int main(int argc, char ** argv) {
entropy_context entropy;
// initialize our AES context
aes_init(&aes);
entropy_init(&entropy);
//int ret;
if (argc != 2) {
printf("usage: %s client\n", argv[0]);
return 0;
}
if(__init()) {
printf(" * Exiting \n");
goto exit;
}
if(kvstore_dhm(pfd, &aes, argv[1], enckey, KVSTORE_AESKEY_LEN)) {
printf("\n ! DHM failed... Exiting");
goto exit;
}
// to derive the IV, we just hash the key
// assumed safe, the key IV is updated on each encryption
entropy_func(&entropy, iv, KVSTORE_AESIV_LEN);
send_commands();
exit:
aes_free(&aes);
printf("\n");
return 0;
}
result_t crypto_base::pseudoRandomBytes(int32_t size, obj_ptr<Buffer_base> &retVal,
exlib::AsyncEvent *ac)
{
if (!ac)
return CHECK_ERROR(CALL_E_NOSYNC);
int i, ret;
entropy_context entropy;
unsigned char buf[ENTROPY_BLOCK_SIZE];
std::string strBuf;
strBuf.resize(size);
entropy_init(&entropy);
for (i = 0; i < size; i += sizeof(buf))
{
ret = entropy_func(&entropy, buf, sizeof(buf));
if (ret != 0)
{
entropy_free(&entropy);
return CHECK_ERROR(_ssl::setError(ret));
}
memcpy(&strBuf[i], buf, size - i > (int)sizeof(buf) ? (int)sizeof(buf) : size - i);
}
entropy_free(&entropy);
retVal = new Buffer(strBuf);
return 0;
}
/* start of entropy_func_mutex() */
static int entropy_func_mutex(void *data, unsigned char *output, size_t len)
{
int ret;
/* lock 1 = entropy_func_mutex() */
Curl_polarsslthreadlock_lock_function(1);
ret = entropy_func(data, output, len);
Curl_polarsslthreadlock_unlock_function(1);
return ret;
}
int main( int argc, char *argv[] )
{
FILE *f;
int i, k, ret;
entropy_context entropy;
unsigned char buf[ENTROPY_BLOCK_SIZE];
if( argc < 2 )
{
fprintf( stderr, "usage: %s <output filename>\n", argv[0] );
return( 1 );
}
if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
{
printf( "failed to open '%s' for writing.\n", argv[0] );
return( 1 );
}
entropy_init( &entropy );
for( i = 0, k = 768; i < k; i++ )
{
ret = entropy_func( &entropy, buf, sizeof( buf ) );
if( ret != 0 )
{
printf("failed!\n");
goto cleanup;
}
fwrite( buf, 1, sizeof( buf ), f );
printf( "Generating 32Mb of data in file '%s'... %04.1f" \
"%% done\r", argv[1], (100 * (float) (i + 1)) / k );
fflush( stdout );
}
ret = 0;
cleanup:
fclose( f );
entropy_free( &entropy );
return( ret );
}
int entropy_write_seed_file( entropy_context *ctx, const char *path )
{
int ret = POLARSSL_ERR_ENTROPY_FILE_IO_ERROR;
FILE *f;
unsigned char buf[ENTROPY_BLOCK_SIZE];
if( ( f = fopen( path, "wb" ) ) == NULL )
return( POLARSSL_ERR_ENTROPY_FILE_IO_ERROR );
if( ( ret = entropy_func( ctx, buf, ENTROPY_BLOCK_SIZE ) ) != 0 )
goto exit;
if( fwrite( buf, 1, ENTROPY_BLOCK_SIZE, f ) != ENTROPY_BLOCK_SIZE )
{
ret = POLARSSL_ERR_ENTROPY_FILE_IO_ERROR;
goto exit;
}
ret = 0;
exit:
fclose( f );
return( ret );
}
/*
* The actual entropy quality is hard to test, but we can at least
* test that the functions don't cause errors and write the correct
* amount of data to buffers.
*/
int entropy_self_test( int verbose )
{
int ret = 0;
entropy_context ctx;
unsigned char buf[ENTROPY_BLOCK_SIZE] = { 0 };
unsigned char acc[ENTROPY_BLOCK_SIZE] = { 0 };
size_t i, j;
if( verbose != 0 )
polarssl_printf( " ENTROPY test: " );
entropy_init( &ctx );
ret = entropy_add_source( &ctx, entropy_dummy_source, NULL, 16 );
if( ret != 0 )
goto cleanup;
if( ( ret = entropy_gather( &ctx ) ) != 0 )
goto cleanup;
if( ( ret = entropy_update_manual( &ctx, buf, sizeof buf ) ) != 0 )
goto cleanup;
/*
* To test that entropy_func writes correct number of bytes:
* - use the whole buffer and rely on ASan to detect overruns
* - collect entropy 8 times and OR the result in an accumulator:
* any byte should then be 0 with probably 2^(-64), so requiring
* each of the 32 or 64 bytes to be non-zero has a false failure rate
* of at most 2^(-58) which is acceptable.
*/
for( i = 0; i < 8; i++ )
{
if( ( ret = entropy_func( &ctx, buf, sizeof( buf ) ) ) != 0 )
goto cleanup;
for( j = 0; j < sizeof( buf ); j++ )
acc[j] |= buf[j];
}
for( j = 0; j < sizeof( buf ); j++ )
{
if( acc[j] == 0 )
{
ret = 1;
goto cleanup;
}
}
cleanup:
entropy_free( &ctx );
if( verbose != 0 )
{
if( ret != 0 )
polarssl_printf( "failed\n" );
else
polarssl_printf( "passed\n" );
polarssl_printf( "\n" );
}
return( ret != 0 );
}
