diff options
author | des <des@FreeBSD.org> | 2014-11-10 09:44:38 +0000 |
---|---|---|
committer | des <des@FreeBSD.org> | 2014-11-10 09:44:38 +0000 |
commit | d656003ded2880b12ef4b7bc010f43960fead6dc (patch) | |
tree | 23cd106f8b3ce857a01712210f815b716473d3b4 /sys/dev/random | |
parent | 02cd0a8cd68b8db488add1997d8762a5d6048bd7 (diff) | |
download | FreeBSD-src-d656003ded2880b12ef4b7bc010f43960fead6dc.zip FreeBSD-src-d656003ded2880b12ef4b7bc010f43960fead6dc.tar.gz |
Constify the AES code and propagate to consumers. This allows us to
update the Fortuna code to use SHAd-256 as defined in FS&K.
Approved by: so (self)
Diffstat (limited to 'sys/dev/random')
-rw-r--r-- | sys/dev/random/fortuna.c | 19 | ||||
-rw-r--r-- | sys/dev/random/hash.c | 6 | ||||
-rw-r--r-- | sys/dev/random/hash.h | 6 |
3 files changed, 13 insertions, 18 deletions
diff --git a/sys/dev/random/fortuna.c b/sys/dev/random/fortuna.c index f8b3e0c..6f6febb 100644 --- a/sys/dev/random/fortuna.c +++ b/sys/dev/random/fortuna.c @@ -27,13 +27,11 @@ /* This implementation of Fortuna is based on the descriptions found in * ISBN 0-471-22357-3 "Practical Cryptography" by Ferguson and Schneier - * ("K&S"). + * ("F&S"). * - * The above book is superceded by ISBN 978-0-470-47424-2 "Cryptography - * Engineering" by Ferguson, Schneier and Kohno ("FS&K"). - * - * This code has not yet caught up with FS&K, but differences are not - * expected to be complex. + * The above book is superseded by ISBN 978-0-470-47424-2 "Cryptography + * Engineering" by Ferguson, Schneier and Kohno ("FS&K"). The code has + * not yet fully caught up with FS&K. */ #include <sys/cdefs.h> @@ -252,12 +250,9 @@ reseed(uint8_t *junk, u_int length) mtx_assert(&random_reseed_mtx, MA_OWNED); #endif - /* F&S - K = Hd(K|s) where Hd(m) is H(H(m)) */ + /* FS&K - K = Hd(K|s) where Hd(m) is H(H(0^512|m)) */ randomdev_hash_init(&context); -#if 0 - /* FS&K defines Hd(m) as H(H(0^512|m)) */ - randomdev_hash_iterate(&context, zero_region, KEYSIZE); -#endif + randomdev_hash_iterate(&context, zero_region, 512/8); randomdev_hash_iterate(&context, &fortuna_state.key, sizeof(fortuna_state.key)); randomdev_hash_iterate(&context, junk, length); randomdev_hash_finish(&context, hash); @@ -270,7 +265,7 @@ reseed(uint8_t *junk, u_int length) /* Unblock the device if it was blocked due to being unseeded */ if (uint128_is_zero(fortuna_state.counter.whole)) random_adaptor_unblock(); - /* F&S - C = C + 1 */ + /* FS&K - C = C + 1 */ uint128_increment(&fortuna_state.counter.whole); } diff --git a/sys/dev/random/hash.c b/sys/dev/random/hash.c index 7deee87..844e423 100644 --- a/sys/dev/random/hash.c +++ b/sys/dev/random/hash.c @@ -60,7 +60,7 @@ randomdev_hash_init(struct randomdev_hash *context) /* Iterate the hash */ void -randomdev_hash_iterate(struct randomdev_hash *context, void *data, size_t size) +randomdev_hash_iterate(struct randomdev_hash *context, const void *data, size_t size) { SHA256_Update(&context->sha, data, size); @@ -81,7 +81,7 @@ randomdev_hash_finish(struct randomdev_hash *context, void *buf) * data. Use CBC mode for better avalanche. */ void -randomdev_encrypt_init(struct randomdev_key *context, void *data) +randomdev_encrypt_init(struct randomdev_key *context, const void *data) { rijndael_cipherInit(&context->cipher, MODE_CBC, NULL); @@ -93,7 +93,7 @@ randomdev_encrypt_init(struct randomdev_key *context, void *data) * a multiple of BLOCKSIZE. */ void -randomdev_encrypt(struct randomdev_key *context, void *d_in, void *d_out, u_int length) +randomdev_encrypt(struct randomdev_key *context, const void *d_in, void *d_out, u_int length) { rijndael_blockEncrypt(&context->cipher, &context->key, d_in, length*8, d_out); diff --git a/sys/dev/random/hash.h b/sys/dev/random/hash.h index 57c0c6d..d49de3a 100644 --- a/sys/dev/random/hash.h +++ b/sys/dev/random/hash.h @@ -42,9 +42,9 @@ struct randomdev_key { /* Big! Make static! */ }; void randomdev_hash_init(struct randomdev_hash *); -void randomdev_hash_iterate(struct randomdev_hash *, void *, size_t); +void randomdev_hash_iterate(struct randomdev_hash *, const void *, size_t); void randomdev_hash_finish(struct randomdev_hash *, void *); -void randomdev_encrypt_init(struct randomdev_key *, void *); -void randomdev_encrypt(struct randomdev_key *context, void *, void *, u_int); +void randomdev_encrypt_init(struct randomdev_key *, const void *); +void randomdev_encrypt(struct randomdev_key *context, const void *, void *, u_int); #endif |