2 * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
4 * Contact: Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at
10 * http://www.apache.org/licenses/LICENSE-2.0
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License
31 #include <sys/syscall.h>
32 #include <sys/types.h>
34 #include <linux/random.h>
36 #include <openssl/crypto.h>
37 #include <openssl/evp.h>
38 #include <openssl/rand.h>
39 #include <openssl/err.h>
40 #include <openssl/rand.h>
42 #include <yaca_crypto.h>
43 #include <yaca_error.h>
47 #if OPENSSL_VERSION_NUMBER < 0x10100000L
48 static pthread_mutex_t *mutexes = NULL;
49 #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
51 static __thread bool current_thread_initialized = false;
52 static size_t threads_cnt = 0;
53 static pthread_mutex_t init_mutex = PTHREAD_MUTEX_INITIALIZER;
54 static const RAND_METHOD *saved_rand_method = NULL;
56 static int urandom_fd = -2;
57 #endif /* SYS_getrandom */
59 static int getrandom_wrapper(unsigned char *buf, int num)
62 size_t remaining = num;
67 #endif /* SYS_getrandom */
69 while (remaining > 0) {
71 ssize_t n = syscall(SYS_getrandom, buf + received, remaining, 0);
72 #else /* SYS_getrandom */
73 ssize_t n = read(urandom_fd, buf + received, remaining);
74 #endif /* SYS_getrandom */
90 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
92 static int RAND_METHOD_seed(UNUSED const void *buf, UNUSED int num)
97 static int RAND_METHOD_add(UNUSED const void *buf, UNUSED int num, UNUSED double entropy)
102 #else /* OPENSSL_VERSION_NUMBER >= 0x10100000L */
104 static void RAND_METHOD_seed(UNUSED const void *buf, UNUSED int num)
108 static void RAND_METHOD_add(UNUSED const void *buf, UNUSED int num, UNUSED double entropy)
112 #endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */
114 static int RAND_METHOD_bytes(unsigned char *buf, int num)
116 return getrandom_wrapper(buf, num);
119 static void RAND_METHOD_cleanup(void)
123 static int RAND_METHOD_pseudorand(UNUSED unsigned char *buf, UNUSED int num)
125 return getrandom_wrapper(buf, num);
128 static int RAND_METHOD_status(void)
132 int n = syscall(SYS_getrandom, &tmp, 1, GRND_NONBLOCK);
133 if (n == -1 && errno == EAGAIN)
135 #endif /* SYS_getrandom */
140 static const RAND_METHOD new_rand_method = {
145 RAND_METHOD_pseudorand,
149 #if OPENSSL_VERSION_NUMBER < 0x10100000L
151 static void locking_callback(int mode, int type, UNUSED const char *file, UNUSED int line)
153 /* Ignore NULL mutexes and lock/unlock error codes as we can't do anything
159 if (mode & CRYPTO_LOCK)
160 pthread_mutex_lock(&mutexes[type]);
161 else if (mode & CRYPTO_UNLOCK)
162 pthread_mutex_unlock(&mutexes[type]);
165 static unsigned long thread_id_callback()
167 return pthread_self();
170 static void destroy_mutexes(int count)
172 if (mutexes != NULL) {
173 for (int i = 0; i < count; i++) {
174 /* Ignore returned value as we can't do anything about it */
175 pthread_mutex_destroy(&mutexes[i]);
182 #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
184 API int yaca_initialize(void)
186 int ret = YACA_ERROR_NONE;
188 /* no calling yaca_initialize() twice on the same thread */
189 if (current_thread_initialized)
190 return YACA_ERROR_INTERNAL;
192 pthread_mutex_lock(&init_mutex);
194 if (threads_cnt == 0) {
196 #ifndef SYS_getrandom
197 if (urandom_fd == -2) {
201 fd = open("/dev/urandom", O_RDONLY | O_CLOEXEC);
202 } while (fd == -1 && errno == EINTR);
205 ret = YACA_ERROR_INTERNAL;
211 #endif /* SYS_getrandom */
215 /* Use getrandom from urandom pool by default.
216 * As per the following:
217 * http://www.2uo.de/myths-about-urandom/
218 * http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/
220 * OpenSSL's PRNG has issues:
221 * https://eprint.iacr.org/2016/367.pdf
223 * Some other things to check/consider for the future:
224 * - entropy on a mobile device (no mouse/keyboard)
225 * - hardware random generator (RdRand on new Intels, Samsung hardware?)
227 saved_rand_method = RAND_get_rand_method();
228 RAND_set_rand_method(&new_rand_method);
230 OpenSSL_add_all_digests();
231 OpenSSL_add_all_ciphers();
233 #if OPENSSL_VERSION_NUMBER < 0x10100000L
234 /* enable threads support */
235 assert(mutexes == NULL);
237 if (CRYPTO_num_locks() > 0) {
238 ret = yaca_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t),
241 if (ret != YACA_ERROR_NONE)
244 for (int i = 0; i < CRYPTO_num_locks(); i++) {
245 if (pthread_mutex_init(&mutexes[i], NULL) != 0) {
246 ret = YACA_ERROR_NONE;
249 ret = YACA_ERROR_OUT_OF_MEMORY;
256 ret = YACA_ERROR_INTERNAL;
264 CRYPTO_set_id_callback(thread_id_callback);
265 CRYPTO_set_locking_callback(locking_callback);
267 #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
271 * - We should also decide on OpenSSL config.
272 * - Here's a good tutorial for initialization and cleanup:
273 * https://wiki.openssl.org/index.php/Library_Initialization
277 current_thread_initialized = true;
280 #if OPENSSL_VERSION_NUMBER < 0x10100000L || !defined SYS_getrandom
282 #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L || !defined SYS_getrandom */
284 pthread_mutex_unlock(&init_mutex);
289 API void yaca_cleanup(void)
291 /* calling cleanup twice on the same thread is a NOP */
292 if (!current_thread_initialized)
295 /* per thread cleanup */
296 #if OPENSSL_VERSION_NUMBER < 0x10100000L
297 ERR_remove_thread_state(NULL);
298 #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
299 CRYPTO_cleanup_all_ex_data();
301 pthread_mutex_lock(&init_mutex);
303 /* last one turns off the light */
304 if (threads_cnt == 1) {
308 RAND_set_rand_method(saved_rand_method);
310 #ifndef SYS_getrandom
313 #endif /* SYS_getrandom */
315 #if OPENSSL_VERSION_NUMBER < 0x10100000L
316 /* threads support cleanup */
317 CRYPTO_set_id_callback(NULL);
318 CRYPTO_set_locking_callback(NULL);
320 destroy_mutexes(CRYPTO_num_locks());
321 #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
324 assert(threads_cnt > 0);
327 current_thread_initialized = false;
329 pthread_mutex_unlock(&init_mutex);
332 API int yaca_malloc(size_t size, void **memory)
334 if (size == 0 || memory == NULL)
335 return YACA_ERROR_INVALID_PARAMETER;
337 *memory = OPENSSL_malloc(size);
338 if (*memory == NULL) {
339 ERROR_DUMP(YACA_ERROR_OUT_OF_MEMORY);
340 return YACA_ERROR_OUT_OF_MEMORY;
343 return YACA_ERROR_NONE;
346 API int yaca_zalloc(size_t size, void **memory)
348 int ret = yaca_malloc(size, memory);
349 if (ret != YACA_ERROR_NONE)
352 memset(*memory, 0, size);
354 return YACA_ERROR_NONE;
357 API int yaca_realloc(size_t size, void **memory)
359 if (size == 0 || memory == NULL)
360 return YACA_ERROR_INVALID_PARAMETER;
362 void *tmp = OPENSSL_realloc(*memory, size);
364 ERROR_DUMP(YACA_ERROR_OUT_OF_MEMORY);
365 return YACA_ERROR_OUT_OF_MEMORY;
370 return YACA_ERROR_NONE;
373 API void yaca_free(void *memory)
375 OPENSSL_free(memory);
378 API int yaca_randomize_bytes(char *data, size_t data_len)
382 if (data == NULL || data_len == 0)
383 return YACA_ERROR_INVALID_PARAMETER;
385 ret = RAND_bytes((unsigned char *)data, data_len);
387 ret = YACA_ERROR_INTERNAL;
392 return YACA_ERROR_NONE;
395 API int yaca_context_set_property(yaca_context_h ctx, yaca_property_e property,
396 const void *value, size_t value_len)
398 if (ctx == YACA_CONTEXT_NULL || ctx->set_property == NULL)
399 return YACA_ERROR_INVALID_PARAMETER;
401 return ctx->set_property(ctx, property, value, value_len);
404 API int yaca_context_get_property(const yaca_context_h ctx, yaca_property_e property,
405 void **value, size_t *value_len)
407 if (ctx == YACA_CONTEXT_NULL || ctx->get_property == NULL)
408 return YACA_ERROR_INVALID_PARAMETER;
410 return ctx->get_property(ctx, property, value, value_len);
413 API void yaca_context_destroy(yaca_context_h ctx)
415 if (ctx != YACA_CONTEXT_NULL) {
416 assert(ctx->context_destroy != NULL);
417 ctx->context_destroy(ctx);
422 API int yaca_context_get_output_length(const yaca_context_h ctx,
423 size_t input_len, size_t *output_len)
425 if (ctx == YACA_CONTEXT_NULL || output_len == NULL ||
426 ctx->get_output_length == NULL)
427 return YACA_ERROR_INVALID_PARAMETER;
429 return ctx->get_output_length(ctx, input_len, output_len);
432 API int yaca_memcmp(const void *first, const void *second, size_t len)
434 if (CRYPTO_memcmp(first, second, len) == 0)
435 return YACA_ERROR_NONE;
437 return YACA_ERROR_DATA_MISMATCH;