summaryrefslogtreecommitdiff
path: root/security/nss/lib/freebl/det_rng.c
blob: 04fce30e801c9657139f43b0897cfa6ee55c530f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "blapi.h"
#include "blapit.h"
#include "chacha20.h"
#include "nssilock.h"
#include "seccomon.h"
#include "secerr.h"

#define GLOBAL_BYTES_SIZE 100
static PRUint8 globalBytes[GLOBAL_BYTES_SIZE];
static unsigned long globalNumCalls = 0;
static PZLock *rng_lock = NULL;

SECStatus
RNG_RNGInit(void)
{
    rng_lock = PZ_NewLock(nssILockOther);
    if (!rng_lock) {
        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
        return SECFailure;
    }
    /* --- LOCKED --- */
    PZ_Lock(rng_lock);
    memset(globalBytes, 0, GLOBAL_BYTES_SIZE);
    PZ_Unlock(rng_lock);
    /* --- UNLOCKED --- */

    return SECSuccess;
}

/* Take min(size, GLOBAL_BYTES_SIZE) bytes from data and use as seed and reset
 * the rng state. */
SECStatus
RNG_RandomUpdate(const void *data, size_t bytes)
{
    /* Check for a valid RNG lock. */
    PORT_Assert(rng_lock != NULL);
    if (rng_lock == NULL) {
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
        return SECFailure;
    }

    /* --- LOCKED --- */
    PZ_Lock(rng_lock);
    memset(globalBytes, 0, GLOBAL_BYTES_SIZE);
    globalNumCalls = 0;
    if (data) {
        memcpy(globalBytes, (PRUint8 *)data, PR_MIN(bytes, GLOBAL_BYTES_SIZE));
    }
    PZ_Unlock(rng_lock);
    /* --- UNLOCKED --- */

    return SECSuccess;
}

SECStatus
RNG_GenerateGlobalRandomBytes(void *dest, size_t len)
{
    static const uint8_t key[32] = { 0 };
    uint8_t nonce[12] = { 0 };

    /* Check for a valid RNG lock. */
    PORT_Assert(rng_lock != NULL);
    if (rng_lock == NULL) {
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
        return SECFailure;
    }

    /* --- LOCKED --- */
    PZ_Lock(rng_lock);

    memcpy(nonce, &globalNumCalls, sizeof(globalNumCalls));
    globalNumCalls++;

    ChaCha20Poly1305Context *cx =
        ChaCha20Poly1305_CreateContext(key, sizeof(key), 16);
    if (!cx) {
        PORT_SetError(SEC_ERROR_NO_MEMORY);
        PZ_Unlock(rng_lock);
        return SECFailure;
    }

    memset(dest, 0, len);
    memcpy(dest, globalBytes, PR_MIN(len, GLOBAL_BYTES_SIZE));
    ChaCha20XOR(dest, dest, len, key, nonce, 0);
    ChaCha20Poly1305_DestroyContext(cx, PR_TRUE);

    PZ_Unlock(rng_lock);
    /* --- UNLOCKED --- */

    return SECSuccess;
}

void
RNG_RNGShutdown(void)
{
    PZ_DestroyLock(rng_lock);
    rng_lock = NULL;
}

/* Test functions are not implemented! */
SECStatus
PRNGTEST_Instantiate(const PRUint8 *entropy, unsigned int entropy_len,
                     const PRUint8 *nonce, unsigned int nonce_len,
                     const PRUint8 *personal_string, unsigned int ps_len)
{
    return SECFailure;
}

SECStatus
PRNGTEST_Reseed(const PRUint8 *entropy, unsigned int entropy_len,
                const PRUint8 *additional, unsigned int additional_len)
{
    return SECFailure;
}

SECStatus
PRNGTEST_Generate(PRUint8 *bytes, unsigned int bytes_len,
                  const PRUint8 *additional, unsigned int additional_len)
{
    return SECFailure;
}

SECStatus
PRNGTEST_Uninstantiate()
{
    return SECFailure;
}

SECStatus
PRNGTEST_RunHealthTests()
{
    return SECFailure;
}

SECStatus
PRNGTEST_Instantiate_Kat()
{
    return SECFailure;
}