- Moved all examples programs to use the new entropy and CTR_DRBG

programs/pkey/dh_client.c

@@ -37,23 +37,25 @@
 #include "polarssl/dhm.h"
 #include "polarssl/rsa.h"
 #include "polarssl/sha1.h"
-#include "polarssl/havege.h"
+#include "polarssl/entropy.h"
+#include "polarssl/ctr_drbg.h"
 
 #define SERVER_NAME "localhost"
 #define SERVER_PORT 11999
 
 #if !defined(POLARSSL_AES_C) || !defined(POLARSSL_DHM_C) ||     \
-    !defined(POLARSSL_HAVEGE_C) || !defined(POLARSSL_NET_C) ||  \
+    !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_NET_C) ||  \
     !defined(POLARSSL_RSA_C) || !defined(POLARSSL_SHA1_C) ||    \
-    !defined(POLARSSL_FS_IO)
+    !defined(POLARSSL_FS_IO) || !defined(POLARSSL_CTR_DRBG_C)
 int main( int argc, char *argv[] )
 {
     ((void) argc);
     ((void) argv);
 
-    printf("POLARSSL_AES_C and/or POLARSSL_DHM_C and/or POLARSSL_HAVEGE_C "
+    printf("POLARSSL_AES_C and/or POLARSSL_DHM_C and/or POLARSSL_ENTROPY_C "
            "and/or POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
-           "POLARSSL_SHA1_C and/or POLARSSL_FS_IO not defined.\n");
+           "POLARSSL_SHA1_C and/or POLARSSL_FS_IO and/or "
+           "POLARSSL_CTR_DRBG_C not defined.\n");
     return( 0 );
 }
 #else
@@ -68,8 +70,10 @@ int main( int argc, char *argv[] )
     unsigned char *p, *end;
     unsigned char buf[1024];
     unsigned char hash[20];
+    char *pers = "dh_client";
 
-    havege_state hs;
+    entropy_context entropy;
+    ctr_drbg_context ctr_drbg;
     rsa_context rsa;
     dhm_context dhm;
     aes_context aes;
@@ -86,7 +90,13 @@ int main( int argc, char *argv[] )
     printf( "\n  . Seeding the random number generator" );
     fflush( stdout );
 
-    havege_init( &hs );
+    entropy_init( &entropy );
+    if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
+                               (unsigned char *) pers, strlen( pers ) ) ) != 0 )
+    {
+        printf( " failed\n  ! ctr_drbg_init returned %d\n", ret );
+        goto exit;
+    }
 
     /*
      * 2. Read the server's public RSA key
@@ -207,7 +217,7 @@ int main( int argc, char *argv[] )
 
     n = dhm.len;
     if( ( ret = dhm_make_public( &dhm, 256, buf, n,
-                                 havege_random, &hs ) ) != 0 )
+                                 ctr_drbg_random, &ctr_drbg ) ) != 0 )
     {
         printf( " failed\n  ! dhm_make_public returned %d\n\n", ret );
         goto exit;
@@ -273,6 +283,6 @@ exit:
 
     return( ret );
 }
-#endif /* POLARSSL_AES_C && POLARSSL_DHM_C && POLARSSL_HAVEGE_C &&
+#endif /* POLARSSL_AES_C && POLARSSL_DHM_C && POLARSSL_ENTROPY_C &&
           POLARSSL_NET_C && POLARSSL_RSA_C && POLARSSL_SHA1_C && 
-          POLARSSL_FS_IO */
+          POLARSSL_FS_IO && POLARSSL_CTR_DRBG_C */

programs/pkey/dh_genprime.c

@@ -32,7 +32,8 @@
 #include "polarssl/config.h"
 
 #include "polarssl/bignum.h"
-#include "polarssl/havege.h"
+#include "polarssl/entropy.h"
+#include "polarssl/ctr_drbg.h"
 
 /*
  * Note: G = 4 is always a quadratic residue mod P,
@@ -41,15 +42,15 @@
 #define DH_P_SIZE 1024
 #define GENERATOR "4"
 
-#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_HAVEGE_C) ||   \
-    !defined(POLARSSL_FS_IO)
+#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) ||   \
+    !defined(POLARSSL_FS_IO) || !defined(POLARSSL_CTR_DRBG_C)
 int main( int argc, char *argv[] )
 {
     ((void) argc);
     ((void) argv);
 
-    printf("POLARSSL_BIGNUM_C and/or POLARSSL_HAVEGE_C and/or "
-           "POLARSSL_FS_IO not defined.\n");
+    printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
+           "POLARSSL_FS_IO and/or POLARSSL_CTR_DRBG_C not defined.\n");
     return( 0 );
 }
 #else
@@ -59,7 +60,9 @@ int main( int argc, char *argv[] )
 
 #if defined(POLARSSL_GENPRIME)
     mpi G, P, Q;
-    havege_state hs;
+    entropy_context entropy;
+    ctr_drbg_context ctr_drbg;
+    char *pers = "dh_genprime";
     FILE *fout;
 
     ((void) argc);
@@ -71,7 +74,13 @@ int main( int argc, char *argv[] )
     printf( "\n  . Seeding the random number generator..." );
     fflush( stdout );
 
-    havege_init( &hs );
+    entropy_init( &entropy );
+    if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
+                               (unsigned char *) pers, strlen( pers ) ) ) != 0 )
+    {
+        printf( " failed\n  ! ctr_drbg_init returned %d\n", ret );
+        goto exit;
+    }
 
     printf( " ok\n  . Generating the modulus, please wait..." );
     fflush( stdout );
@@ -80,7 +89,7 @@ int main( int argc, char *argv[] )
      * This can take a long time...
      */
     if( ( ret = mpi_gen_prime( &P, DH_P_SIZE, 1,
-                               havege_random, &hs ) ) != 0 )
+                               ctr_drbg_random, &ctr_drbg ) ) != 0 )
     {
         printf( " failed\n  ! mpi_gen_prime returned %d\n\n", ret );
         goto exit;
@@ -101,7 +110,7 @@ int main( int argc, char *argv[] )
         goto exit;
     }
 
-    if( ( ret = mpi_is_prime( &Q, havege_random, &hs ) ) != 0 )
+    if( ( ret = mpi_is_prime( &Q, ctr_drbg_random, &ctr_drbg ) ) != 0 )
     {
         printf( " failed\n  ! mpi_is_prime returned %d\n\n", ret );
         goto exit;
@@ -141,4 +150,5 @@ exit:
 
     return( ret );
 }
-#endif /* POLARSSL_BIGNUM_C && POLARSSL_HAVEGE_C && POLARSSL_FS_IO */
+#endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && POLARSSL_FS_IO &&
+          POLARSSL_CTR_DRBG_C */

programs/pkey/dh_server.c

@@ -37,23 +37,25 @@
 #include "polarssl/dhm.h"
 #include "polarssl/rsa.h"
 #include "polarssl/sha1.h"
-#include "polarssl/havege.h"
+#include "polarssl/entropy.h"
+#include "polarssl/ctr_drbg.h"
 
 #define SERVER_PORT 11999
 #define PLAINTEXT "==Hello there!=="
 
 #if !defined(POLARSSL_AES_C) || !defined(POLARSSL_DHM_C) ||     \
-    !defined(POLARSSL_HAVEGE_C) || !defined(POLARSSL_NET_C) ||  \
+    !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_NET_C) ||  \
     !defined(POLARSSL_RSA_C) || !defined(POLARSSL_SHA1_C) ||    \
-    !defined(POLARSSL_FS_IO)
+    !defined(POLARSSL_FS_IO) || !defined(POLARSSL_CTR_DRBG_C)
 int main( int argc, char *argv[] )
 {
     ((void) argc);
     ((void) argv);
 
-    printf("POLARSSL_AES_C and/or POLARSSL_DHM_C and/or POLARSSL_HAVEGE_C "
+    printf("POLARSSL_AES_C and/or POLARSSL_DHM_C and/or POLARSSL_ENTROPY_C "
            "and/or POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
-           "POLARSSL_SHA1_C and/or POLARSSL_FS_IO not defined.\n");
+           "POLARSSL_SHA1_C and/or POLARSSL_FS_IO and/or "
+           "POLARSSL_CTR_DBRG_C not defined.\n");
     return( 0 );
 }
 #else
@@ -69,8 +71,10 @@ int main( int argc, char *argv[] )
     unsigned char buf[1024];
     unsigned char hash[20];
     unsigned char buf2[2];
+    char *pers = "dh_server";
 
-    havege_state hs;
+    entropy_context entropy;
+    ctr_drbg_context ctr_drbg;
     rsa_context rsa;
     dhm_context dhm;
     aes_context aes;
@@ -87,7 +91,13 @@ int main( int argc, char *argv[] )
     printf( "\n  . Seeding the random number generator" );
     fflush( stdout );
 
-    havege_init( &hs );
+    entropy_init( &entropy );
+    if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
+                               (unsigned char *) pers, strlen( pers ) ) ) != 0 )
+    {
+        printf( " failed\n  ! ctr_drbg_init returned %d\n", ret );
+        goto exit;
+    }
 
     /*
      * 2a. Read the server's private RSA key
@@ -172,7 +182,7 @@ int main( int argc, char *argv[] )
     memset( buf, 0, sizeof( buf ) );
 
     if( ( ret = dhm_make_params( &dhm, 256, buf, &n,
-                                 havege_random, &hs ) ) != 0 )
+                                 ctr_drbg_random, &ctr_drbg ) ) != 0 )
     {
         printf( " failed\n  ! dhm_make_params returned %d\n\n", ret );
         goto exit;
@@ -276,6 +286,6 @@ exit:
 
     return( ret );
 }
-#endif /* POLARSSL_AES_C && POLARSSL_DHM_C && POLARSSL_HAVEGE_C &&
+#endif /* POLARSSL_AES_C && POLARSSL_DHM_C && POLARSSL_ENTROPY_C &&
           POLARSSL_NET_C && POLARSSL_RSA_C && POLARSSL_SHA1_C &&
-          POLARSSL_FS_IO */
+          POLARSSL_FS_IO && POLARSSL_CTR_DRBG_C */

programs/pkey/rsa_encrypt.c

@@ -33,17 +33,20 @@
 #include "polarssl/config.h"
 
 #include "polarssl/rsa.h"
-#include "polarssl/havege.h"
+#include "polarssl/entropy.h"
+#include "polarssl/ctr_drbg.h"
 
 #if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_RSA_C) ||  \
-    !defined(POLARSSL_HAVEGE_C) || !defined(POLARSSL_FS_IO)
+    !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_FS_IO) || \
+    !defined(POLARSSL_CTR_DRBG_C)
 int main( int argc, char *argv[] )
 {
     ((void) argc);
     ((void) argv);
 
     printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or "
-           "POLARSSL_HAVEGE_C and/or POLARSSL_FS_IO not defined.\n");
+           "POLARSSL_ENTROPY_C and/or POLARSSL_FS_IO and/or "
+           "POLARSSL_CTR_DRBG_C not defined.\n");
     return( 0 );
 }
 #else
@@ -53,11 +56,11 @@ int main( int argc, char *argv[] )
     int ret;
     size_t i;
     rsa_context rsa;
-    havege_state hs;
+    entropy_context entropy;
+    ctr_drbg_context ctr_drbg;
     unsigned char input[1024];
     unsigned char buf[512];
-
-    havege_init( &hs );
+    char *pers = "rsa_encrypt";
 
     ret = 1;
 
@@ -72,6 +75,17 @@ int main( int argc, char *argv[] )
         goto exit;
     }
 
+    printf( "\n  . Seeding the random number generator..." );
+    fflush( stdout );
+
+    entropy_init( &entropy );
+    if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
+                               (unsigned char *) pers, strlen( pers ) ) ) != 0 )
+    {
+        printf( " failed\n  ! ctr_drbg_init returned %d\n", ret );
+        goto exit;
+    }
+
     printf( "\n  . Reading public key from rsa_pub.txt" );
     fflush( stdout );
 
@@ -110,7 +124,9 @@ int main( int argc, char *argv[] )
     printf( "\n  . Generating the RSA encrypted value" );
     fflush( stdout );
 
-    if( ( ret = rsa_pkcs1_encrypt( &rsa, havege_random, &hs, RSA_PUBLIC, strlen( argv[1] ), input, buf ) ) != 0 )
+    if( ( ret = rsa_pkcs1_encrypt( &rsa, ctr_drbg_random, &ctr_drbg,
+                                   RSA_PUBLIC, strlen( argv[1] ),
+                                   input, buf ) ) != 0 )
     {
         printf( " failed\n  ! rsa_pkcs1_encrypt returned %d\n\n", ret );
         goto exit;
@@ -143,5 +159,5 @@ exit:
 
     return( ret );
 }
-#endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && POLARSSL_HAVEGE_C &&
-          POLARSSL_FS_IO */
+#endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && POLARSSL_ENTROPY_C &&
+          POLARSSL_FS_IO && POLARSSL_CTR_DRBG_C */

programs/pkey/rsa_genkey.c

@@ -31,7 +31,8 @@
 
 #include "polarssl/config.h"
 
-#include "polarssl/havege.h"
+#include "polarssl/entropy.h"
+#include "polarssl/ctr_drbg.h"
 #include "polarssl/bignum.h"
 #include "polarssl/x509.h"
 #include "polarssl/rsa.h"
@@ -39,17 +40,17 @@
 #define KEY_SIZE 1024
 #define EXPONENT 65537
 
-#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_HAVEGE_C) ||   \
+#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) ||   \
     !defined(POLARSSL_RSA_C) || !defined(POLARSSL_GENPRIME) ||      \
-    !defined(POLARSSL_FS_IO)
+    !defined(POLARSSL_FS_IO) || !defined(POLARSSL_CTR_DRBG_C)
 int main( int argc, char *argv[] )
 {
     ((void) argc);
     ((void) argv);
 
-    printf("POLARSSL_BIGNUM_C and/or POLARSSL_HAVEGE_C and/or "
+    printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
            "POLARSSL_RSA_C and/or POLARSSL_GENPRIME and/or "
-           "POLARSSL_FS_IO not defined.\n");
+           "POLARSSL_FS_IO and/or POLARSSL_CTR_DRBG_C not defined.\n");
     return( 0 );
 }
 #else
@@ -57,9 +58,11 @@ int main( int argc, char *argv[] )
 {
     int ret;
     rsa_context rsa;
-    havege_state hs;
+    entropy_context entropy;
+    ctr_drbg_context ctr_drbg;
     FILE *fpub  = NULL;
     FILE *fpriv = NULL;
+    char *pers = "rsa_genkey";
 
     ((void) argc);
     ((void) argv);
@@ -67,14 +70,21 @@ int main( int argc, char *argv[] )
     printf( "\n  . Seeding the random number generator..." );
     fflush( stdout );
 
-    havege_init( &hs );
+    entropy_init( &entropy );
+    if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
+                               (unsigned char *) pers, strlen( pers ) ) ) != 0 )
+    {
+        printf( " failed\n  ! ctr_drbg_init returned %d\n", ret );
+        goto exit;
+    }
 
     printf( " ok\n  . Generating the RSA key [ %d-bit ]...", KEY_SIZE );
     fflush( stdout );
 
     rsa_init( &rsa, RSA_PKCS_V15, 0 );
     
-    if( ( ret = rsa_gen_key( &rsa, havege_random, &hs, KEY_SIZE, EXPONENT ) ) != 0 )
+    if( ( ret = rsa_gen_key( &rsa, ctr_drbg_random, &ctr_drbg, KEY_SIZE,
+                             EXPONENT ) ) != 0 )
     {
         printf( " failed\n  ! rsa_gen_key returned %d\n\n", ret );
         goto exit;
@@ -151,5 +161,5 @@ exit:
 
     return( ret );
 }
-#endif /* POLARSSL_BIGNUM_C && POLARSSL_HAVEGE_C && POLARSSL_RSA_C &&
-          POLARSSL_GENPRIME && POLARSSL_FS_IO */
+#endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && POLARSSL_RSA_C &&
+          POLARSSL_GENPRIME && POLARSSL_FS_IO && POLARSSL_CTR_DRBG_C */

programs/pkey/rsa_sign_pss.c

@@ -32,7 +32,8 @@
 
 #include "polarssl/config.h"
 
-#include "polarssl/havege.h"
+#include "polarssl/entropy.h"
+#include "polarssl/ctr_drbg.h"
 #include "polarssl/md.h"
 #include "polarssl/rsa.h"
 #include "polarssl/sha1.h"
@@ -42,17 +43,19 @@
 #define snprintf _snprintf
 #endif
 
-#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_HAVEGE_C) ||   \
+#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) ||  \
     !defined(POLARSSL_RSA_C) || !defined(POLARSSL_SHA1_C) ||        \
-    !defined(POLARSSL_X509_PARSE_C) || !defined(POLARSSL_FS_IO)
+    !defined(POLARSSL_X509_PARSE_C) || !defined(POLARSSL_FS_IO) ||  \
+    !defined(POLARSSL_CTR_DRBG_C)
 int main( int argc, char *argv[] )
 {
     ((void) argc);
     ((void) argv);
 
-    printf("POLARSSL_BIGNUM_C and/or POLARSSL_HAVEGE_C and/or "
+    printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
            "POLARSSL_RSA_C and/or POLARSSL_SHA1_C and/or "
-           "POLARSSL_X509_PARSE_C and/or POLARSSL_FS_IO not defined.\n");
+           "POLARSSL_X509_PARSE_C and/or POLARSSL_FS_IO and/or "
+           "POLARSSL_CTR_DRBG_C not defined.\n");
     return( 0 );
 }
 #else
@@ -61,10 +64,12 @@ int main( int argc, char *argv[] )
     FILE *f;
     int ret;
     rsa_context rsa;
-    havege_state hs;
+    entropy_context entropy;
+    ctr_drbg_context ctr_drbg;
     unsigned char hash[20];
     unsigned char buf[512];
     char filename[512];
+    char *pers = "rsa_sign_pss";
 
     ret = 1;
 
@@ -79,10 +84,20 @@ int main( int argc, char *argv[] )
         goto exit;
     }
 
+    printf( "\n  . Seeding the random number generator..." );
+    fflush( stdout );
+
+    entropy_init( &entropy );
+    if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
+                               (unsigned char *) pers, strlen( pers ) ) ) != 0 )
+    {
+        printf( " failed\n  ! ctr_drbg_init returned %d\n", ret );
+        goto exit;
+    }
+
     printf( "\n  . Reading private key from '%s'", argv[1] );
     fflush( stdout );
 
-    havege_init( &hs );
     rsa_init( &rsa, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
 
     if( ( ret = x509parse_keyfile( &rsa, argv[1], "" ) ) != 0 )
@@ -105,7 +120,8 @@ int main( int argc, char *argv[] )
         goto exit;
     }
 
-    if( ( ret = rsa_pkcs1_sign( &rsa, havege_random, &hs, RSA_PRIVATE, SIG_RSA_SHA1,
+    if( ( ret = rsa_pkcs1_sign( &rsa, ctr_drbg_random, &ctr_drbg,
+                                RSA_PRIVATE, SIG_RSA_SHA1,
                                 20, hash, buf ) ) != 0 )
     {
         printf( " failed\n  ! rsa_pkcs1_sign returned %d\n\n", ret );
@@ -143,5 +159,6 @@ exit:
 
     return( ret );
 }
-#endif /* POLARSSL_BIGNUM_C && POLARSSL_HAVEGE_C && POLARSSL_RSA_C &&
-          POLARSSL_SHA1_C && POLARSSL_X509_PARSE_C && POLARSSL_FS_IO */
+#endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && POLARSSL_RSA_C &&
+          POLARSSL_SHA1_C && POLARSSL_X509_PARSE_C && POLARSSL_FS_IO &&
+          POLARSSL_CTR_DRBG_C */