| Paul Bakker | 6083fd2 | 2011-12-03 21:45:14 +0000 | [diff] [blame] | 1 | /* |
| 2 | * Entropy accumulator implementation |
| 3 | * |
| 4 | * Copyright (C) 2006-2011, Brainspark B.V. |
| 5 | * |
| 6 | * This file is part of PolarSSL (http://www.polarssl.org) |
| 7 | * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> |
| 8 | * |
| 9 | * All rights reserved. |
| 10 | * |
| 11 | * This program is free software; you can redistribute it and/or modify |
| 12 | * it under the terms of the GNU General Public License as published by |
| 13 | * the Free Software Foundation; either version 2 of the License, or |
| 14 | * (at your option) any later version. |
| 15 | * |
| 16 | * This program is distributed in the hope that it will be useful, |
| 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 19 | * GNU General Public License for more details. |
| 20 | * |
| 21 | * You should have received a copy of the GNU General Public License along |
| 22 | * with this program; if not, write to the Free Software Foundation, Inc., |
| 23 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
| 24 | */ |
| 25 | |
| 26 | #include "polarssl/config.h" |
| 27 | |
| 28 | #if defined(POLARSSL_ENTROPY_C) |
| 29 | |
| 30 | #include "polarssl/entropy.h" |
| 31 | #include "polarssl/entropy_poll.h" |
| 32 | |
| 33 | #define ENTROPY_MAX_LOOP 256 /**< Maximum amount to loop before error */ |
| 34 | |
| 35 | void entropy_init( entropy_context *ctx ) |
| 36 | { |
| 37 | memset( ctx, 0, sizeof(entropy_context) ); |
| 38 | |
| 39 | sha4_starts( &ctx->accumulator, 0 ); |
| 40 | |
| 41 | #if !defined(POLARSSL_NO_PLATFORM_ENTROPY) |
| 42 | entropy_add_source( ctx, platform_entropy_poll, NULL ); |
| 43 | #endif |
| 44 | #if defined(POLARSSL_TIMING_C) |
| 45 | entropy_add_source( ctx, hardclock_poll, NULL ); |
| 46 | #endif |
| 47 | } |
| 48 | |
| 49 | int entropy_add_source( entropy_context *ctx, |
| 50 | f_source_ptr f_source, void *p_source ) |
| 51 | { |
| 52 | if( ctx->source_count >= ENTROPY_MAX_SOURCES ) |
| 53 | return( POLARSSL_ERR_ENTROPY_MAX_SOURCES ); |
| 54 | |
| 55 | ctx->f_source[ctx->source_count] = f_source; |
| 56 | ctx->p_source[ctx->source_count] = p_source; |
| 57 | |
| 58 | ctx->source_count++; |
| 59 | |
| 60 | return( 0 ); |
| 61 | } |
| 62 | |
| 63 | /* |
| 64 | * Entropy accumulator update |
| 65 | */ |
| 66 | int entropy_update( entropy_context *ctx, unsigned char source_id, |
| 67 | const unsigned char *data, size_t len ) |
| 68 | { |
| 69 | unsigned char header[2]; |
| 70 | unsigned char tmp[ENTROPY_BLOCK_SIZE]; |
| 71 | size_t use_len = len; |
| 72 | const unsigned char *p = data; |
| 73 | |
| 74 | if( use_len > ENTROPY_BLOCK_SIZE ) |
| 75 | { |
| 76 | sha4( data, len, tmp, 0 ); |
| 77 | |
| 78 | p = tmp; |
| 79 | use_len = ENTROPY_BLOCK_SIZE; |
| 80 | } |
| 81 | |
| 82 | header[0] = source_id; |
| 83 | header[1] = use_len & 0xFF; |
| 84 | |
| 85 | sha4_update( &ctx->accumulator, header, 2 ); |
| 86 | sha4_update( &ctx->accumulator, p, use_len ); |
| 87 | |
| 88 | ctx->size += use_len; |
| 89 | |
| 90 | return( 0 ); |
| 91 | } |
| 92 | |
| 93 | int entropy_update_manual( entropy_context *ctx, |
| 94 | const unsigned char *data, size_t len ) |
| 95 | { |
| 96 | return entropy_update( ctx, ENTROPY_SOURCE_MANUAL, data, len ); |
| 97 | } |
| 98 | |
| 99 | /* |
| 100 | * Run through the different sources to add entropy to our accumulator |
| 101 | */ |
| 102 | int entropy_gather( entropy_context *ctx ) |
| 103 | { |
| 104 | int ret, i; |
| 105 | unsigned char buf[ENTROPY_MAX_GATHER]; |
| 106 | size_t olen; |
| 107 | |
| 108 | /* |
| 109 | * Run through our entropy sources |
| 110 | */ |
| 111 | for( i = 0; i < ctx->source_count; i++ ) |
| 112 | { |
| 113 | olen = 0; |
| 114 | if ( ( ret = ctx->f_source[i]( ctx->p_source[i], |
| 115 | buf, ENTROPY_MAX_GATHER, &olen ) ) != 0 ) |
| 116 | { |
| 117 | return( ret ); |
| 118 | } |
| 119 | |
| 120 | /* |
| 121 | * Add if we actually gathered something |
| 122 | */ |
| 123 | if( olen > 0 ) |
| 124 | entropy_update( ctx, (unsigned char) i, buf, olen ); |
| 125 | } |
| 126 | |
| 127 | return( 0 ); |
| 128 | } |
| 129 | |
| 130 | int entropy_func( void *data, unsigned char *output, size_t len ) |
| 131 | { |
| 132 | int ret, count = 0; |
| 133 | entropy_context *ctx = (entropy_context *) data; |
| 134 | unsigned char buf[ENTROPY_BLOCK_SIZE]; |
| 135 | |
| 136 | if( len > ENTROPY_BLOCK_SIZE ) |
| 137 | return( POLARSSL_ERR_ENTROPY_SOURCE_FAILED ); |
| 138 | |
| 139 | /* |
| 140 | * Always gather extra entropy before a call |
| 141 | */ |
| 142 | do |
| 143 | { |
| 144 | if( count++ > ENTROPY_MAX_LOOP ) |
| 145 | return( POLARSSL_ERR_ENTROPY_SOURCE_FAILED ); |
| 146 | |
| 147 | if( ( ret = entropy_gather( ctx ) ) != 0 ) |
| 148 | return( ret ); |
| 149 | } |
| 150 | while( ctx->size < ENTROPY_MIN_POOL ); |
| 151 | |
| 152 | memset( buf, 0, ENTROPY_BLOCK_SIZE ); |
| 153 | |
| 154 | sha4_finish( &ctx->accumulator, buf ); |
| 155 | |
| 156 | /* |
| 157 | * Perform second SHA-512 on entropy |
| 158 | */ |
| 159 | sha4( buf, ENTROPY_BLOCK_SIZE, buf, 0 ); |
| 160 | |
| 161 | /* |
| 162 | * Reset accumulator |
| 163 | */ |
| 164 | memset( &ctx->accumulator, 0, sizeof( sha4_context ) ); |
| 165 | sha4_starts( &ctx->accumulator, 0 ); |
| 166 | ctx->size = 0; |
| 167 | |
| 168 | memcpy( output, buf, len ); |
| 169 | |
| 170 | return( 0 ); |
| 171 | } |
| 172 | |
| 173 | #endif |