Add a concept of entropy source strength.

The main goal is, we want and error if cycle counter is the only source.
2015-06-19 10:26:32 +02:00 · 2015-06-19 10:26:32 +02:00 · 7580ba475d
commit 7580ba475d
parent 3f77dfbd52
5 changed files with 47 additions and 19 deletions
--- a/include/mbedtls/entropy.h
+++ b/include/mbedtls/entropy.h
@ -53,7 +53,8 @@
 #define MBEDTLS_ERR_ENTROPY_SOURCE_FAILED                 -0x003C  /**< Critical entropy source failure. */
 #define MBEDTLS_ERR_ENTROPY_MAX_SOURCES                   -0x003E  /**< No more sources can be added. */
 #define MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED            -0x0040  /**< No sources have been added to poll. */
-#define MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR                 -0x0058  /**< Read/write error in file. */
+#define MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE              -0x003D  /**< No strong sources have been added to poll. */
+#define MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR                 -0x003F  /**< Read/write error in file. */

 /**
 * \name SECTION: Module settings
@ -82,6 +83,9 @@
 #define MBEDTLS_ENTROPY_MAX_SEED_SIZE   1024    /**< Maximum size of seed we read from seed file */
 #define MBEDTLS_ENTROPY_SOURCE_MANUAL   MBEDTLS_ENTROPY_MAX_SOURCES

+#define MBEDTLS_ENTROPY_SOURCE_STRONG   1       /**< Entropy source is strong   */
+#define MBEDTLS_ENTROPY_SOURCE_WEAK     0       /**< Entropy source is weak     */
+
 #ifdef __cplusplus
 extern "C" {
 #endif
@ -109,6 +113,7 @@ typedef struct
    void *          p_source;   /**< The callback data pointer */
    size_t          size;       /**< Amount received in bytes */
    size_t          threshold;  /**< Minimum bytes required before release */
+    int             strong;     /**< Is the source strong? */
 }
 mbedtls_entropy_source_state;

@ -156,12 +161,17 @@ void mbedtls_entropy_free( mbedtls_entropy_context *ctx );
 * \param p_source  Function data
 * \param threshold Minimum required from source before entropy is released
 *                  ( with mbedtls_entropy_func() ) (in bytes)
+ * \param strong    MBEDTLS_ENTROPY_SOURCE_STRONG or
+ *                  MBEDTSL_ENTROPY_SOURCE_WEAK.
+ *                  At least one strong source needs to be added.
+ *                  Weaker sources (such as the cycle counter) can be used as
+ *                  a complement.
 *
 * \return          0 if successful or MBEDTLS_ERR_ENTROPY_MAX_SOURCES
 */
 int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx,
                        mbedtls_entropy_f_source_ptr f_source, void *p_source,
-                        size_t threshold );
+                        size_t threshold, int strong );

 /**
 * \brief           Trigger an extra gather poll for the accumulator
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@ -61,9 +61,8 @@
 * PADLOCK   1  0x0030-0x0030
 * DES       1  0x0032-0x0032
 * CTR_DBRG  4  0x0034-0x003A
- * ENTROPY   3  0x003C-0x0040
+ * ENTROPY   3  0x003C-0x0040   0x003D-0x003F
 * NET       9  0x0042-0x0052   0x0043-0x0043
- * ENTROPY   1  0x0058-0x0058
 * ASN1      7  0x0060-0x006C
 * PBKDF2    1  0x007C-0x007C
 * HMAC_DRBG 4  0x0003-0x0009