Exemple #1
0
result_t crypto_base::pseudoRandomBytes(int32_t size, obj_ptr<Buffer_base> &retVal,
                                        AsyncEvent *ac)
{
    if (!ac)
        return CHECK_ERROR(CALL_E_NOSYNC);

    int32_t i, ret;
    mbedtls_entropy_context entropy;
    unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
    qstring strBuf;

    strBuf.resize(size);

    mbedtls_entropy_init(&entropy);

    for (i = 0; i < size; i += sizeof(buf))
    {
        ret = mbedtls_entropy_func(&entropy, buf, sizeof(buf));
        if (ret != 0)
        {
            mbedtls_entropy_free(&entropy);
            return CHECK_ERROR(_ssl::setError(ret));
        }

        memcpy(&strBuf[i], buf, size - i > (int32_t)sizeof(buf) ? (int32_t)sizeof(buf) : size - i);
    }

    mbedtls_entropy_free(&entropy);
    retVal = new Buffer(strBuf);

    return 0;
}
Exemple #2
0
int mbedtls_entropy_write_seed_file(mbedtls_entropy_context *ctx, const char *path)
{
	int ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
	FILE *f;
	unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];

	if ((f = fopen(path, "wb")) == NULL) {
		return (MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR);
	}

	if ((ret = mbedtls_entropy_func(ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE)) != 0) {
		goto exit;
	}

	if (fwrite(buf, 1, MBEDTLS_ENTROPY_BLOCK_SIZE, f) != MBEDTLS_ENTROPY_BLOCK_SIZE) {
		ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
		goto exit;
	}

	ret = 0;

exit:
	fclose(f);
	return (ret);
}
Exemple #3
0
int DeviceKey::generate_key_by_random(uint32_t *output, size_t size)
{
    int ret = DEVICEKEY_GENERATE_RANDOM_ERROR;

    if (DEVICE_KEY_16BYTE > size) {
        return DEVICEKEY_BUFFER_TOO_SMALL;
    } else if (DEVICE_KEY_16BYTE != size && DEVICE_KEY_32BYTE != size) {
        return DEVICEKEY_INVALID_PARAM;
    }

#if defined(DEVICE_TRNG) || defined(MBEDTLS_ENTROPY_NV_SEED)
    uint32_t test_buff[DEVICE_KEY_32BYTE / sizeof(int)];
    mbedtls_entropy_context *entropy = new mbedtls_entropy_context;
    mbedtls_entropy_init(entropy);
    memset(output, 0, size);
    memset(test_buff, 0, size);

    ret = mbedtls_entropy_func(entropy, (unsigned char *)output, size);
    if (ret != MBED_SUCCESS || mbedtls_ssl_safer_memcmp(test_buff, (unsigned char *)output, size) == 0) {
        ret = DEVICEKEY_GENERATE_RANDOM_ERROR;
    } else {
        ret = DEVICEKEY_SUCCESS;
    }

    mbedtls_entropy_free(entropy);
    delete entropy;

#endif

    return ret;
}
Exemple #4
0
/* start of entropy_func_mutex() */
static int entropy_func_mutex(void *data, unsigned char *output, size_t len)
{
  int ret;
  /* lock 1 = entropy_func_mutex() */
  Curl_polarsslthreadlock_lock_function(1);
  ret = mbedtls_entropy_func(data, output, len);
  Curl_polarsslthreadlock_unlock_function(1);

  return ret;
}
Exemple #5
0
int main( int argc, char *argv[] )
{
    FILE *f;
    int i, k, ret = 1;
    int exit_code = MBEDTLS_EXIT_FAILURE;
    mbedtls_entropy_context entropy;
    unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];

    if( argc < 2 )
    {
        mbedtls_fprintf( stderr, "usage: %s <output filename>\n", argv[0] );
        return( exit_code );
    }

    if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
    {
        mbedtls_printf( "failed to open '%s' for writing.\n", argv[1] );
        return( exit_code );
    }

    mbedtls_entropy_init( &entropy );

    for( i = 0, k = 768; i < k; i++ )
    {
        ret = mbedtls_entropy_func( &entropy, buf, sizeof( buf ) );
        if( ret != 0 )
        {
            mbedtls_printf( "  failed\n  !  mbedtls_entropy_func returned -%04X\n",
                            ret );
            goto cleanup;
        }

        fwrite( buf, 1, sizeof( buf ), f );

        mbedtls_printf( "Generating %ldkb of data in file '%s'... %04.1f" \
                "%% done\r", (long)(sizeof(buf) * k / 1024), argv[1], (100 * (float) (i + 1)) / k );
        fflush( stdout );
    }

    exit_code = MBEDTLS_EXIT_SUCCESS;

cleanup:
    mbedtls_printf( "\n" );

    fclose( f );
    mbedtls_entropy_free( &entropy );

    return( exit_code );
}
Exemple #6
0
int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx )
{
    int ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
    unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];

    /* Read new seed  and write it to NV */
    if( ( ret = mbedtls_entropy_func( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 )
        return( ret );

    if( mbedtls_nv_seed_write( buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) < 0 )
        return( MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR );

    /* Manually update the remaining stream with a separator value to diverge */
    memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );
    ret = mbedtls_entropy_update_manual( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE );

    return( ret );
}
Exemple #7
0
static
int generate_salt(unsigned char *salt, size_t len) {
    unsigned char buf[32];
    mbedtls_entropy_context ent;
    mbedtls_entropy_init(&ent);
    if (mbedtls_entropy_func(&ent, buf,
                             sizeof(buf)) != 0) {
        mbedtls_entropy_free(&ent);
        return -1;
    }
    mbedtls_entropy_free(&ent);

    if (mbedtls_base64_encode(salt,
                              len, &len,
                              buf, sizeof(buf)) != 0) {
        return -1;
    }

    return 0;
}
Exemple #8
0
int Server_init_rng(Server *srv)
{
    int rc;
    unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
    void *ctx = NULL;

    mbedtls_entropy_init( &srv->entropy );

    // test the entropy source
    rc = mbedtls_entropy_func(&srv->entropy, buf, MBEDTLS_ENTROPY_BLOCK_SIZE);

    if(rc == 0) {
        ctx = calloc(sizeof(mbedtls_ctr_drbg_context), 1);

        mbedtls_ctr_drbg_init((mbedtls_ctr_drbg_context *)ctx);
        rc = mbedtls_ctr_drbg_seed((mbedtls_ctr_drbg_context *)ctx,
            mbedtls_entropy_func, &srv->entropy, NULL, 0);
        check(rc == 0, "Init rng failed: ctr_drbg_init returned %d\n", rc);

        srv->rng_func = mbedtls_ctr_drbg_random;
        srv->rng_ctx = ctx;
    } else {
        log_warn("entropy source unavailable. falling back to havege rng");

        ctx = calloc(sizeof(mbedtls_havege_state), 1);
        mbedtls_havege_init((mbedtls_havege_state *)ctx);

        srv->rng_func = mbedtls_havege_random;
        srv->rng_ctx = ctx;
    }

    return 0;
error:
    if(ctx != NULL) free(ctx);
    return -1;
}
Exemple #9
0
/*
 * The actual entropy quality is hard to test, but we can at least
 * test that the functions don't cause errors and write the correct
 * amount of data to buffers.
 */
int mbedtls_entropy_self_test( int verbose )
{
    int ret = 0;
    mbedtls_entropy_context ctx;
    unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 };
    unsigned char acc[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 };
    size_t i, j;

    if( verbose != 0 )
        mbedtls_printf( "  ENTROPY test: " );

    mbedtls_entropy_init( &ctx );

    /* First do a gather to make sure we have default sources */
    if( ( ret = mbedtls_entropy_gather( &ctx ) ) != 0 )
        goto cleanup;

    ret = mbedtls_entropy_add_source( &ctx, entropy_dummy_source, NULL, 16,
                                      MBEDTLS_ENTROPY_SOURCE_WEAK );
    if( ret != 0 )
        goto cleanup;

    if( ( ret = mbedtls_entropy_update_manual( &ctx, buf, sizeof buf ) ) != 0 )
        goto cleanup;

    /*
     * To test that mbedtls_entropy_func writes correct number of bytes:
     * - use the whole buffer and rely on ASan to detect overruns
     * - collect entropy 8 times and OR the result in an accumulator:
     *   any byte should then be 0 with probably 2^(-64), so requiring
     *   each of the 32 or 64 bytes to be non-zero has a false failure rate
     *   of at most 2^(-58) which is acceptable.
     */
    for( i = 0; i < 8; i++ )
    {
        if( ( ret = mbedtls_entropy_func( &ctx, buf, sizeof( buf ) ) ) != 0 )
            goto cleanup;

        for( j = 0; j < sizeof( buf ); j++ )
            acc[j] |= buf[j];
    }

    for( j = 0; j < sizeof( buf ); j++ )
    {
        if( acc[j] == 0 )
        {
            ret = 1;
            goto cleanup;
        }
    }

cleanup:
    mbedtls_entropy_free( &ctx );

    if( verbose != 0 )
    {
        if( ret != 0 )
            mbedtls_printf( "failed\n" );
        else
            mbedtls_printf( "passed\n" );

        mbedtls_printf( "\n" );
    }

    return( ret != 0 );
}