1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
|
/* -*- Mode: C; c-file-style: "bsd" -*- */
#ifndef YARROW_H
#define YARROW_H
#ifdef HAVE_UNISTD_H
#define YARROW_DETECT_FORK
#include <unistd.h>
#endif
#define YARROW_NO_MATHLIB
#include "ytypes.h"
#include <yhash.h>
#include "ycipher.h"
/* These error codes are returned by the functions below. */
#define YARROW_OK 1 /* All is well */
#define YARROW_FAIL 0 /* generic failure */
#define YARROW_NOT_INIT -1 /* YarrowInit hasn't been called */
#define YARROW_ALREADY_INIT -2 /* YarrowInit has already been called */
#define YARROW_NO_DRIVER -3 /* driver doesn't exist */
#define YARROW_CANT_OPEN -4 /* can't open driver */
#define YARROW_BAD_SOURCE -5 /* invalid source id */
#define YARROW_TOO_MANY_SOURCES -6 /* can't create any more source ids */
#define YARROW_BAD_ARG -7 /* invalid argument */
#define YARROW_ACCESS -8 /* insufficient privileges */
#define YARROW_NOMEM -9 /* out of memory */
#define YARROW_NORSRC -10 /* a resource is exhausted */
#define YARROW_NOT_SEEDED -11 /* not enough entropy to generate output */
#define YARROW_LOCKING -12 /* locking error */
#define YARROW_NO_STATE -13 /* there is no state to load */
#define YARROW_STATE_ERROR -14 /* error with state load or save */
#define YARROW_NOT_IMPL -15 /* not implemented */
#ifdef __cplusplus
extern "C" {
#endif
/* Yarrow implementation and configuration parameters */
/* pool identification */
#define YARROW_FAST_POOL 0
#define YARROW_SLOW_POOL 1
#define YARROW_MAX_SOURCES 20
#define YARROW_ENTROPY_MULTIPLIER 0.5
#define YARROW_POOL_SIZE (HASH_DIGEST_SIZE*8)
#define YARROW_OUTPUTS_PER_GATE 10 /* Pg */
#define YARROW_FAST_PT 10
#define YARROW_SLOW_PT 100
/* thresholds to use once seeded */
#define YARROW_FAST_THRESH 100
#define YARROW_SLOW_THRESH 160
#define YARROW_K_OF_N_THRESH 2
/* The Yarrow paper does not specify when the initial seed should be
considered complete. Use the same conditions as a slow reseed */
#define YARROW_FAST_INIT_THRESH YARROW_FAST_THRESH
#define YARROW_SLOW_INIT_THRESH YARROW_SLOW_THRESH
#define YARROW_K_OF_N_INIT_THRESH YARROW_K_OF_N_THRESH
/* sanity checks */
#if YARROW_FAST_THRESH > YARROW_POOL_SIZE
error "can't have higher YARROW_FAST_THRESH than pool size"
#endif
#if YARROW_SLOW_THRESH > YARROW_POOL_SIZE
error "can't have higher YARROW_SLOW_THRESH than pool size"
#endif
#if YARROW_FAST_INIT_THRESH > YARROW_POOL_SIZE
error "can't have higher YARROW_FAST_INIT_THRESH than pool size"
#endif
#if YARROW_SLOW_INIT_THRESH > YARROW_POOL_SIZE
error "can't have higher YARROW_SLOW_INIT_THRESH than pool size"
#endif
typedef size_t estimator_fn(const void* sample, size_t size);
typedef struct
{
int pool;
size_t entropy[2];
int reached_slow_thresh;
estimator_fn* estimator;
} Source;
typedef struct
{
/* state */
int seeded;
int saved;
#if defined( YARROW_DETECT_FORK )
int pid;
#endif
Source source[YARROW_MAX_SOURCES];
unsigned num_sources;
HASH_CTX pool[2];
byte out[CIPHER_BLOCK_SIZE];
unsigned out_left;
COUNTER out_count;
COUNTER gate_count;
COUNTER gates_limit;
byte C[CIPHER_BLOCK_SIZE];
CIPHER_CTX cipher;
byte K[CIPHER_KEY_SIZE];
const char *entropyfile;
/* parameters */
COUNTER Pt[2];
COUNTER Pg;
int slow_k_of_n;
/* current thresholds */
size_t slow_thresh;
size_t fast_thresh;
int slow_k_of_n_thresh;
} Yarrow_CTX;
# define YARROW_DLL
YARROW_DLL
int krb5int_yarrow_init( Yarrow_CTX* y, const char *filename );
YARROW_DLL
int krb5int_yarrow_input( Yarrow_CTX* y, unsigned source_id,
const void* sample,
size_t size, size_t entropy_bits );
YARROW_DLL
int krb5int_yarrow_status( Yarrow_CTX* y, int *num_sources, unsigned *source_id,
size_t *entropy_bits, size_t *entropy_max );
YARROW_DLL
int krb5int_yarrow_output( Yarrow_CTX* y, void* out, size_t size );
YARROW_DLL
int krb5int_yarrow_new_source( Yarrow_CTX* y, unsigned* source_id );
YARROW_DLL
int krb5int_yarrow_register_source_estimator( Yarrow_CTX* y, unsigned source_id,
estimator_fn* fptr );
YARROW_DLL
int krb5int_yarrow_stretch( const byte* m, size_t size, byte* out, size_t out_size );
YARROW_DLL
int krb5int_yarrow_reseed( Yarrow_CTX* y, int pool );
YARROW_DLL
int krb5int_yarrow_gate( Yarrow_CTX* y );
YARROW_DLL
int krb5int_yarrow_final( Yarrow_CTX* y );
YARROW_DLL
const char* krb5int_yarrow_str_error( int );
# define mem_zero(p, n) memset((p), 0, (n))
# define mem_copy(d, s, n) memcpy((d), (s), (n))
#if !defined(WIN32)
# define min(x, y) ((x) < (y) ? (x) : (y))
# define max(x, y) ((x) > (y) ? (x) : (y))
#endif
#ifdef __cplusplus
}
#endif
#endif /* YARROW_H */
|
