summaryrefslogtreecommitdiff
path: root/core
diff options
context:
space:
mode:
authorFabio Alessandrelli <fabio.alessandrelli@gmail.com>2022-02-08 10:34:43 +0100
committerFabio Alessandrelli <fabio.alessandrelli@gmail.com>2022-02-14 10:45:50 +0100
commitee7b67e13538bf67a1613650986d4520281808df (patch)
tree005da0285d3e50b6f42f7ec6096f2aa020ca6e80 /core
parent6b5634b96aa90ab2db7357b353fc8f96ad4878c5 (diff)
[Crypto] Implement CryptoCore::RandomGenerator.
As a cryptographically secure random generator. Internally it uses mbedTLS CTR-DRBG implementation which gets re-seeded with entropy from OS::get_entropy when needed. CryptoCore now additionally depends on `ctr_drbg.c` and `entropy.c` thirdparty mbedtls files.
Diffstat (limited to 'core')
-rw-r--r--core/crypto/SCsub2
-rw-r--r--core/crypto/crypto_core.cpp43
-rw-r--r--core/crypto/crypto_core.h23
3 files changed, 64 insertions, 4 deletions
diff --git a/core/crypto/SCsub b/core/crypto/SCsub
index 1fe2fa5b23..9b7953fdc5 100644
--- a/core/crypto/SCsub
+++ b/core/crypto/SCsub
@@ -31,6 +31,8 @@ if not has_module:
"aes.c",
"base64.c",
"constant_time.c",
+ "ctr_drbg.c",
+ "entropy.c",
"md5.c",
"sha1.c",
"sha256.c",
diff --git a/core/crypto/crypto_core.cpp b/core/crypto/crypto_core.cpp
index 9f000c5aeb..3cf7b6c310 100644
--- a/core/crypto/crypto_core.cpp
+++ b/core/crypto/crypto_core.cpp
@@ -30,12 +30,55 @@
#include "crypto_core.h"
+#include "core/os/os.h"
+
#include <mbedtls/aes.h>
#include <mbedtls/base64.h>
+#include <mbedtls/ctr_drbg.h>
+#include <mbedtls/entropy.h>
#include <mbedtls/md5.h>
#include <mbedtls/sha1.h>
#include <mbedtls/sha256.h>
+// RandomGenerator
+CryptoCore::RandomGenerator::RandomGenerator() {
+ entropy = memalloc(sizeof(mbedtls_entropy_context));
+ mbedtls_entropy_init((mbedtls_entropy_context *)entropy);
+ mbedtls_entropy_add_source((mbedtls_entropy_context *)entropy, &CryptoCore::RandomGenerator::_entropy_poll, nullptr, 256, MBEDTLS_ENTROPY_SOURCE_STRONG);
+ ctx = memalloc(sizeof(mbedtls_ctr_drbg_context));
+ mbedtls_ctr_drbg_init((mbedtls_ctr_drbg_context *)ctx);
+}
+
+CryptoCore::RandomGenerator::~RandomGenerator() {
+ mbedtls_ctr_drbg_free((mbedtls_ctr_drbg_context *)ctx);
+ memfree(ctx);
+ mbedtls_entropy_free((mbedtls_entropy_context *)entropy);
+ memfree(entropy);
+}
+
+int CryptoCore::RandomGenerator::_entropy_poll(void *p_data, unsigned char *r_buffer, size_t p_len, size_t *r_len) {
+ *r_len = 0;
+ Error err = OS::get_singleton()->get_entropy(r_buffer, p_len);
+ ERR_FAIL_COND_V(err, MBEDTLS_ERR_ENTROPY_SOURCE_FAILED);
+ *r_len = p_len;
+ return 0;
+}
+
+Error CryptoCore::RandomGenerator::init() {
+ int ret = mbedtls_ctr_drbg_seed((mbedtls_ctr_drbg_context *)ctx, mbedtls_entropy_func, (mbedtls_entropy_context *)entropy, nullptr, 0);
+ if (ret) {
+ ERR_FAIL_COND_V_MSG(ret, FAILED, " failed\n ! mbedtls_ctr_drbg_seed returned an error" + itos(ret));
+ }
+ return OK;
+}
+
+Error CryptoCore::RandomGenerator::get_random_bytes(uint8_t *r_buffer, size_t p_bytes) {
+ ERR_FAIL_COND_V(!ctx, ERR_UNCONFIGURED);
+ int ret = mbedtls_ctr_drbg_random((mbedtls_ctr_drbg_context *)ctx, r_buffer, p_bytes);
+ ERR_FAIL_COND_V_MSG(ret, FAILED, " failed\n ! mbedtls_ctr_drbg_seed returned an error" + itos(ret));
+ return OK;
+}
+
// MD5
CryptoCore::MD5Context::MD5Context() {
ctx = memalloc(sizeof(mbedtls_md5_context));
diff --git a/core/crypto/crypto_core.h b/core/crypto/crypto_core.h
index 355f4a2404..eacef268cc 100644
--- a/core/crypto/crypto_core.h
+++ b/core/crypto/crypto_core.h
@@ -35,9 +35,24 @@
class CryptoCore {
public:
+ class RandomGenerator {
+ private:
+ void *entropy = nullptr;
+ void *ctx = nullptr;
+
+ static int _entropy_poll(void *p_data, unsigned char *r_buffer, size_t p_len, size_t *r_len);
+
+ public:
+ RandomGenerator();
+ ~RandomGenerator();
+
+ Error init();
+ Error get_random_bytes(uint8_t *r_buffer, size_t p_bytes);
+ };
+
class MD5Context {
private:
- void *ctx = nullptr; // To include, or not to include...
+ void *ctx = nullptr;
public:
MD5Context();
@@ -50,7 +65,7 @@ public:
class SHA1Context {
private:
- void *ctx = nullptr; // To include, or not to include...
+ void *ctx = nullptr;
public:
SHA1Context();
@@ -63,7 +78,7 @@ public:
class SHA256Context {
private:
- void *ctx = nullptr; // To include, or not to include...
+ void *ctx = nullptr;
public:
SHA256Context();
@@ -76,7 +91,7 @@ public:
class AESContext {
private:
- void *ctx = nullptr; // To include, or not to include...
+ void *ctx = nullptr;
public:
AESContext();