X-Git-Url: https://git.distorted.org.uk/~mdw/catacomb/blobdiff_plain/dd188526a23d32318662c3dd5e625ca15656f230..6c0946ef1f1fa9b75b8c6d65ea0554ff4e1ec4eb:/rand/rand.c diff --git a/rand/rand.c b/rand/rand.c index e0bebbfa..3b056332 100644 --- a/rand/rand.c +++ b/rand/rand.c @@ -27,6 +27,8 @@ /*----- Header files ------------------------------------------------------*/ +#include "config.h" + #include #include #include @@ -35,6 +37,7 @@ #include #include "arena.h" +#include "dispatch.h" #include "paranoia.h" #define RAND__HACKS @@ -68,7 +71,7 @@ typedef struct rand__gctx { gctx rand_global = { { &gops }, - { { 0 }, 0, 0, 0, + { { 0 }, 0, 0, 0, 0, { 0 }, RAND_SECSZ, 0, { "Catacomb global random byte pool" }, &noise_source } @@ -79,9 +82,15 @@ gctx rand_global = { #define RAND_RESOLVE(r) \ do { if ((r) == RAND_GLOBAL) r = &rand_global.p; } while (0) -#define TIMER(r) do { \ - if ((r)->s && (r)->s->timer) \ - (r)->s->timer(r); \ +#define GENCHECK(r) do { \ + unsigned gen = rand_generation(); \ + if (r->gen != gen) { r->gen = gen; rand_gate(r); } \ +} while (0) + +static int quick(rand_pool *); +#define QUICK(r) do { \ + quick(r); \ + if ((r)->s && (r)->s->timer) (r)->s->timer(r); \ } while (0) /*----- Main code ---------------------------------------------------------*/ @@ -103,6 +112,7 @@ void rand_init(rand_pool *r) RAND_RESOLVE(r); memset(r->pool, 0, sizeof(r->pool)); memset(r->buf, 0, sizeof(r->buf)); + r->gen = rand_generation(); r->i = 0; r->irot = 0; r->ibits = r->obits = 0; @@ -135,6 +145,40 @@ void rand_noisesrc(rand_pool *r, const rand_source *s) r->s = s; } +/* --- @rand_quick@ --- * + * + * Arguments: @rand_pool *r@ = pointer to a randomness pool + * + * Returns: Zero on success; @-1@ on failure. + * + * Use Attempts to use some machine-specific `quick' source of + * entropy to top up @r@. This may not do anything at all on + * many systems. + */ + +CPU_DISPATCH(static, return, int, quick, (rand_pool *r), (r), + pick_quick, trivial_quick); + +static int trivial_quick(rand_pool *r) { return (-1); } + +#if CPUFAM_X86 || CPUFAM_AMD64 +extern int rand_quick_x86ish_rdrand(rand_pool */*r*/); +extern int rand_quick_x86ish_rdseed(rand_pool */*r*/); +#endif + +static quick__functype *pick_quick(void) +{ +#if CPUFAM_X86 || CPUFAM_AMD64 + DISPATCH_PICK_COND(rand_quick, rand_quick_x86ish_rdseed, + cpu_feature_p(CPUFEAT_X86_RDSEED)); + DISPATCH_PICK_COND(rand_quick, rand_quick_x86ish_rdrand, + cpu_feature_p(CPUFEAT_X86_RDRAND)); +#endif + DISPATCH_PICK_FALLBACK(rand_quick, trivial_quick); +} + +int rand_quick(rand_pool *r) { RAND_RESOLVE(r); return (quick(r)); } + /* --- @rand_seed@ --- * * * Arguments: @rand_pool *r@ = pointer to a randomness pool @@ -210,9 +254,7 @@ void rand_add(rand_pool *r, const void *p, size_t sz, unsigned goodbits) const octet *c = p; int i, rot; -#if RAND_POOLSZ != 128 -# error Polynomial in rand_add is out of date. Fix it. -#endif + STATIC_ASSERT(RAND_POOLSZ == 128, "Polynomial doesn't match pool size"); RAND_RESOLVE(r); @@ -261,16 +303,20 @@ unsigned rand_goodbits(rand_pool *r) void rand_gate(rand_pool *r) { - octet h[HASH_SZ]; + octet h[HASH_SZ], g[4]; HASH_CTX hc; CIPHER_CTX cc; + STATIC_ASSERT(CIPHER_KEYSZ <= HASH_SZ, "rand cipher keysize too long"); + RAND_RESOLVE(r); - TIMER(r); + QUICK(r); /* --- Hash up all the data in the pool --- */ HASH_INIT(&hc); + STORE32(g, r->gen); HASH(&hc, g, sizeof(g)); + HASH(&hc, r->k.k, RAND_KEYSZ); HASH(&hc, r->pool, RAND_POOLSZ); HASH(&hc, r->buf, RAND_BUFSZ); HASH_DONE(&hc, h); @@ -278,7 +324,6 @@ void rand_gate(rand_pool *r) /* --- Now mangle all of the data based on the hash --- */ - assert(CIPHER_KEYSZ <= HASH_SZ); CIPHER_INIT(&cc, h, CIPHER_KEYSZ, 0); CIPHER_ENCRYPT(&cc, r->pool, r->pool, RAND_POOLSZ); CIPHER_ENCRYPT(&cc, r->buf, r->buf, RAND_BUFSZ); @@ -293,7 +338,7 @@ void rand_gate(rand_pool *r) r->obits = RAND_OBITS; } else r->ibits = 0; - TIMER(r); + QUICK(r); } /* --- @rand_stretch@ --- * @@ -310,16 +355,20 @@ void rand_gate(rand_pool *r) void rand_stretch(rand_pool *r) { - octet h[HASH_SZ]; + octet h[HASH_SZ], g[4]; HASH_CTX hc; CIPHER_CTX cc; + STATIC_ASSERT(CIPHER_KEYSZ <= HASH_SZ, "rand cipher keysize too long"); + RAND_RESOLVE(r); - TIMER(r); + QUICK(r); /* --- Hash up all the data in the buffer --- */ HASH_INIT(&hc); + STORE32(g, r->gen); HASH(&hc, g, sizeof(g)); + HASH(&hc, r->k.k, RAND_KEYSZ); HASH(&hc, r->pool, RAND_POOLSZ); HASH(&hc, r->buf, RAND_BUFSZ); HASH_DONE(&hc, h); @@ -327,7 +376,6 @@ void rand_stretch(rand_pool *r) /* --- Now mangle the buffer based on the hash --- */ - assert(CIPHER_KEYSZ <= HASH_SZ); CIPHER_INIT(&cc, h, CIPHER_KEYSZ, 0); CIPHER_ENCRYPT(&cc, r->buf, r->buf, RAND_BUFSZ); BURN(cc); @@ -335,7 +383,7 @@ void rand_stretch(rand_pool *r) /* --- Reset the various state variables --- */ r->o = RAND_SECSZ; - TIMER(r); + QUICK(r); } /* --- @rand_get@ --- * @@ -359,7 +407,8 @@ void rand_get(rand_pool *r, void *p, size_t sz) octet *o = p; RAND_RESOLVE(r); - TIMER(r); + GENCHECK(r); + QUICK(r); if (!sz) return; @@ -412,7 +461,8 @@ void rand_getgood(rand_pool *r, void *p, size_t sz) rand_get(r, p, sz); return; } - TIMER(r); + GENCHECK(r); + QUICK(r); while (sz) { size_t chunk = sz; @@ -514,7 +564,7 @@ static int gmisc(grand *r, unsigned op, ...) rand_seed(&g->p, va_arg(ap, unsigned)); break; case RAND_TIMER: - TIMER(&g->p); + QUICK(&g->p); break; case RAND_GOODBITS: rc = rand_goodbits(&g->p); @@ -560,7 +610,7 @@ static const grand_ops gops = { "rand", GRAND_CRYPTO, 0, gmisc, gdestroy, - gword, gbyte, gword, grand_range, gfill + gword, gbyte, gword, grand_defaultrange, gfill }; /* --- @rand_create@ --- *