/*----- Header files ------------------------------------------------------*/
+#include "config.h"
+
#include <stdarg.h>
#include <stdio.h>
#include <string.h>
#include <mLib/sub.h>
#include "arena.h"
-#include "blowfish-cbc.h"
+#include "dispatch.h"
#include "paranoia.h"
+
+#define RAND__HACKS
#include "rand.h"
-#include "rmd160.h"
-#include "rmd160-hmac.h"
+
+#include "noise.h"
+
+#include "twofish-counter.h"
+#include "sha256.h"
+
+#define CIPHER_CTX twofish_counterctx
+#define CIPHER_INIT twofish_counterinit
+#define CIPHER_ENCRYPT twofish_counterencrypt
+#define CIPHER_IVSZ TWOFISH_BLKSZ
+#define CIPHER_KEYSZ TWOFISH_KEYSZ
+
+#define HASH_CTX sha256_ctx
+#define HASH_INIT sha256_init
+#define HASH sha256_hash
+#define HASH_DONE sha256_done
+#define HASH_SZ SHA256_HASHSZ
/*----- Static variables --------------------------------------------------*/
static const grand_ops gops;
-typedef struct gctx {
+typedef struct rand__gctx {
grand r;
rand_pool p;
} gctx;
-static gctx *pool = 0; /* Default random pool */
+gctx rand_global = {
+ { &gops },
+ { { 0 }, 0, 0, 0, 0,
+ { 0 }, RAND_SECSZ, 0,
+ { "Catacomb global random byte pool" },
+ &noise_source }
+};
/*----- Macros ------------------------------------------------------------*/
-#define RAND_RESOLVE(r) do { \
- if ((r) == RAND_GLOBAL) { \
- if (!pool) \
- pool = (gctx *)rand_create(); \
- (r) = &pool->p; \
- } \
+#define RAND_RESOLVE(r) \
+ do { if ((r) == RAND_GLOBAL) r = &rand_global.p; } while (0)
+
+#define GENCHECK(r) do { \
+ unsigned gen = rand_generation(); \
+ if (r->gen != gen) { r->gen = gen; rand_gate(r); } \
} while (0)
-#define TIMER(r) do { \
- if ((r)->s && (r)->s->timer) \
- (r)->s->timer(r); \
+static int quick(rand_pool *);
+#define QUICK(r) do { \
+ quick(r); \
+ if ((r)->s && (r)->s->timer) (r)->s->timer(r); \
} while (0)
/*----- Main code ---------------------------------------------------------*/
RAND_RESOLVE(r);
memset(r->pool, 0, sizeof(r->pool));
memset(r->buf, 0, sizeof(r->buf));
+ r->gen = rand_generation();
r->i = 0;
r->irot = 0;
r->ibits = r->obits = 0;
r->o = RAND_SECSZ;
- r->s = 0;
- rmd160_hmacinit(&r->k, 0, 0);
+ r->s = &noise_source;
+ rand_key(r, 0, 0);
rand_gate(r);
}
r->s = s;
}
+/* --- @rand_quick@ --- *
+ *
+ * Arguments: @rand_pool *r@ = pointer to a randomness pool
+ *
+ * Returns: Zero on success; @-1@ on failure.
+ *
+ * Use Attempts to use some machine-specific `quick' source of
+ * entropy to top up @r@. This may not do anything at all on
+ * many systems.
+ */
+
+CPU_DISPATCH(static, return, int, quick, (rand_pool *r), (r),
+ pick_quick, trivial_quick);
+
+static int trivial_quick(rand_pool *r) { return (-1); }
+
+#if CPUFAM_X86 || CPUFAM_AMD64
+extern int rand_quick_x86ish_rdrand(rand_pool */*r*/);
+extern int rand_quick_x86ish_rdseed(rand_pool */*r*/);
+#endif
+
+static quick__functype *pick_quick(void)
+{
+#if CPUFAM_X86 || CPUFAM_AMD64
+ DISPATCH_PICK_COND(rand_quick, rand_quick_x86ish_rdseed,
+ cpu_feature_p(CPUFEAT_X86_RDSEED));
+ DISPATCH_PICK_COND(rand_quick, rand_quick_x86ish_rdrand,
+ cpu_feature_p(CPUFEAT_X86_RDRAND));
+#endif
+ DISPATCH_PICK_FALLBACK(rand_quick, trivial_quick);
+}
+
+int rand_quick(rand_pool *r) { RAND_RESOLVE(r); return (quick(r)); }
+
/* --- @rand_seed@ --- *
*
* Arguments: @rand_pool *r@ = pointer to a randomness pool
void rand_key(rand_pool *r, const void *k, size_t sz)
{
+ HASH_CTX hc;
+ octet h[HASH_SZ];
+ static const char label[] = "Catacomb random pool key";
+
RAND_RESOLVE(r);
- rmd160_hmacinit(&r->k, k, sz);
+
+ assert(HASH_SZ >= RAND_KEYSZ);
+ HASH_INIT(&hc);
+ HASH(&hc, label, sizeof(label));
+ if (sz) HASH(&hc, k, sz);
+ HASH_DONE(&hc, h);
+ memcpy(r->k.k, h, RAND_KEYSZ);
}
/* --- @rand_add@ --- *
const octet *c = p;
int i, rot;
-#if RAND_POOLSZ != 128
-# error Polynomial in rand_add is out of date. Fix it.
-#endif
+ STATIC_ASSERT(RAND_POOLSZ == 128, "Polynomial doesn't match pool size");
RAND_RESOLVE(r);
void rand_gate(rand_pool *r)
{
- octet mac[RMD160_HASHSZ];
+ octet h[HASH_SZ], g[4];
+ HASH_CTX hc;
+ CIPHER_CTX cc;
+
+ STATIC_ASSERT(CIPHER_KEYSZ <= HASH_SZ, "rand cipher keysize too long");
RAND_RESOLVE(r);
- TIMER(r);
+ QUICK(r);
/* --- Hash up all the data in the pool --- */
- {
- rmd160_macctx mc;
-
- rmd160_macinit(&mc, &r->k);
- rmd160_machash(&mc, r->pool, sizeof(r->pool));
- rmd160_machash(&mc, r->buf, sizeof(r->buf));
- rmd160_macdone(&mc, mac);
- BURN(mc);
- }
+ HASH_INIT(&hc);
+ STORE32(g, r->gen); HASH(&hc, g, sizeof(g));
+ HASH(&hc, r->k.k, RAND_KEYSZ);
+ HASH(&hc, r->pool, RAND_POOLSZ);
+ HASH(&hc, r->buf, RAND_BUFSZ);
+ HASH_DONE(&hc, h);
+ BURN(hc);
/* --- Now mangle all of the data based on the hash --- */
- {
- blowfish_cbcctx bc;
-
- blowfish_cbcinit(&bc, mac, sizeof(mac), 0);
- blowfish_cbcencrypt(&bc, r->pool, r->pool, sizeof(r->pool));
- blowfish_cbcencrypt(&bc, r->buf, r->buf, sizeof(r->buf));
- BURN(bc);
- }
+ CIPHER_INIT(&cc, h, CIPHER_KEYSZ, 0);
+ CIPHER_ENCRYPT(&cc, r->pool, r->pool, RAND_POOLSZ);
+ CIPHER_ENCRYPT(&cc, r->buf, r->buf, RAND_BUFSZ);
+ BURN(cc);
/* --- Reset the various state variables --- */
r->obits = RAND_OBITS;
} else
r->ibits = 0;
- TIMER(r);
+ QUICK(r);
}
/* --- @rand_stretch@ --- *
void rand_stretch(rand_pool *r)
{
- octet mac[RMD160_HASHSZ];
+ octet h[HASH_SZ], g[4];
+ HASH_CTX hc;
+ CIPHER_CTX cc;
+
+ STATIC_ASSERT(CIPHER_KEYSZ <= HASH_SZ, "rand cipher keysize too long");
RAND_RESOLVE(r);
- TIMER(r);
+ QUICK(r);
/* --- Hash up all the data in the buffer --- */
- {
- rmd160_macctx mc;
+ HASH_INIT(&hc);
+ STORE32(g, r->gen); HASH(&hc, g, sizeof(g));
+ HASH(&hc, r->k.k, RAND_KEYSZ);
+ HASH(&hc, r->pool, RAND_POOLSZ);
+ HASH(&hc, r->buf, RAND_BUFSZ);
+ HASH_DONE(&hc, h);
+ BURN(hc);
- rmd160_macinit(&mc, &r->k);
- rmd160_machash(&mc, r->pool, sizeof(r->pool));
- rmd160_machash(&mc, r->buf, sizeof(r->buf));
- rmd160_macdone(&mc, mac);
- BURN(mc);
- }
+ /* --- Now mangle the buffer based on the hash --- */
- /* --- Now mangle the buffer based on that hash --- */
-
- {
- blowfish_cbcctx bc;
-
- blowfish_cbcinit(&bc, mac, sizeof(mac), 0);
- blowfish_cbcencrypt(&bc, r->buf, r->buf, sizeof(r->buf));
- BURN(bc);
- }
+ CIPHER_INIT(&cc, h, CIPHER_KEYSZ, 0);
+ CIPHER_ENCRYPT(&cc, r->buf, r->buf, RAND_BUFSZ);
+ BURN(cc);
/* --- Reset the various state variables --- */
r->o = RAND_SECSZ;
- TIMER(r);
+ QUICK(r);
}
/* --- @rand_get@ --- *
octet *o = p;
RAND_RESOLVE(r);
- TIMER(r);
+ GENCHECK(r);
+ QUICK(r);
if (!sz)
return;
rand_get(r, p, sz);
return;
}
- TIMER(r);
+ GENCHECK(r);
+ QUICK(r);
while (sz) {
size_t chunk = sz;
/*----- Generic random number generator interface -------------------------*/
-#define GRESOLVE(g, r) do { \
- if (r != &rand_global) \
- g = (gctx *)r; \
- else { \
- if (!pool) \
- pool = (gctx *)rand_create(); \
- g = pool; \
- } \
-} while (0)
-
static void gdestroy(grand *r)
{
- gctx *g;
- GRESOLVE(g, r);
- if (g != pool) {
+ gctx *g = (gctx *)r;
+ if (g != &rand_global) {
BURN(*g);
S_DESTROY(g);
}
static int gmisc(grand *r, unsigned op, ...)
{
- gctx *g;
+ gctx *g = (gctx *)r;
va_list ap;
int rc = 0;
va_start(ap, op);
- GRESOLVE(g, r);
switch (op) {
case GRAND_CHECK:
switch (va_arg(ap, unsigned)) {
rand_seed(&g->p, va_arg(ap, unsigned));
break;
case RAND_TIMER:
- TIMER(&g->p);
+ QUICK(&g->p);
break;
case RAND_GOODBITS:
rc = rand_goodbits(&g->p);
static octet gbyte(grand *r)
{
- gctx *g;
+ gctx *g = (gctx *)r;
octet o;
- GRESOLVE(g, r);
rand_getgood(&g->p, &o, 1);
return (o);
}
static uint32 gword(grand *r)
{
- gctx *g;
+ gctx *g = (gctx *)r;
octet b[4];
- GRESOLVE(g, r);
rand_getgood(&g->p, &b, sizeof(b));
return (LOAD32(b));
}
static void gfill(grand *r, void *p, size_t sz)
{
- gctx *g;
- GRESOLVE(g, r);
+ gctx *g = (gctx *)r;
rand_get(&g->p, p, sz);
}
"rand",
GRAND_CRYPTO, 0,
gmisc, gdestroy,
- gword, gbyte, gword, grand_range, gfill
+ gword, gbyte, gword, grand_defaultrange, gfill
};
-grand rand_global = { &gops };
-
/* --- @rand_create@ --- *
*
* Arguments: ---
~mdw / catacomb / blobdiff