defined.\n");
return( 0 );
}
#else
@@ -57,9 +58,11 @@
{
int ret;
rsa_context rsa;
- havege_state hs;
+ entropy_context entropy;
+ ctr_drbg_context ctr_drbg;
FILE *fpub = NULL;
FILE *fpriv = NULL;
+ char *pers = "rsa_genkey";
((void) argc);
((void) argv);
@@ -67,14 +70,21 @@
printf( "\n . Seeding the random number generator..." );
fflush( stdout );
- havege_init( &hs );
+ entropy_init( &entropy );
+ if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
+ (unsigned char *) pers, strlen( pers ) ) ) != 0 )
+ {
+ printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
+ goto exit;
+ }
printf( " ok\n . Generating the RSA key [ %d-bit ]...", KEY_SIZE );
fflush( stdout );
rsa_init( &rsa, RSA_PKCS_V15, 0 );
- if( ( ret = rsa_gen_key( &rsa, havege_random, &hs, KEY_SIZE, EXPONENT ) ) != 0 )
+ if( ( ret = rsa_gen_key( &rsa, ctr_drbg_random, &ctr_drbg, KEY_SIZE,
+ EXPONENT ) ) != 0 )
{
printf( " failed\n ! rsa_gen_key returned %d\n\n", ret );
goto exit;
@@ -151,5 +161,5 @@
return( ret );
}
-#endif /* POLARSSL_BIGNUM_C && POLARSSL_HAVEGE_C && POLARSSL_RSA_C &&
- POLARSSL_GENPRIME && POLARSSL_FS_IO */
+#endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && POLARSSL_RSA_C &&
+ POLARSSL_GENPRIME && POLARSSL_FS_IO && POLARSSL_CTR_DRBG_C */
diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c
index 3174599..c00c8d8 100644
--- a/programs/pkey/rsa_sign_pss.c
+++ b/programs/pkey/rsa_sign_pss.c
@@ -32,7 +32,8 @@
#include "polarssl/config.h"
-#include "polarssl/havege.h"
+#include "polarssl/entropy.h"
+#include "polarssl/ctr_drbg.h"
#include "polarssl/md.h"
#include "polarssl/rsa.h"
#include "polarssl/sha1.h"
@@ -42,17 +43,19 @@
#define snprintf _snprintf
#endif
-#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_HAVEGE_C) || \
+#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \
!defined(POLARSSL_RSA_C) || !defined(POLARSSL_SHA1_C) || \
- !defined(POLARSSL_X509_PARSE_C) || !defined(POLARSSL_FS_IO)
+ !defined(POLARSSL_X509_PARSE_C) || !defined(POLARSSL_FS_IO) || \
+ !defined(POLARSSL_CTR_DRBG_C)
int main( int argc, char *argv[] )
{
((void) argc);
((void) argv);
- printf("POLARSSL_BIGNUM_C and/or POLARSSL_HAVEGE_C and/or "
+ printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
"POLARSSL_RSA_C and/or POLARSSL_SHA1_C and/or "
- "POLARSSL_X509_PARSE_C and/or POLARSSL_FS_IO not defined.\n");
+ "POLARSSL_X509_PARSE_C and/or POLARSSL_FS_IO and/or "
+ "POLARSSL_CTR_DRBG_C not defined.\n");
return( 0 );
}
#else
@@ -61,10 +64,12 @@
FILE *f;
int ret;
rsa_context rsa;
- havege_state hs;
+ entropy_context entropy;
+ ctr_drbg_context ctr_drbg;
unsigned char hash[20];
unsigned char buf[512];
char filename[512];
+ char *pers = "rsa_sign_pss";
ret = 1;
@@ -79,10 +84,20 @@
goto exit;
}
+ printf( "\n . Seeding the random number generator..." );
+ fflush( stdout );
+
+ entropy_init( &entropy );
+ if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
+ (unsigned char *) pers, strlen( pers ) ) ) != 0 )
+ {
+ printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
+ goto exit;
+ }
+
printf( "\n . Reading private key from '%s'", argv[1] );
fflush( stdout );
- havege_init( &hs );
rsa_init( &rsa, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
if( ( ret = x509parse_keyfile( &rsa, argv[1], "" ) ) != 0 )
@@ -105,7 +120,8 @@
goto exit;
}
- if( ( ret = rsa_pkcs1_sign( &rsa, havege_random, &hs, RSA_PRIVATE, SIG_RSA_SHA1,
+ if( ( ret = rsa_pkcs1_sign( &rsa, ctr_drbg_random, &ctr_drbg,
+ RSA_PRIVATE, SIG_RSA_SHA1,
20, hash, buf ) ) != 0 )
{
printf( " failed\n ! rsa_pkcs1_sign returned %d\n\n", ret );
@@ -143,5 +159,6 @@
return( ret );
}
-#endif /* POLARSSL_BIGNUM_C && POLARSSL_HAVEGE_C && POLARSSL_RSA_C &&
- POLARSSL_SHA1_C && POLARSSL_X509_PARSE_C && POLARSSL_FS_IO */
+#endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && POLARSSL_RSA_C &&
+ POLARSSL_SHA1_C && POLARSSL_X509_PARSE_C && POLARSSL_FS_IO &&
+ POLARSSL_CTR_DRBG_C */