Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 11 Feb 2022 05:54:52 GMT
From:      "David E. O'Brien" <obrien@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: 7063329b2fc1 - stable/12 - Fortuna: push CTR-mode loop down into randomdev hash.h interface
Message-ID:  <202202110554.21B5sqaw051084@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help
The branch stable/12 has been updated by obrien:

URL: https://cgit.FreeBSD.org/src/commit/?id=7063329b2fc132f3eebe2680ddf41e85c0fe59c5

commit 7063329b2fc132f3eebe2680ddf41e85c0fe59c5
Author:     Conrad Meyer <cem@FreeBSD.org>
AuthorDate: 2019-03-01 19:21:45 +0000
Commit:     David E. O'Brien <obrien@FreeBSD.org>
CommitDate: 2022-02-11 05:47:36 +0000

    Fortuna: push CTR-mode loop down into randomdev hash.h interface
    
    As a step towards adding other potential streaming ciphers.  As well as just
    pushing the loop down into the rijndael APIs (basically 128-bit wide AES-ICM
    mode) to eliminate some excess explicit_bzero().
    
    No functional change intended.
    
    (cherry picked from commit 51c68d18e2580e5a3949b8c1b331125b71325e0b)
---
 sys/dev/random/fortuna.c | 16 ++++++----------
 sys/dev/random/hash.c    | 23 ++++++++++++++++++-----
 sys/dev/random/hash.h    |  4 +++-
 3 files changed, 27 insertions(+), 16 deletions(-)

diff --git a/sys/dev/random/fortuna.c b/sys/dev/random/fortuna.c
index 11879831dbbd..31fcab9e89ff 100644
--- a/sys/dev/random/fortuna.c
+++ b/sys/dev/random/fortuna.c
@@ -301,20 +301,16 @@ random_fortuna_reseed_internal(uint32_t *entropy_data, u_int blockcount)
 static __inline void
 random_fortuna_genblocks(uint8_t *buf, u_int blockcount)
 {
-	u_int i;
 
 	RANDOM_RESEED_ASSERT_LOCK_OWNED();
 	KASSERT(!uint128_is_zero(fortuna_state.fs_counter), ("FS&K: C != 0"));
 
-	for (i = 0; i < blockcount; i++) {
-		/*-
-		 * FS&K - r = r|E(K,C)
-		 *      - C = C + 1
-		 */
-		randomdev_encrypt(&fortuna_state.fs_key, &fortuna_state.fs_counter, buf, RANDOM_BLOCKSIZE);
-		buf += RANDOM_BLOCKSIZE;
-		uint128_increment(&fortuna_state.fs_counter);
-	}
+	/*
+	 * Fills buf with RANDOM_BLOCKSIZE * blockcount bytes of keystream.
+	 * Increments fs_counter as it goes.
+	 */
+	randomdev_keystream(&fortuna_state.fs_key, &fortuna_state.fs_counter,
+	    buf, blockcount);
 }
 
 /*-
diff --git a/sys/dev/random/hash.c b/sys/dev/random/hash.c
index fe52cd68b848..0bad46519f50 100644
--- a/sys/dev/random/hash.c
+++ b/sys/dev/random/hash.c
@@ -88,13 +88,26 @@ randomdev_encrypt_init(struct randomdev_key *context, const void *data)
 	rijndael_makeKey(&context->key, DIR_ENCRYPT, RANDOM_KEYSIZE*8, data);
 }
 
-/* Encrypt the supplied data using the key schedule preset in the context.
- * <length> bytes are encrypted from <*d_in> to <*d_out>. <length> must be
- * a multiple of RANDOM_BLOCKSIZE.
+/*
+ * Create a psuedorandom output stream of 'blockcount' blocks using a CTR-mode
+ * cipher or similar.  The 128-bit counter is supplied in the in-out parmeter
+ * 'ctr.'  The output stream goes to 'd_out.'  'blockcount' RANDOM_BLOCKSIZE
+ * bytes are generated.
  */
 void
-randomdev_encrypt(struct randomdev_key *context, const void *d_in, void *d_out, u_int length)
+randomdev_keystream(struct randomdev_key *context, uint128_t *ctr,
+    void *d_out, u_int blockcount)
 {
+	u_int i;
 
-	rijndael_blockEncrypt(&context->cipher, &context->key, d_in, length*8, d_out);
+	for (i = 0; i < blockcount; i++) {
+		/*-
+		 * FS&K - r = r|E(K,C)
+		 *      - C = C + 1
+		 */
+		rijndael_blockEncrypt(&context->cipher, &context->key,
+		    (void *)ctr, RANDOM_BLOCKSIZE * 8, d_out);
+		d_out = (char *)d_out + RANDOM_BLOCKSIZE;
+		uint128_increment(ctr);
+	}
 }
diff --git a/sys/dev/random/hash.h b/sys/dev/random/hash.h
index 41dcf9089f0e..ff24d3fb802d 100644
--- a/sys/dev/random/hash.h
+++ b/sys/dev/random/hash.h
@@ -29,6 +29,8 @@
 #ifndef SYS_DEV_RANDOM_HASH_H_INCLUDED
 #define	SYS_DEV_RANDOM_HASH_H_INCLUDED
 
+#include <dev/random/uint128.h>
+
 /* Keys are formed from cipher blocks */
 #define	RANDOM_KEYSIZE		32	/* (in bytes) == 256 bits */
 #define	RANDOM_KEYSIZE_WORDS	(RANDOM_KEYSIZE/sizeof(uint32_t))
@@ -52,6 +54,6 @@ void randomdev_hash_init(struct randomdev_hash *);
 void randomdev_hash_iterate(struct randomdev_hash *, const void *, size_t);
 void randomdev_hash_finish(struct randomdev_hash *, void *);
 void randomdev_encrypt_init(struct randomdev_key *, const void *);
-void randomdev_encrypt(struct randomdev_key *context, const void *, void *, u_int);
+void randomdev_keystream(struct randomdev_key *context, uint128_t *, void *, u_int);
 
 #endif /* SYS_DEV_RANDOM_HASH_H_INCLUDED */



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202202110554.21B5sqaw051084>