1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182218321842185218621872188218921902191219221932194219521962197219821992200220122022203220422052206220722082209221022112212221322142215221622172218221922202221222222232224222522262227222822292230223122322233223422352236223722382239224022412242224322442245224622472248224922502251225222532254225522562257225822592260226122622263226422652266226722682269227022712272227322742275227622772278227922802281228222832284228522862287228822892290229122922293229422952296229722982299230023012302230323042305230623072308230923102311231223132314231523162317231823192320232123222323232423252326232723282329233023312332233323342335233623372338233923402341234223432344234523462347234823492350235123522353235423552356235723582359236023612362236323642365236623672368236923702371237223732374237523762377237823792380238123822383238423852386238723882389239023912392239323942395239623972398239924002401240224032404240524062407240824092410241124122413241424152416241724182419242024212422242324242425242624272428242924302431243224332434243524362437243824392440244124422443244424452446244724482449245024512452245324542455245624572458245924602461246224632464246524662467246824692470247124722473247424752476247724782479248024812482248324842485248624872488248924902491249224932494249524962497249824992500250125022503250425052506250725082509251025112512251325142515251625172518251925202521252225232524252525262527252825292530253125322533253425352536253725382539254025412542254325442545254625472548254925502551255225532554255525562557255825592560256125622563256425652566256725682569257025712572257325742575257625772578257925802581258225832584258525862587258825892590259125922593259425952596259725982599260026012602260326042605260626072608260926102611261226132614261526162617261826192620262126222623262426252626262726282629263026312632263326342635263626372638263926402641264226432644264526462647264826492650265126522653265426552656265726582659266026612662266326642665266626672668266926702671267226732674267526762677267826792680268126822683268426852686268726882689269026912692269326942695269626972698269927002701270227032704270527062707270827092710271127122713271427152716271727182719272027212722272327242725272627272728272927302731273227332734273527362737273827392740274127422743274427452746274727482749275027512752275327542755275627572758275927602761276227632764276527662767276827692770277127722773277427752776277727782779278027812782278327842785278627872788278927902791279227932794279527962797279827992800280128022803280428052806280728082809281028112812281328142815281628172818281928202821282228232824282528262827282828292830283128322833283428352836283728382839284028412842284328442845284628472848284928502851285228532854285528562857285828592860286128622863286428652866286728682869287028712872287328742875287628772878287928802881288228832884288528862887288828892890289128922893289428952896289728982899290029012902290329042905290629072908290929102911291229132914291529162917291829192920292129222923292429252926292729282929293029312932293329342935293629372938293929402941294229432944294529462947294829492950295129522953 |
- /* random.c
- *
- * Copyright (C) 2006-2022 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
- /*
- DESCRIPTION
- This library contains implementation for the random number generator.
- */
- #ifdef HAVE_CONFIG_H
- #include <config.h>
- #endif
- #include <wolfssl/wolfcrypt/settings.h>
- #include <wolfssl/wolfcrypt/error-crypt.h>
- /* on HPUX 11 you may need to install /dev/random see
- http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=KRNG11I
- */
- #if defined(HAVE_FIPS) && \
- defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
- /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
- #define FIPS_NO_WRAPPERS
- #ifdef USE_WINDOWS_API
- #pragma code_seg(".fipsA$c")
- #pragma const_seg(".fipsB$c")
- #endif
- #endif
- #include <wolfssl/wolfcrypt/random.h>
- #include <wolfssl/wolfcrypt/cpuid.h>
- /* If building for old FIPS. */
- #if defined(HAVE_FIPS) && \
- (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
- int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz)
- {
- return GenerateSeed(os, seed, sz);
- }
- int wc_InitRng_ex(WC_RNG* rng, void* heap, int devId)
- {
- (void)heap;
- (void)devId;
- return InitRng_fips(rng);
- }
- WOLFSSL_ABI
- int wc_InitRng(WC_RNG* rng)
- {
- return InitRng_fips(rng);
- }
- int wc_RNG_GenerateBlock(WC_RNG* rng, byte* b, word32 sz)
- {
- return RNG_GenerateBlock_fips(rng, b, sz);
- }
- int wc_RNG_GenerateByte(WC_RNG* rng, byte* b)
- {
- return RNG_GenerateByte(rng, b);
- }
- #ifdef HAVE_HASHDRBG
- int wc_FreeRng(WC_RNG* rng)
- {
- return FreeRng_fips(rng);
- }
- int wc_RNG_HealthTest(int reseed, const byte* seedA, word32 seedASz,
- const byte* seedB, word32 seedBSz,
- byte* output, word32 outputSz)
- {
- return RNG_HealthTest_fips(reseed, seedA, seedASz,
- seedB, seedBSz, output, outputSz);
- }
- #endif /* HAVE_HASHDRBG */
- #else /* else build without fips, or for new fips */
- #ifndef WC_NO_RNG /* if not FIPS and RNG is disabled then do not compile */
- #include <wolfssl/wolfcrypt/sha256.h>
- #ifdef WOLF_CRYPTO_CB
- #include <wolfssl/wolfcrypt/cryptocb.h>
- #endif
- #ifdef NO_INLINE
- #include <wolfssl/wolfcrypt/misc.h>
- #else
- #define WOLFSSL_MISC_INCLUDED
- #include <wolfcrypt/src/misc.c>
- #endif
- #if defined(WOLFSSL_SGX)
- #include <sgx_trts.h>
- #elif defined(USE_WINDOWS_API)
- #ifndef _WIN32_WINNT
- #define _WIN32_WINNT 0x0400
- #endif
- #include <windows.h>
- #include <wincrypt.h>
- #elif defined(HAVE_WNR)
- #include <wnr.h>
- #include <wolfssl/wolfcrypt/logging.h>
- wolfSSL_Mutex wnr_mutex; /* global netRandom mutex */
- int wnr_timeout = 0; /* entropy timeout, milliseconds */
- int wnr_mutex_init = 0; /* flag for mutex init */
- wnr_context* wnr_ctx; /* global netRandom context */
- #elif defined(FREESCALE_KSDK_2_0_TRNG)
- #include "fsl_trng.h"
- #elif defined(FREESCALE_KSDK_2_0_RNGA)
- #include "fsl_rnga.h"
- #elif defined(WOLFSSL_WICED)
- #include "wiced_crypto.h"
- #elif defined(WOLFSSL_NETBURNER)
- #include <predef.h>
- #include <basictypes.h>
- #include <random.h>
- #elif defined(WOLFSSL_XILINX_CRYPT_VERSAL)
- #include "wolfssl/wolfcrypt/port/xilinx/xil-versal-trng.h"
- #elif defined(NO_DEV_RANDOM)
- #elif defined(CUSTOM_RAND_GENERATE)
- #elif defined(CUSTOM_RAND_GENERATE_BLOCK)
- #elif defined(CUSTOM_RAND_GENERATE_SEED)
- #elif defined(WOLFSSL_GENSEED_FORTEST)
- #elif defined(WOLFSSL_MDK_ARM)
- #elif defined(WOLFSSL_IAR_ARM)
- #elif defined(WOLFSSL_ROWLEY_ARM)
- #elif defined(WOLFSSL_EMBOS)
- #elif defined(WOLFSSL_DEOS)
- #elif defined(MICRIUM)
- #elif defined(WOLFSSL_NUCLEUS)
- #elif defined(WOLFSSL_PB)
- #elif defined(WOLFSSL_ZEPHYR)
- #elif defined(WOLFSSL_TELIT_M2MB)
- #elif defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_TRNG)
- #elif defined(WOLFSSL_GETRANDOM)
- #include <errno.h>
- #include <sys/random.h>
- #else
- /* include headers that may be needed to get good seed */
- #include <fcntl.h>
- #ifndef EBSNET
- #include <unistd.h>
- #endif
- #endif
- #if defined(WOLFSSL_SILABS_SE_ACCEL)
- #include <wolfssl/wolfcrypt/port/silabs/silabs_random.h>
- #endif
- #if defined(WOLFSSL_IOTSAFE) && defined(HAVE_IOTSAFE_HWRNG)
- #include <wolfssl/wolfcrypt/port/iotsafe/iotsafe.h>
- #endif
- #if defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_RNG)
- #include <wolfssl/wolfcrypt/port/psa/psa.h>
- #endif
- #if defined(HAVE_INTEL_RDRAND) || defined(HAVE_INTEL_RDSEED) || \
- defined(HAVE_AMD_RDSEED)
- static word32 intel_flags = 0;
- static void wc_InitRng_IntelRD(void)
- {
- intel_flags = cpuid_get_flags();
- }
- #if (defined(HAVE_INTEL_RDSEED) || defined(HAVE_AMD_RDSEED)) && \
- !defined(WOLFSSL_LINUXKM)
- static int wc_GenerateSeed_IntelRD(OS_Seed* os, byte* output, word32 sz);
- #endif
- #ifdef HAVE_INTEL_RDRAND
- static int wc_GenerateRand_IntelRD(OS_Seed* os, byte* output, word32 sz);
- #endif
- #ifdef USE_WINDOWS_API
- #define USE_INTEL_INTRINSICS
- #elif !defined __GNUC__ || defined __clang__ || __GNUC__ > 4
- #define USE_INTEL_INTRINSICS
- #else
- #undef USE_INTEL_INTRINSICS
- #endif
- #ifdef USE_INTEL_INTRINSICS
- #include <immintrin.h>
- /* Before clang 7 or GCC 9, immintrin.h did not define _rdseed64_step() */
- #ifndef HAVE_INTEL_RDSEED
- #elif defined __clang__ && __clang_major__ > 6
- #elif !defined __GNUC__
- #elif __GNUC__ > 8
- #else
- #ifndef __clang__
- #pragma GCC push_options
- #pragma GCC target("rdseed")
- #else
- #define __RDSEED__
- #endif
- #include <x86intrin.h>
- #ifndef __clang__
- #pragma GCC pop_options
- #endif
- #endif
- #endif /* USE_WINDOWS_API */
- #endif
- /* Start NIST DRBG code */
- #ifdef HAVE_HASHDRBG
- #define OUTPUT_BLOCK_LEN (WC_SHA256_DIGEST_SIZE)
- #define MAX_REQUEST_LEN (0x10000)
- #define RESEED_INTERVAL WC_RESEED_INTERVAL
- /* The security strength for the RNG is the target number of bits of
- * entropy you are looking for in a seed. */
- #ifndef RNG_SECURITY_STRENGTH
- /* SHA-256 requires a minimum of 256-bits of entropy. */
- #define RNG_SECURITY_STRENGTH (256)
- #endif
- #ifndef ENTROPY_SCALE_FACTOR
- /* The entropy scale factor should be the whole number inverse of the
- * minimum bits of entropy per bit of NDRNG output. */
- #if defined(HAVE_AMD_RDSEED)
- /* This will yield a SEED_SZ of 16kb. Since nonceSz will be 0,
- * we'll add an additional 8kb on top. */
- #define ENTROPY_SCALE_FACTOR (512)
- #elif defined(HAVE_INTEL_RDSEED) || defined(HAVE_INTEL_RDRAND)
- /* The value of 2 applies to Intel's RDSEED which provides about
- * 0.5 bits minimum of entropy per bit. The value of 4 gives a
- * conservative margin for FIPS. */
- #if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
- (HAVE_FIPS_VERSION >= 2)
- #define ENTROPY_SCALE_FACTOR (2*4)
- #else
- /* Not FIPS, but Intel RDSEED, only double. */
- #define ENTROPY_SCALE_FACTOR (2)
- #endif
- #elif defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
- (HAVE_FIPS_VERSION >= 2)
- /* If doing a FIPS build without a specific scale factor, default
- * to 4. This will give 1024 bits of entropy. More is better, but
- * more is also slower. */
- #define ENTROPY_SCALE_FACTOR (4)
- #else
- /* Setting the default to 1. */
- #define ENTROPY_SCALE_FACTOR (1)
- #endif
- #endif
- #ifndef SEED_BLOCK_SZ
- /* The seed block size, is the size of the output of the underlying NDRNG.
- * This value is used for testing the output of the NDRNG. */
- #if defined(HAVE_AMD_RDSEED)
- /* AMD's RDSEED instruction works in 128-bit blocks read 64-bits
- * at a time. */
- #define SEED_BLOCK_SZ (sizeof(word64)*2)
- #elif defined(HAVE_INTEL_RDSEED) || defined(HAVE_INTEL_RDRAND)
- /* RDSEED outputs in blocks of 64-bits. */
- #define SEED_BLOCK_SZ sizeof(word64)
- #else
- /* Setting the default to 4. */
- #define SEED_BLOCK_SZ 4
- #endif
- #endif
- #define SEED_SZ (RNG_SECURITY_STRENGTH*ENTROPY_SCALE_FACTOR/8)
- /* The maximum seed size will be the seed size plus a seed block for the
- * test, and an additional half of the seed size. This additional half
- * is in case the user does not supply a nonce. A nonce will be obtained
- * from the NDRNG. */
- #define MAX_SEED_SZ (SEED_SZ + SEED_SZ/2 + SEED_BLOCK_SZ)
- #ifdef WC_RNG_SEED_CB
- static wc_RngSeed_Cb seedCb = NULL;
- int wc_SetSeed_Cb(wc_RngSeed_Cb cb)
- {
- seedCb = cb;
- return 0;
- }
- #endif
- /* Internal return codes */
- #define DRBG_SUCCESS 0
- #define DRBG_FAILURE 1
- #define DRBG_NEED_RESEED 2
- #define DRBG_CONT_FAILURE 3
- #define DRBG_NO_SEED_CB 4
- /* RNG health states */
- #define DRBG_NOT_INIT 0
- #define DRBG_OK 1
- #define DRBG_FAILED 2
- #define DRBG_CONT_FAILED 3
- #define RNG_HEALTH_TEST_CHECK_SIZE (WC_SHA256_DIGEST_SIZE * 4)
- /* Verify max gen block len */
- #if RNG_MAX_BLOCK_LEN > MAX_REQUEST_LEN
- #error RNG_MAX_BLOCK_LEN is larger than NIST DBRG max request length
- #endif
- enum {
- drbgInitC = 0,
- drbgReseed = 1,
- drbgGenerateW = 2,
- drbgGenerateH = 3,
- drbgInitV = 4
- };
- typedef struct DRBG_internal DRBG_internal;
- static int wc_RNG_HealthTestLocal(int reseed);
- /* Hash Derivation Function */
- /* Returns: DRBG_SUCCESS or DRBG_FAILURE */
- static int Hash_df(DRBG_internal* drbg, byte* out, word32 outSz, byte type,
- const byte* inA, word32 inASz,
- const byte* inB, word32 inBSz)
- {
- int ret = DRBG_FAILURE;
- byte ctr;
- int i;
- int len;
- word32 bits = (outSz * 8); /* reverse byte order */
- #ifdef WOLFSSL_SMALL_STACK_CACHE
- wc_Sha256* sha = &drbg->sha256;
- #else
- wc_Sha256 sha[1];
- #endif
- #ifdef WC_ASYNC_ENABLE_SHA256
- WC_DECLARE_VAR(digest, byte, WC_SHA256_DIGEST_SIZE, drbg->heap);
- if (digest == NULL)
- return MEMORY_E;
- #else
- byte digest[WC_SHA256_DIGEST_SIZE];
- #endif
- (void)drbg;
- #ifdef WC_ASYNC_ENABLE_SHA256
- if (digest == NULL)
- return DRBG_FAILURE;
- #endif
- #ifdef LITTLE_ENDIAN_ORDER
- bits = ByteReverseWord32(bits);
- #endif
- len = (outSz / OUTPUT_BLOCK_LEN)
- + ((outSz % OUTPUT_BLOCK_LEN) ? 1 : 0);
- ctr = 1;
- for (i = 0; i < len; i++) {
- #ifndef WOLFSSL_SMALL_STACK_CACHE
- #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
- ret = wc_InitSha256_ex(sha, drbg->heap, drbg->devId);
- #else
- ret = wc_InitSha256(sha);
- #endif
- if (ret != 0)
- break;
- #endif
- ret = wc_Sha256Update(sha, &ctr, sizeof(ctr));
- if (ret == 0) {
- ctr++;
- ret = wc_Sha256Update(sha, (byte*)&bits, sizeof(bits));
- }
- if (ret == 0) {
- /* churning V is the only string that doesn't have the type added */
- if (type != drbgInitV)
- ret = wc_Sha256Update(sha, &type, sizeof(type));
- }
- if (ret == 0)
- ret = wc_Sha256Update(sha, inA, inASz);
- if (ret == 0) {
- if (inB != NULL && inBSz > 0)
- ret = wc_Sha256Update(sha, inB, inBSz);
- }
- if (ret == 0)
- ret = wc_Sha256Final(sha, digest);
- #ifndef WOLFSSL_SMALL_STACK_CACHE
- wc_Sha256Free(sha);
- #endif
- if (ret == 0) {
- if (outSz > OUTPUT_BLOCK_LEN) {
- XMEMCPY(out, digest, OUTPUT_BLOCK_LEN);
- outSz -= OUTPUT_BLOCK_LEN;
- out += OUTPUT_BLOCK_LEN;
- }
- else {
- XMEMCPY(out, digest, outSz);
- }
- }
- }
- ForceZero(digest, WC_SHA256_DIGEST_SIZE);
- #ifdef WC_ASYNC_ENABLE_SHA256
- WC_FREE_VAR(digest, drbg->heap);
- #endif
- return (ret == 0) ? DRBG_SUCCESS : DRBG_FAILURE;
- }
- /* Returns: DRBG_SUCCESS or DRBG_FAILURE */
- static int Hash_DRBG_Reseed(DRBG_internal* drbg, const byte* seed, word32 seedSz)
- {
- byte newV[DRBG_SEED_LEN];
- if (drbg == NULL) {
- return DRBG_FAILURE;
- }
- XMEMSET(newV, 0, DRBG_SEED_LEN);
- if (Hash_df(drbg, newV, sizeof(newV), drbgReseed,
- drbg->V, sizeof(drbg->V), seed, seedSz) != DRBG_SUCCESS) {
- return DRBG_FAILURE;
- }
- XMEMCPY(drbg->V, newV, sizeof(drbg->V));
- ForceZero(newV, sizeof(newV));
- if (Hash_df(drbg, drbg->C, sizeof(drbg->C), drbgInitC, drbg->V,
- sizeof(drbg->V), NULL, 0) != DRBG_SUCCESS) {
- return DRBG_FAILURE;
- }
- drbg->reseedCtr = 1;
- drbg->lastBlock = 0;
- drbg->matchCount = 0;
- return DRBG_SUCCESS;
- }
- /* Returns: DRBG_SUCCESS and DRBG_FAILURE or BAD_FUNC_ARG on fail */
- int wc_RNG_DRBG_Reseed(WC_RNG* rng, const byte* seed, word32 seedSz)
- {
- if (rng == NULL || seed == NULL) {
- return BAD_FUNC_ARG;
- }
- if (rng->drbg == NULL) {
- #if defined(HAVE_INTEL_RDSEED) || defined(HAVE_INTEL_RDRAND)
- if (IS_INTEL_RDRAND(intel_flags)) {
- /* using RDRAND not DRBG, so return success */
- return 0;
- }
- return BAD_FUNC_ARG;
- #endif
- }
- return Hash_DRBG_Reseed((DRBG_internal *)rng->drbg, seed, seedSz);
- }
- static WC_INLINE void array_add_one(byte* data, word32 dataSz)
- {
- int i;
- for (i = dataSz - 1; i >= 0; i--)
- {
- data[i]++;
- if (data[i] != 0) break;
- }
- }
- /* Returns: DRBG_SUCCESS or DRBG_FAILURE */
- static int Hash_gen(DRBG_internal* drbg, byte* out, word32 outSz, const byte* V)
- {
- int ret = DRBG_FAILURE;
- byte data[DRBG_SEED_LEN];
- int i;
- int len;
- word32 checkBlock;
- #ifdef WOLFSSL_SMALL_STACK_CACHE
- wc_Sha256* sha = &drbg->sha256;
- #else
- wc_Sha256 sha[1];
- #endif
- #ifdef WC_ASYNC_ENABLE_SHA256
- WC_DECLARE_VAR(digest, byte, WC_SHA256_DIGEST_SIZE, drbg->heap);
- if (digest == NULL)
- return MEMORY_E;
- #else
- byte digest[WC_SHA256_DIGEST_SIZE];
- #endif
- /* Special case: outSz is 0 and out is NULL. wc_Generate a block to save for
- * the continuous test. */
- if (outSz == 0) outSz = 1;
- len = (outSz / OUTPUT_BLOCK_LEN) + ((outSz % OUTPUT_BLOCK_LEN) ? 1 : 0);
- XMEMCPY(data, V, sizeof(data));
- for (i = 0; i < len; i++) {
- #ifndef WOLFSSL_SMALL_STACK_CACHE
- #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
- ret = wc_InitSha256_ex(sha, drbg->heap, drbg->devId);
- #else
- ret = wc_InitSha256(sha);
- #endif
- if (ret == 0)
- #endif
- ret = wc_Sha256Update(sha, data, sizeof(data));
- if (ret == 0)
- ret = wc_Sha256Final(sha, digest);
- #ifndef WOLFSSL_SMALL_STACK_CACHE
- wc_Sha256Free(sha);
- #endif
- if (ret == 0) {
- XMEMCPY(&checkBlock, digest, sizeof(word32));
- if (drbg->reseedCtr > 1 && checkBlock == drbg->lastBlock) {
- if (drbg->matchCount == 1) {
- return DRBG_CONT_FAILURE;
- }
- else {
- if (i == (len-1)) {
- len++;
- }
- drbg->matchCount = 1;
- }
- }
- else {
- drbg->matchCount = 0;
- drbg->lastBlock = checkBlock;
- }
- if (out != NULL && outSz != 0) {
- if (outSz >= OUTPUT_BLOCK_LEN) {
- XMEMCPY(out, digest, OUTPUT_BLOCK_LEN);
- outSz -= OUTPUT_BLOCK_LEN;
- out += OUTPUT_BLOCK_LEN;
- array_add_one(data, DRBG_SEED_LEN);
- }
- else {
- XMEMCPY(out, digest, outSz);
- outSz = 0;
- }
- }
- }
- else {
- /* wc_Sha256Update or wc_Sha256Final returned error */
- break;
- }
- }
- ForceZero(data, sizeof(data));
- #ifdef WC_ASYNC_ENABLE_SHA256
- WC_FREE_VAR(digest, drbg->heap);
- #endif
- return (ret == 0) ? DRBG_SUCCESS : DRBG_FAILURE;
- }
- static WC_INLINE void array_add(byte* d, word32 dLen, const byte* s, word32 sLen)
- {
- word16 carry = 0;
- if (dLen > 0 && sLen > 0 && dLen >= sLen) {
- int sIdx, dIdx;
- dIdx = dLen - 1;
- for (sIdx = sLen - 1; sIdx >= 0; sIdx--) {
- carry += (word16)d[dIdx] + (word16)s[sIdx];
- d[dIdx] = (byte)carry;
- carry >>= 8;
- dIdx--;
- }
- for (; dIdx >= 0; dIdx--) {
- carry += (word16)d[dIdx];
- d[dIdx] = (byte)carry;
- carry >>= 8;
- }
- }
- }
- /* Returns: DRBG_SUCCESS, DRBG_NEED_RESEED, or DRBG_FAILURE */
- static int Hash_DRBG_Generate(DRBG_internal* drbg, byte* out, word32 outSz)
- {
- int ret;
- #ifdef WOLFSSL_SMALL_STACK_CACHE
- wc_Sha256* sha = &drbg->sha256;
- #else
- wc_Sha256 sha[1];
- #endif
- byte type;
- word32 reseedCtr;
- if (drbg == NULL) {
- return DRBG_FAILURE;
- }
- if (drbg->reseedCtr == RESEED_INTERVAL) {
- return DRBG_NEED_RESEED;
- } else {
- #ifdef WC_ASYNC_ENABLE_SHA256
- WC_DECLARE_VAR(digest, byte, WC_SHA256_DIGEST_SIZE, drbg->heap);
- if (digest == NULL)
- return MEMORY_E;
- #else
- byte digest[WC_SHA256_DIGEST_SIZE];
- #endif
- type = drbgGenerateH;
- reseedCtr = drbg->reseedCtr;
- ret = Hash_gen(drbg, out, outSz, drbg->V);
- if (ret == DRBG_SUCCESS) {
- #ifndef WOLFSSL_SMALL_STACK_CACHE
- #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
- ret = wc_InitSha256_ex(sha, drbg->heap, drbg->devId);
- #else
- ret = wc_InitSha256(sha);
- #endif
- if (ret == 0)
- #endif
- ret = wc_Sha256Update(sha, &type, sizeof(type));
- if (ret == 0)
- ret = wc_Sha256Update(sha, drbg->V, sizeof(drbg->V));
- if (ret == 0)
- ret = wc_Sha256Final(sha, digest);
- #ifndef WOLFSSL_SMALL_STACK_CACHE
- wc_Sha256Free(sha);
- #endif
- if (ret == 0) {
- array_add(drbg->V, sizeof(drbg->V), digest, WC_SHA256_DIGEST_SIZE);
- array_add(drbg->V, sizeof(drbg->V), drbg->C, sizeof(drbg->C));
- #ifdef LITTLE_ENDIAN_ORDER
- reseedCtr = ByteReverseWord32(reseedCtr);
- #endif
- array_add(drbg->V, sizeof(drbg->V),
- (byte*)&reseedCtr, sizeof(reseedCtr));
- ret = DRBG_SUCCESS;
- }
- drbg->reseedCtr++;
- }
- ForceZero(digest, WC_SHA256_DIGEST_SIZE);
- #ifdef WC_ASYNC_ENABLE_SHA256
- WC_FREE_VAR(digest, drbg->heap);
- #endif
- }
- return (ret == 0) ? DRBG_SUCCESS : DRBG_FAILURE;
- }
- /* Returns: DRBG_SUCCESS or DRBG_FAILURE */
- static int Hash_DRBG_Instantiate(DRBG_internal* drbg, const byte* seed, word32 seedSz,
- const byte* nonce, word32 nonceSz,
- void* heap, int devId)
- {
- int ret = DRBG_FAILURE;
- XMEMSET(drbg, 0, sizeof(DRBG_internal));
- #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
- drbg->heap = heap;
- drbg->devId = devId;
- #else
- (void)heap;
- (void)devId;
- #endif
- #ifdef WOLFSSL_SMALL_STACK_CACHE
- #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
- ret = wc_InitSha256_ex(&drbg->sha256, drbg->heap, drbg->devId);
- #else
- ret = wc_InitSha256(&drbg->sha256);
- #endif
- if (ret != 0)
- return ret;
- #endif
- if (Hash_df(drbg, drbg->V, sizeof(drbg->V), drbgInitV, seed, seedSz,
- nonce, nonceSz) == DRBG_SUCCESS &&
- Hash_df(drbg, drbg->C, sizeof(drbg->C), drbgInitC, drbg->V,
- sizeof(drbg->V), NULL, 0) == DRBG_SUCCESS) {
- drbg->reseedCtr = 1;
- drbg->lastBlock = 0;
- drbg->matchCount = 0;
- ret = DRBG_SUCCESS;
- }
- return ret;
- }
- /* Returns: DRBG_SUCCESS or DRBG_FAILURE */
- static int Hash_DRBG_Uninstantiate(DRBG_internal* drbg)
- {
- word32 i;
- int compareSum = 0;
- byte* compareDrbg = (byte*)drbg;
- #ifdef WOLFSSL_SMALL_STACK_CACHE
- wc_Sha256Free(&drbg->sha256);
- #endif
- ForceZero(drbg, sizeof(DRBG_internal));
- for (i = 0; i < sizeof(DRBG_internal); i++)
- compareSum |= compareDrbg[i] ^ 0;
- return (compareSum == 0) ? DRBG_SUCCESS : DRBG_FAILURE;
- }
- int wc_RNG_TestSeed(const byte* seed, word32 seedSz)
- {
- int ret = 0;
- /* Check the seed for duplicate words. */
- word32 seedIdx = 0;
- word32 scratchSz = min(SEED_BLOCK_SZ, seedSz - SEED_BLOCK_SZ);
- while (seedIdx < seedSz - SEED_BLOCK_SZ) {
- if (ConstantCompare(seed + seedIdx,
- seed + seedIdx + scratchSz,
- scratchSz) == 0) {
- ret = DRBG_CONT_FAILURE;
- }
- seedIdx += SEED_BLOCK_SZ;
- scratchSz = min(SEED_BLOCK_SZ, (seedSz - seedIdx));
- }
- return ret;
- }
- #endif /* HAVE_HASHDRBG */
- /* End NIST DRBG Code */
- static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
- void* heap, int devId)
- {
- int ret = 0;
- #ifdef HAVE_HASHDRBG
- word32 seedSz = SEED_SZ + SEED_BLOCK_SZ;
- #endif
- (void)nonce;
- (void)nonceSz;
- if (rng == NULL)
- return BAD_FUNC_ARG;
- if (nonce == NULL && nonceSz != 0)
- return BAD_FUNC_ARG;
- #ifdef WOLFSSL_HEAP_TEST
- rng->heap = (void*)WOLFSSL_HEAP_TEST;
- (void)heap;
- #else
- rng->heap = heap;
- #endif
- #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
- rng->devId = devId;
- #if defined(WOLF_CRYPTO_CB)
- rng->seed.devId = devId;
- #endif
- #else
- (void)devId;
- #endif
- #ifdef HAVE_HASHDRBG
- /* init the DBRG to known values */
- rng->drbg = NULL;
- rng->status = DRBG_NOT_INIT;
- #endif
- #if defined(HAVE_INTEL_RDSEED) || defined(HAVE_INTEL_RDRAND) || \
- defined(HAVE_AMD_RDSEED)
- /* init the intel RD seed and/or rand */
- wc_InitRng_IntelRD();
- #endif
- /* configure async RNG source if available */
- #ifdef WOLFSSL_ASYNC_CRYPT
- ret = wolfAsync_DevCtxInit(&rng->asyncDev, WOLFSSL_ASYNC_MARKER_RNG,
- rng->heap, rng->devId);
- if (ret != 0)
- return ret;
- #endif
- #ifdef HAVE_INTEL_RDRAND
- /* if CPU supports RDRAND, use it directly and by-pass DRBG init */
- if (IS_INTEL_RDRAND(intel_flags))
- return 0;
- #endif
- #ifdef WOLFSSL_XILINX_CRYPT_VERSAL
- ret = wc_VersalTrngInit(nonce, nonceSz);
- if (ret)
- return ret;
- #endif
- #ifdef CUSTOM_RAND_GENERATE_BLOCK
- ret = 0; /* success */
- #else
- #ifdef HAVE_HASHDRBG
- if (nonceSz == 0)
- seedSz = MAX_SEED_SZ;
- if (wc_RNG_HealthTestLocal(0) == 0) {
- #ifdef WC_ASYNC_ENABLE_SHA256
- WC_DECLARE_VAR(seed, byte, MAX_SEED_SZ, rng->heap);
- if (seed == NULL)
- return MEMORY_E;
- #else
- byte seed[MAX_SEED_SZ];
- #endif
- #if !defined(WOLFSSL_NO_MALLOC) || defined(WOLFSSL_STATIC_MEMORY)
- rng->drbg =
- (struct DRBG*)XMALLOC(sizeof(DRBG_internal), rng->heap,
- DYNAMIC_TYPE_RNG);
- if (rng->drbg == NULL) {
- ret = MEMORY_E;
- rng->status = DRBG_FAILED;
- }
- #else
- rng->drbg = (struct DRBG*)&rng->drbg_data;
- #endif
- if (ret == 0) {
- #ifdef WC_RNG_SEED_CB
- if (seedCb == NULL) {
- ret = DRBG_NO_SEED_CB;
- }
- else {
- ret = seedCb(&rng->seed, seed, seedSz);
- if (ret != 0) {
- ret = DRBG_FAILURE;
- }
- }
- #else
- ret = wc_GenerateSeed(&rng->seed, seed, seedSz);
- #endif
- if (ret == 0)
- ret = wc_RNG_TestSeed(seed, seedSz);
- else {
- ret = DRBG_FAILURE;
- rng->status = DRBG_FAILED;
- }
- if (ret == DRBG_SUCCESS)
- ret = Hash_DRBG_Instantiate((DRBG_internal *)rng->drbg,
- seed + SEED_BLOCK_SZ, seedSz - SEED_BLOCK_SZ,
- nonce, nonceSz, rng->heap, devId);
- if (ret != DRBG_SUCCESS) {
- #if !defined(WOLFSSL_NO_MALLOC) || defined(WOLFSSL_STATIC_MEMORY)
- XFREE(rng->drbg, rng->heap, DYNAMIC_TYPE_RNG);
- #endif
- rng->drbg = NULL;
- }
- }
- ForceZero(seed, seedSz);
- #ifdef WC_ASYNC_ENABLE_SHA256
- WC_FREE_VAR(seed, rng->heap);
- #endif
- }
- else
- ret = DRBG_CONT_FAILURE;
- if (ret == DRBG_SUCCESS) {
- #ifdef WOLFSSL_CHECK_MEM_ZERO
- #ifdef HAVE_HASHDRBG
- struct DRBG_internal* drbg = (struct DRBG_internal*)rng->drbg;
- wc_MemZero_Add("DRBG V", &drbg->V, sizeof(drbg->V));
- wc_MemZero_Add("DRBG C", &drbg->C, sizeof(drbg->C));
- #endif
- #endif
- rng->status = DRBG_OK;
- ret = 0;
- }
- else if (ret == DRBG_CONT_FAILURE) {
- rng->status = DRBG_CONT_FAILED;
- ret = DRBG_CONT_FIPS_E;
- }
- else if (ret == DRBG_FAILURE) {
- rng->status = DRBG_FAILED;
- ret = RNG_FAILURE_E;
- }
- else {
- rng->status = DRBG_FAILED;
- }
- #endif /* HAVE_HASHDRBG */
- #endif /* CUSTOM_RAND_GENERATE_BLOCK */
- return ret;
- }
- WOLFSSL_ABI
- WC_RNG* wc_rng_new(byte* nonce, word32 nonceSz, void* heap)
- {
- WC_RNG* rng;
- rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), heap, DYNAMIC_TYPE_RNG);
- if (rng) {
- int error = _InitRng(rng, nonce, nonceSz, heap, INVALID_DEVID) != 0;
- if (error) {
- XFREE(rng, heap, DYNAMIC_TYPE_RNG);
- rng = NULL;
- }
- }
- return rng;
- }
- WOLFSSL_ABI
- void wc_rng_free(WC_RNG* rng)
- {
- if (rng) {
- void* heap = rng->heap;
- wc_FreeRng(rng);
- ForceZero(rng, sizeof(WC_RNG));
- XFREE(rng, heap, DYNAMIC_TYPE_RNG);
- (void)heap;
- }
- }
- WOLFSSL_ABI
- int wc_InitRng(WC_RNG* rng)
- {
- return _InitRng(rng, NULL, 0, NULL, INVALID_DEVID);
- }
- int wc_InitRng_ex(WC_RNG* rng, void* heap, int devId)
- {
- return _InitRng(rng, NULL, 0, heap, devId);
- }
- int wc_InitRngNonce(WC_RNG* rng, byte* nonce, word32 nonceSz)
- {
- return _InitRng(rng, nonce, nonceSz, NULL, INVALID_DEVID);
- }
- int wc_InitRngNonce_ex(WC_RNG* rng, byte* nonce, word32 nonceSz,
- void* heap, int devId)
- {
- return _InitRng(rng, nonce, nonceSz, heap, devId);
- }
- /* place a generated block in output */
- WOLFSSL_ABI
- int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz)
- {
- int ret;
- if (rng == NULL || output == NULL)
- return BAD_FUNC_ARG;
- if (sz == 0)
- return 0;
- #ifdef WOLF_CRYPTO_CB
- if (rng->devId != INVALID_DEVID) {
- ret = wc_CryptoCb_RandomBlock(rng, output, sz);
- if (ret != CRYPTOCB_UNAVAILABLE)
- return ret;
- /* fall-through when unavailable */
- }
- #endif
- #ifdef HAVE_INTEL_RDRAND
- if (IS_INTEL_RDRAND(intel_flags))
- return wc_GenerateRand_IntelRD(NULL, output, sz);
- #endif
- #if defined(WOLFSSL_SILABS_SE_ACCEL) && defined(WOLFSSL_SILABS_TRNG)
- return silabs_GenerateRand(output, sz);
- #endif
- #if defined(WOLFSSL_ASYNC_CRYPT)
- if (rng->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RNG) {
- /* these are blocking */
- #ifdef HAVE_CAVIUM
- return NitroxRngGenerateBlock(rng, output, sz);
- #elif defined(HAVE_INTEL_QA) && defined(QAT_ENABLE_RNG)
- return IntelQaDrbg(&rng->asyncDev, output, sz);
- #else
- /* simulator not supported */
- #endif
- }
- #endif
- #ifdef CUSTOM_RAND_GENERATE_BLOCK
- XMEMSET(output, 0, sz);
- ret = CUSTOM_RAND_GENERATE_BLOCK(output, sz);
- #else
- #ifdef HAVE_HASHDRBG
- if (sz > RNG_MAX_BLOCK_LEN)
- return BAD_FUNC_ARG;
- if (rng->status != DRBG_OK)
- return RNG_FAILURE_E;
- ret = Hash_DRBG_Generate((DRBG_internal *)rng->drbg, output, sz);
- if (ret == DRBG_NEED_RESEED) {
- if (wc_RNG_HealthTestLocal(1) == 0) {
- byte newSeed[SEED_SZ + SEED_BLOCK_SZ];
- ret = wc_GenerateSeed(&rng->seed, newSeed,
- SEED_SZ + SEED_BLOCK_SZ);
- if (ret != 0)
- ret = DRBG_FAILURE;
- else
- ret = wc_RNG_TestSeed(newSeed, SEED_SZ + SEED_BLOCK_SZ);
- if (ret == DRBG_SUCCESS)
- ret = Hash_DRBG_Reseed((DRBG_internal *)rng->drbg,
- newSeed + SEED_BLOCK_SZ, SEED_SZ);
- if (ret == DRBG_SUCCESS)
- ret = Hash_DRBG_Generate((DRBG_internal *)rng->drbg, output, sz);
- ForceZero(newSeed, sizeof(newSeed));
- }
- else
- ret = DRBG_CONT_FAILURE;
- }
- if (ret == DRBG_SUCCESS) {
- ret = 0;
- }
- else if (ret == DRBG_CONT_FAILURE) {
- ret = DRBG_CONT_FIPS_E;
- rng->status = DRBG_CONT_FAILED;
- }
- else {
- ret = RNG_FAILURE_E;
- rng->status = DRBG_FAILED;
- }
- #else
- /* if we get here then there is an RNG configuration error */
- ret = RNG_FAILURE_E;
- #endif /* HAVE_HASHDRBG */
- #endif /* CUSTOM_RAND_GENERATE_BLOCK */
- return ret;
- }
- int wc_RNG_GenerateByte(WC_RNG* rng, byte* b)
- {
- return wc_RNG_GenerateBlock(rng, b, 1);
- }
- int wc_FreeRng(WC_RNG* rng)
- {
- int ret = 0;
- if (rng == NULL)
- return BAD_FUNC_ARG;
- #if defined(WOLFSSL_ASYNC_CRYPT)
- wolfAsync_DevCtxFree(&rng->asyncDev, WOLFSSL_ASYNC_MARKER_RNG);
- #endif
- #ifdef HAVE_HASHDRBG
- if (rng->drbg != NULL) {
- if (Hash_DRBG_Uninstantiate((DRBG_internal *)rng->drbg) != DRBG_SUCCESS)
- ret = RNG_FAILURE_E;
- #if !defined(WOLFSSL_NO_MALLOC) || defined(WOLFSSL_STATIC_MEMORY)
- XFREE(rng->drbg, rng->heap, DYNAMIC_TYPE_RNG);
- #elif defined(WOLFSSL_CHECK_MEM_ZERO)
- wc_MemZero_Check(rng->drbg, sizeof(DRBG_internal));
- #endif
- rng->drbg = NULL;
- }
- rng->status = DRBG_NOT_INIT;
- #endif /* HAVE_HASHDRBG */
- #ifdef WOLFSSL_XILINX_CRYPT_VERSAL\
- /* don't overwrite previously set error */
- if (wc_VersalTrngReset() && !ret)
- ret = WC_HW_E;
- #endif
- return ret;
- }
- #ifdef HAVE_HASHDRBG
- int wc_RNG_HealthTest(int reseed, const byte* seedA, word32 seedASz,
- const byte* seedB, word32 seedBSz,
- byte* output, word32 outputSz)
- {
- return wc_RNG_HealthTest_ex(reseed, NULL, 0,
- seedA, seedASz, seedB, seedBSz,
- output, outputSz,
- NULL, INVALID_DEVID);
- }
- int wc_RNG_HealthTest_ex(int reseed, const byte* nonce, word32 nonceSz,
- const byte* seedA, word32 seedASz,
- const byte* seedB, word32 seedBSz,
- byte* output, word32 outputSz,
- void* heap, int devId)
- {
- int ret = -1;
- DRBG_internal* drbg;
- #ifndef WOLFSSL_SMALL_STACK
- DRBG_internal drbg_var;
- #endif
- if (seedA == NULL || output == NULL) {
- return BAD_FUNC_ARG;
- }
- if (reseed != 0 && seedB == NULL) {
- return BAD_FUNC_ARG;
- }
- if (outputSz != RNG_HEALTH_TEST_CHECK_SIZE) {
- return ret;
- }
- #ifdef WOLFSSL_SMALL_STACK
- drbg = (DRBG_internal*)XMALLOC(sizeof(DRBG_internal), NULL, DYNAMIC_TYPE_RNG);
- if (drbg == NULL) {
- return MEMORY_E;
- }
- #else
- drbg = &drbg_var;
- #endif
- if (Hash_DRBG_Instantiate(drbg, seedA, seedASz, nonce, nonceSz,
- heap, devId) != 0) {
- goto exit_rng_ht;
- }
- if (reseed) {
- if (Hash_DRBG_Reseed(drbg, seedB, seedBSz) != 0) {
- goto exit_rng_ht;
- }
- }
- /* This call to generate is prescribed by the NIST DRBGVS
- * procedure. The results are thrown away. The known
- * answer test checks the second block of DRBG out of
- * the generator to ensure the internal state is updated
- * as expected. */
- if (Hash_DRBG_Generate(drbg, output, outputSz) != 0) {
- goto exit_rng_ht;
- }
- if (Hash_DRBG_Generate(drbg, output, outputSz) != 0) {
- goto exit_rng_ht;
- }
- /* Mark success */
- ret = 0;
- exit_rng_ht:
- /* This is safe to call even if Hash_DRBG_Instantiate fails */
- if (Hash_DRBG_Uninstantiate(drbg) != 0) {
- ret = -1;
- }
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(drbg, NULL, DYNAMIC_TYPE_RNG);
- #endif
- return ret;
- }
- const FLASH_QUALIFIER byte seedA_data[] = {
- 0x63, 0x36, 0x33, 0x77, 0xe4, 0x1e, 0x86, 0x46, 0x8d, 0xeb, 0x0a, 0xb4,
- 0xa8, 0xed, 0x68, 0x3f, 0x6a, 0x13, 0x4e, 0x47, 0xe0, 0x14, 0xc7, 0x00,
- 0x45, 0x4e, 0x81, 0xe9, 0x53, 0x58, 0xa5, 0x69, 0x80, 0x8a, 0xa3, 0x8f,
- 0x2a, 0x72, 0xa6, 0x23, 0x59, 0x91, 0x5a, 0x9f, 0x8a, 0x04, 0xca, 0x68
- };
- const FLASH_QUALIFIER byte reseedSeedA_data[] = {
- 0xe6, 0x2b, 0x8a, 0x8e, 0xe8, 0xf1, 0x41, 0xb6, 0x98, 0x05, 0x66, 0xe3,
- 0xbf, 0xe3, 0xc0, 0x49, 0x03, 0xda, 0xd4, 0xac, 0x2c, 0xdf, 0x9f, 0x22,
- 0x80, 0x01, 0x0a, 0x67, 0x39, 0xbc, 0x83, 0xd3
- };
- const FLASH_QUALIFIER byte outputA_data[] = {
- 0x04, 0xee, 0xc6, 0x3b, 0xb2, 0x31, 0xdf, 0x2c, 0x63, 0x0a, 0x1a, 0xfb,
- 0xe7, 0x24, 0x94, 0x9d, 0x00, 0x5a, 0x58, 0x78, 0x51, 0xe1, 0xaa, 0x79,
- 0x5e, 0x47, 0x73, 0x47, 0xc8, 0xb0, 0x56, 0x62, 0x1c, 0x18, 0xbd, 0xdc,
- 0xdd, 0x8d, 0x99, 0xfc, 0x5f, 0xc2, 0xb9, 0x20, 0x53, 0xd8, 0xcf, 0xac,
- 0xfb, 0x0b, 0xb8, 0x83, 0x12, 0x05, 0xfa, 0xd1, 0xdd, 0xd6, 0xc0, 0x71,
- 0x31, 0x8a, 0x60, 0x18, 0xf0, 0x3b, 0x73, 0xf5, 0xed, 0xe4, 0xd4, 0xd0,
- 0x71, 0xf9, 0xde, 0x03, 0xfd, 0x7a, 0xea, 0x10, 0x5d, 0x92, 0x99, 0xb8,
- 0xaf, 0x99, 0xaa, 0x07, 0x5b, 0xdb, 0x4d, 0xb9, 0xaa, 0x28, 0xc1, 0x8d,
- 0x17, 0x4b, 0x56, 0xee, 0x2a, 0x01, 0x4d, 0x09, 0x88, 0x96, 0xff, 0x22,
- 0x82, 0xc9, 0x55, 0xa8, 0x19, 0x69, 0xe0, 0x69, 0xfa, 0x8c, 0xe0, 0x07,
- 0xa1, 0x80, 0x18, 0x3a, 0x07, 0xdf, 0xae, 0x17
- };
- const FLASH_QUALIFIER byte seedB_data[] = {
- 0xa6, 0x5a, 0xd0, 0xf3, 0x45, 0xdb, 0x4e, 0x0e, 0xff, 0xe8, 0x75, 0xc3,
- 0xa2, 0xe7, 0x1f, 0x42, 0xc7, 0x12, 0x9d, 0x62, 0x0f, 0xf5, 0xc1, 0x19,
- 0xa9, 0xef, 0x55, 0xf0, 0x51, 0x85, 0xe0, 0xfb, /* nonce next */
- 0x85, 0x81, 0xf9, 0x31, 0x75, 0x17, 0x27, 0x6e, 0x06, 0xe9, 0x60, 0x7d,
- 0xdb, 0xcb, 0xcc, 0x2e
- };
- const FLASH_QUALIFIER byte outputB_data[] = {
- 0xd3, 0xe1, 0x60, 0xc3, 0x5b, 0x99, 0xf3, 0x40, 0xb2, 0x62, 0x82, 0x64,
- 0xd1, 0x75, 0x10, 0x60, 0xe0, 0x04, 0x5d, 0xa3, 0x83, 0xff, 0x57, 0xa5,
- 0x7d, 0x73, 0xa6, 0x73, 0xd2, 0xb8, 0xd8, 0x0d, 0xaa, 0xf6, 0xa6, 0xc3,
- 0x5a, 0x91, 0xbb, 0x45, 0x79, 0xd7, 0x3f, 0xd0, 0xc8, 0xfe, 0xd1, 0x11,
- 0xb0, 0x39, 0x13, 0x06, 0x82, 0x8a, 0xdf, 0xed, 0x52, 0x8f, 0x01, 0x81,
- 0x21, 0xb3, 0xfe, 0xbd, 0xc3, 0x43, 0xe7, 0x97, 0xb8, 0x7d, 0xbb, 0x63,
- 0xdb, 0x13, 0x33, 0xde, 0xd9, 0xd1, 0xec, 0xe1, 0x77, 0xcf, 0xa6, 0xb7,
- 0x1f, 0xe8, 0xab, 0x1d, 0xa4, 0x66, 0x24, 0xed, 0x64, 0x15, 0xe5, 0x1c,
- 0xcd, 0xe2, 0xc7, 0xca, 0x86, 0xe2, 0x83, 0x99, 0x0e, 0xea, 0xeb, 0x91,
- 0x12, 0x04, 0x15, 0x52, 0x8b, 0x22, 0x95, 0x91, 0x02, 0x81, 0xb0, 0x2d,
- 0xd4, 0x31, 0xf4, 0xc9, 0xf7, 0x04, 0x27, 0xdf
- };
- static int wc_RNG_HealthTestLocal(int reseed)
- {
- int ret = 0;
- #ifdef WOLFSSL_SMALL_STACK
- byte* check;
- #else
- byte check[RNG_HEALTH_TEST_CHECK_SIZE];
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- check = (byte*)XMALLOC(RNG_HEALTH_TEST_CHECK_SIZE, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (check == NULL) {
- return MEMORY_E;
- }
- #endif
- if (reseed) {
- #ifdef WOLFSSL_USE_FLASHMEM
- byte* seedA = (byte*)XMALLOC(sizeof(seedA_data), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- byte* reseedSeedA = (byte*)XMALLOC(sizeof(reseedSeedA_data), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- byte* outputA = (byte*)XMALLOC(sizeof(outputA_data), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (!seedA || !reseedSeedA || !outputA) {
- XFREE(seedA, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(reseedSeedA, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(outputA, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- ret = MEMORY_E;
- }
- else {
- XMEMCPY_P(seedA, seedA_data, sizeof(seedA_data));
- XMEMCPY_P(reseedSeedA, reseedSeedA_data, sizeof(reseedSeedA_data));
- XMEMCPY_P(outputA, outputA_data, sizeof(outputA_data));
- #else
- const byte* seedA = seedA_data;
- const byte* reseedSeedA = reseedSeedA_data;
- const byte* outputA = outputA_data;
- #endif
- ret = wc_RNG_HealthTest(1, seedA, sizeof(seedA_data),
- reseedSeedA, sizeof(reseedSeedA_data),
- check, RNG_HEALTH_TEST_CHECK_SIZE);
- if (ret == 0) {
- if (ConstantCompare(check, outputA,
- RNG_HEALTH_TEST_CHECK_SIZE) != 0)
- ret = -1;
- }
- #ifdef WOLFSSL_USE_FLASHMEM
- XFREE(seedA, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(reseedSeedA, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(outputA, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif
- }
- else {
- #ifdef WOLFSSL_USE_FLASHMEM
- byte* seedB = (byte*)XMALLOC(sizeof(seedB_data), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- byte* outputB = (byte*)XMALLOC(sizeof(outputB_data), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (!seedB || !outputB) {
- XFREE(seedB, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(outputB, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- ret = MEMORY_E;
- }
- else {
- XMEMCPY_P(seedB, seedB_data, sizeof(seedB_data));
- XMEMCPY_P(outputB, outputB_data, sizeof(outputB_data));
- #else
- const byte* seedB = seedB_data;
- const byte* outputB = outputB_data;
- #endif
- ret = wc_RNG_HealthTest(0, seedB, sizeof(seedB_data),
- NULL, 0,
- check, RNG_HEALTH_TEST_CHECK_SIZE);
- if (ret == 0) {
- if (ConstantCompare(check, outputB,
- RNG_HEALTH_TEST_CHECK_SIZE) != 0)
- ret = -1;
- }
- /* The previous test cases use a large seed instead of a seed and nonce.
- * seedB is actually from a test case with a seed and nonce, and
- * just concatenates them. The pivot point between seed and nonce is
- * byte 32, feed them into the health test separately. */
- if (ret == 0) {
- ret = wc_RNG_HealthTest_ex(0,
- seedB + 32, sizeof(seedB_data) - 32,
- seedB, 32,
- NULL, 0,
- check, RNG_HEALTH_TEST_CHECK_SIZE,
- NULL, INVALID_DEVID);
- if (ret == 0) {
- if (ConstantCompare(check, outputB, sizeof(outputB_data)) != 0)
- ret = -1;
- }
- }
- #ifdef WOLFSSL_USE_FLASHMEM
- XFREE(seedB, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(outputB, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif
- }
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(check, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #endif /* HAVE_HASHDRBG */
- #ifdef HAVE_WNR
- /*
- * Init global Whitewood netRandom context
- * Returns 0 on success, negative on error
- */
- int wc_InitNetRandom(const char* configFile, wnr_hmac_key hmac_cb, int timeout)
- {
- if (configFile == NULL || timeout < 0)
- return BAD_FUNC_ARG;
- if (wnr_mutex_init > 0) {
- WOLFSSL_MSG("netRandom context already created, skipping");
- return 0;
- }
- if (wc_InitMutex(&wnr_mutex) != 0) {
- WOLFSSL_MSG("Bad Init Mutex wnr_mutex");
- return BAD_MUTEX_E;
- }
- wnr_mutex_init = 1;
- if (wc_LockMutex(&wnr_mutex) != 0) {
- WOLFSSL_MSG("Bad Lock Mutex wnr_mutex");
- return BAD_MUTEX_E;
- }
- /* store entropy timeout */
- wnr_timeout = timeout;
- /* create global wnr_context struct */
- if (wnr_create(&wnr_ctx) != WNR_ERROR_NONE) {
- WOLFSSL_MSG("Error creating global netRandom context");
- return RNG_FAILURE_E;
- }
- /* load config file */
- if (wnr_config_loadf(wnr_ctx, (char*)configFile) != WNR_ERROR_NONE) {
- WOLFSSL_MSG("Error loading config file into netRandom context");
- wnr_destroy(wnr_ctx);
- wnr_ctx = NULL;
- return RNG_FAILURE_E;
- }
- /* create/init polling mechanism */
- if (wnr_poll_create() != WNR_ERROR_NONE) {
- WOLFSSL_MSG("Error initializing netRandom polling mechanism");
- wnr_destroy(wnr_ctx);
- wnr_ctx = NULL;
- return RNG_FAILURE_E;
- }
- /* validate config, set HMAC callback (optional) */
- if (wnr_setup(wnr_ctx, hmac_cb) != WNR_ERROR_NONE) {
- WOLFSSL_MSG("Error setting up netRandom context");
- wnr_destroy(wnr_ctx);
- wnr_ctx = NULL;
- wnr_poll_destroy();
- return RNG_FAILURE_E;
- }
- wc_UnLockMutex(&wnr_mutex);
- return 0;
- }
- /*
- * Free global Whitewood netRandom context
- * Returns 0 on success, negative on error
- */
- int wc_FreeNetRandom(void)
- {
- if (wnr_mutex_init > 0) {
- if (wc_LockMutex(&wnr_mutex) != 0) {
- WOLFSSL_MSG("Bad Lock Mutex wnr_mutex");
- return BAD_MUTEX_E;
- }
- if (wnr_ctx != NULL) {
- wnr_destroy(wnr_ctx);
- wnr_ctx = NULL;
- }
- wnr_poll_destroy();
- wc_UnLockMutex(&wnr_mutex);
- wc_FreeMutex(&wnr_mutex);
- wnr_mutex_init = 0;
- }
- return 0;
- }
- #endif /* HAVE_WNR */
- #if defined(HAVE_INTEL_RDRAND) || defined(HAVE_INTEL_RDSEED) || \
- defined(HAVE_AMD_RDSEED)
- #ifdef WOLFSSL_ASYNC_CRYPT
- /* need more retries if multiple cores */
- #define INTELRD_RETRY (32 * 8)
- #else
- #define INTELRD_RETRY 32
- #endif
- #if defined(HAVE_INTEL_RDSEED) || defined(HAVE_AMD_RDSEED)
- #ifndef USE_INTEL_INTRINSICS
- /* return 0 on success */
- static WC_INLINE int IntelRDseed64(word64* seed)
- {
- unsigned char ok;
- __asm__ volatile("rdseed %0; setc %1":"=r"(*seed), "=qm"(ok));
- return (ok) ? 0 : -1;
- }
- #else /* USE_INTEL_INTRINSICS */
- /* The compiler Visual Studio uses does not allow inline assembly.
- * It does allow for Intel intrinsic functions. */
- /* return 0 on success */
- # ifdef __GNUC__
- __attribute__((target("rdseed")))
- # endif
- static WC_INLINE int IntelRDseed64(word64* seed)
- {
- int ok;
- ok = _rdseed64_step((unsigned long long*) seed);
- return (ok) ? 0 : -1;
- }
- #endif /* USE_INTEL_INTRINSICS */
- /* return 0 on success */
- static WC_INLINE int IntelRDseed64_r(word64* rnd)
- {
- int i;
- for (i = 0; i < INTELRD_RETRY; i++) {
- if (IntelRDseed64(rnd) == 0)
- return 0;
- }
- return -1;
- }
- #ifndef WOLFSSL_LINUXKM
- /* return 0 on success */
- static int wc_GenerateSeed_IntelRD(OS_Seed* os, byte* output, word32 sz)
- {
- int ret;
- word64 rndTmp;
- (void)os;
- if (!IS_INTEL_RDSEED(intel_flags))
- return -1;
- for (; (sz / sizeof(word64)) > 0; sz -= sizeof(word64),
- output += sizeof(word64)) {
- ret = IntelRDseed64_r((word64*)output);
- if (ret != 0)
- return ret;
- }
- if (sz == 0)
- return 0;
- /* handle unaligned remainder */
- ret = IntelRDseed64_r(&rndTmp);
- if (ret != 0)
- return ret;
- XMEMCPY(output, &rndTmp, sz);
- ForceZero(&rndTmp, sizeof(rndTmp));
- return 0;
- }
- #endif
- #endif /* HAVE_INTEL_RDSEED || HAVE_AMD_RDSEED */
- #ifdef HAVE_INTEL_RDRAND
- #ifndef USE_INTEL_INTRINSICS
- /* return 0 on success */
- static WC_INLINE int IntelRDrand64(word64 *rnd)
- {
- unsigned char ok;
- __asm__ volatile("rdrand %0; setc %1":"=r"(*rnd), "=qm"(ok));
- return (ok) ? 0 : -1;
- }
- #else /* USE_INTEL_INTRINSICS */
- /* The compiler Visual Studio uses does not allow inline assembly.
- * It does allow for Intel intrinsic functions. */
- /* return 0 on success */
- # ifdef __GNUC__
- __attribute__((target("rdrnd")))
- # endif
- static WC_INLINE int IntelRDrand64(word64 *rnd)
- {
- int ok;
- ok = _rdrand64_step((unsigned long long*) rnd);
- return (ok) ? 0 : -1;
- }
- #endif /* USE_INTEL_INTRINSICS */
- /* return 0 on success */
- static WC_INLINE int IntelRDrand64_r(word64 *rnd)
- {
- int i;
- for (i = 0; i < INTELRD_RETRY; i++) {
- if (IntelRDrand64(rnd) == 0)
- return 0;
- }
- return -1;
- }
- /* return 0 on success */
- static int wc_GenerateRand_IntelRD(OS_Seed* os, byte* output, word32 sz)
- {
- int ret;
- word64 rndTmp;
- (void)os;
- if (!IS_INTEL_RDRAND(intel_flags))
- return -1;
- for (; (sz / sizeof(word64)) > 0; sz -= sizeof(word64),
- output += sizeof(word64)) {
- ret = IntelRDrand64_r((word64 *)output);
- if (ret != 0)
- return ret;
- }
- if (sz == 0)
- return 0;
- /* handle unaligned remainder */
- ret = IntelRDrand64_r(&rndTmp);
- if (ret != 0)
- return ret;
- XMEMCPY(output, &rndTmp, sz);
- return 0;
- }
- #endif /* HAVE_INTEL_RDRAND */
- #endif /* HAVE_INTEL_RDRAND || HAVE_INTEL_RDSEED || HAVE_AMD_RDSEED */
- /* Begin wc_GenerateSeed Implementations */
- #if defined(CUSTOM_RAND_GENERATE_SEED)
- /* Implement your own random generation function
- * Return 0 to indicate success
- * int rand_gen_seed(byte* output, word32 sz);
- * #define CUSTOM_RAND_GENERATE_SEED rand_gen_seed */
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- (void)os; /* Suppress unused arg warning */
- return CUSTOM_RAND_GENERATE_SEED(output, sz);
- }
- #elif defined(CUSTOM_RAND_GENERATE_SEED_OS)
- /* Implement your own random generation function,
- * which includes OS_Seed.
- * Return 0 to indicate success
- * int rand_gen_seed(OS_Seed* os, byte* output, word32 sz);
- * #define CUSTOM_RAND_GENERATE_SEED_OS rand_gen_seed */
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- return CUSTOM_RAND_GENERATE_SEED_OS(os, output, sz);
- }
- #elif defined(CUSTOM_RAND_GENERATE)
- /* Implement your own random generation function
- * word32 rand_gen(void);
- * #define CUSTOM_RAND_GENERATE rand_gen */
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- word32 i = 0;
- (void)os;
- while (i < sz)
- {
- /* If not aligned or there is odd/remainder */
- if( (i + sizeof(CUSTOM_RAND_TYPE)) > sz ||
- ((wc_ptr_t)&output[i] % sizeof(CUSTOM_RAND_TYPE)) != 0
- ) {
- /* Single byte at a time */
- output[i++] = (byte)CUSTOM_RAND_GENERATE();
- }
- else {
- /* Use native 8, 16, 32 or 64 copy instruction */
- *((CUSTOM_RAND_TYPE*)&output[i]) = CUSTOM_RAND_GENERATE();
- i += sizeof(CUSTOM_RAND_TYPE);
- }
- }
- return 0;
- }
- #elif defined(WOLFSSL_SGX)
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- int ret = !SGX_SUCCESS;
- int i, read_max = 10;
- for (i = 0; i < read_max && ret != SGX_SUCCESS; i++) {
- ret = sgx_read_rand(output, sz);
- }
- (void)os;
- return (ret == SGX_SUCCESS) ? 0 : 1;
- }
- #elif defined(USE_WINDOWS_API)
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- #ifdef WOLF_CRYPTO_CB
- int ret;
- if (os != NULL && os->devId != INVALID_DEVID) {
- ret = wc_CryptoCb_RandomSeed(os, output, sz);
- if (ret != CRYPTOCB_UNAVAILABLE)
- return ret;
- /* fall-through when unavailable */
- }
- #endif
- #ifdef HAVE_INTEL_RDSEED
- if (IS_INTEL_RDSEED(intel_flags)) {
- if (!wc_GenerateSeed_IntelRD(NULL, output, sz)) {
- /* success, we're done */
- return 0;
- }
- #ifdef FORCE_FAILURE_RDSEED
- /* don't fall back to CryptoAPI */
- return READ_RAN_E;
- #endif
- }
- #endif /* HAVE_INTEL_RDSEED */
- if(!CryptAcquireContext(&os->handle, 0, 0, PROV_RSA_FULL,
- CRYPT_VERIFYCONTEXT))
- return WINCRYPT_E;
- if (!CryptGenRandom(os->handle, sz, output))
- return CRYPTGEN_E;
- CryptReleaseContext(os->handle, 0);
- return 0;
- }
- #elif defined(HAVE_RTP_SYS) || defined(EBSNET)
- #include "rtprand.h" /* rtp_rand () */
- #include "rtptime.h" /* rtp_get_system_msec() */
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- word32 i;
- rtp_srand(rtp_get_system_msec());
- for (i = 0; i < sz; i++ ) {
- output[i] = rtp_rand() % 256;
- }
- return 0;
- }
- #elif (defined(WOLFSSL_ATMEL) || defined(WOLFSSL_ATECC_RNG)) && \
- !defined(WOLFSSL_PIC32MZ_RNG)
- /* enable ATECC RNG unless using PIC32MZ one instead */
- #include <wolfssl/wolfcrypt/port/atmel/atmel.h>
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- int ret = 0;
- (void)os;
- if (output == NULL) {
- return BUFFER_E;
- }
- ret = atmel_get_random_number(sz, output);
- return ret;
- }
- #elif defined(MICROCHIP_PIC32)
- #ifdef MICROCHIP_MPLAB_HARMONY
- #ifdef MICROCHIP_MPLAB_HARMONY_3
- #include "system/time/sys_time.h"
- #define PIC32_SEED_COUNT SYS_TIME_CounterGet
- #else
- #define PIC32_SEED_COUNT _CP0_GET_COUNT
- #endif
- #else
- #if !defined(WOLFSSL_MICROCHIP_PIC32MZ)
- #include <peripheral/timer.h>
- #endif
- extern word32 ReadCoreTimer(void);
- #define PIC32_SEED_COUNT ReadCoreTimer
- #endif
- #ifdef WOLFSSL_PIC32MZ_RNG
- #include "xc.h"
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- int i;
- byte rnd[8];
- word32 *rnd32 = (word32 *)rnd;
- word32 size = sz;
- byte* op = output;
- #if ((__PIC32_FEATURE_SET0 == 'E') && (__PIC32_FEATURE_SET1 == 'C'))
- RNGNUMGEN1 = _CP0_GET_COUNT();
- RNGPOLY1 = _CP0_GET_COUNT();
- RNGPOLY2 = _CP0_GET_COUNT();
- RNGNUMGEN2 = _CP0_GET_COUNT();
- #else
- /* All others can be seeded from the TRNG */
- RNGCONbits.TRNGMODE = 1;
- RNGCONbits.TRNGEN = 1;
- while (RNGCNT < 64);
- RNGCONbits.LOAD = 1;
- while (RNGCONbits.LOAD == 1);
- while (RNGCNT < 64);
- RNGPOLY2 = RNGSEED2;
- RNGPOLY1 = RNGSEED1;
- #endif
- RNGCONbits.PLEN = 0x40;
- RNGCONbits.PRNGEN = 1;
- for (i=0; i<5; i++) { /* wait for RNGNUMGEN ready */
- volatile int x, y;
- x = RNGNUMGEN1;
- y = RNGNUMGEN2;
- (void)x;
- (void)y;
- }
- do {
- rnd32[0] = RNGNUMGEN1;
- rnd32[1] = RNGNUMGEN2;
- for(i=0; i<8; i++, op++) {
- *op = rnd[i];
- size --;
- if(size==0)break;
- }
- } while(size);
- return 0;
- }
- #else /* WOLFSSL_PIC32MZ_RNG */
- /* uses the core timer, in nanoseconds to seed srand */
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- int i;
- srand(PIC32_SEED_COUNT() * 25);
- for (i = 0; i < sz; i++ ) {
- output[i] = rand() % 256;
- if ( (i % 8) == 7)
- srand(PIC32_SEED_COUNT() * 25);
- }
- return 0;
- }
- #endif /* WOLFSSL_PIC32MZ_RNG */
- #elif defined(FREESCALE_K70_RNGA) || defined(FREESCALE_RNGA)
- /*
- * wc_Generates a RNG seed using the Random Number Generator Accelerator
- * on the Kinetis K70. Documentation located in Chapter 37 of
- * K70 Sub-Family Reference Manual (see Note 3 in the README for link).
- */
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- word32 i;
- /* turn on RNGA module */
- #if defined(SIM_SCGC3_RNGA_MASK)
- SIM_SCGC3 |= SIM_SCGC3_RNGA_MASK;
- #endif
- #if defined(SIM_SCGC6_RNGA_MASK)
- /* additionally needed for at least K64F */
- SIM_SCGC6 |= SIM_SCGC6_RNGA_MASK;
- #endif
- /* set SLP bit to 0 - "RNGA is not in sleep mode" */
- RNG_CR &= ~RNG_CR_SLP_MASK;
- /* set HA bit to 1 - "security violations masked" */
- RNG_CR |= RNG_CR_HA_MASK;
- /* set GO bit to 1 - "output register loaded with data" */
- RNG_CR |= RNG_CR_GO_MASK;
- for (i = 0; i < sz; i++) {
- /* wait for RNG FIFO to be full */
- while((RNG_SR & RNG_SR_OREG_LVL(0xF)) == 0) {}
- /* get value */
- output[i] = RNG_OR;
- }
- return 0;
- }
- #elif defined(FREESCALE_K53_RNGB) || defined(FREESCALE_RNGB)
- /*
- * wc_Generates a RNG seed using the Random Number Generator (RNGB)
- * on the Kinetis K53. Documentation located in Chapter 33 of
- * K53 Sub-Family Reference Manual (see note in the README for link).
- */
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- int i;
- /* turn on RNGB module */
- SIM_SCGC3 |= SIM_SCGC3_RNGB_MASK;
- /* reset RNGB */
- RNG_CMD |= RNG_CMD_SR_MASK;
- /* FIFO generate interrupt, return all zeros on underflow,
- * set auto reseed */
- RNG_CR |= (RNG_CR_FUFMOD_MASK | RNG_CR_AR_MASK);
- /* gen seed, clear interrupts, clear errors */
- RNG_CMD |= (RNG_CMD_GS_MASK | RNG_CMD_CI_MASK | RNG_CMD_CE_MASK);
- /* wait for seeding to complete */
- while ((RNG_SR & RNG_SR_SDN_MASK) == 0) {}
- for (i = 0; i < sz; i++) {
- /* wait for a word to be available from FIFO */
- while((RNG_SR & RNG_SR_FIFO_LVL_MASK) == 0) {}
- /* get value */
- output[i] = RNG_OUT;
- }
- return 0;
- }
- #elif defined(FREESCALE_KSDK_2_0_TRNG)
- #ifndef TRNG0
- #define TRNG0 TRNG
- #endif
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- status_t status;
- status = TRNG_GetRandomData(TRNG0, output, sz);
- (void)os;
- if (status == kStatus_Success)
- {
- return(0);
- }
- return RAN_BLOCK_E;
- }
- #elif defined(FREESCALE_KSDK_2_0_RNGA)
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- status_t status;
- status = RNGA_GetRandomData(RNG, output, sz);
- (void)os;
- if (status == kStatus_Success)
- {
- return(0);
- }
- return RAN_BLOCK_E;
- }
- #elif defined(FREESCALE_RNGA)
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- status_t status;
- status = RNGA_GetRandomData(RNG, output, sz);
- (void)os;
- if (status == kStatus_Success)
- {
- return(0);
- }
- return RAN_BLOCK_E;
- }
- #elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) || \
- defined(FREESCALE_KSDK_BM) || defined(FREESCALE_FREE_RTOS)
- /*
- * Fallback to USE_TEST_GENSEED if a FREESCALE platform did not match any
- * of the TRNG/RNGA/RNGB support
- */
- #define USE_TEST_GENSEED
- #elif defined(WOLFSSL_SILABS_SE_ACCEL)
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- (void)os;
- return silabs_GenerateRand(output, sz);
- }
- #elif defined(STM32_RNG)
- /* Generate a RNG seed using the hardware random number generator
- * on the STM32F2/F4/F7/L4. */
- #ifdef WOLFSSL_STM32_CUBEMX
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- int ret;
- RNG_HandleTypeDef hrng;
- word32 i = 0;
- (void)os;
- ret = wolfSSL_CryptHwMutexLock();
- if (ret != 0) {
- return ret;
- }
- /* enable RNG clock source */
- __HAL_RCC_RNG_CLK_ENABLE();
- /* enable RNG peripheral */
- XMEMSET(&hrng, 0, sizeof(hrng));
- hrng.Instance = RNG;
- HAL_RNG_Init(&hrng);
- while (i < sz) {
- /* If not aligned or there is odd/remainder */
- if( (i + sizeof(word32)) > sz ||
- ((wc_ptr_t)&output[i] % sizeof(word32)) != 0
- ) {
- /* Single byte at a time */
- uint32_t tmpRng = 0;
- if (HAL_RNG_GenerateRandomNumber(&hrng, &tmpRng) != HAL_OK) {
- wolfSSL_CryptHwMutexUnLock();
- return RAN_BLOCK_E;
- }
- output[i++] = (byte)tmpRng;
- }
- else {
- /* Use native 32 instruction */
- if (HAL_RNG_GenerateRandomNumber(&hrng, (uint32_t*)&output[i]) != HAL_OK) {
- wolfSSL_CryptHwMutexUnLock();
- return RAN_BLOCK_E;
- }
- i += sizeof(word32);
- }
- }
- HAL_RNG_DeInit(&hrng);
- wolfSSL_CryptHwMutexUnLock();
- return 0;
- }
- #elif defined(WOLFSSL_STM32F427_RNG) || defined(WOLFSSL_STM32_RNG_NOLIB)
- /* Generate a RNG seed using the hardware RNG on the STM32F427
- * directly, following steps outlined in STM32F4 Reference
- * Manual (Chapter 24) for STM32F4xx family. */
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- int ret;
- word32 i;
- (void)os;
- ret = wolfSSL_CryptHwMutexLock();
- if (ret != 0) {
- return ret;
- }
- /* enable RNG peripheral clock */
- RCC->AHB2ENR |= RCC_AHB2ENR_RNGEN;
- /* enable RNG interrupt, set IE bit in RNG->CR register */
- RNG->CR |= RNG_CR_IE;
- /* enable RNG, set RNGEN bit in RNG->CR. Activates RNG,
- * RNG_LFSR, and error detector */
- RNG->CR |= RNG_CR_RNGEN;
- /* verify no errors, make sure SEIS and CEIS bits are 0
- * in RNG->SR register */
- if (RNG->SR & (RNG_SR_SECS | RNG_SR_CECS)) {
- wolfSSL_CryptHwMutexUnLock();
- return RNG_FAILURE_E;
- }
- for (i = 0; i < sz; i++) {
- /* wait until RNG number is ready */
- while ((RNG->SR & RNG_SR_DRDY) == 0) { }
- /* get value */
- output[i] = RNG->DR;
- }
- wolfSSL_CryptHwMutexUnLock();
- return 0;
- }
- #else
- /* Generate a RNG seed using the STM32 Standard Peripheral Library */
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- int ret;
- word32 i;
- (void)os;
- ret = wolfSSL_CryptHwMutexLock();
- if (ret != 0) {
- return ret;
- }
- /* enable RNG clock source */
- RCC_AHB2PeriphClockCmd(RCC_AHB2Periph_RNG, ENABLE);
- /* reset RNG */
- RNG_DeInit();
- /* enable RNG peripheral */
- RNG_Cmd(ENABLE);
- /* verify no errors with RNG_CLK or Seed */
- if (RNG_GetFlagStatus(RNG_FLAG_SECS | RNG_FLAG_CECS) != RESET) {
- wolfSSL_CryptHwMutexUnLock();
- return RNG_FAILURE_E;
- }
- for (i = 0; i < sz; i++) {
- /* wait until RNG number is ready */
- while (RNG_GetFlagStatus(RNG_FLAG_DRDY) == RESET) { }
- /* get value */
- output[i] = RNG_GetRandomNumber();
- }
- wolfSSL_CryptHwMutexUnLock();
- return 0;
- }
- #endif /* WOLFSSL_STM32_CUBEMX */
- #elif defined(WOLFSSL_TIRTOS)
- #warning "potential for not enough entropy, currently being used for testing"
- #include <xdc/runtime/Timestamp.h>
- #include <stdlib.h>
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- int i;
- srand(xdc_runtime_Timestamp_get32());
- for (i = 0; i < sz; i++ ) {
- output[i] = rand() % 256;
- if ((i % 8) == 7) {
- srand(xdc_runtime_Timestamp_get32());
- }
- }
- return 0;
- }
- #elif defined(WOLFSSL_PB)
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- word32 i;
- for (i = 0; i < sz; i++)
- output[i] = UTL_Rand();
- (void)os;
- return 0;
- }
- #elif defined(WOLFSSL_NUCLEUS)
- #include "nucleus.h"
- #include "kernel/plus_common.h"
- #warning "potential for not enough entropy, currently being used for testing"
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- int i;
- srand(NU_Get_Time_Stamp());
- for (i = 0; i < sz; i++ ) {
- output[i] = rand() % 256;
- if ((i % 8) == 7) {
- srand(NU_Get_Time_Stamp());
- }
- }
- return 0;
- }
- #elif defined(WOLFSSL_DEOS) && !defined(CUSTOM_RAND_GENERATE)
- #include "stdlib.h"
- #warning "potential for not enough entropy, currently being used for testing Deos"
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- int i;
- int seed = XTIME(0);
- (void)os;
- for (i = 0; i < sz; i++ ) {
- output[i] = rand_r(&seed) % 256;
- if ((i % 8) == 7) {
- seed = XTIME(0);
- rand_r(&seed);
- }
- }
- return 0;
- }
- #elif defined(WOLFSSL_VXWORKS)
- #ifdef WOLFSSL_VXWORKS_6_x
- #include "stdlib.h"
- #warning "potential for not enough entropy, currently being used for testing"
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- int i;
- unsigned int seed = (unsigned int)XTIME(0);
- (void)os;
- for (i = 0; i < sz; i++ ) {
- output[i] = rand_r(&seed) % 256;
- if ((i % 8) == 7) {
- seed = (unsigned int)XTIME(0);
- rand_r(&seed);
- }
- }
- return 0;
- }
- #else
- #include <randomNumGen.h>
- #include <tickLib.h>
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) {
- STATUS status = ERROR;
- RANDOM_NUM_GEN_STATUS r_status = RANDOM_NUM_GEN_ERROR;
- _Vx_ticks_t seed = 0;
- #ifdef VXWORKS_SIM
- /* cannot generate true entropy with VxWorks simulator */
- #warning "not enough entropy, simulator for testing only"
- int i = 0;
- for (i = 0; i < 1000; i++) {
- randomAddTimeStamp();
- }
- #endif
- /*
- wolfSSL can request 52 Bytes of random bytes. We need to add
- buffer to the entropy pool to ensure we can get more than 32 Bytes.
- Because VxWorks has entropy limits (ENTROPY_MIN and ENTROPY_MAX)
- defined as 256 and 1024 bits, see randomSWNumGenLib.c.
- randStatus() can return the following status:
- RANDOM_NUM_GEN_NO_ENTROPY when entropy is 0
- RANDOM_NUM_GEN_ERROR, entropy is not initialized
- RANDOM_NUM_GEN_NOT_ENOUGH_ENTROPY if entropy < 32 Bytes
- RANDOM_NUM_GEN_ENOUGH_ENTROPY if entropy is between 32 and 128 Bytes
- RANDOM_NUM_GEN_MAX_ENTROPY if entropy is greater than 128 Bytes
- */
- do {
- seed = tickGet();
- status = randAdd(&seed, sizeof(_Vx_ticks_t), 2);
- if (status == OK)
- r_status = randStatus();
- } while (r_status != RANDOM_NUM_GEN_MAX_ENTROPY &&
- r_status != RANDOM_NUM_GEN_ERROR && status == OK);
- if (r_status == RANDOM_NUM_GEN_ERROR)
- return RNG_FAILURE_E;
- status = randBytes (output, sz);
- if (status == ERROR) {
- return RNG_FAILURE_E;
- }
- return 0;
- }
- #endif
- #elif defined(WOLFSSL_NRF51) || defined(WOLFSSL_NRF5x)
- #include "app_error.h"
- #include "nrf_drv_rng.h"
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- int remaining = sz, length, pos = 0;
- word32 err_code;
- byte available;
- static byte initialized = 0;
- (void)os;
- /* Make sure RNG is running */
- if (!initialized) {
- err_code = nrf_drv_rng_init(NULL);
- if (err_code != NRF_SUCCESS && err_code != NRF_ERROR_INVALID_STATE
- #ifdef NRF_ERROR_MODULE_ALREADY_INITIALIZED
- && err_code != NRF_ERROR_MODULE_ALREADY_INITIALIZED
- #endif
- ) {
- return -1;
- }
- initialized = 1;
- }
- while (remaining > 0) {
- available = 0;
- nrf_drv_rng_bytes_available(&available); /* void func */
- length = (remaining < available) ? remaining : available;
- if (length > 0) {
- err_code = nrf_drv_rng_rand(&output[pos], length);
- if (err_code != NRF_SUCCESS) {
- break;
- }
- remaining -= length;
- pos += length;
- }
- }
- return (err_code == NRF_SUCCESS) ? 0 : -1;
- }
- #elif defined(HAVE_WNR)
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- if (os == NULL || output == NULL || wnr_ctx == NULL ||
- wnr_timeout < 0) {
- return BAD_FUNC_ARG;
- }
- if (wnr_mutex_init == 0) {
- WOLFSSL_MSG("netRandom context must be created before use");
- return RNG_FAILURE_E;
- }
- if (wc_LockMutex(&wnr_mutex) != 0) {
- WOLFSSL_MSG("Bad Lock Mutex wnr_mutex");
- return BAD_MUTEX_E;
- }
- if (wnr_get_entropy(wnr_ctx, wnr_timeout, output, sz, sz) !=
- WNR_ERROR_NONE)
- return RNG_FAILURE_E;
- wc_UnLockMutex(&wnr_mutex);
- return 0;
- }
- #elif defined(INTIME_RTOS)
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- uint32_t randval;
- word32 len;
- if (output == NULL) {
- return BUFFER_E;
- }
- #ifdef INTIMEVER
- /* If INTIMEVER exists then it is INTIME RTOS v6 or later */
- #define INTIME_RAND_FUNC arc4random
- len = 4;
- #else
- /* v5 and older */
- #define INTIME_RAND_FUNC rand
- srand(time(0));
- len = 2; /* don't use all 31 returned bits */
- #endif
- while (sz > 0) {
- if (sz < len)
- len = sz;
- randval = INTIME_RAND_FUNC();
- XMEMCPY(output, &randval, len);
- output += len;
- sz -= len;
- }
- (void)os;
- return 0;
- }
- #elif defined(WOLFSSL_WICED)
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- int ret;
- (void)os;
- if (output == NULL || UINT16_MAX < sz) {
- return BUFFER_E;
- }
- if ((ret = wiced_crypto_get_random((void*) output, sz) )
- != WICED_SUCCESS) {
- return ret;
- }
- return ret;
- }
- #elif defined(WOLFSSL_NETBURNER)
- #warning using NetBurner pseudo random GetRandomByte for seed
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- word32 i;
- (void)os;
- if (output == NULL) {
- return BUFFER_E;
- }
- for (i = 0; i < sz; i++) {
- output[i] = GetRandomByte();
- /* check if was a valid random number */
- if (!RandomValid())
- return RNG_FAILURE_E;
- }
- return 0;
- }
- #elif defined(IDIRECT_DEV_RANDOM)
- extern int getRandom( int sz, unsigned char *output );
- int GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- int num_bytes_returned = 0;
- num_bytes_returned = getRandom( (int) sz, (unsigned char *) output );
- return 0;
- }
- #elif (defined(WOLFSSL_IMX6_CAAM) || defined(WOLFSSL_IMX6_CAAM_RNG) || \
- defined(WOLFSSL_SECO_CAAM) || defined(WOLFSSL_QNX_CAAM))
- #include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- unsigned int args[4] = {0};
- CAAM_BUFFER buf[1];
- int ret = 0;
- int times = 1000, i; /* 1000 is an arbitrary number chosen */
- word32 idx = 0;
- (void)os;
- if (output == NULL) {
- return BUFFER_E;
- }
- /* Check Waiting to make sure entropy is ready */
- for (i = 0; i < times; i++) {
- buf[0].BufferType = DataBuffer | LastBuffer;
- buf[0].TheAddress = (CAAM_ADDRESS)(output + idx);
- buf[0].Length = ((sz - idx) < WC_CAAM_MAX_ENTROPY)?
- sz - idx : WC_CAAM_MAX_ENTROPY;
- args[0] = buf[0].Length;
- ret = wc_caamAddAndWait(buf, 1, args, CAAM_ENTROPY);
- if (ret == 0) {
- idx += buf[0].Length;
- if (idx == sz)
- break;
- }
- /* driver could be waiting for entropy */
- if (ret != RAN_BLOCK_E && ret != 0) {
- return ret;
- }
- usleep(100);
- }
- if (i == times && ret != 0) {
- return RNG_FAILURE_E;
- }
- else { /* Success case */
- ret = 0;
- }
- return ret;
- }
- #elif defined(WOLFSSL_APACHE_MYNEWT)
- #include <stdlib.h>
- #include "os/os_time.h"
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- int i;
- srand(os_time_get());
- for (i = 0; i < sz; i++ ) {
- output[i] = rand() % 256;
- if ((i % 8) == 7) {
- srand(os_time_get());
- }
- }
- return 0;
- }
- #elif defined(WOLFSSL_ESPIDF)
- /* Espressif */
- #if defined(WOLFSSL_ESPWROOM32) || defined(WOLFSSL_ESPWROOM32SE)
- /* Espressif ESP32 */
- #include <esp_system.h>
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- word32 rand;
- while (sz > 0) {
- word32 len = sizeof(rand);
- if (sz < len)
- len = sz;
- /* Get one random 32-bit word from hw RNG */
- rand = esp_random( );
- XMEMCPY(output, &rand, len);
- output += len;
- sz -= len;
- }
- return 0;
- }
- #elif defined(WOLFSSL_ESP8266)
- /* Espressif ESP8266 */
- #include <esp_system.h>
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- word32 rand;
- while (sz > 0) {
- word32 len = sizeof(rand);
- if (sz < len)
- len = sz;
- /* Get one random 32-bit word from hw RNG */
- rand = esp_random( );
- XMEMCPY(output, &rand, len);
- output += len;
- sz -= len;
- }
- return 0;
- }
- #endif /* end WOLFSSL_ESPWROOM32 */
- #elif defined(WOLFSSL_LINUXKM)
- #include <linux/random.h>
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- (void)os;
- get_random_bytes(output, sz);
- return 0;
- }
- #elif defined(WOLFSSL_RENESAS_TSIP)
- #if defined(WOLFSSL_RENESA_TSIP_IAREWRX)
- #include "r_bsp/mcu/all/r_rx_compiler.h"
- #endif
- #include "r_bsp/platform.h"
- #include "r_tsip_rx_if.h"
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- int ret = 0;
- word32 buffer[4];
- while (sz > 0) {
- word32 len = sizeof(buffer);
- if (sz < len) {
- len = sz;
- }
- /* return 4 words random number*/
- ret = R_TSIP_GenerateRandomNumber((uint32_t*)buffer);
- if(ret == TSIP_SUCCESS) {
- XMEMCPY(output, &buffer, len);
- output += len;
- sz -= len;
- } else
- return ret;
- }
- return ret;
- }
- #elif defined(WOLFSSL_RENESAS_SCEPROTECT)
- #include "r_sce.h"
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- int ret = 0;
- word32 buffer[4];
- while (sz > 0) {
- word32 len = sizeof(buffer);
- if (sz < len) {
- len = sz;
- }
- /* return 4 words random number*/
- ret = R_SCE_RandomNumberGenerate(buffer);
- if(ret == FSP_SUCCESS) {
- XMEMCPY(output, &buffer, len);
- output += len;
- sz -= len;
- } else
- return ret;
- }
- return ret;
- }
- #elif defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_TRNG)
- #include "hal_data.h"
- #ifndef WOLFSSL_SCE_TRNG_HANDLE
- #define WOLFSSL_SCE_TRNG_HANDLE g_sce_trng
- #endif
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- word32 ret;
- word32 blocks;
- word32 len = sz;
- ret = WOLFSSL_SCE_TRNG_HANDLE.p_api->open(WOLFSSL_SCE_TRNG_HANDLE.p_ctrl,
- WOLFSSL_SCE_TRNG_HANDLE.p_cfg);
- if (ret != SSP_SUCCESS && ret != SSP_ERR_CRYPTO_ALREADY_OPEN) {
- /* error opening TRNG driver */
- return -1;
- }
- blocks = sz / sizeof(word32);
- if (blocks > 0) {
- ret = WOLFSSL_SCE_TRNG_HANDLE.p_api->read(WOLFSSL_SCE_TRNG_HANDLE.p_ctrl,
- (word32*)output, blocks);
- if (ret != SSP_SUCCESS) {
- return -1;
- }
- }
- len = len - (blocks * sizeof(word32));
- if (len > 0) {
- word32 tmp;
- if (len > sizeof(word32)) {
- return -1;
- }
- ret = WOLFSSL_SCE_TRNG_HANDLE.p_api->read(WOLFSSL_SCE_TRNG_HANDLE.p_ctrl,
- (word32*)&tmp, 1);
- if (ret != SSP_SUCCESS) {
- return -1;
- }
- XMEMCPY(output + (blocks * sizeof(word32)), (byte*)&tmp, len);
- }
- ret = WOLFSSL_SCE_TRNG_HANDLE.p_api->close(WOLFSSL_SCE_TRNG_HANDLE.p_ctrl);
- if (ret != SSP_SUCCESS) {
- /* error opening TRNG driver */
- return -1;
- }
- return 0;
- }
- #elif defined(CUSTOM_RAND_GENERATE_BLOCK)
- /* #define CUSTOM_RAND_GENERATE_BLOCK myRngFunc
- * extern int myRngFunc(byte* output, word32 sz);
- */
- #elif defined(WOLFSSL_SAFERTOS) || defined(WOLFSSL_LEANPSK) || \
- defined(WOLFSSL_IAR_ARM) || defined(WOLFSSL_MDK_ARM) || \
- defined(WOLFSSL_uITRON4) || defined(WOLFSSL_uTKERNEL2) || \
- defined(WOLFSSL_LPC43xx) || defined(NO_STM32_RNG) || \
- defined(MBED) || defined(WOLFSSL_EMBOS) || \
- defined(WOLFSSL_GENSEED_FORTEST) || defined(WOLFSSL_CHIBIOS) || \
- defined(WOLFSSL_CONTIKI) || defined(WOLFSSL_AZSPHERE)
- /* these platforms do not have a default random seed and
- you'll need to implement your own wc_GenerateSeed or define via
- CUSTOM_RAND_GENERATE_BLOCK */
- #define USE_TEST_GENSEED
- #elif defined(WOLFSSL_ZEPHYR)
- #include <random/rand32.h>
- #ifndef _POSIX_C_SOURCE
- #include <posix/time.h>
- #else
- #include <sys/time.h>
- #endif
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- sys_rand_get(output, sz);
- return 0;
- }
- #elif defined(WOLFSSL_TELIT_M2MB)
- #include "stdlib.h"
- static long get_timestamp(void) {
- long myTime = 0;
- INT32 fd = m2mb_rtc_open("/dev/rtc0", 0);
- if (fd >= 0) {
- M2MB_RTC_TIMEVAL_T timeval;
- m2mb_rtc_ioctl(fd, M2MB_RTC_IOCTL_GET_TIMEVAL, &timeval);
- myTime = timeval.msec;
- m2mb_rtc_close(fd);
- }
- return myTime;
- }
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- int i;
- srand(get_timestamp());
- for (i = 0; i < sz; i++ ) {
- output[i] = rand() % 256;
- if ((i % 8) == 7) {
- srand(get_timestamp());
- }
- }
- return 0;
- }
- #elif defined(WOLFSSL_SE050)
- #include <wolfssl/wolfcrypt/port/nxp/se050_port.h>
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz){
- int ret = 0;
- (void)os;
- if (output == NULL) {
- return BUFFER_E;
- }
- ret = wolfSSL_CryptHwMutexLock();
- if (ret == 0) {
- ret = se050_get_random_number(sz, output);
- wolfSSL_CryptHwMutexUnLock();
- }
- return ret;
- }
- #elif defined(DOLPHIN_EMULATOR)
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- word32 i;
- (void)os;
- srand(time(NULL));
- for (i = 0; i < sz; i++)
- output[i] = (byte)rand();
- return 0;
- }
- #elif defined(WOLFSSL_GETRANDOM)
- /* getrandom() was added to the Linux kernel in version 3.17.
- * Added to glibc in version 2.25. */
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- int ret = 0;
- int len = 0;
- (void)os;
- while (sz) {
- errno = 0;
- len = (int)getrandom(output, sz, 0);
- if (len == -1) {
- if (errno == EINTR) {
- /* interrupted, call getrandom again */
- continue;
- }
- else {
- ret = READ_RAN_E;
- }
- break;
- }
- sz -= len;
- output += len;
- }
- return ret;
- }
- #elif defined(NO_DEV_RANDOM)
- #error "you need to write an os specific wc_GenerateSeed() here"
- /*
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- return 0;
- }
- */
- #else
- /* may block */
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- int ret = 0;
- if (os == NULL) {
- return BAD_FUNC_ARG;
- }
- #ifdef WOLF_CRYPTO_CB
- if (os->devId != INVALID_DEVID) {
- ret = wc_CryptoCb_RandomSeed(os, output, sz);
- if (ret != CRYPTOCB_UNAVAILABLE)
- return ret;
- /* fall-through when unavailable */
- ret = 0; /* reset error code */
- }
- #endif
- #if defined(HAVE_INTEL_RDSEED) || defined(HAVE_AMD_RDSEED)
- if (IS_INTEL_RDSEED(intel_flags)) {
- ret = wc_GenerateSeed_IntelRD(NULL, output, sz);
- if (ret == 0) {
- /* success, we're done */
- return ret;
- }
- #ifdef FORCE_FAILURE_RDSEED
- /* don't fallback to /dev/urandom */
- return ret;
- #else
- /* reset error and fallback to using /dev/urandom */
- ret = 0;
- #endif
- }
- #endif /* HAVE_INTEL_RDSEED || HAVE_AMD_RDSEED */
- #ifndef NO_DEV_URANDOM /* way to disable use of /dev/urandom */
- os->fd = open("/dev/urandom", O_RDONLY);
- if (os->fd == -1)
- #endif
- {
- /* may still have /dev/random */
- os->fd = open("/dev/random", O_RDONLY);
- if (os->fd == -1)
- return OPEN_RAN_E;
- }
- while (sz) {
- int len = (int)read(os->fd, output, sz);
- if (len == -1) {
- ret = READ_RAN_E;
- break;
- }
- sz -= len;
- output += len;
- if (sz) {
- #if defined(BLOCKING) || defined(WC_RNG_BLOCKING)
- sleep(0); /* context switch */
- #else
- ret = RAN_BLOCK_E;
- break;
- #endif
- }
- }
- close(os->fd);
- return ret;
- }
- #endif
- #ifdef USE_TEST_GENSEED
- #ifndef _MSC_VER
- #warning "write a real random seed!!!!, just for testing now"
- #else
- #pragma message("Warning: write a real random seed!!!!, just for testing now")
- #endif
- int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
- {
- word32 i;
- for (i = 0; i < sz; i++ )
- output[i] = i;
- (void)os;
- return 0;
- }
- #endif
- /* End wc_GenerateSeed */
- #if defined(CUSTOM_RAND_GENERATE_BLOCK) && defined(WOLFSSL_KCAPI)
- #include <fcntl.h>
- int wc_hwrng_generate_block(byte *output, word32 sz)
- {
- int fd;
- int len;
- int ret = 0;
- fd = open("/dev/hwrng", O_RDONLY);
- if (fd == -1)
- return OPEN_RAN_E;
- while(sz)
- {
- len = (int)read(fd, output, sz);
- if (len == -1)
- {
- ret = READ_RAN_E;
- break;
- }
- sz -= len;
- output += len;
- }
- close(fd);
- return ret;
- }
- #endif
- #endif /* WC_NO_RNG */
- #endif /* HAVE_FIPS */
|