1 /*
2 * Platform-specific and custom entropy polling functions
3 *
4 * Copyright The Mbed TLS Contributors
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 */
19
20 #if defined(__linux__) && !defined(_GNU_SOURCE)
21 /* Ensure that syscall() is available even when compiling with -std=c99 */
22 #define _GNU_SOURCE
23 #endif
24
25 #include "common.h"
26
27 #include <string.h>
28
29 #if defined(MBEDTLS_ENTROPY_C)
30
31 #include "mbedtls/entropy.h"
32 #include "mbedtls/entropy_poll.h"
33 #include "mbedtls/error.h"
34
35 #if defined(MBEDTLS_TIMING_C)
36 #include "mbedtls/timing.h"
37 #endif
38 #if defined(MBEDTLS_HAVEGE_C)
39 #include "mbedtls/havege.h"
40 #endif
41 #if defined(MBEDTLS_ENTROPY_NV_SEED)
42 #include "mbedtls/platform.h"
43 #endif
44
45 #if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
46
47 #if !defined(unix) && !defined(__unix__) && !defined(__unix) && \
48 !defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) && \
49 !defined(__HAIKU__) && !defined(__midipix__)
50 #error "Platform entropy sources only work on Unix and Windows, see MBEDTLS_NO_PLATFORM_ENTROPY in config.h"
51 #endif
52
53 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
54
55 #if !defined(_WIN32_WINNT)
56 #define _WIN32_WINNT 0x0400
57 #endif
58 #include <windows.h>
59 #include <wincrypt.h>
60
mbedtls_platform_entropy_poll(void * data,unsigned char * output,size_t len,size_t * olen)61 int mbedtls_platform_entropy_poll( void *data, unsigned char *output, size_t len,
62 size_t *olen )
63 {
64 HCRYPTPROV provider;
65 ((void) data);
66 *olen = 0;
67
68 if( CryptAcquireContext( &provider, NULL, NULL,
69 PROV_RSA_FULL, CRYPT_VERIFYCONTEXT ) == FALSE )
70 {
71 return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
72 }
73
74 if( CryptGenRandom( provider, (DWORD) len, output ) == FALSE )
75 {
76 CryptReleaseContext( provider, 0 );
77 return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
78 }
79
80 CryptReleaseContext( provider, 0 );
81 *olen = len;
82
83 return( 0 );
84 }
85 #else /* _WIN32 && !EFIX64 && !EFI32 */
86
87 /*
88 * Test for Linux getrandom() support.
89 * Since there is no wrapper in the libc yet, use the generic syscall wrapper
90 * available in GNU libc and compatible libc's (eg uClibc).
91 */
92 #if ((defined(__linux__) && defined(__GLIBC__)) || defined(__midipix__))
93 #include <unistd.h>
94 #include <sys/syscall.h>
95 #if defined(SYS_getrandom)
96 #define HAVE_GETRANDOM
97 #include <errno.h>
98
getrandom_wrapper(void * buf,size_t buflen,unsigned int flags)99 static int getrandom_wrapper( void *buf, size_t buflen, unsigned int flags )
100 {
101 /* MemSan cannot understand that the syscall writes to the buffer */
102 #if defined(__has_feature)
103 #if __has_feature(memory_sanitizer)
104 memset( buf, 0, buflen );
105 #endif
106 #endif
107 return( syscall( SYS_getrandom, buf, buflen, flags ) );
108 }
109 #endif /* SYS_getrandom */
110 #endif /* __linux__ || __midipix__ */
111
112 #if defined(__FreeBSD__) || defined(__DragonFly__)
113 #include <sys/param.h>
114 #if (defined(__FreeBSD__) && __FreeBSD_version >= 1200000) || \
115 (defined(__DragonFly__) && __DragonFly_version >= 500700)
116 #include <errno.h>
117 #include <sys/random.h>
118 #define HAVE_GETRANDOM
getrandom_wrapper(void * buf,size_t buflen,unsigned int flags)119 static int getrandom_wrapper( void *buf, size_t buflen, unsigned int flags )
120 {
121 return getrandom( buf, buflen, flags );
122 }
123 #endif /* (__FreeBSD__ && __FreeBSD_version >= 1200000) ||
124 (__DragonFly__ && __DragonFly_version >= 500700) */
125 #endif /* __FreeBSD__ || __DragonFly__ */
126
127 /*
128 * Some BSD systems provide KERN_ARND.
129 * This is equivalent to reading from /dev/urandom, only it doesn't require an
130 * open file descriptor, and provides up to 256 bytes per call (basically the
131 * same as getentropy(), but with a longer history).
132 *
133 * Documentation: https://netbsd.gw.com/cgi-bin/man-cgi?sysctl+7
134 */
135 #if (defined(__FreeBSD__) || defined(__NetBSD__)) && !defined(HAVE_GETRANDOM)
136 #include <sys/param.h>
137 #include <sys/sysctl.h>
138 #if defined(KERN_ARND)
139 #define HAVE_SYSCTL_ARND
140
sysctl_arnd_wrapper(unsigned char * buf,size_t buflen)141 static int sysctl_arnd_wrapper( unsigned char *buf, size_t buflen )
142 {
143 int name[2];
144 size_t len;
145
146 name[0] = CTL_KERN;
147 name[1] = KERN_ARND;
148
149 while( buflen > 0 )
150 {
151 len = buflen > 256 ? 256 : buflen;
152 if( sysctl(name, 2, buf, &len, NULL, 0) == -1 )
153 return( -1 );
154 buflen -= len;
155 buf += len;
156 }
157 return( 0 );
158 }
159 #endif /* KERN_ARND */
160 #endif /* __FreeBSD__ || __NetBSD__ */
161
162 #include <stdio.h>
163
mbedtls_platform_entropy_poll(void * data,unsigned char * output,size_t len,size_t * olen)164 int mbedtls_platform_entropy_poll( void *data,
165 unsigned char *output, size_t len, size_t *olen )
166 {
167 FILE *file;
168 size_t read_len;
169 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
170 ((void) data);
171
172 #if defined(HAVE_GETRANDOM)
173 ret = getrandom_wrapper( output, len, 0 );
174 if( ret >= 0 )
175 {
176 *olen = ret;
177 return( 0 );
178 }
179 else if( errno != ENOSYS )
180 return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
181 /* Fall through if the system call isn't known. */
182 #else
183 ((void) ret);
184 #endif /* HAVE_GETRANDOM */
185
186 #if defined(HAVE_SYSCTL_ARND)
187 ((void) file);
188 ((void) read_len);
189 if( sysctl_arnd_wrapper( output, len ) == -1 )
190 return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
191 *olen = len;
192 return( 0 );
193 #else
194
195 *olen = 0;
196
197 file = fopen( "/dev/urandom", "rb" );
198 if( file == NULL )
199 return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
200
201 read_len = fread( output, 1, len, file );
202 if( read_len != len )
203 {
204 fclose( file );
205 return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
206 }
207
208 fclose( file );
209 *olen = len;
210
211 return( 0 );
212 #endif /* HAVE_SYSCTL_ARND */
213 }
214 #endif /* _WIN32 && !EFIX64 && !EFI32 */
215 #endif /* !MBEDTLS_NO_PLATFORM_ENTROPY */
216
217 #if defined(MBEDTLS_TEST_NULL_ENTROPY)
mbedtls_null_entropy_poll(void * data,unsigned char * output,size_t len,size_t * olen)218 int mbedtls_null_entropy_poll( void *data,
219 unsigned char *output, size_t len, size_t *olen )
220 {
221 ((void) data);
222 ((void) output);
223
224 *olen = 0;
225 if( len < sizeof(unsigned char) )
226 return( 0 );
227
228 output[0] = 0;
229 *olen = sizeof(unsigned char);
230 return( 0 );
231 }
232 #endif
233
234 #if defined(MBEDTLS_TIMING_C)
mbedtls_hardclock_poll(void * data,unsigned char * output,size_t len,size_t * olen)235 int mbedtls_hardclock_poll( void *data,
236 unsigned char *output, size_t len, size_t *olen )
237 {
238 unsigned long timer = mbedtls_timing_hardclock();
239 ((void) data);
240 *olen = 0;
241
242 if( len < sizeof(unsigned long) )
243 return( 0 );
244
245 memcpy( output, &timer, sizeof(unsigned long) );
246 *olen = sizeof(unsigned long);
247
248 return( 0 );
249 }
250 #endif /* MBEDTLS_TIMING_C */
251
252 #if defined(MBEDTLS_HAVEGE_C)
mbedtls_havege_poll(void * data,unsigned char * output,size_t len,size_t * olen)253 int mbedtls_havege_poll( void *data,
254 unsigned char *output, size_t len, size_t *olen )
255 {
256 mbedtls_havege_state *hs = (mbedtls_havege_state *) data;
257 *olen = 0;
258
259 if( mbedtls_havege_random( hs, output, len ) != 0 )
260 return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
261
262 *olen = len;
263
264 return( 0 );
265 }
266 #endif /* MBEDTLS_HAVEGE_C */
267
268 #if defined(MBEDTLS_ENTROPY_NV_SEED)
mbedtls_nv_seed_poll(void * data,unsigned char * output,size_t len,size_t * olen)269 int mbedtls_nv_seed_poll( void *data,
270 unsigned char *output, size_t len, size_t *olen )
271 {
272 unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
273 size_t use_len = MBEDTLS_ENTROPY_BLOCK_SIZE;
274 ((void) data);
275
276 memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );
277
278 if( mbedtls_nv_seed_read( buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) < 0 )
279 return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
280
281 if( len < use_len )
282 use_len = len;
283
284 memcpy( output, buf, use_len );
285 *olen = use_len;
286
287 return( 0 );
288 }
289 #endif /* MBEDTLS_ENTROPY_NV_SEED */
290
291 #endif /* MBEDTLS_ENTROPY_C */
292