eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Split mbedtls_hmac_drbg_init() -> seed{,_buf}()

Browse source
This commit is contained in:
Manuel Pégourié-Gonnard 2015-04-28 22:07:14 +02:00
parent c34e8dd265
commit f9e9481bc5
6 changed files with 53 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

1
ChangeLog
View file

@ -17,6 +17,7 @@ API Changes
been split into an _init() that returns void and another function: been split into an _init() that returns void and another function:
mbedtls_ccm_init() -> mbedtls_ccm_setkey() mbedtls_ccm_init() -> mbedtls_ccm_setkey()
mbedtls_gcm_init() -> mbedtls_gcm_setkey() mbedtls_gcm_init() -> mbedtls_gcm_setkey()
mbedtls_hmac_drbg_init() -> mbedtls_hmac_drbg_init(_buf)()
* In the threading layer, mbedtls_mutex_init() and mbedtls_mutex_free() now * In the threading layer, mbedtls_mutex_init() and mbedtls_mutex_free() now
return void. return void.
* ecdsa_write_signature() gained an addtional md_alg argument and * ecdsa_write_signature() gained an addtional md_alg argument and

21
include/mbedtls/hmac_drbg.h
View file

@ -90,9 +90,20 @@ typedef struct
} mbedtls_hmac_drbg_context; } mbedtls_hmac_drbg_context;
/** /**
* \brief HMAC_DRBG initialisation * \brief HMAC_DRBG initialization (just make references valid)
* Makes the context ready for mbetls_hmac_drbg_seed(),
* mbedtls_hmac_drbg_seed_buf() or
* mbedtls_hmac_drbg_free().
* *
* \param ctx HMAC_DRBG context to be initialised * \param ctx HMAC_DRBG context to be initialized
*/
void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx );
/**
* \brief HMAC_DRBG initial seeding
* Seed and setup entropy pool for later re-seeding.
*
* \param ctx HMAC_DRBG context to be seeded
* \param md_info MD algorithm to use for HMAC_DRBG * \param md_info MD algorithm to use for HMAC_DRBG
* \param f_entropy Entropy callback (p_entropy, buffer to fill, buffer * \param f_entropy Entropy callback (p_entropy, buffer to fill, buffer
* length) * length)
@ -110,9 +121,9 @@ typedef struct
* \return 0 if successful, or * \return 0 if successful, or
* MBEDTLS_ERR_MD_BAD_INPUT_DATA, or * MBEDTLS_ERR_MD_BAD_INPUT_DATA, or
* MBEDTLS_ERR_MD_ALLOC_FAILED, or * MBEDTLS_ERR_MD_ALLOC_FAILED, or
* MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED. * MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED.
*/ */
int mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx, int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
const mbedtls_md_info_t * md_info, const mbedtls_md_info_t * md_info,
int (*f_entropy)(void *, unsigned char *, size_t), int (*f_entropy)(void *, unsigned char *, size_t),
void *p_entropy, void *p_entropy,
@ -132,7 +143,7 @@ int mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx,
* MBEDTLS_ERR_MD_BAD_INPUT_DATA, or * MBEDTLS_ERR_MD_BAD_INPUT_DATA, or
* MBEDTLS_ERR_MD_ALLOC_FAILED. * MBEDTLS_ERR_MD_ALLOC_FAILED.
*/ */
int mbedtls_hmac_drbg_init_buf( mbedtls_hmac_drbg_context *ctx, int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx,
const mbedtls_md_info_t * md_info, const mbedtls_md_info_t * md_info,
const unsigned char *data, size_t data_len ); const unsigned char *data, size_t data_len );

4
library/ecdsa.c
View file

@ -174,13 +174,13 @@ int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
mbedtls_mpi_init( &h ); mbedtls_mpi_init( &h );
memset( &rng_ctx, 0, sizeof( mbedtls_hmac_drbg_context ) ); mbedtls_hmac_drbg_init( &rng_ctx );
/* Use private key and message hash (reduced) to initialize HMAC_DRBG */ /* Use private key and message hash (reduced) to initialize HMAC_DRBG */
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( d, data, grp_len ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( d, data, grp_len ) );
MBEDTLS_MPI_CHK( derive_mpi( grp, &h, buf, blen ) ); MBEDTLS_MPI_CHK( derive_mpi( grp, &h, buf, blen ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &h, data + grp_len, grp_len ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &h, data + grp_len, grp_len ) );
mbedtls_hmac_drbg_init_buf( &rng_ctx, md_info, data, 2 * grp_len ); mbedtls_hmac_drbg_seed_buf( &rng_ctx, md_info, data, 2 * grp_len );
ret = mbedtls_ecdsa_sign( grp, r, s, d, buf, blen, ret = mbedtls_ecdsa_sign( grp, r, s, d, buf, blen,
mbedtls_hmac_drbg_random, &rng_ctx ); mbedtls_hmac_drbg_random, &rng_ctx );

18
library/hmac_drbg.c
View file

@ -56,6 +56,14 @@ static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0; volatile unsigned char *p = v; while( n-- ) *p++ = 0;
} }
/*
* HMAC_DRBG context initialization
*/
void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx )
{
memset( ctx, 0, sizeof( mbedtls_hmac_drbg_context ) );
}
/* /*
* HMAC_DRBG update, using optional additional data (10.1.2.2) * HMAC_DRBG update, using optional additional data (10.1.2.2)
*/ */
@ -87,7 +95,7 @@ void mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx,
/* /*
* Simplified HMAC_DRBG initialisation (for use with deterministic ECDSA) * Simplified HMAC_DRBG initialisation (for use with deterministic ECDSA)
*/ */
int mbedtls_hmac_drbg_init_buf( mbedtls_hmac_drbg_context *ctx, int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx,
const mbedtls_md_info_t * md_info, const mbedtls_md_info_t * md_info,
const unsigned char *data, size_t data_len ) const unsigned char *data, size_t data_len )
{ {
@ -157,7 +165,7 @@ int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx,
/* /*
* HMAC_DRBG initialisation (10.1.2.3 + 9.1) * HMAC_DRBG initialisation (10.1.2.3 + 9.1)
*/ */
int mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx, int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
const mbedtls_md_info_t * md_info, const mbedtls_md_info_t * md_info,
int (*f_entropy)(void *, unsigned char *, size_t), int (*f_entropy)(void *, unsigned char *, size_t),
void *p_entropy, void *p_entropy,
@ -455,6 +463,8 @@ int mbedtls_hmac_drbg_self_test( int verbose )
unsigned char buf[OUTPUT_LEN]; unsigned char buf[OUTPUT_LEN];
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ); const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 );
mbedtls_hmac_drbg_init( &ctx );
/* /*
* PR = True * PR = True
*/ */
@ -462,7 +472,7 @@ int mbedtls_hmac_drbg_self_test( int verbose )
mbedtls_printf( " HMAC_DRBG (PR = True) : " ); mbedtls_printf( " HMAC_DRBG (PR = True) : " );
test_offset = 0; test_offset = 0;
CHK( mbedtls_hmac_drbg_init( &ctx, md_info, CHK( mbedtls_hmac_drbg_seed( &ctx, md_info,
hmac_drbg_self_test_entropy, (void *) entropy_pr, hmac_drbg_self_test_entropy, (void *) entropy_pr,
NULL, 0 ) ); NULL, 0 ) );
mbedtls_hmac_drbg_set_prediction_resistance( &ctx, MBEDTLS_HMAC_DRBG_PR_ON ); mbedtls_hmac_drbg_set_prediction_resistance( &ctx, MBEDTLS_HMAC_DRBG_PR_ON );
@ -481,7 +491,7 @@ int mbedtls_hmac_drbg_self_test( int verbose )
mbedtls_printf( " HMAC_DRBG (PR = False) : " ); mbedtls_printf( " HMAC_DRBG (PR = False) : " );
test_offset = 0; test_offset = 0;
CHK( mbedtls_hmac_drbg_init( &ctx, md_info, CHK( mbedtls_hmac_drbg_seed( &ctx, md_info,
hmac_drbg_self_test_entropy, (void *) entropy_nopr, hmac_drbg_self_test_entropy, (void *) entropy_nopr,
NULL, 0 ) ); NULL, 0 ) );
CHK( mbedtls_hmac_drbg_reseed( &ctx, NULL, 0 ) ); CHK( mbedtls_hmac_drbg_reseed( &ctx, NULL, 0 ) );

10
programs/test/benchmark.c
View file

@ -538,18 +538,20 @@ int main( int argc, char *argv[] )
mbedtls_hmac_drbg_context hmac_drbg; mbedtls_hmac_drbg_context hmac_drbg;
const mbedtls_md_info_t *md_info; const mbedtls_md_info_t *md_info;
mbedtls_hmac_drbg_init( &hmac_drbg );
#if defined(MBEDTLS_SHA1_C) #if defined(MBEDTLS_SHA1_C)
if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ) ) == NULL ) if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ) ) == NULL )
mbedtls_exit(1); mbedtls_exit(1);
if( mbedtls_hmac_drbg_init( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 ) if( mbedtls_hmac_drbg_seed( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 )
mbedtls_exit(1); mbedtls_exit(1);
TIME_AND_TSC( "HMAC_DRBG SHA-1 (NOPR)", TIME_AND_TSC( "HMAC_DRBG SHA-1 (NOPR)",
if( mbedtls_hmac_drbg_random( &hmac_drbg, buf, BUFSIZE ) != 0 ) if( mbedtls_hmac_drbg_random( &hmac_drbg, buf, BUFSIZE ) != 0 )
mbedtls_exit(1) ); mbedtls_exit(1) );
mbedtls_hmac_drbg_free( &hmac_drbg ); mbedtls_hmac_drbg_free( &hmac_drbg );
if( mbedtls_hmac_drbg_init( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 ) if( mbedtls_hmac_drbg_seed( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 )
mbedtls_exit(1); mbedtls_exit(1);
mbedtls_hmac_drbg_set_prediction_resistance( &hmac_drbg, mbedtls_hmac_drbg_set_prediction_resistance( &hmac_drbg,
MBEDTLS_HMAC_DRBG_PR_ON ); MBEDTLS_HMAC_DRBG_PR_ON );
@ -563,14 +565,14 @@ int main( int argc, char *argv[] )
if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ) ) == NULL ) if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ) ) == NULL )
mbedtls_exit(1); mbedtls_exit(1);
if( mbedtls_hmac_drbg_init( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 ) if( mbedtls_hmac_drbg_seed( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 )
mbedtls_exit(1); mbedtls_exit(1);
TIME_AND_TSC( "HMAC_DRBG SHA-256 (NOPR)", TIME_AND_TSC( "HMAC_DRBG SHA-256 (NOPR)",
if( mbedtls_hmac_drbg_random( &hmac_drbg, buf, BUFSIZE ) != 0 ) if( mbedtls_hmac_drbg_random( &hmac_drbg, buf, BUFSIZE ) != 0 )
mbedtls_exit(1) ); mbedtls_exit(1) );
mbedtls_hmac_drbg_free( &hmac_drbg ); mbedtls_hmac_drbg_free( &hmac_drbg );
if( mbedtls_hmac_drbg_init( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 ) if( mbedtls_hmac_drbg_seed( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 )
mbedtls_exit(1); mbedtls_exit(1);
mbedtls_hmac_drbg_set_prediction_resistance( &hmac_drbg, mbedtls_hmac_drbg_set_prediction_resistance( &hmac_drbg,
MBEDTLS_HMAC_DRBG_PR_ON ); MBEDTLS_HMAC_DRBG_PR_ON );

21
tests/suites/test_suite_hmac_drbg.function
View file

@ -38,6 +38,7 @@ void hmac_drbg_entropy_usage( int md_alg )
entropy_ctx entropy; entropy_ctx entropy;
size_t last_len, i, reps = 10; size_t last_len, i, reps = 10;
mbedtls_hmac_drbg_init( &ctx );
memset( buf, 0, sizeof( buf ) ); memset( buf, 0, sizeof( buf ) );
memset( out, 0, sizeof( out ) ); memset( out, 0, sizeof( out ) );
@ -49,7 +50,7 @@ void hmac_drbg_entropy_usage( int md_alg )
/* Init must use entropy */ /* Init must use entropy */
last_len = entropy.len; last_len = entropy.len;
TEST_ASSERT( mbedtls_hmac_drbg_init( &ctx, md_info, mbedtls_entropy_func, &entropy, TEST_ASSERT( mbedtls_hmac_drbg_seed( &ctx, md_info, mbedtls_entropy_func, &entropy,
NULL, 0 ) == 0 ); NULL, 0 ) == 0 );
TEST_ASSERT( entropy.len < last_len ); TEST_ASSERT( entropy.len < last_len );
@ -113,10 +114,12 @@ void hmac_drbg_seed_file( int md_alg, char *path, int ret )
const mbedtls_md_info_t *md_info; const mbedtls_md_info_t *md_info;
mbedtls_hmac_drbg_context ctx; mbedtls_hmac_drbg_context ctx;
mbedtls_hmac_drbg_init( &ctx );
md_info = mbedtls_md_info_from_type( md_alg ); md_info = mbedtls_md_info_from_type( md_alg );
TEST_ASSERT( md_info != NULL ); TEST_ASSERT( md_info != NULL );
TEST_ASSERT( mbedtls_hmac_drbg_init( &ctx, md_info, rnd_std_rand, NULL, TEST_ASSERT( mbedtls_hmac_drbg_seed( &ctx, md_info, rnd_std_rand, NULL,
NULL, 0 ) == 0 ); NULL, 0 ) == 0 );
TEST_ASSERT( mbedtls_hmac_drbg_write_seed_file( &ctx, path ) == ret ); TEST_ASSERT( mbedtls_hmac_drbg_write_seed_file( &ctx, path ) == ret );
@ -136,12 +139,13 @@ void hmac_drbg_buf( int md_alg )
mbedtls_hmac_drbg_context ctx; mbedtls_hmac_drbg_context ctx;
size_t i; size_t i;
mbedtls_hmac_drbg_init( &ctx );
memset( buf, 0, sizeof( buf ) ); memset( buf, 0, sizeof( buf ) );
memset( out, 0, sizeof( out ) ); memset( out, 0, sizeof( out ) );
md_info = mbedtls_md_info_from_type( md_alg ); md_info = mbedtls_md_info_from_type( md_alg );
TEST_ASSERT( md_info != NULL ); TEST_ASSERT( md_info != NULL );
TEST_ASSERT( mbedtls_hmac_drbg_init_buf( &ctx, md_info, buf, sizeof( buf ) ) == 0 ); TEST_ASSERT( mbedtls_hmac_drbg_seed_buf( &ctx, md_info, buf, sizeof( buf ) ) == 0 );
/* Make sure it never tries to reseed (would segfault otherwise) */ /* Make sure it never tries to reseed (would segfault otherwise) */
mbedtls_hmac_drbg_set_reseed_interval( &ctx, 3 ); mbedtls_hmac_drbg_set_reseed_interval( &ctx, 3 );
@ -173,6 +177,7 @@ void hmac_drbg_no_reseed( int md_alg,
const mbedtls_md_info_t *md_info; const mbedtls_md_info_t *md_info;
mbedtls_hmac_drbg_context ctx; mbedtls_hmac_drbg_context ctx;
mbedtls_hmac_drbg_init( &ctx );
memset( my_output, 0, sizeof my_output ); memset( my_output, 0, sizeof my_output );
custom_len = unhexify( custom, custom_hex ); custom_len = unhexify( custom, custom_hex );
@ -188,7 +193,7 @@ void hmac_drbg_no_reseed( int md_alg,
/* Test the simplified buffer-based variant */ /* Test the simplified buffer-based variant */
memcpy( data, entropy, p_entropy.len ); memcpy( data, entropy, p_entropy.len );
memcpy( data + p_entropy.len, custom, custom_len ); memcpy( data + p_entropy.len, custom, custom_len );
TEST_ASSERT( mbedtls_hmac_drbg_init_buf( &ctx, md_info, TEST_ASSERT( mbedtls_hmac_drbg_seed_buf( &ctx, md_info,
data, p_entropy.len + custom_len ) == 0 ); data, p_entropy.len + custom_len ) == 0 );
TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, out_len, TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, out_len,
add1, add1_len ) == 0 ); add1, add1_len ) == 0 );
@ -201,7 +206,7 @@ void hmac_drbg_no_reseed( int md_alg,
TEST_ASSERT( memcmp( my_output, output, out_len ) == 0 ); TEST_ASSERT( memcmp( my_output, output, out_len ) == 0 );
/* And now the normal entropy-based variant */ /* And now the normal entropy-based variant */
TEST_ASSERT( mbedtls_hmac_drbg_init( &ctx, md_info, mbedtls_entropy_func, &p_entropy, TEST_ASSERT( mbedtls_hmac_drbg_seed( &ctx, md_info, mbedtls_entropy_func, &p_entropy,
custom, custom_len ) == 0 ); custom, custom_len ) == 0 );
TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, out_len, TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, out_len,
add1, add1_len ) == 0 ); add1, add1_len ) == 0 );
@ -232,6 +237,7 @@ void hmac_drbg_nopr( int md_alg,
const mbedtls_md_info_t *md_info; const mbedtls_md_info_t *md_info;
mbedtls_hmac_drbg_context ctx; mbedtls_hmac_drbg_context ctx;
mbedtls_hmac_drbg_init( &ctx );
memset( my_output, 0, sizeof my_output ); memset( my_output, 0, sizeof my_output );
custom_len = unhexify( custom, custom_hex ); custom_len = unhexify( custom, custom_hex );
@ -245,7 +251,7 @@ void hmac_drbg_nopr( int md_alg,
md_info = mbedtls_md_info_from_type( md_alg ); md_info = mbedtls_md_info_from_type( md_alg );
TEST_ASSERT( md_info != NULL ); TEST_ASSERT( md_info != NULL );
TEST_ASSERT( mbedtls_hmac_drbg_init( &ctx, md_info, mbedtls_entropy_func, &p_entropy, TEST_ASSERT( mbedtls_hmac_drbg_seed( &ctx, md_info, mbedtls_entropy_func, &p_entropy,
custom, custom_len ) == 0 ); custom, custom_len ) == 0 );
TEST_ASSERT( mbedtls_hmac_drbg_reseed( &ctx, add1, add1_len ) == 0 ); TEST_ASSERT( mbedtls_hmac_drbg_reseed( &ctx, add1, add1_len ) == 0 );
TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, out_len, TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, out_len,
@ -277,6 +283,7 @@ void hmac_drbg_pr( int md_alg,
const mbedtls_md_info_t *md_info; const mbedtls_md_info_t *md_info;
mbedtls_hmac_drbg_context ctx; mbedtls_hmac_drbg_context ctx;
mbedtls_hmac_drbg_init( &ctx );
memset( my_output, 0, sizeof my_output ); memset( my_output, 0, sizeof my_output );
custom_len = unhexify( custom, custom_hex ); custom_len = unhexify( custom, custom_hex );
@ -289,7 +296,7 @@ void hmac_drbg_pr( int md_alg,
md_info = mbedtls_md_info_from_type( md_alg ); md_info = mbedtls_md_info_from_type( md_alg );
TEST_ASSERT( md_info != NULL ); TEST_ASSERT( md_info != NULL );
TEST_ASSERT( mbedtls_hmac_drbg_init( &ctx, md_info, mbedtls_entropy_func, &p_entropy, TEST_ASSERT( mbedtls_hmac_drbg_seed( &ctx, md_info, mbedtls_entropy_func, &p_entropy,
custom, custom_len ) == 0 ); custom, custom_len ) == 0 );
mbedtls_hmac_drbg_set_prediction_resistance( &ctx, MBEDTLS_HMAC_DRBG_PR_ON ); mbedtls_hmac_drbg_set_prediction_resistance( &ctx, MBEDTLS_HMAC_DRBG_PR_ON );
TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, out_len, TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, out_len,