Constify the AES code and propagate to consumers. This allows us to

update the Fortuna code to use SHAd-256 as defined in FS&K.

Approved by:	so (self)

3 files changed, 13 insertions, 18 deletions

diff --git a/sys/dev/random/fortuna.c b/sys/dev/random/fortuna.c
index f8b3e0c..6f6febb 100644
--- a/sys/dev/random/fortuna.c
+++ b/sys/dev/random/fortuna.c
@@ -27,13 +27,11 @@
 
 /* This implementation of Fortuna is based on the descriptions found in
  * ISBN 0-471-22357-3 "Practical Cryptography" by Ferguson and Schneier
- * ("K&S").
+ * ("F&S").
  *
- * The above book is superceded by ISBN 978-0-470-47424-2 "Cryptography
- * Engineering" by Ferguson, Schneier and Kohno ("FS&K").
- *
- * This code has not yet caught up with FS&K, but differences are not
- * expected to be complex.
+ * The above book is superseded by ISBN 978-0-470-47424-2 "Cryptography
+ * Engineering" by Ferguson, Schneier and Kohno ("FS&K").  The code has
+ * not yet fully caught up with FS&K.
  */
 
 #include <sys/cdefs.h>
@@ -252,12 +250,9 @@ reseed(uint8_t *junk, u_int length)
 	mtx_assert(&random_reseed_mtx, MA_OWNED);
 #endif
 
-	/* F&S - K = Hd(K|s) where Hd(m) is H(H(m)) */
+	/* FS&K - K = Hd(K|s) where Hd(m) is H(H(0^512|m)) */
 	randomdev_hash_init(&context);
-#if 0
-	/* FS&K defines Hd(m) as H(H(0^512|m)) */
-	randomdev_hash_iterate(&context, zero_region, KEYSIZE);
-#endif
+	randomdev_hash_iterate(&context, zero_region, 512/8);
 	randomdev_hash_iterate(&context, &fortuna_state.key, sizeof(fortuna_state.key));
 	randomdev_hash_iterate(&context, junk, length);
 	randomdev_hash_finish(&context, hash);
@@ -270,7 +265,7 @@ reseed(uint8_t *junk, u_int length)
 	/* Unblock the device if it was blocked due to being unseeded */
 	if (uint128_is_zero(fortuna_state.counter.whole))
 		random_adaptor_unblock();
-	/* F&S - C = C + 1 */
+	/* FS&K - C = C + 1 */
 	uint128_increment(&fortuna_state.counter.whole);
 }
 
diff --git a/sys/dev/random/hash.c b/sys/dev/random/hash.c
index 7deee87..844e423 100644
--- a/sys/dev/random/hash.c
+++ b/sys/dev/random/hash.c
@@ -60,7 +60,7 @@ randomdev_hash_init(struct randomdev_hash *context)
 
 /* Iterate the hash */
 void
-randomdev_hash_iterate(struct randomdev_hash *context, void *data, size_t size)
+randomdev_hash_iterate(struct randomdev_hash *context, const void *data, size_t size)
 {
 
 	SHA256_Update(&context->sha, data, size);
@@ -81,7 +81,7 @@ randomdev_hash_finish(struct randomdev_hash *context, void *buf)
  * data. Use CBC mode for better avalanche.
  */
 void
-randomdev_encrypt_init(struct randomdev_key *context, void *data)
+randomdev_encrypt_init(struct randomdev_key *context, const void *data)
 {
 
 	rijndael_cipherInit(&context->cipher, MODE_CBC, NULL);
@@ -93,7 +93,7 @@ randomdev_encrypt_init(struct randomdev_key *context, void *data)
  * a multiple of BLOCKSIZE.
  */
 void
-randomdev_encrypt(struct randomdev_key *context, void *d_in, void *d_out, u_int length)
+randomdev_encrypt(struct randomdev_key *context, const void *d_in, void *d_out, u_int length)
 {
 
 	rijndael_blockEncrypt(&context->cipher, &context->key, d_in, length*8, d_out);
diff --git a/sys/dev/random/hash.h b/sys/dev/random/hash.h
index 57c0c6d..d49de3a 100644
--- a/sys/dev/random/hash.h
+++ b/sys/dev/random/hash.h
@@ -42,9 +42,9 @@ struct randomdev_key {		/* Big! Make static! */
 };
 
 void randomdev_hash_init(struct randomdev_hash *);
-void randomdev_hash_iterate(struct randomdev_hash *, void *, size_t);
+void randomdev_hash_iterate(struct randomdev_hash *, const void *, size_t);
 void randomdev_hash_finish(struct randomdev_hash *, void *);
-void randomdev_encrypt_init(struct randomdev_key *, void *);
-void randomdev_encrypt(struct randomdev_key *context, void *, void *, u_int);
+void randomdev_encrypt_init(struct randomdev_key *, const void *);
+void randomdev_encrypt(struct randomdev_key *context, const void *, void *, u_int);
 
 #endif