vcs.maemo.org Git - keepassx/blob - src/crypto/yarrow.h

   1 /***************************************************************************
   2  *   The yarrow pseudo-randomness genrator                                 *
   3  *   extracted from nettle, the low-level cryptographics library           *
   4  *                                                                         *
   5  *   Copyright (C) 2007 Tarek Saidi <tarek.saidi@arcor.de>                 *
   6  *   Copyright (C) 2001 Niels Müler                                        *
   7  *                                                                         *
   8  *   This program is free software; you can redistribute it and/or modify  *
   9  *   it under the terms of the GNU General Public License as published by  *
  10  *   the Free Software Foundation; version 2 of the License.               *
  11  *                                                                         *
  12  *   This program is distributed in the hope that it will be useful,       *
  13  *   but WITHOUT ANY WARRANTY; without even the implied warranty of        *
  14  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
  15  *   GNU General Public License for more details.                          *
  16  *                                                                         *
  17  *   You should have received a copy of the GNU General Public License     *
  18  *   along with this program; if not, write to the                         *
  19  *   Free Software Foundation, Inc.,                                       *
  20  *   59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
  21  ***************************************************************************/
  22
  23
  24 #ifndef NETTLE_YARROW_COMPAT_H_INCLUDED
  25 #define NETTLE_YARROW_COMPAT_H_INCLUDED
  26
  27 #include "aes.h"
  28 #include "sha256.h"
  29
  30 /* Name mangling */
  31 #define yarrow256_init nettle_yarrow256_init
  32 #define yarrow256_seed nettle_yarrow256_seed
  33 #define yarrow256_update nettle_yarrow256_update
  34 #define yarrow256_random nettle_yarrow256_random
  35 #define yarrow256_is_seeded nettle_yarrow256_is_seeded
  36 #define yarrow256_needed_sources nettle_yarrow256_needed_sources
  37 #define yarrow256_force_reseed nettle_yarrow256_force_reseed
  38 #define yarrow_key_event_init nettle_yarrow_key_event_init
  39 #define yarrow_key_event_estimate nettle_yarrow_key_event_estimate
  40
  41 enum yarrow_pool_id { YARROW_FAST = 0, YARROW_SLOW = 1 };
  42
  43 struct yarrow_source
  44 {
  45   /* Indexed by yarrow_pool_id */
  46   quint32 estimate[2];
  47
  48   /* The pool next sample should go to. */
  49   enum yarrow_pool_id next;
  50 };
  51
  52
  53 #define YARROW256_SEED_FILE_SIZE (2 * AES_BLOCK_SIZE)
  54
  55 /* Yarrow-256, based on SHA-256 and AES-256 */
  56 struct yarrow256_ctx
  57 {
  58   /* Indexed by yarrow_pool_id */
  59   sha256_context pools[2];
  60
  61   quint8 seed_file[YARROW256_SEED_FILE_SIZE];
  62
  63   int seeded;
  64
  65   /* The current key and counter block */
  66   aes_encrypt_ctx key;
  67   quint8 counter[AES_BLOCK_SIZE];
  68
  69   /* The entropy sources */
  70   unsigned nsources;
  71   struct yarrow_source *sources;
  72 };
  73
  74 void
  75 yarrow256_init(struct yarrow256_ctx *ctx,
  76                unsigned nsources,
  77                struct yarrow_source *sources);
  78
  79 void
  80 yarrow256_seed(struct yarrow256_ctx *ctx,
  81                unsigned length,
  82                const quint8 *seed_file);
  83
  84 /* Returns 1 on reseed */
  85 int
  86 yarrow256_update(struct yarrow256_ctx *ctx,
  87                  unsigned source, unsigned entropy,
  88                  unsigned length, const quint8 *data);
  89
  90 void
  91 yarrow256_random(struct yarrow256_ctx *ctx, unsigned length, quint8 *dst);
  92
  93 int
  94 yarrow256_is_seeded(struct yarrow256_ctx *ctx);
  95
  96 unsigned
  97 yarrow256_needed_sources(struct yarrow256_ctx *ctx);
  98
  99 void
 100 yarrow256_force_reseed(struct yarrow256_ctx *ctx);
 101
 102
 103 /* Key event estimator */
 104 #define YARROW_KEY_EVENT_BUFFER 16
 105
 106 struct yarrow_key_event_ctx
 107 {
 108   /* Counter for initial priming of the state */
 109   unsigned index;
 110   unsigned chars[YARROW_KEY_EVENT_BUFFER];
 111   unsigned previous;
 112 };
 113
 114 void
 115 yarrow_key_event_init(struct yarrow_key_event_ctx *ctx);
 116
 117 unsigned
 118 yarrow_key_event_estimate(struct yarrow_key_event_ctx *ctx,
 119                           unsigned key, unsigned time);
 120
 121
 122 /* merged code from macros.h: */
 123
 124 /* Reads a 32-bit integer, in network, big-endian, byte order */
 125 #define READ_UINT32(p)                          \
 126 (  (((quint32) (p)[0]) << 24)                   \
 127  | (((quint32) (p)[1]) << 16)                   \
 128  | (((quint32) (p)[2]) << 8)                    \
 129  |  ((quint32) (p)[3]))
 130
 131 #define WRITE_UINT32(p, i)                      \
 132 do {                                            \
 133   (p)[0] = ((i) >> 24) & 0xff;                  \
 134   (p)[1] = ((i) >> 16) & 0xff;                  \
 135   (p)[2] = ((i) >> 8) & 0xff;                   \
 136   (p)[3] = (i) & 0xff;                          \
 137 } while(0)
 138
 139 /* Analogous macros, for 24 and 16 bit numbers */
 140 #define READ_UINT24(p)                          \
 141 (  (((quint32) (p)[0]) << 16)                   \
 142  | (((quint32) (p)[1]) << 8)                    \
 143  |  ((quint32) (p)[2]))
 144
 145 #define WRITE_UINT24(p, i)                      \
 146 do {                                            \
 147   (p)[0] = ((i) >> 16) & 0xff;                  \
 148   (p)[1] = ((i) >> 8) & 0xff;                   \
 149   (p)[2] = (i) & 0xff;                          \
 150 } while(0)
 151
 152 #define READ_UINT16(p)                          \
 153 (  (((quint32) (p)[0]) << 8)                    \
 154  |  ((quint32) (p)[1]))
 155
 156 #define WRITE_UINT16(p, i)                      \
 157 do {                                            \
 158   (p)[0] = ((i) >> 8) & 0xff;                   \
 159   (p)[1] = (i) & 0xff;                          \
 160 } while(0)
 161
 162 /* And the other, little-endian, byteorder */
 163 #define LE_READ_UINT32(p)                       \
 164 (  (((quint32) (p)[3]) << 24)                   \
 165  | (((quint32) (p)[2]) << 16)                   \
 166  | (((quint32) (p)[1]) << 8)                    \
 167  |  ((quint32) (p)[0]))
 168
 169 #define LE_WRITE_UINT32(p, i)                   \
 170 do {                                            \
 171   (p)[3] = ((i) >> 24) & 0xff;                  \
 172   (p)[2] = ((i) >> 16) & 0xff;                  \
 173   (p)[1] = ((i) >> 8) & 0xff;                   \
 174   (p)[0] = (i) & 0xff;                          \
 175 } while(0)
 176
 177 /* Macro to make it easier to loop over several blocks. */
 178 #define FOR_BLOCKS(length, dst, src, blocksize) \
 179   assert( !((length) % (blocksize)));           \
 180   for (; (length); ((length) -= (blocksize),    \
 181                   (dst) += (blocksize),         \
 182                   (src) += (blocksize)) )
 183
 184 void initYarrow();
 185 void yarrowUpdateWeak(unsigned source, unsigned entropy, unsigned length, const quint8 *data);
 186 void yarrowUpdateStrong(unsigned source, unsigned entropy, unsigned length, const quint8 *data);
 187 void randomize(void* buffer, unsigned int length);
 188 void reseedStrongPool(quint8* buffer1,int l1,quint8* buffer2,int l2);
 189
 190
 191 #endif /* NETTLE_YARROW_COMPAT_H_INCLUDED */