Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/tls-earlyentropy]: src Adjustments to the "earlyentropy" branch in respo...
details: https://anonhg.NetBSD.org/src/rev/cefa65dd3836
branches: tls-earlyentropy
changeset: 795274:cefa65dd3836
user: tls <tls%NetBSD.org@localhost>
date: Thu Jul 17 14:03:33 2014 +0000
description:
Adjustments to the "earlyentropy" branch in response to the various
discussions beginning with my initial proposal
http://mail-index.netbsd.org/tech-kern/2014/04/08/msg016876.html and
particularly the long discussion of cprng_fast() performance (e.g.
https://mail-index.netbsd.org/tech-crypto/2014/04/21/msg000642.html).
In particular:
* Per-CPU, lockless cprng_fast replacement using Dennis Ferguson's
"ccrand" implementation of ChaCha8.
* libkern arc4random() is gone, gone, gone.
* Entropy estimator reverted to 32-bit recordkeeping and timestamps
per Dennis' comments and analysis.
* LZF entropy estimator removed: it required a great deal of state,
and rejected only truly pathological input.
I have not yet reverted the changes that provide LZF in the kernel
as generic functionality; I will likely revert those changes prior
to any merge of this branch to HEAD.
diffstat:
sbin/rndctl/rndctl.c | 12 +-
sys/conf/files | 3 +-
sys/crypto/arc4/arc4.c | 36 +++-
sys/crypto/arc4/arc4.h | 11 +-
sys/crypto/arc4/files.arc4 | 4 +-
sys/crypto/ccrand/ccrand.h | 196 ++++++++++++++++++++++++++
sys/crypto/ccrand/ccrand2.c | 47 ++++++
sys/crypto/ccrand/ccrand32.c | 47 ++++++
sys/crypto/ccrand/ccrand64.c | 47 ++++++
sys/crypto/ccrand/ccrand_bytes.c | 148 ++++++++++++++++++++
sys/crypto/ccrand/ccrand_gen16.c | 149 ++++++++++++++++++++
sys/crypto/ccrand/ccrand_reseed.c | 123 ++++++++++++++++
sys/crypto/ccrand/ccrand_seed.c | 186 +++++++++++++++++++++++++
sys/crypto/ccrand/ccrand_seed32.c | 51 ++++++
sys/crypto/ccrand/ccrand_seed64.c | 56 +++++++
sys/crypto/ccrand/ccrand_use.c | 53 +++++++
sys/crypto/ccrand/ccrand_var.h | 135 ++++++++++++++++++
sys/crypto/ccrand/ccrand_words.c | 106 ++++++++++++++
sys/crypto/ccrand/ccrandn.c | 47 ++++++
sys/crypto/ccrand/files.ccrand | 15 ++
sys/dev/rndpseudo.c | 6 +-
sys/kern/init_main.c | 6 +-
sys/kern/kern_rndq.c | 168 +++++++---------------
sys/kern/subr_cprng.c | 218 +++++++++++++++++++++++++---
sys/kern/subr_prf.c | 21 +-
sys/lib/libkern/Makefile.libkern | 4 +-
sys/lib/libkern/arc4random.c | 277 --------------------------------------
sys/nfs/nfs_subs.c | 9 +-
sys/sys/cprng.h | 33 +---
sys/sys/rnd.h | 14 +-
30 files changed, 1725 insertions(+), 503 deletions(-)
diffs (truncated from 2817 to 300 lines):
diff -r 9de9086e9ed5 -r cefa65dd3836 sbin/rndctl/rndctl.c
--- a/sbin/rndctl/rndctl.c Wed Apr 09 03:54:17 2014 +0000
+++ b/sbin/rndctl/rndctl.c Thu Jul 17 14:03:33 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: rndctl.c,v 1.27.2.1 2014/04/07 02:49:52 tls Exp $ */
+/* $NetBSD: rndctl.c,v 1.27.2.2 2014/07/17 14:03:33 tls Exp $ */
/*-
* Copyright (c) 1997 Michael Graff.
@@ -33,7 +33,7 @@
#include <sha1.h>
#ifndef lint
-__RCSID("$NetBSD: rndctl.c,v 1.27.2.1 2014/04/07 02:49:52 tls Exp $");
+__RCSID("$NetBSD: rndctl.c,v 1.27.2.2 2014/07/17 14:03:33 tls Exp $");
#endif
@@ -318,10 +318,6 @@
rstat_name.source.dv_samples);
printf("\tDv bits = %d\n",
rstat_name.source.dv_total);
- printf("\tLZ bytes in = %d\n",
- rstat_name.source.lzv_bytes);
- printf("\tLZ bits out = %d\n",
- rstat_name.source.lzv_total);
}
close(fd);
return;
@@ -360,10 +356,6 @@
rstat.source[i].dv_samples);
printf("\tDv bits = %d\n",
rstat.source[i].dv_total);
- printf("\tLZ bytes in = %d\n",
- rstat.source[i].lzv_bytes);
- printf("\tLZ bits out = %d\n",
- rstat.source[i].lzv_total);
}
}
start += rstat.count;
diff -r 9de9086e9ed5 -r cefa65dd3836 sys/conf/files
--- a/sys/conf/files Wed Apr 09 03:54:17 2014 +0000
+++ b/sys/conf/files Thu Jul 17 14:03:33 2014 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: files,v 1.1090 2014/04/01 17:49:30 riastradh Exp $
+# $NetBSD: files,v 1.1090.2.1 2014/07/17 14:03:33 tls Exp $
# @(#)files.newconf 7.5 (Berkeley) 5/10/93
version 20100430
@@ -160,6 +160,7 @@
include "crypto/rijndael/files.rijndael"
include "crypto/skipjack/files.skipjack"
include "crypto/camellia/files.camellia"
+include "crypto/ccrand/files.ccrand"
# General-purpose crypto processing framework.
include "opencrypto/files.opencrypto"
diff -r 9de9086e9ed5 -r cefa65dd3836 sys/crypto/arc4/arc4.c
--- a/sys/crypto/arc4/arc4.c Wed Apr 09 03:54:17 2014 +0000
+++ b/sys/crypto/arc4/arc4.c Thu Jul 17 14:03:33 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: arc4.c,v 1.6 2005/12/11 12:20:48 christos Exp $ */
+/* $NetBSD: arc4.c,v 1.6.136.1 2014/07/17 14:03:33 tls Exp $ */
/*
* ARC4 implementation
@@ -30,19 +30,12 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: arc4.c,v 1.6 2005/12/11 12:20:48 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: arc4.c,v 1.6.136.1 2014/07/17 14:03:33 tls Exp $");
#include <sys/types.h>
#include <crypto/arc4/arc4.h>
-struct arc4_ctx {
- unsigned int x;
- unsigned int y;
- unsigned int state[256];
- /* was unsigned char, changed to int for performance -- onoe */
-};
-
int
arc4_ctxlen(void)
{
@@ -97,8 +90,31 @@
}
void
+arc4_stream(void *ctxp, u_char *dst, int len)
+{
+ struct arc4_ctx *ctx = ctxp;
+ unsigned int x, y, sx, sy;
+ unsigned int *state;
+ const unsigned char *enddst;
+
+ state = ctx->state;
+ x = ctx->x;
+ y = ctx->y;
+
+ for (enddst = dst + len; dst != enddst; dst++) {
+ x = (x + 1) & 0xff;
+ sx = state[x];
+ y = (sx + y) & 0xff;
+ state[x] = sy = state[y];
+ state[y]= sx;
+ *dst = state[(sx + sy) & 0xff];
+ }
+ ctx->x = x;
+ ctx->y = y;
+}
+
+void
arc4_decrypt(void *ctxp, u_char *dst, const u_char *src, int len)
{
-
arc4_encrypt(ctxp, dst, src, len);
}
diff -r 9de9086e9ed5 -r cefa65dd3836 sys/crypto/arc4/arc4.h
--- a/sys/crypto/arc4/arc4.h Wed Apr 09 03:54:17 2014 +0000
+++ b/sys/crypto/arc4/arc4.h Thu Jul 17 14:03:33 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: arc4.h,v 1.4 2005/12/11 12:20:48 christos Exp $ */
+/* $NetBSD: arc4.h,v 1.4.136.1 2014/07/17 14:03:33 tls Exp $ */
/*
* ARC4 implementation
@@ -32,9 +32,18 @@
#ifndef _CRYPTO_ARC4_H_
#define _CRYPTO_ARC4_H_
+typedef struct arc4_ctx {
+ unsigned int x;
+ unsigned int y;
+ unsigned int state[256];
+ /* was unsigned char, changed to int for performance -- onoe */
+} arc4_ctx_t;
+
int arc4_ctxlen(void);
void arc4_setkey(void *, const u_char *, unsigned int);
void arc4_encrypt(void *, u_char *, const u_char *, int);
void arc4_decrypt(void *, u_char *, const u_char *, int);
+void arc4_stream(void *, u_char *, int);
+
#endif /* _CRYPTO_ARC4_H_ */
diff -r 9de9086e9ed5 -r cefa65dd3836 sys/crypto/arc4/files.arc4
--- a/sys/crypto/arc4/files.arc4 Wed Apr 09 03:54:17 2014 +0000
+++ b/sys/crypto/arc4/files.arc4 Thu Jul 17 14:03:33 2014 +0000
@@ -1,5 +1,5 @@
-# $NetBSD: files.arc4,v 1.1 2002/10/11 01:52:07 thorpej Exp $
+# $NetBSD: files.arc4,v 1.1.172.1 2014/07/17 14:03:33 tls Exp $
define arc4
-file crypto/arc4/arc4.c arc4
+file crypto/arc4/arc4.c
diff -r 9de9086e9ed5 -r cefa65dd3836 sys/crypto/ccrand/ccrand.h
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/sys/crypto/ccrand/ccrand.h Thu Jul 17 14:03:33 2014 +0000
@@ -0,0 +1,196 @@
+/* $NetBSD: ccrand.h,v 1.1.2.1 2014/07/17 14:03:33 tls Exp $ */
+
+/*
+ * Copyright (c) 2014 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Dennis Ferguson.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * ccrand.h
+ *
+ * Definitions for the chacha-based pseudo-random number generator
+ */
+#ifndef __CCRAND_H__
+#define __CCRAND_H__
+#include <sys/types.h>
+#include <sys/null.h>
+
+/*
+ * Context structure. Just 32 words. The first 16 buffer previously
+ * generated but unused values, the last 16 are our key state.
+ */
+typedef struct __ccrand_t {
+ uint32_t v[32];
+} ccrand_t;
+
+
+/*
+ * Declarations of functions which are always external
+ */
+void ccrand_copy_state(ccrand_t * __restrict, const ccrand_t * __restrict);
+void ccrand_seed(ccrand_t *, const uint32_t *, unsigned int);
+void ccrand_reseed(ccrand_t *, const uint32_t *, unsigned int);
+void ccrand_seed32(ccrand_t *, uint32_t);
+void ccrand_seed64(ccrand_t *, uint64_t);
+void ccrand_bytes(ccrand_t * __restrict, void * __restrict, size_t);
+void ccrand_words(ccrand_t *, uint32_t *, unsigned int);
+uint64_t ccrand_use(ccrand_t *);
+
+uint32_t __ccrand_gen16(uint32_t *, uint32_t *);
+
+/*
+ * __ccrand_getword_inline()
+ *
+ * Internal function to get a 32 bit random word. It
+ * doesn't check whether the cipher has been seeded.
+ */
+static inline uint32_t
+__ccrand_getword_inline(ccrand_t *x)
+{
+ uint32_t r;
+
+ if (x->v[0] == 16) {
+ r = __ccrand_gen16(&x->v[0], &x->v[16]);
+ } else {
+ r = x->v[x->v[0]++];
+ }
+
+ return (r);
+}
+
+
+/*
+ * __ccrand32_inline()
+ *
+ * Return a 32 bit random value.
+ */
+static inline uint32_t
+__ccrand32_inline(ccrand_t *x)
+{
+
+ if ((x->v[0] - 1) >= 16) {
+ ccrand_seed(x, 0, 0);
+ }
+
+ return (__ccrand_getword_inline(x));
+}
+
+
+/*
+ * __ccrand64_inline()
+ *
+ * Return a 64 bit random value.
+ */
+static inline uint64_t
+__ccrand64_inline(ccrand_t *x)
+{
+ uint32_t r0, r1;
+
+ if ((x->v[0] - 1) >= 16) {
+ ccrand_seed(x, 0, 0);
+ }
+
+ switch (x->v[0]) {
+ case 16:
+ r0 = __ccrand_gen16(&x->v[0], &x->v[16]);
+ r1 = x->v[x->v[0]++];
+ break;
+
+ case 15:
+ r0 = x->v[15];
+ r1 = __ccrand_gen16(&x->v[0], &x->v[16]);
+ break;
+
+ default:
+ r0 = x->v[x->v[0]++];
+ r1 = x->v[x->v[0]++];
+ break;
+ }
+
+ return (((uint64_t) r1 << 32) | (uint64_t) r0);
+}
+
+
Home |
Main Index |
Thread Index |
Old Index