1 /* 2 * Platform-specific and custom entropy polling functions 3 * 4 * Copyright The Mbed TLS Contributors 5 * SPDX-License-Identifier: Apache-2.0 6 * 7 * Licensed under the Apache License, Version 2.0 (the "License"); you may 8 * not use this file except in compliance with the License. 9 * You may obtain a copy of the License at 10 * 11 * http://www.apache.org/licenses/LICENSE-2.0 12 * 13 * Unless required by applicable law or agreed to in writing, software 14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 * See the License for the specific language governing permissions and 17 * limitations under the License. 18 */ 19 20 #if defined(__linux__) && !defined(_GNU_SOURCE) 21 /* Ensure that syscall() is available even when compiling with -std=c99 */ 22 #define _GNU_SOURCE 23 #endif 24 25 #include "common.h" 26 27 #include <string.h> 28 29 #if defined(MBEDTLS_ENTROPY_C) 30 31 #include "mbedtls/entropy.h" 32 #include "mbedtls/entropy_poll.h" 33 #include "mbedtls/error.h" 34 35 #if defined(MBEDTLS_TIMING_C) 36 #include "mbedtls/timing.h" 37 #endif 38 #if defined(MBEDTLS_HAVEGE_C) 39 #include "mbedtls/havege.h" 40 #endif 41 #if defined(MBEDTLS_ENTROPY_NV_SEED) 42 #include "mbedtls/platform.h" 43 #endif 44 45 #if !defined(MBEDTLS_NO_PLATFORM_ENTROPY) 46 47 #if !defined(unix) && !defined(__unix__) && !defined(__unix) && \ 48 !defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) && \ 49 !defined(__HAIKU__) && !defined(__midipix__) 50 #error "Platform entropy sources only work on Unix and Windows, see MBEDTLS_NO_PLATFORM_ENTROPY in config.h" 51 #endif 52 53 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) 54 55 #if !defined(_WIN32_WINNT) 56 #define _WIN32_WINNT 0x0400 57 #endif 58 #include <windows.h> 59 #include <wincrypt.h> 60 61 int mbedtls_platform_entropy_poll( void *data, unsigned char *output, size_t len, 62 size_t *olen ) 63 { 64 HCRYPTPROV provider; 65 ((void) data); 66 *olen = 0; 67 68 if( CryptAcquireContext( &provider, NULL, NULL, 69 PROV_RSA_FULL, CRYPT_VERIFYCONTEXT ) == FALSE ) 70 { 71 return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); 72 } 73 74 if( CryptGenRandom( provider, (DWORD) len, output ) == FALSE ) 75 { 76 CryptReleaseContext( provider, 0 ); 77 return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); 78 } 79 80 CryptReleaseContext( provider, 0 ); 81 *olen = len; 82 83 return( 0 ); 84 } 85 #else /* _WIN32 && !EFIX64 && !EFI32 */ 86 87 /* 88 * Test for Linux getrandom() support. 89 * Since there is no wrapper in the libc yet, use the generic syscall wrapper 90 * available in GNU libc and compatible libc's (eg uClibc). 91 */ 92 #if ((defined(__linux__) && defined(__GLIBC__)) || defined(__midipix__)) 93 #include <unistd.h> 94 #include <sys/syscall.h> 95 #if defined(SYS_getrandom) 96 #define HAVE_GETRANDOM 97 #include <errno.h> 98 99 static int getrandom_wrapper( void *buf, size_t buflen, unsigned int flags ) 100 { 101 /* MemSan cannot understand that the syscall writes to the buffer */ 102 #if defined(__has_feature) 103 #if __has_feature(memory_sanitizer) 104 memset( buf, 0, buflen ); 105 #endif 106 #endif 107 return( syscall( SYS_getrandom, buf, buflen, flags ) ); 108 } 109 #endif /* SYS_getrandom */ 110 #endif /* __linux__ || __midipix__ */ 111 112 #if defined(__FreeBSD__) || defined(__DragonFly__) 113 #include <sys/param.h> 114 #if (defined(__FreeBSD__) && __FreeBSD_version >= 1200000) || \ 115 (defined(__DragonFly__) && __DragonFly_version >= 500700) 116 #include <errno.h> 117 #include <sys/random.h> 118 #define HAVE_GETRANDOM 119 static int getrandom_wrapper( void *buf, size_t buflen, unsigned int flags ) 120 { 121 return getrandom( buf, buflen, flags ); 122 } 123 #endif /* (__FreeBSD__ && __FreeBSD_version >= 1200000) || 124 (__DragonFly__ && __DragonFly_version >= 500700) */ 125 #endif /* __FreeBSD__ || __DragonFly__ */ 126 127 /* 128 * Some BSD systems provide KERN_ARND. 129 * This is equivalent to reading from /dev/urandom, only it doesn't require an 130 * open file descriptor, and provides up to 256 bytes per call (basically the 131 * same as getentropy(), but with a longer history). 132 * 133 * Documentation: https://netbsd.gw.com/cgi-bin/man-cgi?sysctl+7 134 */ 135 #if (defined(__FreeBSD__) || defined(__NetBSD__)) && !defined(HAVE_GETRANDOM) 136 #include <sys/param.h> 137 #include <sys/sysctl.h> 138 #if defined(KERN_ARND) 139 #define HAVE_SYSCTL_ARND 140 141 static int sysctl_arnd_wrapper( unsigned char *buf, size_t buflen ) 142 { 143 int name[2]; 144 size_t len; 145 146 name[0] = CTL_KERN; 147 name[1] = KERN_ARND; 148 149 while( buflen > 0 ) 150 { 151 len = buflen > 256 ? 256 : buflen; 152 if( sysctl(name, 2, buf, &len, NULL, 0) == -1 ) 153 return( -1 ); 154 buflen -= len; 155 buf += len; 156 } 157 return( 0 ); 158 } 159 #endif /* KERN_ARND */ 160 #endif /* __FreeBSD__ || __NetBSD__ */ 161 162 #include <stdio.h> 163 164 int mbedtls_platform_entropy_poll( void *data, 165 unsigned char *output, size_t len, size_t *olen ) 166 { 167 FILE *file; 168 size_t read_len; 169 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 170 ((void) data); 171 172 #if defined(HAVE_GETRANDOM) 173 ret = getrandom_wrapper( output, len, 0 ); 174 if( ret >= 0 ) 175 { 176 *olen = ret; 177 return( 0 ); 178 } 179 else if( errno != ENOSYS ) 180 return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); 181 /* Fall through if the system call isn't known. */ 182 #else 183 ((void) ret); 184 #endif /* HAVE_GETRANDOM */ 185 186 #if defined(HAVE_SYSCTL_ARND) 187 ((void) file); 188 ((void) read_len); 189 if( sysctl_arnd_wrapper( output, len ) == -1 ) 190 return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); 191 *olen = len; 192 return( 0 ); 193 #else 194 195 *olen = 0; 196 197 file = fopen( "/dev/urandom", "rb" ); 198 if( file == NULL ) 199 return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); 200 201 read_len = fread( output, 1, len, file ); 202 if( read_len != len ) 203 { 204 fclose( file ); 205 return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); 206 } 207 208 fclose( file ); 209 *olen = len; 210 211 return( 0 ); 212 #endif /* HAVE_SYSCTL_ARND */ 213 } 214 #endif /* _WIN32 && !EFIX64 && !EFI32 */ 215 #endif /* !MBEDTLS_NO_PLATFORM_ENTROPY */ 216 217 #if defined(MBEDTLS_TEST_NULL_ENTROPY) 218 int mbedtls_null_entropy_poll( void *data, 219 unsigned char *output, size_t len, size_t *olen ) 220 { 221 ((void) data); 222 ((void) output); 223 224 *olen = 0; 225 if( len < sizeof(unsigned char) ) 226 return( 0 ); 227 228 output[0] = 0; 229 *olen = sizeof(unsigned char); 230 return( 0 ); 231 } 232 #endif 233 234 #if defined(MBEDTLS_TIMING_C) 235 int mbedtls_hardclock_poll( void *data, 236 unsigned char *output, size_t len, size_t *olen ) 237 { 238 unsigned long timer = mbedtls_timing_hardclock(); 239 ((void) data); 240 *olen = 0; 241 242 if( len < sizeof(unsigned long) ) 243 return( 0 ); 244 245 memcpy( output, &timer, sizeof(unsigned long) ); 246 *olen = sizeof(unsigned long); 247 248 return( 0 ); 249 } 250 #endif /* MBEDTLS_TIMING_C */ 251 252 #if defined(MBEDTLS_HAVEGE_C) 253 int mbedtls_havege_poll( void *data, 254 unsigned char *output, size_t len, size_t *olen ) 255 { 256 mbedtls_havege_state *hs = (mbedtls_havege_state *) data; 257 *olen = 0; 258 259 if( mbedtls_havege_random( hs, output, len ) != 0 ) 260 return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); 261 262 *olen = len; 263 264 return( 0 ); 265 } 266 #endif /* MBEDTLS_HAVEGE_C */ 267 268 #if defined(MBEDTLS_ENTROPY_NV_SEED) 269 int mbedtls_nv_seed_poll( void *data, 270 unsigned char *output, size_t len, size_t *olen ) 271 { 272 unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE]; 273 size_t use_len = MBEDTLS_ENTROPY_BLOCK_SIZE; 274 ((void) data); 275 276 memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE ); 277 278 if( mbedtls_nv_seed_read( buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) < 0 ) 279 return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); 280 281 if( len < use_len ) 282 use_len = len; 283 284 memcpy( output, buf, use_len ); 285 *olen = use_len; 286 287 return( 0 ); 288 } 289 #endif /* MBEDTLS_ENTROPY_NV_SEED */ 290 291 #endif /* MBEDTLS_ENTROPY_C */ 292