4 * This file is part of BeRTOS.
6 * Bertos is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
20 * As a special exception, you may use this file as part of a free software
21 * library without restriction. Specifically, if other files instantiate
22 * templates or use macros or inline functions from this file, or you compile
23 * this file and link it with other files to produce an executable, this
24 * file does not by itself cause the resulting executable to be covered by
25 * the GNU General Public License. This exception does not however
26 * invalidate any other reasons why the executable file might be covered by
27 * the GNU General Public License.
29 * Copyright 2010 Develer S.r.l. (http://www.develer.com/)
33 * \brief Yarrow entropy pool
34 * \author Giovanni Bajo <rasky@develer.com>
38 #include "yarrow_pool.h"
39 #include <cfg/macros.h>
40 #include <sec/hash/sha1.h>
44 #define CONFIG_YARROW_POOL_FAST_RESEEDING_THRESHOLD 100
45 #define CONFIG_YARROW_POOL_SLOW_RESEEDING_THRESHOLD 160
46 #define CONFIG_YARROW_POOL_MAX_ENTROPY_DENSITY 50 // percent
47 #define CONFIG_YARROW_POOL_RESEED_ITERATIONS 80
49 static void yarrow_fast_reseed(YarrowPoolContext *ctx, uint8_t *out, size_t len)
51 Hash *h = &ctx->pools[0].hash.h;
52 size_t hlen = hash_digest_len(h);
55 memcpy(v0, hash_final(h), hlen);
58 memcpy(vcur, v0, hlen);
60 for (uint32_t i=1;i<=CONFIG_YARROW_POOL_RESEED_ITERATIONS; ++i) {
62 hash_update(h, vcur, hlen);
63 hash_update(h, v0, hlen);
64 hash_update(h, &i, 4);
65 memcpy(vcur, hash_final(h), hlen);
69 // FIXME: yarrow explains how to expand the hash digest if it's
70 // smaller than the output size. This is not the case for now,
71 // so we it's not implemented here.
73 memcpy(out, vcur, len);
75 // Reinitialize the fast pool
77 for (int i=0; i<CONFIG_ENTROPY_NUM_SOURCES; ++i)
78 ctx->pools[0].entropy[i] = 0;
84 static void yarrow_slow_reseed(YarrowPoolContext *ctx, uint8_t *out, size_t len)
86 uint8_t *data = hash_final(&ctx->pools[1].hash.h);
88 hash_update(&ctx->pools[0].hash.h, data, hash_digest_len(&ctx->pools[1].hash.h));
89 yarrow_fast_reseed(ctx, out, len);
91 // Reinitialize the slow pool
92 hash_begin(&ctx->pools[1].hash.h);
93 for (int i=0; i<CONFIG_ENTROPY_NUM_SOURCES; ++i)
94 ctx->pools[1].entropy[i] = 0;
97 static void yarrow_add_entropy(EntropyPool *ctx_, int source_idx, const uint8_t *data, size_t len, int entropy)
99 YarrowPoolContext *ctx = (YarrowPoolContext *)ctx_;
101 ASSERT(source_idx < CONFIG_ENTROPY_NUM_SOURCES);
103 int curpool = ctx->sources[source_idx].curpool;
104 ctx->sources[source_idx].curpool = 1 - ctx->sources[source_idx].curpool;
106 // TODO: Yarrow also describes a statistical entropy estimator
107 // Currently, we just use the provided entropy and the maximum
109 entropy = MIN((size_t)entropy, len*8*100/CONFIG_YARROW_POOL_MAX_ENTROPY_DENSITY);
111 hash_update(&ctx->pools[curpool].hash.h, data, len);
112 ctx->pools[curpool].entropy[source_idx] += entropy;
115 static bool yarrow_fast_reseeding_ready(YarrowPoolContext *ctx)
117 for (int i=0; i<CONFIG_ENTROPY_NUM_SOURCES; ++i)
118 if (ctx->pools[0].entropy[i] >=
119 CONFIG_YARROW_POOL_FAST_RESEEDING_THRESHOLD)
124 static bool yarrow_slow_reseeding_ready(YarrowPoolContext *ctx)
128 for (int i=0; i<CONFIG_ENTROPY_NUM_SOURCES; ++i)
129 if (ctx->pools[1].entropy[i] >=
130 CONFIG_YARROW_POOL_SLOW_RESEEDING_THRESHOLD) {
139 static bool yarrow_reseeding_ready(EntropyPool *ctx_)
141 YarrowPoolContext *ctx = (YarrowPoolContext *)ctx_;
142 return yarrow_fast_reseeding_ready(ctx) || yarrow_slow_reseeding_ready(ctx);
145 static void yarrow_reseed(EntropyPool *ctx_, uint8_t *out, size_t len)
147 YarrowPoolContext *ctx = (YarrowPoolContext *)ctx_;
149 if (yarrow_slow_reseeding_ready(ctx))
150 yarrow_slow_reseed(ctx, out, len);
152 ASSERT(yarrow_fast_reseeding_ready(ctx));
153 yarrow_fast_reseed(ctx, out, len);
157 /**********************************************************************/
159 void yarrowpool_init(YarrowPoolContext *ctx)
161 ctx->e.add_entropy = yarrow_add_entropy;
162 ctx->e.seeding_ready = yarrow_reseeding_ready;
163 ctx->e.make_seed = yarrow_reseed;
165 for (int i=0; i<2; ++i) {
166 memset(ctx->pools[i].entropy, 0, sizeof(ctx->pools[i].entropy));
167 SHA1_init(&ctx->pools[i].hash);
168 hash_begin(&ctx->pools[i].hash.h);
171 memset(ctx->sources, 0, sizeof(ctx->sources));