diff options
| author | markm <markm@FreeBSD.org> | 2002-07-15 13:58:35 +0000 |
|---|---|---|
| committer | markm <markm@FreeBSD.org> | 2002-07-15 13:58:35 +0000 |
| commit | 2370535caa1ffd00e4480c7894e5e9381e52520d (patch) | |
| tree | fb7e9c3d811aeb44859d7b6f68ad78e9fda5e601 | |
| parent | a22b6ae7fb60a1cfcb9cbdfc8e6146d714f11589 (diff) | |
| download | FreeBSD-src-2370535caa1ffd00e4480c7894e5e9381e52520d.zip FreeBSD-src-2370535caa1ffd00e4480c7894e5e9381e52520d.tar.gz | |
Upgrade the random device to use a "real" hash instead of building
one out of a block cipher. This has 2 advantages:
1) The code is _much_ simpler
2) We aren't committing our security to one algorithm (much as we
may think we trust AES).
While I'm here, make an explicit reseed do a slow reseed instead
of a fast; this is in line with what the original paper suggested.
| -rw-r--r-- | sys/conf/files | 1 | ||||
| -rw-r--r-- | sys/dev/random/hash.c | 50 | ||||
| -rw-r--r-- | sys/dev/random/hash.h | 8 | ||||
| -rw-r--r-- | sys/dev/random/yarrow.c | 7 | ||||
| -rw-r--r-- | sys/modules/random/Makefile | 3 |
5 files changed, 14 insertions, 55 deletions
diff --git a/sys/conf/files b/sys/conf/files index 5d25d3e..e27d638 100644 --- a/sys/conf/files +++ b/sys/conf/files @@ -507,6 +507,7 @@ dev/random/yarrow.c optional random dev/random/hash.c optional random crypto/rijndael/rijndael-alg-fst.c optional random crypto/rijndael/rijndael-api-fst.c optional random +crypto/sha2/sha2.c optional random dev/ray/if_ray.c optional ray card dev/ray/if_ray.c optional ray pccard dev/rp/rp.c optional rp diff --git a/sys/dev/random/hash.c b/sys/dev/random/hash.c index a9246c3..98bd253 100644 --- a/sys/dev/random/hash.c +++ b/sys/dev/random/hash.c @@ -30,47 +30,22 @@ #include <sys/systm.h> #include <crypto/rijndael/rijndael.h> +#include <crypto/sha2/sha2.h> #include <dev/random/hash.h> -/* initialise the hash by zeroing it */ +/* initialise the hash */ void yarrow_hash_init(struct yarrowhash *context) { - rijndael_cipherInit(&context->cipher, MODE_CBC, NULL); - bzero(context->hash, KEYSIZE); - context->partial = 0; + SHA256_Init(&context->sha); } -/* Do a Davies-Meyer hash using a block cipher. - * H_0 = I - * H_i = E_M_i(H_i-1) ^ H_i-1 - */ +/* iterate the hash */ void yarrow_hash_iterate(struct yarrowhash *context, void *data, size_t size) { - u_char temp[KEYSIZE]; - u_int i, j; - union { - void *pv; - char *pc; - } trans; - - trans.pv = data; - for (i = 0; i < size; i++) { - context->accum[context->partial++] = trans.pc[i]; - if (context->partial == (KEYSIZE - 1)) { - rijndael_makeKey(&context->hashkey, DIR_ENCRYPT, - KEYSIZE*8, context->accum); - rijndael_blockEncrypt(&context->cipher, - &context->hashkey, context->hash, - KEYSIZE*8, temp); - for (j = 0; j < KEYSIZE; j++) - context->hash[j] ^= temp[j]; - bzero(context->accum, KEYSIZE); - context->partial = 0; - } - } + SHA256_Update(&context->sha, data, size); } /* Conclude by returning the hash in the supplied /buf/ which must be @@ -80,20 +55,7 @@ yarrow_hash_iterate(struct yarrowhash *context, void *data, size_t size) void yarrow_hash_finish(struct yarrowhash *context, void *buf) { - u_char temp[KEYSIZE]; - int i; - - if (context->partial) { - rijndael_makeKey(&context->hashkey, DIR_ENCRYPT, - KEYSIZE*8, context->accum); - rijndael_blockEncrypt(&context->cipher, - &context->hashkey, context->hash, - KEYSIZE*8, temp); - for (i = 0; i < KEYSIZE; i++) - context->hash[i] ^= temp[i]; - } - memcpy(buf, context->hash, KEYSIZE); - bzero(context->hash, KEYSIZE); + SHA256_Final(buf, &context->sha); } /* Initialise the encryption routine by setting up the key schedule diff --git a/sys/dev/random/hash.h b/sys/dev/random/hash.h index 5a30821..b307bfc 100644 --- a/sys/dev/random/hash.h +++ b/sys/dev/random/hash.h @@ -26,14 +26,10 @@ * $FreeBSD$ */ -#define KEYSIZE 32 /* in bytes - 32 bytes == 256 bits */ +#define KEYSIZE 32 /* (in bytes) 32 bytes == 256 bits */ struct yarrowhash { /* Big! Make static! */ - keyInstance hashkey; /* Data cycles through here */ - cipherInstance cipher; /* Rijndael internal */ - u_char hash[KEYSIZE]; /* Repeatedly encrypted */ - char accum[KEYSIZE]; /* Accumulate partial chunks */ - u_int partial; /* Keep track of < KEYSIZE chunks */ + SHA256_CTX sha; }; struct yarrowkey { /* Big! Make static! */ diff --git a/sys/dev/random/yarrow.c b/sys/dev/random/yarrow.c index dd79c34..9407892 100644 --- a/sys/dev/random/yarrow.c +++ b/sys/dev/random/yarrow.c @@ -35,6 +35,7 @@ #include <sys/sysctl.h> #include <crypto/rijndael/rijndael.h> +#include <crypto/sha2/sha2.h> #include <dev/random/hash.h> #include <dev/random/randomdev.h> @@ -249,9 +250,7 @@ reseed(u_int fastslow) random_unblock(); } -/* Internal function to do return processed entropy from the - * Yarrow PRNG - */ +/* Internal function to return processed entropy from the PRNG */ int read_random_real(void *buf, int count) { @@ -343,5 +342,5 @@ generator_gate(void) void random_reseed(void) { - reseed(FAST); + reseed(SLOW); } diff --git a/sys/modules/random/Makefile b/sys/modules/random/Makefile index d88a19b..1e72868 100644 --- a/sys/modules/random/Makefile +++ b/sys/modules/random/Makefile @@ -2,10 +2,11 @@ .PATH: ${.CURDIR}/../../dev/random .PATH: ${.CURDIR}/../../crypto/rijndael +.PATH: ${.CURDIR}/../../crypto/sha2 KMOD= random SRCS= randomdev.c yarrow.c hash.c -SRCS+= rijndael-alg-fst.c rijndael-api-fst.c +SRCS+= rijndael-alg-fst.c rijndael-api-fst.c sha2.c SRCS+= bus_if.h device_if.h vnode_if.h CFLAGS+= -I${.CURDIR}/../.. |
