void entropy_init( entropy_context *ctx ) { memset( ctx, 0, sizeof(entropy_context) ); #if defined(POLARSSL_THREADING_C) polarssl_mutex_init( &ctx->mutex ); #endif #if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR) sha512_starts( &ctx->accumulator, 0 ); #else sha256_starts( &ctx->accumulator, 0 ); #endif #if defined(POLARSSL_HAVEGE_C) havege_init( &ctx->havege_data ); #endif #if !defined(POLARSSL_NO_DEFAULT_ENTROPY_SOURCES) #if !defined(POLARSSL_NO_PLATFORM_ENTROPY) entropy_add_source( ctx, platform_entropy_poll, NULL, ENTROPY_MIN_PLATFORM ); #endif #if defined(POLARSSL_TIMING_C) entropy_add_source( ctx, hardclock_poll, NULL, ENTROPY_MIN_HARDCLOCK ); #endif #if defined(POLARSSL_HAVEGE_C) entropy_add_source( ctx, havege_poll, &ctx->havege_data, ENTROPY_MIN_HAVEGE ); #endif #endif /* POLARSSL_NO_DEFAULT_ENTROPY_SOURCES */ }
void rand_ctx_init_platform_entropy(int min_size, bool use_urandom) { static bool platform_set = false; if (!platform_set) { ctr_drbg_context *cd_ctx = rand_ctx_get(); entropy_context *ec = cd_ctx->p_entropy; f_source_ptr f_source = platform_entropy_poll; ASSERT(NULL != ec); #ifndef WIN32 if (use_urandom) f_source = urandom_entropy_poll; #endif if (0 != entropy_add_source(ec, f_source, NULL, min_size)) msg (M_FATAL, "Failed to add platform source to entropy pool"); if (!rand_ctx_reseed()) msg (M_FATAL, "ERROR: Random number generator failed to obtain entropy to reseed"); platform_set = true; } }
int init_random(void) { /* Initialize the rng */ entropy_init(&entropy); entropy_add_source(&entropy, tpm_entropy_source, NULL, 0); entropy_gather(&entropy); ctr_drbg_init(&ctr_drbg, entropy_func, &entropy, NULL, 0); ctr_drbg_set_prediction_resistance( &ctr_drbg, CTR_DRBG_PR_OFF ); return 0; }
/* * Initialise the given ctr_drbg context, using a personalisation string and an * entropy gathering function. */ ctr_drbg_context * rand_ctx_get() { static havege_state hs = {0}; static entropy_context ec = {0}; static ctr_drbg_context cd_ctx = {0}; static bool rand_initialised = false; if (!rand_initialised) { struct gc_arena gc = gc_new(); struct buffer pers_string = alloc_buf_gc(100, &gc); /* * Personalisation string, should be as unique as possible (see NIST * 800-90 section 8.7.1). We have very little information at this stage. * Include Program Name, memory address of the context and PID. */ buf_printf(&pers_string, "OpenVPN %0u %p %s", platform_getpid(), &cd_ctx, time_string(0, 0, 0, &gc)); /* Initialise PolarSSL RNG, and built-in entropy sources */ havege_init(&hs); entropy_init(&ec); if (0 != entropy_add_source(&ec, hardclock_poll, NULL, ENTROPY_MIN_HARDCLOCK)) msg (M_FATAL, "Failed to add hardclock to entropy pool"); if (0 != entropy_add_source(&ec, havege_poll, &hs, ENTROPY_MIN_HAVEGE)) msg (M_FATAL, "Failed to add havege to entropy pool"); if (0 != ctr_drbg_init(&cd_ctx, entropy_func, &ec, BPTR(&pers_string), BLEN(&pers_string))) msg (M_FATAL, "Failed to initialize random generator"); gc_free(&gc); rand_initialised = true; } return &cd_ctx; }
/* * The actual entropy quality is hard to test, but we can at least * test that the functions don't cause errors and write the correct * amount of data to buffers. */ int entropy_self_test( int verbose ) { int ret = 0; entropy_context ctx; unsigned char buf[ENTROPY_BLOCK_SIZE] = { 0 }; unsigned char acc[ENTROPY_BLOCK_SIZE] = { 0 }; size_t i, j; if( verbose != 0 ) polarssl_printf( " ENTROPY test: " ); entropy_init( &ctx ); ret = entropy_add_source( &ctx, entropy_dummy_source, NULL, 16 ); if( ret != 0 ) goto cleanup; if( ( ret = entropy_gather( &ctx ) ) != 0 ) goto cleanup; if( ( ret = entropy_update_manual( &ctx, buf, sizeof buf ) ) != 0 ) goto cleanup; /* * To test that entropy_func writes correct number of bytes: * - use the whole buffer and rely on ASan to detect overruns * - collect entropy 8 times and OR the result in an accumulator: * any byte should then be 0 with probably 2^(-64), so requiring * each of the 32 or 64 bytes to be non-zero has a false failure rate * of at most 2^(-58) which is acceptable. */ for( i = 0; i < 8; i++ ) { if( ( ret = entropy_func( &ctx, buf, sizeof( buf ) ) ) != 0 ) goto cleanup; for( j = 0; j < sizeof( buf ); j++ ) acc[j] |= buf[j]; } for( j = 0; j < sizeof( buf ); j++ ) { if( acc[j] == 0 ) { ret = 1; goto cleanup; } } cleanup: entropy_free( &ctx ); if( verbose != 0 ) { if( ret != 0 ) polarssl_printf( "failed\n" ); else polarssl_printf( "passed\n" ); polarssl_printf( "\n" ); } return( ret != 0 ); }
int main( int argc, char *argv[] ) { int ret = 0; pk_context key; char buf[1024]; int i; char *p, *q; entropy_context entropy; ctr_drbg_context ctr_drbg; const char *pers = "gen_key"; #if defined(POLARSSL_ECP_C) const ecp_curve_info *curve_info; #endif /* * Set to sane values */ pk_init( &key ); memset( buf, 0, sizeof( buf ) ); if( argc == 0 ) { usage: ret = 1; printf( USAGE ); #if defined(POLARSSL_ECP_C) printf( " availabled ec_curve values:\n" ); curve_info = ecp_curve_list(); printf( " %s (default)\n", curve_info->name ); while( ( ++curve_info )->name != NULL ) printf( " %s\n", curve_info->name ); #endif goto exit; } opt.type = DFL_TYPE; opt.rsa_keysize = DFL_RSA_KEYSIZE; opt.ec_curve = DFL_EC_CURVE; opt.filename = DFL_FILENAME; opt.format = DFL_FORMAT; opt.use_dev_random = DFL_USE_DEV_RANDOM; for( i = 1; i < argc; i++ ) { p = argv[i]; if( ( q = strchr( p, '=' ) ) == NULL ) goto usage; *q++ = '\0'; if( strcmp( p, "type" ) == 0 ) { if( strcmp( q, "rsa" ) == 0 ) opt.type = POLARSSL_PK_RSA; else if( strcmp( q, "ec" ) == 0 ) opt.type = POLARSSL_PK_ECKEY; else goto usage; } else if( strcmp( p, "format" ) == 0 ) { if( strcmp( q, "pem" ) == 0 ) opt.format = FORMAT_PEM; else if( strcmp( q, "der" ) == 0 ) opt.format = FORMAT_DER; else goto usage; } else if( strcmp( p, "rsa_keysize" ) == 0 ) { opt.rsa_keysize = atoi( q ); if( opt.rsa_keysize < 1024 || opt.rsa_keysize > 8192 ) goto usage; } else if( strcmp( p, "ec_curve" ) == 0 ) { if( ( curve_info = ecp_curve_info_from_name( q ) ) == NULL ) goto usage; opt.ec_curve = curve_info->grp_id; } else if( strcmp( p, "filename" ) == 0 ) opt.filename = q; else if( strcmp( p, "use_dev_random" ) == 0 ) { opt.use_dev_random = atoi( q ); if( opt.use_dev_random < 0 || opt.use_dev_random > 1 ) goto usage; } else goto usage; } printf( "\n . Seeding the random number generator..." ); fflush( stdout ); entropy_init( &entropy ); #if !defined(_WIN32) && defined(POLARSSL_FS_IO) if( opt.use_dev_random ) { if( ( ret = entropy_add_source( &entropy, dev_random_entropy_poll, NULL, DEV_RANDOM_THRESHOLD ) ) != 0 ) { printf( " failed\n ! entropy_add_source returned -0x%04x\n", -ret ); goto exit; } printf("\n Using /dev/random, so can take a long time! " ); fflush( stdout ); } #endif /* !_WIN32 && POLARSSL_FS_IO */ if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy, (const unsigned char *) pers, strlen( pers ) ) ) != 0 ) { printf( " failed\n ! ctr_drbg_init returned -0x%04x\n", -ret ); goto exit; } /* * 1.1. Generate the key */ printf( "\n . Generating the private key ..." ); fflush( stdout ); if( ( ret = pk_init_ctx( &key, pk_info_from_type( opt.type ) ) ) != 0 ) { printf( " failed\n ! pk_init_ctx returned -0x%04x", -ret ); goto exit; } #if defined(POLARSSL_RSA_C) && defined(POLARSSL_GENPRIME) if( opt.type == POLARSSL_PK_RSA ) { ret = rsa_gen_key( pk_rsa( key ), ctr_drbg_random, &ctr_drbg, opt.rsa_keysize, 65537 ); if( ret != 0 ) { printf( " failed\n ! rsa_gen_key returned -0x%04x", -ret ); goto exit; } } else #endif /* POLARSSL_RSA_C */ #if defined(POLARSSL_ECP_C) if( opt.type == POLARSSL_PK_ECKEY ) { ret = ecp_gen_key( opt.ec_curve, pk_ec( key ), ctr_drbg_random, &ctr_drbg ); if( ret != 0 ) { printf( " failed\n ! rsa_gen_key returned -0x%04x", -ret ); goto exit; } } else #endif /* POLARSSL_ECP_C */ { printf( " failed\n ! key type not supported\n" ); goto exit; } /* * 1.2 Print the key */ printf( " ok\n . Key information:\n" ); #if defined(POLARSSL_RSA_C) if( pk_get_type( &key ) == POLARSSL_PK_RSA ) { rsa_context *rsa = pk_rsa( key ); mpi_write_file( "N: ", &rsa->N, 16, NULL ); mpi_write_file( "E: ", &rsa->E, 16, NULL ); mpi_write_file( "D: ", &rsa->D, 16, NULL ); mpi_write_file( "P: ", &rsa->P, 16, NULL ); mpi_write_file( "Q: ", &rsa->Q, 16, NULL ); mpi_write_file( "DP: ", &rsa->DP, 16, NULL ); mpi_write_file( "DQ: ", &rsa->DQ, 16, NULL ); mpi_write_file( "QP: ", &rsa->QP, 16, NULL ); } else #endif #if defined(POLARSSL_ECP_C) if( pk_get_type( &key ) == POLARSSL_PK_ECKEY ) { ecp_keypair *ecp = pk_ec( key ); printf( "curve: %s\n", ecp_curve_info_from_grp_id( ecp->grp.id )->name ); mpi_write_file( "X_Q: ", &ecp->Q.X, 16, NULL ); mpi_write_file( "Y_Q: ", &ecp->Q.Y, 16, NULL ); mpi_write_file( "D: ", &ecp->d , 16, NULL ); } else #endif printf(" ! key type not supported\n"); write_private_key( &key, opt.filename ); exit: if( ret != 0 && ret != 1) { #ifdef POLARSSL_ERROR_C polarssl_strerror( ret, buf, sizeof( buf ) ); printf( " - %s\n", buf ); #else printf("\n"); #endif } pk_free( &key ); ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); #if defined(_WIN32) printf( " + Press Enter to exit this program.\n" ); fflush( stdout ); getchar(); #endif return( ret ); }