| author | Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> |
| Tue, 14 Sep 2010 23:56:21 +0300 | |
| branch | RCL_3 |
| changeset 45 | 9e2d4f7f5028 |
| parent 19 | 4a8fed1c0ef6 |
| permissions | -rw-r--r-- |
|
19
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1 |
// Copyright (c) 2009 Nokia Corporation and/or its subsidiary(-ies). |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
2 |
// All rights reserved. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
3 |
// This component and the accompanying materials are made available |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
4 |
// under the terms of the License "Eclipse Public License v1.0" |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
5 |
// which accompanies this distribution, and is available |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
6 |
// at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
7 |
// |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
8 |
// Initial Contributors: |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
9 |
// Nokia Corporation - initial contribution. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
10 |
// |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
11 |
// Contributors: |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
12 |
// |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
13 |
// Description: |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
14 |
// eka\kernel\securerng.cpp |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
15 |
// |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
16 |
// |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
17 |
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
18 |
#include "kernel/securerng.h" |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
19 |
#include "sha256.h" |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
20 |
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
21 |
/** |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
22 |
* Default Constructor. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
23 |
* Initialize the Secure RNG with values for iInternalStateV, iInternalStateC, Reseed_Counter |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
24 |
* Entropy Pool threshold and Secure RNG status |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
25 |
*/ |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
26 |
DSecureRNG::DSecureRNG() : |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
27 |
iSha256(), |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
28 |
iEntropyPool(), |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
29 |
iReseedCounter(0), |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
30 |
iEntropyEstimation(0), |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
31 |
iSecureRNGIdle(EFalse), |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
32 |
iRNGSecure(EFalse), |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
33 |
iEntropyThreshold(KInstantiationThreshold) |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
34 |
{
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
35 |
// Create the Mutex objects before initializing the internal state. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
36 |
_LIT(KRNGMutexName,"SecureRNGMutex"); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
37 |
_LIT(KEntropyMutexName,"EntropyMutex"); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
38 |
NKern::ThreadEnterCS(); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
39 |
__ASSERT_ALWAYS(Kern::MutexCreate(iSecureRNGMutex, KRNGMutexName, KMutexOrdRandNumGeneration) == KErrNone, |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
40 |
K::Fault(K::ESecureRNGInitializationFailed)); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
41 |
__ASSERT_ALWAYS(Kern::MutexCreate(iEntropyMutex, KEntropyMutexName, KMutexOrdEntropyPool) == KErrNone, |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
42 |
K::Fault(K::ESecureRNGInitializationFailed)); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
43 |
NKern::ThreadLeaveCS(); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
44 |
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
45 |
// Initially feed the internal state with the current system time tick |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
46 |
TUint64 tick = Kern::SystemTimeSecure(); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
47 |
TBuf8<sizeof(TUint64)> entropyInput; |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
48 |
entropyInput.Copy((TUint8*)(&tick), sizeof(TUint64)); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
49 |
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
50 |
// Initialize the system internal state with the time tick as entropy input. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
51 |
Reseed(entropyInput); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
52 |
} |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
53 |
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
54 |
/** |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
55 |
* Random Number Generation Algorithm: |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
56 |
* 1.If reseed_counter > reseed_interval, then return an indication that a reseed is required. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
57 |
* 2.(returned_bits) = Hashgen (requested_number_of_bits, V). |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
58 |
* 3. H = Hash (0x03 || V). Where 0x03 is represented in one byte |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
59 |
* 4. V = (V + H + C + reseed_counter) mod 2 ^seedlen. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
60 |
* 5. reseed_counter = reseed_counter + 1. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
61 |
* 6. Return SUCCESS, and update the new values of V, C, and reseed_counter |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
62 |
* for the new_working_state. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
63 |
* @param aRandomValue on return will contain the generated random numbers.The length of random number |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
64 |
* generated will be equal to the current length of the descriptor(aRandomValue) |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
65 |
* passed as argument to the function call |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
66 |
@panic Panics the kernel with KErrNotReady when the number of requests that can be served has crossed it maximum limit |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
67 |
of KReseedInterval. The panic will indicate that something has badly gone wrong with the Entropy accumulation and |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
68 |
Reseed unit. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
69 |
* @return KErrNone if everything is fine or KErrNotReady when the system is not ready yet. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
70 |
*/ |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
71 |
TInt DSecureRNG::GenerateRandomNumber(TDes8& aRandomValue) |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
72 |
{
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
73 |
// If requested for random numbers greater than the max limit specified by HASH_DRBG (2^19 bits = 65536 bytes), return error |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
74 |
if(aRandomValue.Length() > KMaxNoOfRequestedBytes) |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
75 |
{
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
76 |
return KErrArgument; |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
77 |
} |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
78 |
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
79 |
// Secure the random number generation operation through mutex |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
80 |
NKern::ThreadEnterCS(); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
81 |
Kern::MutexWait(*iSecureRNGMutex); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
82 |
if(iReseedCounter >= KReseedInterval && iRNGSecure) |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
83 |
{
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
84 |
// If we got reseeded before but haven't been reseeded inside the interval, then something must |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
85 |
// have happened to the entropy collection mechanism (the interval is quite large) - possibly we |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
86 |
// are under attack. There is no way to return to a secure state, so fault the system. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
87 |
K::Fault(K::ESecureRNGInternalStateNotSecure); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
88 |
} |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
89 |
iSecureRNGIdle = EFalse; |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
90 |
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
91 |
// Generate the random numbers |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
92 |
HashGen(aRandomValue); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
93 |
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
94 |
const TUint8 KRngConstant = 0x03; |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
95 |
iSha256.Update((TUint8*)&KRngConstant, sizeof(TUint8)); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
96 |
iSha256.Update(iInternalStateV , KSeedLength); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
97 |
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
98 |
// Update the secret value of the Internal State V so that back tracking can be avoided. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
99 |
// V = (V+C+H+reseed_counter) mod 2 ^seedlength |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
100 |
AddBigNumberToInternalStateV(iInternalStateC, KSeedLength); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
101 |
AddBigNumberToInternalStateV(iSha256.Final().Ptr(),KSHA256OutLengthInBytes ); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
102 |
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
103 |
// Converts iReseedCounter value from little endian to big endian format and stores in tempcounter. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
104 |
TUint32 tempCounter = ConvertToBigEndian(iReseedCounter); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
105 |
AddBigNumberToInternalStateV((TUint8*)&tempCounter,sizeof(tempCounter)); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
106 |
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
107 |
++iReseedCounter; |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
108 |
TBool rngSecure = iRNGSecure; |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
109 |
Kern::MutexSignal(*iSecureRNGMutex); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
110 |
NKern::ThreadLeaveCS(); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
111 |
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
112 |
if(rngSecure) |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
113 |
{
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
114 |
return KErrNone; |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
115 |
} |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
116 |
return KErrNotReady; |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
117 |
} |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
118 |
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
119 |
/** |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
120 |
* Converts the aTempCounter from little endian format to big endian format. This conversion is required |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
121 |
* for performing addition in the function AddBigNumbers(). |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
122 |
* Works fine for 32 bits data only. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
123 |
* @ return TUint32, big endian format 32 bit value of the iReseedCounter |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
124 |
*/ |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
125 |
inline TUint32 DSecureRNG::ConvertToBigEndian(TUint32 aTempCounter) |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
126 |
{
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
127 |
return ((aTempCounter >> 24 & 0x000000ff)| (aTempCounter<< 8 & 0x00ff0000) |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
128 |
|(aTempCounter>>8 & 0x0000ff00) | (aTempCounter << 24 &0xff000000)); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
129 |
} |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
130 |
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
131 |
/** |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
132 |
* This function performs addition of an integer(aInteger) passed to the function with iInternalStateV and |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
133 |
* the result is stored in iInternalStateV. The function is required to update the internal state of |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
134 |
* V(iInternalStateV) after each random number generation request. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
135 |
* @param aInteger this is the input paramenter which is added with iInternalStateV and the result |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
136 |
* is stored in iInternalStateV |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
137 |
* @param aLength length of the aInteger( integer that needs to be added to iInternalStateV) passed to the function |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
138 |
*/ |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
139 |
void DSecureRNG::AddBigNumberToInternalStateV(const TUint8* aInteger, TInt aLength) |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
140 |
{
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
141 |
TUint8 sum[2]= {0};
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
142 |
TInt index = KSeedLength; |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
143 |
while(--index >= 0 && (--aLength >= 0 || sum[1] == 1)) |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
144 |
{
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
145 |
TUint8 integer = (aLength >= 0) ? aInteger[aLength] : (TUint8)0 ; |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
146 |
// sum[0]will hold the value of addition operation and sum[1] will hold carry (if any) |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
147 |
*(TUint16*)&sum = TUint16(iInternalStateV[index] + integer + sum[1]); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
148 |
iInternalStateV[index] = sum[0]; |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
149 |
} |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
150 |
} |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
151 |
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
152 |
/** |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
153 |
*Generate the next random number bits to be returned. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
154 |
* HashGen Algorith: |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
155 |
* 1. m = requested_number_of_bits/ KSHA256OutLengthInBytes. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
156 |
* 2. data = V. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
157 |
* 3. W = the Null string. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
158 |
* 4. For i = 1 to m |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
159 |
* 4.1 wi = Hash (data). |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
160 |
* 4.2 W = W || wi. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
161 |
* 4.3 data = (data + 1) mod 2^seedlen. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
162 |
* 5. returned_bits = Leftmost (requested_no_of_bits) bits of W. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
163 |
* |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
164 |
* Continuous Random number generation test: This is FIPS recommended (FIPS 140-2)test. Definition as per FIPS:- |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
165 |
* 1. If each call to a RNG produces blocks of n bits (where n > 15), the first n-bit block generated |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
166 |
* after power-up, initialization, or reset shall not be used, but shall be saved for comparison with |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
167 |
* the next n-bit block to be generated. Each subsequent generation of an n-bit block shall be compared |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
168 |
* with the previously generated block. The test shall fail if any two compared n-bit blocks are equal. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
169 |
* 2. If each call to a RNG produces fewer than 16 bits, the first n bits generated after power-up, |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
170 |
* initialization, or reset (for some n > 15) shall not be used, but shall be saved for comparison |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
171 |
* with the next n generated bits. Each subsequent generation of n bits shall be compared with the |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
172 |
* previously generated n bits. The test fails if any two compared n-bit sequences are equal. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
173 |
* |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
174 |
* @param aRandomBuffer on return, the descriptor will contain the generated random bytes. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
175 |
* |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
176 |
*/ |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
177 |
void DSecureRNG::HashGen(TDes8& aRandomBuffer) |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
178 |
{
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
179 |
TBuf8<KSeedLength> data; |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
180 |
// data = V(iInternalStateV) |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
181 |
data.Copy(iInternalStateV, KSeedLength); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
182 |
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
183 |
TInt noOfBytesToCopy = aRandomBuffer.Length(); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
184 |
TInt newLength = noOfBytesToCopy; |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
185 |
//set the length to zero |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
186 |
aRandomBuffer.Zero(); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
187 |
while(noOfBytesToCopy > 0) |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
188 |
{
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
189 |
newLength = noOfBytesToCopy > KSHA256OutLengthInBytes ? KSHA256OutLengthInBytes: noOfBytesToCopy; |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
190 |
// Append Hashed Data to buffer |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
191 |
aRandomBuffer.Append(HashDataAndCompare(data), newLength); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
192 |
IncrementData(data); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
193 |
noOfBytesToCopy = noOfBytesToCopy - KSHA256OutLengthInBytes; |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
194 |
} |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
195 |
} |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
196 |
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
197 |
/* |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
198 |
* Generates Hash of the aData and compares it with previous generated n(256) random bits to verify for |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
199 |
* Continuous Random number generation test. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
200 |
* @param aData, the latest copy of iInternalStateV value to be used hash operation |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
201 |
* @return ptr, pointer to the generated hash value using sha256 |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
202 |
*/ |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
203 |
inline const TUint8* DSecureRNG::HashDataAndCompare(TDes8& aData) |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
204 |
{
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
205 |
iSha256.Update(aData.Ptr(), aData.Length()); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
206 |
const TDesC8& ptr = iSha256.Final(); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
207 |
if(iCompareBuffer.Length()!= 0) |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
208 |
{
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
209 |
// According to FIPS 140-2: if the n-bit random number is same as the previously generated |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
210 |
// n-bit random number then fault the system |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
211 |
__ASSERT_ALWAYS(iCompareBuffer.Compare(ptr)!= 0,K::Fault(K::ESecureRNGOutputsInBadState)); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
212 |
} |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
213 |
iCompareBuffer.Copy(ptr); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
214 |
return ptr.Ptr(); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
215 |
} |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
216 |
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
217 |
/** |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
218 |
* Calculates (data+1) modulus of 2^440. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
219 |
* @return aData, on return contains aData value incremented by one |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
220 |
*/ |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
221 |
inline void DSecureRNG::IncrementData(TDes8& aData) |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
222 |
{
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
223 |
TInt i = KSeedLength-1; |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
224 |
aData[i] += 1; |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
225 |
while( i > 0 && aData[i] == 0) |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
226 |
{
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
227 |
aData[--i] +=1; |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
228 |
} |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
229 |
} |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
230 |
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
231 |
/** |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
232 |
* The hash-based derivation function hashes the given input string and |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
233 |
* returns the required no. of bits of hash value on the second parameter. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
234 |
* Algorithm: |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
235 |
* 1. temp = the Null string. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
236 |
* 2. len = no_of_bits_to_return / out_len. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
237 |
* 3. counter = an 8-bit binary value representing the integer "1". |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
238 |
* 4. For i = 1 to len do //Comment : In step 4.1, no_of_bits_to_return is used as a 32-bit string. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
239 |
* 4.1 temp = temp || Hash (counter || no_of_bits_to_return || input_string). |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
240 |
* 4.2 counter = counter + 1. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
241 |
* 5. requested_bits = Leftmost (no_of_bits_to_return) of temp. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
242 |
* 6. Return SUCCESS and requested_bits. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
243 |
* |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
244 |
* In our case, the no_of_bits_to_return and out_len are constants 440, 256 respectively |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
245 |
* and hence the KLoopLength too becomes constant 2. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
246 |
* @param, aInputData, holds the input data(state) which needs to be updated |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
247 |
* @param aOutputData, on return will have the updated value of internal State |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
248 |
*/ |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
249 |
void DSecureRNG::HashDf(const TDesC8& aInputData, TUint8* aOutputData) |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
250 |
{
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
251 |
// Seed Length is 440 and SHA256 output block length 256. So required iterations is 2 for 440 bits |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
252 |
const TUint8 KLoopLength = 2; |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
253 |
const TUint32 KNumOfBitsToReturn = KSeedLength * 8; |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
254 |
TInt length = KSHA256OutLengthInBytes; |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
255 |
// Note: The 'length' in memcpy works fine only for curent seed length (440 bits => two iterations) |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
256 |
// In future, if the seed length changes, this too should be modified accoringly. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
257 |
for (TUint8 counter = 1; counter<= KLoopLength; ++counter) |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
258 |
{
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
259 |
iSha256.Update(&counter, sizeof(TUint8)); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
260 |
iSha256.Update((TUint8*)&KNumOfBitsToReturn, sizeof(TUint32)); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
261 |
iSha256.Update(aInputData.Ptr(), aInputData.Length()); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
262 |
memmove((aOutputData + (counter-1) * KSHA256OutLengthInBytes), iSha256.Final().Ptr(), length); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
263 |
length = KSeedLength - KSHA256OutLengthInBytes; |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
264 |
} |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
265 |
} |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
266 |
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
267 |
/** |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
268 |
* This method would generate the new seed with the entropy passed in and update the internal state |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
269 |
* based on the new seed generated. Seed Generation should happen in the following two cases. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
270 |
* Instantiattion: Internal state updation for the first time with sufficient entropy. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
271 |
* 1. construct the seed material : seed_material = entropy_input |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
272 |
* 2. seed = Hash_df (seed_material, seedlen). |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
273 |
* 3. V = seed. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
274 |
* 4. C = Hash_df ((0x00 || V), seedlen). // Precede with a byte of all zeros. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
275 |
* 5. reseed_counter = 0. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
276 |
* |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
277 |
* Reseeding: Internal state updation with the sufficient entropy for all instances except first time. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
278 |
* 1. construct the seed material : seed_material = 0x01 || V || entropy_input |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
279 |
* 2. seed = Hash_df (seed_material, seedlen). |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
280 |
* 3. V = seed. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
281 |
* 4. C = Hash_df ((0x00 || V), seedlen). // Precede with a byte of all zeros. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
282 |
* 5. reseed_counter = 0. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
283 |
* |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
284 |
* In both the cases only the step 1 differs. All other steps are common for both. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
285 |
* The internal state and other relevant members are protected by the mutex. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
286 |
* @param aEntropyInput, holds the entropy input values required to update the internal states |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
287 |
*/ |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
288 |
void DSecureRNG::Reseed(const TDesC8& aEntropyInput) |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
289 |
{
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
290 |
const TUint8 KConstOne = 0x01; |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
291 |
TBuf8<KMaxSeedMaterialLength> seedMaterial; |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
292 |
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
293 |
// Construct the seed material. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
294 |
if(iRNGSecure) |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
295 |
{
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
296 |
// After the first seeding (which will set iRNGSecure), seed_material = 0x01 || V || entropy_input |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
297 |
seedMaterial.Append(&KConstOne, sizeof(TUint8)); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
298 |
seedMaterial.Append(iInternalStateV, KSeedLength); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
299 |
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
300 |
// Make the system idle on every reseed (will be reset next time the RNG is used) |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
301 |
iSecureRNGIdle = ETrue; |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
302 |
} |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
303 |
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
304 |
// The enropy input is used whether it's the first seeding or not. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
305 |
seedMaterial.Append(aEntropyInput); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
306 |
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
307 |
// On the first seeding, include the personalizsation string for the instantiation. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
308 |
if(!iRNGSecure) |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
309 |
{
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
310 |
// System time in ticks is considered as a personalization string |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
311 |
TInt64 personalizationString = Kern::SystemTimeSecure(); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
312 |
seedMaterial.Append((TUint8*)&personalizationString, sizeof(TUint)); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
313 |
} |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
314 |
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
315 |
// Calculate the seed and update the internal state V |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
316 |
HashDf(seedMaterial, iInternalStateV); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
317 |
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
318 |
// Calculate and update the internal state C |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
319 |
seedMaterial.FillZ(1); // Put the 0x00 in the first byte of the buffer |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
320 |
seedMaterial.Append(iInternalStateV, KSeedLength); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
321 |
HashDf(seedMaterial, iInternalStateC); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
322 |
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
323 |
// Reset the reseed counter and other related parameter values as well. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
324 |
iReseedCounter = 0; |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
325 |
iEntropyPool.Reset(); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
326 |
// Reset the current estimation. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
327 |
iEntropyEstimation = 0; |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
328 |
} |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
329 |
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
330 |
/** |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
331 |
* Controls the Reseed process with the following algorithm. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
332 |
* 1. Collect the received entropy in the entropy pool like hash object. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
333 |
* 2. Increment the entropy estimation counter by the received estimation value. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
334 |
* 3. If the so far collected estimation is higher than the threshold value, |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
335 |
* 3.1. Call Reseed to generate the new seed and update the system internal state |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
336 |
* 3.2. Decide the secure status of the new seed and hence the RNG system |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
337 |
* 3.3. Decide whether the system is idle or not |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
338 |
* 3.4. Reset the entropy pool hash object and the entropy estimation counter. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
339 |
* |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
340 |
*/ |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
341 |
void DSecureRNG::AddEntropy(const TUint8* aEntropy, TInt aLength, TInt aEstimation) |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
342 |
{
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
343 |
// Get the mutex to update the entropy pool |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
344 |
NKern::ThreadEnterCS(); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
345 |
Kern::MutexWait(*iEntropyMutex); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
346 |
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
347 |
iEntropyPool.Update(aEntropy, aLength); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
348 |
iEntropyEstimation += aEstimation; |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
349 |
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
350 |
if (iEntropyEstimation >= iEntropyThreshold) |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
351 |
{
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
352 |
// Get the mutex to update the internal state via Reseed. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
353 |
Kern::MutexWait(*iSecureRNGMutex); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
354 |
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
355 |
// Get the final hash value and pass on to the reseed, which inturn will update the internal state. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
356 |
Reseed(iEntropyPool.Final()); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
357 |
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
358 |
// Set the threshold to 256 for all but the first reseed. For instantiation |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
359 |
// the threshold should be 384 which was set already as part of initialization. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
360 |
iEntropyThreshold = KReseedThreshold; |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
361 |
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
362 |
// As the entropy estimation has crossed the threshold, the system becomes secure. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
363 |
iRNGSecure = ETrue; |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
364 |
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
365 |
// Send the reseed notification to the hook, if one is installed |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
366 |
if (iReseedHookFn) |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
367 |
iReseedHookFn(iReseedHookArg); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
368 |
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
369 |
// Updates are done. So, release the Mutex. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
370 |
Kern::MutexSignal(*iSecureRNGMutex); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
371 |
} |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
372 |
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
373 |
// Updates are done. So, release the Mutex. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
374 |
Kern::MutexSignal(*iEntropyMutex); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
375 |
NKern::ThreadLeaveCS(); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
376 |
} |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
377 |
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
378 |
// Allow a test driver to set a hook function which will be called on reseed. |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
379 |
void DSecureRNG::SetReseedHook(void (*aReseedHookFn)(TAny*), TAny* aReseedHookArg) |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
380 |
{
|
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
381 |
NKern::ThreadEnterCS(); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
382 |
Kern::MutexWait(*iSecureRNGMutex); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
383 |
iReseedHookFn = aReseedHookFn; |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
384 |
iReseedHookArg = aReseedHookArg; |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
385 |
Kern::MutexSignal(*iSecureRNGMutex); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
386 |
NKern::ThreadLeaveCS(); |
|
4a8fed1c0ef6
Revision: 201007
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
387 |
} |