Entropy collector and CTR-DRBG now also work on SHA-256 if SHA-512 not available

2024-10-18 12:31:05 +00:00 · 2013-08-27 15:06:26 +02:00 · 2013-08-27 15:06:26 +02:00 · fb08fd2e23
parent 0a20171d52
commit fb08fd2e23
6 changed files with 65 additions and 5 deletions
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@ -1326,7 +1326,7 @@

 // CTR_DRBG options
 //
-#define CTR_DRBG_ENTROPY_LEN               48 /**< Amount of entropy used per seed by default */
+#define CTR_DRBG_ENTROPY_LEN               48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
 #define CTR_DRBG_RESEED_INTERVAL        10000 /**< Interval before reseed is performed by default */
 #define CTR_DRBG_MAX_INPUT                256 /**< Maximum number of additional input bytes */
 #define CTR_DRBG_MAX_REQUEST             1024 /**< Maximum number of requested bytes per call */
@ -1382,9 +1382,18 @@
 #error "POLARSSL_ECP_C defined, but not all prerequisites"
 #endif

-#if defined(POLARSSL_ENTROPY_C) && !defined(POLARSSL_SHA512_C)
+#if defined(POLARSSL_ENTROPY_C) && (!defined(POLARSSL_SHA512_C) &&      \
+                                    !defined(POLARSSL_SHA256_C))
 #error "POLARSSL_ENTROPY_C defined, but not all prerequisites"
 #endif
+#if defined(POLARSSL_ENTROPY_C) && defined(POLARSSL_SHA512_C) &&         \
+    defined(POLARSSL_CONFIG_OPTIONS) && (CTR_DRBG_ENTROPY_LEN > 64)
+#error "CTR_DRBG_ENTROPY_LEN value too high"
+#endif
+#if defined(POLARSSL_ENTROPY_C) && !defined(POLARSSL_SHA512_C) &&        \
+    defined(POLARSSL_CONFIG_OPTIONS) && (CTR_DRBG_ENTROPY_LEN > 32)
+#error "CTR_DRBG_ENTROPY_LEN value too high"
+#endif

 #if defined(POLARSSL_GCM_C) && !defined(POLARSSL_AES_C)
 #error "POLARSSL_GCM_C defined, but not all prerequisites"
--- a/include/polarssl/ctr_drbg.h
+++ b/include/polarssl/ctr_drbg.h
@ -43,7 +43,11 @@
                                            /**< The seed length (counter + AES key)            */

 #if !defined(POLARSSL_CONFIG_OPTIONS)
-#define CTR_DRBG_ENTROPY_LEN        48      /**< Amount of entropy used per seed by default */
+#if defined(POLARSSL_SHA512_C)
+#define CTR_DRBG_ENTROPY_LEN        48      /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
+#else
+#define CTR_DRBG_ENTROPY_LEN        32      /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
+#endif
 #define CTR_DRBG_RESEED_INTERVAL    10000   /**< Interval before reseed is performed by default */
 #define CTR_DRBG_MAX_INPUT          256     /**< Maximum number of additional input bytes */
 #define CTR_DRBG_MAX_REQUEST        1024    /**< Maximum number of requested bytes per call */
--- a/include/polarssl/entropy.h
+++ b/include/polarssl/entropy.h
@ -31,7 +31,16 @@

 #include "config.h"

+#if defined(POLARSSL_SHA512_C)
 #include "sha512.h"
+#define POLARSSL_ENTROPY_SHA512_ACCUMULATOR
+#else
+#if defined(POLARSSL_SHA256_C)
+#define POLARSSL_ENTROPY_SHA256_ACCUMULATOR
+#include "sha256.h"
+#endif
+#endif
+
 #if defined(POLARSSL_HAVEGE_C)
 #include "havege.h"
 #endif
@ -45,7 +54,11 @@
 #define ENTROPY_MAX_GATHER      128     /**< Maximum amount requested from entropy sources */
 #endif /* !POLARSSL_CONFIG_OPTIONS  */

+#if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR)
 #define ENTROPY_BLOCK_SIZE      64      /**< Block size of entropy accumulator (SHA-512) */
+#else
+#define ENTROPY_BLOCK_SIZE      32      /**< Block size of entropy accumulator (SHA-256) */
+#endif

 #define ENTROPY_SOURCE_MANUAL   ENTROPY_MAX_SOURCES

@ -83,7 +96,11 @@ source_state;
 */
 typedef struct
 {
+#if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR)
    sha512_context  accumulator;
+#else
+    sha256_context  accumulator;
+#endif
    int             source_count;
    source_state    source[ENTROPY_MAX_SOURCES];
 #if defined(POLARSSL_HAVEGE_C)
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@ -439,7 +439,9 @@ struct _ssl_handshake_params
       md5_context fin_md5;
      sha1_context fin_sha1;
    sha256_context fin_sha256;
+#if defined(POLARSSL_SHA512_C)
    sha512_context fin_sha512;
+#endif

    void (*update_checksum)(ssl_context *, const unsigned char *, size_t);
    void (*calc_verify)(ssl_context *, unsigned char *);
--- a/library/entropy.c
+++ b/library/entropy.c
@ -40,7 +40,11 @@ void entropy_init( entropy_context *ctx )
 {
    memset( ctx, 0, sizeof(entropy_context) );

+#if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR)
    sha512_starts( &ctx->accumulator, 0 );
+#else
+    sha256_starts( &ctx->accumulator, 0 );
+#endif
 #if defined(POLARSSL_HAVEGE_C)
    havege_init( &ctx->havege_data );
 #endif
@ -91,8 +95,11 @@ static int entropy_update( entropy_context *ctx, unsigned char source_id,

    if( use_len > ENTROPY_BLOCK_SIZE )
    {
+#if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR)
        sha512( data, len, tmp, 0 );
-
+#else
+        sha256( data, len, tmp, 0 );
+#endif
        p = tmp;
        use_len = ENTROPY_BLOCK_SIZE;
    }
@ -100,8 +107,13 @@ static int entropy_update( entropy_context *ctx, unsigned char source_id,
    header[0] = source_id;
    header[1] = use_len & 0xFF;

+#if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR)
    sha512_update( &ctx->accumulator, header, 2 );
    sha512_update( &ctx->accumulator, p, use_len );
+#else
+    sha256_update( &ctx->accumulator, header, 2 );
+    sha256_update( &ctx->accumulator, p, use_len );
+#endif

    return( 0 );
 }
@ -179,6 +191,7 @@ int entropy_func( void *data, unsigned char *output, size_t len )

    memset( buf, 0, ENTROPY_BLOCK_SIZE );

+#if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR)
    sha512_finish( &ctx->accumulator, buf );

    /*
@ -192,6 +205,21 @@ int entropy_func( void *data, unsigned char *output, size_t len )
    memset( &ctx->accumulator, 0, sizeof( sha512_context ) );
    sha512_starts( &ctx->accumulator, 0 );
    sha512_update( &ctx->accumulator, buf, ENTROPY_BLOCK_SIZE );
+#else /* POLARSSL_ENTROPY_SHA512_ACCUMULATOR */
+    sha256_finish( &ctx->accumulator, buf );
+
+    /*
+     * Perform second SHA-256 on entropy
+     */
+    sha256( buf, ENTROPY_BLOCK_SIZE, buf, 0 );
+
+    /*
+     * Reset accumulator and counters and recycle existing entropy
+     */
+    memset( &ctx->accumulator, 0, sizeof( sha256_context ) );
+    sha256_starts( &ctx->accumulator, 0 );
+    sha256_update( &ctx->accumulator, buf, ENTROPY_BLOCK_SIZE );
+#endif /* POLARSSL_ENTROPY_SHA512_ACCUMULATOR */

    for( i = 0; i < ctx->source_count; i++ )
        ctx->source[i].size = 0;
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -2318,7 +2318,7 @@ void ssl_optimize_checksum( ssl_context *ssl,
                            const ssl_ciphersuite_t *ciphersuite_info )
 {
 #if !defined(POLARSSL_SHA512_C)
-    ((void) ciphersuite);
+    ((void) ciphersuite_info);
 #endif

    if( ssl->minor_ver < SSL_MINOR_VERSION_3 )