[thirdparty/openssl.git] / providers / implementations / rands / seed_src.c

/*
 * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <string.h>
#include <openssl/rand.h>
#include <openssl/core_dispatch.h>
#include <openssl/e_os2.h>
#include <openssl/params.h>
#include <openssl/core_names.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/randerr.h>
#include <openssl/proverr.h>
#include "prov/implementations.h"
#include "prov/provider_ctx.h"
#include "crypto/rand.h"
#include "crypto/rand_pool.h"

static OSSL_FUNC_rand_newctx_fn seed_src_new;
static OSSL_FUNC_rand_freectx_fn seed_src_free;
static OSSL_FUNC_rand_instantiate_fn seed_src_instantiate;
static OSSL_FUNC_rand_uninstantiate_fn seed_src_uninstantiate;
static OSSL_FUNC_rand_generate_fn seed_src_generate;
static OSSL_FUNC_rand_reseed_fn seed_src_reseed;
static OSSL_FUNC_rand_gettable_ctx_params_fn seed_src_gettable_ctx_params;
static OSSL_FUNC_rand_get_ctx_params_fn seed_src_get_ctx_params;
static OSSL_FUNC_rand_verify_zeroization_fn seed_src_verify_zeroization;
static OSSL_FUNC_rand_enable_locking_fn seed_src_enable_locking;
static OSSL_FUNC_rand_lock_fn seed_src_lock;
static OSSL_FUNC_rand_unlock_fn seed_src_unlock;
static OSSL_FUNC_rand_get_seed_fn seed_get_seed;
static OSSL_FUNC_rand_clear_seed_fn seed_clear_seed;

typedef struct {
    void *provctx;
    int state;
} PROV_SEED_SRC;

static void *seed_src_new(void *provctx, void *parent,
                          const OSSL_DISPATCH *parent_dispatch)
{
    PROV_SEED_SRC *s;

    if (parent != NULL) {
        ERR_raise(ERR_LIB_PROV, PROV_R_SEED_SOURCES_MUST_NOT_HAVE_A_PARENT);
        return NULL;
    }

    s = OPENSSL_zalloc(sizeof(*s));
    if (s == NULL) {
        ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
        return NULL;
    }

    s->provctx = provctx;
    s->state = EVP_RAND_STATE_UNINITIALISED;
    return s;
}

static void seed_src_free(void *vseed)
{
    OPENSSL_free(vseed);
}

static int seed_src_instantiate(void *vseed, unsigned int strength,
                                int prediction_resistance,
                                const unsigned char *pstr, size_t pstr_len)
{
    PROV_SEED_SRC *s = (PROV_SEED_SRC *)vseed;

    s->state = EVP_RAND_STATE_READY;
    return 1;
}

static int seed_src_uninstantiate(void *vseed)
{
    PROV_SEED_SRC *s = (PROV_SEED_SRC *)vseed;

    s->state = EVP_RAND_STATE_UNINITIALISED;
    return 1;
}

static int seed_src_generate(void *vseed, unsigned char *out, size_t outlen,
                             unsigned int strength,
                             ossl_unused int prediction_resistance,
                             ossl_unused const unsigned char *adin,
                             ossl_unused size_t adin_len)
{
    PROV_SEED_SRC *s = (PROV_SEED_SRC *)vseed;
    size_t entropy_available;
    RAND_POOL *pool;

    if (s->state != EVP_RAND_STATE_READY) {
        ERR_raise(ERR_LIB_PROV,
                  s->state == EVP_RAND_STATE_ERROR ? PROV_R_IN_ERROR_STATE
                                                   : PROV_R_NOT_INSTANTIATED);
        return 0;
    }

    pool = rand_pool_new(strength, 1, outlen, outlen);
    if (pool == NULL) {
        ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
        return 0;
    }

    /* Get entropy by polling system entropy sources. */
    entropy_available = ossl_pool_acquire_entropy(pool);

    if (entropy_available > 0)
        memcpy(out, rand_pool_buffer(pool), rand_pool_length(pool));

    rand_pool_free(pool);
    return entropy_available > 0;
}

static int seed_src_reseed(void *vseed,
                           ossl_unused int prediction_resistance,
                           ossl_unused const unsigned char *ent,
                           ossl_unused size_t ent_len,
                           ossl_unused const unsigned char *adin,
                           ossl_unused size_t adin_len)
{
    PROV_SEED_SRC *s = (PROV_SEED_SRC *)vseed;

    if (s->state != EVP_RAND_STATE_READY) {
        ERR_raise(ERR_LIB_PROV,
                  s->state == EVP_RAND_STATE_ERROR ? PROV_R_IN_ERROR_STATE
                                                   : PROV_R_NOT_INSTANTIATED);
        return 0;
    }
    return 1;
}

static int seed_src_get_ctx_params(void *vseed, OSSL_PARAM params[])
{
    PROV_SEED_SRC *s = (PROV_SEED_SRC *)vseed;
    OSSL_PARAM *p;

    p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_STATE);
    if (p != NULL && !OSSL_PARAM_set_int(p, s->state))
        return 0;

    p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_STRENGTH);
    if (p != NULL && !OSSL_PARAM_set_int(p, 1024))
        return 0;

    p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_MAX_REQUEST);
    if (p != NULL && !OSSL_PARAM_set_size_t(p, 128))
        return 0;
    return 1;
}

static const OSSL_PARAM *seed_src_gettable_ctx_params(ossl_unused void *provctx)
{
    static const OSSL_PARAM known_gettable_ctx_params[] = {
        OSSL_PARAM_int(OSSL_RAND_PARAM_STATE, NULL),
        OSSL_PARAM_uint(OSSL_RAND_PARAM_STRENGTH, NULL),
        OSSL_PARAM_size_t(OSSL_RAND_PARAM_MAX_REQUEST, NULL),
        OSSL_PARAM_END
    };
    return known_gettable_ctx_params;
}

static int seed_src_verify_zeroization(ossl_unused void *vseed)
{
    return 1;
}

static size_t seed_get_seed(void *vseed, unsigned char **pout,
                            int entropy, size_t min_len, size_t max_len,
                            int prediction_resistance,
                            const unsigned char *adin, size_t adin_len)
{
    size_t bytes_needed;
    unsigned char *p;

    /*
     * Figure out how many bytes we need.
     * This assumes that the seed sources provide eight bits of entropy
     * per byte.  For lower quality sources, the formula will need to be
     * different.
     */
    bytes_needed = entropy >= 0 ? (entropy + 7) / 8 : 0;
    if (bytes_needed < min_len)
        bytes_needed = min_len;
    if (bytes_needed > max_len) {
        ERR_raise(ERR_LIB_PROV, PROV_R_ENTROPY_SOURCE_STRENGTH_TOO_WEAK);
        return 0;
    }

    p = OPENSSL_secure_malloc(bytes_needed);
    if (p == NULL) {
        ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
        return 0;
    }
    *pout = p;
    if (seed_src_generate(vseed, p, bytes_needed, 0, prediction_resistance,
                          adin, adin_len) != 0)
        return bytes_needed;
    OPENSSL_secure_clear_free(p, bytes_needed);
    return 0;
}

static void seed_clear_seed(ossl_unused void *vdrbg,
                            unsigned char *out, size_t outlen)
{
    OPENSSL_secure_clear_free(out, outlen);
}

static int seed_src_enable_locking(ossl_unused void *vseed)
{
    return 1;
}

int seed_src_lock(ossl_unused void *vctx)
{
    return 1;
}

void seed_src_unlock(ossl_unused void *vctx)
{
}

const OSSL_DISPATCH ossl_seed_src_functions[] = {
    { OSSL_FUNC_RAND_NEWCTX, (void(*)(void))seed_src_new },
    { OSSL_FUNC_RAND_FREECTX, (void(*)(void))seed_src_free },
    { OSSL_FUNC_RAND_INSTANTIATE,
      (void(*)(void))seed_src_instantiate },
    { OSSL_FUNC_RAND_UNINSTANTIATE,
      (void(*)(void))seed_src_uninstantiate },
    { OSSL_FUNC_RAND_GENERATE, (void(*)(void))seed_src_generate },
    { OSSL_FUNC_RAND_RESEED, (void(*)(void))seed_src_reseed },
    { OSSL_FUNC_RAND_ENABLE_LOCKING, (void(*)(void))seed_src_enable_locking },
    { OSSL_FUNC_RAND_LOCK, (void(*)(void))seed_src_lock },
    { OSSL_FUNC_RAND_UNLOCK, (void(*)(void))seed_src_unlock },
    { OSSL_FUNC_RAND_GETTABLE_CTX_PARAMS,
      (void(*)(void))seed_src_gettable_ctx_params },
    { OSSL_FUNC_RAND_GET_CTX_PARAMS, (void(*)(void))seed_src_get_ctx_params },
    { OSSL_FUNC_RAND_VERIFY_ZEROIZATION,
      (void(*)(void))seed_src_verify_zeroization },
    { OSSL_FUNC_RAND_GET_SEED, (void(*)(void))seed_get_seed },
    { OSSL_FUNC_RAND_CLEAR_SEED, (void(*)(void))seed_clear_seed },
    { 0, NULL }
};
Commit	Line	Data
81aef6ba	1	/*
a28d06f3	2	* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
81aef6ba P	3	*
	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
	8	*/
	9
	10	#include <string.h>
	11	#include <openssl/rand.h>
	12	#include <openssl/core_dispatch.h>
	13	#include <openssl/e_os2.h>
	14	#include <openssl/params.h>
	15	#include <openssl/core_names.h>
	16	#include <openssl/evp.h>
	17	#include <openssl/err.h>
	18	#include <openssl/randerr.h>
2741128e	19	#include <openssl/proverr.h>
81aef6ba P	20	#include "prov/implementations.h"
81aef6ba P	21	#include "prov/provider_ctx.h"
81aef6ba P	22	#include "crypto/rand.h"
	23	#include "crypto/rand_pool.h"
	24
	25	static OSSL_FUNC_rand_newctx_fn seed_src_new;
	26	static OSSL_FUNC_rand_freectx_fn seed_src_free;
	27	static OSSL_FUNC_rand_instantiate_fn seed_src_instantiate;
	28	static OSSL_FUNC_rand_uninstantiate_fn seed_src_uninstantiate;
	29	static OSSL_FUNC_rand_generate_fn seed_src_generate;
	30	static OSSL_FUNC_rand_reseed_fn seed_src_reseed;
	31	static OSSL_FUNC_rand_gettable_ctx_params_fn seed_src_gettable_ctx_params;
	32	static OSSL_FUNC_rand_get_ctx_params_fn seed_src_get_ctx_params;
	33	static OSSL_FUNC_rand_verify_zeroization_fn seed_src_verify_zeroization;
	34	static OSSL_FUNC_rand_enable_locking_fn seed_src_enable_locking;
8389eeea P	35	static OSSL_FUNC_rand_lock_fn seed_src_lock;
8389eeea P	36	static OSSL_FUNC_rand_unlock_fn seed_src_unlock;
9ed185a9 P	37	static OSSL_FUNC_rand_get_seed_fn seed_get_seed;
9ed185a9 P	38	static OSSL_FUNC_rand_clear_seed_fn seed_clear_seed;
81aef6ba P	39
	40	typedef struct {
	41	void *provctx;
	42	int state;
	43	} PROV_SEED_SRC;
	44
	45	static void seed_src_new(void provctx, void *parent,
	46	const OSSL_DISPATCH *parent_dispatch)
	47	{
	48	PROV_SEED_SRC *s;
	49
	50	if (parent != NULL) {
	51	ERR_raise(ERR_LIB_PROV, PROV_R_SEED_SOURCES_MUST_NOT_HAVE_A_PARENT);
	52	return NULL;
	53	}
	54
	55	s = OPENSSL_zalloc(sizeof(*s));
	56	if (s == NULL) {
	57	ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
	58	return NULL;
	59	}
	60
	61	s->provctx = provctx;
	62	s->state = EVP_RAND_STATE_UNINITIALISED;
	63	return s;
	64	}
	65
	66	static void seed_src_free(void *vseed)
	67	{
	68	OPENSSL_free(vseed);
	69	}
	70
	71	static int seed_src_instantiate(void *vseed, unsigned int strength,
	72	int prediction_resistance,
	73	const unsigned char *pstr, size_t pstr_len)
	74	{
	75	PROV_SEED_SRC s = (PROV_SEED_SRC )vseed;
	76
	77	s->state = EVP_RAND_STATE_READY;
	78	return 1;
	79	}
	80
	81	static int seed_src_uninstantiate(void *vseed)
	82	{
	83	PROV_SEED_SRC s = (PROV_SEED_SRC )vseed;
	84
	85	s->state = EVP_RAND_STATE_UNINITIALISED;
	86	return 1;
	87	}
	88
	89	static int seed_src_generate(void vseed, unsigned char out, size_t outlen,
	90	unsigned int strength,
	91	ossl_unused int prediction_resistance,
	92	ossl_unused const unsigned char *adin,
	93	ossl_unused size_t adin_len)
	94	{
	95	PROV_SEED_SRC s = (PROV_SEED_SRC )vseed;
	96	size_t entropy_available;
	97	RAND_POOL *pool;
	98
	99	if (s->state != EVP_RAND_STATE_READY) {
	100	ERR_raise(ERR_LIB_PROV,
	101	s->state == EVP_RAND_STATE_ERROR ? PROV_R_IN_ERROR_STATE
	102	: PROV_R_NOT_INSTANTIATED);
103	return 0;
104	}
105
106	pool = rand_pool_new(strength, 1, outlen, outlen);
107	if (pool == NULL) {
108	ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
109	return 0;
110	}
111
112	/* Get entropy by polling system entropy sources. */
113	entropy_available = ossl_pool_acquire_entropy(pool);
114
115	if (entropy_available > 0)
a678506e	116	memcpy(out, rand_pool_buffer(pool), rand_pool_length(pool));
81aef6ba P	117
	118	rand_pool_free(pool);
	119	return entropy_available > 0;
	120	}
	121
	122	static int seed_src_reseed(void *vseed,
	123	ossl_unused int prediction_resistance,
	124	ossl_unused const unsigned char *ent,
	125	ossl_unused size_t ent_len,
	126	ossl_unused const unsigned char *adin,
	127	ossl_unused size_t adin_len)
	128	{
	129	PROV_SEED_SRC s = (PROV_SEED_SRC )vseed;
	130
	131	if (s->state != EVP_RAND_STATE_READY) {
	132	ERR_raise(ERR_LIB_PROV,
	133	s->state == EVP_RAND_STATE_ERROR ? PROV_R_IN_ERROR_STATE
	134	: PROV_R_NOT_INSTANTIATED);
	135	return 0;
	136	}
	137	return 1;
	138	}
	139
	140	static int seed_src_get_ctx_params(void *vseed, OSSL_PARAM params[])
	141	{
	142	PROV_SEED_SRC s = (PROV_SEED_SRC )vseed;
	143	OSSL_PARAM *p;
	144
	145	p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_STATE);
	146	if (p != NULL && !OSSL_PARAM_set_int(p, s->state))
	147	return 0;
	148
	149	p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_STRENGTH);
	150	if (p != NULL && !OSSL_PARAM_set_int(p, 1024))
	151	return 0;
	152
	153	p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_MAX_REQUEST);
	154	if (p != NULL && !OSSL_PARAM_set_size_t(p, 128))
	155	return 0;
	156	return 1;
	157	}
	158
	159	static const OSSL_PARAM seed_src_gettable_ctx_params(ossl_unused void provctx)
	160	{
	161	static const OSSL_PARAM known_gettable_ctx_params[] = {
	162	OSSL_PARAM_int(OSSL_RAND_PARAM_STATE, NULL),
	163	OSSL_PARAM_uint(OSSL_RAND_PARAM_STRENGTH, NULL),
	164	OSSL_PARAM_size_t(OSSL_RAND_PARAM_MAX_REQUEST, NULL),
	165	OSSL_PARAM_END
	166	};
	167	return known_gettable_ctx_params;
	168	}
	169
	170	static int seed_src_verify_zeroization(ossl_unused void *vseed)
	171	{
	172	return 1;
	173	}
	174
9ed185a9 P	175	static size_t seed_get_seed(void vseed, unsigned char *pout,
	176	int entropy, size_t min_len, size_t max_len,
	177	int prediction_resistance,
	178	const unsigned char *adin, size_t adin_len)
	179	{
	180	size_t bytes_needed;
	181	unsigned char *p;
	182
	183	/*
	184	* Figure out how many bytes we need.
	185	* This assumes that the seed sources provide eight bits of entropy
	186	* per byte. For lower quality sources, the formula will need to be
	187	* different.
	188	*/
	189	bytes_needed = entropy >= 0 ? (entropy + 7) / 8 : 0;
	190	if (bytes_needed < min_len)
	191	bytes_needed = min_len;
	192	if (bytes_needed > max_len) {
	193	ERR_raise(ERR_LIB_PROV, PROV_R_ENTROPY_SOURCE_STRENGTH_TOO_WEAK);
	194	return 0;
	195	}
	196
	197	p = OPENSSL_secure_malloc(bytes_needed);
	198	if (p == NULL) {
	199	ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
	200	return 0;
	201	}
	202	*pout = p;
	203	if (seed_src_generate(vseed, p, bytes_needed, 0, prediction_resistance,
	204	adin, adin_len) != 0)
	205	return bytes_needed;
	206	OPENSSL_secure_clear_free(p, bytes_needed);
	207	return 0;
	208	}
	209
	210	static void seed_clear_seed(ossl_unused void *vdrbg,
	211	unsigned char *out, size_t outlen)
	212	{
	213	OPENSSL_secure_clear_free(out, outlen);
	214	}
	215
81aef6ba P	216	static int seed_src_enable_locking(ossl_unused void *vseed)
	217	{
	218	return 1;
	219	}
	220
8389eeea P	221	int seed_src_lock(ossl_unused void *vctx)
	222	{
	223	return 1;
	224	}
	225
	226	void seed_src_unlock(ossl_unused void *vctx)
	227	{
	228	}
	229
81aef6ba P	230	const OSSL_DISPATCH ossl_seed_src_functions[] = {
	231	{ OSSL_FUNC_RAND_NEWCTX, (void(*)(void))seed_src_new },
	232	{ OSSL_FUNC_RAND_FREECTX, (void(*)(void))seed_src_free },
	233	{ OSSL_FUNC_RAND_INSTANTIATE,
	234	(void(*)(void))seed_src_instantiate },
	235	{ OSSL_FUNC_RAND_UNINSTANTIATE,
	236	(void(*)(void))seed_src_uninstantiate },
	237	{ OSSL_FUNC_RAND_GENERATE, (void(*)(void))seed_src_generate },
	238	{ OSSL_FUNC_RAND_RESEED, (void(*)(void))seed_src_reseed },
	239	{ OSSL_FUNC_RAND_ENABLE_LOCKING, (void(*)(void))seed_src_enable_locking },
8389eeea P	240	{ OSSL_FUNC_RAND_LOCK, (void(*)(void))seed_src_lock },
8389eeea P	241	{ OSSL_FUNC_RAND_UNLOCK, (void(*)(void))seed_src_unlock },
81aef6ba P	242	{ OSSL_FUNC_RAND_GETTABLE_CTX_PARAMS,
	243	(void(*)(void))seed_src_gettable_ctx_params },
	244	{ OSSL_FUNC_RAND_GET_CTX_PARAMS, (void(*)(void))seed_src_get_ctx_params },
	245	{ OSSL_FUNC_RAND_VERIFY_ZEROIZATION,
	246	(void(*)(void))seed_src_verify_zeroization },
9ed185a9 P	247	{ OSSL_FUNC_RAND_GET_SEED, (void(*)(void))seed_get_seed },
9ed185a9 P	248	{ OSSL_FUNC_RAND_CLEAR_SEED, (void(*)(void))seed_clear_seed },
81aef6ba P	249	{ 0, NULL }
81aef6ba P	250	};