TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 1bfa46a45617d7ddb1403900a0f8f53158aac66a / . / library / entropy.c
blob: 5a8321b8d056310c544a4fdf4f976bbb29b2b2fd [file] [log] [blame]
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]1/*
2 * Entropy accumulator implementation
3 *
Manuel Pégourié-Gonnarda658a402015-01-23 09:45:19 +0000[diff] [blame]4 * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]5 *
Manuel Pégourié-Gonnardfe446432015-03-06 13:17:10 +0000[diff] [blame]6 * This file is part of mbed TLS (https://tls.mbed.org)
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]7 *
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License along
19 * with this program; if not, write to the Free Software Foundation, Inc.,
20 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 */
22
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]23#if !defined(POLARSSL_CONFIG_FILE)
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]24#include "polarssl/config.h"
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]25#else
26#include POLARSSL_CONFIG_FILE
27#endif
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]28
29#if defined(POLARSSL_ENTROPY_C)
30
31#include "polarssl/entropy.h"
32#include "polarssl/entropy_poll.h"
33
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]34#include <string.h>
35
Paul Bakker66ff70d2014-03-26 11:54:05 +0100[diff] [blame]36#if defined(POLARSSL_FS_IO)
37#include <stdio.h>
38#endif
39
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]40#if defined(POLARSSL_SELF_TEST)
41#if defined(POLARSSL_PLATFORM_C)
42#include "polarssl/platform.h"
43#else
44#include <stdio.h>
45#define polarssl_printf printf
46#endif /* POLARSSL_PLATFORM_C */
47#endif /* POLARSSL_SELF_TEST */
48
Paul Bakker28c7e7f2011-12-15 19:49:30 +0000[diff] [blame]49#if defined(POLARSSL_HAVEGE_C)
50#include "polarssl/havege.h"
51#endif
52
Paul Bakker34617722014-06-13 17:20:13 +0200[diff] [blame]53/* Implementation that should never be optimized out by the compiler */
54static void polarssl_zeroize( void *v, size_t n ) {
55 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
56}
57
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]58#define ENTROPY_MAX_LOOP 256 /**< Maximum amount to loop before error */
59
60void entropy_init( entropy_context *ctx )
61{
62 memset( ctx, 0, sizeof(entropy_context) );
63
Paul Bakkerf4e7dc52013-09-28 15:23:57 +0200[diff] [blame]64#if defined(POLARSSL_THREADING_C)
65 polarssl_mutex_init( &ctx->mutex );
66#endif
67
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame]68#if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR)
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]69 sha512_starts( &ctx->accumulator, 0 );
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame]70#else
71 sha256_starts( &ctx->accumulator, 0 );
72#endif
Paul Bakker43655f42011-12-15 20:11:16 +0000[diff] [blame]73#if defined(POLARSSL_HAVEGE_C)
74 havege_init( &ctx->havege_data );
75#endif
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]76
Paul Bakker43655f42011-12-15 20:11:16 +0000[diff] [blame]77#if !defined(POLARSSL_NO_DEFAULT_ENTROPY_SOURCES)
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]78#if !defined(POLARSSL_NO_PLATFORM_ENTROPY)
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]79 entropy_add_source( ctx, platform_entropy_poll, NULL,
80 ENTROPY_MIN_PLATFORM );
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]81#endif
82#if defined(POLARSSL_TIMING_C)
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]83 entropy_add_source( ctx, hardclock_poll, NULL, ENTROPY_MIN_HARDCLOCK );
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]84#endif
Paul Bakker28c7e7f2011-12-15 19:49:30 +0000[diff] [blame]85#if defined(POLARSSL_HAVEGE_C)
Paul Bakker28c7e7f2011-12-15 19:49:30 +0000[diff] [blame]86 entropy_add_source( ctx, havege_poll, &ctx->havege_data,
87 ENTROPY_MIN_HAVEGE );
88#endif
Paul Bakker43655f42011-12-15 20:11:16 +0000[diff] [blame]89#endif /* POLARSSL_NO_DEFAULT_ENTROPY_SOURCES */
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]90}
91
Paul Bakker1ffefac2013-09-28 15:23:03 +0200[diff] [blame]92void entropy_free( entropy_context *ctx )
93{
Paul Bakkera317a982014-06-18 16:44:11 +0200[diff] [blame]94#if defined(POLARSSL_HAVEGE_C)
95 havege_free( &ctx->havege_data );
96#endif
Paul Bakkerf4e7dc52013-09-28 15:23:57 +0200[diff] [blame]97#if defined(POLARSSL_THREADING_C)
98 polarssl_mutex_free( &ctx->mutex );
99#endif
ptahpeteh638fa0b2015-06-01 12:28:29 +0200[diff] [blame]100 polarssl_zeroize( ctx, sizeof( entropy_context ) );
Paul Bakker1ffefac2013-09-28 15:23:03 +0200[diff] [blame]101}
102
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]103int entropy_add_source( entropy_context *ctx,
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]104 f_source_ptr f_source, void *p_source,
105 size_t threshold )
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]106{
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]107 int index, ret = 0;
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]108
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]109#if defined(POLARSSL_THREADING_C)
110 if( ( ret = polarssl_mutex_lock( &ctx->mutex ) ) != 0 )
111 return( ret );
112#endif
113
114 index = ctx->source_count;
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]115 if( index >= ENTROPY_MAX_SOURCES )
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]116 {
117 ret = POLARSSL_ERR_ENTROPY_MAX_SOURCES;
118 goto exit;
119 }
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]120
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]121 ctx->source[index].f_source = f_source;
122 ctx->source[index].p_source = p_source;
123 ctx->source[index].threshold = threshold;
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]124
125 ctx->source_count++;
126
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]127exit:
128#if defined(POLARSSL_THREADING_C)
129 if( polarssl_mutex_unlock( &ctx->mutex ) != 0 )
130 return( POLARSSL_ERR_THREADING_MUTEX_ERROR );
131#endif
132
133 return( ret );
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]134}
135
136/*
137 * Entropy accumulator update
138 */
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]139static int entropy_update( entropy_context *ctx, unsigned char source_id,
140 const unsigned char *data, size_t len )
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]141{
142 unsigned char header[2];
143 unsigned char tmp[ENTROPY_BLOCK_SIZE];
144 size_t use_len = len;
145 const unsigned char *p = data;
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]146
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]147 if( use_len > ENTROPY_BLOCK_SIZE )
148 {
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame]149#if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR)
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]150 sha512( data, len, tmp, 0 );
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame]151#else
152 sha256( data, len, tmp, 0 );
153#endif
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]154 p = tmp;
155 use_len = ENTROPY_BLOCK_SIZE;
156 }
157
158 header[0] = source_id;
159 header[1] = use_len & 0xFF;
160
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame]161#if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR)
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]162 sha512_update( &ctx->accumulator, header, 2 );
163 sha512_update( &ctx->accumulator, p, use_len );
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame]164#else
165 sha256_update( &ctx->accumulator, header, 2 );
166 sha256_update( &ctx->accumulator, p, use_len );
167#endif
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]168
Andres Amaya Garcia1bfa46a2017-07-12 11:00:02 +0100[diff] [blame^]169 polarssl_zeroize( tmp, sizeof( tmp ) );
170
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]171 return( 0 );
172}
173
174int entropy_update_manual( entropy_context *ctx,
175 const unsigned char *data, size_t len )
176{
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]177 int ret;
178
179#if defined(POLARSSL_THREADING_C)
180 if( ( ret = polarssl_mutex_lock( &ctx->mutex ) ) != 0 )
181 return( ret );
182#endif
183
184 ret = entropy_update( ctx, ENTROPY_SOURCE_MANUAL, data, len );
185
186#if defined(POLARSSL_THREADING_C)
187 if( polarssl_mutex_unlock( &ctx->mutex ) != 0 )
188 return( POLARSSL_ERR_THREADING_MUTEX_ERROR );
189#endif
190
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]191 return( ret );
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]192}
193
194/*
195 * Run through the different sources to add entropy to our accumulator
196 */
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]197static int entropy_gather_internal( entropy_context *ctx )
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]198{
199 int ret, i;
200 unsigned char buf[ENTROPY_MAX_GATHER];
201 size_t olen;
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]202
Paul Bakker43655f42011-12-15 20:11:16 +0000[diff] [blame]203 if( ctx->source_count == 0 )
204 return( POLARSSL_ERR_ENTROPY_NO_SOURCES_DEFINED );
205
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]206 /*
207 * Run through our entropy sources
208 */
209 for( i = 0; i < ctx->source_count; i++ )
210 {
211 olen = 0;
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]212 if( ( ret = ctx->source[i].f_source( ctx->source[i].p_source,
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]213 buf, ENTROPY_MAX_GATHER, &olen ) ) != 0 )
214 {
Andres Amaya Garciafa6fa682017-07-12 10:32:27 +0100[diff] [blame]215 goto cleanup;
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]216 }
217
218 /*
219 * Add if we actually gathered something
220 */
221 if( olen > 0 )
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]222 {
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]223 entropy_update( ctx, (unsigned char) i, buf, olen );
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]224 ctx->source[i].size += olen;
225 }
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]226 }
227
Andres Amaya Garciafa6fa682017-07-12 10:32:27 +0100[diff] [blame]228cleanup:
229 polarssl_zeroize( buf, sizeof( buf ) );
230
231 return( ret );
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]232}
233
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]234/*
235 * Thread-safe wrapper for entropy_gather_internal()
236 */
237int entropy_gather( entropy_context *ctx )
238{
Paul Bakkerddd427a2014-04-09 14:47:58 +0200[diff] [blame]239 int ret;
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]240
241#if defined(POLARSSL_THREADING_C)
Paul Bakkerddd427a2014-04-09 14:47:58 +0200[diff] [blame]242 if( ( ret = polarssl_mutex_lock( &ctx->mutex ) ) != 0 )
243 return( ret );
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]244#endif
245
Paul Bakkerddd427a2014-04-09 14:47:58 +0200[diff] [blame]246 ret = entropy_gather_internal( ctx );
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]247
248#if defined(POLARSSL_THREADING_C)
Paul Bakkerddd427a2014-04-09 14:47:58 +0200[diff] [blame]249 if( polarssl_mutex_unlock( &ctx->mutex ) != 0 )
250 return( POLARSSL_ERR_THREADING_MUTEX_ERROR );
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]251#endif
252
Paul Bakkerddd427a2014-04-09 14:47:58 +0200[diff] [blame]253 return( ret );
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]254}
255
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]256int entropy_func( void *data, unsigned char *output, size_t len )
257{
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]258 int ret, count = 0, i, reached;
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]259 entropy_context *ctx = (entropy_context *) data;
260 unsigned char buf[ENTROPY_BLOCK_SIZE];
261
262 if( len > ENTROPY_BLOCK_SIZE )
263 return( POLARSSL_ERR_ENTROPY_SOURCE_FAILED );
264
Paul Bakkerf4e7dc52013-09-28 15:23:57 +0200[diff] [blame]265#if defined(POLARSSL_THREADING_C)
266 if( ( ret = polarssl_mutex_lock( &ctx->mutex ) ) != 0 )
267 return( ret );
268#endif
269
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]270 /*
271 * Always gather extra entropy before a call
272 */
273 do
274 {
275 if( count++ > ENTROPY_MAX_LOOP )
Paul Bakkerf4e7dc52013-09-28 15:23:57 +0200[diff] [blame]276 {
277 ret = POLARSSL_ERR_ENTROPY_SOURCE_FAILED;
278 goto exit;
279 }
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]280
Paul Bakker47703a02014-02-06 15:01:20 +0100[diff] [blame]281 if( ( ret = entropy_gather_internal( ctx ) ) != 0 )
Paul Bakkerf4e7dc52013-09-28 15:23:57 +0200[diff] [blame]282 goto exit;
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]283
284 reached = 0;
285
286 for( i = 0; i < ctx->source_count; i++ )
287 if( ctx->source[i].size >= ctx->source[i].threshold )
288 reached++;
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]289 }
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]290 while( reached != ctx->source_count );
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]291
292 memset( buf, 0, ENTROPY_BLOCK_SIZE );
293
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame]294#if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR)
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]295 sha512_finish( &ctx->accumulator, buf );
296
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]297 /*
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]298 * Reset accumulator and counters and recycle existing entropy
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]299 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]300 memset( &ctx->accumulator, 0, sizeof( sha512_context ) );
301 sha512_starts( &ctx->accumulator, 0 );
302 sha512_update( &ctx->accumulator, buf, ENTROPY_BLOCK_SIZE );
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame]303
304 /*
Paul Bakkerb13d3ff2014-03-26 12:51:25 +0100[diff] [blame]305 * Perform second SHA-512 on entropy
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame]306 */
Paul Bakkerb13d3ff2014-03-26 12:51:25 +0100[diff] [blame]307 sha512( buf, ENTROPY_BLOCK_SIZE, buf, 0 );
308#else /* POLARSSL_ENTROPY_SHA512_ACCUMULATOR */
309 sha256_finish( &ctx->accumulator, buf );
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame]310
311 /*
312 * Reset accumulator and counters and recycle existing entropy
313 */
314 memset( &ctx->accumulator, 0, sizeof( sha256_context ) );
315 sha256_starts( &ctx->accumulator, 0 );
316 sha256_update( &ctx->accumulator, buf, ENTROPY_BLOCK_SIZE );
Paul Bakkerb13d3ff2014-03-26 12:51:25 +0100[diff] [blame]317
318 /*
319 * Perform second SHA-256 on entropy
320 */
321 sha256( buf, ENTROPY_BLOCK_SIZE, buf, 0 );
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200[diff] [blame]322#endif /* POLARSSL_ENTROPY_SHA512_ACCUMULATOR */
Paul Bakkerbd4a9d02011-12-10 17:02:19 +0000[diff] [blame]323
324 for( i = 0; i < ctx->source_count; i++ )
325 ctx->source[i].size = 0;
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]326
327 memcpy( output, buf, len );
328
Paul Bakkerf4e7dc52013-09-28 15:23:57 +0200[diff] [blame]329 ret = 0;
330
331exit:
Andres Amaya Garciafa6fa682017-07-12 10:32:27 +0100[diff] [blame]332 polarssl_zeroize( buf, sizeof( buf ) );
333
Paul Bakkerf4e7dc52013-09-28 15:23:57 +0200[diff] [blame]334#if defined(POLARSSL_THREADING_C)
335 if( polarssl_mutex_unlock( &ctx->mutex ) != 0 )
336 return( POLARSSL_ERR_THREADING_MUTEX_ERROR );
337#endif
338
339 return( ret );
Paul Bakker6083fd22011-12-03 21:45:14 +0000[diff] [blame]340}
341
Paul Bakker66ff70d2014-03-26 11:54:05 +0100[diff] [blame]342#if defined(POLARSSL_FS_IO)
343int entropy_write_seed_file( entropy_context *ctx, const char *path )
344{
345 int ret = POLARSSL_ERR_ENTROPY_FILE_IO_ERROR;
346 FILE *f;
347 unsigned char buf[ENTROPY_BLOCK_SIZE];
348
349 if( ( f = fopen( path, "wb" ) ) == NULL )
350 return( POLARSSL_ERR_ENTROPY_FILE_IO_ERROR );
351
352 if( ( ret = entropy_func( ctx, buf, ENTROPY_BLOCK_SIZE ) ) != 0 )
353 goto exit;
354
355 if( fwrite( buf, 1, ENTROPY_BLOCK_SIZE, f ) != ENTROPY_BLOCK_SIZE )
356 {
357 ret = POLARSSL_ERR_ENTROPY_FILE_IO_ERROR;
358 goto exit;
359 }
360
361 ret = 0;
362
363exit:
Andres Amaya Garciafa6fa682017-07-12 10:32:27 +0100[diff] [blame]364 polarssl_zeroize( buf, sizeof( buf ) );
365
Paul Bakker66ff70d2014-03-26 11:54:05 +0100[diff] [blame]366 fclose( f );
367 return( ret );
368}
369
370int entropy_update_seed_file( entropy_context *ctx, const char *path )
371{
Andres Amaya Garciafa6fa682017-07-12 10:32:27 +0100[diff] [blame]372 int ret = 0;
Paul Bakker66ff70d2014-03-26 11:54:05 +0100[diff] [blame]373 FILE *f;
374 size_t n;
375 unsigned char buf[ ENTROPY_MAX_SEED_SIZE ];
376
377 if( ( f = fopen( path, "rb" ) ) == NULL )
378 return( POLARSSL_ERR_ENTROPY_FILE_IO_ERROR );
379
380 fseek( f, 0, SEEK_END );
381 n = (size_t) ftell( f );
382 fseek( f, 0, SEEK_SET );
383
384 if( n > ENTROPY_MAX_SEED_SIZE )
385 n = ENTROPY_MAX_SEED_SIZE;
386
387 if( fread( buf, 1, n, f ) != n )
Andres Amaya Garciafa6fa682017-07-12 10:32:27 +0100[diff] [blame]388 ret = POLARSSL_ERR_ENTROPY_FILE_IO_ERROR;
389 else
390 ret = entropy_update_manual( ctx, buf, n );
Paul Bakker66ff70d2014-03-26 11:54:05 +0100[diff] [blame]391
392 fclose( f );
393
Andres Amaya Garciafa6fa682017-07-12 10:32:27 +0100[diff] [blame]394 polarssl_zeroize( buf, sizeof( buf ) );
395
396 if( ret != 0 )
397 return( ret );
Paul Bakker66ff70d2014-03-26 11:54:05 +0100[diff] [blame]398
399 return( entropy_write_seed_file( ctx, path ) );
400}
401#endif /* POLARSSL_FS_IO */
402
Manuel Pégourié-Gonnard4dd73922014-05-30 10:34:15 +0200[diff] [blame]403#if defined(POLARSSL_SELF_TEST)
Manuel Pégourié-Gonnard4dd73922014-05-30 10:34:15 +0200[diff] [blame]404/*
405 * Dummy source function
406 */
407static int entropy_dummy_source( void *data, unsigned char *output,
408 size_t len, size_t *olen )
409{
410 ((void) data);
411
412 memset( output, 0x2a, len );
413 *olen = len;
414
415 return( 0 );
416}
417
418/*
419 * The actual entropy quality is hard to test, but we can at least
420 * test that the functions don't cause errors and write the correct
421 * amount of data to buffers.
422 */
423int entropy_self_test( int verbose )
424{
425 int ret = 0;
426 entropy_context ctx;
427 unsigned char buf[ENTROPY_BLOCK_SIZE] = { 0 };
428 unsigned char acc[ENTROPY_BLOCK_SIZE] = { 0 };
429 size_t i, j;
430
431 if( verbose != 0 )
432 polarssl_printf( " ENTROPY test: " );
433
434 entropy_init( &ctx );
435
436 ret = entropy_add_source( &ctx, entropy_dummy_source, NULL, 16 );
437 if( ret != 0 )
438 goto cleanup;
439
440 if( ( ret = entropy_gather( &ctx ) ) != 0 )
441 goto cleanup;
442
443 if( ( ret = entropy_update_manual( &ctx, buf, sizeof buf ) ) != 0 )
444 goto cleanup;
445
446 /*
447 * To test that entropy_func writes correct number of bytes:
448 * - use the whole buffer and rely on ASan to detect overruns
449 * - collect entropy 8 times and OR the result in an accumulator:
450 * any byte should then be 0 with probably 2^(-64), so requiring
451 * each of the 32 or 64 bytes to be non-zero has a false failure rate
452 * of at most 2^(-58) which is acceptable.
453 */
454 for( i = 0; i < 8; i++ )
455 {
456 if( ( ret = entropy_func( &ctx, buf, sizeof( buf ) ) ) != 0 )
457 goto cleanup;
458
459 for( j = 0; j < sizeof( buf ); j++ )
460 acc[j] |= buf[j];
461 }
462
463 for( j = 0; j < sizeof( buf ); j++ )
464 {
465 if( acc[j] == 0 )
466 {
467 ret = 1;
468 goto cleanup;
469 }
470 }
471
472cleanup:
473 entropy_free( &ctx );
474
475 if( verbose != 0 )
476 {
477 if( ret != 0 )
478 polarssl_printf( "failed\n" );
479 else
480 polarssl_printf( "passed\n" );
481
482 polarssl_printf( "\n" );
483 }
484
485 return( ret != 0 );
486}
487#endif /* POLARSSL_SELF_TEST */
488
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]489#endif /* POLARSSL_ENTROPY_C */