From nobody Fri Feb 11 05:54:52 2022 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4B7ED19C577D; Fri, 11 Feb 2022 05:54:53 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Jw2rY1MXjz4Wcx; Fri, 11 Feb 2022 05:54:53 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1644558893; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=xLFjuTTFWEvhItX5ZAe/4NUUMx9zH6S1zmwOMTcoEvw=; b=mHc7IjI1cWfPW6CpZw32jTvHyPidMya1mgimcNPzBOHTr7NSRQreecwtGKvP/XX+FPzN9g rKWYohq+VVu4qv5+w5/rwI/CsIxnGmB4mOZNoQ1OLsqPGtvuSCfaXQ6W2qx/2SG1Qtao// BdxGqXe+aRj4Cv+Fmmfo6VCYfoWVmMzaXq0zcLkjqLQ65VSXCRIEfaob8wckuP9eyCSr3/ Ikcw59DvhEXOEj1qH8w/s+x6aVawiNWvtz71K70vJf7ACgmuueBpnDZJbhqS5cyiQOZIYr 9QQjc1mwSzH1XFvkLIcWR/o5+My6c7tr0KbQYfmr5YTvvxsu16XOIR22RrzxnA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 0C6227002; Fri, 11 Feb 2022 05:54:53 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 21B5sqGi051085; Fri, 11 Feb 2022 05:54:52 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 21B5sqaw051084; Fri, 11 Feb 2022 05:54:52 GMT (envelope-from git) Date: Fri, 11 Feb 2022 05:54:52 GMT Message-Id: <202202110554.21B5sqaw051084@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: "David E. O'Brien" Subject: git: 7063329b2fc1 - stable/12 - Fortuna: push CTR-mode loop down into randomdev hash.h interface List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-branches@freebsd.org X-BeenThere: dev-commits-src-branches@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: obrien X-Git-Repository: src X-Git-Refname: refs/heads/stable/12 X-Git-Reftype: branch X-Git-Commit: 7063329b2fc132f3eebe2680ddf41e85c0fe59c5 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1644558893; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=xLFjuTTFWEvhItX5ZAe/4NUUMx9zH6S1zmwOMTcoEvw=; b=b6nkcnaA7Xf3JJZN4UAztMHqS3af19zFHEP/TxfpIxsayclTBjpvkszV7qcOo9eXL96p76 F2ZwytmncyT6wTAs8625a/mBtPt61aoN5m/orGOAcXlNuev6HoESe65mD0eQRhjH+oA1d6 o6zDpLriTmUI1HZ58E40JFmMeQ31fCm7+FfhSeJqhKFGkRLvey6AOCR4VlW1/gU7RXuU57 y5m22NOl9BcVcaq2XOnc7xvvPgQVgC0wnklPr3p3mjUufczGBj8rxB3fQ7S2DDIeObBcNx FQKRrT3GjWRkU/+viO/5mkhIWgk6hhgGSn7aTmJkevxiiDQnxbGxBa9kXdNQZA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1644558893; a=rsa-sha256; cv=none; b=J6IeVT+nyRBKZ9ZEY4rt8I+6bFCsUDVpttR0CAzsy2JnQivGiC0Gd3RQ8WWPVoffFWXVzS cCgcyE2s1In9rHbyFBz5wSaJw9+E/BqbV4NXr/bylzeYiRgHQKp4gGtaBkt3o10dXpODIS eiR2H58SF8TWVT9oUWHZYc0DrbvpPux/l598jgjwYsE8WTMQtYLrDoOkgRKmpLRMoFBNPo aWqX/G3DVSYvMKoU8/5mKjX+4ikyAZxapU6mwYALILLc9R/bb+265hZ7a86DhzeEy4S/1m WyPzlbssUBLxz0pt/ocazvYMEW+XnyFPrD5Kvn4sTKk+SDVQY/7pGz0FaEUAMg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/12 has been updated by obrien: URL: https://cgit.FreeBSD.org/src/commit/?id=7063329b2fc132f3eebe2680ddf41e85c0fe59c5 commit 7063329b2fc132f3eebe2680ddf41e85c0fe59c5 Author: Conrad Meyer AuthorDate: 2019-03-01 19:21:45 +0000 Commit: David E. O'Brien CommitDate: 2022-02-11 05:47:36 +0000 Fortuna: push CTR-mode loop down into randomdev hash.h interface As a step towards adding other potential streaming ciphers. As well as just pushing the loop down into the rijndael APIs (basically 128-bit wide AES-ICM mode) to eliminate some excess explicit_bzero(). No functional change intended. (cherry picked from commit 51c68d18e2580e5a3949b8c1b331125b71325e0b) --- sys/dev/random/fortuna.c | 16 ++++++---------- sys/dev/random/hash.c | 23 ++++++++++++++++++----- sys/dev/random/hash.h | 4 +++- 3 files changed, 27 insertions(+), 16 deletions(-) diff --git a/sys/dev/random/fortuna.c b/sys/dev/random/fortuna.c index 11879831dbbd..31fcab9e89ff 100644 --- a/sys/dev/random/fortuna.c +++ b/sys/dev/random/fortuna.c @@ -301,20 +301,16 @@ random_fortuna_reseed_internal(uint32_t *entropy_data, u_int blockcount) static __inline void random_fortuna_genblocks(uint8_t *buf, u_int blockcount) { - u_int i; RANDOM_RESEED_ASSERT_LOCK_OWNED(); KASSERT(!uint128_is_zero(fortuna_state.fs_counter), ("FS&K: C != 0")); - for (i = 0; i < blockcount; i++) { - /*- - * FS&K - r = r|E(K,C) - * - C = C + 1 - */ - randomdev_encrypt(&fortuna_state.fs_key, &fortuna_state.fs_counter, buf, RANDOM_BLOCKSIZE); - buf += RANDOM_BLOCKSIZE; - uint128_increment(&fortuna_state.fs_counter); - } + /* + * Fills buf with RANDOM_BLOCKSIZE * blockcount bytes of keystream. + * Increments fs_counter as it goes. + */ + randomdev_keystream(&fortuna_state.fs_key, &fortuna_state.fs_counter, + buf, blockcount); } /*- diff --git a/sys/dev/random/hash.c b/sys/dev/random/hash.c index fe52cd68b848..0bad46519f50 100644 --- a/sys/dev/random/hash.c +++ b/sys/dev/random/hash.c @@ -88,13 +88,26 @@ randomdev_encrypt_init(struct randomdev_key *context, const void *data) rijndael_makeKey(&context->key, DIR_ENCRYPT, RANDOM_KEYSIZE*8, data); } -/* Encrypt the supplied data using the key schedule preset in the context. - * bytes are encrypted from <*d_in> to <*d_out>. must be - * a multiple of RANDOM_BLOCKSIZE. +/* + * Create a psuedorandom output stream of 'blockcount' blocks using a CTR-mode + * cipher or similar. The 128-bit counter is supplied in the in-out parmeter + * 'ctr.' The output stream goes to 'd_out.' 'blockcount' RANDOM_BLOCKSIZE + * bytes are generated. */ void -randomdev_encrypt(struct randomdev_key *context, const void *d_in, void *d_out, u_int length) +randomdev_keystream(struct randomdev_key *context, uint128_t *ctr, + void *d_out, u_int blockcount) { + u_int i; - rijndael_blockEncrypt(&context->cipher, &context->key, d_in, length*8, d_out); + for (i = 0; i < blockcount; i++) { + /*- + * FS&K - r = r|E(K,C) + * - C = C + 1 + */ + rijndael_blockEncrypt(&context->cipher, &context->key, + (void *)ctr, RANDOM_BLOCKSIZE * 8, d_out); + d_out = (char *)d_out + RANDOM_BLOCKSIZE; + uint128_increment(ctr); + } } diff --git a/sys/dev/random/hash.h b/sys/dev/random/hash.h index 41dcf9089f0e..ff24d3fb802d 100644 --- a/sys/dev/random/hash.h +++ b/sys/dev/random/hash.h @@ -29,6 +29,8 @@ #ifndef SYS_DEV_RANDOM_HASH_H_INCLUDED #define SYS_DEV_RANDOM_HASH_H_INCLUDED +#include + /* Keys are formed from cipher blocks */ #define RANDOM_KEYSIZE 32 /* (in bytes) == 256 bits */ #define RANDOM_KEYSIZE_WORDS (RANDOM_KEYSIZE/sizeof(uint32_t)) @@ -52,6 +54,6 @@ void randomdev_hash_init(struct randomdev_hash *); void randomdev_hash_iterate(struct randomdev_hash *, const void *, size_t); void randomdev_hash_finish(struct randomdev_hash *, void *); void randomdev_encrypt_init(struct randomdev_key *, const void *); -void randomdev_encrypt(struct randomdev_key *context, const void *, void *, u_int); +void randomdev_keystream(struct randomdev_key *context, uint128_t *, void *, u_int); #endif /* SYS_DEV_RANDOM_HASH_H_INCLUDED */