feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #1150 from kaleb-himes/HASH_DRBG_UPDATE

Browse Source 
Update HASH_DRBG Reseed mechanism and add test case
This commit is contained in:
dgarske
2017-09-20 13:15:17 -07:00
committed by GitHub
parent 1c2199be24 5777b92745
commit 2f96f1ae9f
3 changed files with 43 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
tests/api.c
View File

@ -10533,6 +10533,30 @@ static int test_tls13_apis(void)
#endif #endif
#ifdef HAVE_HASHDRBG
static int test_wc_RNG_GenerateBlock()
{
int i, ret;
WC_RNG rng;
byte key[32];
ret = wc_InitRng(&rng);
if (ret == 0) {
for(i = 0; i < WC_RESEED_INTERVAL + 10; i++) {
ret = wc_RNG_GenerateBlock(&rng, key, sizeof(key));
if (ret != 0) {
break;
}
}
}
wc_FreeRng(&rng);
return ret;
}
#endif
/*----------------------------------------------------------------------------* /*----------------------------------------------------------------------------*
| Main | Main
@ -10716,6 +10740,10 @@ void ApiTest(void)
AssertIntEQ(test_wc_DsaPublicPrivateKeyDecode(), 0); AssertIntEQ(test_wc_DsaPublicPrivateKeyDecode(), 0);
AssertIntEQ(test_wc_MakeDsaKey(), 0); AssertIntEQ(test_wc_MakeDsaKey(), 0);
AssertIntEQ(test_wc_DsaKeyToDer(), 0); AssertIntEQ(test_wc_DsaKeyToDer(), 0);
#ifdef HAVE_HASHDRBG
AssertIntEQ(test_wc_RNG_GenerateBlock(), 0);
#endif
printf(" End API Tests\n"); printf(" End API Tests\n");
} }

21
wolfcrypt/src/random.c
View File

@ -154,7 +154,7 @@ int wc_RNG_GenerateByte(WC_RNG* rng, byte* b)
#define OUTPUT_BLOCK_LEN (SHA256_DIGEST_SIZE) #define OUTPUT_BLOCK_LEN (SHA256_DIGEST_SIZE)
#define MAX_REQUEST_LEN (0x10000) #define MAX_REQUEST_LEN (0x10000)
#define RESEED_INTERVAL (1000000) #define RESEED_INTERVAL WC_RESEED_INTERVAL
#define SECURITY_STRENGTH (256) #define SECURITY_STRENGTH (256)
#define ENTROPY_SZ (SECURITY_STRENGTH/8) #define ENTROPY_SZ (SECURITY_STRENGTH/8)
#define NONCE_SZ (ENTROPY_SZ/2) #define NONCE_SZ (ENTROPY_SZ/2)
@ -408,13 +408,17 @@ static INLINE void array_add(byte* d, word32 dLen, const byte* s, word32 sLen)
/* Returns: DRBG_SUCCESS, DRBG_NEED_RESEED, or DRBG_FAILURE */ /* Returns: DRBG_SUCCESS, DRBG_NEED_RESEED, or DRBG_FAILURE */
static int Hash_DRBG_Generate(DRBG* drbg, byte* out, word32 outSz) static int Hash_DRBG_Generate(DRBG* drbg, byte* out, word32 outSz)
{ {
int ret = DRBG_NEED_RESEED; int ret;
Sha256 sha; Sha256 sha;
DECLARE_VAR(digest, byte, SHA256_DIGEST_SIZE, drbg->heap); byte type;
word32 reseedCtr;
if (drbg->reseedCtr != RESEED_INTERVAL) { if (drbg->reseedCtr == RESEED_INTERVAL) {
byte type = drbgGenerateH; return DRBG_NEED_RESEED;
word32 reseedCtr = drbg->reseedCtr; } else {
DECLARE_VAR(digest, byte, SHA256_DIGEST_SIZE, drbg->heap);
type = drbgGenerateH;
reseedCtr = drbg->reseedCtr;
ret = Hash_gen(drbg, out, outSz, drbg->V); ret = Hash_gen(drbg, out, outSz, drbg->V);
if (ret == DRBG_SUCCESS) { if (ret == DRBG_SUCCESS) {
@ -444,10 +448,9 @@ static int Hash_DRBG_Generate(DRBG* drbg, byte* out, word32 outSz)
} }
drbg->reseedCtr++; drbg->reseedCtr++;
} }
ForceZero(digest, SHA256_DIGEST_SIZE);
FREE_VAR(digest, drbg->heap);
} }
ForceZero(digest, SHA256_DIGEST_SIZE);
FREE_VAR(digest, drbg->heap);
return (ret == 0) ? DRBG_SUCCESS : DRBG_FAILURE; return (ret == 0) ? DRBG_SUCCESS : DRBG_FAILURE;
} }

3
wolfssl/wolfcrypt/random.h
View File

@ -60,6 +60,9 @@
#if !defined(WC_NO_HASHDRBG) || !defined(CUSTOM_RAND_GENERATE_BLOCK) #if !defined(WC_NO_HASHDRBG) || !defined(CUSTOM_RAND_GENERATE_BLOCK)
#undef HAVE_HASHDRBG #undef HAVE_HASHDRBG
#define HAVE_HASHDRBG #define HAVE_HASHDRBG
#ifndef WC_RESEED_INTERVAL
#define WC_RESEED_INTERVAL (1000000)
#endif
#endif #endif