Differential D16898 Diff 47297 sys/dev/random/fortuna.c

Changeset View

Standalone View

sys/dev/random/fortuna.c

Show First 20 Lines • Show All 53 Lines • ▼ Show 20 Lines
#include <crypto/sha2/sha256.h>		#include <crypto/sha2/sha256.h>

#include <dev/random/hash.h>		#include <dev/random/hash.h>
#include <dev/random/randomdev.h>		#include <dev/random/randomdev.h>
#include <dev/random/random_harvestq.h>		#include <dev/random/random_harvestq.h>
#include <dev/random/uint128.h>		#include <dev/random/uint128.h>
#include <dev/random/fortuna.h>		#include <dev/random/fortuna.h>
#else /* !_KERNEL */		#else /* !_KERNEL */
		#include <sys/param.h>
#include <inttypes.h>		#include <inttypes.h>
#include <stdbool.h>		#include <stdbool.h>
#include <stdio.h>		#include <stdio.h>
#include <stdlib.h>		#include <stdlib.h>
#include <string.h>		#include <string.h>
#include <threads.h>		#include <threads.h>

#include "unit_test.h"		#include "unit_test.h"
Show All 22 Lines
CTASSERT(RANDOM_FORTUNA_MINPOOLSIZE <= RANDOM_FORTUNA_DEFPOOLSIZE);		CTASSERT(RANDOM_FORTUNA_MINPOOLSIZE <= RANDOM_FORTUNA_DEFPOOLSIZE);
CTASSERT(RANDOM_FORTUNA_DEFPOOLSIZE <= RANDOM_FORTUNA_MAXPOOLSIZE);		CTASSERT(RANDOM_FORTUNA_DEFPOOLSIZE <= RANDOM_FORTUNA_MAXPOOLSIZE);

/* This algorithm (and code) presumes that RANDOM_KEYSIZE is twice as large as RANDOM_BLOCKSIZE */		/* This algorithm (and code) presumes that RANDOM_KEYSIZE is twice as large as RANDOM_BLOCKSIZE */
CTASSERT(RANDOM_BLOCKSIZE == sizeof(uint128_t));		CTASSERT(RANDOM_BLOCKSIZE == sizeof(uint128_t));
CTASSERT(RANDOM_KEYSIZE == 2*RANDOM_BLOCKSIZE);		CTASSERT(RANDOM_KEYSIZE == 2*RANDOM_BLOCKSIZE);

/* Probes for dtrace(1) */		/* Probes for dtrace(1) */
		#ifdef _KERNEL
SDT_PROVIDER_DECLARE(random);		SDT_PROVIDER_DECLARE(random);
SDT_PROVIDER_DEFINE(random);		SDT_PROVIDER_DEFINE(random);
SDT_PROBE_DEFINE2(random, fortuna, event_processor, debug, "u_int", "struct fs_pool *");		SDT_PROBE_DEFINE2(random, fortuna, event_processor, debug, "u_int", "struct fs_pool *");
		#endif /* _KERNEL */

/*		/*
* This is the beastie that needs protecting. It contains all of the		* This is the beastie that needs protecting. It contains all of the
* state that we are excited about. Exactly one is instantiated.		* state that we are excited about. Exactly one is instantiated.
*/		*/
static struct fortuna_state {		static struct fortuna_state {
struct fs_pool { /* P_i */		struct fs_pool { /* P_i */
u_int fsp_length; /* Only the first one is used by Fortuna */		u_int fsp_length; /* Only the first one is used by Fortuna */
▲ Show 20 Lines • Show All 125 Lines • ▼ Show 20 Lines	random_fortuna_process_event(struct harvest_event *event)
/*		/*
* We ignore low entropy static/counter fields towards the end of the		* We ignore low entropy static/counter fields towards the end of the
* he_event structure in order to increase measurable entropy when		* he_event structure in order to increase measurable entropy when
* conducting SP800-90B entropy analysis measurements of seed material		* conducting SP800-90B entropy analysis measurements of seed material
* fed into PRNG.		* fed into PRNG.
* -- wdf		* -- wdf
*/		*/
KASSERT(event->he_size <= sizeof(event->he_entropy),		KASSERT(event->he_size <= sizeof(event->he_entropy),
("%s: event->he_size: %hhu > sizeof(event->he_entropy): %zu\n",		("%s: event->he_size: %hhu > sizeof(event->he_entropy): %zu\n",
		cemUnsubmitted Done Inline Actions Why was this changed? I think %hhu was correct and %u isn't. he_size is a uint8_t. cem: Why was this changed? I think %hhu was correct and %u isn't. he_size is a uint8_t.
		markmAuthorUnsubmitted Done Inline Actions Because I'm an idiot! :-( I mean :-) markm: Because I'm an idiot! :-( I mean :-)
__func__, event->he_size, sizeof(event->he_entropy)));		__func__, event->he_size, sizeof(event->he_entropy)));
randomdev_hash_iterate(&fortuna_state.fs_pool[pl].fsp_hash,		randomdev_hash_iterate(&fortuna_state.fs_pool[pl].fsp_hash,
&event->he_somecounter, sizeof(event->he_somecounter));		&event->he_somecounter, sizeof(event->he_somecounter));
randomdev_hash_iterate(&fortuna_state.fs_pool[pl].fsp_hash,		randomdev_hash_iterate(&fortuna_state.fs_pool[pl].fsp_hash,
event->he_entropy, event->he_size);		event->he_entropy, event->he_size);

/*-		/*-
* Don't wrap the length. This is a "saturating" add.		* Don't wrap the length. This is a "saturating" add.
▲ Show 20 Lines • Show All 140 Lines • ▼ Show 20 Lines	for (i = 0; i < RANDOM_FORTUNA_NPOOLS; i++) {
randomdev_hash_init(&fortuna_state.fs_pool[i].fsp_hash);		randomdev_hash_init(&fortuna_state.fs_pool[i].fsp_hash);
fortuna_state.fs_pool[i].fsp_length = 0;		fortuna_state.fs_pool[i].fsp_length = 0;
randomdev_hash_init(&context);		randomdev_hash_init(&context);
randomdev_hash_iterate(&context, temp, RANDOM_KEYSIZE);		randomdev_hash_iterate(&context, temp, RANDOM_KEYSIZE);
randomdev_hash_finish(&context, s + i*RANDOM_KEYSIZE_WORDS);		randomdev_hash_finish(&context, s + i*RANDOM_KEYSIZE_WORDS);
} else		} else
break;		break;
}		}
		#ifdef _KERNEL
SDT_PROBE2(random, fortuna, event_processor, debug, fortuna_state.fs_reseedcount, fortuna_state.fs_pool);		SDT_PROBE2(random, fortuna, event_processor, debug, fortuna_state.fs_reseedcount, fortuna_state.fs_pool);
		#endif
/* FS&K */		/* FS&K */
random_fortuna_reseed_internal(s, i < RANDOM_FORTUNA_NPOOLS ? i + 1 : RANDOM_FORTUNA_NPOOLS);		random_fortuna_reseed_internal(s, i < RANDOM_FORTUNA_NPOOLS ? i + 1 : RANDOM_FORTUNA_NPOOLS);
/* Clean up and secure */		/* Clean up and secure */
explicit_bzero(s, sizeof(s));		explicit_bzero(s, sizeof(s));
explicit_bzero(temp, sizeof(temp));		explicit_bzero(temp, sizeof(temp));
explicit_bzero(&context, sizeof(context));		explicit_bzero(&context, sizeof(context));
}		}
RANDOM_RESEED_UNLOCK();		RANDOM_RESEED_UNLOCK();
Show All 26 Lines