/*
* Checkup routine
*/
int mbedtls_ctr_drbg_self_test( int verbose )
{
mbedtls_ctr_drbg_context ctx;
unsigned char buf[16];
mbedtls_ctr_drbg_init( &ctx );
/*
* Based on a NIST CTR_DRBG test vector (PR = True)
*/
if( verbose != 0 )
mbedtls_printf( " CTR_DRBG (PR = TRUE) : " );
test_offset = 0;
CHK( mbedtls_ctr_drbg_seed_entropy_len( &ctx, ctr_drbg_self_test_entropy,
(void *) entropy_source_pr, nonce_pers_pr, 16, 32 ) );
mbedtls_ctr_drbg_set_prediction_resistance( &ctx, MBEDTLS_CTR_DRBG_PR_ON );
CHK( mbedtls_ctr_drbg_random( &ctx, buf, MBEDTLS_CTR_DRBG_BLOCKSIZE ) );
CHK( mbedtls_ctr_drbg_random( &ctx, buf, MBEDTLS_CTR_DRBG_BLOCKSIZE ) );
CHK( memcmp( buf, result_pr, MBEDTLS_CTR_DRBG_BLOCKSIZE ) );
mbedtls_ctr_drbg_free( &ctx );
if( verbose != 0 )
mbedtls_printf( "passed\n" );
/*
* Based on a NIST CTR_DRBG test vector (PR = FALSE)
*/
if( verbose != 0 )
mbedtls_printf( " CTR_DRBG (PR = FALSE): " );
mbedtls_ctr_drbg_init( &ctx );
test_offset = 0;
CHK( mbedtls_ctr_drbg_seed_entropy_len( &ctx, ctr_drbg_self_test_entropy,
(void *) entropy_source_nopr, nonce_pers_nopr, 16, 32 ) );
CHK( mbedtls_ctr_drbg_random( &ctx, buf, 16 ) );
CHK( mbedtls_ctr_drbg_reseed( &ctx, NULL, 0 ) );
CHK( mbedtls_ctr_drbg_random( &ctx, buf, 16 ) );
CHK( memcmp( buf, result_nopr, 16 ) );
mbedtls_ctr_drbg_free( &ctx );
if( verbose != 0 )
mbedtls_printf( "passed\n" );
if( verbose != 0 )
mbedtls_printf( "\n" );
return( 0 );
}
int ssh_mbedtls_random(void *where, int len, int strong)
{
int rc = 0;
if (strong) {
mbedtls_ctr_drbg_set_prediction_resistance(&ssh_mbedtls_ctr_drbg,
MBEDTLS_CTR_DRBG_PR_ON);
rc = mbedtls_ctr_drbg_random(&ssh_mbedtls_ctr_drbg, where, len);
mbedtls_ctr_drbg_set_prediction_resistance(&ssh_mbedtls_ctr_drbg,
MBEDTLS_CTR_DRBG_PR_OFF);
} else {
rc = mbedtls_ctr_drbg_random(&ssh_mbedtls_ctr_drbg, where, len);
}
return !rc;
}
int
rb_get_random(void *buf, size_t length)
{
if (mbedtls_ctr_drbg_random(&ctr_drbg, buf, length))
return 0;
return 1;
}
/* Required to use random number generator functions in a multithreaded application
*/
static int tls_random(void *p_rng, unsigned char *output, size_t len) {
int result;
pthread_mutex_lock(&random_mutex);
result = mbedtls_ctr_drbg_random(p_rng, output, len);
pthread_mutex_unlock(&random_mutex);
return result;
}
static CURLcode Curl_mbedtls_random(struct Curl_easy *data,
unsigned char *entropy, size_t length)
{
#if defined(MBEDTLS_CTR_DRBG_C)
int ret = -1;
char errorbuf[128];
mbedtls_entropy_context ctr_entropy;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_entropy_init(&ctr_entropy);
mbedtls_ctr_drbg_init(&ctr_drbg);
errorbuf[0]=0;
ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func,
&ctr_entropy, NULL, 0);
if(ret) {
#ifdef MBEDTLS_ERROR_C
mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));
#endif /* MBEDTLS_ERROR_C */
failf(data, "Failed - mbedTLS: ctr_drbg_seed returned (-0x%04X) %s\n",
-ret, errorbuf);
}
else {
ret = mbedtls_ctr_drbg_random(&ctr_drbg, entropy, length);
if(ret) {
#ifdef MBEDTLS_ERROR_C
mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));
#endif /* MBEDTLS_ERROR_C */
failf(data, "mbedTLS: ctr_drbg_init returned (-0x%04X) %s\n",
-ret, errorbuf);
}
}
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&ctr_entropy);
return ret == 0 ? CURLE_OK : CURLE_FAILED_INIT;
#elif defined(MBEDTLS_HAVEGE_C)
mbedtls_havege_state hs;
mbedtls_havege_init(&hs);
mbedtls_havege_random(&hs, entropy, length);
mbedtls_havege_free(&hs);
return CURLE_OK;
#else
return CURLE_NOT_BUILT_IN;
#endif
}
void rand_bytes(byte* pb, size_t cb){
mbedtls_ctr_drbg_context ctx;
// unsigned char buf[16];
mbedtls_ctr_drbg_init( &ctx );
mbedtls_ctr_drbg_seed_entropy_len( &ctx, ctr_drbg_self_test_entropy, (void *) entropy_source_pr, nonce_pers_pr, 16, 32 );
//mbedtls_ctr_drbg_set_prediction_resistance( &ctx, MBEDTLS_CTR_DRBG_PR_ON );
mbedtls_ctr_drbg_random( &ctx, pb, cb );
//mbedtls_ctr_drbg_random( &ctx, buf, MBEDTLS_CTR_DRBG_BLOCKSIZE );
//memcmp( buf, result_pr, MBEDTLS_CTR_DRBG_BLOCKSIZE ) );
mbedtls_ctr_drbg_free( &ctx );
}
int
rand_bytes(uint8_t *output, int len)
{
mbedtls_ctr_drbg_context *rng_ctx = rand_ctx_get();
while (len > 0)
{
const size_t blen = min_int(len, MBEDTLS_CTR_DRBG_MAX_REQUEST);
if (0 != mbedtls_ctr_drbg_random(rng_ctx, output, blen))
{
return 0;
}
output += blen;
len -= blen;
}
return 1;
}
int init_aes_key(unsigned char *key, size_t bytes)
{
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_entropy_context entropy;
const uint8_t pers[] = "aes_generate_key";
int ret;
mbedtls_entropy_init(&entropy);
mbedtls_ctr_drbg_init(&ctr_drbg);
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
pers, sizeof(pers) - 1)) == 0) {
ret = mbedtls_ctr_drbg_random(&ctr_drbg, key, bytes);
}
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
return ret;
}
int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path )
{
int ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
FILE *f;
unsigned char buf[ MBEDTLS_CTR_DRBG_MAX_INPUT ];
if( ( f = fopen( path, "wb" ) ) == NULL )
return( MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR );
if( ( ret = mbedtls_ctr_drbg_random( ctx, buf, MBEDTLS_CTR_DRBG_MAX_INPUT ) ) != 0 )
goto exit;
if( fwrite( buf, 1, MBEDTLS_CTR_DRBG_MAX_INPUT, f ) != MBEDTLS_CTR_DRBG_MAX_INPUT )
{
ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
goto exit;
}
ret = 0;
exit:
fclose( f );
return( ret );
}
int rand_bytes(uint8_t *output, int len)
{
#if defined(USE_CRYPTO_OPENSSL)
return RAND_bytes(output, len);
#elif defined(USE_CRYPTO_POLARSSL)
static entropy_context ec = {};
static ctr_drbg_context cd_ctx = {};
static unsigned char rand_initialised = 0;
const size_t blen = min(len, CTR_DRBG_MAX_REQUEST);
if (!rand_initialised) {
#ifdef _WIN32
HCRYPTPROV hProvider;
union {
unsigned __int64 seed;
BYTE buffer[8];
} rand_buffer;
hProvider = 0;
if (CryptAcquireContext(&hProvider, 0, 0, PROV_RSA_FULL, \
CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
CryptGenRandom(hProvider, 8, rand_buffer.buffer);
CryptReleaseContext(hProvider, 0);
} else {
rand_buffer.seed = (unsigned __int64)clock();
}
#else
FILE *urand;
union {
uint64_t seed;
uint8_t buffer[8];
} rand_buffer;
urand = fopen("/dev/urandom", "r");
if (urand) {
int read = fread(&rand_buffer.seed, sizeof(rand_buffer.seed), 1,
urand);
fclose(urand);
if (read <= 0) {
rand_buffer.seed = (uint64_t)clock();
}
} else {
rand_buffer.seed = (uint64_t)clock();
}
#endif
entropy_init(&ec);
if (ctr_drbg_init(&cd_ctx, entropy_func, &ec,
(const unsigned char *)rand_buffer.buffer, 8) != 0) {
#if POLARSSL_VERSION_NUMBER >= 0x01030000
entropy_free(&ec);
#endif
FATAL("Failed to initialize random generator");
}
rand_initialised = 1;
}
while (len > 0) {
if (ctr_drbg_random(&cd_ctx, output, blen) != 0) {
return 0;
}
output += blen;
len -= blen;
}
return 1;
#elif defined(USE_CRYPTO_MBEDTLS)
static mbedtls_entropy_context ec = {};
// XXX: ctr_drbg_context changed, [if defined(MBEDTLS_THREADING_C) mbedtls_threading_mutex_t mutex;]
static mbedtls_ctr_drbg_context cd_ctx = {};
static unsigned char rand_initialised = 0;
const size_t blen = min(len, MBEDTLS_CTR_DRBG_MAX_REQUEST);
if (!rand_initialised) {
#ifdef _WIN32
HCRYPTPROV hProvider;
union {
unsigned __int64 seed;
BYTE buffer[8];
} rand_buffer;
hProvider = 0;
if (CryptAcquireContext(&hProvider, 0, 0, PROV_RSA_FULL, \
CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
CryptGenRandom(hProvider, 8, rand_buffer.buffer);
CryptReleaseContext(hProvider, 0);
} else {
rand_buffer.seed = (unsigned __int64)clock();
}
#else
FILE *urand;
union {
uint64_t seed;
uint8_t buffer[8];
} rand_buffer;
urand = fopen("/dev/urandom", "r");
if (urand) {
int read = fread(&rand_buffer.seed, sizeof(rand_buffer.seed), 1,
urand);
fclose(urand);
if (read <= 0) {
rand_buffer.seed = (uint64_t)clock();
}
} else {
rand_buffer.seed = (uint64_t)clock();
}
#endif
mbedtls_entropy_init(&ec);
// XXX: ctr_drbg_init changed, seems we should initialize it before calling mbedtls_ctr_drbg_seed()
mbedtls_ctr_drbg_init(&cd_ctx);
if (mbedtls_ctr_drbg_seed(&cd_ctx, mbedtls_entropy_func, &ec,
(const unsigned char *)rand_buffer.buffer, 8) != 0) {
mbedtls_entropy_free(&ec);
FATAL("mbed TLS: Failed to initialize random generator");
}
rand_initialised = 1;
}
while (len > 0) {
if (mbedtls_ctr_drbg_random(&cd_ctx, output, blen) != 0) {
return 0;
}
output += blen;
len -= blen;
}
return 1;
#endif
}
int main( int argc, char *argv[] )
{
FILE *f;
int i, k, ret;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_entropy_context entropy;
unsigned char buf[1024];
mbedtls_ctr_drbg_init( &ctr_drbg );
if( argc < 2 )
{
mbedtls_fprintf( stderr, "usage: %s <output filename>\n", argv[0] );
return( 1 );
}
if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
{
mbedtls_printf( "failed to open '%s' for writing.\n", argv[1] );
return( 1 );
}
mbedtls_entropy_init( &entropy );
ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) "RANDOM_GEN", 10 );
if( ret != 0 )
{
mbedtls_printf( "failed in mbedtls_ctr_drbg_seed: %d\n", ret );
goto cleanup;
}
mbedtls_ctr_drbg_set_prediction_resistance( &ctr_drbg, MBEDTLS_CTR_DRBG_PR_OFF );
#if defined(MBEDTLS_FS_IO)
ret = mbedtls_ctr_drbg_update_seed_file( &ctr_drbg, "seedfile" );
if( ret == MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR )
{
mbedtls_printf( "Failed to open seedfile. Generating one.\n" );
ret = mbedtls_ctr_drbg_write_seed_file( &ctr_drbg, "seedfile" );
if( ret != 0 )
{
mbedtls_printf( "failed in mbedtls_ctr_drbg_write_seed_file: %d\n", ret );
goto cleanup;
}
}
else if( ret != 0 )
{
mbedtls_printf( "failed in mbedtls_ctr_drbg_update_seed_file: %d\n", ret );
goto cleanup;
}
#endif
for( i = 0, k = 768; i < k; i++ )
{
ret = mbedtls_ctr_drbg_random( &ctr_drbg, buf, sizeof( buf ) );
if( ret != 0 )
{
mbedtls_printf("failed!\n");
goto cleanup;
}
fwrite( buf, 1, sizeof( buf ), f );
mbedtls_printf( "Generating %ldkb of data in file '%s'... %04.1f" \
"%% done\r", (long)(sizeof(buf) * k / 1024), argv[1], (100 * (float) (i + 1)) / k );
fflush( stdout );
}
ret = 0;
cleanup:
mbedtls_printf("\n");
fclose( f );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
return( ret );
}
