From: Greg Hudson Date: Fri, 25 Feb 2011 15:05:38 +0000 (+0000) Subject: Remove Yarrow PRNG implementation X-Git-Tag: krb5-1.10-alpha1~573 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=920ffa13c22ef8c6ac835a293f5d63f944a82859;p=krb5.git Remove Yarrow PRNG implementation git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24660 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/Makefile.in b/src/Makefile.in index e624d6379..e8879096a 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -246,8 +246,6 @@ WINMAKEFILES=Makefile \ ##DOS## $(WCONFIG) config < $@.in > $@ ##DOS##lib\crypto\krb\prng\fortuna\Makefile: lib\crypto\krb\prng\fortuna\Makefile.in $(MKFDEP) ##DOS## $(WCONFIG) config < $@.in > $@ -##DOS##lib\crypto\krb\prng\yarrow\Makefile: lib\crypto\krb\prng\yarrow\Makefile.in $(MKFDEP) -##DOS## $(WCONFIG) config < $@.in > $@ ##DOS##lib\crypto\krb\prng\Makefile: lib\crypto\krb\prng\Makefile.in $(MKFDEP) ##DOS## $(WCONFIG) config < $@.in > $@ ##DOS##lib\crypto\krb\prf\Makefile: lib\crypto\krb\prf\Makefile.in $(MKFDEP) @@ -365,7 +363,7 @@ FILES= ./* appl/* appl/gss-sample/* \ include/krb5/* lib/* lib/crypto/* lib/crypto/krb/* \ lib/crypto/krb/crc32/* lib/crypto/krb/rand2key/* \ lib/crypto/krb/prng/fortuna/* lib/crypto/krb/prng/nss/* \ - lib/crypto/krb/prng/yarrow/* lib/crypto/krb/prng/* \ + lib/crypto/krb/prng/* \ lib/crypto/krb/prf/* lib/crypto/krb/checksum/* lib/crypto/krb/old/* \ lib/crypto/krb/raw/* lib/crypto/krb/arcfour/* lib/crypto/krb/dk/* \ lib/crypto/builtin/aes/* lib/crypto/builtin/enc_provider/* \ diff --git a/src/lib/crypto/builtin/yhash.h b/src/lib/crypto/builtin/yhash.h deleted file mode 100644 index dcb8769fe..000000000 --- a/src/lib/crypto/builtin/yhash.h +++ /dev/null @@ -1,29 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ - -#ifndef YHASH_H -#define YHASH_H - -/* hash function interface */ - -/* default to SHA1 for yarrow 160 */ - -#include "shs.h" - - - -#define HASH_CTX SHS_INFO -#define HASH_Init(x) shsInit(x) -#define HASH_Update(x, buf, sz) shsUpdate(x, (const void*)buf, sz) -#define HASH_Final(x, tdigest) do { \ - size_t loopvar; \ - unsigned char *out2 = (void *)(tdigest); \ - HASH_CTX *ctx = (x); \ - shsFinal(ctx); \ - for (loopvar=0; loopvar<(sizeof(ctx->digest)/sizeof(ctx->digest[0])); loopvar++) \ - store_32_be(ctx->digest[loopvar], &out2[loopvar*4]); \ - } while(0) - - -#define HASH_DIGEST_SIZE SHS_DIGESTSIZE - -#endif /* YHASH_H */ diff --git a/src/lib/crypto/crypto_tests/Makefile.in b/src/lib/crypto/crypto_tests/Makefile.in index 50700fd6c..81f9b5e0a 100644 --- a/src/lib/crypto/crypto_tests/Makefile.in +++ b/src/lib/crypto/crypto_tests/Makefile.in @@ -37,17 +37,13 @@ EXTRADEPSRCS=\ $(srcdir)/t_short.c \ $(srcdir)/t_str2key.c \ $(srcdir)/t_derive.c \ - $(srcdir)/t_fork.c \ - $(srcdir)/ytest.c + $(srcdir)/t_fork.c ##DOS##BUILDTOP = ..\..\.. # NOTE: The t_cksum known checksum values are primarily for regression # testing. They are not derived a priori, but are known to produce # checksums that interoperate. -# -# We use the NSS PRNG when NSS is the crypto back end, so don't test -# against the expected output for Yarrow. check-unix:: t_nfold t_encrypt t_decrypt t_prf t_prng t_cmac t_hmac \ t_cksum4 t_cksum5 t_cksums \ aes-test \ @@ -58,9 +54,6 @@ check-unix:: t_nfold t_encrypt t_decrypt t_prf t_prng t_cmac t_hmac \ $(RUN_SETUP) $(VALGRIND) ./t_encrypt $(RUN_SETUP) $(VALGRIND) ./t_decrypt $(RUN_SETUP) $(VALGRIND) ./t_prng <$(srcdir)/t_prng.seed >t_prng.output - if [ $(PRNG_ALG) = yarrow ]; then \ - diff t_prng.output $(srcdir)/t_prng.expected; \ - fi $(RUN_SETUP) $(VALGRIND) ./t_cmac $(RUN_SETUP) $(VALGRIND) ./t_hmac $(RUN_SETUP) $(VALGRIND) ./t_prf <$(srcdir)/t_prf.in >t_prf.output @@ -172,11 +165,6 @@ t_derive$(EXEEXT): t_derive.$(OBJEXT) $(SUPPORT_DEPLIB) t_fork$(EXEEXT): t_fork.$(OBJEXT) $(SUPPORT_DEPLIB) $(CC_LINK) -o $@ t_fork.$(OBJEXT) -lkrb5 -lk5crypto -lcom_err $(SUPPORT_LIB) -ytest: ytest.o shs.o $(SUPPORT_DEPLIB) $(CRYPTO_DEPLIB) - $(CC_LINK) -o ytest ytest.o $(SUPPORT_LIB) $(CRYPTO_DEPLIB) - - - clean:: $(RM) t_nfold.o t_nfold nfold.$(OBJEXT) t_encrypt t_encrypt.o \ t_decrypt.o t_decrypt t_prng.o t_prng t_cmac.o t_cmac \ diff --git a/src/lib/crypto/crypto_tests/deps b/src/lib/crypto/crypto_tests/deps index 73505bf1a..03010c0c8 100644 --- a/src/lib/crypto/crypto_tests/deps +++ b/src/lib/crypto/crypto_tests/deps @@ -207,17 +207,3 @@ $(OUTPRE)t_fork.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \ $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \ $(top_srcdir)/include/socket-utils.h t_fork.c -$(OUTPRE)ytest.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../builtin/sha1/shs.h \ - $(srcdir)/../builtin/yhash.h $(srcdir)/../krb/prng/yarrow/yarrow.h \ - $(srcdir)/../krb/prng/yarrow/ycipher.h $(srcdir)/../krb/prng/yarrow/yexcep.h \ - $(srcdir)/../krb/prng/yarrow/ytypes.h $(top_srcdir)/include/k5-buf.h \ - $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ - $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ - $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ - $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ - $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ - $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \ - $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h ytest.c diff --git a/src/lib/crypto/crypto_tests/t_prng.reseedtest b/src/lib/crypto/crypto_tests/t_prng.reseedtest deleted file mode 100644 index 5eee0c064..000000000 --- a/src/lib/crypto/crypto_tests/t_prng.reseedtest +++ /dev/null @@ -1,31 +0,0 @@ -1 -160 - cb 12 70 40 ee fb 76 2e 32 0d f1 0c a7 a9 36 f8 - c8 f3 35 4e 0f 51 18 cd 25 0f 48 5b e4 97 aa 4f - be 7e 93 af dd 15 29 fc 24 4f 0b 9a 9b 1d ad 7f - 32 c8 a6 96 d4 34 aa 83 d2 d7 33 b0 2f aa ba f6 - cf 8c 78 ad 8a 52 e1 48 e4 7c a7 c5 57 49 31 ea - db b7 9b 6b ab 13 f3 12 a5 ec 67 db 1e 83 73 be - ca 59 fc ed 29 8c f3 ef ca fd 81 55 fa 91 3b 31 - da 24 d2 8b c1 a5 c1 3a 9c 50 a6 3c a1 60 31 0f - 62 c7 88 9b 1a e9 9f 3c 0f 04 d0 35 11 45 f0 8b - 84 a2 26 85 67 f1 e6 2b 34 6b ab 9b 3f c1 a1 0e -0 -1 -40 - f4 fc ab 98 45 a0 41 e4 4d 65 9c eb c2 c9 74 a4 - 55 df 6c 78 78 bc db ae e7 63 b8 a7 33 3b d7 50 - f6 33 c4 a0 1d 14 45 04 -0 -0 -40 - 16 80 1d 78 39 4b 3a 27 80 87 08 6c a9 37 59 74 - 60 f8 fc 37 10 4a 8a c4 d6 3e 6a 41 1a e1 5f 69 - 92 12 5a e1 3b 86 f1 5d -0 -0 -40 - a3 c8 78 4a a0 4d ce 3c 2a 8e 34 bf f7 06 dc d7 - 92 13 bd 74 45 72 40 b6 1c d6 55 28 47 1e f4 70 - 74 e4 94 d7 17 a6 7e 3b -20 diff --git a/src/lib/crypto/crypto_tests/t_prng.reseedtest-comments b/src/lib/crypto/crypto_tests/t_prng.reseedtest-comments deleted file mode 100644 index e50e09602..000000000 --- a/src/lib/crypto/crypto_tests/t_prng.reseedtest-comments +++ /dev/null @@ -1,21 +0,0 @@ -The reseedtest is intended to allow confirmation that if sufficient -entropy is provided then the PRNG will reseed (well initially seed) -itself before the first random data is requested. This test is not -useful to run in an automated manner because the point is to look at -internal function call order. - -To test this, set a break point at krb5int_yarrow_reseed and -krb5_c_random_make_octets and run the test. The reseed function -should be called with a pool of 1 (YARROW_SLOW_POOL) before -krb5_c_random_make_octets is called. - -A slow reseed should require two sources to reach sufficient entropy. -Sources start out sending entropy to fast pool then alternate with -slow pool. So this test does the following: -* Seed source 1 -* Seed source 1 (this time to slow pool) -* Seed source 0 -* Seed source 0 (to slow pool triggering reseed) -* Output some random data - - diff --git a/src/lib/crypto/crypto_tests/t_prng.reseedtest-expected b/src/lib/crypto/crypto_tests/t_prng.reseedtest-expected deleted file mode 100644 index d7b50801e..000000000 --- a/src/lib/crypto/crypto_tests/t_prng.reseedtest-expected +++ /dev/null @@ -1 +0,0 @@ -fd543f42aded9bd725c9b05682cd0f504c1b33d1 diff --git a/src/lib/crypto/crypto_tests/ytest.c b/src/lib/crypto/crypto_tests/ytest.c deleted file mode 100644 index 5b9ffafb7..000000000 --- a/src/lib/crypto/crypto_tests/ytest.c +++ /dev/null @@ -1,385 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* - * Yarrow - Cryptographic Pseudo-Random Number Generator - * Copyright (c) 2000 Zero-Knowledge Systems, Inc. - * - * See the accompanying LICENSE file for license information. - */ - -#include -#include -#include -#include "yarrow.h" -#include "yexcep.h" - -void hex_print( FILE* f, const char* var, void* data, size_t size ); -void dump_yarrow_state( FILE* f, Yarrow_CTX* y ); - -#define YARROW_SEED_FILE "seed" - -static void print_yarrow_status( Yarrow_CTX *y ) -{ - int sid, pool; - Source* source; - - for ( pool = 0; pool < 2; pool++ ) - { - printf( " %s: ", pool == YARROW_SLOW_POOL ? "slow" : "fast" ); - for ( sid = 0; sid < y->num_sources; sid++ ) - { - source = &y->source[ sid ]; - printf( "#%d=%d/%d, ", sid, source->entropy[pool], - pool == YARROW_SLOW_POOL ? - y->slow_thresh : y->fast_thresh ); - } - } - printf( "\n" ); -} - -int yarrow_verbose = 0; -#define VERBOSE( x ) if ( yarrow_verbose ) { x } - -int Instrumented_krb5int_yarrow_input( Yarrow_CTX* y, int sid, void* sample, - size_t size, int entropy ) -{ - int ret; - - VERBOSE( printf( "krb5int_yarrow_input( #%d, %d bits, %s ) = [", sid, entropy, - y->source[sid].pool == - YARROW_SLOW_POOL ? "slow" : "fast" ); ); - ret = krb5int_yarrow_input( y, sid, sample, size, entropy ); - - VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); ); - VERBOSE( print_yarrow_status( y ); ); - return (ret); -} - -typedef int (*test_fn)( void ); - -int test_1( void ); -int test_2( void ); -int test_3( void ); -int test_4( void ); - -test_fn test_func[] = -{ - test_1, test_2, test_3, test_4 -}; - -#define num_tests ( sizeof(test_func) / sizeof(test_fn) ) - -int do_test( int t ) -{ - EXCEP_DECL; - int ret; - - printf( "doing test %d ... ", t ); fflush( stdout ); - ret = test_func[ t-1 ](); - VERBOSE( printf( "\ndone test %d ", t ); ); - printf( "[%s]\n", krb5int_yarrow_str_error( ret ) ); fflush( stdout ); - THROW( ret ); - -CATCH: - THROW( EXCEP_BOOL ); - EXCEP_RET; -} - -int main( int argc, char* argv[] ) -{ - EXCEP_DECL; - int test = 0; - char** argvp; - char* arg; - char* conv_ok = NULL; - int ok = YARROW_OK; - int done_some_tests = 0; - int i; - int ret; - - for ( argvp = argv+1, i = 1; i < argc; i++, argvp++ ) - { - arg = *argvp; - if ( arg[0] == '-' ) - { - switch ( arg[1] ) - { - case 'v': yarrow_verbose = 1; continue; - default: fprintf( stderr, "usage: test [-v] [[test] ... ]\n" ); - THROW( YARROW_FAIL ); - } - } - conv_ok = NULL; - test = strtoul( arg, &conv_ok, 10 ); - if ( !conv_ok || test < 1 || test > num_tests ) - { - fprintf( stderr, "usage: test [-v] [[test] ... ]\n" ); - THROW( YARROW_FAIL ); - } - else - { - ret = do_test( test ); - if ( ok ) { ok = ret; } - done_some_tests = 1; - } - } - - if ( !done_some_tests ) - { - for ( i = 1; i <= num_tests; i++ ) - { - ret = do_test( i ); - if ( ok ) { ok = ret; } - } - } - THROW( ok ); - -CATCH: - switch (EXCEPTION) - { - case YARROW_OK: - exit (EXIT_SUCCESS); - default: - exit (EXIT_FAILURE); - } -} - -int test_1( void ) -{ - EXCEP_DECL; - -#if defined(YARROW_HASH_SHA1) - VERBOSE( printf( "\nsha1 test\n\n" ); ); - THROW( YARROW_NOT_IMPL ); -#elif defined(YARROW_MD5) - VERBOSE( printf( "\nmd5 test\n\n" ); ); - THROW( YARROW_NOT_IMPL ); -#else - VERBOSE( printf( "\nunknown hash function\n\n" ); ); - THROW( YARROW_NOT_IMPL ); -#endif -CATCH: - EXCEP_RET; -} - -int test_2( void ) -{ - EXCEP_DECL; - -#if defined(YARROW_CIPHER_3DES) - VERBOSE( printf( "\n3des test\n\n" ); ); - THROW( YARROW_NOT_IMPL ); -#elif defined(YARROW_CIPHER_BLOWFISH) - VERBOSE( printf( "\nblowfish test\n\n" ); ); - THROW( YARROW_NOT_IMPL ); -#elif defined(YARROW_CIPHER_IDEA) - VERBOSE( printf( "\nidea test\n\n" ); ); - THROW( YARROW_NOT_IMPL ); -#else - VERBOSE( printf( "\nunknown encryption function\n\n" ); ); - THROW( YARROW_NOT_IMPL ); -#endif -CATCH: - EXCEP_RET; -} - -int test_3( void ) -{ - EXCEP_DECL; - -#if !defined(YARROW_CIPHER_3DES) || !defined(YARROW_HASH_SHA1) - VERBOSE( printf( "\nnot Yarrow-SHA1-3DES (aka Yarrow-160)\n\n" ); ); - THROW( YARROW_NOT_IMPL ); -#endif - - VERBOSE( printf( "\nkrb5int_yarrow_stretch\n\n" ); ); - THROW( YARROW_NOT_IMPL ); - -CATCH: - EXCEP_RET; -} - -int test_4( void ) -{ - EXCEP_DECL; - Yarrow_CTX yarrow; - int initialized = 0; - unsigned user, mouse, keyboard; - int i, ret; - byte user_sample[ 20 ]; - byte mouse_sample[ 4 ]; - byte keyboard_sample[ 2 ]; - byte random[ 30 ]; - byte junk[ 48 ]; - - memset( user_sample, 3, sizeof( user_sample ) ); - memset( mouse_sample, 1, sizeof( mouse_sample ) ); - memset( keyboard_sample, 2, sizeof( keyboard_sample ) ); - - VERBOSE( printf( "\nGeneral workout test\n\n" ); ) - - VERBOSE( printf( "krb5int_yarrow_init() = [" ); ); - ret = krb5int_yarrow_init( &yarrow, YARROW_SEED_FILE ); - VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); ); - - if ( ret != YARROW_OK && ret != YARROW_NOT_SEEDED ) { THROW( ret ); } - initialized = 1; - -#if defined( YARROW_DEBUG ) - dump_yarrow_state( stdout, &yarrow ); -#endif - - ret = krb5int_yarrow_new_source( &yarrow, &user ); - VERBOSE( printf( "krb5int_yarrow_new_source() = [%s]\n", - krb5int_yarrow_str_error( ret ) ); ); - if ( ret != YARROW_OK ) { THROW( ret ); } - - VERBOSE( printf( "Yarrow_Poll( #%d ) = [", user ); ); - ret = Yarrow_Poll( &yarrow, user ); - VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); ); - - ret = krb5int_yarrow_new_source( &yarrow, &mouse ); - VERBOSE( printf( "krb5int_yarrow_new_source() = [%s]\n", - krb5int_yarrow_str_error( ret ) ); ); - if ( ret != YARROW_OK ) { THROW( ret ); } - - ret = krb5int_yarrow_new_source( &yarrow, &keyboard ); - VERBOSE( printf( "krb5int_yarrow_new_source() = [%s]\n", - krb5int_yarrow_str_error( ret ) ); ); - if ( ret != YARROW_OK ) { THROW( ret ); } - -/* prematurely try to draw output, to check failure when no - * seed file, or state saving turned off - */ - - VERBOSE( printf( "krb5int_yarrow_output( %d ) = [", sizeof( random ) ); ); - ret = krb5int_yarrow_output( &yarrow, random, sizeof( random ) ); - VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); ); - -/* do it twice so that we some slow samples - * (first sample goes to fast pool, and then samples alternate) - */ - - for ( i = 0; i < 2; i++ ) - { - TRY( Instrumented_krb5int_yarrow_input( &yarrow, mouse, mouse_sample, - sizeof( mouse_sample ), 2 ) ); - - TRY( Instrumented_krb5int_yarrow_input( &yarrow, keyboard, keyboard_sample, - sizeof( keyboard_sample ), 2 ) ); - - TRY( Instrumented_krb5int_yarrow_input( &yarrow, user, user_sample, - sizeof( user_sample ), 2 ) ); - } - -#if defined( YARROW_DEBUG ) - dump_yarrow_state( stdout, &yarrow ); -#endif - - VERBOSE( printf( "\nInduce user source (#%d) to reach " - "slow threshold\n\n", user ); ); - - /* induce fast reseed */ - - for ( i = 0; i < 7; i++ ) - { - TRY( Instrumented_krb5int_yarrow_input( &yarrow, user, user_sample, - sizeof( user_sample ), - sizeof( user_sample ) * 3 ) ); - } - - VERBOSE( printf( "\nInduce mouse source (#%d) to reach " - "slow threshold reseed\n\n", mouse ); ); - - /* induce slow reseed, by triggering a second source to reach it's - threshold */ - - for ( i = 0; i < 40; i++ ) - { - TRY( Instrumented_krb5int_yarrow_input( &yarrow, mouse, mouse_sample, - sizeof( mouse_sample ), - sizeof( mouse_sample )*2 ) ); - } - - VERBOSE( printf( "\nProduce some output\n\n" ); ); - - for ( i = 0; i < 30; i++ ) - { - VERBOSE( printf( "krb5int_yarrow_output( %d ) = [", sizeof( junk ) ); ); - ret = krb5int_yarrow_output( &yarrow, junk, sizeof( junk ) ); - VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); ); - if ( ret != YARROW_OK ) { THROW( ret ); } - } - - memset( junk, 0, sizeof( junk ) ); - - VERBOSE( printf( "\nTrigger some fast and slow reseeds\n\n" ); ); - - for ( i = 0; i < 30; i++ ) - { - /* odd input to a different source so there are some slow reseeds */ - - if ( i % 16 == 0 ) - { - TRY( Instrumented_krb5int_yarrow_input( &yarrow, mouse, junk, - sizeof( junk ), - sizeof( junk ) * 3 ) ); - } - else - { - TRY( Instrumented_krb5int_yarrow_input( &yarrow, user, junk, - sizeof( junk ), - sizeof( junk ) * 3 ) ); - } - } - - VERBOSE( printf( "\nPrint some random output\n\n" ); ); - - VERBOSE( printf( "krb5int_yarrow_output( %d ) = [", sizeof( random ) ); ); - ret = krb5int_yarrow_output( &yarrow, random, sizeof( random ) ); - VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); ); - if ( ret != YARROW_OK ) - { - THROW( ret ); - } - else - { - VERBOSE( hex_print( stdout, "random", random, sizeof( random ) ); ); - } - - VERBOSE( printf( "\nClose down Yarrow\n\n" ); ); - -CATCH: - if ( initialized ) - { - VERBOSE( printf( "krb5int_yarrow_final() = [" ); ); - ret = krb5int_yarrow_final( &yarrow ); - VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); ); - THROW( ret ); - } - EXCEP_RET; -} - -void hex_print( FILE* f, const char* var, void* data, size_t size ) -{ - const char* conv = "0123456789abcdef"; - size_t i; - char* p = (char*) data; - char c, d; - - fprintf( f, var ); - fprintf( f, " = " ); - for ( i = 0; i < size; i++ ) - { - c = conv[ (p[ i ] >> 4) & 0xf ]; - d = conv[ p[ i ] & 0xf ]; - fprintf( f, "%c%c", c, d ); - } - fprintf( f, "\n" ); -} - -void dump_yarrow_state( FILE* f, Yarrow_CTX* y ) -{ - fprintf( f, "===Yarrow State===\n" ); - hex_print( f, "C", y->C, sizeof( y->C ) ); - hex_print( f, "K", y->K, sizeof( y->K ) ); -} diff --git a/src/lib/crypto/krb/prng/nss/prng_nss.c b/src/lib/crypto/krb/prng/nss/prng_nss.c index 7d3088591..01eeb094f 100644 --- a/src/lib/crypto/krb/prng/nss/prng_nss.c +++ b/src/lib/crypto/krb/prng/nss/prng_nss.c @@ -33,9 +33,9 @@ #ifdef CRYPTO_IMPL_NSS /* - * Using Yarrow with NSS is a bit problematic because the MD5 contexts it holds - * open for the entropy pools would be invalidated by a fork(), causing us to - * lose the entropy contained therein. + * Using Fortuna with NSS is a bit problematic because the MD5 contexts it + * holds open for the entropy pools would be invalidated by a fork(), causing + * us to lose the entropy contained therein. * * Therefore, use the NSS PRNG if NSS is the crypto implementation. */ diff --git a/src/lib/crypto/krb/prng/prng.c b/src/lib/crypto/krb/prng/prng.c index 10e5d71df..d2bafa57a 100644 --- a/src/lib/crypto/krb/prng/prng.c +++ b/src/lib/crypto/krb/prng/prng.c @@ -32,9 +32,6 @@ const struct krb5_prng_provider *prng = &krb5int_prng_fortuna; #elif defined(CRYPTO_IMPL_NSS) #include "prng_nss.h" const struct krb5_prng_provider *prng = &krb5int_prng_nss; -#else -#include "yarrow.h" -const struct krb5_prng_provider *prng = &krb5int_prng_yarrow; #endif /* @@ -168,7 +165,7 @@ static krb5_boolean add_entropy_from_device(krb5_context context, const char *device) { krb5_data data; - unsigned char buf[ENTROPY_BUFSIZE]; + unsigned char buf[64]; if (!read_entropy_from_device(device, buf, sizeof(buf))) return FALSE; diff --git a/src/lib/crypto/krb/prng/prng.h b/src/lib/crypto/krb/prng/prng.h index d072507e6..728035551 100644 --- a/src/lib/crypto/krb/prng/prng.h +++ b/src/lib/crypto/krb/prng/prng.h @@ -31,19 +31,6 @@ #include "k5-int.h" -#if defined(FORTUNA) -#define ENTROPY_BUFSIZE 32 /* SHA256 digest length */ -#elif defined(CRYPTO_IMPL_NSS) -/* - * NSS gathers its own OS entropy, so it doesn't really matter how much we read - * in krb5_c_random_os_entropy. Use the same value as Yarrow (without using a - * Yarrow constant), so that we don't read too much from /dev/random. - */ -#define ENTROPY_BUFSIZE 20 -#else -#define ENTROPY_BUFSIZE YARROW_SLOW_THRESH/8 /* SHA1 digest length*/ -#endif - /* Used by PRNG implementations to gather OS entropy. Returns true on * success. */ krb5_boolean k5_get_os_entropy(unsigned char *buf, size_t len); diff --git a/src/lib/crypto/krb/prng/yarrow/ASSUMPTIONS b/src/lib/crypto/krb/prng/yarrow/ASSUMPTIONS deleted file mode 100644 index 3e3c99c49..000000000 --- a/src/lib/crypto/krb/prng/yarrow/ASSUMPTIONS +++ /dev/null @@ -1,101 +0,0 @@ -Assumptions -=========== - -The Yarrow design, described in "Yarrow-160: Notes on the Design and -Analysis of the Yarrow Cryptographic Pseudonumber Generator" by John -Kelsey, Bruce Schneier and Niels Ferguson of Counterpane Systems -(available from http://www.counterpane.com/yarrow.html), left out some -implementation details and has some ambiguities in the protocol. ZKS -has to made some assumptions and taken some decisions in its -implementation of Yarrow. In the text, `we' represents ZKS. - -Here is the list of those assumptions: - -1) To simplify the code and speed up running time, we limit the number -of different sources to 20. This should be enough for most -applications. This can be changed by redefining YARROW_MAX_SOURCE in -yarrow.h. - -2) The Yarrow paper (in section 5.3) state that Pt is either -implementation dependent or dynamically adjusted. We chose to fix the -slow pool's Pt to 100 and the fast pool's Pt to 10. This can be -changed by redefining YARROW_FAST_PT and YARROW_SLOW_PT in yarrow.c. - -3) Initialization when there is no saved state is not discussed in the -Yarrow paper. We have defined that CPRNG is becomes seeded after a -slow reseed. During initialization, a slow reseed is triggered by -YARROW_K_OF_N_INIT_THRESH sources reaching the slow threshold -YARROW_SLOW_INIT_THRESH. During initialization, fast reseeds are -triggered when a source reaches the fast threshold -YARROW_FAST_INIT_THRESH. After reseed the behavior of the pools is -controlled by YARROW_K_OF_N_THRESH, YARROW_SLOW_THRESH and -YARROW_FAST_THRESH. - -Our default values for YARROW_K_OF_N_INIT_THRESH, -YARROW_SLOW_INIT_THRESH and YARROW_FAST_INIT_THRESH are the same as -YARROW_K_OF_N_THRESH, YARROW_SLOW_THRESH and YARROW_FAST_THRESH -respectively. Note this means that a Yarrow_Poll call by itself can -never put us in an initialized state, as it only works on one pool, -and the default YARROW_K_OF_N_INIT_THRESH value is 2. - -4) We define a function Yarrow_Poll which can gather entropy. The -user must allocate a source_id, and call Yarrow_Poll manually. -Yarrow_Poll just adds samples from the machines state to the source -given as an argument. - -5) Prior to initialization, Yarrow_Output will fail. - -6) The actions to take on state load are not described in the yarrow -paper, all it says is that 2k bytes should be written (and by -implication read back in somehow). We read in the 2k bytes, hash -them into the fast pool, and then do a forced fast reseed, and an -immediate state save. - -7) In step 2 of the reseed process, we must hash the value i. The -representation of this integer will affect the hash value. In our -code, i is a 64-bit unsigned value. We update the hash context using -the 64 bit big endian representation of i. - -8) Yarrow outputs random bits in blocks. If the calling function -requests less bits than available, then the unused bits are kept -in memory until the next call. In case of a reseed, we chose to -discard those leftover bits. - -9) The samples from one source must alternate between the two pools. -As a default, we initialize the first pool to send the sample too to -be the fast pool. This initialization is done only when a source is -added, not when we reseed from one. - -10) The Yarrow paper states that the maximum number of outputs between -reseeding is limited to min(2^n,2^(k/3)*Pg), but does not explain -what is to happen when this limit is reached. It could be the case -that we reach the limit but there is not enough entropy in the pools -to reseed. In our code, the Yarrow_Output_Block will do a forced -fast reseed. - -11) In the Yarrow paper, the limit on the number of outputs between -reseeding is expressed in number of outputs: - -#oututs <= min(2^n, 2^(k/3).Pg) - -but we redefine it in terms of gates by dividing the numbers by Pg, -the number of outputs per gate, and counting the number of gates -instead. This makes an overflow a little less likely. - -We don't use a bignum library, so in event of overflow, the limit in -number of gates before reseed (y->gates_limit) is reduced down to -2^64-1 (or 2^32-1 if 64 bit ints aren't available on the platform). - -12) The Yarrow paper describes that the cipher block C should be -incremented as part of the output function. We treat the bytes -of C as a big endian number to do the increment. - -13) Triple-DES key size. The yarrow paper uses the letter k to -represent the keysize in bits. Due to the parity bits, the size of k -is 192 bits. However the effective key size is actually 168 bits, as -the value of k is used in security limits, k must be 168 bits. The -paper uses k (eg set K to the next k output bits), so we have to do -the parity padding function, to copy bits 0-6 to 0-7, 7-13 to 8-15 -etc. The macro DES_Init performs the function of doing a DES key -schedule from a packed key (no parity bits), internally doing the -parity padding. Other ciphers are simpler as there is no parity. diff --git a/src/lib/crypto/krb/prng/yarrow/LICENSE b/src/lib/crypto/krb/prng/yarrow/LICENSE deleted file mode 100644 index c85475d7e..000000000 --- a/src/lib/crypto/krb/prng/yarrow/LICENSE +++ /dev/null @@ -1,21 +0,0 @@ -Copyright 2000 by Zero-Knowledge Systems, Inc. - -Permission to use, copy, modify, distribute, and sell this software -and its documentation for any purpose is hereby granted without fee, -provided that the above copyright notice appear in all copies and that -both that copyright notice and this permission notice appear in -supporting documentation, and that the name of Zero-Knowledge Systems, -Inc. not be used in advertising or publicity pertaining to -distribution of the software without specific, written prior -permission. Zero-Knowledge Systems, Inc. makes no representations -about the suitability of this software for any purpose. It is -provided "as is" without express or implied warranty. - -ZERO-KNOWLEDGE SYSTEMS, INC. DISCLAIMS ALL WARRANTIES WITH REGARD TO -THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND -FITNESS, IN NO EVENT SHALL ZERO-KNOWLEDGE SYSTEMS, INC. BE LIABLE FOR -ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTUOUS ACTION, ARISING OUT -OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - diff --git a/src/lib/crypto/krb/prng/yarrow/Makefile.in b/src/lib/crypto/krb/prng/yarrow/Makefile.in deleted file mode 100644 index 3ecb64a4f..000000000 --- a/src/lib/crypto/krb/prng/yarrow/Makefile.in +++ /dev/null @@ -1,42 +0,0 @@ -mydir=lib$(S)crypto$(S)krb$(S)prng$(S)yarrow -BUILDTOP=$(REL)..$(S)..$(S)..$(S)..$(S).. -LOCALINCLUDES = -I$(srcdir)/.. -I$(srcdir)/../.. \ - -I$(srcdir)/../../../$(CRYPTO_IMPL) \ - -I$(srcdir)/../../../$(CRYPTO_IMPL)/sha1 \ - -I$(srcdir)/../../../$(CRYPTO_IMPL)/enc_provider -DEFS= - -##DOS##BUILDTOP = ..\..\..\..\.. -##DOS##PREFIXDIR = krb\prng\yarrow -##DOS##OBJFILE = ..\..\..\$(OUTPRE)yarrow.lst - -PROG_LIBPATH=-L$(TOPLIBD) -PROG_RPATH=$(KRB5_LIBDIR) - -STLIBOBJS= \ - prng_yarrow.o \ - yarrow.o \ - ycipher.o -OBJS= \ - $(OUTPRE)prng_yarrow.$(OBJEXT) \ - $(OUTPRE)yarrow.$(OBJEXT) \ - $(OUTPRE)ycipher.$(OBJEXT) - -SRCS=\ - $(srcdir)/prng_yarrow.c \ - $(srcdir)/yarrow.c \ - $(srcdir)/ycipher.c - -##DOS##LIBOBJS = $(OBJS) - -all-unix:: all-libobjs - -includes:: depend - -depend:: $(SRCS) - -clean-unix:: clean-libobjs - -@lib_frag@ -@libobj_frag@ - diff --git a/src/lib/crypto/krb/prng/yarrow/README b/src/lib/crypto/krb/prng/yarrow/README deleted file mode 100644 index 3dd4b801a..000000000 --- a/src/lib/crypto/krb/prng/yarrow/README +++ /dev/null @@ -1,94 +0,0 @@ -Yarrow - Secure Pseudo-Random Number Generator -============================================== - -This is an implementation of the cryptographic pseudo-random number -generator Yarrow. You are encouraged to use, modify, and incorporate -this code. Please see the accompanying LICENSE file for more details. - - -Yarrow can be used with OpenSSL 0.9.5a (http://www.openssl.org) and -other cryptographic libraries. - -The Yarrow design is described in "Yarrow-160: Notes on the Design and -Analysis of the Yarrow Cryptographic Pseudorandom Number Generator" by -John Kelsey, Bruce Schneier and Niels Ferguson of Counterpane Systems, -available from http://www.counterpane.com/yarrow.html - -The Yarrow function calls are described in the yarrow(3) manpage. - -Installation -============ - -By default, Yarrow is built with OpenSSL. If the OpenSSL headers are -not installed in the standard directory /usr/local/ssl/include, -set the path in the Makefile. - -If it is possible that an application using Yarrow will fork(), Yarrow -must be compiled with -DYARROW_DETECT_FORK (then the child process -will have to seed Yarrow again), or the Yarrow_CTX must be allocated -in shared memory. - -If compiled with -DYARROW_SAVE_STATE, Yarrow will use a seed file -specified in the Yarrow_Init call. - -When the settings in the Makefile are correct, run "make". - - -Yarrow with OpenSSL: -------------------- - -The macros YARROW_CIPHER_3DES (default), YARROW_CIPHER_BLOWFISH and -YARROW_CIPHER_IDEA for ciphers and YARROW_HASH_SHA1 (default) and -YARROW_HASH_MD5 for hash functions are available to select algorithms -from OpenSSL. - -CRYPTO_set_locking_callback() is required in multithreaded applications. - - -Yarrow with other cryptographic libraries: ------------------------------------------ - -The Yarrow implementation uses a symmetric cipher, a cryptographic -hash function and a mutex. By default, Yarrow calls OpenSSL. For use -with other cryptographic libraries, the following types and macros -should be defined: - -Symmetric cipher - ycipher.h: - - typedef struct { ... } CIPHER_CTX; - - #define CIPHER_BLOCK_SIZE ... - #define CIPHER_KEY_SIZE ... - - void CIPHER_Init(CIPHER_CTX *ctx, void *key); - void CIPHER_Encrypt_Block(CIPHER_CTX *ctx, void *in, void *out); - -Hash function - yhash.h: - - typedef struct { ... } HASH_CTX; - - #define HASH_DIGEST_SIZE ... - #define HASH_STATE_SIZE ... - - void HASH_Init(HASH_CTX *ctx); - void HASH_Update(HASH_CTX *ctx, const void *data, unsigned long size); - void HASH_Final(HASH_CTX *ctx, unsigned char *md); - -Mutex - ylock.h: - - int LOCK(void); - int UNLOCK(void); - -Learn More: ----------- - -It is Zero-Knowledge's hope that third party developers of yarrow will -collaborate to derive test vectors for yarrow. In an effort to further -this discussion, we have created a mailing list for developers and -interested parties. To subscribe, send an email to -"yarrow-request@zeroknowledge.com" with "subscribe" in the body of the -message. - -For more information, or if you have questions or comments regarding open -source at Zero-Knowledge Systems, please visit -http://opensource.zeroknowledge.com diff --git a/src/lib/crypto/krb/prng/yarrow/TODO b/src/lib/crypto/krb/prng/yarrow/TODO deleted file mode 100644 index bd133ecfd..000000000 --- a/src/lib/crypto/krb/prng/yarrow/TODO +++ /dev/null @@ -1,9 +0,0 @@ -open issues: - -* when should the initial seed be considered complete? -* poll system ressources for randomness on startup? -* how frequently should the PRNG state be saved? -* how to react to fork()? -* what should the seed file contain, how should it be processed? -* test fork() hack -* test openSSL locks in multi-threaded environment diff --git a/src/lib/crypto/krb/prng/yarrow/deps b/src/lib/crypto/krb/prng/yarrow/deps deleted file mode 100644 index cf1b4a237..000000000 --- a/src/lib/crypto/krb/prng/yarrow/deps +++ /dev/null @@ -1,44 +0,0 @@ -# -# Generated makefile dependencies follow. -# -prng_yarrow.so prng_yarrow.po $(OUTPRE)prng_yarrow.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(srcdir)/../../../builtin/enc_provider/enc_provider.h \ - $(srcdir)/../../../builtin/sha1/shs.h $(srcdir)/../../../builtin/yhash.h \ - $(srcdir)/../prng.h $(top_srcdir)/include/k5-buf.h \ - $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ - $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ - $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ - $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ - $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ - $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \ - $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h prng_yarrow.c \ - yarrow.h ycipher.h ytypes.h -yarrow.so yarrow.po $(OUTPRE)yarrow.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../../builtin/sha1/shs.h \ - $(srcdir)/../../../builtin/yhash.h $(top_srcdir)/include/k5-buf.h \ - $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ - $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ - $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ - $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ - $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ - $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \ - $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h yarrow.c yarrow.h \ - ycipher.h yexcep.h ylock.h ystate.h ytypes.h -ycipher.so ycipher.po $(OUTPRE)ycipher.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../../builtin/enc_provider/enc_provider.h \ - $(srcdir)/../../../builtin/sha1/shs.h $(srcdir)/../../../builtin/yhash.h \ - $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ - $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ - $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ - $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ - $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ - $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \ - $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \ - $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ - yarrow.h ycipher.c ycipher.h ytypes.h diff --git a/src/lib/crypto/krb/prng/yarrow/prng_yarrow.c b/src/lib/crypto/krb/prng/yarrow/prng_yarrow.c deleted file mode 100644 index d1f0e7f8a..000000000 --- a/src/lib/crypto/krb/prng/yarrow/prng_yarrow.c +++ /dev/null @@ -1,138 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* - * prng_yarrow.c - * - * Copyright (C) 2001, 2002, 2004, 2007, 2008, 2010 by the Massachusetts Institute of Technology. - * All rights reserved. - * - * - * Export of this software from the United States of America may require - * a specific license from the United States Government. It is the - * responsibility of any person or organization contemplating export to - * obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "prng.h" -#include "enc_provider.h" -#include -#include "k5-thread.h" - -#include "yarrow.h" -static Yarrow_CTX y_ctx; -#define yarrow_lock krb5int_yarrow_lock -k5_mutex_t yarrow_lock = K5_MUTEX_PARTIAL_INITIALIZER; - -/* Helper function to estimate entropy based on sample length - * and where it comes from. - */ - -static size_t -entropy_estimate(unsigned int randsource, size_t length) -{ - switch (randsource) { - case KRB5_C_RANDSOURCE_OLDAPI: - return 4 * length; - case KRB5_C_RANDSOURCE_OSRAND: - return 8 * length; - case KRB5_C_RANDSOURCE_TRUSTEDPARTY: - return 4 * length; - case KRB5_C_RANDSOURCE_TIMING: - return 2; - case KRB5_C_RANDSOURCE_EXTERNAL_PROTOCOL: - return 0; - default: - abort(); - } - return 0; -} - -static int -yarrow_init(void) -{ - unsigned i, source_id; - int yerr; - - yerr = k5_mutex_finish_init(&yarrow_lock); - if (yerr) - return yerr; - - yerr = krb5int_yarrow_init (&y_ctx, NULL); - if (yerr != YARROW_OK && yerr != YARROW_NOT_SEEDED) - return KRB5_CRYPTO_INTERNAL; - - for (i=0; i < KRB5_C_RANDSOURCE_MAX; i++ ) { - if (krb5int_yarrow_new_source(&y_ctx, &source_id) != YARROW_OK) - return KRB5_CRYPTO_INTERNAL; - assert (source_id == i); - } - - return 0; -} - -static krb5_error_code -yarrow_add_entropy(krb5_context context, unsigned int randsource, - const krb5_data *data) -{ - int yerr; - /* Make sure the mutex got initialized. */ - yerr = krb5int_crypto_init(); - if (yerr) - return yerr; - /* Now, finally, feed in the data. */ - yerr = krb5int_yarrow_input(&y_ctx, randsource, - data->data, data->length, - entropy_estimate(randsource, data->length)); - if (yerr != YARROW_OK) - return KRB5_CRYPTO_INTERNAL; - return 0; -} -/* -static krb5_error_code -yarrow_seed(krb5_context context, krb5_data *data) -{ - return yarrow_add_entropy(context, KRB5_C_RANDSOURCE_OLDAPI, data); -} -*/ -static krb5_error_code -yarrow_make_octets(krb5_context context, krb5_data *data) -{ - int yerr; - yerr = krb5int_yarrow_output(&y_ctx, data->data, data->length); - if (yerr == YARROW_NOT_SEEDED) { - yerr = krb5int_yarrow_reseed(&y_ctx, YARROW_SLOW_POOL); - if (yerr == YARROW_OK) - yerr = krb5int_yarrow_output(&y_ctx, data->data, data->length); - } - if (yerr != YARROW_OK) - return KRB5_CRYPTO_INTERNAL; - return 0; -} - -static void -yarrow_cleanup (void) -{ - krb5int_yarrow_final (&y_ctx); - k5_mutex_destroy(&yarrow_lock); -} - -const struct krb5_prng_provider krb5int_prng_yarrow = { - "yarrow", - yarrow_make_octets, - yarrow_add_entropy, - yarrow_init, - yarrow_cleanup -}; diff --git a/src/lib/crypto/krb/prng/yarrow/yarrow.c b/src/lib/crypto/krb/prng/yarrow/yarrow.c deleted file mode 100644 index 2eacd936b..000000000 --- a/src/lib/crypto/krb/prng/yarrow/yarrow.c +++ /dev/null @@ -1,959 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ - -/* - * Yarrow - Cryptographic Pseudo-Random Number Generator - * Copyright (c) 2000 Zero-Knowledge Systems, Inc. - * - * Permission to use, copy, modify, distribute, and sell this software - * and its documentation for any purpose is hereby granted without fee, - * provided that the above copyright notice appear in all copies and that - * both that copyright notice and this permission notice appear in - * supporting documentation, and that the name of Zero-Knowledge Systems, - * Inc. not be used in advertising or publicity pertaining to - * distribution of the software without specific, written prior - * permission. Zero-Knowledge Systems, Inc. makes no representations - * about the suitability of this software for any purpose. It is - * provided "as is" without express or implied warranty. - * - * See the accompanying LICENSE file for more information. - */ - -#include "k5-int.h" - -#include -#include -#ifdef _WIN32 -#include "port-sockets.h" -#else -# include -# include -#endif -#if !defined(YARROW_NO_MATHLIB) -#include -#endif - -#define YARROW_IMPL -#include "yarrow.h" -#include "ycipher.h" -#include "ylock.h" -#include "ystate.h" -#include "yexcep.h" - -#if defined( YARROW_DEBUG ) || defined( YARROW_TRACE ) -# include -#endif - -#undef TRACE -#if defined( YARROW_TRACE ) -extern int yarrow_verbose; -#define TRACE( x ) do { if (yarrow_verbose) { x } } while (0) -#else -#define TRACE( x ) -#endif - -#if defined(macintosh) -# define make_big_endian32(x) (x) -#else -# define make_big_endian32(x) htonl(x) -#endif - -#if defined( YARROW_DEBUG ) -static void hex_print(FILE* f, const char* var, void* data, size_t size); -#endif - -static void block_increment( void* block, const int sz ); -#if defined( YARROW_SAVE_STATE ) -static int Yarrow_Load_State( Yarrow_CTX *y ); -static int Yarrow_Save_State( Yarrow_CTX *y ); -#endif - -static int yarrow_gate_locked(Yarrow_CTX* y); - -static const byte zero_block[CIPHER_BLOCK_SIZE] = { 0, }; - -static const char* const yarrow_str_error[] = { - "ok", - "failed", - "failed: uninitialized", - "failed: already initialized", - "failed: no driver", - "failed: can't open driver", - "failed: invalid source id", - "failed: no more source ids available", - "failed: invalid argument", - "failed: insufficient privileges", - "failed: out of memory", - "failed: resource exhausted", - "failed: not enough entropy to generate output", - "failed: locking error", - "failed: no state to load", - "failed: state load or save failed", - "failed: not implemented" -}; - -/* calculate limits after initialization */ - -static void krb5int_yarrow_init_Limits(Yarrow_CTX* y) -{ - double tmp1, tmp2, limit; - /* max number of gates between reseeds -> exceed this, do forced reseed */ - - /* #oututs <= min(2^n, 2^(k/3).Pg) */ - - /* => #gates <= min(2^n/Pg, 2^(k/3)) */ - - tmp1 = POW_CIPHER_BLOCK_SIZE / y->Pg; - tmp2 = POW_CIPHER_KEY_SIZE; - limit = min(tmp1, tmp2); - if (limit < COUNTER_MAX) - { - y->gates_limit = limit; - } - else - { - y->gates_limit = COUNTER_MAX; - } -} - -static int yarrow_reseed_locked( Yarrow_CTX* y, int pool ); - -/* if the program was forked, the child must not operate on the same - PRNG state */ -#ifdef YARROW_DETECT_FORK - -static int -yarrow_input_locked( Yarrow_CTX* y, unsigned source_id, - const void *sample, - size_t size, size_t entropy_bits ); - -static int Yarrow_detect_fork(Yarrow_CTX *y) -{ - pid_t newpid; - EXCEP_DECL; - - /* this does not work for multi-threaded apps if threads have different - * pids */ - newpid = getpid(); - if ( y->pid != newpid ) - { - /* we input the pid twice, so it will get into the fast pool at least once - * Then we reseed. This doesn't really increase entropy, but does make the - * streams distinct assuming we already have good entropy*/ - y->pid = newpid; - TRY (yarrow_input_locked (y, 0, &newpid, - sizeof (newpid), 0)); - TRY (yarrow_input_locked (y, 0, &newpid, - sizeof (newpid), 0)); - TRY (yarrow_reseed_locked (y, YARROW_FAST_POOL)); - } - -CATCH: - EXCEP_RET; -} - -#else - -#define Yarrow_detect_fork(x) (YARROW_OK) - -#endif - -static void Yarrow_Make_Seeded( Yarrow_CTX* y ) -{ - TRACE( printf( "SEEDED," ); ); - y->seeded = 1; - - /* now we are seeded switch to _THRESH values */ - - y->slow_thresh = YARROW_SLOW_THRESH; - y->fast_thresh = YARROW_FAST_THRESH; - y->slow_k_of_n_thresh = YARROW_K_OF_N_THRESH; -} - -YARROW_DLL -int krb5int_yarrow_init(Yarrow_CTX* y, const char *filename) -{ - EXCEP_DECL; - int locked = 0; - - if (!y) { THROW( YARROW_BAD_ARG ); } - TRY( LOCK() ); - locked = 1; - - y->seeded = 0; - y->saved = 0; - -#if defined( YARROW_DETECT_FORK ) - y->pid = getpid(); -#endif - - y->entropyfile = filename; - y->num_sources = 0; - mem_zero(y->C, sizeof(y->C)); - HASH_Init(&y->pool[YARROW_FAST_POOL]); - HASH_Init(&y->pool[YARROW_SLOW_POOL]); - - mem_zero(y->K, sizeof(y->K)); - - mem_zero(&y->cipher, sizeof(y->cipher)); - - TRY (krb5int_yarrow_cipher_init(&y->cipher, y->K)); - y->out_left = 0; - y->out_count = 0; - y->gate_count = 0; - y->Pg = YARROW_OUTPUTS_PER_GATE; - y->Pt[YARROW_FAST_POOL] = YARROW_FAST_PT; - y->Pt[YARROW_SLOW_POOL] = YARROW_SLOW_PT; - y->slow_k_of_n = 0; - - /* start with INIT_THRESH values, after seeded, switch to THRESH values */ - - y->slow_thresh = YARROW_SLOW_INIT_THRESH; - y->fast_thresh = YARROW_FAST_INIT_THRESH; - y->slow_k_of_n_thresh = YARROW_K_OF_N_INIT_THRESH; - - krb5int_yarrow_init_Limits(y); - -#if defined( YARROW_SAVE_STATE ) - if ( y->entropyfile != NULL ) - { - int ret = Yarrow_Load_State( y ); - if ( ret != YARROW_OK && ret != YARROW_NO_STATE ) - { - THROW( ret ); - } - - /* if load suceeded then write new state back immediately - */ - - /* Also check that it's not already saved, because the reseed in - * Yarrow_Load_State may trigger a save - */ - - if ( ret == YARROW_OK && !y->saved ) - { - TRY( Yarrow_Save_State( y ) ); - } - } -#endif - - if ( !y->seeded ) - { - THROW( YARROW_NOT_SEEDED ); - } - -CATCH: - if ( locked ) { TRY( UNLOCK() ); } - EXCEP_RET; -} - -static -int yarrow_input_maybe_locking( Yarrow_CTX* y, unsigned source_id, - const void* sample, - size_t size, size_t entropy_bits, - int do_lock ) -{ - EXCEP_DECL; - int ret; - int locked = 0; - Source* source; - size_t new_entropy; - size_t estimate; - - if (do_lock) { - TRY( LOCK() ); - locked = 1; - } - k5_assert_locked(&krb5int_yarrow_lock); - - if (!y) { THROW( YARROW_BAD_ARG ); } - - if (source_id >= y->num_sources) { THROW( YARROW_BAD_SOURCE ); } - - source = &y->source[source_id]; - - if(source->pool != YARROW_FAST_POOL && source->pool != YARROW_SLOW_POOL) - { - THROW( YARROW_BAD_SOURCE ); - } - - /* hash in the sample */ - - HASH_Update(&y->pool[source->pool], (const void*)sample, size); - - /* only update entropy estimate if pool is not full */ - - if ( (source->pool == YARROW_FAST_POOL && - source->entropy[source->pool] < y->fast_thresh) || - (source->pool == YARROW_SLOW_POOL && - source->entropy[source->pool] < y->slow_thresh) ) - { - new_entropy = min(entropy_bits, size * 8 * YARROW_ENTROPY_MULTIPLIER); - if (source->estimator) - { - estimate = source->estimator(sample, size); - new_entropy = min(new_entropy, estimate); - } - source->entropy[source->pool] += new_entropy; - if ( source->entropy[source->pool] > YARROW_POOL_SIZE ) - { - source->entropy[source->pool] = YARROW_POOL_SIZE; - } - - if (source->pool == YARROW_FAST_POOL) - { - if (source->entropy[YARROW_FAST_POOL] >= y->fast_thresh) - { - ret = yarrow_reseed_locked(y, YARROW_FAST_POOL); - if ( ret != YARROW_OK && ret != YARROW_NOT_SEEDED ) - { - THROW( ret ); - } - } - } - else - { - if (!source->reached_slow_thresh && - source->entropy[YARROW_SLOW_POOL] >= y->slow_thresh) - { - source->reached_slow_thresh = 1; - y->slow_k_of_n++; - if (y->slow_k_of_n >= y->slow_k_of_n_thresh) - { - y->slow_k_of_n = 0; - ret = yarrow_reseed_locked(y, YARROW_SLOW_POOL); - if ( ret != YARROW_OK && ret != YARROW_NOT_SEEDED ) - { - THROW( ret ); - } - } - } - } - } - - /* put samples in alternate pools */ - - source->pool = (source->pool + 1) % 2; - -CATCH: - if ( locked ) { TRY( UNLOCK() ); } - EXCEP_RET; -} - -YARROW_DLL -int krb5int_yarrow_input( Yarrow_CTX* y, unsigned source_id, - const void* sample, - size_t size, size_t entropy_bits ) -{ - return yarrow_input_maybe_locking(y, source_id, sample, size, - entropy_bits, 1); -} - -static int -yarrow_input_locked( Yarrow_CTX* y, unsigned source_id, - const void *sample, - size_t size, size_t entropy_bits ) -{ - return yarrow_input_maybe_locking(y, source_id, sample, size, - entropy_bits, 0); -} - -YARROW_DLL -int krb5int_yarrow_new_source(Yarrow_CTX* y, unsigned* source_id) -{ - EXCEP_DECL; - int locked = 0; - Source* source; - - if (!y) { THROW( YARROW_BAD_ARG ); } - - TRY( LOCK() ); - locked = 1; - - if (y->num_sources + 1 > YARROW_MAX_SOURCES) - { - THROW( YARROW_TOO_MANY_SOURCES ); - } - - *source_id = y->num_sources; - - source = &y->source[*source_id]; - - source->pool = YARROW_FAST_POOL; - source->entropy[YARROW_FAST_POOL] = 0; - source->entropy[YARROW_SLOW_POOL] = 0; - source->reached_slow_thresh = 0; - source->estimator = 0; - - y->num_sources++; -CATCH: - if ( locked ) { TRY( UNLOCK() ); } - EXCEP_RET; -} - -int krb5int_yarrow_register_source_estimator(Yarrow_CTX* y, unsigned source_id, - estimator_fn* fptr) -{ - EXCEP_DECL; - Source* source; - - if (!y) { THROW( YARROW_BAD_ARG ); } - if (source_id >= y->num_sources) { THROW( YARROW_BAD_SOURCE ); } - - source = &y->source[source_id]; - - source->estimator = fptr; - -CATCH: - EXCEP_RET; -} - -static int krb5int_yarrow_output_Block( Yarrow_CTX* y, void* out ) -{ - EXCEP_DECL; - - if (!y || !out) { THROW( YARROW_BAD_ARG ); } - - TRACE( printf( "OUT," ); ); - - /* perform a gate function after Pg outputs */ - - y->out_count++; - if (y->out_count >= y->Pg) - { - y->out_count = 0; - TRY( yarrow_gate_locked( y ) ); - - /* require new seed after reaching gates_limit */ - - y->gate_count++; - if ( y->gate_count >= y->gates_limit ) - { - y->gate_count = 0; - - /* not defined whether to do slow or fast reseed */ - - TRACE( printf( "OUTPUT LIMIT REACHED," ); ); - - TRY( yarrow_reseed_locked( y, YARROW_SLOW_POOL ) ); - } - } - - /* C <- (C + 1) mod 2^n */ - - block_increment( y->C, CIPHER_BLOCK_SIZE ); - - /* R <- E_k(C) */ - - TRY ( krb5int_yarrow_cipher_encrypt_block ( &y->cipher, y->C, out )); - -#if defined(YARROW_DEBUG) - printf("===\n"); - hex_print( stdout, "output: C", y->C, CIPHER_BLOCK_SIZE ); - hex_print( stdout, "output: K", y->K, CIPHER_KEY_SIZE ); - hex_print( stdout, "output: O", out, CIPHER_BLOCK_SIZE ); -#endif -CATCH: - EXCEP_RET; -} - -YARROW_DLL -int krb5int_yarrow_status( Yarrow_CTX* y, int *num_sources, unsigned *source_id, - size_t *entropy_bits, size_t *entropy_max ) -{ - EXCEP_DECL; - int num = y->slow_k_of_n_thresh; - int source = -1; - size_t emax = y->slow_thresh; - size_t entropy = 0; - unsigned i; - - if (!y) { THROW( YARROW_BAD_ARG ); } - TRY( Yarrow_detect_fork( y ) ); - - if (num_sources) { *num_sources = num; } - if (source_id) { *source_id = -1; } - if (entropy_bits) { *entropy_bits = 0; } - if (entropy_max) { *entropy_max = emax; } - - if (y->seeded) - { - if (num_sources) { *num_sources = 0; } - if (entropy_bits) { *entropy_bits = emax; } - THROW( YARROW_OK ); - } - - for (i = 0; i < y->num_sources; i++) - { - if (y->source[i].entropy[YARROW_SLOW_POOL] >= y->slow_thresh) - { - num--; - } - else if (y->source[i].entropy[YARROW_SLOW_POOL] > entropy) - { - source = i; - entropy = y->source[i].entropy[YARROW_SLOW_POOL]; - } - } - - if (num_sources) { *num_sources = num; } - if (source_id) { *source_id = source; } - if (entropy_bits) { *entropy_bits = entropy; } - THROW( YARROW_NOT_SEEDED ); - -CATCH: - EXCEP_RET; -} - -static int yarrow_output_locked(Yarrow_CTX*, void*, size_t); - -YARROW_DLL -int krb5int_yarrow_output( Yarrow_CTX* y, void* out, size_t size ) -{ - EXCEP_DECL; - TRY( LOCK() ); - TRY( yarrow_output_locked(y, out, size)); -CATCH: - UNLOCK(); - EXCEP_RET; -} - -static -int yarrow_output_locked( Yarrow_CTX* y, void* out, size_t size ) -{ - EXCEP_DECL; - size_t left; - char* outp; - size_t use; - - if (!y || !out) { THROW( YARROW_BAD_ARG ); } - TRY( Yarrow_detect_fork( y ) ); - - if (!y->seeded) { THROW( YARROW_NOT_SEEDED ); } - - left = size; - outp = out; - - if (y->out_left > 0) - { - use = min(left, y->out_left); - mem_copy(outp, y->out + CIPHER_BLOCK_SIZE - y->out_left, use); - left -= use; - y->out_left -= use; - outp += use; - } - - for ( ; - left >= CIPHER_BLOCK_SIZE; - left -= CIPHER_BLOCK_SIZE, outp += CIPHER_BLOCK_SIZE) - { - TRY( krb5int_yarrow_output_Block(y, outp) ); - } - - if (left > 0) - { - TRY( krb5int_yarrow_output_Block(y, y->out) ); - mem_copy(outp, y->out, left); - y->out_left = CIPHER_BLOCK_SIZE - left; - } - -CATCH: - EXCEP_RET; -} - -static int yarrow_gate_locked(Yarrow_CTX* y) -{ - EXCEP_DECL; - byte new_K[CIPHER_KEY_SIZE]; - - if (!y) { THROW( YARROW_BAD_ARG ); } - - TRACE( printf( "GATE[" ); ); - - /* K <- Next k bits of PRNG output */ - - TRY( yarrow_output_locked(y, new_K, CIPHER_KEY_SIZE) ); - mem_copy(y->K, new_K, CIPHER_KEY_SIZE); - - /* need to resetup the key schedule as the key has changed */ - - TRY (krb5int_yarrow_cipher_init(&y->cipher, y->K)); - -CATCH: - TRACE( printf( "]," ); ); - mem_zero(new_K, sizeof(new_K)); - EXCEP_RET; -} - -int krb5int_yarrow_gate(Yarrow_CTX* y) -{ - EXCEP_DECL; - byte new_K[CIPHER_KEY_SIZE]; - - if (!y) { THROW( YARROW_BAD_ARG ); } - - TRACE( printf( "GATE[" ); ); - - /* K <- Next k bits of PRNG output */ - - TRY( krb5int_yarrow_output(y, new_K, CIPHER_KEY_SIZE) ); - mem_copy(y->K, new_K, CIPHER_KEY_SIZE); - - /* need to resetup the key schedule as the key has changed */ - - TRY (krb5int_yarrow_cipher_init(&y->cipher, y->K)); - -CATCH: - TRACE( printf( "]," ); ); - mem_zero(new_K, sizeof(new_K)); - EXCEP_RET; -} - -#if defined( YARROW_SAVE_STATE ) -static int Yarrow_Load_State( Yarrow_CTX *y ) -{ - EXCEP_DECL; - Yarrow_STATE state; - - if ( !y ) { THROW( YARROW_BAD_ARG ); } - - if ( y->entropyfile ) - { - TRY( STATE_Load(y->entropyfile, &state) ); - TRACE( printf( "LOAD STATE," ); ); - -#if defined( YARROW_DEBUG ) - hex_print( stderr, "state.load", state.seed, sizeof(state.seed)); -#endif - - /* what to do here is not defined by the Yarrow paper */ - /* this is a place holder until we get some clarification */ - - HASH_Update( &y->pool[YARROW_FAST_POOL], - state.seed, sizeof(state.seed) ); - - Yarrow_Make_Seeded( y ); - - TRY( krb5int_yarrow_reseed(y, YARROW_FAST_POOL) ); - } -CATCH: - mem_zero(state.seed, sizeof(state.seed)); - EXCEP_RET; -} - -static int Yarrow_Save_State( Yarrow_CTX *y ) -{ - EXCEP_DECL; - Yarrow_STATE state; - - if ( !y ) { THROW( YARROW_BAD_ARG ); } - - if ( y->entropyfile && y->seeded ) - { - TRACE( printf( "SAVE STATE[" ); ); - TRY( krb5int_yarrow_output( y, state.seed, sizeof(state.seed) ) ); - TRY( STATE_Save(y->entropyfile, &state) ); - } - y->saved = 1; -# if defined(YARROW_DEBUG) - hex_print(stdout, "state.save", state.seed, sizeof(state.seed)); -# endif - -CATCH: - TRACE( printf( "]," ); ); - mem_zero(state.seed, sizeof(state.seed)); - EXCEP_RET; -} - -#endif - -static int yarrow_reseed_locked(Yarrow_CTX* y, int pool) -{ - EXCEP_DECL; - HASH_CTX* fast_pool; - HASH_CTX* slow_pool; - byte digest[HASH_DIGEST_SIZE]; - HASH_CTX hash; - byte v_0[HASH_DIGEST_SIZE]; - byte v_i[HASH_DIGEST_SIZE]; - krb5_ui_4 big_endian_int32; - COUNTER i; - - k5_assert_locked(&krb5int_yarrow_lock); - if (!y) { THROW( YARROW_BAD_ARG ); } - fast_pool = &y->pool[YARROW_FAST_POOL]; - slow_pool = &y->pool[YARROW_SLOW_POOL]; - if( pool != YARROW_FAST_POOL && pool != YARROW_SLOW_POOL ) - { - THROW( YARROW_BAD_ARG ); - } - - TRACE( printf( "%s RESEED,", - pool == YARROW_SLOW_POOL ? "SLOW" : "FAST" ); ); - - if (pool == YARROW_SLOW_POOL) - { - /* SLOW RESEED */ - - /* feed hash of slow pool into the fast pool */ - - - HASH_Final(slow_pool, digest); - - /* Each pool contains the running hash of all inputs fed into it - * since it was last used to carry out a reseed -- this implies - * that the pool must be reinitialized after a reseed - */ - - HASH_Init(slow_pool); /* reinitialize slow pool */ - HASH_Update(fast_pool, digest, sizeof(digest)); - - if (y->seeded == 0) - { - Yarrow_Make_Seeded( y ); - } - } - - /* step 1. v_0 <- hash of all inputs into fast pool */ - - HASH_Final(fast_pool, &v_0); - HASH_Init(fast_pool); /* reinitialize fast pool */ - - /* v_i <- v_0 */ - - mem_copy( v_i, v_0, sizeof(v_0) ); - - /* step 2. v_i = h(v_{i-1}|v_0|i) for i = 1,..,Pt */ - - /* note: this code has to work for Pt = 0 also */ - - for ( i = 0; i < y->Pt[pool]; i++ ) - { - HASH_Init(&hash); - HASH_Update(&hash, v_i, sizeof(v_i)); - HASH_Update(&hash, v_0, sizeof(v_0)); - big_endian_int32 = make_big_endian32(0); /* MS word */ - HASH_Update(&hash, &big_endian_int32, sizeof(krb5_ui_4)); - big_endian_int32 = make_big_endian32(i & 0xFFFFFFFF); /* LS word */ - HASH_Update(&hash, &big_endian_int32, sizeof(krb5_ui_4)); - HASH_Final(&hash, &v_i); - } - - /* step3. K = h'(h(v_Pt|K)) */ - - /* t = h(v_Pt|K) */ - - HASH_Init(&hash); - HASH_Update(&hash, v_i, sizeof(v_i)); - HASH_Update(&hash, y->K, sizeof(y->K)); - HASH_Final(&hash, v_i); - -#if defined(YARROW_DEBUG) - hex_print(stdout, "old K", y->K, sizeof(y->K)); -#endif - /* K <- h'(t) */ - - TRY( krb5int_yarrow_stretch(v_i, HASH_DIGEST_SIZE, y->K, CIPHER_KEY_SIZE) ); - - /* need to resetup the key schedule as the key has changed */ - - TRY(krb5int_yarrow_cipher_init(&y->cipher, y->K)); - -#if defined(YARROW_DEBUG) - hex_print(stdout, "new K", y->K, sizeof(y->K)); -#endif - - /* step 4. C <- E_k(0) */ - -#if defined(YARROW_DEBUG) - hex_print(stdout, "old C", y->C, sizeof(y->C)); -#endif - TRY (krb5int_yarrow_cipher_encrypt_block (&y->cipher, zero_block, y->C)); -#if defined(YARROW_DEBUG) - hex_print(stdout, "new C", y->C, sizeof(y->C)); -#endif - - /* discard part output from previous key */ - - y->out_left = 0; - - /* step 5. Reset all entropy estimate accumulators of the entropy - * accumulator to zero - */ - - for (i = 0; i < y->num_sources; i++) - { - y->source[i].entropy[pool] = 0; - if (pool == YARROW_SLOW_POOL) - { - /* if this is a slow reseed, reset the fast pool entropy - * accumulator also - */ - y->source[i].entropy[YARROW_FAST_POOL] = 0; - y->source[i].reached_slow_thresh = 0; - } - } - - /* step 7. If a seed file is in use, the next 2k bits of output - * are written to the seed file - */ - -#if defined( YARROW_SAVE_STATE ) - if ( y->seeded && y->entropyfile ) - { - TRY( Yarrow_Save_State( y ) ); - } -#endif - -CATCH: - /* step 6. Wipe the memory of all intermediate values - * - */ - - mem_zero( digest, sizeof(digest) ); - mem_zero( &hash, sizeof(hash) ); - mem_zero( v_0, sizeof(v_0) ); - mem_zero( v_i, sizeof(v_i) ); - - EXCEP_RET; -} -int krb5int_yarrow_reseed(Yarrow_CTX* y, int pool) -{ - int r; - LOCK(); - r = yarrow_reseed_locked(y, pool); - UNLOCK(); - return r; -} - -int krb5int_yarrow_stretch(const byte* m, size_t size, byte* out, size_t out_size) -{ - EXCEP_DECL; - const byte* s_i; - byte* outp; - int left; - unsigned int use; - HASH_CTX hash, save; - byte digest[HASH_DIGEST_SIZE]; - - if (m == NULL || size == 0 || out == NULL || out_size == 0) - { - THROW( YARROW_BAD_ARG ); - } - - /* - * s_0 = m - * s_1 = h(s_0 | ... | s_{i-1}) - * - * h'(m, k) = first k bits of (s_0 | s_1 | ...) - * - */ - - outp = out; - left = out_size; - - use = min(out_size, size); - mem_copy(outp, m, use); /* get k bits or as many as available */ - - s_i = (const byte*)m; /* pointer to s0 = m */ - outp += use; - left -= use; - - HASH_Init(&hash); - for ( ; - left > 0; - left -= HASH_DIGEST_SIZE) - { - HASH_Update(&hash, s_i, use); - - /* have to save hash state to one side as HASH_final changes state */ - - mem_copy(&save, &hash, sizeof(hash)); - HASH_Final(&hash, digest); - - use = min(HASH_DIGEST_SIZE, left); - mem_copy(outp, digest, use); - - /* put state back for next time */ - - mem_copy(&hash, &save, sizeof(hash)); - - s_i = outp; /* retain pointer to s_i */ - outp += use; - } - -CATCH: - mem_zero(&hash, sizeof(hash)); - mem_zero(digest, sizeof(digest)); - - EXCEP_RET; -} - -static void block_increment(void* block, const int sz) -{ - byte* b = block; - int i; - - for (i = sz-1; (++b[i]) == 0 && i > 0; i--) - { - ; /* nothing */ - } -} - -YARROW_DLL -int krb5int_yarrow_final(Yarrow_CTX* y) -{ - EXCEP_DECL; - int locked = 0; - - if (!y) { THROW( YARROW_BAD_ARG ); } - TRY( LOCK() ); - locked = 1; - -#if defined( YARROW_SAVE_STATE ) - if ( y->seeded && y->entropyfile ) - { - TRY( Yarrow_Save_State( y ) ); - } -#endif - -CATCH: - if ( y ) - { - krb5int_yarrow_cipher_final(&y->cipher); - mem_zero( y, sizeof(Yarrow_CTX) ); - } - if ( locked ) { TRY( UNLOCK() ); } - EXCEP_RET; -} - -YARROW_DLL -const char* krb5int_yarrow_str_error( int err ) -{ - err = 1-err; - if ( err < 0 || - (unsigned int) err >= sizeof( yarrow_str_error ) / sizeof( char* ) ) - { - err = 1-YARROW_FAIL; - } - return yarrow_str_error[ err ]; -} - -#if defined(YARROW_DEBUG) -static void hex_print(FILE* f, const char* var, void* data, size_t size) -{ - const char* conv = "0123456789abcdef"; - size_t i; - char* p = (char*) data; - char c, d; - - fprintf(f, var); - fprintf(f, " = "); - for (i = 0; i < size; i++) - { - c = conv[(p[i] >> 4) & 0xf]; - d = conv[p[i] & 0xf]; - fprintf(f, "%c%c", c, d); - } - fprintf(f, "\n"); -} -#endif diff --git a/src/lib/crypto/krb/prng/yarrow/yarrow.h b/src/lib/crypto/krb/prng/yarrow/yarrow.h deleted file mode 100644 index 02abfaf8d..000000000 --- a/src/lib/crypto/krb/prng/yarrow/yarrow.h +++ /dev/null @@ -1,188 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ - -#ifndef YARROW_H -#define YARROW_H - -#ifdef HAVE_UNISTD_H -#define YARROW_DETECT_FORK -#include -#endif -#define YARROW_NO_MATHLIB - -#include "ytypes.h" -#include -#include "ycipher.h" - -extern const struct krb5_prng_provider krb5int_prng_yarrow; - -/* These error codes are returned by the functions below. */ - -#define YARROW_OK 1 /* All is well */ -#define YARROW_FAIL 0 /* generic failure */ -#define YARROW_NOT_INIT -1 /* YarrowInit hasn't been called */ -#define YARROW_ALREADY_INIT -2 /* YarrowInit has already been called */ -#define YARROW_NO_DRIVER -3 /* driver doesn't exist */ -#define YARROW_CANT_OPEN -4 /* can't open driver */ -#define YARROW_BAD_SOURCE -5 /* invalid source id */ -#define YARROW_TOO_MANY_SOURCES -6 /* can't create any more source ids */ -#define YARROW_BAD_ARG -7 /* invalid argument */ -#define YARROW_ACCESS -8 /* insufficient privileges */ -#define YARROW_NOMEM -9 /* out of memory */ -#define YARROW_NORSRC -10 /* a resource is exhausted */ -#define YARROW_NOT_SEEDED -11 /* not enough entropy to generate output */ -#define YARROW_LOCKING -12 /* locking error */ -#define YARROW_NO_STATE -13 /* there is no state to load */ -#define YARROW_STATE_ERROR -14 /* error with state load or save */ -#define YARROW_NOT_IMPL -15 /* not implemented */ - -#ifdef __cplusplus -extern "C" { -#endif - -/* Yarrow implementation and configuration parameters */ - -/* pool identification */ -#define YARROW_FAST_POOL 0 -#define YARROW_SLOW_POOL 1 - -#define YARROW_MAX_SOURCES 20 -#define YARROW_ENTROPY_MULTIPLIER 0.5 - -#define YARROW_POOL_SIZE (HASH_DIGEST_SIZE*8) - -#define YARROW_OUTPUTS_PER_GATE 10 /* Pg */ -#define YARROW_FAST_PT 10 -#define YARROW_SLOW_PT 100 - -/* thresholds to use once seeded */ - -#define YARROW_FAST_THRESH 100 -#define YARROW_SLOW_THRESH 160 -#define YARROW_K_OF_N_THRESH 2 - -/* The Yarrow paper does not specify when the initial seed should be - considered complete. Use the same conditions as a slow reseed */ - -#define YARROW_FAST_INIT_THRESH YARROW_FAST_THRESH -#define YARROW_SLOW_INIT_THRESH YARROW_SLOW_THRESH -#define YARROW_K_OF_N_INIT_THRESH YARROW_K_OF_N_THRESH - -/* sanity checks */ - -#if YARROW_FAST_THRESH > YARROW_POOL_SIZE -error "can't have higher YARROW_FAST_THRESH than pool size" -#endif - -#if YARROW_SLOW_THRESH > YARROW_POOL_SIZE -error "can't have higher YARROW_SLOW_THRESH than pool size" -#endif - -#if YARROW_FAST_INIT_THRESH > YARROW_POOL_SIZE -error "can't have higher YARROW_FAST_INIT_THRESH than pool size" -#endif - -#if YARROW_SLOW_INIT_THRESH > YARROW_POOL_SIZE -error "can't have higher YARROW_SLOW_INIT_THRESH than pool size" -#endif - -typedef size_t estimator_fn(const void* sample, size_t size); - -typedef struct -{ - int pool; - size_t entropy[2]; - int reached_slow_thresh; - estimator_fn* estimator; -} Source; - -typedef struct -{ - /* state */ - int seeded; - int saved; -#if defined( YARROW_DETECT_FORK ) - int pid; -#endif - Source source[YARROW_MAX_SOURCES]; - unsigned num_sources; - HASH_CTX pool[2]; - byte out[CIPHER_BLOCK_SIZE]; - unsigned out_left; - COUNTER out_count; - COUNTER gate_count; - COUNTER gates_limit; - byte C[CIPHER_BLOCK_SIZE]; - CIPHER_CTX cipher; - byte K[CIPHER_KEY_SIZE]; - - const char *entropyfile; - - /* parameters */ - COUNTER Pt[2]; - COUNTER Pg; - int slow_k_of_n; - - /* current thresholds */ - size_t slow_thresh; - size_t fast_thresh; - int slow_k_of_n_thresh; -} Yarrow_CTX; - -# define YARROW_DLL - - -YARROW_DLL -int krb5int_yarrow_init( Yarrow_CTX* y, const char *filename ); - - -YARROW_DLL -int krb5int_yarrow_input( Yarrow_CTX* y, unsigned source_id, - const void* sample, - size_t size, size_t entropy_bits ); - -YARROW_DLL -int krb5int_yarrow_status( Yarrow_CTX* y, int *num_sources, unsigned *source_id, - size_t *entropy_bits, size_t *entropy_max ); - -YARROW_DLL -int krb5int_yarrow_output( Yarrow_CTX* y, void* out, size_t size ); - -YARROW_DLL -int krb5int_yarrow_new_source( Yarrow_CTX* y, unsigned* source_id ); - -YARROW_DLL -int krb5int_yarrow_register_source_estimator( Yarrow_CTX* y, unsigned source_id, - estimator_fn* fptr ); - -YARROW_DLL -int krb5int_yarrow_stretch( const byte* m, size_t size, byte* out, size_t out_size ); - -YARROW_DLL -int krb5int_yarrow_reseed( Yarrow_CTX* y, int pool ); - -YARROW_DLL -int krb5int_yarrow_gate( Yarrow_CTX* y ); - -YARROW_DLL -int krb5int_yarrow_final( Yarrow_CTX* y ); - -YARROW_DLL -const char* krb5int_yarrow_str_error( int ); - - -# define mem_zero(p, n) memset((p), 0, (n)) -# define mem_copy(d, s, n) memcpy((d), (s), (n)) - - -#if !defined(WIN32) -# define min(x, y) ((x) < (y) ? (x) : (y)) -# define max(x, y) ((x) > (y) ? (x) : (y)) -#endif - - - -#ifdef __cplusplus -} -#endif - -#endif /* YARROW_H */ diff --git a/src/lib/crypto/krb/prng/yarrow/yarrow.man b/src/lib/crypto/krb/prng/yarrow/yarrow.man deleted file mode 100644 index a65b4e05c..000000000 --- a/src/lib/crypto/krb/prng/yarrow/yarrow.man +++ /dev/null @@ -1,315 +0,0 @@ -.rn '' }` -''' $RCSfile$$Revision$$Date$ -''' -''' $Log$ -''' Revision 1.1 2001/11/08 21:51:57 hartmans -''' Add Yarrow from http://www.zeroknowledge.com/. -''' -''' This is version 0.1 of their Yarrow implementation. I have flattened the distribution, -''' copying files in the src directory directly into this directory. -''' -''' Revision 1.1.2.1 2000/08/13 21:11:24 adamb -''' added some more assumptions -''' included yarrow.man derived from yarrow.pod with pod2man -''' -''' -.de Sh -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp -.if t .sp .5v -.if n .sp -.. -.de Ip -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb -.ft CW -.nf -.ne \\$1 -.. -.de Ve -.ft R - -.fi -.. -''' -''' -''' Set up \*(-- to give an unbreakable dash; -''' string Tr holds user defined translation string. -''' Bell System Logo is used as a dummy character. -''' -.tr \(*W-|\(bv\*(Tr -.ie n \{\ -.ds -- \(*W- -.ds PI pi -.if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -.if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -.ds L" "" -.ds R" "" -''' \*(M", \*(S", \*(N" and \*(T" are the equivalent of -''' \*(L" and \*(R", except that they are used on ".xx" lines, -''' such as .IP and .SH, which do another additional levels of -''' double-quote interpretation -.ds M" """ -.ds S" """ -.ds N" """"" -.ds T" """"" -.ds L' ' -.ds R' ' -.ds M' ' -.ds S' ' -.ds N' ' -.ds T' ' -'br\} -.el\{\ -.ds -- \(em\| -.tr \*(Tr -.ds L" `` -.ds R" '' -.ds M" `` -.ds S" '' -.ds N" `` -.ds T" '' -.ds L' ` -.ds R' ' -.ds M' ` -.ds S' ' -.ds N' ` -.ds T' ' -.ds PI \(*p -'br\} -.\" If the F register is turned on, we'll generate -.\" index entries out stderr for the following things: -.\" TH Title -.\" SH Header -.\" Sh Subsection -.\" Ip Item -.\" X<> Xref (embedded -.\" Of course, you have to process the output yourself -.\" in some meaninful fashion. -.if \nF \{ -.de IX -.tm Index:\\$1\t\\n%\t"\\$2" -.. -.nr % 0 -.rr F -.\} -.TH YARROW 1 "perl 5.005, patch 03" "13/Aug/2000" "User Contributed Perl Documentation" -.UC -.if n .hy 0 -.if n .na -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.de CQ \" put $1 in typewriter font -.ft CW -'if n "\c -'if t \\&\\$1\c -'if n \\&\\$1\c -'if n \&" -\\&\\$2 \\$3 \\$4 \\$5 \\$6 \\$7 -'.ft R -.. -.\" @(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2 -. \" AM - accent mark definitions -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds ? ? -. ds ! ! -. ds / -. ds q -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds ? \s-2c\h'-\w'c'u*7/10'\u\h'\*(#H'\zi\d\s+2\h'\w'c'u*8/10' -. ds ! \s-2\(or\s+2\h'-\w'\(or'u'\v'-.8m'.\v'.8m' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -. ds q o\h'-\w'o'u*8/10'\s-4\v'.4m'\z\(*i\v'-.4m'\s+4\h'\w'o'u*8/10' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds v \\k:\h'-(\\n(.wu*9/10-\*(#H)'\v'-\*(#V'\*(#[\s-4v\s0\v'\*(#V'\h'|\\n:u'\*(#] -.ds _ \\k:\h'-(\\n(.wu*9/10-\*(#H+(\*(#F*2/3))'\v'-.4m'\z\(hy\v'.4m'\h'|\\n:u' -.ds . \\k:\h'-(\\n(.wu*8/10)'\v'\*(#V*4/10'\z.\v'-\*(#V*4/10'\h'|\\n:u' -.ds 3 \*(#[\v'.2m'\s-2\&3\s0\v'-.2m'\*(#] -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -.ds oe o\h'-(\w'o'u*4/10)'e -.ds Oe O\h'-(\w'O'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds v \h'-1'\o'\(aa\(ga' -. ds _ \h'-1'^ -. ds . \h'-1'. -. ds 3 3 -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -. ds oe oe -. ds Oe OE -.\} -.rm #[ #] #H #V #F C -.SH "NAME" -Yarrow_Init, Yarrow_Poll, Yarrow_Input, Yarrow_Status, Yarrow_Output, Yarrow_New_Source, Yarrow_Register_Source_Estimator, Yarrow Final \- cryptographic pseudo-random number generator -.SH "SYNOPSIS" -int \fIYarrow_Init\fR\|(Yarrow_CTX *y, const char *filename); -.PP -int \fIYarrow_New_Source\fR\|(Yarrow_CTX* y, unsigned* source_id); -.PP -int \fIYarrow_Poll\fR\|(Yarrow_CTX *y, unsigned source_id) -.PP -int \fIYarrow_Input\fR\|( Yarrow_CTX* y, unsigned source_id, - const void* sample, size_t size, - size_t entropy_bits); -.PP -int \fIYarrow_Status\fR\|(Yarrow_CTX* y, int *num_sources, - unsigned *source_id, size_t *entropy_bits, - size_t *entropy_max); -.PP -int \fIYarrow_Output\fR\|(Yarrow_CTX* y, void* out, size_t size); -.PP -int \fIYarrow_Register_Source_Estimator\fR\|(Yarrow_CTX* y, - unsigned source_id, - size_t (*estimator)(const void* sample, - size_t size)); -.PP -int \fIYarrow_Final\fR\|(Yarrow_CTX* y); -.SH "DESCRIPTION" -\fIYarrow_Init()\fR initializes a \fBYarrow_CTX\fR structure. \fBfilename\fR can -be NULL, or the path to a seed file that Yarrow will use to store the -PRNG state for use in later sessions. Returns \fBYARROW_OK\fR if the -PRNG is seeded on exit, or \fBYARROW_NOT_SEEDED\fR if the PRNG is not yet -seeded. -.PP -\fIYarrow_New_Source()\fR associates entropy sources such as keyboard input, -mouse movements and other unpredictable events with a -\fBYarrow_CTX\fR. The function assigns a unique number to the new source, -and places it in \fBsource_id\fR. -.PP -\fIYarrow_Poll()\fR gathers entropy from the state of the machine and adds -it to the source \fBsource_id\fR. The source has to be allocated by the -user with Yarrow_New_Source. Returns \fBYARROW_OK\fR if the PRNG is -seeded on exit, or \fBYARROW_NOT_SEEDED\fR if the PRNG is not yet seeded. -.PP -\fIYarrow_Input()\fR is used to add randomness from the source \fBsource_id\fR -to the PRNG. It reads \fBsize\fR bytes at the address \fBsample\fR. An -estimate of the entropy in bits contained in the sample must be -specified as \fBentropy_bits\fR. -.PP -\fIYarrow_Status()\fR returns \fBYARROW_OK\fR if the PRNG has enough entropy to -produce output, and \fBYARROW_NOT_SEEDED\fR if calls to \fIYarrow_Output()\fR -would fail. -.PP -If num_sources is not NULL, the number of entropy sources that still -need to be seeded is returned in \fB*num_sources\fR. -.PP -If source_id is not NULL, the entropy source that is closest to its -threshold is returned in \fB*source_id\fR. \fB*source_id\fR is set to \-1 if -no sources have either reached their threshold or not collected any -entropy yet. -.PP -If not NULL, \fB*entropy_bits\fR is set to the current number of bits for -the source \fB*source_id\fR, and \fB*entropy_max\fR to the threshold. -.PP -\fIYarrow_Output()\fR generates \fBsize\fR bytes of cryptographically strong -pseudo-random output and places them at \fBout\fR. The return value must -always be checked. If an error occurs, the PRNG may produce -predictable data or no output at all. -.PP -\fIYarrow_Register_Source_Estimator()\fR registers an entropy estimator -for \fBsource_id\fR. An entropy estimator is a function that tries to -estimate the entropy in a sample and returns the entropy in bits -in order to detect abnormal situations in which the samples have a very -low entropy. -.PP -\fIYarrow_Final()\fR writes the PRNG state to the seed file and erases it -from memory. -.SH "RETURN VALUES" -All functions return \fBYARROW_OK\fR on success. Error conditions are reported -as follows: -.PP -.Vb 16 -\& YARROW_FAIL generic failure -\& YARROW_NOT_INIT YarrowInit() hasn't been called -\& YARROW_ALREADY_INIT YarrowInit() has already been called -\& YARROW_NO_DRIVER driver doesn't exist -\& YARROW_CANT_OPEN can't open driver -\& YARROW_BAD_SOURCE invalid source id -\& YARROW_TOO_MANY_SOURCES can't create any more source IDs -\& YARROW_BAD_ARG invalid argument -\& YARROW_ACCESS insufficient privileges -\& YARROW_NOMEM out of memory -\& YARROW_NORSRC a resource (apart from memory) is exhausted -\& YARROW_NOT_SEEDED not enough entropy to generate output -\& YARROW_LOCKING locking error -\& YARROW_NO_STATE there is no state to load -\& YARROW_STATE_ERROR error with state load or save -\& YARROW_NOT_IMPL not implemented -.Ve -.SH "AUTHORS" -Yarrow was designed by John Kelsey, Bruce Schneier and Niels Ferguson -of Counterpane Systems. This implementation is (C) 2000 by -Zero-Knowledge Systems Inc. - -.rn }` '' -.IX Title "YARROW 1" -.IX Name "Yarrow_Init, Yarrow_Poll, Yarrow_Input, Yarrow_Status, Yarrow_Output, Yarrow_New_Source, Yarrow_Register_Source_Estimator, Yarrow Final - cryptographic pseudo-random number generator" - -.IX Header "NAME" - -.IX Header "SYNOPSIS" - -.IX Header "DESCRIPTION" - -.IX Header "RETURN VALUES" - -.IX Header "AUTHORS" - diff --git a/src/lib/crypto/krb/prng/yarrow/yarrow.pod b/src/lib/crypto/krb/prng/yarrow/yarrow.pod deleted file mode 100644 index 7892ebbe6..000000000 --- a/src/lib/crypto/krb/prng/yarrow/yarrow.pod +++ /dev/null @@ -1,112 +0,0 @@ -=pod - -=head1 NAME - -Yarrow_Init, Yarrow_Poll, Yarrow_Input, Yarrow_Status, Yarrow_Output, Yarrow_New_Source, Yarrow_Register_Source_Estimator, Yarrow Final - cryptographic pseudo-random number generator - -=head1 SYNOPSIS - -int Yarrow_Init(Yarrow_CTX *y, const char *filename); - -int Yarrow_New_Source(Yarrow_CTX* y, unsigned* source_id); - -int Yarrow_Poll(Yarrow_CTX *y, unsigned source_id) - -int Yarrow_Input( Yarrow_CTX* y, unsigned source_id, - const void* sample, size_t size, - size_t entropy_bits); - -int Yarrow_Status(Yarrow_CTX* y, int *num_sources, - unsigned *source_id, size_t *entropy_bits, - size_t *entropy_max); - -int Yarrow_Output(Yarrow_CTX* y, void* out, size_t size); - -int Yarrow_Register_Source_Estimator(Yarrow_CTX* y, - unsigned source_id, - size_t (*estimator)(const void* sample, - size_t size)); - -int Yarrow_Final(Yarrow_CTX* y); - -=head1 DESCRIPTION - -Yarrow_Init() initializes a B structure. B can -be NULL, or the path to a seed file that Yarrow will use to store the -PRNG state for use in later sessions. Returns B if the -PRNG is seeded on exit, or B if the PRNG is not yet -seeded. - -Yarrow_New_Source() associates entropy sources such as keyboard input, -mouse movements and other unpredictable events with a -B. The function assigns a unique number to the new source, -and places it in B. - -Yarrow_Poll() gathers entropy from the state of the machine and adds -it to the source B. The source has to be allocated by the -user with Yarrow_New_Source. Returns B if the PRNG is -seeded on exit, or B if the PRNG is not yet seeded. - -Yarrow_Input() is used to add randomness from the source B -to the PRNG. It reads B bytes at the address B. An -estimate of the entropy in bits contained in the sample must be -specified as B. - -Yarrow_Status() returns B if the PRNG has enough entropy to -produce output, and B if calls to Yarrow_Output() -would fail. - -If num_sources is not NULL, the number of entropy sources that still -need to be seeded is returned in B<*num_sources>. - -If source_id is not NULL, the entropy source that is closest to its -threshold is returned in B<*source_id>. B<*source_id> is set to -1 if -no sources have either reached their threshold or not collected any -entropy yet. - -If not NULL, B<*entropy_bits> is set to the current number of bits for -the source B<*source_id>, and B<*entropy_max> to the threshold. - -Yarrow_Output() generates B bytes of cryptographically strong -pseudo-random output and places them at B. The return value must -always be checked. If an error occurs, the PRNG may produce -predictable data or no output at all. - -Yarrow_Register_Source_Estimator() registers an entropy estimator -for B. An entropy estimator is a function that tries to -estimate the entropy in a sample and returns the entropy in bits -in order to detect abnormal situations in which the samples have a very -low entropy. - -Yarrow_Final() writes the PRNG state to the seed file and erases it -from memory. - -=head1 RETURN VALUES - -All functions return B on success. Error conditions are reported -as follows: - - YARROW_FAIL generic failure - YARROW_NOT_INIT YarrowInit() hasn't been called - YARROW_ALREADY_INIT YarrowInit() has already been called - YARROW_NO_DRIVER driver doesn't exist - YARROW_CANT_OPEN can't open driver - YARROW_BAD_SOURCE invalid source id - YARROW_TOO_MANY_SOURCES can't create any more source IDs - YARROW_BAD_ARG invalid argument - YARROW_ACCESS insufficient privileges - YARROW_NOMEM out of memory - YARROW_NORSRC a resource (apart from memory) is exhausted - YARROW_NOT_SEEDED not enough entropy to generate output - YARROW_LOCKING locking error - YARROW_NO_STATE there is no state to load - YARROW_STATE_ERROR error with state load or save - YARROW_NOT_IMPL not implemented - -=head1 AUTHORS - -Yarrow was designed by John Kelsey, Bruce Schneier and Niels Ferguson -of Counterpane Systems. This implementation is (C) 2000 by -Zero-Knowledge Systems Inc. - -=cut diff --git a/src/lib/crypto/krb/prng/yarrow/ycipher.c b/src/lib/crypto/krb/prng/yarrow/ycipher.c deleted file mode 100644 index 7222d94c5..000000000 --- a/src/lib/crypto/krb/prng/yarrow/ycipher.c +++ /dev/null @@ -1,89 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* - * lib/crypto/yarrow/ycipher.c - * - * Copyright (C) 2001, 2007 by the Massachusetts Institute of Technology. - * All rights reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * - * Routines to implement krb5 cipher operations. - */ -#include "k5-int.h" -#include "yarrow.h" -#include "ycipher.h" -#include "enc_provider.h" -#include "assert.h" - -int -krb5int_yarrow_cipher_init(CIPHER_CTX *ctx, unsigned const char * key) -{ - size_t keybytes, keylength; - const struct krb5_enc_provider *enc = &yarrow_enc_provider; - krb5_error_code ret; - krb5_data randombits; - krb5_keyblock keyblock; - - keybytes = enc->keybytes; - keylength = enc->keylength; - assert (keybytes == CIPHER_KEY_SIZE); - krb5_k_free_key(NULL, ctx->key); - ctx->key = NULL; - keyblock.contents = malloc(keylength); - keyblock.length = keylength; - keyblock.enctype = yarrow_enc_type; - if (keyblock.contents == NULL) - return (YARROW_NOMEM); - randombits.data = (char *) key; - randombits.length = keybytes; - ret = enc->make_key(&randombits, &keyblock); - if (ret != 0) - goto cleanup; - ret = krb5_k_create_key(NULL, &keyblock, &ctx->key); -cleanup: - free(keyblock.contents); - if (ret) - return YARROW_FAIL; - return YARROW_OK; -} - -int krb5int_yarrow_cipher_encrypt_block(CIPHER_CTX *ctx, - const unsigned char *in, - unsigned char *out) -{ - krb5_error_code ret; - krb5_crypto_iov iov; - const struct krb5_enc_provider *enc = &yarrow_enc_provider; - - memcpy(out, in, CIPHER_BLOCK_SIZE); - iov.flags = KRB5_CRYPTO_TYPE_DATA; - iov.data = make_data(out, CIPHER_BLOCK_SIZE); - ret = enc->encrypt(ctx->key, 0, &iov, 1); - return (ret == 0) ? YARROW_OK : YARROW_FAIL; -} - -void -krb5int_yarrow_cipher_final(CIPHER_CTX *ctx) -{ - krb5_k_free_key(NULL, ctx->key); - ctx->key = NULL; -} diff --git a/src/lib/crypto/krb/prng/yarrow/ycipher.h b/src/lib/crypto/krb/prng/yarrow/ycipher.h deleted file mode 100644 index 4d7dc9dfd..000000000 --- a/src/lib/crypto/krb/prng/yarrow/ycipher.h +++ /dev/null @@ -1,43 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ - -#ifndef YCIPHER_H -#define YCIPHER_H - -/* block cipher interface */ - -typedef struct -{ - krb5_key key; -} CIPHER_CTX; - -/* We need to choose a cipher. To do this, choose an enc_provider. - * Be sure to update the block size and key size constants below; - * they are here because static data structures are sized based on - * them so they must be known at compile time./ Thus we cannot - * call the enc_provider function to get the info. - */ - -#define yarrow_enc_provider krb5int_enc_aes256 -#define yarrow_enc_type ENCTYPE_AES256_CTS_HMAC_SHA1_96 - -#define CIPHER_BLOCK_SIZE 16 -#define CIPHER_KEY_SIZE 32 - -#if defined( YARROW_NO_MATHLIB ) -/* see macros at end for functions evaluated */ -#define POW_CIPHER_KEY_SIZE 115792089237316195423570985008687907853269984665640564039457584007913129639936.0 -#define POW_CIPHER_BLOCK_SIZE 340282366920938463463374607431768211456.0 -#endif - - -int krb5int_yarrow_cipher_init (CIPHER_CTX *ctx, unsigned const char *key); -int krb5int_yarrow_cipher_encrypt_block -(CIPHER_CTX *ctx, const unsigned char *in, unsigned char *out); -void krb5int_yarrow_cipher_final (CIPHER_CTX *ctx); - -#if !defined( YARROW_NO_MATHLIB ) -#define POW_CIPHER_KEY_SIZE pow(2.0, CIPHER_KEY_SIZE * 8 / 3.0) -#define POW_CIPHER_BLOCK_SIZE pow(2.0, CIPHER_BLOCK_SIZE * 8) -#endif - -#endif /* YCIPHER_H */ diff --git a/src/lib/crypto/krb/prng/yarrow/yexcep.h b/src/lib/crypto/krb/prng/yarrow/yexcep.h deleted file mode 100644 index f76f650e0..000000000 --- a/src/lib/crypto/krb/prng/yarrow/yexcep.h +++ /dev/null @@ -1,107 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ - -#ifndef YEXCEP_H -#define YEXCEP_H - -/* yes, macros with gotos in them, but in the interests of - * avoiding repetition of code, and having less error prone - * error handling - * - * EXCEP_DECL - declares the return value and local state variables - * needed by the exception macros - * - * THROW( x ) - set return value to x and goto function cleanup - * section (CATCH: block). In the catch block, THROW - * does not goto catch label to avoid loops, and instead - * falls through to the next statement. - * - * EXCEP_OK - success return value (=1) - * - * EXCEP_FAIL - failure return value (=0), other user exceptions are - * given negative values (<0) - * - * TRY( x ) - if code returns value <= 0 TRY sets return value to - * that value and goes to function cleanup section - * (CATCH: block). In the catch block, TRY does not goto - * the catch label to avoid loops, and instead - * falls through to the next statement. The - * return value is set to the first non success value - * returned by a TRY, unless this is overridden by a THROW. - * - * CATCH: - start of catch block, also switches behavior of - * TRY and THROW to not goto CATCH: inside the catch - * block to avoid loops - * - * EXCEP_RET - return the current return value from the function - * equivlanet to return (EXCEPTION) - * - * EXCEPTION - current return value, is set to EXCEP_OK by EXCEP_DECL - * - * EXCEP_BOOL - convert current return value to EXCEP_OK, or EXCEP_FAIL - * (EXCEP_FAIL is anything other than EXCEP_OK) - * - */ - -/* example usage */ - -/* - * - * #define EXCEP_OK_COMMENT 2 - * #define EXCEP_NULL_PTR -1 - * #define EXCEP_OUT_OF_MEM -2 - * - * int bar( char *c ) - * { - * EXCEP_DECL; - * - * if ( !c ) { THROW( EXCEP_NULL_PTR ); } - * if ( *c == '\0' ) { THROW( EXCEP_FAIL ); ); - * if ( *c == '#' ) { SET( EXCEP_COMMENT ); } - * CATCH: - * EXCEP_RET; - * } - * - * int foo( char *c ) - * { - * EXCEP_DECL; - * int *p = NULL; - * - * if ( !c ) { THROW( EXCEP_NULL_PTR ); } - * TRY( bar( c ) ); - * if ( RETURN == EXCEP_COMMENT ) { print( "comment\n" ); } - * p = strdup( c ); - * if ( !p ) { THROW( EXCEP_OUT_OF_MEM ); } - * - * CATCH: - * if ( p ) { TRY( bar( p ) ); free( p ); } - * THROW( EXCEP_BOOL ); - * if ( EXCEPTION == EXCEP_OK ) { printf( "success\n" ); } - * EXCEP_RET; - * } - * - */ - -#define EXCEP_FAIL 0 -#define EXCEP_OK 1 -#define EXCEP_DECL int _thr = 0, _ret2 = 0, _ret = _ret2+EXCEP_OK - -#define THROW( x ) \ - do { \ - _ret = (x); \ - if( !_thr ) { goto _catch; } \ - } while ( 0 ) - -#define TRY( x ) \ - do { \ - _ret2 = (x); \ - if ( _ret > 0 && _ret2 <= 0 ) { THROW( _ret2 ); } \ - } while ( 0 ) - -#define SET( x ) (_ret = (x)) -#define EXCEP_RET return( _ret ) -#define EXCEPTION _ret -#define RETURN _ret2 -#define CATCH _catch: _thr = 1; if ( 0 ) { goto _foo; } _foo -#define EXCEP_BOOL ( _ret > 0 ? EXCEP_OK : EXCEP_FAIL ) - -#endif diff --git a/src/lib/crypto/krb/prng/yarrow/ylock.h b/src/lib/crypto/krb/prng/yarrow/ylock.h deleted file mode 100644 index aacf786af..000000000 --- a/src/lib/crypto/krb/prng/yarrow/ylock.h +++ /dev/null @@ -1,24 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ - -#ifndef YLOCK_H -#define YLOCK_H - -#include "yarrow.h" - -/* these functions should return: - * - * YARROW_OK on success - * and YARROW_LOCKING on failure - */ - -#if 0 -static int LOCK( void ) { return (YARROW_OK); } -static int UNLOCK( void ) { return (YARROW_OK); } -#else -#include "k5-thread.h" -extern k5_mutex_t krb5int_yarrow_lock; -#define LOCK() (k5_mutex_lock(&krb5int_yarrow_lock) ? YARROW_LOCKING : YARROW_OK) -#define UNLOCK() (k5_mutex_unlock(&krb5int_yarrow_lock) ? YARROW_LOCKING : YARROW_OK) -#endif - -#endif /* YLOCK_H */ diff --git a/src/lib/crypto/krb/prng/yarrow/ystate.h b/src/lib/crypto/krb/prng/yarrow/ystate.h deleted file mode 100644 index fd277d28a..000000000 --- a/src/lib/crypto/krb/prng/yarrow/ystate.h +++ /dev/null @@ -1,28 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ - -#ifndef YSTATE_H -#define YSTATE_H - -#ifdef YARROW_SAVE_STATE - -#include "ycipher.h" -#include "ytypes.h" - -#ifdef __cplusplus -extern "C" { -#endif - -typedef struct Yarrow_STATE { - byte seed[CIPHER_KEY_SIZE * 2]; /* 2k bits saved to seed file */ -} Yarrow_STATE; - -int STATE_Save( const char *filename, const struct Yarrow_STATE* state ); -int STATE_Load( const char *filename, struct Yarrow_STATE* state ); - -#ifdef __cplusplus -} -#endif - -#endif /* YARROW_SAVE_STATE */ - -#endif /* YSTATE_H */ diff --git a/src/lib/crypto/krb/prng/yarrow/ytypes.h b/src/lib/crypto/krb/prng/yarrow/ytypes.h deleted file mode 100644 index 9abbf8c9d..000000000 --- a/src/lib/crypto/krb/prng/yarrow/ytypes.h +++ /dev/null @@ -1,27 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ - -#ifndef YTYPES_H -#define YTYPES_H - -#include -#include -#include "autoconf.h" -#ifdef HAVE_SYS_TYPES_H -#include -#endif - -#define byte unsigned char - -#define uint8 unsigned char -#define int8 signed char - - -#if defined(uint64) -# define COUNTER uint64 -#else -# define COUNTER krb5_ui_4 -#endif - -#define COUNTER_MAX ((COUNTER)0 - 1) - -#endif /* YTYPES_H */ diff --git a/src/lib/crypto/nss/yhash.h b/src/lib/crypto/nss/yhash.h deleted file mode 100644 index 151818f3a..000000000 --- a/src/lib/crypto/nss/yhash.h +++ /dev/null @@ -1,29 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/crypto/openssl/hash/yhash.h - */ - -#ifndef YHASH_H -#define YHASH_H - -/* hash function interface */ - -/* default to SHA1 for yarrow 160 */ - -#include "shs.h" - - -#define HASH_CTX SHS_INFO -#define HASH_Init(x) shsInit(x) -#define HASH_Update(x, buf, sz) shsUpdate(x, (const void*)buf, sz) - -#define HASH_Final(x, tdigest) do { \ - int loopvar; \ - unsigned char *out2 = (void *)(tdigest); \ - HASH_CTX *ctx = (x); \ - shsFinal(ctx); \ - memcpy(out2, ctx->digestBuf, ctx->digestLen); \ - } while(0) - -#define HASH_DIGEST_SIZE SHS_DIGESTSIZE - -#endif /* YHASH_H */ diff --git a/src/lib/crypto/openssl/yhash.h b/src/lib/crypto/openssl/yhash.h deleted file mode 100644 index 151818f3a..000000000 --- a/src/lib/crypto/openssl/yhash.h +++ /dev/null @@ -1,29 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/crypto/openssl/hash/yhash.h - */ - -#ifndef YHASH_H -#define YHASH_H - -/* hash function interface */ - -/* default to SHA1 for yarrow 160 */ - -#include "shs.h" - - -#define HASH_CTX SHS_INFO -#define HASH_Init(x) shsInit(x) -#define HASH_Update(x, buf, sz) shsUpdate(x, (const void*)buf, sz) - -#define HASH_Final(x, tdigest) do { \ - int loopvar; \ - unsigned char *out2 = (void *)(tdigest); \ - HASH_CTX *ctx = (x); \ - shsFinal(ctx); \ - memcpy(out2, ctx->digestBuf, ctx->digestLen); \ - } while(0) - -#define HASH_DIGEST_SIZE SHS_DIGESTSIZE - -#endif /* YHASH_H */