Details | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
8774 | rgimad | 1 | /** |
2 | * \file entropy.h |
||
3 | * |
||
4 | * \brief Entropy accumulator implementation |
||
5 | */ |
||
6 | /* |
||
7 | * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved |
||
8 | * SPDX-License-Identifier: GPL-2.0 |
||
9 | * |
||
10 | * This program is free software; you can redistribute it and/or modify |
||
11 | * it under the terms of the GNU General Public License as published by |
||
12 | * the Free Software Foundation; either version 2 of the License, or |
||
13 | * (at your option) any later version. |
||
14 | * |
||
15 | * This program is distributed in the hope that it will be useful, |
||
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
18 | * GNU General Public License for more details. |
||
19 | * |
||
20 | * You should have received a copy of the GNU General Public License along |
||
21 | * with this program; if not, write to the Free Software Foundation, Inc., |
||
22 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
||
23 | * |
||
24 | * This file is part of mbed TLS (https://tls.mbed.org) |
||
25 | */ |
||
26 | #ifndef MBEDTLS_ENTROPY_H |
||
27 | #define MBEDTLS_ENTROPY_H |
||
28 | |||
29 | #if !defined(MBEDTLS_CONFIG_FILE) |
||
30 | #include "config.h" |
||
31 | #else |
||
32 | #include MBEDTLS_CONFIG_FILE |
||
33 | #endif |
||
34 | |||
35 | #include |
||
36 | |||
37 | #if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256) |
||
38 | #include "sha512.h" |
||
39 | #define MBEDTLS_ENTROPY_SHA512_ACCUMULATOR |
||
40 | #else |
||
41 | #if defined(MBEDTLS_SHA256_C) |
||
42 | #define MBEDTLS_ENTROPY_SHA256_ACCUMULATOR |
||
43 | #include "sha256.h" |
||
44 | #endif |
||
45 | #endif |
||
46 | |||
47 | #if defined(MBEDTLS_THREADING_C) |
||
48 | #include "threading.h" |
||
49 | #endif |
||
50 | |||
51 | #if defined(MBEDTLS_HAVEGE_C) |
||
52 | #include "havege.h" |
||
53 | #endif |
||
54 | |||
55 | #define MBEDTLS_ERR_ENTROPY_SOURCE_FAILED -0x003C /**< Critical entropy source failure. */ |
||
56 | #define MBEDTLS_ERR_ENTROPY_MAX_SOURCES -0x003E /**< No more sources can be added. */ |
||
57 | #define MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED -0x0040 /**< No sources have been added to poll. */ |
||
58 | #define MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE -0x003D /**< No strong sources have been added to poll. */ |
||
59 | #define MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR -0x003F /**< Read/write error in file. */ |
||
60 | |||
61 | /** |
||
62 | * \name SECTION: Module settings |
||
63 | * |
||
64 | * The configuration options you can set for this module are in this section. |
||
65 | * Either change them in config.h or define them on the compiler command line. |
||
66 | * \{ |
||
67 | */ |
||
68 | |||
69 | #if !defined(MBEDTLS_ENTROPY_MAX_SOURCES) |
||
70 | #define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ |
||
71 | #endif |
||
72 | |||
73 | #if !defined(MBEDTLS_ENTROPY_MAX_GATHER) |
||
74 | #define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ |
||
75 | #endif |
||
76 | |||
77 | /* \} name SECTION: Module settings */ |
||
78 | |||
79 | #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) |
||
80 | #define MBEDTLS_ENTROPY_BLOCK_SIZE 64 /**< Block size of entropy accumulator (SHA-512) */ |
||
81 | #else |
||
82 | #define MBEDTLS_ENTROPY_BLOCK_SIZE 32 /**< Block size of entropy accumulator (SHA-256) */ |
||
83 | #endif |
||
84 | |||
85 | #define MBEDTLS_ENTROPY_MAX_SEED_SIZE 1024 /**< Maximum size of seed we read from seed file */ |
||
86 | #define MBEDTLS_ENTROPY_SOURCE_MANUAL MBEDTLS_ENTROPY_MAX_SOURCES |
||
87 | |||
88 | #define MBEDTLS_ENTROPY_SOURCE_STRONG 1 /**< Entropy source is strong */ |
||
89 | #define MBEDTLS_ENTROPY_SOURCE_WEAK 0 /**< Entropy source is weak */ |
||
90 | |||
91 | #ifdef __cplusplus |
||
92 | extern "C" { |
||
93 | #endif |
||
94 | |||
95 | /** |
||
96 | * \brief Entropy poll callback pointer |
||
97 | * |
||
98 | * \param data Callback-specific data pointer |
||
99 | * \param output Data to fill |
||
100 | * \param len Maximum size to provide |
||
101 | * \param olen The actual amount of bytes put into the buffer (Can be 0) |
||
102 | * |
||
103 | * \return 0 if no critical failures occurred, |
||
104 | * MBEDTLS_ERR_ENTROPY_SOURCE_FAILED otherwise |
||
105 | */ |
||
106 | typedef int (*mbedtls_entropy_f_source_ptr)(void *data, unsigned char *output, size_t len, |
||
107 | size_t *olen); |
||
108 | |||
109 | /** |
||
110 | * \brief Entropy source state |
||
111 | */ |
||
112 | typedef struct mbedtls_entropy_source_state |
||
113 | { |
||
114 | mbedtls_entropy_f_source_ptr f_source; /**< The entropy source callback */ |
||
115 | void * p_source; /**< The callback data pointer */ |
||
116 | size_t size; /**< Amount received in bytes */ |
||
117 | size_t threshold; /**< Minimum bytes required before release */ |
||
118 | int strong; /**< Is the source strong? */ |
||
119 | } |
||
120 | mbedtls_entropy_source_state; |
||
121 | |||
122 | /** |
||
123 | * \brief Entropy context structure |
||
124 | */ |
||
125 | typedef struct mbedtls_entropy_context |
||
126 | { |
||
127 | int accumulator_started; |
||
128 | #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) |
||
129 | mbedtls_sha512_context accumulator; |
||
130 | #else |
||
131 | mbedtls_sha256_context accumulator; |
||
132 | #endif |
||
133 | int source_count; |
||
134 | mbedtls_entropy_source_state source[MBEDTLS_ENTROPY_MAX_SOURCES]; |
||
135 | #if defined(MBEDTLS_HAVEGE_C) |
||
136 | mbedtls_havege_state havege_data; |
||
137 | #endif |
||
138 | #if defined(MBEDTLS_THREADING_C) |
||
139 | mbedtls_threading_mutex_t mutex; /*!< mutex */ |
||
140 | #endif |
||
141 | #if defined(MBEDTLS_ENTROPY_NV_SEED) |
||
142 | int initial_entropy_run; |
||
143 | #endif |
||
144 | } |
||
145 | mbedtls_entropy_context; |
||
146 | |||
147 | /** |
||
148 | * \brief Initialize the context |
||
149 | * |
||
150 | * \param ctx Entropy context to initialize |
||
151 | */ |
||
152 | void mbedtls_entropy_init( mbedtls_entropy_context *ctx ); |
||
153 | |||
154 | /** |
||
155 | * \brief Free the data in the context |
||
156 | * |
||
157 | * \param ctx Entropy context to free |
||
158 | */ |
||
159 | void mbedtls_entropy_free( mbedtls_entropy_context *ctx ); |
||
160 | |||
161 | /** |
||
162 | * \brief Adds an entropy source to poll |
||
163 | * (Thread-safe if MBEDTLS_THREADING_C is enabled) |
||
164 | * |
||
165 | * \param ctx Entropy context |
||
166 | * \param f_source Entropy function |
||
167 | * \param p_source Function data |
||
168 | * \param threshold Minimum required from source before entropy is released |
||
169 | * ( with mbedtls_entropy_func() ) (in bytes) |
||
170 | * \param strong MBEDTLS_ENTROPY_SOURCE_STRONG or |
||
171 | * MBEDTLS_ENTROPY_SOURCE_WEAK. |
||
172 | * At least one strong source needs to be added. |
||
173 | * Weaker sources (such as the cycle counter) can be used as |
||
174 | * a complement. |
||
175 | * |
||
176 | * \return 0 if successful or MBEDTLS_ERR_ENTROPY_MAX_SOURCES |
||
177 | */ |
||
178 | int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx, |
||
179 | mbedtls_entropy_f_source_ptr f_source, void *p_source, |
||
180 | size_t threshold, int strong ); |
||
181 | |||
182 | /** |
||
183 | * \brief Trigger an extra gather poll for the accumulator |
||
184 | * (Thread-safe if MBEDTLS_THREADING_C is enabled) |
||
185 | * |
||
186 | * \param ctx Entropy context |
||
187 | * |
||
188 | * \return 0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED |
||
189 | */ |
||
190 | int mbedtls_entropy_gather( mbedtls_entropy_context *ctx ); |
||
191 | |||
192 | /** |
||
193 | * \brief Retrieve entropy from the accumulator |
||
194 | * (Maximum length: MBEDTLS_ENTROPY_BLOCK_SIZE) |
||
195 | * (Thread-safe if MBEDTLS_THREADING_C is enabled) |
||
196 | * |
||
197 | * \param data Entropy context |
||
198 | * \param output Buffer to fill |
||
199 | * \param len Number of bytes desired, must be at most MBEDTLS_ENTROPY_BLOCK_SIZE |
||
200 | * |
||
201 | * \return 0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED |
||
202 | */ |
||
203 | int mbedtls_entropy_func( void *data, unsigned char *output, size_t len ); |
||
204 | |||
205 | /** |
||
206 | * \brief Add data to the accumulator manually |
||
207 | * (Thread-safe if MBEDTLS_THREADING_C is enabled) |
||
208 | * |
||
209 | * \param ctx Entropy context |
||
210 | * \param data Data to add |
||
211 | * \param len Length of data |
||
212 | * |
||
213 | * \return 0 if successful |
||
214 | */ |
||
215 | int mbedtls_entropy_update_manual( mbedtls_entropy_context *ctx, |
||
216 | const unsigned char *data, size_t len ); |
||
217 | |||
218 | #if defined(MBEDTLS_ENTROPY_NV_SEED) |
||
219 | /** |
||
220 | * \brief Trigger an update of the seed file in NV by using the |
||
221 | * current entropy pool. |
||
222 | * |
||
223 | * \param ctx Entropy context |
||
224 | * |
||
225 | * \return 0 if successful |
||
226 | */ |
||
227 | int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx ); |
||
228 | #endif /* MBEDTLS_ENTROPY_NV_SEED */ |
||
229 | |||
230 | #if defined(MBEDTLS_FS_IO) |
||
231 | /** |
||
232 | * \brief Write a seed file |
||
233 | * |
||
234 | * \param ctx Entropy context |
||
235 | * \param path Name of the file |
||
236 | * |
||
237 | * \return 0 if successful, |
||
238 | * MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR on file error, or |
||
239 | * MBEDTLS_ERR_ENTROPY_SOURCE_FAILED |
||
240 | */ |
||
241 | int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *path ); |
||
242 | |||
243 | /** |
||
244 | * \brief Read and update a seed file. Seed is added to this |
||
245 | * instance. No more than MBEDTLS_ENTROPY_MAX_SEED_SIZE bytes are |
||
246 | * read from the seed file. The rest is ignored. |
||
247 | * |
||
248 | * \param ctx Entropy context |
||
249 | * \param path Name of the file |
||
250 | * |
||
251 | * \return 0 if successful, |
||
252 | * MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR on file error, |
||
253 | * MBEDTLS_ERR_ENTROPY_SOURCE_FAILED |
||
254 | */ |
||
255 | int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char *path ); |
||
256 | #endif /* MBEDTLS_FS_IO */ |
||
257 | |||
258 | #if defined(MBEDTLS_SELF_TEST) |
||
259 | /** |
||
260 | * \brief Checkup routine |
||
261 | * |
||
262 | * This module self-test also calls the entropy self-test, |
||
263 | * mbedtls_entropy_source_self_test(); |
||
264 | * |
||
265 | * \return 0 if successful, or 1 if a test failed |
||
266 | */ |
||
267 | int mbedtls_entropy_self_test( int verbose ); |
||
268 | |||
269 | #if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) |
||
270 | /** |
||
271 | * \brief Checkup routine |
||
272 | * |
||
273 | * Verifies the integrity of the hardware entropy source |
||
274 | * provided by the function 'mbedtls_hardware_poll()'. |
||
275 | * |
||
276 | * Note this is the only hardware entropy source that is known |
||
277 | * at link time, and other entropy sources configured |
||
278 | * dynamically at runtime by the function |
||
279 | * mbedtls_entropy_add_source() will not be tested. |
||
280 | * |
||
281 | * \return 0 if successful, or 1 if a test failed |
||
282 | */ |
||
283 | int mbedtls_entropy_source_self_test( int verbose ); |
||
284 | #endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */ |
||
285 | #endif /* MBEDTLS_SELF_TEST */ |
||
286 | |||
287 | #ifdef __cplusplus |
||
288 | } |
||
289 | #endif |
||
290 | |||
291 | #endif /* entropy.h */>>>>>>>>>>>>>>>>>> |