##DOS## $(WCONFIG) config < $@.in > $@
##DOS##lib\crypto\krb\prng\fortuna\Makefile: lib\crypto\krb\prng\fortuna\Makefile.in $(MKFDEP)
##DOS## $(WCONFIG) config < $@.in > $@
-##DOS##lib\crypto\krb\prng\yarrow\Makefile: lib\crypto\krb\prng\yarrow\Makefile.in $(MKFDEP)
-##DOS## $(WCONFIG) config < $@.in > $@
##DOS##lib\crypto\krb\prng\Makefile: lib\crypto\krb\prng\Makefile.in $(MKFDEP)
##DOS## $(WCONFIG) config < $@.in > $@
##DOS##lib\crypto\krb\prf\Makefile: lib\crypto\krb\prf\Makefile.in $(MKFDEP)
include/krb5/* lib/* lib/crypto/* lib/crypto/krb/* \
lib/crypto/krb/crc32/* lib/crypto/krb/rand2key/* \
lib/crypto/krb/prng/fortuna/* lib/crypto/krb/prng/nss/* \
- lib/crypto/krb/prng/yarrow/* lib/crypto/krb/prng/* \
+ lib/crypto/krb/prng/* \
lib/crypto/krb/prf/* lib/crypto/krb/checksum/* lib/crypto/krb/old/* \
lib/crypto/krb/raw/* lib/crypto/krb/arcfour/* lib/crypto/krb/dk/* \
lib/crypto/builtin/aes/* lib/crypto/builtin/enc_provider/* \
+++ /dev/null
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-
-#ifndef YHASH_H
-#define YHASH_H
-
-/* hash function interface */
-
-/* default to SHA1 for yarrow 160 */
-
-#include "shs.h"
-
-
-
-#define HASH_CTX SHS_INFO
-#define HASH_Init(x) shsInit(x)
-#define HASH_Update(x, buf, sz) shsUpdate(x, (const void*)buf, sz)
-#define HASH_Final(x, tdigest) do { \
- size_t loopvar; \
- unsigned char *out2 = (void *)(tdigest); \
- HASH_CTX *ctx = (x); \
- shsFinal(ctx); \
- for (loopvar=0; loopvar<(sizeof(ctx->digest)/sizeof(ctx->digest[0])); loopvar++) \
- store_32_be(ctx->digest[loopvar], &out2[loopvar*4]); \
- } while(0)
-
-
-#define HASH_DIGEST_SIZE SHS_DIGESTSIZE
-
-#endif /* YHASH_H */
$(srcdir)/t_short.c \
$(srcdir)/t_str2key.c \
$(srcdir)/t_derive.c \
- $(srcdir)/t_fork.c \
- $(srcdir)/ytest.c
+ $(srcdir)/t_fork.c
##DOS##BUILDTOP = ..\..\..
# NOTE: The t_cksum known checksum values are primarily for regression
# testing. They are not derived a priori, but are known to produce
# checksums that interoperate.
-#
-# We use the NSS PRNG when NSS is the crypto back end, so don't test
-# against the expected output for Yarrow.
check-unix:: t_nfold t_encrypt t_decrypt t_prf t_prng t_cmac t_hmac \
t_cksum4 t_cksum5 t_cksums \
aes-test \
$(RUN_SETUP) $(VALGRIND) ./t_encrypt
$(RUN_SETUP) $(VALGRIND) ./t_decrypt
$(RUN_SETUP) $(VALGRIND) ./t_prng <$(srcdir)/t_prng.seed >t_prng.output
- if [ $(PRNG_ALG) = yarrow ]; then \
- diff t_prng.output $(srcdir)/t_prng.expected; \
- fi
$(RUN_SETUP) $(VALGRIND) ./t_cmac
$(RUN_SETUP) $(VALGRIND) ./t_hmac
$(RUN_SETUP) $(VALGRIND) ./t_prf <$(srcdir)/t_prf.in >t_prf.output
t_fork$(EXEEXT): t_fork.$(OBJEXT) $(SUPPORT_DEPLIB)
$(CC_LINK) -o $@ t_fork.$(OBJEXT) -lkrb5 -lk5crypto -lcom_err $(SUPPORT_LIB)
-ytest: ytest.o shs.o $(SUPPORT_DEPLIB) $(CRYPTO_DEPLIB)
- $(CC_LINK) -o ytest ytest.o $(SUPPORT_LIB) $(CRYPTO_DEPLIB)
-
-
-
clean::
$(RM) t_nfold.o t_nfold nfold.$(OBJEXT) t_encrypt t_encrypt.o \
t_decrypt.o t_decrypt t_prng.o t_prng t_cmac.o t_cmac \
$(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \
$(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
$(top_srcdir)/include/socket-utils.h t_fork.c
-$(OUTPRE)ytest.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../builtin/sha1/shs.h \
- $(srcdir)/../builtin/yhash.h $(srcdir)/../krb/prng/yarrow/yarrow.h \
- $(srcdir)/../krb/prng/yarrow/ycipher.h $(srcdir)/../krb/prng/yarrow/yexcep.h \
- $(srcdir)/../krb/prng/yarrow/ytypes.h $(top_srcdir)/include/k5-buf.h \
- $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
- $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
- $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
- $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
- $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
- $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \
- $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
- $(top_srcdir)/include/socket-utils.h ytest.c
+++ /dev/null
-1
-160
- cb 12 70 40 ee fb 76 2e 32 0d f1 0c a7 a9 36 f8
- c8 f3 35 4e 0f 51 18 cd 25 0f 48 5b e4 97 aa 4f
- be 7e 93 af dd 15 29 fc 24 4f 0b 9a 9b 1d ad 7f
- 32 c8 a6 96 d4 34 aa 83 d2 d7 33 b0 2f aa ba f6
- cf 8c 78 ad 8a 52 e1 48 e4 7c a7 c5 57 49 31 ea
- db b7 9b 6b ab 13 f3 12 a5 ec 67 db 1e 83 73 be
- ca 59 fc ed 29 8c f3 ef ca fd 81 55 fa 91 3b 31
- da 24 d2 8b c1 a5 c1 3a 9c 50 a6 3c a1 60 31 0f
- 62 c7 88 9b 1a e9 9f 3c 0f 04 d0 35 11 45 f0 8b
- 84 a2 26 85 67 f1 e6 2b 34 6b ab 9b 3f c1 a1 0e
-0
-1
-40
- f4 fc ab 98 45 a0 41 e4 4d 65 9c eb c2 c9 74 a4
- 55 df 6c 78 78 bc db ae e7 63 b8 a7 33 3b d7 50
- f6 33 c4 a0 1d 14 45 04
-0
-0
-40
- 16 80 1d 78 39 4b 3a 27 80 87 08 6c a9 37 59 74
- 60 f8 fc 37 10 4a 8a c4 d6 3e 6a 41 1a e1 5f 69
- 92 12 5a e1 3b 86 f1 5d
-0
-0
-40
- a3 c8 78 4a a0 4d ce 3c 2a 8e 34 bf f7 06 dc d7
- 92 13 bd 74 45 72 40 b6 1c d6 55 28 47 1e f4 70
- 74 e4 94 d7 17 a6 7e 3b
-20
+++ /dev/null
-The reseedtest is intended to allow confirmation that if sufficient
-entropy is provided then the PRNG will reseed (well initially seed)
-itself before the first random data is requested. This test is not
-useful to run in an automated manner because the point is to look at
-internal function call order.
-
-To test this, set a break point at krb5int_yarrow_reseed and
-krb5_c_random_make_octets and run the test. The reseed function
-should be called with a pool of 1 (YARROW_SLOW_POOL) before
-krb5_c_random_make_octets is called.
-
-A slow reseed should require two sources to reach sufficient entropy.
-Sources start out sending entropy to fast pool then alternate with
-slow pool. So this test does the following:
-* Seed source 1
-* Seed source 1 (this time to slow pool)
-* Seed source 0
-* Seed source 0 (to slow pool triggering reseed)
-* Output some random data
-
-
+++ /dev/null
-fd543f42aded9bd725c9b05682cd0f504c1b33d1
+++ /dev/null
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/*
- * Yarrow - Cryptographic Pseudo-Random Number Generator
- * Copyright (c) 2000 Zero-Knowledge Systems, Inc.
- *
- * See the accompanying LICENSE file for license information.
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "yarrow.h"
-#include "yexcep.h"
-
-void hex_print( FILE* f, const char* var, void* data, size_t size );
-void dump_yarrow_state( FILE* f, Yarrow_CTX* y );
-
-#define YARROW_SEED_FILE "seed"
-
-static void print_yarrow_status( Yarrow_CTX *y )
-{
- int sid, pool;
- Source* source;
-
- for ( pool = 0; pool < 2; pool++ )
- {
- printf( " %s: ", pool == YARROW_SLOW_POOL ? "slow" : "fast" );
- for ( sid = 0; sid < y->num_sources; sid++ )
- {
- source = &y->source[ sid ];
- printf( "#%d=%d/%d, ", sid, source->entropy[pool],
- pool == YARROW_SLOW_POOL ?
- y->slow_thresh : y->fast_thresh );
- }
- }
- printf( "\n" );
-}
-
-int yarrow_verbose = 0;
-#define VERBOSE( x ) if ( yarrow_verbose ) { x }
-
-int Instrumented_krb5int_yarrow_input( Yarrow_CTX* y, int sid, void* sample,
- size_t size, int entropy )
-{
- int ret;
-
- VERBOSE( printf( "krb5int_yarrow_input( #%d, %d bits, %s ) = [", sid, entropy,
- y->source[sid].pool ==
- YARROW_SLOW_POOL ? "slow" : "fast" ); );
- ret = krb5int_yarrow_input( y, sid, sample, size, entropy );
-
- VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); );
- VERBOSE( print_yarrow_status( y ); );
- return (ret);
-}
-
-typedef int (*test_fn)( void );
-
-int test_1( void );
-int test_2( void );
-int test_3( void );
-int test_4( void );
-
-test_fn test_func[] =
-{
- test_1, test_2, test_3, test_4
-};
-
-#define num_tests ( sizeof(test_func) / sizeof(test_fn) )
-
-int do_test( int t )
-{
- EXCEP_DECL;
- int ret;
-
- printf( "doing test %d ... ", t ); fflush( stdout );
- ret = test_func[ t-1 ]();
- VERBOSE( printf( "\ndone test %d ", t ); );
- printf( "[%s]\n", krb5int_yarrow_str_error( ret ) ); fflush( stdout );
- THROW( ret );
-
-CATCH:
- THROW( EXCEP_BOOL );
- EXCEP_RET;
-}
-
-int main( int argc, char* argv[] )
-{
- EXCEP_DECL;
- int test = 0;
- char** argvp;
- char* arg;
- char* conv_ok = NULL;
- int ok = YARROW_OK;
- int done_some_tests = 0;
- int i;
- int ret;
-
- for ( argvp = argv+1, i = 1; i < argc; i++, argvp++ )
- {
- arg = *argvp;
- if ( arg[0] == '-' )
- {
- switch ( arg[1] )
- {
- case 'v': yarrow_verbose = 1; continue;
- default: fprintf( stderr, "usage: test [-v] [[test] ... ]\n" );
- THROW( YARROW_FAIL );
- }
- }
- conv_ok = NULL;
- test = strtoul( arg, &conv_ok, 10 );
- if ( !conv_ok || test < 1 || test > num_tests )
- {
- fprintf( stderr, "usage: test [-v] [[test] ... ]\n" );
- THROW( YARROW_FAIL );
- }
- else
- {
- ret = do_test( test );
- if ( ok ) { ok = ret; }
- done_some_tests = 1;
- }
- }
-
- if ( !done_some_tests )
- {
- for ( i = 1; i <= num_tests; i++ )
- {
- ret = do_test( i );
- if ( ok ) { ok = ret; }
- }
- }
- THROW( ok );
-
-CATCH:
- switch (EXCEPTION)
- {
- case YARROW_OK:
- exit (EXIT_SUCCESS);
- default:
- exit (EXIT_FAILURE);
- }
-}
-
-int test_1( void )
-{
- EXCEP_DECL;
-
-#if defined(YARROW_HASH_SHA1)
- VERBOSE( printf( "\nsha1 test\n\n" ); );
- THROW( YARROW_NOT_IMPL );
-#elif defined(YARROW_MD5)
- VERBOSE( printf( "\nmd5 test\n\n" ); );
- THROW( YARROW_NOT_IMPL );
-#else
- VERBOSE( printf( "\nunknown hash function\n\n" ); );
- THROW( YARROW_NOT_IMPL );
-#endif
-CATCH:
- EXCEP_RET;
-}
-
-int test_2( void )
-{
- EXCEP_DECL;
-
-#if defined(YARROW_CIPHER_3DES)
- VERBOSE( printf( "\n3des test\n\n" ); );
- THROW( YARROW_NOT_IMPL );
-#elif defined(YARROW_CIPHER_BLOWFISH)
- VERBOSE( printf( "\nblowfish test\n\n" ); );
- THROW( YARROW_NOT_IMPL );
-#elif defined(YARROW_CIPHER_IDEA)
- VERBOSE( printf( "\nidea test\n\n" ); );
- THROW( YARROW_NOT_IMPL );
-#else
- VERBOSE( printf( "\nunknown encryption function\n\n" ); );
- THROW( YARROW_NOT_IMPL );
-#endif
-CATCH:
- EXCEP_RET;
-}
-
-int test_3( void )
-{
- EXCEP_DECL;
-
-#if !defined(YARROW_CIPHER_3DES) || !defined(YARROW_HASH_SHA1)
- VERBOSE( printf( "\nnot Yarrow-SHA1-3DES (aka Yarrow-160)\n\n" ); );
- THROW( YARROW_NOT_IMPL );
-#endif
-
- VERBOSE( printf( "\nkrb5int_yarrow_stretch\n\n" ); );
- THROW( YARROW_NOT_IMPL );
-
-CATCH:
- EXCEP_RET;
-}
-
-int test_4( void )
-{
- EXCEP_DECL;
- Yarrow_CTX yarrow;
- int initialized = 0;
- unsigned user, mouse, keyboard;
- int i, ret;
- byte user_sample[ 20 ];
- byte mouse_sample[ 4 ];
- byte keyboard_sample[ 2 ];
- byte random[ 30 ];
- byte junk[ 48 ];
-
- memset( user_sample, 3, sizeof( user_sample ) );
- memset( mouse_sample, 1, sizeof( mouse_sample ) );
- memset( keyboard_sample, 2, sizeof( keyboard_sample ) );
-
- VERBOSE( printf( "\nGeneral workout test\n\n" ); )
-
- VERBOSE( printf( "krb5int_yarrow_init() = [" ); );
- ret = krb5int_yarrow_init( &yarrow, YARROW_SEED_FILE );
- VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); );
-
- if ( ret != YARROW_OK && ret != YARROW_NOT_SEEDED ) { THROW( ret ); }
- initialized = 1;
-
-#if defined( YARROW_DEBUG )
- dump_yarrow_state( stdout, &yarrow );
-#endif
-
- ret = krb5int_yarrow_new_source( &yarrow, &user );
- VERBOSE( printf( "krb5int_yarrow_new_source() = [%s]\n",
- krb5int_yarrow_str_error( ret ) ); );
- if ( ret != YARROW_OK ) { THROW( ret ); }
-
- VERBOSE( printf( "Yarrow_Poll( #%d ) = [", user ); );
- ret = Yarrow_Poll( &yarrow, user );
- VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); );
-
- ret = krb5int_yarrow_new_source( &yarrow, &mouse );
- VERBOSE( printf( "krb5int_yarrow_new_source() = [%s]\n",
- krb5int_yarrow_str_error( ret ) ); );
- if ( ret != YARROW_OK ) { THROW( ret ); }
-
- ret = krb5int_yarrow_new_source( &yarrow, &keyboard );
- VERBOSE( printf( "krb5int_yarrow_new_source() = [%s]\n",
- krb5int_yarrow_str_error( ret ) ); );
- if ( ret != YARROW_OK ) { THROW( ret ); }
-
-/* prematurely try to draw output, to check failure when no
- * seed file, or state saving turned off
- */
-
- VERBOSE( printf( "krb5int_yarrow_output( %d ) = [", sizeof( random ) ); );
- ret = krb5int_yarrow_output( &yarrow, random, sizeof( random ) );
- VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); );
-
-/* do it twice so that we some slow samples
- * (first sample goes to fast pool, and then samples alternate)
- */
-
- for ( i = 0; i < 2; i++ )
- {
- TRY( Instrumented_krb5int_yarrow_input( &yarrow, mouse, mouse_sample,
- sizeof( mouse_sample ), 2 ) );
-
- TRY( Instrumented_krb5int_yarrow_input( &yarrow, keyboard, keyboard_sample,
- sizeof( keyboard_sample ), 2 ) );
-
- TRY( Instrumented_krb5int_yarrow_input( &yarrow, user, user_sample,
- sizeof( user_sample ), 2 ) );
- }
-
-#if defined( YARROW_DEBUG )
- dump_yarrow_state( stdout, &yarrow );
-#endif
-
- VERBOSE( printf( "\nInduce user source (#%d) to reach "
- "slow threshold\n\n", user ); );
-
- /* induce fast reseed */
-
- for ( i = 0; i < 7; i++ )
- {
- TRY( Instrumented_krb5int_yarrow_input( &yarrow, user, user_sample,
- sizeof( user_sample ),
- sizeof( user_sample ) * 3 ) );
- }
-
- VERBOSE( printf( "\nInduce mouse source (#%d) to reach "
- "slow threshold reseed\n\n", mouse ); );
-
- /* induce slow reseed, by triggering a second source to reach it's
- threshold */
-
- for ( i = 0; i < 40; i++ )
- {
- TRY( Instrumented_krb5int_yarrow_input( &yarrow, mouse, mouse_sample,
- sizeof( mouse_sample ),
- sizeof( mouse_sample )*2 ) );
- }
-
- VERBOSE( printf( "\nProduce some output\n\n" ); );
-
- for ( i = 0; i < 30; i++ )
- {
- VERBOSE( printf( "krb5int_yarrow_output( %d ) = [", sizeof( junk ) ); );
- ret = krb5int_yarrow_output( &yarrow, junk, sizeof( junk ) );
- VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); );
- if ( ret != YARROW_OK ) { THROW( ret ); }
- }
-
- memset( junk, 0, sizeof( junk ) );
-
- VERBOSE( printf( "\nTrigger some fast and slow reseeds\n\n" ); );
-
- for ( i = 0; i < 30; i++ )
- {
- /* odd input to a different source so there are some slow reseeds */
-
- if ( i % 16 == 0 )
- {
- TRY( Instrumented_krb5int_yarrow_input( &yarrow, mouse, junk,
- sizeof( junk ),
- sizeof( junk ) * 3 ) );
- }
- else
- {
- TRY( Instrumented_krb5int_yarrow_input( &yarrow, user, junk,
- sizeof( junk ),
- sizeof( junk ) * 3 ) );
- }
- }
-
- VERBOSE( printf( "\nPrint some random output\n\n" ); );
-
- VERBOSE( printf( "krb5int_yarrow_output( %d ) = [", sizeof( random ) ); );
- ret = krb5int_yarrow_output( &yarrow, random, sizeof( random ) );
- VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); );
- if ( ret != YARROW_OK )
- {
- THROW( ret );
- }
- else
- {
- VERBOSE( hex_print( stdout, "random", random, sizeof( random ) ); );
- }
-
- VERBOSE( printf( "\nClose down Yarrow\n\n" ); );
-
-CATCH:
- if ( initialized )
- {
- VERBOSE( printf( "krb5int_yarrow_final() = [" ); );
- ret = krb5int_yarrow_final( &yarrow );
- VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); );
- THROW( ret );
- }
- EXCEP_RET;
-}
-
-void hex_print( FILE* f, const char* var, void* data, size_t size )
-{
- const char* conv = "0123456789abcdef";
- size_t i;
- char* p = (char*) data;
- char c, d;
-
- fprintf( f, var );
- fprintf( f, " = " );
- for ( i = 0; i < size; i++ )
- {
- c = conv[ (p[ i ] >> 4) & 0xf ];
- d = conv[ p[ i ] & 0xf ];
- fprintf( f, "%c%c", c, d );
- }
- fprintf( f, "\n" );
-}
-
-void dump_yarrow_state( FILE* f, Yarrow_CTX* y )
-{
- fprintf( f, "===Yarrow State===\n" );
- hex_print( f, "C", y->C, sizeof( y->C ) );
- hex_print( f, "K", y->K, sizeof( y->K ) );
-}
#ifdef CRYPTO_IMPL_NSS
/*
- * Using Yarrow with NSS is a bit problematic because the MD5 contexts it holds
- * open for the entropy pools would be invalidated by a fork(), causing us to
- * lose the entropy contained therein.
+ * Using Fortuna with NSS is a bit problematic because the MD5 contexts it
+ * holds open for the entropy pools would be invalidated by a fork(), causing
+ * us to lose the entropy contained therein.
*
* Therefore, use the NSS PRNG if NSS is the crypto implementation.
*/
#elif defined(CRYPTO_IMPL_NSS)
#include "prng_nss.h"
const struct krb5_prng_provider *prng = &krb5int_prng_nss;
-#else
-#include "yarrow.h"
-const struct krb5_prng_provider *prng = &krb5int_prng_yarrow;
#endif
/*
add_entropy_from_device(krb5_context context, const char *device)
{
krb5_data data;
- unsigned char buf[ENTROPY_BUFSIZE];
+ unsigned char buf[64];
if (!read_entropy_from_device(device, buf, sizeof(buf)))
return FALSE;
#include "k5-int.h"
-#if defined(FORTUNA)
-#define ENTROPY_BUFSIZE 32 /* SHA256 digest length */
-#elif defined(CRYPTO_IMPL_NSS)
-/*
- * NSS gathers its own OS entropy, so it doesn't really matter how much we read
- * in krb5_c_random_os_entropy. Use the same value as Yarrow (without using a
- * Yarrow constant), so that we don't read too much from /dev/random.
- */
-#define ENTROPY_BUFSIZE 20
-#else
-#define ENTROPY_BUFSIZE YARROW_SLOW_THRESH/8 /* SHA1 digest length*/
-#endif
-
/* Used by PRNG implementations to gather OS entropy. Returns true on
* success. */
krb5_boolean k5_get_os_entropy(unsigned char *buf, size_t len);
+++ /dev/null
-Assumptions
-===========
-
-The Yarrow design, described in "Yarrow-160: Notes on the Design and
-Analysis of the Yarrow Cryptographic Pseudonumber Generator" by John
-Kelsey, Bruce Schneier and Niels Ferguson of Counterpane Systems
-(available from http://www.counterpane.com/yarrow.html), left out some
-implementation details and has some ambiguities in the protocol. ZKS
-has to made some assumptions and taken some decisions in its
-implementation of Yarrow. In the text, `we' represents ZKS.
-
-Here is the list of those assumptions:
-
-1) To simplify the code and speed up running time, we limit the number
-of different sources to 20. This should be enough for most
-applications. This can be changed by redefining YARROW_MAX_SOURCE in
-yarrow.h.
-
-2) The Yarrow paper (in section 5.3) state that Pt is either
-implementation dependent or dynamically adjusted. We chose to fix the
-slow pool's Pt to 100 and the fast pool's Pt to 10. This can be
-changed by redefining YARROW_FAST_PT and YARROW_SLOW_PT in yarrow.c.
-
-3) Initialization when there is no saved state is not discussed in the
-Yarrow paper. We have defined that CPRNG is becomes seeded after a
-slow reseed. During initialization, a slow reseed is triggered by
-YARROW_K_OF_N_INIT_THRESH sources reaching the slow threshold
-YARROW_SLOW_INIT_THRESH. During initialization, fast reseeds are
-triggered when a source reaches the fast threshold
-YARROW_FAST_INIT_THRESH. After reseed the behavior of the pools is
-controlled by YARROW_K_OF_N_THRESH, YARROW_SLOW_THRESH and
-YARROW_FAST_THRESH.
-
-Our default values for YARROW_K_OF_N_INIT_THRESH,
-YARROW_SLOW_INIT_THRESH and YARROW_FAST_INIT_THRESH are the same as
-YARROW_K_OF_N_THRESH, YARROW_SLOW_THRESH and YARROW_FAST_THRESH
-respectively. Note this means that a Yarrow_Poll call by itself can
-never put us in an initialized state, as it only works on one pool,
-and the default YARROW_K_OF_N_INIT_THRESH value is 2.
-
-4) We define a function Yarrow_Poll which can gather entropy. The
-user must allocate a source_id, and call Yarrow_Poll manually.
-Yarrow_Poll just adds samples from the machines state to the source
-given as an argument.
-
-5) Prior to initialization, Yarrow_Output will fail.
-
-6) The actions to take on state load are not described in the yarrow
-paper, all it says is that 2k bytes should be written (and by
-implication read back in somehow). We read in the 2k bytes, hash
-them into the fast pool, and then do a forced fast reseed, and an
-immediate state save.
-
-7) In step 2 of the reseed process, we must hash the value i. The
-representation of this integer will affect the hash value. In our
-code, i is a 64-bit unsigned value. We update the hash context using
-the 64 bit big endian representation of i.
-
-8) Yarrow outputs random bits in blocks. If the calling function
-requests less bits than available, then the unused bits are kept
-in memory until the next call. In case of a reseed, we chose to
-discard those leftover bits.
-
-9) The samples from one source must alternate between the two pools.
-As a default, we initialize the first pool to send the sample too to
-be the fast pool. This initialization is done only when a source is
-added, not when we reseed from one.
-
-10) The Yarrow paper states that the maximum number of outputs between
-reseeding is limited to min(2^n,2^(k/3)*Pg), but does not explain
-what is to happen when this limit is reached. It could be the case
-that we reach the limit but there is not enough entropy in the pools
-to reseed. In our code, the Yarrow_Output_Block will do a forced
-fast reseed.
-
-11) In the Yarrow paper, the limit on the number of outputs between
-reseeding is expressed in number of outputs:
-
-#oututs <= min(2^n, 2^(k/3).Pg)
-
-but we redefine it in terms of gates by dividing the numbers by Pg,
-the number of outputs per gate, and counting the number of gates
-instead. This makes an overflow a little less likely.
-
-We don't use a bignum library, so in event of overflow, the limit in
-number of gates before reseed (y->gates_limit) is reduced down to
-2^64-1 (or 2^32-1 if 64 bit ints aren't available on the platform).
-
-12) The Yarrow paper describes that the cipher block C should be
-incremented as part of the output function. We treat the bytes
-of C as a big endian number to do the increment.
-
-13) Triple-DES key size. The yarrow paper uses the letter k to
-represent the keysize in bits. Due to the parity bits, the size of k
-is 192 bits. However the effective key size is actually 168 bits, as
-the value of k is used in security limits, k must be 168 bits. The
-paper uses k (eg set K to the next k output bits), so we have to do
-the parity padding function, to copy bits 0-6 to 0-7, 7-13 to 8-15
-etc. The macro DES_Init performs the function of doing a DES key
-schedule from a packed key (no parity bits), internally doing the
-parity padding. Other ciphers are simpler as there is no parity.
+++ /dev/null
-Copyright 2000 by Zero-Knowledge Systems, Inc.
-
-Permission to use, copy, modify, distribute, and sell this software
-and its documentation for any purpose is hereby granted without fee,
-provided that the above copyright notice appear in all copies and that
-both that copyright notice and this permission notice appear in
-supporting documentation, and that the name of Zero-Knowledge Systems,
-Inc. not be used in advertising or publicity pertaining to
-distribution of the software without specific, written prior
-permission. Zero-Knowledge Systems, Inc. makes no representations
-about the suitability of this software for any purpose. It is
-provided "as is" without express or implied warranty.
-
-ZERO-KNOWLEDGE SYSTEMS, INC. DISCLAIMS ALL WARRANTIES WITH REGARD TO
-THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
-FITNESS, IN NO EVENT SHALL ZERO-KNOWLEDGE SYSTEMS, INC. BE LIABLE FOR
-ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTUOUS ACTION, ARISING OUT
-OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-
+++ /dev/null
-mydir=lib$(S)crypto$(S)krb$(S)prng$(S)yarrow
-BUILDTOP=$(REL)..$(S)..$(S)..$(S)..$(S)..
-LOCALINCLUDES = -I$(srcdir)/.. -I$(srcdir)/../.. \
- -I$(srcdir)/../../../$(CRYPTO_IMPL) \
- -I$(srcdir)/../../../$(CRYPTO_IMPL)/sha1 \
- -I$(srcdir)/../../../$(CRYPTO_IMPL)/enc_provider
-DEFS=
-
-##DOS##BUILDTOP = ..\..\..\..\..
-##DOS##PREFIXDIR = krb\prng\yarrow
-##DOS##OBJFILE = ..\..\..\$(OUTPRE)yarrow.lst
-
-PROG_LIBPATH=-L$(TOPLIBD)
-PROG_RPATH=$(KRB5_LIBDIR)
-
-STLIBOBJS= \
- prng_yarrow.o \
- yarrow.o \
- ycipher.o
-OBJS= \
- $(OUTPRE)prng_yarrow.$(OBJEXT) \
- $(OUTPRE)yarrow.$(OBJEXT) \
- $(OUTPRE)ycipher.$(OBJEXT)
-
-SRCS=\
- $(srcdir)/prng_yarrow.c \
- $(srcdir)/yarrow.c \
- $(srcdir)/ycipher.c
-
-##DOS##LIBOBJS = $(OBJS)
-
-all-unix:: all-libobjs
-
-includes:: depend
-
-depend:: $(SRCS)
-
-clean-unix:: clean-libobjs
-
-@lib_frag@
-@libobj_frag@
-
+++ /dev/null
-Yarrow - Secure Pseudo-Random Number Generator
-==============================================
-
-This is an implementation of the cryptographic pseudo-random number
-generator Yarrow. You are encouraged to use, modify, and incorporate
-this code. Please see the accompanying LICENSE file for more details.
-
-
-Yarrow can be used with OpenSSL 0.9.5a (http://www.openssl.org) and
-other cryptographic libraries.
-
-The Yarrow design is described in "Yarrow-160: Notes on the Design and
-Analysis of the Yarrow Cryptographic Pseudorandom Number Generator" by
-John Kelsey, Bruce Schneier and Niels Ferguson of Counterpane Systems,
-available from http://www.counterpane.com/yarrow.html
-
-The Yarrow function calls are described in the yarrow(3) manpage.
-
-Installation
-============
-
-By default, Yarrow is built with OpenSSL. If the OpenSSL headers are
-not installed in the standard directory /usr/local/ssl/include,
-set the path in the Makefile.
-
-If it is possible that an application using Yarrow will fork(), Yarrow
-must be compiled with -DYARROW_DETECT_FORK (then the child process
-will have to seed Yarrow again), or the Yarrow_CTX must be allocated
-in shared memory.
-
-If compiled with -DYARROW_SAVE_STATE, Yarrow will use a seed file
-specified in the Yarrow_Init call.
-
-When the settings in the Makefile are correct, run "make".
-
-
-Yarrow with OpenSSL:
--------------------
-
-The macros YARROW_CIPHER_3DES (default), YARROW_CIPHER_BLOWFISH and
-YARROW_CIPHER_IDEA for ciphers and YARROW_HASH_SHA1 (default) and
-YARROW_HASH_MD5 for hash functions are available to select algorithms
-from OpenSSL.
-
-CRYPTO_set_locking_callback() is required in multithreaded applications.
-
-
-Yarrow with other cryptographic libraries:
------------------------------------------
-
-The Yarrow implementation uses a symmetric cipher, a cryptographic
-hash function and a mutex. By default, Yarrow calls OpenSSL. For use
-with other cryptographic libraries, the following types and macros
-should be defined:
-
-Symmetric cipher - ycipher.h:
-
- typedef struct { ... } CIPHER_CTX;
-
- #define CIPHER_BLOCK_SIZE ...
- #define CIPHER_KEY_SIZE ...
-
- void CIPHER_Init(CIPHER_CTX *ctx, void *key);
- void CIPHER_Encrypt_Block(CIPHER_CTX *ctx, void *in, void *out);
-
-Hash function - yhash.h:
-
- typedef struct { ... } HASH_CTX;
-
- #define HASH_DIGEST_SIZE ...
- #define HASH_STATE_SIZE ...
-
- void HASH_Init(HASH_CTX *ctx);
- void HASH_Update(HASH_CTX *ctx, const void *data, unsigned long size);
- void HASH_Final(HASH_CTX *ctx, unsigned char *md);
-
-Mutex - ylock.h:
-
- int LOCK(void);
- int UNLOCK(void);
-
-Learn More:
-----------
-
-It is Zero-Knowledge's hope that third party developers of yarrow will
-collaborate to derive test vectors for yarrow. In an effort to further
-this discussion, we have created a mailing list for developers and
-interested parties. To subscribe, send an email to
-"yarrow-request@zeroknowledge.com" with "subscribe" in the body of the
-message.
-
-For more information, or if you have questions or comments regarding open
-source at Zero-Knowledge Systems, please visit
-http://opensource.zeroknowledge.com
+++ /dev/null
-open issues:
-
-* when should the initial seed be considered complete?
-* poll system ressources for randomness on startup?
-* how frequently should the PRNG state be saved?
-* how to react to fork()?
-* what should the seed file contain, how should it be processed?
-* test fork() hack
-* test openSSL locks in multi-threaded environment
+++ /dev/null
-#
-# Generated makefile dependencies follow.
-#
-prng_yarrow.so prng_yarrow.po $(OUTPRE)prng_yarrow.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(srcdir)/../../../builtin/enc_provider/enc_provider.h \
- $(srcdir)/../../../builtin/sha1/shs.h $(srcdir)/../../../builtin/yhash.h \
- $(srcdir)/../prng.h $(top_srcdir)/include/k5-buf.h \
- $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
- $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
- $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
- $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
- $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
- $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \
- $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
- $(top_srcdir)/include/socket-utils.h prng_yarrow.c \
- yarrow.h ycipher.h ytypes.h
-yarrow.so yarrow.po $(OUTPRE)yarrow.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../../builtin/sha1/shs.h \
- $(srcdir)/../../../builtin/yhash.h $(top_srcdir)/include/k5-buf.h \
- $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
- $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
- $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
- $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
- $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
- $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \
- $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
- $(top_srcdir)/include/socket-utils.h yarrow.c yarrow.h \
- ycipher.h yexcep.h ylock.h ystate.h ytypes.h
-ycipher.so ycipher.po $(OUTPRE)ycipher.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../../builtin/enc_provider/enc_provider.h \
- $(srcdir)/../../../builtin/sha1/shs.h $(srcdir)/../../../builtin/yhash.h \
- $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
- $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
- $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
- $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
- $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
- $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
- $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
- $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
- yarrow.h ycipher.c ycipher.h ytypes.h
+++ /dev/null
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/*
- * prng_yarrow.c
- *
- * Copyright (C) 2001, 2002, 2004, 2007, 2008, 2010 by the Massachusetts Institute of Technology.
- * All rights reserved.
- *
- *
- * Export of this software from the United States of America may require
- * a specific license from the United States Government. It is the
- * responsibility of any person or organization contemplating export to
- * obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "prng.h"
-#include "enc_provider.h"
-#include <assert.h>
-#include "k5-thread.h"
-
-#include "yarrow.h"
-static Yarrow_CTX y_ctx;
-#define yarrow_lock krb5int_yarrow_lock
-k5_mutex_t yarrow_lock = K5_MUTEX_PARTIAL_INITIALIZER;
-
-/* Helper function to estimate entropy based on sample length
- * and where it comes from.
- */
-
-static size_t
-entropy_estimate(unsigned int randsource, size_t length)
-{
- switch (randsource) {
- case KRB5_C_RANDSOURCE_OLDAPI:
- return 4 * length;
- case KRB5_C_RANDSOURCE_OSRAND:
- return 8 * length;
- case KRB5_C_RANDSOURCE_TRUSTEDPARTY:
- return 4 * length;
- case KRB5_C_RANDSOURCE_TIMING:
- return 2;
- case KRB5_C_RANDSOURCE_EXTERNAL_PROTOCOL:
- return 0;
- default:
- abort();
- }
- return 0;
-}
-
-static int
-yarrow_init(void)
-{
- unsigned i, source_id;
- int yerr;
-
- yerr = k5_mutex_finish_init(&yarrow_lock);
- if (yerr)
- return yerr;
-
- yerr = krb5int_yarrow_init (&y_ctx, NULL);
- if (yerr != YARROW_OK && yerr != YARROW_NOT_SEEDED)
- return KRB5_CRYPTO_INTERNAL;
-
- for (i=0; i < KRB5_C_RANDSOURCE_MAX; i++ ) {
- if (krb5int_yarrow_new_source(&y_ctx, &source_id) != YARROW_OK)
- return KRB5_CRYPTO_INTERNAL;
- assert (source_id == i);
- }
-
- return 0;
-}
-
-static krb5_error_code
-yarrow_add_entropy(krb5_context context, unsigned int randsource,
- const krb5_data *data)
-{
- int yerr;
- /* Make sure the mutex got initialized. */
- yerr = krb5int_crypto_init();
- if (yerr)
- return yerr;
- /* Now, finally, feed in the data. */
- yerr = krb5int_yarrow_input(&y_ctx, randsource,
- data->data, data->length,
- entropy_estimate(randsource, data->length));
- if (yerr != YARROW_OK)
- return KRB5_CRYPTO_INTERNAL;
- return 0;
-}
-/*
-static krb5_error_code
-yarrow_seed(krb5_context context, krb5_data *data)
-{
- return yarrow_add_entropy(context, KRB5_C_RANDSOURCE_OLDAPI, data);
-}
-*/
-static krb5_error_code
-yarrow_make_octets(krb5_context context, krb5_data *data)
-{
- int yerr;
- yerr = krb5int_yarrow_output(&y_ctx, data->data, data->length);
- if (yerr == YARROW_NOT_SEEDED) {
- yerr = krb5int_yarrow_reseed(&y_ctx, YARROW_SLOW_POOL);
- if (yerr == YARROW_OK)
- yerr = krb5int_yarrow_output(&y_ctx, data->data, data->length);
- }
- if (yerr != YARROW_OK)
- return KRB5_CRYPTO_INTERNAL;
- return 0;
-}
-
-static void
-yarrow_cleanup (void)
-{
- krb5int_yarrow_final (&y_ctx);
- k5_mutex_destroy(&yarrow_lock);
-}
-
-const struct krb5_prng_provider krb5int_prng_yarrow = {
- "yarrow",
- yarrow_make_octets,
- yarrow_add_entropy,
- yarrow_init,
- yarrow_cleanup
-};
+++ /dev/null
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-
-/*
- * Yarrow - Cryptographic Pseudo-Random Number Generator
- * Copyright (c) 2000 Zero-Knowledge Systems, Inc.
- *
- * Permission to use, copy, modify, distribute, and sell this software
- * and its documentation for any purpose is hereby granted without fee,
- * provided that the above copyright notice appear in all copies and that
- * both that copyright notice and this permission notice appear in
- * supporting documentation, and that the name of Zero-Knowledge Systems,
- * Inc. not be used in advertising or publicity pertaining to
- * distribution of the software without specific, written prior
- * permission. Zero-Knowledge Systems, Inc. makes no representations
- * about the suitability of this software for any purpose. It is
- * provided "as is" without express or implied warranty.
- *
- * See the accompanying LICENSE file for more information.
- */
-
-#include "k5-int.h"
-
-#include <string.h>
-#include <limits.h>
-#ifdef _WIN32
-#include "port-sockets.h"
-#else
-# include <unistd.h>
-# include <netinet/in.h>
-#endif
-#if !defined(YARROW_NO_MATHLIB)
-#include <math.h>
-#endif
-
-#define YARROW_IMPL
-#include "yarrow.h"
-#include "ycipher.h"
-#include "ylock.h"
-#include "ystate.h"
-#include "yexcep.h"
-
-#if defined( YARROW_DEBUG ) || defined( YARROW_TRACE )
-# include <stdio.h>
-#endif
-
-#undef TRACE
-#if defined( YARROW_TRACE )
-extern int yarrow_verbose;
-#define TRACE( x ) do { if (yarrow_verbose) { x } } while (0)
-#else
-#define TRACE( x )
-#endif
-
-#if defined(macintosh)
-# define make_big_endian32(x) (x)
-#else
-# define make_big_endian32(x) htonl(x)
-#endif
-
-#if defined( YARROW_DEBUG )
-static void hex_print(FILE* f, const char* var, void* data, size_t size);
-#endif
-
-static void block_increment( void* block, const int sz );
-#if defined( YARROW_SAVE_STATE )
-static int Yarrow_Load_State( Yarrow_CTX *y );
-static int Yarrow_Save_State( Yarrow_CTX *y );
-#endif
-
-static int yarrow_gate_locked(Yarrow_CTX* y);
-
-static const byte zero_block[CIPHER_BLOCK_SIZE] = { 0, };
-
-static const char* const yarrow_str_error[] = {
- "ok",
- "failed",
- "failed: uninitialized",
- "failed: already initialized",
- "failed: no driver",
- "failed: can't open driver",
- "failed: invalid source id",
- "failed: no more source ids available",
- "failed: invalid argument",
- "failed: insufficient privileges",
- "failed: out of memory",
- "failed: resource exhausted",
- "failed: not enough entropy to generate output",
- "failed: locking error",
- "failed: no state to load",
- "failed: state load or save failed",
- "failed: not implemented"
-};
-
-/* calculate limits after initialization */
-
-static void krb5int_yarrow_init_Limits(Yarrow_CTX* y)
-{
- double tmp1, tmp2, limit;
- /* max number of gates between reseeds -> exceed this, do forced reseed */
-
- /* #oututs <= min(2^n, 2^(k/3).Pg) */
-
- /* => #gates <= min(2^n/Pg, 2^(k/3)) */
-
- tmp1 = POW_CIPHER_BLOCK_SIZE / y->Pg;
- tmp2 = POW_CIPHER_KEY_SIZE;
- limit = min(tmp1, tmp2);
- if (limit < COUNTER_MAX)
- {
- y->gates_limit = limit;
- }
- else
- {
- y->gates_limit = COUNTER_MAX;
- }
-}
-
-static int yarrow_reseed_locked( Yarrow_CTX* y, int pool );
-
-/* if the program was forked, the child must not operate on the same
- PRNG state */
-#ifdef YARROW_DETECT_FORK
-
-static int
-yarrow_input_locked( Yarrow_CTX* y, unsigned source_id,
- const void *sample,
- size_t size, size_t entropy_bits );
-
-static int Yarrow_detect_fork(Yarrow_CTX *y)
-{
- pid_t newpid;
- EXCEP_DECL;
-
- /* this does not work for multi-threaded apps if threads have different
- * pids */
- newpid = getpid();
- if ( y->pid != newpid )
- {
- /* we input the pid twice, so it will get into the fast pool at least once
- * Then we reseed. This doesn't really increase entropy, but does make the
- * streams distinct assuming we already have good entropy*/
- y->pid = newpid;
- TRY (yarrow_input_locked (y, 0, &newpid,
- sizeof (newpid), 0));
- TRY (yarrow_input_locked (y, 0, &newpid,
- sizeof (newpid), 0));
- TRY (yarrow_reseed_locked (y, YARROW_FAST_POOL));
- }
-
-CATCH:
- EXCEP_RET;
-}
-
-#else
-
-#define Yarrow_detect_fork(x) (YARROW_OK)
-
-#endif
-
-static void Yarrow_Make_Seeded( Yarrow_CTX* y )
-{
- TRACE( printf( "SEEDED," ); );
- y->seeded = 1;
-
- /* now we are seeded switch to _THRESH values */
-
- y->slow_thresh = YARROW_SLOW_THRESH;
- y->fast_thresh = YARROW_FAST_THRESH;
- y->slow_k_of_n_thresh = YARROW_K_OF_N_THRESH;
-}
-
-YARROW_DLL
-int krb5int_yarrow_init(Yarrow_CTX* y, const char *filename)
-{
- EXCEP_DECL;
- int locked = 0;
-
- if (!y) { THROW( YARROW_BAD_ARG ); }
- TRY( LOCK() );
- locked = 1;
-
- y->seeded = 0;
- y->saved = 0;
-
-#if defined( YARROW_DETECT_FORK )
- y->pid = getpid();
-#endif
-
- y->entropyfile = filename;
- y->num_sources = 0;
- mem_zero(y->C, sizeof(y->C));
- HASH_Init(&y->pool[YARROW_FAST_POOL]);
- HASH_Init(&y->pool[YARROW_SLOW_POOL]);
-
- mem_zero(y->K, sizeof(y->K));
-
- mem_zero(&y->cipher, sizeof(y->cipher));
-
- TRY (krb5int_yarrow_cipher_init(&y->cipher, y->K));
- y->out_left = 0;
- y->out_count = 0;
- y->gate_count = 0;
- y->Pg = YARROW_OUTPUTS_PER_GATE;
- y->Pt[YARROW_FAST_POOL] = YARROW_FAST_PT;
- y->Pt[YARROW_SLOW_POOL] = YARROW_SLOW_PT;
- y->slow_k_of_n = 0;
-
- /* start with INIT_THRESH values, after seeded, switch to THRESH values */
-
- y->slow_thresh = YARROW_SLOW_INIT_THRESH;
- y->fast_thresh = YARROW_FAST_INIT_THRESH;
- y->slow_k_of_n_thresh = YARROW_K_OF_N_INIT_THRESH;
-
- krb5int_yarrow_init_Limits(y);
-
-#if defined( YARROW_SAVE_STATE )
- if ( y->entropyfile != NULL )
- {
- int ret = Yarrow_Load_State( y );
- if ( ret != YARROW_OK && ret != YARROW_NO_STATE )
- {
- THROW( ret );
- }
-
- /* if load suceeded then write new state back immediately
- */
-
- /* Also check that it's not already saved, because the reseed in
- * Yarrow_Load_State may trigger a save
- */
-
- if ( ret == YARROW_OK && !y->saved )
- {
- TRY( Yarrow_Save_State( y ) );
- }
- }
-#endif
-
- if ( !y->seeded )
- {
- THROW( YARROW_NOT_SEEDED );
- }
-
-CATCH:
- if ( locked ) { TRY( UNLOCK() ); }
- EXCEP_RET;
-}
-
-static
-int yarrow_input_maybe_locking( Yarrow_CTX* y, unsigned source_id,
- const void* sample,
- size_t size, size_t entropy_bits,
- int do_lock )
-{
- EXCEP_DECL;
- int ret;
- int locked = 0;
- Source* source;
- size_t new_entropy;
- size_t estimate;
-
- if (do_lock) {
- TRY( LOCK() );
- locked = 1;
- }
- k5_assert_locked(&krb5int_yarrow_lock);
-
- if (!y) { THROW( YARROW_BAD_ARG ); }
-
- if (source_id >= y->num_sources) { THROW( YARROW_BAD_SOURCE ); }
-
- source = &y->source[source_id];
-
- if(source->pool != YARROW_FAST_POOL && source->pool != YARROW_SLOW_POOL)
- {
- THROW( YARROW_BAD_SOURCE );
- }
-
- /* hash in the sample */
-
- HASH_Update(&y->pool[source->pool], (const void*)sample, size);
-
- /* only update entropy estimate if pool is not full */
-
- if ( (source->pool == YARROW_FAST_POOL &&
- source->entropy[source->pool] < y->fast_thresh) ||
- (source->pool == YARROW_SLOW_POOL &&
- source->entropy[source->pool] < y->slow_thresh) )
- {
- new_entropy = min(entropy_bits, size * 8 * YARROW_ENTROPY_MULTIPLIER);
- if (source->estimator)
- {
- estimate = source->estimator(sample, size);
- new_entropy = min(new_entropy, estimate);
- }
- source->entropy[source->pool] += new_entropy;
- if ( source->entropy[source->pool] > YARROW_POOL_SIZE )
- {
- source->entropy[source->pool] = YARROW_POOL_SIZE;
- }
-
- if (source->pool == YARROW_FAST_POOL)
- {
- if (source->entropy[YARROW_FAST_POOL] >= y->fast_thresh)
- {
- ret = yarrow_reseed_locked(y, YARROW_FAST_POOL);
- if ( ret != YARROW_OK && ret != YARROW_NOT_SEEDED )
- {
- THROW( ret );
- }
- }
- }
- else
- {
- if (!source->reached_slow_thresh &&
- source->entropy[YARROW_SLOW_POOL] >= y->slow_thresh)
- {
- source->reached_slow_thresh = 1;
- y->slow_k_of_n++;
- if (y->slow_k_of_n >= y->slow_k_of_n_thresh)
- {
- y->slow_k_of_n = 0;
- ret = yarrow_reseed_locked(y, YARROW_SLOW_POOL);
- if ( ret != YARROW_OK && ret != YARROW_NOT_SEEDED )
- {
- THROW( ret );
- }
- }
- }
- }
- }
-
- /* put samples in alternate pools */
-
- source->pool = (source->pool + 1) % 2;
-
-CATCH:
- if ( locked ) { TRY( UNLOCK() ); }
- EXCEP_RET;
-}
-
-YARROW_DLL
-int krb5int_yarrow_input( Yarrow_CTX* y, unsigned source_id,
- const void* sample,
- size_t size, size_t entropy_bits )
-{
- return yarrow_input_maybe_locking(y, source_id, sample, size,
- entropy_bits, 1);
-}
-
-static int
-yarrow_input_locked( Yarrow_CTX* y, unsigned source_id,
- const void *sample,
- size_t size, size_t entropy_bits )
-{
- return yarrow_input_maybe_locking(y, source_id, sample, size,
- entropy_bits, 0);
-}
-
-YARROW_DLL
-int krb5int_yarrow_new_source(Yarrow_CTX* y, unsigned* source_id)
-{
- EXCEP_DECL;
- int locked = 0;
- Source* source;
-
- if (!y) { THROW( YARROW_BAD_ARG ); }
-
- TRY( LOCK() );
- locked = 1;
-
- if (y->num_sources + 1 > YARROW_MAX_SOURCES)
- {
- THROW( YARROW_TOO_MANY_SOURCES );
- }
-
- *source_id = y->num_sources;
-
- source = &y->source[*source_id];
-
- source->pool = YARROW_FAST_POOL;
- source->entropy[YARROW_FAST_POOL] = 0;
- source->entropy[YARROW_SLOW_POOL] = 0;
- source->reached_slow_thresh = 0;
- source->estimator = 0;
-
- y->num_sources++;
-CATCH:
- if ( locked ) { TRY( UNLOCK() ); }
- EXCEP_RET;
-}
-
-int krb5int_yarrow_register_source_estimator(Yarrow_CTX* y, unsigned source_id,
- estimator_fn* fptr)
-{
- EXCEP_DECL;
- Source* source;
-
- if (!y) { THROW( YARROW_BAD_ARG ); }
- if (source_id >= y->num_sources) { THROW( YARROW_BAD_SOURCE ); }
-
- source = &y->source[source_id];
-
- source->estimator = fptr;
-
-CATCH:
- EXCEP_RET;
-}
-
-static int krb5int_yarrow_output_Block( Yarrow_CTX* y, void* out )
-{
- EXCEP_DECL;
-
- if (!y || !out) { THROW( YARROW_BAD_ARG ); }
-
- TRACE( printf( "OUT," ); );
-
- /* perform a gate function after Pg outputs */
-
- y->out_count++;
- if (y->out_count >= y->Pg)
- {
- y->out_count = 0;
- TRY( yarrow_gate_locked( y ) );
-
- /* require new seed after reaching gates_limit */
-
- y->gate_count++;
- if ( y->gate_count >= y->gates_limit )
- {
- y->gate_count = 0;
-
- /* not defined whether to do slow or fast reseed */
-
- TRACE( printf( "OUTPUT LIMIT REACHED," ); );
-
- TRY( yarrow_reseed_locked( y, YARROW_SLOW_POOL ) );
- }
- }
-
- /* C <- (C + 1) mod 2^n */
-
- block_increment( y->C, CIPHER_BLOCK_SIZE );
-
- /* R <- E_k(C) */
-
- TRY ( krb5int_yarrow_cipher_encrypt_block ( &y->cipher, y->C, out ));
-
-#if defined(YARROW_DEBUG)
- printf("===\n");
- hex_print( stdout, "output: C", y->C, CIPHER_BLOCK_SIZE );
- hex_print( stdout, "output: K", y->K, CIPHER_KEY_SIZE );
- hex_print( stdout, "output: O", out, CIPHER_BLOCK_SIZE );
-#endif
-CATCH:
- EXCEP_RET;
-}
-
-YARROW_DLL
-int krb5int_yarrow_status( Yarrow_CTX* y, int *num_sources, unsigned *source_id,
- size_t *entropy_bits, size_t *entropy_max )
-{
- EXCEP_DECL;
- int num = y->slow_k_of_n_thresh;
- int source = -1;
- size_t emax = y->slow_thresh;
- size_t entropy = 0;
- unsigned i;
-
- if (!y) { THROW( YARROW_BAD_ARG ); }
- TRY( Yarrow_detect_fork( y ) );
-
- if (num_sources) { *num_sources = num; }
- if (source_id) { *source_id = -1; }
- if (entropy_bits) { *entropy_bits = 0; }
- if (entropy_max) { *entropy_max = emax; }
-
- if (y->seeded)
- {
- if (num_sources) { *num_sources = 0; }
- if (entropy_bits) { *entropy_bits = emax; }
- THROW( YARROW_OK );
- }
-
- for (i = 0; i < y->num_sources; i++)
- {
- if (y->source[i].entropy[YARROW_SLOW_POOL] >= y->slow_thresh)
- {
- num--;
- }
- else if (y->source[i].entropy[YARROW_SLOW_POOL] > entropy)
- {
- source = i;
- entropy = y->source[i].entropy[YARROW_SLOW_POOL];
- }
- }
-
- if (num_sources) { *num_sources = num; }
- if (source_id) { *source_id = source; }
- if (entropy_bits) { *entropy_bits = entropy; }
- THROW( YARROW_NOT_SEEDED );
-
-CATCH:
- EXCEP_RET;
-}
-
-static int yarrow_output_locked(Yarrow_CTX*, void*, size_t);
-
-YARROW_DLL
-int krb5int_yarrow_output( Yarrow_CTX* y, void* out, size_t size )
-{
- EXCEP_DECL;
- TRY( LOCK() );
- TRY( yarrow_output_locked(y, out, size));
-CATCH:
- UNLOCK();
- EXCEP_RET;
-}
-
-static
-int yarrow_output_locked( Yarrow_CTX* y, void* out, size_t size )
-{
- EXCEP_DECL;
- size_t left;
- char* outp;
- size_t use;
-
- if (!y || !out) { THROW( YARROW_BAD_ARG ); }
- TRY( Yarrow_detect_fork( y ) );
-
- if (!y->seeded) { THROW( YARROW_NOT_SEEDED ); }
-
- left = size;
- outp = out;
-
- if (y->out_left > 0)
- {
- use = min(left, y->out_left);
- mem_copy(outp, y->out + CIPHER_BLOCK_SIZE - y->out_left, use);
- left -= use;
- y->out_left -= use;
- outp += use;
- }
-
- for ( ;
- left >= CIPHER_BLOCK_SIZE;
- left -= CIPHER_BLOCK_SIZE, outp += CIPHER_BLOCK_SIZE)
- {
- TRY( krb5int_yarrow_output_Block(y, outp) );
- }
-
- if (left > 0)
- {
- TRY( krb5int_yarrow_output_Block(y, y->out) );
- mem_copy(outp, y->out, left);
- y->out_left = CIPHER_BLOCK_SIZE - left;
- }
-
-CATCH:
- EXCEP_RET;
-}
-
-static int yarrow_gate_locked(Yarrow_CTX* y)
-{
- EXCEP_DECL;
- byte new_K[CIPHER_KEY_SIZE];
-
- if (!y) { THROW( YARROW_BAD_ARG ); }
-
- TRACE( printf( "GATE[" ); );
-
- /* K <- Next k bits of PRNG output */
-
- TRY( yarrow_output_locked(y, new_K, CIPHER_KEY_SIZE) );
- mem_copy(y->K, new_K, CIPHER_KEY_SIZE);
-
- /* need to resetup the key schedule as the key has changed */
-
- TRY (krb5int_yarrow_cipher_init(&y->cipher, y->K));
-
-CATCH:
- TRACE( printf( "]," ); );
- mem_zero(new_K, sizeof(new_K));
- EXCEP_RET;
-}
-
-int krb5int_yarrow_gate(Yarrow_CTX* y)
-{
- EXCEP_DECL;
- byte new_K[CIPHER_KEY_SIZE];
-
- if (!y) { THROW( YARROW_BAD_ARG ); }
-
- TRACE( printf( "GATE[" ); );
-
- /* K <- Next k bits of PRNG output */
-
- TRY( krb5int_yarrow_output(y, new_K, CIPHER_KEY_SIZE) );
- mem_copy(y->K, new_K, CIPHER_KEY_SIZE);
-
- /* need to resetup the key schedule as the key has changed */
-
- TRY (krb5int_yarrow_cipher_init(&y->cipher, y->K));
-
-CATCH:
- TRACE( printf( "]," ); );
- mem_zero(new_K, sizeof(new_K));
- EXCEP_RET;
-}
-
-#if defined( YARROW_SAVE_STATE )
-static int Yarrow_Load_State( Yarrow_CTX *y )
-{
- EXCEP_DECL;
- Yarrow_STATE state;
-
- if ( !y ) { THROW( YARROW_BAD_ARG ); }
-
- if ( y->entropyfile )
- {
- TRY( STATE_Load(y->entropyfile, &state) );
- TRACE( printf( "LOAD STATE," ); );
-
-#if defined( YARROW_DEBUG )
- hex_print( stderr, "state.load", state.seed, sizeof(state.seed));
-#endif
-
- /* what to do here is not defined by the Yarrow paper */
- /* this is a place holder until we get some clarification */
-
- HASH_Update( &y->pool[YARROW_FAST_POOL],
- state.seed, sizeof(state.seed) );
-
- Yarrow_Make_Seeded( y );
-
- TRY( krb5int_yarrow_reseed(y, YARROW_FAST_POOL) );
- }
-CATCH:
- mem_zero(state.seed, sizeof(state.seed));
- EXCEP_RET;
-}
-
-static int Yarrow_Save_State( Yarrow_CTX *y )
-{
- EXCEP_DECL;
- Yarrow_STATE state;
-
- if ( !y ) { THROW( YARROW_BAD_ARG ); }
-
- if ( y->entropyfile && y->seeded )
- {
- TRACE( printf( "SAVE STATE[" ); );
- TRY( krb5int_yarrow_output( y, state.seed, sizeof(state.seed) ) );
- TRY( STATE_Save(y->entropyfile, &state) );
- }
- y->saved = 1;
-# if defined(YARROW_DEBUG)
- hex_print(stdout, "state.save", state.seed, sizeof(state.seed));
-# endif
-
-CATCH:
- TRACE( printf( "]," ); );
- mem_zero(state.seed, sizeof(state.seed));
- EXCEP_RET;
-}
-
-#endif
-
-static int yarrow_reseed_locked(Yarrow_CTX* y, int pool)
-{
- EXCEP_DECL;
- HASH_CTX* fast_pool;
- HASH_CTX* slow_pool;
- byte digest[HASH_DIGEST_SIZE];
- HASH_CTX hash;
- byte v_0[HASH_DIGEST_SIZE];
- byte v_i[HASH_DIGEST_SIZE];
- krb5_ui_4 big_endian_int32;
- COUNTER i;
-
- k5_assert_locked(&krb5int_yarrow_lock);
- if (!y) { THROW( YARROW_BAD_ARG ); }
- fast_pool = &y->pool[YARROW_FAST_POOL];
- slow_pool = &y->pool[YARROW_SLOW_POOL];
- if( pool != YARROW_FAST_POOL && pool != YARROW_SLOW_POOL )
- {
- THROW( YARROW_BAD_ARG );
- }
-
- TRACE( printf( "%s RESEED,",
- pool == YARROW_SLOW_POOL ? "SLOW" : "FAST" ); );
-
- if (pool == YARROW_SLOW_POOL)
- {
- /* SLOW RESEED */
-
- /* feed hash of slow pool into the fast pool */
-
-
- HASH_Final(slow_pool, digest);
-
- /* Each pool contains the running hash of all inputs fed into it
- * since it was last used to carry out a reseed -- this implies
- * that the pool must be reinitialized after a reseed
- */
-
- HASH_Init(slow_pool); /* reinitialize slow pool */
- HASH_Update(fast_pool, digest, sizeof(digest));
-
- if (y->seeded == 0)
- {
- Yarrow_Make_Seeded( y );
- }
- }
-
- /* step 1. v_0 <- hash of all inputs into fast pool */
-
- HASH_Final(fast_pool, &v_0);
- HASH_Init(fast_pool); /* reinitialize fast pool */
-
- /* v_i <- v_0 */
-
- mem_copy( v_i, v_0, sizeof(v_0) );
-
- /* step 2. v_i = h(v_{i-1}|v_0|i) for i = 1,..,Pt */
-
- /* note: this code has to work for Pt = 0 also */
-
- for ( i = 0; i < y->Pt[pool]; i++ )
- {
- HASH_Init(&hash);
- HASH_Update(&hash, v_i, sizeof(v_i));
- HASH_Update(&hash, v_0, sizeof(v_0));
- big_endian_int32 = make_big_endian32(0); /* MS word */
- HASH_Update(&hash, &big_endian_int32, sizeof(krb5_ui_4));
- big_endian_int32 = make_big_endian32(i & 0xFFFFFFFF); /* LS word */
- HASH_Update(&hash, &big_endian_int32, sizeof(krb5_ui_4));
- HASH_Final(&hash, &v_i);
- }
-
- /* step3. K = h'(h(v_Pt|K)) */
-
- /* t = h(v_Pt|K) */
-
- HASH_Init(&hash);
- HASH_Update(&hash, v_i, sizeof(v_i));
- HASH_Update(&hash, y->K, sizeof(y->K));
- HASH_Final(&hash, v_i);
-
-#if defined(YARROW_DEBUG)
- hex_print(stdout, "old K", y->K, sizeof(y->K));
-#endif
- /* K <- h'(t) */
-
- TRY( krb5int_yarrow_stretch(v_i, HASH_DIGEST_SIZE, y->K, CIPHER_KEY_SIZE) );
-
- /* need to resetup the key schedule as the key has changed */
-
- TRY(krb5int_yarrow_cipher_init(&y->cipher, y->K));
-
-#if defined(YARROW_DEBUG)
- hex_print(stdout, "new K", y->K, sizeof(y->K));
-#endif
-
- /* step 4. C <- E_k(0) */
-
-#if defined(YARROW_DEBUG)
- hex_print(stdout, "old C", y->C, sizeof(y->C));
-#endif
- TRY (krb5int_yarrow_cipher_encrypt_block (&y->cipher, zero_block, y->C));
-#if defined(YARROW_DEBUG)
- hex_print(stdout, "new C", y->C, sizeof(y->C));
-#endif
-
- /* discard part output from previous key */
-
- y->out_left = 0;
-
- /* step 5. Reset all entropy estimate accumulators of the entropy
- * accumulator to zero
- */
-
- for (i = 0; i < y->num_sources; i++)
- {
- y->source[i].entropy[pool] = 0;
- if (pool == YARROW_SLOW_POOL)
- {
- /* if this is a slow reseed, reset the fast pool entropy
- * accumulator also
- */
- y->source[i].entropy[YARROW_FAST_POOL] = 0;
- y->source[i].reached_slow_thresh = 0;
- }
- }
-
- /* step 7. If a seed file is in use, the next 2k bits of output
- * are written to the seed file
- */
-
-#if defined( YARROW_SAVE_STATE )
- if ( y->seeded && y->entropyfile )
- {
- TRY( Yarrow_Save_State( y ) );
- }
-#endif
-
-CATCH:
- /* step 6. Wipe the memory of all intermediate values
- *
- */
-
- mem_zero( digest, sizeof(digest) );
- mem_zero( &hash, sizeof(hash) );
- mem_zero( v_0, sizeof(v_0) );
- mem_zero( v_i, sizeof(v_i) );
-
- EXCEP_RET;
-}
-int krb5int_yarrow_reseed(Yarrow_CTX* y, int pool)
-{
- int r;
- LOCK();
- r = yarrow_reseed_locked(y, pool);
- UNLOCK();
- return r;
-}
-
-int krb5int_yarrow_stretch(const byte* m, size_t size, byte* out, size_t out_size)
-{
- EXCEP_DECL;
- const byte* s_i;
- byte* outp;
- int left;
- unsigned int use;
- HASH_CTX hash, save;
- byte digest[HASH_DIGEST_SIZE];
-
- if (m == NULL || size == 0 || out == NULL || out_size == 0)
- {
- THROW( YARROW_BAD_ARG );
- }
-
- /*
- * s_0 = m
- * s_1 = h(s_0 | ... | s_{i-1})
- *
- * h'(m, k) = first k bits of (s_0 | s_1 | ...)
- *
- */
-
- outp = out;
- left = out_size;
-
- use = min(out_size, size);
- mem_copy(outp, m, use); /* get k bits or as many as available */
-
- s_i = (const byte*)m; /* pointer to s0 = m */
- outp += use;
- left -= use;
-
- HASH_Init(&hash);
- for ( ;
- left > 0;
- left -= HASH_DIGEST_SIZE)
- {
- HASH_Update(&hash, s_i, use);
-
- /* have to save hash state to one side as HASH_final changes state */
-
- mem_copy(&save, &hash, sizeof(hash));
- HASH_Final(&hash, digest);
-
- use = min(HASH_DIGEST_SIZE, left);
- mem_copy(outp, digest, use);
-
- /* put state back for next time */
-
- mem_copy(&hash, &save, sizeof(hash));
-
- s_i = outp; /* retain pointer to s_i */
- outp += use;
- }
-
-CATCH:
- mem_zero(&hash, sizeof(hash));
- mem_zero(digest, sizeof(digest));
-
- EXCEP_RET;
-}
-
-static void block_increment(void* block, const int sz)
-{
- byte* b = block;
- int i;
-
- for (i = sz-1; (++b[i]) == 0 && i > 0; i--)
- {
- ; /* nothing */
- }
-}
-
-YARROW_DLL
-int krb5int_yarrow_final(Yarrow_CTX* y)
-{
- EXCEP_DECL;
- int locked = 0;
-
- if (!y) { THROW( YARROW_BAD_ARG ); }
- TRY( LOCK() );
- locked = 1;
-
-#if defined( YARROW_SAVE_STATE )
- if ( y->seeded && y->entropyfile )
- {
- TRY( Yarrow_Save_State( y ) );
- }
-#endif
-
-CATCH:
- if ( y )
- {
- krb5int_yarrow_cipher_final(&y->cipher);
- mem_zero( y, sizeof(Yarrow_CTX) );
- }
- if ( locked ) { TRY( UNLOCK() ); }
- EXCEP_RET;
-}
-
-YARROW_DLL
-const char* krb5int_yarrow_str_error( int err )
-{
- err = 1-err;
- if ( err < 0 ||
- (unsigned int) err >= sizeof( yarrow_str_error ) / sizeof( char* ) )
- {
- err = 1-YARROW_FAIL;
- }
- return yarrow_str_error[ err ];
-}
-
-#if defined(YARROW_DEBUG)
-static void hex_print(FILE* f, const char* var, void* data, size_t size)
-{
- const char* conv = "0123456789abcdef";
- size_t i;
- char* p = (char*) data;
- char c, d;
-
- fprintf(f, var);
- fprintf(f, " = ");
- for (i = 0; i < size; i++)
- {
- c = conv[(p[i] >> 4) & 0xf];
- d = conv[p[i] & 0xf];
- fprintf(f, "%c%c", c, d);
- }
- fprintf(f, "\n");
-}
-#endif
+++ /dev/null
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-
-#ifndef YARROW_H
-#define YARROW_H
-
-#ifdef HAVE_UNISTD_H
-#define YARROW_DETECT_FORK
-#include <unistd.h>
-#endif
-#define YARROW_NO_MATHLIB
-
-#include "ytypes.h"
-#include <yhash.h>
-#include "ycipher.h"
-
-extern const struct krb5_prng_provider krb5int_prng_yarrow;
-
-/* These error codes are returned by the functions below. */
-
-#define YARROW_OK 1 /* All is well */
-#define YARROW_FAIL 0 /* generic failure */
-#define YARROW_NOT_INIT -1 /* YarrowInit hasn't been called */
-#define YARROW_ALREADY_INIT -2 /* YarrowInit has already been called */
-#define YARROW_NO_DRIVER -3 /* driver doesn't exist */
-#define YARROW_CANT_OPEN -4 /* can't open driver */
-#define YARROW_BAD_SOURCE -5 /* invalid source id */
-#define YARROW_TOO_MANY_SOURCES -6 /* can't create any more source ids */
-#define YARROW_BAD_ARG -7 /* invalid argument */
-#define YARROW_ACCESS -8 /* insufficient privileges */
-#define YARROW_NOMEM -9 /* out of memory */
-#define YARROW_NORSRC -10 /* a resource is exhausted */
-#define YARROW_NOT_SEEDED -11 /* not enough entropy to generate output */
-#define YARROW_LOCKING -12 /* locking error */
-#define YARROW_NO_STATE -13 /* there is no state to load */
-#define YARROW_STATE_ERROR -14 /* error with state load or save */
-#define YARROW_NOT_IMPL -15 /* not implemented */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Yarrow implementation and configuration parameters */
-
-/* pool identification */
-#define YARROW_FAST_POOL 0
-#define YARROW_SLOW_POOL 1
-
-#define YARROW_MAX_SOURCES 20
-#define YARROW_ENTROPY_MULTIPLIER 0.5
-
-#define YARROW_POOL_SIZE (HASH_DIGEST_SIZE*8)
-
-#define YARROW_OUTPUTS_PER_GATE 10 /* Pg */
-#define YARROW_FAST_PT 10
-#define YARROW_SLOW_PT 100
-
-/* thresholds to use once seeded */
-
-#define YARROW_FAST_THRESH 100
-#define YARROW_SLOW_THRESH 160
-#define YARROW_K_OF_N_THRESH 2
-
-/* The Yarrow paper does not specify when the initial seed should be
- considered complete. Use the same conditions as a slow reseed */
-
-#define YARROW_FAST_INIT_THRESH YARROW_FAST_THRESH
-#define YARROW_SLOW_INIT_THRESH YARROW_SLOW_THRESH
-#define YARROW_K_OF_N_INIT_THRESH YARROW_K_OF_N_THRESH
-
-/* sanity checks */
-
-#if YARROW_FAST_THRESH > YARROW_POOL_SIZE
-error "can't have higher YARROW_FAST_THRESH than pool size"
-#endif
-
-#if YARROW_SLOW_THRESH > YARROW_POOL_SIZE
-error "can't have higher YARROW_SLOW_THRESH than pool size"
-#endif
-
-#if YARROW_FAST_INIT_THRESH > YARROW_POOL_SIZE
-error "can't have higher YARROW_FAST_INIT_THRESH than pool size"
-#endif
-
-#if YARROW_SLOW_INIT_THRESH > YARROW_POOL_SIZE
-error "can't have higher YARROW_SLOW_INIT_THRESH than pool size"
-#endif
-
-typedef size_t estimator_fn(const void* sample, size_t size);
-
-typedef struct
-{
- int pool;
- size_t entropy[2];
- int reached_slow_thresh;
- estimator_fn* estimator;
-} Source;
-
-typedef struct
-{
- /* state */
- int seeded;
- int saved;
-#if defined( YARROW_DETECT_FORK )
- int pid;
-#endif
- Source source[YARROW_MAX_SOURCES];
- unsigned num_sources;
- HASH_CTX pool[2];
- byte out[CIPHER_BLOCK_SIZE];
- unsigned out_left;
- COUNTER out_count;
- COUNTER gate_count;
- COUNTER gates_limit;
- byte C[CIPHER_BLOCK_SIZE];
- CIPHER_CTX cipher;
- byte K[CIPHER_KEY_SIZE];
-
- const char *entropyfile;
-
- /* parameters */
- COUNTER Pt[2];
- COUNTER Pg;
- int slow_k_of_n;
-
- /* current thresholds */
- size_t slow_thresh;
- size_t fast_thresh;
- int slow_k_of_n_thresh;
-} Yarrow_CTX;
-
-# define YARROW_DLL
-
-
-YARROW_DLL
-int krb5int_yarrow_init( Yarrow_CTX* y, const char *filename );
-
-
-YARROW_DLL
-int krb5int_yarrow_input( Yarrow_CTX* y, unsigned source_id,
- const void* sample,
- size_t size, size_t entropy_bits );
-
-YARROW_DLL
-int krb5int_yarrow_status( Yarrow_CTX* y, int *num_sources, unsigned *source_id,
- size_t *entropy_bits, size_t *entropy_max );
-
-YARROW_DLL
-int krb5int_yarrow_output( Yarrow_CTX* y, void* out, size_t size );
-
-YARROW_DLL
-int krb5int_yarrow_new_source( Yarrow_CTX* y, unsigned* source_id );
-
-YARROW_DLL
-int krb5int_yarrow_register_source_estimator( Yarrow_CTX* y, unsigned source_id,
- estimator_fn* fptr );
-
-YARROW_DLL
-int krb5int_yarrow_stretch( const byte* m, size_t size, byte* out, size_t out_size );
-
-YARROW_DLL
-int krb5int_yarrow_reseed( Yarrow_CTX* y, int pool );
-
-YARROW_DLL
-int krb5int_yarrow_gate( Yarrow_CTX* y );
-
-YARROW_DLL
-int krb5int_yarrow_final( Yarrow_CTX* y );
-
-YARROW_DLL
-const char* krb5int_yarrow_str_error( int );
-
-
-# define mem_zero(p, n) memset((p), 0, (n))
-# define mem_copy(d, s, n) memcpy((d), (s), (n))
-
-
-#if !defined(WIN32)
-# define min(x, y) ((x) < (y) ? (x) : (y))
-# define max(x, y) ((x) > (y) ? (x) : (y))
-#endif
-
-
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* YARROW_H */
+++ /dev/null
-.rn '' }`
-''' $RCSfile$$Revision$$Date$
-'''
-''' $Log$
-''' Revision 1.1 2001/11/08 21:51:57 hartmans
-''' Add Yarrow from http://www.zeroknowledge.com/.
-'''
-''' This is version 0.1 of their Yarrow implementation. I have flattened the distribution,
-''' copying files in the src directory directly into this directory.
-'''
-''' Revision 1.1.2.1 2000/08/13 21:11:24 adamb
-''' added some more assumptions
-''' included yarrow.man derived from yarrow.pod with pod2man
-'''
-'''
-.de Sh
-.br
-.if t .Sp
-.ne 5
-.PP
-\fB\\$1\fR
-.PP
-..
-.de Sp
-.if t .sp .5v
-.if n .sp
-..
-.de Ip
-.br
-.ie \\n(.$>=3 .ne \\$3
-.el .ne 3
-.IP "\\$1" \\$2
-..
-.de Vb
-.ft CW
-.nf
-.ne \\$1
-..
-.de Ve
-.ft R
-
-.fi
-..
-'''
-'''
-''' Set up \*(-- to give an unbreakable dash;
-''' string Tr holds user defined translation string.
-''' Bell System Logo is used as a dummy character.
-'''
-.tr \(*W-|\(bv\*(Tr
-.ie n \{\
-.ds -- \(*W-
-.ds PI pi
-.if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
-.if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
-.ds L" ""
-.ds R" ""
-''' \*(M", \*(S", \*(N" and \*(T" are the equivalent of
-''' \*(L" and \*(R", except that they are used on ".xx" lines,
-''' such as .IP and .SH, which do another additional levels of
-''' double-quote interpretation
-.ds M" """
-.ds S" """
-.ds N" """""
-.ds T" """""
-.ds L' '
-.ds R' '
-.ds M' '
-.ds S' '
-.ds N' '
-.ds T' '
-'br\}
-.el\{\
-.ds -- \(em\|
-.tr \*(Tr
-.ds L" ``
-.ds R" ''
-.ds M" ``
-.ds S" ''
-.ds N" ``
-.ds T" ''
-.ds L' `
-.ds R' '
-.ds M' `
-.ds S' '
-.ds N' `
-.ds T' '
-.ds PI \(*p
-'br\}
-.\" If the F register is turned on, we'll generate
-.\" index entries out stderr for the following things:
-.\" TH Title
-.\" SH Header
-.\" Sh Subsection
-.\" Ip Item
-.\" X<> Xref (embedded
-.\" Of course, you have to process the output yourself
-.\" in some meaninful fashion.
-.if \nF \{
-.de IX
-.tm Index:\\$1\t\\n%\t"\\$2"
-..
-.nr % 0
-.rr F
-.\}
-.TH YARROW 1 "perl 5.005, patch 03" "13/Aug/2000" "User Contributed Perl Documentation"
-.UC
-.if n .hy 0
-.if n .na
-.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
-.de CQ \" put $1 in typewriter font
-.ft CW
-'if n "\c
-'if t \\&\\$1\c
-'if n \\&\\$1\c
-'if n \&"
-\\&\\$2 \\$3 \\$4 \\$5 \\$6 \\$7
-'.ft R
-..
-.\" @(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2
-. \" AM - accent mark definitions
-.bd B 3
-. \" fudge factors for nroff and troff
-.if n \{\
-. ds #H 0
-. ds #V .8m
-. ds #F .3m
-. ds #[ \f1
-. ds #] \fP
-.\}
-.if t \{\
-. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
-. ds #V .6m
-. ds #F 0
-. ds #[ \&
-. ds #] \&
-.\}
-. \" simple accents for nroff and troff
-.if n \{\
-. ds ' \&
-. ds ` \&
-. ds ^ \&
-. ds , \&
-. ds ~ ~
-. ds ? ?
-. ds ! !
-. ds /
-. ds q
-.\}
-.if t \{\
-. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
-. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
-. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
-. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
-. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
-. ds ? \s-2c\h'-\w'c'u*7/10'\u\h'\*(#H'\zi\d\s+2\h'\w'c'u*8/10'
-. ds ! \s-2\(or\s+2\h'-\w'\(or'u'\v'-.8m'.\v'.8m'
-. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
-. ds q o\h'-\w'o'u*8/10'\s-4\v'.4m'\z\(*i\v'-.4m'\s+4\h'\w'o'u*8/10'
-.\}
-. \" troff and (daisy-wheel) nroff accents
-.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
-.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
-.ds v \\k:\h'-(\\n(.wu*9/10-\*(#H)'\v'-\*(#V'\*(#[\s-4v\s0\v'\*(#V'\h'|\\n:u'\*(#]
-.ds _ \\k:\h'-(\\n(.wu*9/10-\*(#H+(\*(#F*2/3))'\v'-.4m'\z\(hy\v'.4m'\h'|\\n:u'
-.ds . \\k:\h'-(\\n(.wu*8/10)'\v'\*(#V*4/10'\z.\v'-\*(#V*4/10'\h'|\\n:u'
-.ds 3 \*(#[\v'.2m'\s-2\&3\s0\v'-.2m'\*(#]
-.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
-.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
-.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
-.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
-.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
-.ds ae a\h'-(\w'a'u*4/10)'e
-.ds Ae A\h'-(\w'A'u*4/10)'E
-.ds oe o\h'-(\w'o'u*4/10)'e
-.ds Oe O\h'-(\w'O'u*4/10)'E
-. \" corrections for vroff
-.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
-.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
-. \" for low resolution devices (crt and lpr)
-.if \n(.H>23 .if \n(.V>19 \
-\{\
-. ds : e
-. ds 8 ss
-. ds v \h'-1'\o'\(aa\(ga'
-. ds _ \h'-1'^
-. ds . \h'-1'.
-. ds 3 3
-. ds o a
-. ds d- d\h'-1'\(ga
-. ds D- D\h'-1'\(hy
-. ds th \o'bp'
-. ds Th \o'LP'
-. ds ae ae
-. ds Ae AE
-. ds oe oe
-. ds Oe OE
-.\}
-.rm #[ #] #H #V #F C
-.SH "NAME"
-Yarrow_Init, Yarrow_Poll, Yarrow_Input, Yarrow_Status, Yarrow_Output, Yarrow_New_Source, Yarrow_Register_Source_Estimator, Yarrow Final \- cryptographic pseudo-random number generator
-.SH "SYNOPSIS"
-int \fIYarrow_Init\fR\|(Yarrow_CTX *y, const char *filename);
-.PP
-int \fIYarrow_New_Source\fR\|(Yarrow_CTX* y, unsigned* source_id);
-.PP
-int \fIYarrow_Poll\fR\|(Yarrow_CTX *y, unsigned source_id)
-.PP
-int \fIYarrow_Input\fR\|( Yarrow_CTX* y, unsigned source_id,
- const void* sample, size_t size,
- size_t entropy_bits);
-.PP
-int \fIYarrow_Status\fR\|(Yarrow_CTX* y, int *num_sources,
- unsigned *source_id, size_t *entropy_bits,
- size_t *entropy_max);
-.PP
-int \fIYarrow_Output\fR\|(Yarrow_CTX* y, void* out, size_t size);
-.PP
-int \fIYarrow_Register_Source_Estimator\fR\|(Yarrow_CTX* y,
- unsigned source_id,
- size_t (*estimator)(const void* sample,
- size_t size));
-.PP
-int \fIYarrow_Final\fR\|(Yarrow_CTX* y);
-.SH "DESCRIPTION"
-\fIYarrow_Init()\fR initializes a \fBYarrow_CTX\fR structure. \fBfilename\fR can
-be NULL, or the path to a seed file that Yarrow will use to store the
-PRNG state for use in later sessions. Returns \fBYARROW_OK\fR if the
-PRNG is seeded on exit, or \fBYARROW_NOT_SEEDED\fR if the PRNG is not yet
-seeded.
-.PP
-\fIYarrow_New_Source()\fR associates entropy sources such as keyboard input,
-mouse movements and other unpredictable events with a
-\fBYarrow_CTX\fR. The function assigns a unique number to the new source,
-and places it in \fBsource_id\fR.
-.PP
-\fIYarrow_Poll()\fR gathers entropy from the state of the machine and adds
-it to the source \fBsource_id\fR. The source has to be allocated by the
-user with Yarrow_New_Source. Returns \fBYARROW_OK\fR if the PRNG is
-seeded on exit, or \fBYARROW_NOT_SEEDED\fR if the PRNG is not yet seeded.
-.PP
-\fIYarrow_Input()\fR is used to add randomness from the source \fBsource_id\fR
-to the PRNG. It reads \fBsize\fR bytes at the address \fBsample\fR. An
-estimate of the entropy in bits contained in the sample must be
-specified as \fBentropy_bits\fR.
-.PP
-\fIYarrow_Status()\fR returns \fBYARROW_OK\fR if the PRNG has enough entropy to
-produce output, and \fBYARROW_NOT_SEEDED\fR if calls to \fIYarrow_Output()\fR
-would fail.
-.PP
-If num_sources is not NULL, the number of entropy sources that still
-need to be seeded is returned in \fB*num_sources\fR.
-.PP
-If source_id is not NULL, the entropy source that is closest to its
-threshold is returned in \fB*source_id\fR. \fB*source_id\fR is set to \-1 if
-no sources have either reached their threshold or not collected any
-entropy yet.
-.PP
-If not NULL, \fB*entropy_bits\fR is set to the current number of bits for
-the source \fB*source_id\fR, and \fB*entropy_max\fR to the threshold.
-.PP
-\fIYarrow_Output()\fR generates \fBsize\fR bytes of cryptographically strong
-pseudo-random output and places them at \fBout\fR. The return value must
-always be checked. If an error occurs, the PRNG may produce
-predictable data or no output at all.
-.PP
-\fIYarrow_Register_Source_Estimator()\fR registers an entropy estimator
-for \fBsource_id\fR. An entropy estimator is a function that tries to
-estimate the entropy in a sample and returns the entropy in bits
-in order to detect abnormal situations in which the samples have a very
-low entropy.
-.PP
-\fIYarrow_Final()\fR writes the PRNG state to the seed file and erases it
-from memory.
-.SH "RETURN VALUES"
-All functions return \fBYARROW_OK\fR on success. Error conditions are reported
-as follows:
-.PP
-.Vb 16
-\& YARROW_FAIL generic failure
-\& YARROW_NOT_INIT YarrowInit() hasn't been called
-\& YARROW_ALREADY_INIT YarrowInit() has already been called
-\& YARROW_NO_DRIVER driver doesn't exist
-\& YARROW_CANT_OPEN can't open driver
-\& YARROW_BAD_SOURCE invalid source id
-\& YARROW_TOO_MANY_SOURCES can't create any more source IDs
-\& YARROW_BAD_ARG invalid argument
-\& YARROW_ACCESS insufficient privileges
-\& YARROW_NOMEM out of memory
-\& YARROW_NORSRC a resource (apart from memory) is exhausted
-\& YARROW_NOT_SEEDED not enough entropy to generate output
-\& YARROW_LOCKING locking error
-\& YARROW_NO_STATE there is no state to load
-\& YARROW_STATE_ERROR error with state load or save
-\& YARROW_NOT_IMPL not implemented
-.Ve
-.SH "AUTHORS"
-Yarrow was designed by John Kelsey, Bruce Schneier and Niels Ferguson
-of Counterpane Systems. This implementation is (C) 2000 by
-Zero-Knowledge Systems Inc.
-
-.rn }` ''
-.IX Title "YARROW 1"
-.IX Name "Yarrow_Init, Yarrow_Poll, Yarrow_Input, Yarrow_Status, Yarrow_Output, Yarrow_New_Source, Yarrow_Register_Source_Estimator, Yarrow Final - cryptographic pseudo-random number generator"
-
-.IX Header "NAME"
-
-.IX Header "SYNOPSIS"
-
-.IX Header "DESCRIPTION"
-
-.IX Header "RETURN VALUES"
-
-.IX Header "AUTHORS"
-
+++ /dev/null
-=pod
-
-=head1 NAME
-
-Yarrow_Init, Yarrow_Poll, Yarrow_Input, Yarrow_Status, Yarrow_Output, Yarrow_New_Source, Yarrow_Register_Source_Estimator, Yarrow Final - cryptographic pseudo-random number generator
-
-=head1 SYNOPSIS
-
-int Yarrow_Init(Yarrow_CTX *y, const char *filename);
-
-int Yarrow_New_Source(Yarrow_CTX* y, unsigned* source_id);
-
-int Yarrow_Poll(Yarrow_CTX *y, unsigned source_id)
-
-int Yarrow_Input( Yarrow_CTX* y, unsigned source_id,
- const void* sample, size_t size,
- size_t entropy_bits);
-
-int Yarrow_Status(Yarrow_CTX* y, int *num_sources,
- unsigned *source_id, size_t *entropy_bits,
- size_t *entropy_max);
-
-int Yarrow_Output(Yarrow_CTX* y, void* out, size_t size);
-
-int Yarrow_Register_Source_Estimator(Yarrow_CTX* y,
- unsigned source_id,
- size_t (*estimator)(const void* sample,
- size_t size));
-
-int Yarrow_Final(Yarrow_CTX* y);
-
-=head1 DESCRIPTION
-
-Yarrow_Init() initializes a B<Yarrow_CTX> structure. B<filename> can
-be NULL, or the path to a seed file that Yarrow will use to store the
-PRNG state for use in later sessions. Returns B<YARROW_OK> if the
-PRNG is seeded on exit, or B<YARROW_NOT_SEEDED> if the PRNG is not yet
-seeded.
-
-Yarrow_New_Source() associates entropy sources such as keyboard input,
-mouse movements and other unpredictable events with a
-B<Yarrow_CTX>. The function assigns a unique number to the new source,
-and places it in B<source_id>.
-
-Yarrow_Poll() gathers entropy from the state of the machine and adds
-it to the source B<source_id>. The source has to be allocated by the
-user with Yarrow_New_Source. Returns B<YARROW_OK> if the PRNG is
-seeded on exit, or B<YARROW_NOT_SEEDED> if the PRNG is not yet seeded.
-
-Yarrow_Input() is used to add randomness from the source B<source_id>
-to the PRNG. It reads B<size> bytes at the address B<sample>. An
-estimate of the entropy in bits contained in the sample must be
-specified as B<entropy_bits>.
-
-Yarrow_Status() returns B<YARROW_OK> if the PRNG has enough entropy to
-produce output, and B<YARROW_NOT_SEEDED> if calls to Yarrow_Output()
-would fail.
-
-If num_sources is not NULL, the number of entropy sources that still
-need to be seeded is returned in B<*num_sources>.
-
-If source_id is not NULL, the entropy source that is closest to its
-threshold is returned in B<*source_id>. B<*source_id> is set to -1 if
-no sources have either reached their threshold or not collected any
-entropy yet.
-
-If not NULL, B<*entropy_bits> is set to the current number of bits for
-the source B<*source_id>, and B<*entropy_max> to the threshold.
-
-Yarrow_Output() generates B<size> bytes of cryptographically strong
-pseudo-random output and places them at B<out>. The return value must
-always be checked. If an error occurs, the PRNG may produce
-predictable data or no output at all.
-
-Yarrow_Register_Source_Estimator() registers an entropy estimator
-for B<source_id>. An entropy estimator is a function that tries to
-estimate the entropy in a sample and returns the entropy in bits
-in order to detect abnormal situations in which the samples have a very
-low entropy.
-
-Yarrow_Final() writes the PRNG state to the seed file and erases it
-from memory.
-
-=head1 RETURN VALUES
-
-All functions return B<YARROW_OK> on success. Error conditions are reported
-as follows:
-
- YARROW_FAIL generic failure
- YARROW_NOT_INIT YarrowInit() hasn't been called
- YARROW_ALREADY_INIT YarrowInit() has already been called
- YARROW_NO_DRIVER driver doesn't exist
- YARROW_CANT_OPEN can't open driver
- YARROW_BAD_SOURCE invalid source id
- YARROW_TOO_MANY_SOURCES can't create any more source IDs
- YARROW_BAD_ARG invalid argument
- YARROW_ACCESS insufficient privileges
- YARROW_NOMEM out of memory
- YARROW_NORSRC a resource (apart from memory) is exhausted
- YARROW_NOT_SEEDED not enough entropy to generate output
- YARROW_LOCKING locking error
- YARROW_NO_STATE there is no state to load
- YARROW_STATE_ERROR error with state load or save
- YARROW_NOT_IMPL not implemented
-
-=head1 AUTHORS
-
-Yarrow was designed by John Kelsey, Bruce Schneier and Niels Ferguson
-of Counterpane Systems. This implementation is (C) 2000 by
-Zero-Knowledge Systems Inc.
-
-=cut
+++ /dev/null
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/*
- * lib/crypto/yarrow/ycipher.c
- *
- * Copyright (C) 2001, 2007 by the Massachusetts Institute of Technology.
- * All rights reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- *
- * Routines to implement krb5 cipher operations.
- */
-#include "k5-int.h"
-#include "yarrow.h"
-#include "ycipher.h"
-#include "enc_provider.h"
-#include "assert.h"
-
-int
-krb5int_yarrow_cipher_init(CIPHER_CTX *ctx, unsigned const char * key)
-{
- size_t keybytes, keylength;
- const struct krb5_enc_provider *enc = &yarrow_enc_provider;
- krb5_error_code ret;
- krb5_data randombits;
- krb5_keyblock keyblock;
-
- keybytes = enc->keybytes;
- keylength = enc->keylength;
- assert (keybytes == CIPHER_KEY_SIZE);
- krb5_k_free_key(NULL, ctx->key);
- ctx->key = NULL;
- keyblock.contents = malloc(keylength);
- keyblock.length = keylength;
- keyblock.enctype = yarrow_enc_type;
- if (keyblock.contents == NULL)
- return (YARROW_NOMEM);
- randombits.data = (char *) key;
- randombits.length = keybytes;
- ret = enc->make_key(&randombits, &keyblock);
- if (ret != 0)
- goto cleanup;
- ret = krb5_k_create_key(NULL, &keyblock, &ctx->key);
-cleanup:
- free(keyblock.contents);
- if (ret)
- return YARROW_FAIL;
- return YARROW_OK;
-}
-
-int krb5int_yarrow_cipher_encrypt_block(CIPHER_CTX *ctx,
- const unsigned char *in,
- unsigned char *out)
-{
- krb5_error_code ret;
- krb5_crypto_iov iov;
- const struct krb5_enc_provider *enc = &yarrow_enc_provider;
-
- memcpy(out, in, CIPHER_BLOCK_SIZE);
- iov.flags = KRB5_CRYPTO_TYPE_DATA;
- iov.data = make_data(out, CIPHER_BLOCK_SIZE);
- ret = enc->encrypt(ctx->key, 0, &iov, 1);
- return (ret == 0) ? YARROW_OK : YARROW_FAIL;
-}
-
-void
-krb5int_yarrow_cipher_final(CIPHER_CTX *ctx)
-{
- krb5_k_free_key(NULL, ctx->key);
- ctx->key = NULL;
-}
+++ /dev/null
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-
-#ifndef YCIPHER_H
-#define YCIPHER_H
-
-/* block cipher interface */
-
-typedef struct
-{
- krb5_key key;
-} CIPHER_CTX;
-
-/* We need to choose a cipher. To do this, choose an enc_provider.
- * Be sure to update the block size and key size constants below;
- * they are here because static data structures are sized based on
- * them so they must be known at compile time./ Thus we cannot
- * call the enc_provider function to get the info.
- */
-
-#define yarrow_enc_provider krb5int_enc_aes256
-#define yarrow_enc_type ENCTYPE_AES256_CTS_HMAC_SHA1_96
-
-#define CIPHER_BLOCK_SIZE 16
-#define CIPHER_KEY_SIZE 32
-
-#if defined( YARROW_NO_MATHLIB )
-/* see macros at end for functions evaluated */
-#define POW_CIPHER_KEY_SIZE 115792089237316195423570985008687907853269984665640564039457584007913129639936.0
-#define POW_CIPHER_BLOCK_SIZE 340282366920938463463374607431768211456.0
-#endif
-
-
-int krb5int_yarrow_cipher_init (CIPHER_CTX *ctx, unsigned const char *key);
-int krb5int_yarrow_cipher_encrypt_block
-(CIPHER_CTX *ctx, const unsigned char *in, unsigned char *out);
-void krb5int_yarrow_cipher_final (CIPHER_CTX *ctx);
-
-#if !defined( YARROW_NO_MATHLIB )
-#define POW_CIPHER_KEY_SIZE pow(2.0, CIPHER_KEY_SIZE * 8 / 3.0)
-#define POW_CIPHER_BLOCK_SIZE pow(2.0, CIPHER_BLOCK_SIZE * 8)
-#endif
-
-#endif /* YCIPHER_H */
+++ /dev/null
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-
-#ifndef YEXCEP_H
-#define YEXCEP_H
-
-/* yes, macros with gotos in them, but in the interests of
- * avoiding repetition of code, and having less error prone
- * error handling
- *
- * EXCEP_DECL - declares the return value and local state variables
- * needed by the exception macros
- *
- * THROW( x ) - set return value to x and goto function cleanup
- * section (CATCH: block). In the catch block, THROW
- * does not goto catch label to avoid loops, and instead
- * falls through to the next statement.
- *
- * EXCEP_OK - success return value (=1)
- *
- * EXCEP_FAIL - failure return value (=0), other user exceptions are
- * given negative values (<0)
- *
- * TRY( x ) - if code returns value <= 0 TRY sets return value to
- * that value and goes to function cleanup section
- * (CATCH: block). In the catch block, TRY does not goto
- * the catch label to avoid loops, and instead
- * falls through to the next statement. The
- * return value is set to the first non success value
- * returned by a TRY, unless this is overridden by a THROW.
- *
- * CATCH: - start of catch block, also switches behavior of
- * TRY and THROW to not goto CATCH: inside the catch
- * block to avoid loops
- *
- * EXCEP_RET - return the current return value from the function
- * equivlanet to return (EXCEPTION)
- *
- * EXCEPTION - current return value, is set to EXCEP_OK by EXCEP_DECL
- *
- * EXCEP_BOOL - convert current return value to EXCEP_OK, or EXCEP_FAIL
- * (EXCEP_FAIL is anything other than EXCEP_OK)
- *
- */
-
-/* example usage */
-
-/*
- *
- * #define EXCEP_OK_COMMENT 2
- * #define EXCEP_NULL_PTR -1
- * #define EXCEP_OUT_OF_MEM -2
- *
- * int bar( char *c )
- * {
- * EXCEP_DECL;
- *
- * if ( !c ) { THROW( EXCEP_NULL_PTR ); }
- * if ( *c == '\0' ) { THROW( EXCEP_FAIL ); );
- * if ( *c == '#' ) { SET( EXCEP_COMMENT ); }
- * CATCH:
- * EXCEP_RET;
- * }
- *
- * int foo( char *c )
- * {
- * EXCEP_DECL;
- * int *p = NULL;
- *
- * if ( !c ) { THROW( EXCEP_NULL_PTR ); }
- * TRY( bar( c ) );
- * if ( RETURN == EXCEP_COMMENT ) { print( "comment\n" ); }
- * p = strdup( c );
- * if ( !p ) { THROW( EXCEP_OUT_OF_MEM ); }
- *
- * CATCH:
- * if ( p ) { TRY( bar( p ) ); free( p ); }
- * THROW( EXCEP_BOOL );
- * if ( EXCEPTION == EXCEP_OK ) { printf( "success\n" ); }
- * EXCEP_RET;
- * }
- *
- */
-
-#define EXCEP_FAIL 0
-#define EXCEP_OK 1
-#define EXCEP_DECL int _thr = 0, _ret2 = 0, _ret = _ret2+EXCEP_OK
-
-#define THROW( x ) \
- do { \
- _ret = (x); \
- if( !_thr ) { goto _catch; } \
- } while ( 0 )
-
-#define TRY( x ) \
- do { \
- _ret2 = (x); \
- if ( _ret > 0 && _ret2 <= 0 ) { THROW( _ret2 ); } \
- } while ( 0 )
-
-#define SET( x ) (_ret = (x))
-#define EXCEP_RET return( _ret )
-#define EXCEPTION _ret
-#define RETURN _ret2
-#define CATCH _catch: _thr = 1; if ( 0 ) { goto _foo; } _foo
-#define EXCEP_BOOL ( _ret > 0 ? EXCEP_OK : EXCEP_FAIL )
-
-#endif
+++ /dev/null
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-
-#ifndef YLOCK_H
-#define YLOCK_H
-
-#include "yarrow.h"
-
-/* these functions should return:
- *
- * YARROW_OK on success
- * and YARROW_LOCKING on failure
- */
-
-#if 0
-static int LOCK( void ) { return (YARROW_OK); }
-static int UNLOCK( void ) { return (YARROW_OK); }
-#else
-#include "k5-thread.h"
-extern k5_mutex_t krb5int_yarrow_lock;
-#define LOCK() (k5_mutex_lock(&krb5int_yarrow_lock) ? YARROW_LOCKING : YARROW_OK)
-#define UNLOCK() (k5_mutex_unlock(&krb5int_yarrow_lock) ? YARROW_LOCKING : YARROW_OK)
-#endif
-
-#endif /* YLOCK_H */
+++ /dev/null
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-
-#ifndef YSTATE_H
-#define YSTATE_H
-
-#ifdef YARROW_SAVE_STATE
-
-#include "ycipher.h"
-#include "ytypes.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef struct Yarrow_STATE {
- byte seed[CIPHER_KEY_SIZE * 2]; /* 2k bits saved to seed file */
-} Yarrow_STATE;
-
-int STATE_Save( const char *filename, const struct Yarrow_STATE* state );
-int STATE_Load( const char *filename, struct Yarrow_STATE* state );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* YARROW_SAVE_STATE */
-
-#endif /* YSTATE_H */
+++ /dev/null
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-
-#ifndef YTYPES_H
-#define YTYPES_H
-
-#include <limits.h>
-#include <stddef.h>
-#include "autoconf.h"
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-
-#define byte unsigned char
-
-#define uint8 unsigned char
-#define int8 signed char
-
-
-#if defined(uint64)
-# define COUNTER uint64
-#else
-# define COUNTER krb5_ui_4
-#endif
-
-#define COUNTER_MAX ((COUNTER)0 - 1)
-
-#endif /* YTYPES_H */
+++ /dev/null
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/* lib/crypto/openssl/hash/yhash.h
- */
-
-#ifndef YHASH_H
-#define YHASH_H
-
-/* hash function interface */
-
-/* default to SHA1 for yarrow 160 */
-
-#include "shs.h"
-
-
-#define HASH_CTX SHS_INFO
-#define HASH_Init(x) shsInit(x)
-#define HASH_Update(x, buf, sz) shsUpdate(x, (const void*)buf, sz)
-
-#define HASH_Final(x, tdigest) do { \
- int loopvar; \
- unsigned char *out2 = (void *)(tdigest); \
- HASH_CTX *ctx = (x); \
- shsFinal(ctx); \
- memcpy(out2, ctx->digestBuf, ctx->digestLen); \
- } while(0)
-
-#define HASH_DIGEST_SIZE SHS_DIGESTSIZE
-
-#endif /* YHASH_H */
+++ /dev/null
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/* lib/crypto/openssl/hash/yhash.h
- */
-
-#ifndef YHASH_H
-#define YHASH_H
-
-/* hash function interface */
-
-/* default to SHA1 for yarrow 160 */
-
-#include "shs.h"
-
-
-#define HASH_CTX SHS_INFO
-#define HASH_Init(x) shsInit(x)
-#define HASH_Update(x, buf, sz) shsUpdate(x, (const void*)buf, sz)
-
-#define HASH_Final(x, tdigest) do { \
- int loopvar; \
- unsigned char *out2 = (void *)(tdigest); \
- HASH_CTX *ctx = (x); \
- shsFinal(ctx); \
- memcpy(out2, ctx->digestBuf, ctx->digestLen); \
- } while(0)
-
-#define HASH_DIGEST_SIZE SHS_DIGESTSIZE
-
-#endif /* YHASH_H */