result_t crypto_base::pseudoRandomBytes(int32_t size, obj_ptr<Buffer_base> &retVal,
AsyncEvent *ac)
{
if (!ac)
return CHECK_ERROR(CALL_E_NOSYNC);
int32_t i, ret;
mbedtls_entropy_context entropy;
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
qstring strBuf;
strBuf.resize(size);
mbedtls_entropy_init(&entropy);
for (i = 0; i < size; i += sizeof(buf))
{
ret = mbedtls_entropy_func(&entropy, buf, sizeof(buf));
if (ret != 0)
{
mbedtls_entropy_free(&entropy);
return CHECK_ERROR(_ssl::setError(ret));
}
memcpy(&strBuf[i], buf, size - i > (int32_t)sizeof(buf) ? (int32_t)sizeof(buf) : size - i);
}
mbedtls_entropy_free(&entropy);
retVal = new Buffer(strBuf);
return 0;
}
int mbedtls_entropy_write_seed_file(mbedtls_entropy_context *ctx, const char *path)
{
int ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
FILE *f;
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
if ((f = fopen(path, "wb")) == NULL) {
return (MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR);
}
if ((ret = mbedtls_entropy_func(ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE)) != 0) {
goto exit;
}
if (fwrite(buf, 1, MBEDTLS_ENTROPY_BLOCK_SIZE, f) != MBEDTLS_ENTROPY_BLOCK_SIZE) {
ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
goto exit;
}
ret = 0;
exit:
fclose(f);
return (ret);
}
int DeviceKey::generate_key_by_random(uint32_t *output, size_t size)
{
int ret = DEVICEKEY_GENERATE_RANDOM_ERROR;
if (DEVICE_KEY_16BYTE > size) {
return DEVICEKEY_BUFFER_TOO_SMALL;
} else if (DEVICE_KEY_16BYTE != size && DEVICE_KEY_32BYTE != size) {
return DEVICEKEY_INVALID_PARAM;
}
#if defined(DEVICE_TRNG) || defined(MBEDTLS_ENTROPY_NV_SEED)
uint32_t test_buff[DEVICE_KEY_32BYTE / sizeof(int)];
mbedtls_entropy_context *entropy = new mbedtls_entropy_context;
mbedtls_entropy_init(entropy);
memset(output, 0, size);
memset(test_buff, 0, size);
ret = mbedtls_entropy_func(entropy, (unsigned char *)output, size);
if (ret != MBED_SUCCESS || mbedtls_ssl_safer_memcmp(test_buff, (unsigned char *)output, size) == 0) {
ret = DEVICEKEY_GENERATE_RANDOM_ERROR;
} else {
ret = DEVICEKEY_SUCCESS;
}
mbedtls_entropy_free(entropy);
delete entropy;
#endif
return ret;
}
/* start of entropy_func_mutex() */
static int entropy_func_mutex(void *data, unsigned char *output, size_t len)
{
int ret;
/* lock 1 = entropy_func_mutex() */
Curl_polarsslthreadlock_lock_function(1);
ret = mbedtls_entropy_func(data, output, len);
Curl_polarsslthreadlock_unlock_function(1);
return ret;
}
int main( int argc, char *argv[] )
{
FILE *f;
int i, k, ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_entropy_context entropy;
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
if( argc < 2 )
{
mbedtls_fprintf( stderr, "usage: %s <output filename>\n", argv[0] );
return( exit_code );
}
if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
{
mbedtls_printf( "failed to open '%s' for writing.\n", argv[1] );
return( exit_code );
}
mbedtls_entropy_init( &entropy );
for( i = 0, k = 768; i < k; i++ )
{
ret = mbedtls_entropy_func( &entropy, buf, sizeof( buf ) );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_entropy_func returned -%04X\n",
ret );
goto cleanup;
}
fwrite( buf, 1, sizeof( buf ), f );
mbedtls_printf( "Generating %ldkb of data in file '%s'... %04.1f" \
"%% done\r", (long)(sizeof(buf) * k / 1024), argv[1], (100 * (float) (i + 1)) / k );
fflush( stdout );
}
exit_code = MBEDTLS_EXIT_SUCCESS;
cleanup:
mbedtls_printf( "\n" );
fclose( f );
mbedtls_entropy_free( &entropy );
return( exit_code );
}
int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx )
{
int ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
/* Read new seed and write it to NV */
if( ( ret = mbedtls_entropy_func( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 )
return( ret );
if( mbedtls_nv_seed_write( buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) < 0 )
return( MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR );
/* Manually update the remaining stream with a separator value to diverge */
memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );
ret = mbedtls_entropy_update_manual( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE );
return( ret );
}
static
int generate_salt(unsigned char *salt, size_t len) {
unsigned char buf[32];
mbedtls_entropy_context ent;
mbedtls_entropy_init(&ent);
if (mbedtls_entropy_func(&ent, buf,
sizeof(buf)) != 0) {
mbedtls_entropy_free(&ent);
return -1;
}
mbedtls_entropy_free(&ent);
if (mbedtls_base64_encode(salt,
len, &len,
buf, sizeof(buf)) != 0) {
return -1;
}
return 0;
}
int Server_init_rng(Server *srv)
{
int rc;
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
void *ctx = NULL;
mbedtls_entropy_init( &srv->entropy );
// test the entropy source
rc = mbedtls_entropy_func(&srv->entropy, buf, MBEDTLS_ENTROPY_BLOCK_SIZE);
if(rc == 0) {
ctx = calloc(sizeof(mbedtls_ctr_drbg_context), 1);
mbedtls_ctr_drbg_init((mbedtls_ctr_drbg_context *)ctx);
rc = mbedtls_ctr_drbg_seed((mbedtls_ctr_drbg_context *)ctx,
mbedtls_entropy_func, &srv->entropy, NULL, 0);
check(rc == 0, "Init rng failed: ctr_drbg_init returned %d\n", rc);
srv->rng_func = mbedtls_ctr_drbg_random;
srv->rng_ctx = ctx;
} else {
log_warn("entropy source unavailable. falling back to havege rng");
ctx = calloc(sizeof(mbedtls_havege_state), 1);
mbedtls_havege_init((mbedtls_havege_state *)ctx);
srv->rng_func = mbedtls_havege_random;
srv->rng_ctx = ctx;
}
return 0;
error:
if(ctx != NULL) free(ctx);
return -1;
}
/*
* The actual entropy quality is hard to test, but we can at least
* test that the functions don't cause errors and write the correct
* amount of data to buffers.
*/
int mbedtls_entropy_self_test( int verbose )
{
int ret = 0;
mbedtls_entropy_context ctx;
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 };
unsigned char acc[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 };
size_t i, j;
if( verbose != 0 )
mbedtls_printf( " ENTROPY test: " );
mbedtls_entropy_init( &ctx );
/* First do a gather to make sure we have default sources */
if( ( ret = mbedtls_entropy_gather( &ctx ) ) != 0 )
goto cleanup;
ret = mbedtls_entropy_add_source( &ctx, entropy_dummy_source, NULL, 16,
MBEDTLS_ENTROPY_SOURCE_WEAK );
if( ret != 0 )
goto cleanup;
if( ( ret = mbedtls_entropy_update_manual( &ctx, buf, sizeof buf ) ) != 0 )
goto cleanup;
/*
* To test that mbedtls_entropy_func writes correct number of bytes:
* - use the whole buffer and rely on ASan to detect overruns
* - collect entropy 8 times and OR the result in an accumulator:
* any byte should then be 0 with probably 2^(-64), so requiring
* each of the 32 or 64 bytes to be non-zero has a false failure rate
* of at most 2^(-58) which is acceptable.
*/
for( i = 0; i < 8; i++ )
{
if( ( ret = mbedtls_entropy_func( &ctx, buf, sizeof( buf ) ) ) != 0 )
goto cleanup;
for( j = 0; j < sizeof( buf ); j++ )
acc[j] |= buf[j];
}
for( j = 0; j < sizeof( buf ); j++ )
{
if( acc[j] == 0 )
{
ret = 1;
goto cleanup;
}
}
cleanup:
mbedtls_entropy_free( &ctx );
if( verbose != 0 )
{
if( ret != 0 )
mbedtls_printf( "failed\n" );
else
mbedtls_printf( "passed\n" );
mbedtls_printf( "\n" );
}
return( ret != 0 );
}