mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

added SHA-256 based RNG when setting NO_RC4 compile flag

Browse Source
This commit is contained in:
John Safranek 2012-11-27 22:17:25 -08:00
parent 7d4a5a6ec8
commit 66a3ce2ec1
8 changed files with 314 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
configure.ac
View File

@ -217,7 +217,7 @@ AC_ARG_ENABLE(leanpsk,
if test "$ENABLED_LEANPSK" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DCYASSL_LEANPSK -DHAVE_NULL_CIPHER -DNO_AES -DNO_FILESYSTEM -DNO_RSA -DNO_DSA -DNO_DH -DNO_CERTS -DNO_PWDBASED -DNO_DES3 -DNO_MD4 -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS"
AM_CFLAGS="$AM_CFLAGS -DCYASSL_LEANPSK -DHAVE_NULL_CIPHER -DNO_AES -DNO_FILESYSTEM -DNO_RSA -DNO_DSA -DNO_DH -DNO_CERTS -DNO_PWDBASED -DNO_DES3 -DNO_MD4 -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4"
ENABLED_SLOWMATH="no"
fi

6
ctaocrypt/src/asn.c
View File

@ -44,6 +44,10 @@
#include <cyassl/ctaocrypt/logging.h>
#include <cyassl/ctaocrypt/random.h>
#ifndef NO_RC4
#include <cyassl/ctaocrypt/arc4.h>
#endif
#ifdef HAVE_NTRU
#include "crypto_ntru.h"
#endif
@ -750,6 +754,7 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt,
break;
}
#endif
#ifndef NO_RC4
case RC4_TYPE:
{
Arc4 dec;
@ -758,6 +763,7 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt,
Arc4Process(&dec, input, input, length);
break;
}
#endif
default:
return ALGO_ID_E;

265
ctaocrypt/src/random.c
View File

@ -31,6 +31,15 @@
#include <cyassl/ctaocrypt/random.h>
#include <cyassl/ctaocrypt/error.h>
#ifdef NO_RC4
#include <cyassl/ctaocrypt/sha256.h>
#ifdef NO_INLINE
#include <cyassl/ctaocrypt/misc.h>
#else
#include <ctaocrypt/src/misc.c>
#endif
#endif
#if defined(USE_WINDOWS_API)
#ifndef _WIN32_WINNT
@ -50,6 +59,260 @@
#endif /* USE_WINDOWS_API */
#ifdef NO_RC4
/* Start NIST DRBG code */
#define OUTPUT_BLOCK_LEN (256/8)
#define MAX_REQUEST_LEN (0x1000)
#define MAX_STRING_LEN (0x100000000)
#define RESEED_MAX (0x100000000000LL)
#define ENTROPY_SZ 256
#define DBRG_SUCCESS 0
#define DBRG_ERROR 1
#define DBRG_NEED_RESEED 2
enum {
dbrgInitC = 0,
dbrgReseed = 1,
dbrgGenerateW = 2,
dbrgGenerateH = 3,
dbrgInitV
};
static int Hash_df(byte* out, word32 outSz, byte type, byte* inA, word32 inASz,
byte* inB, word32 inBSz, byte* inC, word32 inCSz)
{
byte ctr;
int i;
int len;
Sha256 sha;
byte digest[SHA256_DIGEST_SIZE];
word32 bits = (outSz * 8); // reverse byte order
#ifdef LITTLE_ENDIAN_ORDER
bits = ByteReverseWord32(bits);
#endif
len = (outSz / SHA256_DIGEST_SIZE)
+ ((outSz % SHA256_DIGEST_SIZE) ? 1 : 0);
for (i = 0, ctr = 1; i < len; i++, ctr++)
{
InitSha256(&sha);
Sha256Update(&sha, &ctr, sizeof(ctr));
Sha256Update(&sha, (byte*)&bits, sizeof(bits));
/* churning V is the only string that doesn't have
* the type added */
if (type != dbrgInitV)
Sha256Update(&sha, &type, sizeof(type));
Sha256Update(&sha, inA, inASz);
if (inB != NULL && inBSz > 0)
Sha256Update(&sha, inB, inBSz);
if (inC != NULL && inCSz > 0)
Sha256Update(&sha, inC, inCSz);
Sha256Final(&sha, digest);
if (outSz > SHA256_DIGEST_SIZE) {
XMEMCPY(out, digest, SHA256_DIGEST_SIZE);
outSz -= SHA256_DIGEST_SIZE;
out += SHA256_DIGEST_SIZE;
}
else {
XMEMCPY(out, digest, outSz);
}
}
XMEMSET(digest, 0, SHA256_DIGEST_SIZE);
XMEMSET(&sha, 0, sizeof(sha));
return DBRG_SUCCESS;
}
static int Hash_DBRG_Reseed(RNG* rng, byte* entropy, word32 entropySz)
{
byte seed[DBRG_SEED_LEN];
Hash_df(seed, sizeof(seed), dbrgInitV, rng->V, sizeof(rng->V),
entropy, entropySz, NULL, 0);
XMEMCPY(rng->V, seed, sizeof(rng->V));
XMEMSET(seed, 0, sizeof(seed));
Hash_df(rng->C, sizeof(rng->C), dbrgInitC, rng->V, sizeof(rng->V),
NULL, 0, NULL, 0);
rng->reseed_ctr = 1;
return 0;
}
static INLINE void array_add_one(byte* data, word32 dataSz)
{
int i;
for (i = dataSz - 1; i >= 0; i--)
{
data[i]++;
if (data[i] != 0) break;
}
}
static void Hash_gen(byte* out, word32 outSz, byte* V)
{
Sha256 sha;
byte data[DBRG_SEED_LEN];
byte digest[SHA256_DIGEST_SIZE];
int i;
int len = (outSz / SHA256_DIGEST_SIZE)
+ ((outSz % SHA256_DIGEST_SIZE) ? 1 : 0);
XMEMCPY(data, V, sizeof(data));
for (i = 0; i < len; i++) {
InitSha256(&sha);
Sha256Update(&sha, data, sizeof(data));
Sha256Final(&sha, digest);
if (outSz > SHA256_DIGEST_SIZE) {
XMEMCPY(out, digest, SHA256_DIGEST_SIZE);
outSz -= SHA256_DIGEST_SIZE;
out += SHA256_DIGEST_SIZE;
array_add_one(data, DBRG_SEED_LEN);
}
else {
XMEMCPY(out, digest, outSz);
}
}
XMEMSET(data, 0, sizeof(data));
XMEMSET(digest, 0, sizeof(digest));
XMEMSET(&sha, 0, sizeof(sha));
}
static INLINE void array_add(byte* d, word32 dLen, byte* s, word32 sLen)
{
word16 carry = 0;
if (dLen > 0 && sLen > 0 && dLen >= sLen) {
int sIdx, dIdx;
for (sIdx = dLen - 1, dIdx = dLen - 1; sIdx >= 0; dIdx--, sIdx--)
{
carry += d[dIdx] + s[sIdx];
d[dIdx] = carry;
carry >>= 8;
}
if (dIdx > 0)
d[dIdx] += carry;
}
}
static int Hash_DBRG_Generate(RNG* rng, byte* out, word32 outSz)
{
int ret;
if (rng->reseed_ctr != RESEED_MAX) {
Sha256 sha;
byte digest[SHA256_DIGEST_SIZE];
byte type = dbrgGenerateH;
Hash_gen(out, outSz, rng->V);
InitSha256(&sha);
Sha256Update(&sha, &type, sizeof(type));
Sha256Update(&sha, rng->V, sizeof(rng->V));
Sha256Final(&sha, digest);
array_add(rng->V, sizeof(rng->V), digest, sizeof(digest));
array_add(rng->V, sizeof(rng->V), rng->C, sizeof(rng->C));
array_add(rng->V, sizeof(rng->V),
(byte*)&rng->reseed_ctr, sizeof(rng->reseed_ctr));
rng->reseed_ctr++;
XMEMSET(&sha, 0, sizeof(sha));
XMEMSET(digest, 0, sizeof(digest));
ret = DBRG_SUCCESS;
}
else {
ret = DBRG_NEED_RESEED;
}
return ret;
}
static void Hash_DBRG_Instantiate(RNG* rng, byte* seed, word32 seedSz)
{
XMEMSET(rng, 0, sizeof(*rng));
Hash_df(rng->V, sizeof(rng->V), dbrgInitV, seed, seedSz, NULL, 0, NULL, 0);
Hash_df(rng->C, sizeof(rng->C), dbrgInitC, rng->V, sizeof(rng->V),
NULL, 0, NULL, 0);
rng->reseed_ctr = 1;
}
static int Hash_DBRG_Uninstantiate(RNG* rng)
{
int result = DBRG_ERROR;
if (rng != NULL) {
XMEMSET(rng, 0, sizeof(*rng));
result = DBRG_SUCCESS;
}
return result;
}
/* End NIST DRBG Code */
/* Get seed and key cipher */
int InitRng(RNG* rng)
{
byte entropy[ENTROPY_SZ];
int ret = DBRG_ERROR;
if (GenerateSeed(&rng->seed, entropy, sizeof(entropy)) == 0) {
Hash_DBRG_Instantiate(rng, entropy, sizeof(entropy));
ret = DBRG_SUCCESS;
}
XMEMSET(entropy, 0, sizeof(entropy));
return ret;
}
/* place a generated block in output */
void RNG_GenerateBlock(RNG* rng, byte* output, word32 sz)
{
int ret;
XMEMSET(output, 0, sz);
ret = Hash_DBRG_Generate(rng, output, sz);
if (ret == DBRG_NEED_RESEED) {
byte entropy[ENTROPY_SZ];
ret = GenerateSeed(&rng->seed, entropy, sizeof(entropy));
if (ret == 0) {
Hash_DBRG_Reseed(rng, entropy, sizeof(entropy));
ret = Hash_DBRG_Generate(rng, output, sz);
}
else
ret = DBRG_ERROR;
XMEMSET(entropy, 0, sizeof(entropy));
}
}
byte RNG_GenerateByte(RNG* rng)
{
byte b;
RNG_GenerateBlock(rng, &b, 1);
return b;
}
void FreeRng(RNG* rng)
{
Hash_DBRG_Uninstantiate(rng);
}
#else /* NO_RC4 */
/* Get seed and key cipher */
int InitRng(RNG* rng)
@ -84,6 +347,8 @@ byte RNG_GenerateByte(RNG* rng)
return b;
}
#endif /* NO_RC4 */
#if defined(USE_WINDOWS_API)

25
cyassl/ctaocrypt/random.h
View File

@ -23,7 +23,11 @@
#ifndef CTAO_CRYPT_RANDOM_H
#define CTAO_CRYPT_RANDOM_H
#include <cyassl/ctaocrypt/arc4.h>
#include <cyassl/ctaocrypt/types.h>
#ifndef NO_RC4
#include <cyassl/ctaocrypt/arc4.h>
#endif
#ifdef __cplusplus
extern "C" {
@ -49,9 +53,11 @@ typedef struct OS_Seed {
#endif
} OS_Seed;
CYASSL_LOCAL
int GenerateSeed(OS_Seed* os, byte* seed, word32 sz);
#ifndef NO_RC4
/* secure Random Nnumber Generator */
typedef struct RNG {
@ -59,11 +65,28 @@ typedef struct RNG {
Arc4 cipher;
} RNG;
#else /* NO_RC4 */
#define DBRG_SEED_LEN (440/8)
/* secure Random Nnumber Generator */
typedef struct RNG {
OS_Seed seed;
byte V[DBRG_SEED_LEN];
byte C[DBRG_SEED_LEN];
word64 reseed_ctr;
} RNG;
#endif
CYASSL_API int InitRng(RNG*);
CYASSL_API void RNG_GenerateBlock(RNG*, byte*, word32 sz);
CYASSL_API byte RNG_GenerateByte(RNG*);
#ifdef NO_RC4
CYASSL_API void FreeRng(RNG*);
#endif
#ifdef __cplusplus
} /* extern "C" */

3
cyassl/internal.h
View File

@ -35,6 +35,9 @@
#include <cyassl/ctaocrypt/md5.h>
#include <cyassl/ctaocrypt/aes.h>
#include <cyassl/ctaocrypt/logging.h>
#ifndef NO_RC4
#include <cyassl/ctaocrypt/arc4.h>
#endif
#ifdef HAVE_ECC
#include <cyassl/ctaocrypt/ecc.h>
#endif

3
src/internal.c
View File

@ -1476,6 +1476,7 @@ int DtlsPoolSend(CYASSL* ssl)
#endif
#ifndef NO_OLD_TLS
ProtocolVersion MakeSSLv3(void)
{
@ -1486,6 +1487,8 @@ ProtocolVersion MakeSSLv3(void)
return pv;
}
#endif /* NO_OLD_TLS */
#ifdef CYASSL_DTLS

9
src/ssl.c
View File

@ -681,11 +681,14 @@ int CyaSSL_SetVersion(CYASSL* ssl, int version)
}
switch (version) {
#ifndef NO_OLD_TLS
case CYASSL_SSLV3:
ssl->version = MakeSSLv3();
break;
#endif
#ifndef NO_TLS
#ifndef NO_OLD_TLS
case CYASSL_TLSV1:
ssl->version = MakeTLSv1();
break;
@ -693,7 +696,7 @@ int CyaSSL_SetVersion(CYASSL* ssl, int version)
case CYASSL_TLSV1_1:
ssl->version = MakeTLSv1_1();
break;
#endif
case CYASSL_TLSV1_2:
ssl->version = MakeTLSv1_2();
break;
@ -2421,6 +2424,7 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
/* client only parts */
#ifndef NO_CYASSL_CLIENT
#ifndef NO_OLD_TLS
CYASSL_METHOD* CyaSSLv3_client_method(void)
{
CYASSL_METHOD* method =
@ -2431,6 +2435,7 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
InitSSL_Method(method, MakeSSLv3());
return method;
}
#endif
#ifdef CYASSL_DTLS
CYASSL_METHOD* CyaDTLSv1_client_method(void)
@ -2651,6 +2656,7 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
/* server only parts */
#ifndef NO_CYASSL_SERVER
#ifndef NO_OLD_TLS
CYASSL_METHOD* CyaSSLv3_server_method(void)
{
CYASSL_METHOD* method =
@ -2663,6 +2669,7 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
}
return method;
}
#endif
#ifdef CYASSL_DTLS

4
src/tls.c
View File

@ -251,6 +251,8 @@ void BuildTlsFinished(CYASSL* ssl, Hashes* hashes, const byte* sender)
}
#ifndef NO_OLD_TLS
ProtocolVersion MakeTLSv1(void)
{
ProtocolVersion pv;
@ -270,6 +272,8 @@ ProtocolVersion MakeTLSv1_1(void)
return pv;
}
#endif
ProtocolVersion MakeTLSv1_2(void)
{