/*
* Checkup routine for HMAC_DRBG with SHA-1
*/
int mbedtls_hmac_drbg_self_test( int verbose )
{
mbedtls_hmac_drbg_context ctx;
unsigned char buf[OUTPUT_LEN];
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 );
mbedtls_hmac_drbg_init( &ctx );
/*
* PR = True
*/
if( verbose != 0 )
mbedtls_printf( " HMAC_DRBG (PR = True) : " );
test_offset = 0;
CHK( mbedtls_hmac_drbg_seed( &ctx, md_info,
hmac_drbg_self_test_entropy, (void *) entropy_pr,
NULL, 0 ) );
mbedtls_hmac_drbg_set_prediction_resistance( &ctx, MBEDTLS_HMAC_DRBG_PR_ON );
CHK( mbedtls_hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) );
CHK( mbedtls_hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) );
CHK( memcmp( buf, result_pr, OUTPUT_LEN ) );
mbedtls_hmac_drbg_free( &ctx );
mbedtls_hmac_drbg_free( &ctx );
if( verbose != 0 )
mbedtls_printf( "passed\n" );
/*
* PR = False
*/
if( verbose != 0 )
mbedtls_printf( " HMAC_DRBG (PR = False) : " );
mbedtls_hmac_drbg_init( &ctx );
test_offset = 0;
CHK( mbedtls_hmac_drbg_seed( &ctx, md_info,
hmac_drbg_self_test_entropy, (void *) entropy_nopr,
NULL, 0 ) );
CHK( mbedtls_hmac_drbg_reseed( &ctx, NULL, 0 ) );
CHK( mbedtls_hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) );
CHK( mbedtls_hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) );
CHK( memcmp( buf, result_nopr, OUTPUT_LEN ) );
mbedtls_hmac_drbg_free( &ctx );
mbedtls_hmac_drbg_free( &ctx );
if( verbose != 0 )
mbedtls_printf( "passed\n" );
if( verbose != 0 )
mbedtls_printf( "\n" );
return( 0 );
}
static int conn_link_mbedtls_initialize(void)
{
if (g_https_data.initialized)
return 0;
g_https_data.mbedtls = calloc(1, sizeof(*g_https_data.mbedtls));
if (!g_https_data.mbedtls)
return -1;
mbedtls_platform_set_calloc_free(conn_link_mbedtls_calloc,
conn_link_mbedtls_free);
mbedtls_ssl_config_init(&g_https_data.mbedtls->conf);
mbedtls_ssl_session_init(&g_https_data.mbedtls->saved_session);
mbedtls_entropy_init(&g_https_data.mbedtls->entropy);
#ifdef CONFIG_MBEDTLS_ENABLE_CTR_DRBG
mbedtls_ctr_drbg_init(&g_https_data.mbedtls->drbg);
if (mbedtls_ctr_drbg_seed(&g_https_data.mbedtls->drbg,
mbedtls_entropy_func,
&g_https_data.mbedtls->entropy,
(const void *)"sfx", 3) != 0)
{
goto err_free;
}
#else
const mbedtls_md_info_t *md_info = NULL;
#ifdef MBEDTLS_SHA1_C
md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1);
#elif defined(MBEDTLS_SHA256_C)
md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
#elif defined(MBEDTLS_SHA512_C)
md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA512);
#endif
DEBUGASSERT(md_info != NULL);
mbedtls_hmac_drbg_init(&g_https_data.mbedtls->drbg);
if (mbedtls_hmac_drbg_seed(&g_https_data.mbedtls->drbg,
md_info,
mbedtls_entropy_func,
&g_https_data.mbedtls->entropy,
(const void *)"sfx", 3) != 0)
{
goto err_free;
}
#endif
if (mbedtls_ssl_config_defaults(&g_https_data.mbedtls->conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT) != 0)
{
goto err_free;
}
#ifdef CONFIG_MBEDTLS_ENABLE_CTR_DRBG
mbedtls_ssl_conf_rng(&g_https_data.mbedtls->conf,
mbedtls_ctr_drbg_random,
&g_https_data.mbedtls->drbg);
#else
mbedtls_ssl_conf_rng(&g_https_data.mbedtls->conf,
mbedtls_hmac_drbg_random,
&g_https_data.mbedtls->drbg);
#endif
mbedtls_ssl_conf_authmode(&g_https_data.mbedtls->conf,
MBEDTLS_SSL_VERIFY_NONE);
#ifdef CONFIG_MBEDTLS_MAX_FRAGMENT
mbedtls_ssl_conf_max_frag_len(&g_https_data.mbedtls->conf,
MBEDTLS_SSL_MAX_FRAG_LEN_512);
#endif
#ifdef CONFIG_MBEDTLS_TRUNCATED_HMAC
mbedtls_ssl_conf_truncated_hmac(&g_https_data.mbedtls->conf,
MBEDTLS_SSL_TRUNC_HMAC_ENABLED);
#endif
#ifdef CONFIG_MBEDTLS_SESSION_TICKET
/* Use SSL out-fragment buffer of at least 384 bytes with session tickets,
* preferably at least 512 bytes. */
mbedtls_ssl_conf_session_tickets(&g_https_data.mbedtls->conf,
MBEDTLS_SSL_SESSION_TICKETS_ENABLED);
#endif
g_https_data.initialized = true;
return 0;
err_free:
#ifdef CONFIG_MBEDTLS_ENABLE_CTR_DRBG
mbedtls_ctr_drbg_free(&g_https_data.mbedtls->drbg);
#else
mbedtls_hmac_drbg_free(&g_https_data.mbedtls->drbg);
#endif
mbedtls_ssl_session_free(&g_https_data.mbedtls->saved_session);
mbedtls_ssl_config_free(&g_https_data.mbedtls->conf);
free(g_https_data.mbedtls);
g_https_data.mbedtls = NULL;
mbedtls_platform_set_calloc_free(calloc, free);
g_https_data.initialized = false;
return -1;
}
