feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Add callback option for RNG seeding.

Browse Source
This commit is contained in:
John Safranek
2021-03-09 10:43:26 -08:00
committed by Daniel Pouzzner
parent bffe4f64dd
commit c47e354eed
5 changed files with 110 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
configure.ac
View File

@ -3373,7 +3373,7 @@ AS_CASE([$FIPS_VERSION],
AS_IF([test "x$ENABLED_AESGCM" = "xno"], AS_IF([test "x$ENABLED_AESGCM" = "xno"],
[ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"]) [ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"])
AS_IF([test "x$ENABLED_MD5" = "xyes"],[ENABLED_MD5="no"; ENABLED_OLD_TLS="no"; AM_CFLAGS="$AM_CFLAGS -DNO_MD5 -DNO_OLD_TLS"]) AS_IF([test "x$ENABLED_MD5" = "xyes"],[ENABLED_MD5="no"; ENABLED_OLD_TLS="no"; AM_CFLAGS="$AM_CFLAGS -DNO_MD5 -DNO_OLD_TLS"])
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ECDSA_SET_K" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ECDSA_SET_K -DWC_RNG_SEED_CB"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q"
AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_3072 -DHAVE_FFDHE_4096 -DHAVE_FFDHE_6144 -DHAVE_FFDHE_8192 -DFP_MAX_BITS=16384" AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_3072 -DHAVE_FFDHE_4096 -DHAVE_FFDHE_6144 -DHAVE_FFDHE_8192 -DFP_MAX_BITS=16384"
], ],

24
wolfcrypt/src/random.c
View File

@ -289,6 +289,19 @@ int wc_RNG_GenerateByte(WC_RNG* rng, byte* b)
#define MAX_SEED_SZ (SEED_SZ + SEED_SZ/2 + SEED_BLOCK_SZ) #define MAX_SEED_SZ (SEED_SZ + SEED_SZ/2 + SEED_BLOCK_SZ)
#ifdef WC_RNG_SEED_CB
static wc_RngSeed_Cb seedCb = NULL;
int wc_SetSeed_Cb(wc_RngSeed_Cb cb)
{
seedCb = cb;
return 0;
}
#endif
/* Internal return codes */ /* Internal return codes */
#define DRBG_SUCCESS 0 #define DRBG_SUCCESS 0
#define DRBG_FAILURE 1 #define DRBG_FAILURE 1
@ -806,7 +819,18 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
rng->drbg = (struct DRBG*)&rng->drbg_data; rng->drbg = (struct DRBG*)&rng->drbg_data;
#endif #endif
if (ret == 0) { if (ret == 0) {
ret = -1;
#ifdef WC_RNG_SEED_CB
if (seedCb != NULL) {
ret = seedCb(seed, seedSz);
}
#endif
if (ret < 0) {
ret = wc_GenerateSeed(&rng->seed, seed, seedSz); ret = wc_GenerateSeed(&rng->seed, seed, seedSz);
}
if (ret == 0) if (ret == 0)
ret = wc_RNG_TestSeed(seed, seedSz); ret = wc_RNG_TestSeed(seed, seedSz);
else { else {

77
wolfcrypt/test/test.c
View File

@ -11666,6 +11666,76 @@ static int random_rng_test(void)
#if defined(HAVE_HASHDRBG) && !defined(CUSTOM_RAND_GENERATE_BLOCK) #if defined(HAVE_HASHDRBG) && !defined(CUSTOM_RAND_GENERATE_BLOCK)
#ifdef WC_RNG_SEED_CB
static int seed_cb(byte* output, word32 sz)
{
word32 i;
/* Known answer test. Set the seed to the same value every time. */
for (i = 0; i < sz; i++)
output[i] = (byte)i;
return 0;
}
static int rng_seed_test(void)
{
#ifndef HAVE_FIPS
WOLFSSL_SMALL_STACK_STATIC const byte check[] =
{
0x83, 0x46, 0x65, 0x2f, 0x5c, 0x44, 0x16, 0x5f,
0xb3, 0x89, 0x26, 0xde, 0x0b, 0x6b, 0xa2, 0x06,
0x7e, 0xa7, 0x9a, 0x55, 0x22, 0x01, 0xb0, 0x22,
0xf4, 0x7e, 0xa2, 0x66, 0xc4, 0x08, 0x6f, 0xba
};
#else
/* FIPS uses a longer seed, so different check value. */
WOLFSSL_SMALL_STACK_STATIC const byte check[] =
{
0xaf, 0x31, 0xcc, 0xef, 0xa9, 0x29, 0x4c, 0x24,
0xbd, 0xa5, 0xa3, 0x52, 0x69, 0xf3, 0xb9, 0xb2,
0x1e, 0xd4, 0x52, 0x3b, 0x9a, 0x96, 0x06, 0x20,
0xc0, 0x5f, 0x44, 0x06, 0x1f, 0x80, 0xdf, 0xe0
};
#endif
byte output[WC_SHA256_DIGEST_SIZE];
WC_RNG rng;
int ret;
ret = wc_SetSeed_Cb(seed_cb);
if (ret != 0) {
ret = -7007;
goto exit;
}
ret = wc_InitRng(&rng);
if (ret != 0) {
ret = -7008;
goto exit;
}
ret = wc_RNG_GenerateBlock(&rng, output, sizeof(output));
if (ret != 0) {
ret = -7009;
goto exit;
}
ret = XMEMCMP(output, check, sizeof(output));
if (ret != 0) {
ret = -7010;
goto exit;
}
ret = wc_FreeRng(&rng);
if (ret != 0) {
ret = -7011;
goto exit;
}
ret = wc_SetSeed_Cb(NULL);
if (ret != 0) {
ret = -7012;
}
exit:
return ret;
}
#endif
WOLFSSL_TEST_SUBROUTINE int random_test(void) WOLFSSL_TEST_SUBROUTINE int random_test(void)
{ {
WOLFSSL_SMALL_STACK_STATIC const byte test1Entropy[] = WOLFSSL_SMALL_STACK_STATIC const byte test1Entropy[] =
@ -11771,6 +11841,13 @@ WOLFSSL_TEST_SUBROUTINE int random_test(void)
return -7006; return -7006;
} }
#endif #endif
/* Test the seed callback. */
#ifdef WC_RNG_SEED_CB
if ((ret = rng_seed_test()) != 0)
return ret;
#endif
return 0; return 0;
} }

3
wolfssl/wolfcrypt/asn_public.h
View File

@ -65,6 +65,9 @@ This library defines the interface APIs for X509 certificates.
#endif #endif
#ifndef WC_RNG_TYPE_DEFINED #ifndef WC_RNG_TYPE_DEFINED
typedef struct WC_RNG WC_RNG; typedef struct WC_RNG WC_RNG;
#ifdef WC_RNG_SEED_CB
typedef int (*wc_RngSeed_Cb)(byte* seed, word32 sz);
#endif
#define WC_RNG_TYPE_DEFINED #define WC_RNG_TYPE_DEFINED
#endif #endif
#ifndef WC_DH_TYPE_DEFINED #ifndef WC_DH_TYPE_DEFINED

5
wolfssl/wolfcrypt/random.h
View File

@ -235,7 +235,10 @@ WOLFSSL_API int wc_FreeRng(WC_RNG*);
#define wc_FreeRng(rng) (void)NOT_COMPILED_IN #define wc_FreeRng(rng) (void)NOT_COMPILED_IN
#endif #endif
#ifdef WC_RNG_SEED_CB
typedef int (*wc_RngSeed_Cb)(byte* seed, word32 sz);
WOLFSSL_API int wc_SetSeed_Cb(wc_RngSeed_Cb cb);
#endif
#ifdef HAVE_HASHDRBG #ifdef HAVE_HASHDRBG
WOLFSSL_LOCAL int wc_RNG_DRBG_Reseed(WC_RNG* rng, const byte* entropy, WOLFSSL_LOCAL int wc_RNG_DRBG_Reseed(WC_RNG* rng, const byte* entropy,