diff --git a/ChangeLog b/ChangeLog index 7a9570eed..0e876f0a0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,6 +17,7 @@ API Changes been split into an _init() that returns void and another function: mbedtls_ccm_init() -> mbedtls_ccm_setkey() mbedtls_gcm_init() -> mbedtls_gcm_setkey() + mbedtls_hmac_drbg_init() -> mbedtls_hmac_drbg_init(_buf)() * In the threading layer, mbedtls_mutex_init() and mbedtls_mutex_free() now return void. * ecdsa_write_signature() gained an addtional md_alg argument and diff --git a/include/mbedtls/hmac_drbg.h b/include/mbedtls/hmac_drbg.h index e1244bbce..ed85dfec0 100644 --- a/include/mbedtls/hmac_drbg.h +++ b/include/mbedtls/hmac_drbg.h @@ -90,9 +90,20 @@ typedef struct } mbedtls_hmac_drbg_context; /** - * \brief HMAC_DRBG initialisation + * \brief HMAC_DRBG initialization (just make references valid) + * Makes the context ready for mbetls_hmac_drbg_seed(), + * mbedtls_hmac_drbg_seed_buf() or + * mbedtls_hmac_drbg_free(). * - * \param ctx HMAC_DRBG context to be initialised + * \param ctx HMAC_DRBG context to be initialized + */ +void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx ); + +/** + * \brief HMAC_DRBG initial seeding + * Seed and setup entropy pool for later re-seeding. + * + * \param ctx HMAC_DRBG context to be seeded * \param md_info MD algorithm to use for HMAC_DRBG * \param f_entropy Entropy callback (p_entropy, buffer to fill, buffer * length) @@ -110,9 +121,9 @@ typedef struct * \return 0 if successful, or * MBEDTLS_ERR_MD_BAD_INPUT_DATA, or * MBEDTLS_ERR_MD_ALLOC_FAILED, or - * MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED. + * MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED. */ -int mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx, +int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx, const mbedtls_md_info_t * md_info, int (*f_entropy)(void *, unsigned char *, size_t), void *p_entropy, @@ -132,7 +143,7 @@ int mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx, * MBEDTLS_ERR_MD_BAD_INPUT_DATA, or * MBEDTLS_ERR_MD_ALLOC_FAILED. */ -int mbedtls_hmac_drbg_init_buf( mbedtls_hmac_drbg_context *ctx, +int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx, const mbedtls_md_info_t * md_info, const unsigned char *data, size_t data_len ); diff --git a/library/ecdsa.c b/library/ecdsa.c index 0e864fc94..a7dcddb9a 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -174,13 +174,13 @@ int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); mbedtls_mpi_init( &h ); - memset( &rng_ctx, 0, sizeof( mbedtls_hmac_drbg_context ) ); + mbedtls_hmac_drbg_init( &rng_ctx ); /* Use private key and message hash (reduced) to initialize HMAC_DRBG */ MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( d, data, grp_len ) ); MBEDTLS_MPI_CHK( derive_mpi( grp, &h, buf, blen ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &h, data + grp_len, grp_len ) ); - mbedtls_hmac_drbg_init_buf( &rng_ctx, md_info, data, 2 * grp_len ); + mbedtls_hmac_drbg_seed_buf( &rng_ctx, md_info, data, 2 * grp_len ); ret = mbedtls_ecdsa_sign( grp, r, s, d, buf, blen, mbedtls_hmac_drbg_random, &rng_ctx ); diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c index 48d5b4841..710eb8420 100644 --- a/library/hmac_drbg.c +++ b/library/hmac_drbg.c @@ -56,6 +56,14 @@ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; } +/* + * HMAC_DRBG context initialization + */ +void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx ) +{ + memset( ctx, 0, sizeof( mbedtls_hmac_drbg_context ) ); +} + /* * HMAC_DRBG update, using optional additional data (10.1.2.2) */ @@ -87,7 +95,7 @@ void mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx, /* * Simplified HMAC_DRBG initialisation (for use with deterministic ECDSA) */ -int mbedtls_hmac_drbg_init_buf( mbedtls_hmac_drbg_context *ctx, +int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx, const mbedtls_md_info_t * md_info, const unsigned char *data, size_t data_len ) { @@ -157,7 +165,7 @@ int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx, /* * HMAC_DRBG initialisation (10.1.2.3 + 9.1) */ -int mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx, +int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx, const mbedtls_md_info_t * md_info, int (*f_entropy)(void *, unsigned char *, size_t), void *p_entropy, @@ -455,6 +463,8 @@ int mbedtls_hmac_drbg_self_test( int verbose ) unsigned char buf[OUTPUT_LEN]; const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ); + mbedtls_hmac_drbg_init( &ctx ); + /* * PR = True */ @@ -462,7 +472,7 @@ int mbedtls_hmac_drbg_self_test( int verbose ) mbedtls_printf( " HMAC_DRBG (PR = True) : " ); test_offset = 0; - CHK( mbedtls_hmac_drbg_init( &ctx, md_info, + CHK( mbedtls_hmac_drbg_seed( &ctx, md_info, hmac_drbg_self_test_entropy, (void *) entropy_pr, NULL, 0 ) ); mbedtls_hmac_drbg_set_prediction_resistance( &ctx, MBEDTLS_HMAC_DRBG_PR_ON ); @@ -481,7 +491,7 @@ int mbedtls_hmac_drbg_self_test( int verbose ) mbedtls_printf( " HMAC_DRBG (PR = False) : " ); test_offset = 0; - CHK( mbedtls_hmac_drbg_init( &ctx, md_info, + CHK( mbedtls_hmac_drbg_seed( &ctx, md_info, hmac_drbg_self_test_entropy, (void *) entropy_nopr, NULL, 0 ) ); CHK( mbedtls_hmac_drbg_reseed( &ctx, NULL, 0 ) ); diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index db98bd689..c752ba6a4 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -538,18 +538,20 @@ int main( int argc, char *argv[] ) mbedtls_hmac_drbg_context hmac_drbg; const mbedtls_md_info_t *md_info; + mbedtls_hmac_drbg_init( &hmac_drbg ); + #if defined(MBEDTLS_SHA1_C) if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ) ) == NULL ) mbedtls_exit(1); - if( mbedtls_hmac_drbg_init( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 ) + if( mbedtls_hmac_drbg_seed( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 ) mbedtls_exit(1); TIME_AND_TSC( "HMAC_DRBG SHA-1 (NOPR)", if( mbedtls_hmac_drbg_random( &hmac_drbg, buf, BUFSIZE ) != 0 ) mbedtls_exit(1) ); mbedtls_hmac_drbg_free( &hmac_drbg ); - if( mbedtls_hmac_drbg_init( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 ) + if( mbedtls_hmac_drbg_seed( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 ) mbedtls_exit(1); mbedtls_hmac_drbg_set_prediction_resistance( &hmac_drbg, MBEDTLS_HMAC_DRBG_PR_ON ); @@ -563,14 +565,14 @@ int main( int argc, char *argv[] ) if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ) ) == NULL ) mbedtls_exit(1); - if( mbedtls_hmac_drbg_init( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 ) + if( mbedtls_hmac_drbg_seed( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 ) mbedtls_exit(1); TIME_AND_TSC( "HMAC_DRBG SHA-256 (NOPR)", if( mbedtls_hmac_drbg_random( &hmac_drbg, buf, BUFSIZE ) != 0 ) mbedtls_exit(1) ); mbedtls_hmac_drbg_free( &hmac_drbg ); - if( mbedtls_hmac_drbg_init( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 ) + if( mbedtls_hmac_drbg_seed( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 ) mbedtls_exit(1); mbedtls_hmac_drbg_set_prediction_resistance( &hmac_drbg, MBEDTLS_HMAC_DRBG_PR_ON ); diff --git a/tests/suites/test_suite_hmac_drbg.function b/tests/suites/test_suite_hmac_drbg.function index a227ecd86..3cc96421e 100644 --- a/tests/suites/test_suite_hmac_drbg.function +++ b/tests/suites/test_suite_hmac_drbg.function @@ -38,6 +38,7 @@ void hmac_drbg_entropy_usage( int md_alg ) entropy_ctx entropy; size_t last_len, i, reps = 10; + mbedtls_hmac_drbg_init( &ctx ); memset( buf, 0, sizeof( buf ) ); memset( out, 0, sizeof( out ) ); @@ -49,7 +50,7 @@ void hmac_drbg_entropy_usage( int md_alg ) /* Init must use entropy */ last_len = entropy.len; - TEST_ASSERT( mbedtls_hmac_drbg_init( &ctx, md_info, mbedtls_entropy_func, &entropy, + TEST_ASSERT( mbedtls_hmac_drbg_seed( &ctx, md_info, mbedtls_entropy_func, &entropy, NULL, 0 ) == 0 ); TEST_ASSERT( entropy.len < last_len ); @@ -113,10 +114,12 @@ void hmac_drbg_seed_file( int md_alg, char *path, int ret ) const mbedtls_md_info_t *md_info; mbedtls_hmac_drbg_context ctx; + mbedtls_hmac_drbg_init( &ctx ); + md_info = mbedtls_md_info_from_type( md_alg ); TEST_ASSERT( md_info != NULL ); - TEST_ASSERT( mbedtls_hmac_drbg_init( &ctx, md_info, rnd_std_rand, NULL, + TEST_ASSERT( mbedtls_hmac_drbg_seed( &ctx, md_info, rnd_std_rand, NULL, NULL, 0 ) == 0 ); TEST_ASSERT( mbedtls_hmac_drbg_write_seed_file( &ctx, path ) == ret ); @@ -136,12 +139,13 @@ void hmac_drbg_buf( int md_alg ) mbedtls_hmac_drbg_context ctx; size_t i; + mbedtls_hmac_drbg_init( &ctx ); memset( buf, 0, sizeof( buf ) ); memset( out, 0, sizeof( out ) ); md_info = mbedtls_md_info_from_type( md_alg ); TEST_ASSERT( md_info != NULL ); - TEST_ASSERT( mbedtls_hmac_drbg_init_buf( &ctx, md_info, buf, sizeof( buf ) ) == 0 ); + TEST_ASSERT( mbedtls_hmac_drbg_seed_buf( &ctx, md_info, buf, sizeof( buf ) ) == 0 ); /* Make sure it never tries to reseed (would segfault otherwise) */ mbedtls_hmac_drbg_set_reseed_interval( &ctx, 3 ); @@ -173,6 +177,7 @@ void hmac_drbg_no_reseed( int md_alg, const mbedtls_md_info_t *md_info; mbedtls_hmac_drbg_context ctx; + mbedtls_hmac_drbg_init( &ctx ); memset( my_output, 0, sizeof my_output ); custom_len = unhexify( custom, custom_hex ); @@ -188,7 +193,7 @@ void hmac_drbg_no_reseed( int md_alg, /* Test the simplified buffer-based variant */ memcpy( data, entropy, p_entropy.len ); memcpy( data + p_entropy.len, custom, custom_len ); - TEST_ASSERT( mbedtls_hmac_drbg_init_buf( &ctx, md_info, + TEST_ASSERT( mbedtls_hmac_drbg_seed_buf( &ctx, md_info, data, p_entropy.len + custom_len ) == 0 ); TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, out_len, add1, add1_len ) == 0 ); @@ -201,7 +206,7 @@ void hmac_drbg_no_reseed( int md_alg, TEST_ASSERT( memcmp( my_output, output, out_len ) == 0 ); /* And now the normal entropy-based variant */ - TEST_ASSERT( mbedtls_hmac_drbg_init( &ctx, md_info, mbedtls_entropy_func, &p_entropy, + TEST_ASSERT( mbedtls_hmac_drbg_seed( &ctx, md_info, mbedtls_entropy_func, &p_entropy, custom, custom_len ) == 0 ); TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, out_len, add1, add1_len ) == 0 ); @@ -232,6 +237,7 @@ void hmac_drbg_nopr( int md_alg, const mbedtls_md_info_t *md_info; mbedtls_hmac_drbg_context ctx; + mbedtls_hmac_drbg_init( &ctx ); memset( my_output, 0, sizeof my_output ); custom_len = unhexify( custom, custom_hex ); @@ -245,7 +251,7 @@ void hmac_drbg_nopr( int md_alg, md_info = mbedtls_md_info_from_type( md_alg ); TEST_ASSERT( md_info != NULL ); - TEST_ASSERT( mbedtls_hmac_drbg_init( &ctx, md_info, mbedtls_entropy_func, &p_entropy, + TEST_ASSERT( mbedtls_hmac_drbg_seed( &ctx, md_info, mbedtls_entropy_func, &p_entropy, custom, custom_len ) == 0 ); TEST_ASSERT( mbedtls_hmac_drbg_reseed( &ctx, add1, add1_len ) == 0 ); TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, out_len, @@ -277,6 +283,7 @@ void hmac_drbg_pr( int md_alg, const mbedtls_md_info_t *md_info; mbedtls_hmac_drbg_context ctx; + mbedtls_hmac_drbg_init( &ctx ); memset( my_output, 0, sizeof my_output ); custom_len = unhexify( custom, custom_hex ); @@ -289,7 +296,7 @@ void hmac_drbg_pr( int md_alg, md_info = mbedtls_md_info_from_type( md_alg ); TEST_ASSERT( md_info != NULL ); - TEST_ASSERT( mbedtls_hmac_drbg_init( &ctx, md_info, mbedtls_entropy_func, &p_entropy, + TEST_ASSERT( mbedtls_hmac_drbg_seed( &ctx, md_info, mbedtls_entropy_func, &p_entropy, custom, custom_len ) == 0 ); mbedtls_hmac_drbg_set_prediction_resistance( &ctx, MBEDTLS_HMAC_DRBG_PR_ON ); TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, out_len,