cosmopolitan/third_party/mbedtls/entropy.h

#ifndef COSMOPOLITAN_THIRD_PARTY_MBEDTLS_ENTROPY_H_
#define COSMOPOLITAN_THIRD_PARTY_MBEDTLS_ENTROPY_H_
#include "third_party/mbedtls/config.h"
#include "third_party/mbedtls/sha256.h"
#include "third_party/mbedtls/sha512.h"
COSMOPOLITAN_C_START_

#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256)
#define MBEDTLS_ENTROPY_SHA512_ACCUMULATOR
#else
#if defined(MBEDTLS_SHA256_C)
#define MBEDTLS_ENTROPY_SHA256_ACCUMULATOR
#endif
#endif

#define MBEDTLS_ERR_ENTROPY_SOURCE_FAILED                 -0x003C  /*< Critical entropy source failure. */
#define MBEDTLS_ERR_ENTROPY_MAX_SOURCES                   -0x003E  /*< No more sources can be added. */
#define MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED            -0x0040  /*< No sources have been added to poll. */
#define MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE              -0x003D  /*< No strong sources have been added to poll. */
#define MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR                 -0x003F  /*< Read/write error in file. */

#if !defined(MBEDTLS_ENTROPY_MAX_SOURCES)
#define MBEDTLS_ENTROPY_MAX_SOURCES     20      /*< Maximum number of sources supported */
#endif

#if !defined(MBEDTLS_ENTROPY_MAX_GATHER)
#define MBEDTLS_ENTROPY_MAX_GATHER      128     /*< Maximum amount requested from entropy sources */
#endif

#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
#define MBEDTLS_ENTROPY_BLOCK_SIZE      64      /*< Block size of entropy accumulator (SHA-512) */
#else
#define MBEDTLS_ENTROPY_BLOCK_SIZE      32      /*< Block size of entropy accumulator (SHA-256) */
#endif

#define MBEDTLS_ENTROPY_MAX_SEED_SIZE   1024    /*< Maximum size of seed we read from seed file */
#define MBEDTLS_ENTROPY_SOURCE_MANUAL   MBEDTLS_ENTROPY_MAX_SOURCES

#define MBEDTLS_ENTROPY_SOURCE_STRONG   1       /*< Entropy source is strong   */
#define MBEDTLS_ENTROPY_SOURCE_WEAK     0       /*< Entropy source is weak     */

/**
 * \brief           Entropy poll callback pointer
 *
 * \param data      Callback-specific data pointer
 * \param output    Data to fill
 * \param len       Maximum size to provide
 * \param olen      The actual amount of bytes put into the buffer (Can be 0)
 *
 * \return          0 if no critical failures occurred,
 *                  MBEDTLS_ERR_ENTROPY_SOURCE_FAILED otherwise
 */
typedef int (*mbedtls_entropy_f_source_ptr)(void *data, unsigned char *output, size_t len, size_t *olen);

/**
 * \brief           Entropy source state
 */
typedef struct mbedtls_entropy_source_state
{
    mbedtls_entropy_f_source_ptr    f_source;   /*< The entropy source callback */
    void *          p_source;   /*< The callback data pointer */
    size_t          size;       /*< Amount received in bytes */
    size_t          threshold;  /*< Minimum bytes required before release */
    int             strong;     /*< Is the source strong? */
}
mbedtls_entropy_source_state;

/**
 * \brief           Entropy context structure
 */
typedef struct mbedtls_entropy_context
{
    int accumulator_started; /* 0 after init.
                              * 1 after the first update.
                              * -1 after free. */
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
    mbedtls_sha512_context  accumulator;
#else
    mbedtls_sha256_context  accumulator;
#endif
    int             source_count; /* Number of entries used in source. */
    mbedtls_entropy_source_state    source[MBEDTLS_ENTROPY_MAX_SOURCES];
#if defined(MBEDTLS_ENTROPY_NV_SEED)
    int initial_entropy_run;
#endif
}
mbedtls_entropy_context;

void mbedtls_entropy_init( mbedtls_entropy_context * );
void mbedtls_entropy_free( mbedtls_entropy_context * );
int mbedtls_entropy_add_source( mbedtls_entropy_context *, mbedtls_entropy_f_source_ptr, void *, size_t, int );
int mbedtls_entropy_gather( mbedtls_entropy_context * );
int mbedtls_entropy_func( void *, unsigned char *, size_t );
int mbedtls_entropy_update_manual( mbedtls_entropy_context *, const unsigned char *, size_t );
int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context * );
int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *, const char * );
int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *, const char * );
int mbedtls_entropy_self_test( int );
int mbedtls_entropy_source_self_test( int );

COSMOPOLITAN_C_END_
#endif /* COSMOPOLITAN_THIRD_PARTY_MBEDTLS_ENTROPY_H_ */
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt 2021-06-24 19:31:26 +00:00			`#ifndef COSMOPOLITAN_THIRD_PARTY_MBEDTLS_ENTROPY_H_`
			`#define COSMOPOLITAN_THIRD_PARTY_MBEDTLS_ENTROPY_H_`
Flatten Mbed TLS directory structure 2021-06-16 03:18:59 +00:00			`#include "third_party/mbedtls/config.h"`
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt 2021-06-24 19:31:26 +00:00			`#include "third_party/mbedtls/sha256.h"`
			`#include "third_party/mbedtls/sha512.h"`
			`COSMOPOLITAN_C_START_`
Import Mbed TLS v2.26.0 2021-06-15 18:39:36 +00:00
			`#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256)`
			`#define MBEDTLS_ENTROPY_SHA512_ACCUMULATOR`
			`#else`
			`#if defined(MBEDTLS_SHA256_C)`
			`#define MBEDTLS_ENTROPY_SHA256_ACCUMULATOR`
			`#endif`
			`#endif`

Make it possible to compile redbean with chibicc This cuts build latency down from 5 seconds to 500 milliseconds. 2022-04-22 22:03:32 +00:00			`#define MBEDTLS_ERR_ENTROPY_SOURCE_FAILED -0x003C /< Critical entropy source failure. /`
			`#define MBEDTLS_ERR_ENTROPY_MAX_SOURCES -0x003E /< No more sources can be added. /`
			`#define MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED -0x0040 /< No sources have been added to poll. /`
			`#define MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE -0x003D /< No strong sources have been added to poll. /`
			`#define MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR -0x003F /< Read/write error in file. /`
Import Mbed TLS v2.26.0 2021-06-15 18:39:36 +00:00
			`#if !defined(MBEDTLS_ENTROPY_MAX_SOURCES)`
Make it possible to compile redbean with chibicc This cuts build latency down from 5 seconds to 500 milliseconds. 2022-04-22 22:03:32 +00:00			`#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /< Maximum number of sources supported /`
Import Mbed TLS v2.26.0 2021-06-15 18:39:36 +00:00			`#endif`

			`#if !defined(MBEDTLS_ENTROPY_MAX_GATHER)`
Make it possible to compile redbean with chibicc This cuts build latency down from 5 seconds to 500 milliseconds. 2022-04-22 22:03:32 +00:00			`#define MBEDTLS_ENTROPY_MAX_GATHER 128 /< Maximum amount requested from entropy sources /`
Import Mbed TLS v2.26.0 2021-06-15 18:39:36 +00:00			`#endif`

			`#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)`
Make it possible to compile redbean with chibicc This cuts build latency down from 5 seconds to 500 milliseconds. 2022-04-22 22:03:32 +00:00			`#define MBEDTLS_ENTROPY_BLOCK_SIZE 64 /< Block size of entropy accumulator (SHA-512) /`
Import Mbed TLS v2.26.0 2021-06-15 18:39:36 +00:00			`#else`
Make it possible to compile redbean with chibicc This cuts build latency down from 5 seconds to 500 milliseconds. 2022-04-22 22:03:32 +00:00			`#define MBEDTLS_ENTROPY_BLOCK_SIZE 32 /< Block size of entropy accumulator (SHA-256) /`
Import Mbed TLS v2.26.0 2021-06-15 18:39:36 +00:00			`#endif`

Make it possible to compile redbean with chibicc This cuts build latency down from 5 seconds to 500 milliseconds. 2022-04-22 22:03:32 +00:00			`#define MBEDTLS_ENTROPY_MAX_SEED_SIZE 1024 /< Maximum size of seed we read from seed file /`
Import Mbed TLS v2.26.0 2021-06-15 18:39:36 +00:00			`#define MBEDTLS_ENTROPY_SOURCE_MANUAL MBEDTLS_ENTROPY_MAX_SOURCES`

Make it possible to compile redbean with chibicc This cuts build latency down from 5 seconds to 500 milliseconds. 2022-04-22 22:03:32 +00:00			`#define MBEDTLS_ENTROPY_SOURCE_STRONG 1 /< Entropy source is strong /`
			`#define MBEDTLS_ENTROPY_SOURCE_WEAK 0 /< Entropy source is weak /`
Import Mbed TLS v2.26.0 2021-06-15 18:39:36 +00:00
			`/**`
			`* \brief Entropy poll callback pointer`
			`*`
			`* \param data Callback-specific data pointer`
			`* \param output Data to fill`
			`* \param len Maximum size to provide`
			`* \param olen The actual amount of bytes put into the buffer (Can be 0)`
			`*`
			`* \return 0 if no critical failures occurred,`
			`* MBEDTLS_ERR_ENTROPY_SOURCE_FAILED otherwise`
			`*/`
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt 2021-06-24 19:31:26 +00:00			`typedef int (mbedtls_entropy_f_source_ptr)(void data, unsigned char output, size_t len, size_t olen);`
Import Mbed TLS v2.26.0 2021-06-15 18:39:36 +00:00
			`/**`
			`* \brief Entropy source state`
			`*/`
			`typedef struct mbedtls_entropy_source_state`
			`{`
Make it possible to compile redbean with chibicc This cuts build latency down from 5 seconds to 500 milliseconds. 2022-04-22 22:03:32 +00:00			`mbedtls_entropy_f_source_ptr f_source; /< The entropy source callback /`
			`void * p_source; /< The callback data pointer /`
			`size_t size; /< Amount received in bytes /`
			`size_t threshold; /< Minimum bytes required before release /`
			`int strong; /< Is the source strong? /`
Import Mbed TLS v2.26.0 2021-06-15 18:39:36 +00:00			`}`
			`mbedtls_entropy_source_state;`

			`/**`
			`* \brief Entropy context structure`
			`*/`
			`typedef struct mbedtls_entropy_context`
			`{`
			`int accumulator_started; /* 0 after init.`
			`* 1 after the first update.`
			`* -1 after free. */`
			`#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)`
			`mbedtls_sha512_context accumulator;`
			`#else`
			`mbedtls_sha256_context accumulator;`
			`#endif`
			`int source_count; /* Number of entries used in source. */`
			`mbedtls_entropy_source_state source[MBEDTLS_ENTROPY_MAX_SOURCES];`
			`#if defined(MBEDTLS_ENTROPY_NV_SEED)`
			`int initial_entropy_run;`
			`#endif`
			`}`
			`mbedtls_entropy_context;`

Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt 2021-06-24 19:31:26 +00:00			`void mbedtls_entropy_init( mbedtls_entropy_context * );`
			`void mbedtls_entropy_free( mbedtls_entropy_context * );`
			`int mbedtls_entropy_add_source( mbedtls_entropy_context , mbedtls_entropy_f_source_ptr, void , size_t, int );`
			`int mbedtls_entropy_gather( mbedtls_entropy_context * );`
			`int mbedtls_entropy_func( void , unsigned char , size_t );`
			`int mbedtls_entropy_update_manual( mbedtls_entropy_context , const unsigned char , size_t );`
			`int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context * );`
			`int mbedtls_entropy_write_seed_file( mbedtls_entropy_context , const char );`
			`int mbedtls_entropy_update_seed_file( mbedtls_entropy_context , const char );`
			`int mbedtls_entropy_self_test( int );`
			`int mbedtls_entropy_source_self_test( int );`

			`COSMOPOLITAN_C_END_`
			`#endif /* COSMOPOLITAN_THIRD_PARTY_MBEDTLS_ENTROPY_H_ */`