Startseite Erkunden Hilfe
Anmelden
c
/
libtom.libtomcrypt
Mirror von https://github.com/libtom/libtomcrypt.git
2
0
Fork 0
Dateien Issues 0 Wiki
Struktur: 0.97b
Branches Tags
libtom.libtomcr...
/
fortuna.c

fortuna.c 6.1 KB
Permalink Verlauf Originalformat

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256 
  1. /* LibTomCrypt, modular cryptographic library -- Tom St Denis
    2. 

  2.  *
    3. 

  3.  * LibTomCrypt is a library that provides various cryptographic
    4. 

  4.  * algorithms in a highly modular and flexible manner.
    5. 

  5.  *
    6. 

  6.  * The library is free for all purposes without any express
    7. 

  7.  * guarantee it works.
    8. 

  8.  *
    9. 

  9.  * Tom St Denis, [email protected], http://libtomcrypt.org
    10. 

  10.  */
    11. 

  11. 

  12. /* Implementation of Fortuna by Tom St Denis 
    13. 

  13. 

  14. We deviate slightly here for reasons of simplicity [and to fit in the API].  First all "sources"
    15. 

  15. in the AddEntropy function are fixed to 0.  Second since no reliable timer is provided 
    16. 

  16. we reseed automatically when len(pool0) >= 64 or every FORTUNA_WD calls to the read function */
    17. 

  17. 

  18. #include "mycrypt.h"
    19. 

  19. 

  20. #ifdef FORTUNA 
    21. 

  21. 

  22. const struct _prng_descriptor fortuna_desc = {
    23. 

  23.     "fortuna",
    24. 

  24.     &fortuna_start,
    25. 

  25.     &fortuna_add_entropy,
    26. 

  26.     &fortuna_ready,
    27. 

  27.     &fortuna_read,
    28. 

  28.     &fortuna_done,
    29. 

  29.     &fortuna_export,
    30. 

  30.     &fortuna_import
    31. 

  31. 

  32. };
    33. 

  33. 

  34. /* update the IV */
    35. 

  35. static void fortuna_update_iv(prng_state *prng)
    36. 

  36. {
    37. 

  37.    int x;
    38. 

  38.    unsigned char *IV;
    39. 

  39.    /* update IV */
    40. 

  40.    IV = prng->fortuna.IV;
    41. 

  41.    for (x = 0; x < 16; x++) {
    42. 

  42.       IV[x] = (IV[x] + 1) & 255;
    43. 

  43.       if (IV[x] != 0) break;
    44. 

  44.    }
    45. 

  45. }
    46. 

  46. 

  47. /* reseed the PRNG */
    48. 

  48. static int fortuna_reseed(prng_state *prng)
    49. 

  49. {
    50. 

  50.    unsigned char tmp[32];
    51. 

  51.    hash_state    md;
    52. 

  52.    int           err, x;
    53. 

  53. 

  54.    ++prng->fortuna.reset_cnt;
    55. 

  55. 

  56.    /* new K == SHA256(K || s) where s == SHA256(P0) || SHA256(P1) ... */
    57. 

  57.    sha256_init(&md);
    58. 

  58.    if ((err = sha256_process(&md, prng->fortuna.K, 32)) != CRYPT_OK) {
    59. 

  59.       return err;
    60. 

  60.    }
    61. 

  61. 

  62.    for (x = 0; x < 32; x++) {
    63. 

  63.        if (x == 0 || ((prng->fortuna.reset_cnt >> (x-1)) & 1) == 0) { 
    64. 

  64.           /* terminate this hash */
    65. 

  65.           if ((err = sha256_done(&prng->fortuna.pool[x], tmp)) != CRYPT_OK) {
    66. 

  66.              return err; 
    67. 

  67.           }
    68. 

  68.           /* add it to the string */
    69. 

  69.           if ((err = sha256_process(&md, tmp, 32)) != CRYPT_OK) {
    70. 

  70.              return err;
    71. 

  71.           }
    72. 

  72.           /* reset this pool */
    73. 

  73.           sha256_init(&prng->fortuna.pool[x]);
    74. 

  74.        } else {
    75. 

  75.           break;
    76. 

  76.        }
    77. 

  77.    }
    78. 

  78. 

  79.    /* finish key */
    80. 

  80.    if ((err = sha256_done(&md, prng->fortuna.K)) != CRYPT_OK) {
    81. 

  81.       return err; 
    82. 

  82.    }
    83. 

  83.    if ((err = rijndael_setup(prng->fortuna.K, 32, 0, &prng->fortuna.skey)) != CRYPT_OK) {
    84. 

  84.       return err;
    85. 

  85.    }
    86. 

  86.    fortuna_update_iv(prng);
    87. 

  87. 

  88.    /* reset pool len */
    89. 

  89.    prng->fortuna.pool0_len = 0;
    90. 

  90.    prng->fortuna.wd        = 0;
    91. 

  91. 

  92. 

  93. #ifdef CLEAN_STACK
    94. 

  94.    zeromem(&md, sizeof(md));
    95. 

  95.    zeromem(tmp, sizeof(tmp));
    96. 

  96. #endif
    97. 

  97. 

  98.    return CRYPT_OK;
    99. 

  99. }
    100. 

  100. 

  101. int fortuna_start(prng_state *prng)
    102. 

  102. {
    103. 

  103.    int err, x;
    104. 

  104. 

  105.    _ARGCHK(prng != NULL);
    106. 

  106.    
    107. 

  107.    /* initialize the pools */
    108. 

  108.    for (x = 0; x < 32; x++) {
    109. 

  109.        sha256_init(&prng->fortuna.pool[x]);
    110. 

  110.    }
    111. 

  111.    prng->fortuna.pool_idx = prng->fortuna.pool0_len = prng->fortuna.reset_cnt = 
    112. 

  112.    prng->fortuna.wd = 0;
    113. 

  113. 

  114.    /* reset bufs */
    115. 

  115.    zeromem(prng->fortuna.K, 32);
    116. 

  116.    if ((err = rijndael_setup(prng->fortuna.K, 32, 0, &prng->fortuna.skey)) != CRYPT_OK) {
    117. 

  117.       return err;
    118. 

  118.    }
    119. 

  119.    zeromem(prng->fortuna.IV, 16);
    120. 

  120. 

  121.    return CRYPT_OK;
    122. 

  122. }
    123. 

  123. 

  124. int fortuna_add_entropy(const unsigned char *buf, unsigned long len, prng_state *prng)
    125. 

  125. {
    126. 

  126.    unsigned char tmp[2];
    127. 

  127.    int           err;
    128. 

  128. 

  129.    _ARGCHK(buf  != NULL);
    130. 

  130.    _ARGCHK(prng != NULL);
    131. 

  131. 

  132.    /* ensure len <= 32 */
    133. 

  133.    if (len > 32) {
    134. 

  134.       return CRYPT_INVALID_ARG;
    135. 

  135.    }
    136. 

  136. 

  137.    /* add s || length(buf) || buf to pool[pool_idx] */
    138. 

  138.    tmp[0] = 0;
    139. 

  139.    tmp[1] = len;
    140. 

  140.    if ((err = sha256_process(&prng->fortuna.pool[prng->fortuna.pool_idx], tmp, 2)) != CRYPT_OK) {
    141. 

  141.       return err;
    142. 

  142.    }
    143. 

  143.    if ((err = sha256_process(&prng->fortuna.pool[prng->fortuna.pool_idx], buf, len)) != CRYPT_OK) {
    144. 

  144.       return err;
    145. 

  145.    }
    146. 

  146.    if (prng->fortuna.pool_idx == 0) {
    147. 

  147.       prng->fortuna.pool0_len += len + 2;
    148. 

  148.    }
    149. 

  149.    prng->fortuna.pool_idx = (prng->fortuna.pool_idx + 1) & 31;
    150. 

  150. 

  151.    return CRYPT_OK;
    152. 

  152. }
    153. 

  153. 

  154. int fortuna_ready(prng_state *prng)
    155. 

  155. {
    156. 

  156.    return fortuna_reseed(prng);
    157. 

  157. }
    158. 

  158. 

  159. unsigned long fortuna_read(unsigned char *dst, unsigned long len, prng_state *prng)
    160. 

  160. {
    161. 

  161.    unsigned char tmp[16];
    162. 

  162.    int           err;
    163. 

  163.    unsigned long tlen, n;
    164. 

  164. 

  165.    _ARGCHK(dst  != NULL);
    166. 

  166.    _ARGCHK(prng != NULL);
    167. 

  167. 

  168.    /* do we have to reseed? */
    169. 

  169.    if (++prng->fortuna.wd == FORTUNA_WD || prng->fortuna.pool0_len >= 64) {
    170. 

  170.       if ((err = fortuna_reseed(prng)) != CRYPT_OK) {
    171. 

  171.          return 0;
    172. 

  172.       }
    173. 

  173.    }
    174. 

  174. 

  175.    /* now generate the blocks required */
    176. 

  176.    tlen = len;
    177. 

  177.    while (len > 0) {
    178. 

  178.        if (len >= 16) {
    179. 

  179.           /* encrypt the IV and store it */
    180. 

  180.           rijndael_ecb_encrypt(prng->fortuna.IV, dst, &prng->fortuna.skey);
    181. 

  181.           dst += 16;
    182. 

  182.           len -= 16;
    183. 

  183.        } else {
    184. 

  184.           rijndael_ecb_encrypt(prng->fortuna.IV, tmp, &prng->fortuna.skey);
    185. 

  185.           XMEMCPY(dst, tmp, len);
    186. 

  186.           len = 0;
    187. 

  187.        }
    188. 

  188.        fortuna_update_iv(prng);
    189. 

  189.    }
    190. 

  190.        
    191. 

  191.    /* generate new key */
    192. 

  192.    rijndael_ecb_encrypt(prng->fortuna.IV, prng->fortuna.K   , &prng->fortuna.skey); fortuna_update_iv(prng);
    193. 

  193.    rijndael_ecb_encrypt(prng->fortuna.IV, prng->fortuna.K+16, &prng->fortuna.skey); fortuna_update_iv(prng);
    194. 

  194.    if ((err = rijndael_setup(prng->fortuna.K, 32, 0, &prng->fortuna.skey)) != CRYPT_OK) {
    195. 

  195.       return 0;
    196. 

  196.    }
    197. 

  197. 

  198. #ifdef CLEAN_STACK
    199. 

  199.    zeromem(tmp, sizeof(tmp));
    200. 

  200. #endif
    201. 

  201.    return tlen;
    202. 

  202. }   
    203. 

  203. 

  204. void fortuna_done(prng_state *prng)
    205. 

  205. {
    206. 

  206.    _ARGCHK(prng != NULL);
    207. 

  207.    /* call cipher done when we invent one ;-) */
    208. 

  208. }
    209. 

  209. 

  210. int fortuna_export(unsigned char *out, unsigned long *outlen, prng_state *prng)
    211. 

  211. {
    212. 

  212.    int x;
    213. 

  213. 

  214.    _ARGCHK(out    != NULL);
    215. 

  215.    _ARGCHK(outlen != NULL);
    216. 

  216.    _ARGCHK(prng   != NULL);
    217. 

  217. 

  218.    /* we'll write 2048 bytes for s&g's */
    219. 

  219.    if (*outlen < 2048) {
    220. 

  220.       return CRYPT_BUFFER_OVERFLOW;
    221. 

  221.    }
    222. 

  222. 

  223.    for (x = 0; x < 32; x++) {
    224. 

  224.       if (fortuna_read(out+x*64, 64, prng) != 64) {
    225. 

  225.          return CRYPT_ERROR_READPRNG;
    226. 

  226.       }
    227. 

  227.    }
    228. 

  228.    *outlen = 2048;
    229. 

  229. 

  230.    return CRYPT_OK;
    231. 

  231. }
    232. 

  232.  
    233. 

  233. int fortuna_import(const unsigned char *in, unsigned long inlen, prng_state *prng)
    234. 

  234. {
    235. 

  235.    int err, x;
    236. 

  236. 

  237.    _ARGCHK(in   != NULL);
    238. 

  238.    _ARGCHK(prng != NULL);
    239. 

  239. 

  240.    if (inlen != 2048) {
    241. 

  241.       return CRYPT_INVALID_ARG;
    242. 

  242.    }
    243. 

  243. 

  244.    if ((err = fortuna_start(prng)) != CRYPT_OK) {
    245. 

  245.       return err;
    246. 

  246.    }
    247. 

  247.    for (x = 0; x < 32; x++) {
    248. 

  248.       if ((err = fortuna_add_entropy(in+x*64, 64, &prng)) != CRYPT_OK) {
    249. 

  249.          return err;
    250. 

  250.       }
    251. 

  251.    }
    252. 

  252.    return fortuna_ready(&prng);
    253. 

  253. }
    254. 

  254. 

  255. #endif
    256. 

  256.