1 files changed, 186 insertions, 0 deletions
diff --git a/src/lib/crypto/krb/yarrow/yarrow.h b/src/lib/crypto/krb/yarrow/yarrow.h
new file mode 100644
index 0000000..7e1fe14
--- /dev/null
+++ b/src/lib/crypto/krb/yarrow/yarrow.h
@@ -0,0 +1,186 @@
+/* -*- Mode: C; c-file-style: "bsd" -*- */
+
+#ifndef YARROW_H
+#define YARROW_H
+
+#ifdef HAVE_UNISTD_H
+#define YARROW_DETECT_FORK
+#include <unistd.h>
+#endif
+#define YARROW_NO_MATHLIB
+
+#include "ytypes.h"
+#include "yhash.h"
+#include "ycipher.h"
+
+/* These error codes are returned by the functions below. */
+
+#define YARROW_OK                1  /* All is well */
+#define YARROW_FAIL              0  /* generic failure */
+#define YARROW_NOT_INIT         -1  /* YarrowInit hasn't been called */
+#define YARROW_ALREADY_INIT     -2  /* YarrowInit has already been called */
+#define YARROW_NO_DRIVER        -3  /* driver doesn't exist */
+#define YARROW_CANT_OPEN        -4  /* can't open driver */
+#define YARROW_BAD_SOURCE       -5  /* invalid source id */
+#define YARROW_TOO_MANY_SOURCES -6  /* can't create any more source ids */
+#define YARROW_BAD_ARG          -7  /* invalid argument */
+#define YARROW_ACCESS           -8  /* insufficient privileges */
+#define YARROW_NOMEM            -9  /* out of memory */
+#define YARROW_NORSRC          -10  /* a resource is exhausted */
+#define YARROW_NOT_SEEDED      -11  /* not enough entropy to generate output */
+#define YARROW_LOCKING         -12  /* locking error */
+#define YARROW_NO_STATE        -13  /* there is no state to load */
+#define YARROW_STATE_ERROR     -14  /* error with state load or save */
+#define YARROW_NOT_IMPL        -15  /* not implemented */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Yarrow implementation and configuration parameters */
+
+/* pool identification */
+#define YARROW_FAST_POOL 0
+#define YARROW_SLOW_POOL 1
+
+#define YARROW_MAX_SOURCES 20
+#define YARROW_ENTROPY_MULTIPLIER 0.5
+
+#define YARROW_POOL_SIZE (HASH_DIGEST_SIZE*8)
+
+#define YARROW_OUTPUTS_PER_GATE 10   /* Pg */
+#define YARROW_FAST_PT 10
+#define YARROW_SLOW_PT 100
+
+/* thresholds to use once seeded */
+
+#define YARROW_FAST_THRESH 100
+#define YARROW_SLOW_THRESH 160
+#define YARROW_K_OF_N_THRESH 2
+
+/* The Yarrow paper does not specify when the initial seed should be
+   considered complete. Use the same conditions as a slow reseed */
+
+#define YARROW_FAST_INIT_THRESH YARROW_FAST_THRESH
+#define YARROW_SLOW_INIT_THRESH YARROW_SLOW_THRESH
+#define YARROW_K_OF_N_INIT_THRESH YARROW_K_OF_N_THRESH
+
+/* sanity checks */
+
+#if YARROW_FAST_THRESH > YARROW_POOL_SIZE
+error "can't have higher YARROW_FAST_THRESH than pool size"
+#endif
+
+#if YARROW_SLOW_THRESH > YARROW_POOL_SIZE
+error "can't have higher YARROW_SLOW_THRESH than pool size"
+#endif
+
+#if YARROW_FAST_INIT_THRESH > YARROW_POOL_SIZE
+error "can't have higher YARROW_FAST_INIT_THRESH than pool size"
+#endif
+
+#if YARROW_SLOW_INIT_THRESH > YARROW_POOL_SIZE
+error "can't have higher YARROW_SLOW_INIT_THRESH than pool size"
+#endif
+
+typedef size_t estimator_fn(const void* sample, size_t size);
+
+typedef struct
+{
+    int pool;
+    size_t entropy[2];
+    int reached_slow_thresh;
+    estimator_fn* estimator;
+} Source;
+
+typedef struct
+{
+    /* state */
+    int seeded;
+    int saved;
+#if defined( YARROW_DETECT_FORK )
+    int pid;
+#endif
+    Source source[YARROW_MAX_SOURCES];
+    unsigned num_sources;
+    HASH_CTX pool[2];
+    byte out[CIPHER_BLOCK_SIZE];
+    unsigned out_left;
+    COUNTER out_count;
+    COUNTER gate_count;
+    COUNTER gates_limit;
+    byte C[CIPHER_BLOCK_SIZE];
+    CIPHER_CTX cipher;
+    byte K[CIPHER_KEY_SIZE];
+
+    const char *entropyfile;
+
+    /* parameters */
+    COUNTER Pt[2];
+    COUNTER Pg;
+    int slow_k_of_n;
+
+    /* current thresholds */
+    int slow_thresh;
+    int fast_thresh;
+    int slow_k_of_n_thresh;
+} Yarrow_CTX;
+
+#   define YARROW_DLL
+
+
+YARROW_DLL
+int krb5int_yarrow_init( Yarrow_CTX* y, const char *filename );
+
+
+YARROW_DLL
+int krb5int_yarrow_input( Yarrow_CTX* y, unsigned source_id,
+		  const void* sample, 
+		  size_t size, size_t entropy_bits );
+
+YARROW_DLL
+int krb5int_yarrow_status( Yarrow_CTX* y, int *num_sources, unsigned *source_id,
+		   size_t *entropy_bits, size_t *entropy_max );
+
+YARROW_DLL
+int krb5int_yarrow_output( Yarrow_CTX* y, void* out, size_t size );
+
+YARROW_DLL
+int krb5int_yarrow_new_source( Yarrow_CTX* y, unsigned* source_id );
+
+YARROW_DLL
+int krb5int_yarrow_register_source_estimator( Yarrow_CTX* y, unsigned source_id, 
+				      estimator_fn* fptr );
+
+YARROW_DLL
+int krb5int_yarrow_stretch( const byte* m, size_t size, byte* out, size_t out_size );
+
+YARROW_DLL
+int krb5int_yarrow_reseed( Yarrow_CTX* y, int pool );
+
+YARROW_DLL
+int krb5int_yarrow_gate( Yarrow_CTX* y );
+
+YARROW_DLL
+int krb5int_yarrow_final( Yarrow_CTX* y );
+
+YARROW_DLL
+const char* krb5int_yarrow_str_error( int );
+
+
+#   define mem_zero(p, n)       memset((p), 0, (n))
+#   define mem_copy(d, s, n)    memcpy((d), (s), (n))
+
+
+#if !defined(WIN32)
+#   define min(x, y) ((x) < (y) ? (x) : (y))
+#   define max(x, y) ((x) > (y) ? (x) : (y))
+#endif
+
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* YARROW_H */