Changeset View
Changeset View
Standalone View
Standalone View
head/sys/dev/random/fortuna.c
| Show First 20 Lines • Show All 103 Lines • ▼ Show 20 Lines | |||||
| */ | */ | ||||
| static struct fortuna_state { | static struct fortuna_state { | ||||
| struct fs_pool { /* P_i */ | struct fs_pool { /* P_i */ | ||||
| u_int fsp_length; /* Only the first one is used by Fortuna */ | u_int fsp_length; /* Only the first one is used by Fortuna */ | ||||
| struct randomdev_hash fsp_hash; | struct randomdev_hash fsp_hash; | ||||
| } fs_pool[RANDOM_FORTUNA_NPOOLS]; | } fs_pool[RANDOM_FORTUNA_NPOOLS]; | ||||
| u_int fs_reseedcount; /* ReseedCnt */ | u_int fs_reseedcount; /* ReseedCnt */ | ||||
| uint128_t fs_counter; /* C */ | uint128_t fs_counter; /* C */ | ||||
| struct randomdev_key fs_key; /* K */ | union randomdev_key fs_key; /* K */ | ||||
| u_int fs_minpoolsize; /* Extras */ | u_int fs_minpoolsize; /* Extras */ | ||||
| /* Extras for the OS */ | /* Extras for the OS */ | ||||
| #ifdef _KERNEL | #ifdef _KERNEL | ||||
| /* For use when 'pacing' the reseeds */ | /* For use when 'pacing' the reseeds */ | ||||
| sbintime_t fs_lasttime; | sbintime_t fs_lasttime; | ||||
| #endif | #endif | ||||
| /* Reseed lock */ | /* Reseed lock */ | ||||
| mtx_t fs_mtx; | mtx_t fs_mtx; | ||||
| ▲ Show 20 Lines • Show All 145 Lines • ▼ Show 20 Lines | |||||
| * The entropy_data buffer passed is a very specific size; the | * The entropy_data buffer passed is a very specific size; the | ||||
| * product of RANDOM_FORTUNA_NPOOLS and RANDOM_KEYSIZE. | * product of RANDOM_FORTUNA_NPOOLS and RANDOM_KEYSIZE. | ||||
| */ | */ | ||||
| static void | static void | ||||
| random_fortuna_reseed_internal(uint32_t *entropy_data, u_int blockcount) | random_fortuna_reseed_internal(uint32_t *entropy_data, u_int blockcount) | ||||
| { | { | ||||
| struct randomdev_hash context; | struct randomdev_hash context; | ||||
| uint8_t hash[RANDOM_KEYSIZE]; | uint8_t hash[RANDOM_KEYSIZE]; | ||||
| const void *keymaterial; | |||||
| size_t keysz; | |||||
| bool seeded; | |||||
| RANDOM_RESEED_ASSERT_LOCK_OWNED(); | RANDOM_RESEED_ASSERT_LOCK_OWNED(); | ||||
| seeded = random_fortuna_seeded(); | |||||
| if (seeded) { | |||||
| randomdev_getkey(&fortuna_state.fs_key, &keymaterial, &keysz); | |||||
| KASSERT(keysz == RANDOM_KEYSIZE, ("%s: key size %zu not %u", | |||||
| __func__, keysz, (unsigned)RANDOM_KEYSIZE)); | |||||
| } | |||||
| /*- | /*- | ||||
| * FS&K - K = Hd(K|s) where Hd(m) is H(H(0^512|m)) | * FS&K - K = Hd(K|s) where Hd(m) is H(H(0^512|m)) | ||||
| * - C = C + 1 | * - C = C + 1 | ||||
| */ | */ | ||||
| randomdev_hash_init(&context); | randomdev_hash_init(&context); | ||||
| randomdev_hash_iterate(&context, zero_region, RANDOM_ZERO_BLOCKSIZE); | randomdev_hash_iterate(&context, zero_region, RANDOM_ZERO_BLOCKSIZE); | ||||
| randomdev_hash_iterate(&context, &fortuna_state.fs_key.key.keyMaterial, | if (seeded) | ||||
| fortuna_state.fs_key.key.keyLen / 8); | randomdev_hash_iterate(&context, keymaterial, keysz); | ||||
| randomdev_hash_iterate(&context, entropy_data, RANDOM_KEYSIZE*blockcount); | randomdev_hash_iterate(&context, entropy_data, RANDOM_KEYSIZE*blockcount); | ||||
| randomdev_hash_finish(&context, hash); | randomdev_hash_finish(&context, hash); | ||||
| randomdev_hash_init(&context); | randomdev_hash_init(&context); | ||||
| randomdev_hash_iterate(&context, hash, RANDOM_KEYSIZE); | randomdev_hash_iterate(&context, hash, RANDOM_KEYSIZE); | ||||
| randomdev_hash_finish(&context, hash); | randomdev_hash_finish(&context, hash); | ||||
| randomdev_encrypt_init(&fortuna_state.fs_key, hash); | randomdev_encrypt_init(&fortuna_state.fs_key, hash); | ||||
| explicit_bzero(hash, sizeof(hash)); | explicit_bzero(hash, sizeof(hash)); | ||||
| /* Unblock the device if this is the first time we are reseeding. */ | /* Unblock the device if this is the first time we are reseeding. */ | ||||
| ▲ Show 20 Lines • Show All 165 Lines • Show Last 20 Lines | |||||