Add continuous RNG test to entropy source. Entropy callbacks now need
authorDr. Stephen Henson <steve@openssl.org>
Thu, 21 Apr 2011 14:17:15 +0000 (14:17 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Thu, 21 Apr 2011 14:17:15 +0000 (14:17 +0000)
to specify a "block length".

crypto/fips_err.h
crypto/rand/rand_lib.c
fips/fips.h
fips/fips_test_suite.c
fips/fips_utl.h
fips/rand/fips_drbg_lib.c
fips/rand/fips_drbg_selftest.c
fips/rand/fips_drbgvs.c
fips/rand/fips_rand.h
fips/rand/fips_rand_lcl.h

index 0c2aa44f38dabe4034baf2e7300fb1180714497a..f4f834124ebf7a7aca9ae480ac48c941a68697a4 100644 (file)
@@ -91,6 +91,7 @@ static ERR_STRING_DATA FIPS_str_functs[]=
 {ERR_FUNC(FIPS_F_FIPS_DRBG_NEW),       "FIPS_drbg_new"},
 {ERR_FUNC(FIPS_F_FIPS_DRBG_RESEED),    "FIPS_drbg_reseed"},
 {ERR_FUNC(FIPS_F_FIPS_DRBG_SINGLE_KAT),        "FIPS_DRBG_SINGLE_KAT"},
+{ERR_FUNC(FIPS_F_FIPS_GET_ENTROPY),    "FIPS_GET_ENTROPY"},
 {ERR_FUNC(FIPS_F_FIPS_MODE_SET),       "FIPS_mode_set"},
 {ERR_FUNC(FIPS_F_FIPS_PKEY_SIGNATURE_TEST),    "fips_pkey_signature_test"},
 {ERR_FUNC(FIPS_F_FIPS_RAND_ADD),       "FIPS_rand_add"},
@@ -128,6 +129,7 @@ static ERR_STRING_DATA FIPS_str_reasons[]=
 {ERR_REASON(FIPS_R_DRBG_STUCK)           ,"drbg stuck"},
 {ERR_REASON(FIPS_R_ENTROPY_ERROR_UNDETECTED),"entropy error undetected"},
 {ERR_REASON(FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED),"entropy not requested for reseed"},
+{ERR_REASON(FIPS_R_ENTROPY_SOURCE_STUCK) ,"entropy source stuck"},
 {ERR_REASON(FIPS_R_ERROR_INITIALISING_DRBG),"error initialising drbg"},
 {ERR_REASON(FIPS_R_ERROR_INSTANTIATING_DRBG),"error instantiating drbg"},
 {ERR_REASON(FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT),"error retrieving additional input"},
index c653d38c8a03950829736a3f988149e3f31f3b19..0e8201316307dc940565e8e0a51d8f0c0d7adca2 100644 (file)
@@ -253,7 +253,7 @@ int RAND_init_fips(void)
        dctx = FIPS_get_default_drbg();
         FIPS_drbg_init(dctx, NID_aes_256_ctr, DRBG_FLAG_CTR_USE_DF);
         FIPS_drbg_set_callbacks(dctx,
-                               drbg_get_entropy, drbg_free_entropy,
+                               drbg_get_entropy, drbg_free_entropy, 20,
                                drbg_get_entropy, drbg_free_entropy);
        FIPS_drbg_set_rand_callbacks(dctx, drbg_get_adin, 0,
                                        drbg_rand_seed, drbg_rand_add);
index 155cbbc4db4171d12b184a7599fd3599354bc43e..e84f477cc466490084cdc17044dc6e192cd97651 100644 (file)
@@ -253,6 +253,7 @@ void ERR_load_FIPS_strings(void);
 #define FIPS_F_FIPS_DRBG_NEW                            117
 #define FIPS_F_FIPS_DRBG_RESEED                                 118
 #define FIPS_F_FIPS_DRBG_SINGLE_KAT                     119
+#define FIPS_F_FIPS_GET_ENTROPY                                 147
 #define FIPS_F_FIPS_MODE_SET                            120
 #define FIPS_F_FIPS_PKEY_SIGNATURE_TEST                         121
 #define FIPS_F_FIPS_RAND_ADD                            122
@@ -287,6 +288,7 @@ void ERR_load_FIPS_strings(void);
 #define FIPS_R_DRBG_STUCK                               103
 #define FIPS_R_ENTROPY_ERROR_UNDETECTED                         104
 #define FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED                 105
+#define FIPS_R_ENTROPY_SOURCE_STUCK                     142
 #define FIPS_R_ERROR_INITIALISING_DRBG                  106
 #define FIPS_R_ERROR_INSTANTIATING_DRBG                         107
 #define FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT        108
index 64452bae3ca20b06e86575851a2ea98cfc680211..8192eb2cc87a9e3a1268f0ea2987e769cbc35536 100644 (file)
@@ -847,7 +847,6 @@ int main(int argc,char **argv)
     int do_drbg_stick = 0;
     int no_exit = 0;
 
-    fips_algtest_init_nofips();
 
     FIPS_post_set_callback(post_cb);
 
@@ -910,6 +909,8 @@ int main(int argc,char **argv)
            do_rng_stick = 1;
            no_exit = 1;
            printf("RNG test with stuck continuous test...\n");
+       } else if (!strcmp(argv[1], "drbgentstick")) {
+               do_entropy_stick();
        } else if (!strcmp(argv[1], "drbgstick")) {
            do_drbg_stick = 1;
            no_exit = 1;
@@ -919,6 +920,7 @@ int main(int argc,char **argv)
             exit(1);
         }
        if (!no_exit) {
+               fips_algtest_init_nofips();
                if (!FIPS_mode_set(1)) {
                    printf("Power-up self test failed\n");
                    exit(1);
@@ -928,6 +930,8 @@ int main(int argc,char **argv)
        }
     }
 
+    fips_algtest_init_nofips();
+
     /* Non-Approved cryptographic operation
     */
     printf("1. Non-Approved cryptographic operation test...\n");
index 7869a181a6f0ba35577cad5d5c5597c7933bdc2d..edd249b84fa4c595a4abb95eb28089dec8d3f13d 100644 (file)
@@ -67,6 +67,7 @@ int bin2bint(const unsigned char *in,int len,char *out);
 void PrintValue(char *tag, unsigned char *val, int len);
 void OutputValue(char *tag, unsigned char *val, int len, FILE *rfp,int bitmode);
 void fips_algtest_init(void);
+void do_entropy_stick(void);
 
 static int no_err;
 
@@ -109,18 +110,29 @@ static size_t dummy_cb(DRBG_CTX *ctx, unsigned char **pout,
        return min_len;
        }
 
+static int entropy_stick = 0;
+
 static void fips_algtest_init_nofips(void)
        {
        DRBG_CTX *ctx;
+       size_t i;
        FIPS_set_error_callbacks(put_err_cb, add_err_cb);
-       OPENSSL_cleanse(dummy_entropy, 1024);
+       for (i = 0; i < sizeof(dummy_entropy); i++)
+               dummy_entropy[i] = i & 0xff;
+       if (entropy_stick)
+               memcpy(dummy_entropy + 32, dummy_entropy + 16, 16);
        ctx = FIPS_get_default_drbg();
        FIPS_drbg_init(ctx, NID_aes_256_ctr, DRBG_FLAG_CTR_USE_DF);
-       FIPS_drbg_set_callbacks(ctx, dummy_cb, 0, dummy_cb, 0);
+       FIPS_drbg_set_callbacks(ctx, dummy_cb, 0, 16, dummy_cb, 0);
        FIPS_drbg_instantiate(ctx, dummy_entropy, 10);
        FIPS_rand_set_method(FIPS_drbg_method());
        }
 
+void do_entropy_stick(void)
+       {
+       entropy_stick = 1;
+       }
+
 void fips_algtest_init(void)
        {
        fips_algtest_init_nofips();
index 6d983aaf4bdede5653a19ec2840f3d483a2eebe4..46e42e2947d521211925f70d0bfd51329ae7c3f6 100644 (file)
@@ -71,6 +71,7 @@ int FIPS_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags)
        dctx->flags = flags;
        dctx->type = type;
 
+       dctx->entropy_blocklen = 0;
        dctx->health_check_cnt = 0;
        dctx->health_check_interval = DRBG_HEALTH_INTERVAL;
 
@@ -131,6 +132,43 @@ void FIPS_drbg_free(DRBG_CTX *dctx)
        OPENSSL_free(dctx);
        }
 
+static size_t fips_get_entropy(DRBG_CTX *dctx, unsigned char **pout,
+                               int entropy, size_t min_len, size_t max_len)
+       {
+       unsigned char *tout, *p;
+       size_t bl = dctx->entropy_blocklen, rv;
+       if (dctx->flags & DRBG_FLAG_TEST || !bl)
+               return dctx->get_entropy(dctx, pout, entropy, min_len, max_len);
+       rv = dctx->get_entropy(dctx, &tout, entropy + bl,
+                               min_len + bl, max_len + bl);
+       *pout = tout + bl;
+       if (rv < (min_len + bl) || (rv % bl))
+               return 0;
+       /* Compare consecutive blocks for continuous PRNG test */
+       for (p = tout; p < tout + rv; p += bl)
+               {
+               if (!memcmp(p, p + bl, bl))
+                       {
+                       FIPSerr(FIPS_F_FIPS_GET_ENTROPY, FIPS_R_ENTROPY_SOURCE_STUCK);
+                       return 0;
+                       }
+               }
+       return rv - bl;
+       }
+
+static void fips_cleanup_entropy(DRBG_CTX *dctx,
+                                       unsigned char *out, size_t olen)
+       {
+       size_t bl;
+       if (dctx->flags & DRBG_FLAG_TEST)
+               bl = 0;
+       else
+               bl = dctx->entropy_blocklen;
+       /* Call cleanup with original arguments */
+       dctx->cleanup_entropy(dctx, out - bl, olen + bl);
+       }
+
+
 int FIPS_drbg_instantiate(DRBG_CTX *dctx,
                                const unsigned char *pers, size_t perslen)
        {
@@ -167,7 +205,7 @@ int FIPS_drbg_instantiate(DRBG_CTX *dctx,
 
        dctx->status = DRBG_STATUS_ERROR;
 
-       entlen = dctx->get_entropy(dctx, &entropy, dctx->strength,
+       entlen = fips_get_entropy(dctx, &entropy, dctx->strength,
                                dctx->min_entropy, dctx->max_entropy);
 
        if (entlen < dctx->min_entropy || entlen > dctx->max_entropy)
@@ -206,7 +244,7 @@ int FIPS_drbg_instantiate(DRBG_CTX *dctx,
        end:
 
        if (entropy && dctx->cleanup_entropy)
-               dctx->cleanup_entropy(dctx, entropy, entlen);
+               fips_cleanup_entropy(dctx, entropy, entlen);
 
        if (nonce && dctx->cleanup_nonce)
                dctx->cleanup_nonce(dctx, nonce, noncelen);
@@ -252,7 +290,7 @@ int FIPS_drbg_reseed(DRBG_CTX *dctx,
 
        dctx->status = DRBG_STATUS_ERROR;
 
-       entlen = dctx->get_entropy(dctx, &entropy, dctx->strength,
+       entlen = fips_get_entropy(dctx, &entropy, dctx->strength,
                                dctx->min_entropy, dctx->max_entropy);
 
        if (entlen < dctx->min_entropy || entlen > dctx->max_entropy)
@@ -269,7 +307,7 @@ int FIPS_drbg_reseed(DRBG_CTX *dctx,
        end:
 
        if (entropy && dctx->cleanup_entropy)
-               dctx->cleanup_entropy(dctx, entropy, entlen);
+               fips_cleanup_entropy(dctx, entropy, entlen);
 
        if (dctx->status == DRBG_STATUS_READY)
                return 1;
@@ -383,12 +421,14 @@ int FIPS_drbg_set_callbacks(DRBG_CTX *dctx,
        size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char **pout,
                                int entropy, size_t min_len, size_t max_len),
        void (*cleanup_entropy)(DRBG_CTX *ctx, unsigned char *out, size_t olen),
+       size_t entropy_blocklen,
        size_t (*get_nonce)(DRBG_CTX *ctx, unsigned char **pout,
                                int entropy, size_t min_len, size_t max_len),
        void (*cleanup_nonce)(DRBG_CTX *ctx, unsigned char *out, size_t olen))
        {
        if (dctx->status != DRBG_STATUS_UNINITIALISED)
                return 0;
+       dctx->entropy_blocklen = entropy_blocklen;
        dctx->get_entropy = get_entropy;
        dctx->cleanup_entropy = cleanup_entropy;
        dctx->get_nonce = get_nonce;
index cbf0590c6dc88fcedbdbf06ef69b97cfd02ef1d3..881bce041d5002f82af79f66a88e11e248d21ec1 100644 (file)
@@ -759,7 +759,7 @@ static int fips_drbg_single_kat(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
        unsigned char randout[1024];
        if (!FIPS_drbg_init(dctx, td->nid, td->flags))
                return 0;
-       if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, test_nonce, 0))
+       if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0))
                return 0;
 
        FIPS_drbg_set_app_data(dctx, &t);
@@ -825,7 +825,7 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
        if (!FIPS_drbg_init(dctx, td->nid, td->flags))
                goto err;
 
-       if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, test_nonce, 0))
+       if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0))
                goto err;
 
        FIPS_drbg_set_app_data(dctx, &t);
@@ -874,7 +874,7 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
        /* Instantiate with valid data. NB: errors now reported again */
        if (!FIPS_drbg_init(dctx, td->nid, td->flags))
                goto err;
-       if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, test_nonce, 0))
+       if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0))
                goto err;
        FIPS_drbg_set_app_data(dctx, &t);
 
@@ -936,7 +936,7 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
 
        if (!FIPS_drbg_init(dctx, td->nid, td->flags))
                goto err;
-       if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, test_nonce, 0))
+       if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0))
                goto err;
        FIPS_drbg_set_app_data(dctx, &t);
 
index 890732e132643850b09d0b0da55f1bf6b27ea40d..70a1168224e83259342e16b9562cbf4a5a8d6942 100644 (file)
@@ -248,7 +248,7 @@ int main(int argc,char **argv)
                        dctx = FIPS_drbg_new(nid, df | DRBG_FLAG_TEST);
                        if (!dctx)
                                exit (1);
-                       FIPS_drbg_set_callbacks(dctx, test_entropy, 0,
+                       FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0,
                                                        test_nonce, 0);
                        FIPS_drbg_set_app_data(dctx, &t);
                        randoutlen = (int)FIPS_drbg_get_blocklength(dctx);
index 44a3c4f853dbe0a1959daf57cf5843094712c03d..8d886e81db2f2392d005474555eb16ce4406ac41 100644 (file)
@@ -93,6 +93,7 @@ int FIPS_drbg_set_callbacks(DRBG_CTX *dctx,
        size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char **pout,
                                int entropy, size_t min_len, size_t max_len),
        void (*cleanup_entropy)(DRBG_CTX *ctx, unsigned char *out, size_t olen),
+       size_t entropy_blocklen,
        size_t (*get_nonce)(DRBG_CTX *ctx, unsigned char **pout,
                                int entropy, size_t min_len, size_t max_len),
        void (*cleanup_nonce)(DRBG_CTX *ctx, unsigned char *out, size_t olen));
index eeed0eca2385254b52e9bf3121c6c3cb22479055..1f5b288f19df85207348011309647bf6f6da50a6 100644 (file)
@@ -157,6 +157,9 @@ struct drbg_ctx_st
        /* uninstantiate */
        int (*uninstantiate)(DRBG_CTX *ctx);
 
+       /* Entropy source block length */
+       size_t entropy_blocklen;
+
        /* entropy gathering function */
        size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char **pout,
                                int entropy, size_t min_len, size_t max_len);