X-Git-Url: https://git.distorted.org.uk/~mdw/catacomb/blobdiff_plain/0f00dc4c8eb47e67bc0f148c2dd109f73a451e0a..6c0946ef1f1fa9b75b8c6d65ea0554ff4e1ec4eb:/rand/rand.c diff --git a/rand/rand.c b/rand/rand.c index fa6dab86..3b056332 100644 --- a/rand/rand.c +++ b/rand/rand.c @@ -27,6 +27,8 @@ /*----- Header files ------------------------------------------------------*/ +#include "config.h" + #include #include #include @@ -35,36 +37,60 @@ #include #include "arena.h" -#include "blowfish-cbc.h" +#include "dispatch.h" #include "paranoia.h" + +#define RAND__HACKS #include "rand.h" -#include "rmd160.h" -#include "rmd160-hmac.h" + +#include "noise.h" + +#include "twofish-counter.h" +#include "sha256.h" + +#define CIPHER_CTX twofish_counterctx +#define CIPHER_INIT twofish_counterinit +#define CIPHER_ENCRYPT twofish_counterencrypt +#define CIPHER_IVSZ TWOFISH_BLKSZ +#define CIPHER_KEYSZ TWOFISH_KEYSZ + +#define HASH_CTX sha256_ctx +#define HASH_INIT sha256_init +#define HASH sha256_hash +#define HASH_DONE sha256_done +#define HASH_SZ SHA256_HASHSZ /*----- Static variables --------------------------------------------------*/ static const grand_ops gops; -typedef struct gctx { +typedef struct rand__gctx { grand r; rand_pool p; } gctx; -static gctx *pool = 0; /* Default random pool */ +gctx rand_global = { + { &gops }, + { { 0 }, 0, 0, 0, 0, + { 0 }, RAND_SECSZ, 0, + { "Catacomb global random byte pool" }, + &noise_source } +}; /*----- Macros ------------------------------------------------------------*/ -#define RAND_RESOLVE(r) do { \ - if ((r) == RAND_GLOBAL) { \ - if (!pool) \ - pool = (gctx *)rand_create(); \ - (r) = &pool->p; \ - } \ +#define RAND_RESOLVE(r) \ + do { if ((r) == RAND_GLOBAL) r = &rand_global.p; } while (0) + +#define GENCHECK(r) do { \ + unsigned gen = rand_generation(); \ + if (r->gen != gen) { r->gen = gen; rand_gate(r); } \ } while (0) -#define TIMER(r) do { \ - if ((r)->s && (r)->s->timer) \ - (r)->s->timer(r); \ +static int quick(rand_pool *); +#define QUICK(r) do { \ + quick(r); \ + if ((r)->s && (r)->s->timer) (r)->s->timer(r); \ } while (0) /*----- Main code ---------------------------------------------------------*/ @@ -86,12 +112,13 @@ void rand_init(rand_pool *r) RAND_RESOLVE(r); memset(r->pool, 0, sizeof(r->pool)); memset(r->buf, 0, sizeof(r->buf)); + r->gen = rand_generation(); r->i = 0; r->irot = 0; r->ibits = r->obits = 0; r->o = RAND_SECSZ; - r->s = 0; - rmd160_hmacinit(&r->k, 0, 0); + r->s = &noise_source; + rand_key(r, 0, 0); rand_gate(r); } @@ -118,6 +145,40 @@ void rand_noisesrc(rand_pool *r, const rand_source *s) r->s = s; } +/* --- @rand_quick@ --- * + * + * Arguments: @rand_pool *r@ = pointer to a randomness pool + * + * Returns: Zero on success; @-1@ on failure. + * + * Use Attempts to use some machine-specific `quick' source of + * entropy to top up @r@. This may not do anything at all on + * many systems. + */ + +CPU_DISPATCH(static, return, int, quick, (rand_pool *r), (r), + pick_quick, trivial_quick); + +static int trivial_quick(rand_pool *r) { return (-1); } + +#if CPUFAM_X86 || CPUFAM_AMD64 +extern int rand_quick_x86ish_rdrand(rand_pool */*r*/); +extern int rand_quick_x86ish_rdseed(rand_pool */*r*/); +#endif + +static quick__functype *pick_quick(void) +{ +#if CPUFAM_X86 || CPUFAM_AMD64 + DISPATCH_PICK_COND(rand_quick, rand_quick_x86ish_rdseed, + cpu_feature_p(CPUFEAT_X86_RDSEED)); + DISPATCH_PICK_COND(rand_quick, rand_quick_x86ish_rdrand, + cpu_feature_p(CPUFEAT_X86_RDRAND)); +#endif + DISPATCH_PICK_FALLBACK(rand_quick, trivial_quick); +} + +int rand_quick(rand_pool *r) { RAND_RESOLVE(r); return (quick(r)); } + /* --- @rand_seed@ --- * * * Arguments: @rand_pool *r@ = pointer to a randomness pool @@ -157,8 +218,18 @@ void rand_seed(rand_pool *r, unsigned bits) void rand_key(rand_pool *r, const void *k, size_t sz) { + HASH_CTX hc; + octet h[HASH_SZ]; + static const char label[] = "Catacomb random pool key"; + RAND_RESOLVE(r); - rmd160_hmacinit(&r->k, k, sz); + + assert(HASH_SZ >= RAND_KEYSZ); + HASH_INIT(&hc); + HASH(&hc, label, sizeof(label)); + if (sz) HASH(&hc, k, sz); + HASH_DONE(&hc, h); + memcpy(r->k.k, h, RAND_KEYSZ); } /* --- @rand_add@ --- * @@ -183,9 +254,7 @@ void rand_add(rand_pool *r, const void *p, size_t sz, unsigned goodbits) const octet *c = p; int i, rot; -#if RAND_POOLSZ != 128 -# error Polynomial in rand_add is out of date. Fix it. -#endif + STATIC_ASSERT(RAND_POOLSZ == 128, "Polynomial doesn't match pool size"); RAND_RESOLVE(r); @@ -234,33 +303,31 @@ unsigned rand_goodbits(rand_pool *r) void rand_gate(rand_pool *r) { - octet mac[RMD160_HASHSZ]; + octet h[HASH_SZ], g[4]; + HASH_CTX hc; + CIPHER_CTX cc; + + STATIC_ASSERT(CIPHER_KEYSZ <= HASH_SZ, "rand cipher keysize too long"); RAND_RESOLVE(r); - TIMER(r); + QUICK(r); /* --- Hash up all the data in the pool --- */ - { - rmd160_macctx mc; - - rmd160_macinit(&mc, &r->k); - rmd160_machash(&mc, r->pool, sizeof(r->pool)); - rmd160_machash(&mc, r->buf, sizeof(r->buf)); - rmd160_macdone(&mc, mac); - BURN(mc); - } + HASH_INIT(&hc); + STORE32(g, r->gen); HASH(&hc, g, sizeof(g)); + HASH(&hc, r->k.k, RAND_KEYSZ); + HASH(&hc, r->pool, RAND_POOLSZ); + HASH(&hc, r->buf, RAND_BUFSZ); + HASH_DONE(&hc, h); + BURN(hc); /* --- Now mangle all of the data based on the hash --- */ - { - blowfish_cbcctx bc; - - blowfish_cbcinit(&bc, mac, sizeof(mac), 0); - blowfish_cbcencrypt(&bc, r->pool, r->pool, sizeof(r->pool)); - blowfish_cbcencrypt(&bc, r->buf, r->buf, sizeof(r->buf)); - BURN(bc); - } + CIPHER_INIT(&cc, h, CIPHER_KEYSZ, 0); + CIPHER_ENCRYPT(&cc, r->pool, r->pool, RAND_POOLSZ); + CIPHER_ENCRYPT(&cc, r->buf, r->buf, RAND_BUFSZ); + BURN(cc); /* --- Reset the various state variables --- */ @@ -271,7 +338,7 @@ void rand_gate(rand_pool *r) r->obits = RAND_OBITS; } else r->ibits = 0; - TIMER(r); + QUICK(r); } /* --- @rand_stretch@ --- * @@ -288,37 +355,35 @@ void rand_gate(rand_pool *r) void rand_stretch(rand_pool *r) { - octet mac[RMD160_HASHSZ]; + octet h[HASH_SZ], g[4]; + HASH_CTX hc; + CIPHER_CTX cc; + + STATIC_ASSERT(CIPHER_KEYSZ <= HASH_SZ, "rand cipher keysize too long"); RAND_RESOLVE(r); - TIMER(r); + QUICK(r); /* --- Hash up all the data in the buffer --- */ - { - rmd160_macctx mc; + HASH_INIT(&hc); + STORE32(g, r->gen); HASH(&hc, g, sizeof(g)); + HASH(&hc, r->k.k, RAND_KEYSZ); + HASH(&hc, r->pool, RAND_POOLSZ); + HASH(&hc, r->buf, RAND_BUFSZ); + HASH_DONE(&hc, h); + BURN(hc); - rmd160_macinit(&mc, &r->k); - rmd160_machash(&mc, r->pool, sizeof(r->pool)); - rmd160_machash(&mc, r->buf, sizeof(r->buf)); - rmd160_macdone(&mc, mac); - BURN(mc); - } + /* --- Now mangle the buffer based on the hash --- */ - /* --- Now mangle the buffer based on that hash --- */ - - { - blowfish_cbcctx bc; - - blowfish_cbcinit(&bc, mac, sizeof(mac), 0); - blowfish_cbcencrypt(&bc, r->buf, r->buf, sizeof(r->buf)); - BURN(bc); - } + CIPHER_INIT(&cc, h, CIPHER_KEYSZ, 0); + CIPHER_ENCRYPT(&cc, r->buf, r->buf, RAND_BUFSZ); + BURN(cc); /* --- Reset the various state variables --- */ r->o = RAND_SECSZ; - TIMER(r); + QUICK(r); } /* --- @rand_get@ --- * @@ -342,7 +407,8 @@ void rand_get(rand_pool *r, void *p, size_t sz) octet *o = p; RAND_RESOLVE(r); - TIMER(r); + GENCHECK(r); + QUICK(r); if (!sz) return; @@ -395,7 +461,8 @@ void rand_getgood(rand_pool *r, void *p, size_t sz) rand_get(r, p, sz); return; } - TIMER(r); + GENCHECK(r); + QUICK(r); while (sz) { size_t chunk = sz; @@ -421,21 +488,10 @@ void rand_getgood(rand_pool *r, void *p, size_t sz) /*----- Generic random number generator interface -------------------------*/ -#define GRESOLVE(g, r) do { \ - if (r != &rand_global) \ - g = (gctx *)r; \ - else { \ - if (!pool) \ - pool = (gctx *)rand_create(); \ - g = pool; \ - } \ -} while (0) - static void gdestroy(grand *r) { - gctx *g; - GRESOLVE(g, r); - if (g != pool) { + gctx *g = (gctx *)r; + if (g != &rand_global) { BURN(*g); S_DESTROY(g); } @@ -443,12 +499,11 @@ static void gdestroy(grand *r) static int gmisc(grand *r, unsigned op, ...) { - gctx *g; + gctx *g = (gctx *)r; va_list ap; int rc = 0; va_start(ap, op); - GRESOLVE(g, r); switch (op) { case GRAND_CHECK: switch (va_arg(ap, unsigned)) { @@ -509,7 +564,7 @@ static int gmisc(grand *r, unsigned op, ...) rand_seed(&g->p, va_arg(ap, unsigned)); break; case RAND_TIMER: - TIMER(&g->p); + QUICK(&g->p); break; case RAND_GOODBITS: rc = rand_goodbits(&g->p); @@ -531,26 +586,23 @@ static int gmisc(grand *r, unsigned op, ...) static octet gbyte(grand *r) { - gctx *g; + gctx *g = (gctx *)r; octet o; - GRESOLVE(g, r); rand_getgood(&g->p, &o, 1); return (o); } static uint32 gword(grand *r) { - gctx *g; + gctx *g = (gctx *)r; octet b[4]; - GRESOLVE(g, r); rand_getgood(&g->p, &b, sizeof(b)); return (LOAD32(b)); } static void gfill(grand *r, void *p, size_t sz) { - gctx *g; - GRESOLVE(g, r); + gctx *g = (gctx *)r; rand_get(&g->p, p, sz); } @@ -558,11 +610,9 @@ static const grand_ops gops = { "rand", GRAND_CRYPTO, 0, gmisc, gdestroy, - gword, gbyte, gword, grand_range, gfill + gword, gbyte, gword, grand_defaultrange, gfill }; -grand rand_global = { &gops }; - /* --- @rand_create@ --- * * * Arguments: ---