diff options
Diffstat (limited to 'random/random-fips.c')
| -rw-r--r-- | random/random-fips.c | 70 |
1 files changed, 34 insertions, 36 deletions
diff --git a/random/random-fips.c b/random/random-fips.c index f9a21d08..307d2b2a 100644 --- a/random/random-fips.c +++ b/random/random-fips.c @@ -157,7 +157,7 @@ struct rng_context /* We need to keep track of the process which did the initialization so that we can detect a fork. The volatile modifier is required so that the compiler does not optimize it away in case the getpid - function is badly attributed. */ + function is badly attributed. */ pid_t key_init_pid; pid_t seed_init_pid; }; @@ -200,10 +200,10 @@ basic_initialization (void) if (my_errno) log_fatal ("failed to create the RNG lock: %s\n", strerror (my_errno)); fips_rng_is_locked = 0; - + /* Make sure that we are still using the values we have traditionally used for the random levels. */ - gcry_assert (GCRY_WEAK_RANDOM == 0 + gcry_assert (GCRY_WEAK_RANDOM == 0 && GCRY_STRONG_RANDOM == 1 && GCRY_VERY_STRONG_RANDOM == 2); @@ -262,7 +262,7 @@ check_guards (rng_context_t rng_ctx) timestamp we construct is made up the real time and three counters: Buffer: 00112233445566778899AABBCCDDEEFF - !--+---!!-+-!!+!!--+---!!--+---! + !--+---!!-+-!!+!!--+---!!--+---! seconds ---------/ | | | | microseconds -----------/ | | | counter2 -------------------/ | | @@ -272,7 +272,7 @@ check_guards (rng_context_t rng_ctx) Counter 2 is just 12 bits wide and used to track fractions of milliseconds whereas counters 1 and 0 are combined to a free running 64 bit counter. */ -static void +static void x931_get_dt (unsigned char *buffer, size_t length, rng_context_t rng_ctx) { gcry_assert (length == 16); /* This length is required for use with AES. */ @@ -281,7 +281,7 @@ x931_get_dt (unsigned char *buffer, size_t length, rng_context_t rng_ctx) /* If the random context indicates that a test DT should be used, take the DT value from the context. For safety reasons we do this only if the context is not one of the regular contexts. */ - if (rng_ctx->test_dt_ptr + if (rng_ctx->test_dt_ptr && rng_ctx != nonce_context && rng_ctx != std_rng_context && rng_ctx != strong_rng_context) @@ -301,7 +301,7 @@ x931_get_dt (unsigned char *buffer, size_t length, rng_context_t rng_ctx) static u32 last_sec, last_usec; static u32 counter1, counter0; static u16 counter2; - + unsigned int usec; struct timeval tv; @@ -350,11 +350,11 @@ x931_get_dt (unsigned char *buffer, size_t length, rng_context_t rng_ctx) /* Add the free running counter. */ buffer[8] = ((counter1 >> 24) & 0xff); buffer[9] = ((counter1 >> 16) & 0xff); - buffer[10] = ((counter1 >> 8) & 0xff); + buffer[10] = ((counter1 >> 8) & 0xff); buffer[11] = ((counter1) & 0xff); buffer[12] = ((counter0 >> 24) & 0xff); buffer[13] = ((counter0 >> 16) & 0xff); - buffer[14] = ((counter0 >> 8) & 0xff); + buffer[14] = ((counter0 >> 8) & 0xff); buffer[15] = ((counter0) & 0xff); /* Bump up that counter. */ if (!++counter0) @@ -372,7 +372,7 @@ x931_get_dt (unsigned char *buffer, size_t length, rng_context_t rng_ctx) the result at R. R needs to be provided by the caller with a size of at least LENGTH bytes. */ static void -xor_buffer (unsigned char *r, +xor_buffer (unsigned char *r, const unsigned char *a, const unsigned char *b, size_t length) { for ( ; length; length--, a++, b++, r++) @@ -383,7 +383,7 @@ xor_buffer (unsigned char *r, /* Encrypt LENGTH bytes of INPUT to OUTPUT using KEY. LENGTH needs to be 16. */ static void -encrypt_aes (gcry_cipher_hd_t key, +encrypt_aes (gcry_cipher_hd_t key, unsigned char *output, const unsigned char *input, size_t length) { gpg_error_t err; @@ -406,7 +406,7 @@ encrypt_aes (gcry_cipher_hd_t key, On return the result is stored at RESULT_R and the SEED_V is updated. May only be used while holding the lock. */ static void -x931_aes (unsigned char result_R[16], +x931_aes (unsigned char result_R[16], unsigned char datetime_DT[16], unsigned char seed_V[16], gcry_cipher_hd_t key, unsigned char intermediate_I[16], unsigned char temp_xor[16]) @@ -415,7 +415,7 @@ x931_aes (unsigned char result_R[16], Let V be a 128-bit seed value which is also kept secret, and XOR be the exclusive-or operator. Let DT be a date/time vector which - is updated on each iteration. I is a intermediate value. + is updated on each iteration. I is a intermediate value. I = ede*K(DT) */ encrypt_aes (key, intermediate_I, datetime_DT, 16); @@ -509,7 +509,7 @@ x931_aes_driver (unsigned char *output, size_t length, rng_context_t rng_ctx) } memcpy (rng_ctx->compare_value, result_buffer, 16); } - + /* Append to outbut. */ memcpy (output, result_buffer, nbytes); wipememory (result_buffer, 16); @@ -564,7 +564,7 @@ get_entropy (size_t nbytes) X931_AES_KEYLEN, GCRY_VERY_STRONG_RANDOM); #elif USE_RNDW32 - do + do { rc = _gcry_rndw32_gather_random (entropy_collect_cb, 0, X931_AES_KEYLEN, @@ -762,7 +762,7 @@ _gcry_rngfips_initialize (int full) std_rng_context = gcry_xcalloc_secure (1, sizeof *std_rng_context); setup_guards (std_rng_context); - + strong_rng_context = gcry_xcalloc_secure (1, sizeof *strong_rng_context); setup_guards (strong_rng_context); } @@ -807,9 +807,9 @@ _gcry_rngfips_add_bytes (const void *buf, size_t buflen, int quality) (void)buflen; (void)quality; return 0; /* Not implemented. */ -} +} + - /* Public function to fill the buffer with LENGTH bytes of cryptographically strong random bytes. Level GCRY_WEAK_RANDOM is here mapped to GCRY_STRONG_RANDOM, GCRY_STRONG_RANDOM is strong @@ -820,7 +820,7 @@ _gcry_rngfips_randomize (void *buffer, size_t length, enum gcry_random_level level) { _gcry_rngfips_initialize (1); /* Auto-initialize if needed. */ - + lock_rng (); if (level == GCRY_VERY_STRONG_RANDOM) get_random (buffer, length, strong_rng_context); @@ -850,7 +850,7 @@ _gcry_rngfips_create_nonce (void *buffer, size_t length) static gcry_err_code_t selftest_kat (selftest_report_func_t report) { - static struct + static struct { const unsigned char key[16]; const unsigned char dt[16]; @@ -880,7 +880,7 @@ selftest_kat (selftest_report_func_t report) 0x13, 0xd3, 0x13, 0xfa, 0x20, 0xe9, 0x8d, 0xbc }, { 0xc8, 0xd1, 0xe5, 0x11, 0x59, 0x52, 0xf7, 0xfa, 0x37, 0x38, 0xb4, 0xc5, 0xce, 0xb2, 0xb0, 0x9a }, - { 0x0d, 0x9c, 0xc5, 0x0d, 0x16, 0xe1, 0xbc, 0xed, + { 0x0d, 0x9c, 0xc5, 0x0d, 0x16, 0xe1, 0xbc, 0xed, 0xcf, 0x60, 0x62, 0x09, 0x9d, 0x20, 0x83, 0x7e } } }, { { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, @@ -892,7 +892,7 @@ selftest_kat (selftest_report_func_t report) 0x63, 0x19, 0x37, 0x6f, 0x15, 0x22, 0x57, 0x56 }, { 0x7a, 0x14, 0x76, 0x77, 0x95, 0x17, 0x7e, 0xc8, 0x92, 0xe8, 0xdd, 0x15, 0xcb, 0x1f, 0xbc, 0xb1 }, - { 0x25, 0x3e, 0x2e, 0xa2, 0x41, 0x1b, 0xdd, 0xf5, + { 0x25, 0x3e, 0x2e, 0xa2, 0x41, 0x1b, 0xdd, 0xf5, 0x21, 0x48, 0x41, 0x71, 0xb3, 0x8d, 0x2f, 0x4c } } } }; int tvidx, ridx; @@ -905,7 +905,7 @@ selftest_kat (selftest_report_func_t report) test_ctx = gcry_xcalloc (1, sizeof *test_ctx); setup_guards (test_ctx); - + lock_rng (); for (tvidx=0; tvidx < DIM (tv); tvidx++) @@ -927,15 +927,15 @@ selftest_kat (selftest_report_func_t report) goto leave; } test_ctx->key_init_pid = getpid (); - + /* Setup the seed. */ memcpy (test_ctx->seed_V, tv[tvidx].v, 16); test_ctx->is_seeded = 1; test_ctx->seed_init_pid = getpid (); - + /* Setup a DT value. */ test_ctx->test_dt_ptr = tv[tvidx].dt; - test_ctx->test_dt_counter = ( (tv[tvidx].dt[12] << 24) + test_ctx->test_dt_counter = ( (tv[tvidx].dt[12] << 24) |(tv[tvidx].dt[13] << 16) |(tv[tvidx].dt[14] << 8) |(tv[tvidx].dt[15]) ); @@ -949,7 +949,7 @@ selftest_kat (selftest_report_func_t report) errtxt = "X9.31 RNG core function failed"; goto leave; } - + /* Compare it to the known value. */ if (memcmp (result, tv[tvidx].r[ridx], 16)) { @@ -1026,9 +1026,9 @@ _gcry_rngfips_init_external_test (void **r_context, unsigned int flags, rng_context_t test_ctx; _gcry_rngfips_initialize (1); /* Auto-initialize if needed. */ - + if (!r_context - || !key || keylen != 16 + || !key || keylen != 16 || !seed || seedlen != 16 || !dt || dtlen != 16 ) return GPG_ERR_INV_ARG; @@ -1037,7 +1037,7 @@ _gcry_rngfips_init_external_test (void **r_context, unsigned int flags, if (!test_ctx) return gpg_err_code_from_syserror (); setup_guards (test_ctx); - + /* Setup the key. */ err = gcry_cipher_open (&test_ctx->cipher_hd, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_ECB, @@ -1050,18 +1050,18 @@ _gcry_rngfips_init_external_test (void **r_context, unsigned int flags, goto leave; test_ctx->key_init_pid = getpid (); - + /* Setup the seed. */ memcpy (test_ctx->seed_V, seed, seedlen); test_ctx->is_seeded = 1; test_ctx->seed_init_pid = getpid (); - + /* Setup a DT value. Because our context structure only stores a pointer we copy the DT value to the extra space we allocated in the test_ctx and set the pointer to that address. */ memcpy ((unsigned char*)test_ctx + sizeof *test_ctx, dt, dtlen); - test_ctx->test_dt_ptr = (unsigned char*)test_ctx + sizeof *test_ctx; - test_ctx->test_dt_counter = ( (test_ctx->test_dt_ptr[12] << 24) + test_ctx->test_dt_ptr = (unsigned char*)test_ctx + sizeof *test_ctx; + test_ctx->test_dt_counter = ( (test_ctx->test_dt_ptr[12] << 24) |(test_ctx->test_dt_ptr[13] << 16) |(test_ctx->test_dt_ptr[14] << 8) |(test_ctx->test_dt_ptr[15]) ); @@ -1114,5 +1114,3 @@ _gcry_rngfips_deinit_external_test (void *context) gcry_free (test_ctx); } } - - |