search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge pull request #2735 from jareckib/master
[RRG-proxmark3.git] / common / mbedtls / entropy.c
blobb4db5aac765ec36e5b0753c04956d96239e948dd
1 /*
2 * Entropy accumulator implementation
3 *
4 * Copyright The Mbed TLS Contributors
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 */
19
20 #include "common.h"
21
22 #if defined(MBEDTLS_ENTROPY_C)
23
24 #if defined(MBEDTLS_TEST_NULL_ENTROPY)
25 #warning "**** WARNING! MBEDTLS_TEST_NULL_ENTROPY defined! "
26 #warning "**** THIS BUILD HAS NO DEFINED ENTROPY SOURCES "
27 #warning "**** THIS BUILD IS *NOT* SUITABLE FOR PRODUCTION USE "
28 #endif
29
30 #include "mbedtls/entropy.h"
31 #include "mbedtls/entropy_poll.h"
32 #include "mbedtls/platform_util.h"
33 #include "mbedtls/error.h"
34
35 #include <string.h>
36
37 #if defined(MBEDTLS_FS_IO)
38 #include <stdio.h>
39 #endif
40
41 #if defined(MBEDTLS_ENTROPY_NV_SEED)
42 #include "mbedtls/platform.h"
43 #endif
44
45 #if defined(MBEDTLS_SELF_TEST)
46 #if defined(MBEDTLS_PLATFORM_C)
47 #include "mbedtls/platform.h"
48 #else
49 #include <stdio.h>
50 #define mbedtls_printf printf
51 #endif /* MBEDTLS_PLATFORM_C */
52 #endif /* MBEDTLS_SELF_TEST */
53
54 #if defined(MBEDTLS_HAVEGE_C)
55 #include "mbedtls/havege.h"
56 #endif
57
58 #define ENTROPY_MAX_LOOP 256 /**< Maximum amount to loop before error */
59
60 void mbedtls_entropy_init(mbedtls_entropy_context *ctx) {
61 ctx->source_count = 0;
62 memset(ctx->source, 0, sizeof(ctx->source));
63
64 #if defined(MBEDTLS_THREADING_C)
65 mbedtls_mutex_init(&ctx->mutex);
66 #endif
67
68 ctx->accumulator_started = 0;
69 #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
70 mbedtls_sha512_init(&ctx->accumulator);
71 #else
72 mbedtls_sha256_init(&ctx->accumulator);
73 #endif
74 #if defined(MBEDTLS_HAVEGE_C)
75 mbedtls_havege_init(&ctx->havege_data);
76 #endif
77
78 /* Reminder: Update ENTROPY_HAVE_STRONG in the test files
79 * when adding more strong entropy sources here. */
80
81 #if defined(MBEDTLS_TEST_NULL_ENTROPY)
82 mbedtls_entropy_add_source(ctx, mbedtls_null_entropy_poll, NULL,
83 1, MBEDTLS_ENTROPY_SOURCE_STRONG);
84 #endif
85
86 #if !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES)
87 #if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
88 mbedtls_entropy_add_source(ctx, mbedtls_platform_entropy_poll, NULL,
89 MBEDTLS_ENTROPY_MIN_PLATFORM,
90 MBEDTLS_ENTROPY_SOURCE_STRONG);
91 #endif
92 #if defined(MBEDTLS_TIMING_C)
93 mbedtls_entropy_add_source(ctx, mbedtls_hardclock_poll, NULL,
94 MBEDTLS_ENTROPY_MIN_HARDCLOCK,
95 MBEDTLS_ENTROPY_SOURCE_WEAK);
96 #endif
97 #if defined(MBEDTLS_HAVEGE_C)
98 mbedtls_entropy_add_source(ctx, mbedtls_havege_poll, &ctx->havege_data,
99 MBEDTLS_ENTROPY_MIN_HAVEGE,
100 MBEDTLS_ENTROPY_SOURCE_STRONG);
101 #endif
102 #if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
103 mbedtls_entropy_add_source(ctx, mbedtls_hardware_poll, NULL,
104 MBEDTLS_ENTROPY_MIN_HARDWARE,
105 MBEDTLS_ENTROPY_SOURCE_STRONG);
106 #endif
107 #if defined(MBEDTLS_ENTROPY_NV_SEED)
108 mbedtls_entropy_add_source(ctx, mbedtls_nv_seed_poll, NULL,
109 MBEDTLS_ENTROPY_BLOCK_SIZE,
110 MBEDTLS_ENTROPY_SOURCE_STRONG);
111 ctx->initial_entropy_run = 0;
112 #endif
113 #endif /* MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES */
114 }
115
116 void mbedtls_entropy_free(mbedtls_entropy_context *ctx) {
117 /* If the context was already free, don't call free() again.
118 * This is important for mutexes which don't allow double-free. */
119 if (ctx->accumulator_started == -1)
120 return;
121
122 #if defined(MBEDTLS_HAVEGE_C)
123 mbedtls_havege_free(&ctx->havege_data);
124 #endif
125 #if defined(MBEDTLS_THREADING_C)
126 mbedtls_mutex_free(&ctx->mutex);
127 #endif
128 #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
129 mbedtls_sha512_free(&ctx->accumulator);
130 #else
131 mbedtls_sha256_free(&ctx->accumulator);
132 #endif
133 #if defined(MBEDTLS_ENTROPY_NV_SEED)
134 ctx->initial_entropy_run = 0;
135 #endif
136 ctx->source_count = 0;
137 mbedtls_platform_zeroize(ctx->source, sizeof(ctx->source));
138 ctx->accumulator_started = -1;
139 }
140
141 int mbedtls_entropy_add_source(mbedtls_entropy_context *ctx,
142 mbedtls_entropy_f_source_ptr f_source, void *p_source,
143 size_t threshold, int strong) {
144 int idx, ret = 0;
145
146 #if defined(MBEDTLS_THREADING_C)
147 if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0)
148 return (ret);
149 #endif
150
151 idx = ctx->source_count;
152 if (idx >= MBEDTLS_ENTROPY_MAX_SOURCES) {
153 ret = MBEDTLS_ERR_ENTROPY_MAX_SOURCES;
154 goto exit;
155 }
156
157 ctx->source[idx].f_source = f_source;
158 ctx->source[idx].p_source = p_source;
159 ctx->source[idx].threshold = threshold;
160 ctx->source[idx].strong = strong;
161
162 ctx->source_count++;
163
164 exit:
165 #if defined(MBEDTLS_THREADING_C)
166 if (mbedtls_mutex_unlock(&ctx->mutex) != 0)
167 return (MBEDTLS_ERR_THREADING_MUTEX_ERROR);
168 #endif
169
170 return (ret);
171 }
172
173 /*
174 * Entropy accumulator update
175 */
176 static int entropy_update(mbedtls_entropy_context *ctx, unsigned char source_id,
177 const unsigned char *data, size_t len) {
178 unsigned char header[2];
179 unsigned char tmp[MBEDTLS_ENTROPY_BLOCK_SIZE];
180 size_t use_len = len;
181 const unsigned char *p = data;
182 int ret = 0;
183
184 if (use_len > MBEDTLS_ENTROPY_BLOCK_SIZE) {
185 #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
186 if ((ret = mbedtls_sha512_ret(data, len, tmp, 0)) != 0)
187 goto cleanup;
188 #else
189 if ((ret = mbedtls_sha256_ret(data, len, tmp, 0)) != 0)
190 goto cleanup;
191 #endif
192 p = tmp;
193 use_len = MBEDTLS_ENTROPY_BLOCK_SIZE;
194 }
195
196 header[0] = source_id;
197 header[1] = use_len & 0xFF;
198
199 /*
200 * Start the accumulator if this has not already happened. Note that
201 * it is sufficient to start the accumulator here only because all calls to
202 * gather entropy eventually execute this code.
203 */
204 #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
205 if (ctx->accumulator_started == 0 &&
206 (ret = mbedtls_sha512_starts_ret(&ctx->accumulator, 0)) != 0)
207 goto cleanup;
208 else
209 ctx->accumulator_started = 1;
210 if ((ret = mbedtls_sha512_update_ret(&ctx->accumulator, header, 2)) != 0)
211 goto cleanup;
212 ret = mbedtls_sha512_update_ret(&ctx->accumulator, p, use_len);
213 #else
214 if (ctx->accumulator_started == 0 &&
215 (ret = mbedtls_sha256_starts_ret(&ctx->accumulator, 0)) != 0)
216 goto cleanup;
217 else
218 ctx->accumulator_started = 1;
219 if ((ret = mbedtls_sha256_update_ret(&ctx->accumulator, header, 2)) != 0)
220 goto cleanup;
221 ret = mbedtls_sha256_update_ret(&ctx->accumulator, p, use_len);
222 #endif
223
224 cleanup:
225 mbedtls_platform_zeroize(tmp, sizeof(tmp));
226
227 return (ret);
228 }
229
230 int mbedtls_entropy_update_manual(mbedtls_entropy_context *ctx,
231 const unsigned char *data, size_t len) {
232 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
233
234 #if defined(MBEDTLS_THREADING_C)
235 if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0)
236 return (ret);
237 #endif
238
239 ret = entropy_update(ctx, MBEDTLS_ENTROPY_SOURCE_MANUAL, data, len);
240
241 #if defined(MBEDTLS_THREADING_C)
242 if (mbedtls_mutex_unlock(&ctx->mutex) != 0)
243 return (MBEDTLS_ERR_THREADING_MUTEX_ERROR);
244 #endif
245
246 return (ret);
247 }
248
249 /*
250 * Run through the different sources to add entropy to our accumulator
251 */
252 static int entropy_gather_internal(mbedtls_entropy_context *ctx) {
253 int ret = MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
254 int i;
255 int have_one_strong = 0;
256 unsigned char buf[MBEDTLS_ENTROPY_MAX_GATHER];
257 size_t olen;
258
259 if (ctx->source_count == 0)
260 return (MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED);
261
262 /*
263 * Run through our entropy sources
264 */
265 for (i = 0; i < ctx->source_count; i++) {
266 if (ctx->source[i].strong == MBEDTLS_ENTROPY_SOURCE_STRONG)
267 have_one_strong = 1;
268
269 olen = 0;
270 if ((ret = ctx->source[i].f_source(ctx->source[i].p_source,
271 buf, MBEDTLS_ENTROPY_MAX_GATHER, &olen)) != 0) {
272 goto cleanup;
273 }
274
275 /*
276 * Add if we actually gathered something
277 */
278 if (olen > 0) {
279 if ((ret = entropy_update(ctx, (unsigned char) i,
280 buf, olen)) != 0)
281 return (ret);
282 ctx->source[i].size += olen;
283 }
284 }
285
286 if (have_one_strong == 0)
287 ret = MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE;
288
289 cleanup:
290 mbedtls_platform_zeroize(buf, sizeof(buf));
291
292 return (ret);
293 }
294
295 /*
296 * Thread-safe wrapper for entropy_gather_internal()
297 */
298 int mbedtls_entropy_gather(mbedtls_entropy_context *ctx) {
299 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
300
301 #if defined(MBEDTLS_THREADING_C)
302 if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0)
303 return (ret);
304 #endif
305
306 ret = entropy_gather_internal(ctx);
307
308 #if defined(MBEDTLS_THREADING_C)
309 if (mbedtls_mutex_unlock(&ctx->mutex) != 0)
310 return (MBEDTLS_ERR_THREADING_MUTEX_ERROR);
311 #endif
312
313 return (ret);
314 }
315
316 int mbedtls_entropy_func(void *data, unsigned char *output, size_t len) {
317 int ret, count = 0, i, thresholds_reached;
318 size_t strong_size;
319 mbedtls_entropy_context *ctx = (mbedtls_entropy_context *) data;
320 unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
321
322 if (len > MBEDTLS_ENTROPY_BLOCK_SIZE)
323 return (MBEDTLS_ERR_ENTROPY_SOURCE_FAILED);
324
325 #if defined(MBEDTLS_ENTROPY_NV_SEED)
326 /* Update the NV entropy seed before generating any entropy for outside
327 * use.
328 */
329 if (ctx->initial_entropy_run == 0) {
330 ctx->initial_entropy_run = 1;
331 if ((ret = mbedtls_entropy_update_nv_seed(ctx)) != 0)
332 return (ret);
333 }
334 #endif
335
336 #if defined(MBEDTLS_THREADING_C)
337 if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0)
338 return (ret);
339 #endif
340
341 /*
342 * Always gather extra entropy before a call
343 */
344 do {
345 if (count++ > ENTROPY_MAX_LOOP) {
346 ret = MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
347 goto exit;
348 }
349
350 if ((ret = entropy_gather_internal(ctx)) != 0)
351 goto exit;
352
353 thresholds_reached = 1;
354 strong_size = 0;
355 for (i = 0; i < ctx->source_count; i++) {
356 if (ctx->source[i].size < ctx->source[i].threshold)
357 thresholds_reached = 0;
358 if (ctx->source[i].strong == MBEDTLS_ENTROPY_SOURCE_STRONG)
359 strong_size += ctx->source[i].size;
360 }
361 } while (! thresholds_reached || strong_size < MBEDTLS_ENTROPY_BLOCK_SIZE);
362
363 memset(buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE);
364
365 #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
366 /*
367 * Note that at this stage it is assumed that the accumulator was started
368 * in a previous call to entropy_update(). If this is not guaranteed, the
369 * code below will fail.
370 */
371 if ((ret = mbedtls_sha512_finish_ret(&ctx->accumulator, buf)) != 0)
372 goto exit;
373
374 /*
375 * Reset accumulator and counters and recycle existing entropy
376 */
377 mbedtls_sha512_free(&ctx->accumulator);
378 mbedtls_sha512_init(&ctx->accumulator);
379 if ((ret = mbedtls_sha512_starts_ret(&ctx->accumulator, 0)) != 0)
380 goto exit;
381 if ((ret = mbedtls_sha512_update_ret(&ctx->accumulator, buf,
382 MBEDTLS_ENTROPY_BLOCK_SIZE)) != 0)
383 goto exit;
384
385 /*
386 * Perform second SHA-512 on entropy
387 */
388 if ((ret = mbedtls_sha512_ret(buf, MBEDTLS_ENTROPY_BLOCK_SIZE,
389 buf, 0)) != 0)
390 goto exit;
391 #else /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */
392 if ((ret = mbedtls_sha256_finish_ret(&ctx->accumulator, buf)) != 0)
393 goto exit;
394
395 /*
396 * Reset accumulator and counters and recycle existing entropy
397 */
398 mbedtls_sha256_free(&ctx->accumulator);
399 mbedtls_sha256_init(&ctx->accumulator);
400 if ((ret = mbedtls_sha256_starts_ret(&ctx->accumulator, 0)) != 0)
401 goto exit;
402 if ((ret = mbedtls_sha256_update_ret(&ctx->accumulator, buf,
403 MBEDTLS_ENTROPY_BLOCK_SIZE)) != 0)
404 goto exit;
405
406 /*
407 * Perform second SHA-256 on entropy
408 */
409 if ((ret = mbedtls_sha256_ret(buf, MBEDTLS_ENTROPY_BLOCK_SIZE,
410 buf, 0)) != 0)
411 goto exit;
412 #endif /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */
413
414 for (i = 0; i < ctx->source_count; i++)
415 ctx->source[i].size = 0;
416
417 memcpy(output, buf, len);
418
419 ret = 0;
420
421 exit:
422 mbedtls_platform_zeroize(buf, sizeof(buf));
423
424 #if defined(MBEDTLS_THREADING_C)
425 if (mbedtls_mutex_unlock(&ctx->mutex) != 0)
426 return (MBEDTLS_ERR_THREADING_MUTEX_ERROR);
427 #endif
428
429 return (ret);
430 }
431
432 #if defined(MBEDTLS_ENTROPY_NV_SEED)
433 int mbedtls_entropy_update_nv_seed(mbedtls_entropy_context *ctx) {
434 int ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
435 unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
436
437 /* Read new seed and write it to NV */
438 if ((ret = mbedtls_entropy_func(ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE)) != 0)
439 return (ret);
440
441 if (mbedtls_nv_seed_write(buf, MBEDTLS_ENTROPY_BLOCK_SIZE) < 0)
442 return (MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR);
443
444 /* Manually update the remaining stream with a separator value to diverge */
445 memset(buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE);
446 ret = mbedtls_entropy_update_manual(ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE);
447
448 return (ret);
449 }
450 #endif /* MBEDTLS_ENTROPY_NV_SEED */
451
452 #if defined(MBEDTLS_FS_IO)
453 int mbedtls_entropy_write_seed_file(mbedtls_entropy_context *ctx, const char *path) {
454 int ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
455 FILE *f;
456 unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
457
458 if ((f = fopen(path, "wb")) == NULL)
459 return (MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR);
460
461 if ((ret = mbedtls_entropy_func(ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE)) != 0)
462 goto exit;
463
464 if (fwrite(buf, 1, MBEDTLS_ENTROPY_BLOCK_SIZE, f) != MBEDTLS_ENTROPY_BLOCK_SIZE) {
465 ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
466 goto exit;
467 }
468
469 ret = 0;
470
471 exit:
472 mbedtls_platform_zeroize(buf, sizeof(buf));
473
474 fclose(f);
475 return (ret);
476 }
477
478 int mbedtls_entropy_update_seed_file(mbedtls_entropy_context *ctx, const char *path) {
479 int ret = 0;
480 FILE *f;
481 size_t n;
482 unsigned char buf[ MBEDTLS_ENTROPY_MAX_SEED_SIZE ];
483
484 if ((f = fopen(path, "rb")) == NULL)
485 return (MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR);
486
487 fseek(f, 0, SEEK_END);
488 n = (size_t) ftell(f);
489 fseek(f, 0, SEEK_SET);
490
491 if (n > MBEDTLS_ENTROPY_MAX_SEED_SIZE)
492 n = MBEDTLS_ENTROPY_MAX_SEED_SIZE;
493
494 if (fread(buf, 1, n, f) != n)
495 ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
496 else
497 ret = mbedtls_entropy_update_manual(ctx, buf, n);
498
499 fclose(f);
500
501 mbedtls_platform_zeroize(buf, sizeof(buf));
502
503 if (ret != 0)
504 return (ret);
505
506 return (mbedtls_entropy_write_seed_file(ctx, path));
507 }
508 #endif /* MBEDTLS_FS_IO */
509
510 #if defined(MBEDTLS_SELF_TEST)
511 #if !defined(MBEDTLS_TEST_NULL_ENTROPY)
512 /*
513 * Dummy source function
514 */
515 static int entropy_dummy_source(void *data, unsigned char *output,
516 size_t len, size_t *olen) {
517 ((void) data);
518
519 memset(output, 0x2a, len);
520 *olen = len;
521
522 return (0);
523 }
524 #endif /* !MBEDTLS_TEST_NULL_ENTROPY */
525
526 #if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
527
528 static int mbedtls_entropy_source_self_test_gather(unsigned char *buf, size_t buf_len) {
529 int ret = 0;
530 size_t entropy_len = 0;
531 size_t olen = 0;
532 size_t attempts = buf_len;
533
534 while (attempts > 0 && entropy_len < buf_len) {
535 if ((ret = mbedtls_hardware_poll(NULL, buf + entropy_len,
536 buf_len - entropy_len, &olen)) != 0)
537 return (ret);
538
539 entropy_len += olen;
540 attempts--;
541 }
542
543 if (entropy_len < buf_len) {
544 ret = 1;
545 }
546
547 return (ret);
548 }
549
550
551 static int mbedtls_entropy_source_self_test_check_bits(const unsigned char *buf,
552 size_t buf_len) {
553 unsigned char set = 0xFF;
554 unsigned char unset = 0x00;
555 size_t i;
556
557 for (i = 0; i < buf_len; i++) {
558 set &= buf[i];
559 unset |= buf[i];
560 }
561
562 return (set == 0xFF || unset == 0x00);
563 }
564
565 /*
566 * A test to ensure hat the entropy sources are functioning correctly
567 * and there is no obvious failure. The test performs the following checks:
568 * - The entropy source is not providing only 0s (all bits unset) or 1s (all
569 * bits set).
570 * - The entropy source is not providing values in a pattern. Because the
571 * hardware could be providing data in an arbitrary length, this check polls
572 * the hardware entropy source twice and compares the result to ensure they
573 * are not equal.
574 * - The error code returned by the entropy source is not an error.
575 */
576 int mbedtls_entropy_source_self_test(int verbose) {
577 int ret = 0;
578 unsigned char buf0[2 * sizeof(unsigned long long int)];
579 unsigned char buf1[2 * sizeof(unsigned long long int)];
580
581 if (verbose != 0)
582 mbedtls_printf(" ENTROPY_BIAS test: ");
583
584 memset(buf0, 0x00, sizeof(buf0));
585 memset(buf1, 0x00, sizeof(buf1));
586
587 if ((ret = mbedtls_entropy_source_self_test_gather(buf0, sizeof(buf0))) != 0)
588 goto cleanup;
589 if ((ret = mbedtls_entropy_source_self_test_gather(buf1, sizeof(buf1))) != 0)
590 goto cleanup;
591
592 /* Make sure that the returned values are not all 0 or 1 */
593 if ((ret = mbedtls_entropy_source_self_test_check_bits(buf0, sizeof(buf0))) != 0)
594 goto cleanup;
595 if ((ret = mbedtls_entropy_source_self_test_check_bits(buf1, sizeof(buf1))) != 0)
596 goto cleanup;
597
598 /* Make sure that the entropy source is not returning values in a
599 * pattern */
600 ret = memcmp(buf0, buf1, sizeof(buf0)) == 0;
601
602 cleanup:
603 if (verbose != 0) {
604 if (ret != 0)
605 mbedtls_printf("failed\n");
606 else
607 mbedtls_printf("passed\n");
608
609 mbedtls_printf("\n");
610 }
611
612 return (ret != 0);
613 }
614
615 #endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */
616
617 /*
618 * The actual entropy quality is hard to test, but we can at least
619 * test that the functions don't cause errors and write the correct
620 * amount of data to buffers.
621 */
622 int mbedtls_entropy_self_test(int verbose) {
623 int ret = 1;
624 #if !defined(MBEDTLS_TEST_NULL_ENTROPY)
625 mbedtls_entropy_context ctx;
626 unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 };
627 unsigned char acc[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 };
628 size_t i, j;
629 #endif /* !MBEDTLS_TEST_NULL_ENTROPY */
630
631 if (verbose != 0)
632 mbedtls_printf(" ENTROPY test: ");
633
634 #if !defined(MBEDTLS_TEST_NULL_ENTROPY)
635 mbedtls_entropy_init(&ctx);
636
637 /* First do a gather to make sure we have default sources */
638 if ((ret = mbedtls_entropy_gather(&ctx)) != 0)
639 goto cleanup;
640
641 ret = mbedtls_entropy_add_source(&ctx, entropy_dummy_source, NULL, 16,
642 MBEDTLS_ENTROPY_SOURCE_WEAK);
643 if (ret != 0)
644 goto cleanup;
645
646 if ((ret = mbedtls_entropy_update_manual(&ctx, buf, sizeof buf)) != 0)
647 goto cleanup;
648
649 /*
650 * To test that mbedtls_entropy_func writes correct number of bytes:
651 * - use the whole buffer and rely on ASan to detect overruns
652 * - collect entropy 8 times and OR the result in an accumulator:
653 * any byte should then be 0 with probably 2^(-64), so requiring
654 * each of the 32 or 64 bytes to be non-zero has a false failure rate
655 * of at most 2^(-58) which is acceptable.
656 */
657 for (i = 0; i < 8; i++) {
658 if ((ret = mbedtls_entropy_func(&ctx, buf, sizeof(buf))) != 0)
659 goto cleanup;
660
661 for (j = 0; j < sizeof(buf); j++)
662 acc[j] |= buf[j];
663 }
664
665 for (j = 0; j < sizeof(buf); j++) {
666 if (acc[j] == 0) {
667 ret = 1;
668 goto cleanup;
669 }
670 }
671
672 #if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
673 if ((ret = mbedtls_entropy_source_self_test(0)) != 0)
674 goto cleanup;
675 #endif
676
677 cleanup:
678 mbedtls_entropy_free(&ctx);
679 #endif /* !MBEDTLS_TEST_NULL_ENTROPY */
680
681 if (verbose != 0) {
682 if (ret != 0)
683 mbedtls_printf("failed\n");
684 else
685 mbedtls_printf("passed\n");
686
687 mbedtls_printf("\n");
688 }
689
690 return (ret != 0);
691 }
692 #endif /* MBEDTLS_SELF_TEST */
693
694 #endif /* MBEDTLS_ENTROPY_C */
Proxmark3 - the RFID research Swiss army knife. Iceman firmware