From b9382da8ff693a5881ce5d7ebc8f680bc8a18689 Mon Sep 17 00:00:00 2001
From: rasky <rasky@38d2e660-2303-0410-9eaa-f027e97ec537>
Date: Wed, 29 Sep 2010 16:58:35 +0000
Subject: [PATCH] SEC: Add Yarrow entropy pool implementation.

git-svn-id: https://src.develer.com/svnoss/bertos/trunk@4365 38d2e660-2303-0410-9eaa-f027e97ec537
---
 bertos/sec/entropy/yarrow_pool.c | 172 +++++++++++++++++++++++++++++++
 bertos/sec/entropy/yarrow_pool.h |  63 +++++++++++
 2 files changed, 235 insertions(+)
 create mode 100644 bertos/sec/entropy/yarrow_pool.c
 create mode 100644 bertos/sec/entropy/yarrow_pool.h

diff --git a/bertos/sec/entropy/yarrow_pool.c b/bertos/sec/entropy/yarrow_pool.c
new file mode 100644
index 00000000..d9214700
--- /dev/null
+++ b/bertos/sec/entropy/yarrow_pool.c
@@ -0,0 +1,172 @@
+/**
+ * \file
+ * <!--
+ * This file is part of BeRTOS.
+ *
+ * Bertos is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ * As a special exception, you may use this file as part of a free software
+ * library without restriction.  Specifically, if other files instantiate
+ * templates or use macros or inline functions from this file, or you compile
+ * this file and link it with other files to produce an executable, this
+ * file does not by itself cause the resulting executable to be covered by
+ * the GNU General Public License.  This exception does not however
+ * invalidate any other reasons why the executable file might be covered by
+ * the GNU General Public License.
+ *
+ * Copyright 2010 Develer S.r.l. (http://www.develer.com/)
+ *
+ * -->
+ *
+ * \brief Yarrow entropy pool
+ * \author Giovanni Bajo <rasky@develer.com>
+ *
+ */
+
+#include "yarrow_pool.h"
+#include <cfg/macros.h>
+#include <sec/hash/sha1.h>
+#include <sec/util.h>
+#include <string.h>
+
+#define CONFIG_YARROW_POOL_FAST_RESEEDING_THRESHOLD   100
+#define CONFIG_YARROW_POOL_SLOW_RESEEDING_THRESHOLD   160
+#define CONFIG_YARROW_POOL_MAX_ENTROPY_DENSITY        50   // percent
+#define CONFIG_YARROW_POOL_RESEED_ITERATIONS          80
+
+static void yarrow_fast_reseed(YarrowPoolContext *ctx, uint8_t *out, size_t len)
+{
+	Hash *h = &ctx->pools[0].hash.h;
+	size_t hlen = hash_digest_len(h);
+
+	uint8_t v0[hlen];
+	memcpy(v0, hash_final(h), hlen);
+
+	uint8_t vcur[hlen];
+	memcpy(vcur, v0, hlen);
+
+	for (uint32_t i=1;i<=CONFIG_YARROW_POOL_RESEED_ITERATIONS; ++i) {
+		hash_begin(h);
+		hash_update(h, vcur, hlen);
+		hash_update(h, v0, hlen);
+		hash_update(h, &i, 4);
+		memcpy(vcur, hash_final(h), hlen);
+	}
+
+
+	// FIXME: yarrow explains how to expand the hash digest if it's
+	// smaller than the output size. This is not the case for now,
+	// so we it's not implemented here.
+	ASSERT(len < hlen);
+	memcpy(out, vcur, len);
+
+	// Reinitialize the fast pool
+	hash_begin(h);
+	for (int i=0; i<CONFIG_ENTROPY_NUM_SOURCES; ++i)
+		ctx->pools[0].entropy[i] = 0;
+
+	PURGE(v0);
+	PURGE(vcur);
+}
+
+static void yarrow_slow_reseed(YarrowPoolContext *ctx, uint8_t *out, size_t len)
+{
+	uint8_t *data = hash_final(&ctx->pools[1].hash.h);
+
+	hash_update(&ctx->pools[0].hash.h, data, hash_digest_len(&ctx->pools[1].hash.h));
+	yarrow_fast_reseed(ctx, out, len);
+
+	// Reinitialize the slow pool
+	hash_begin(&ctx->pools[1].hash.h);
+	for (int i=0; i<CONFIG_ENTROPY_NUM_SOURCES; ++i)
+		ctx->pools[1].entropy[i] = 0;
+}
+
+static void yarrow_add_entropy(EntropyPool *ctx_, int source_idx, const uint8_t *data, size_t len, int entropy)
+{
+	YarrowPoolContext *ctx = (YarrowPoolContext *)ctx_;
+
+	ASSERT(source_idx < CONFIG_ENTROPY_NUM_SOURCES);
+
+	int curpool = ctx->sources[source_idx].curpool;
+	ctx->sources[source_idx].curpool = 1 - ctx->sources[source_idx].curpool;
+
+	// TODO: Yarrow also describes a statistical entropy estimator
+	// Currently, we just use the provided entropy and the maximum
+	// density.
+	entropy = MIN((size_t)entropy, len*8*100/CONFIG_YARROW_POOL_MAX_ENTROPY_DENSITY);
+
+	hash_update(&ctx->pools[curpool].hash.h, data, len);
+	ctx->pools[curpool].entropy[source_idx] += entropy;
+}
+
+static bool yarrow_fast_reseeding_ready(YarrowPoolContext *ctx)
+{
+	for (int i=0; i<CONFIG_ENTROPY_NUM_SOURCES; ++i)
+		if (ctx->pools[0].entropy[i] >=
+		        CONFIG_YARROW_POOL_FAST_RESEEDING_THRESHOLD)
+			return 1;
+	return 0;
+}
+
+static bool yarrow_slow_reseeding_ready(YarrowPoolContext *ctx)
+{
+	int count = 0;
+
+	for (int i=0; i<CONFIG_ENTROPY_NUM_SOURCES; ++i)
+		if (ctx->pools[1].entropy[i] >=
+		        CONFIG_YARROW_POOL_SLOW_RESEEDING_THRESHOLD) {
+			++count;
+			if (count == 2)
+				return 1;
+		}
+
+	return 0;
+}
+
+static bool yarrow_reseeding_ready(EntropyPool *ctx_)
+{
+	YarrowPoolContext *ctx = (YarrowPoolContext *)ctx_;
+	return yarrow_fast_reseeding_ready(ctx) || yarrow_slow_reseeding_ready(ctx);
+}
+
+static void yarrow_reseed(EntropyPool *ctx_, uint8_t *out, size_t len)
+{
+	YarrowPoolContext *ctx = (YarrowPoolContext *)ctx_;
+
+	if (yarrow_slow_reseeding_ready(ctx))
+		yarrow_slow_reseed(ctx, out, len);
+	else {
+		ASSERT(yarrow_fast_reseeding_ready(ctx));
+		yarrow_fast_reseed(ctx, out, len);
+	}
+}
+
+/**********************************************************************/
+
+void yarrowpool_init(YarrowPoolContext *ctx)
+{
+	ctx->e.add_entropy = yarrow_add_entropy;
+	ctx->e.seeding_ready = yarrow_reseeding_ready;
+	ctx->e.make_seed = yarrow_reseed;
+
+	for (int i=0; i<2; ++i) {
+		memset(ctx->pools[i].entropy, 0, sizeof(ctx->pools[i].entropy));
+		SHA1_init(&ctx->pools[i].hash);
+		hash_begin(&ctx->pools[i].hash.h);
+	}
+
+	memset(ctx->sources, 0, sizeof(ctx->sources));
+}
diff --git a/bertos/sec/entropy/yarrow_pool.h b/bertos/sec/entropy/yarrow_pool.h
new file mode 100644
index 00000000..d19fb8a2
--- /dev/null
+++ b/bertos/sec/entropy/yarrow_pool.h
@@ -0,0 +1,63 @@
+/**
+ * \file
+ * <!--
+ * This file is part of BeRTOS.
+ *
+ * Bertos is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ * As a special exception, you may use this file as part of a free software
+ * library without restriction.  Specifically, if other files instantiate
+ * templates or use macros or inline functions from this file, or you compile
+ * this file and link it with other files to produce an executable, this
+ * file does not by itself cause the resulting executable to be covered by
+ * the GNU General Public License.  This exception does not however
+ * invalidate any other reasons why the executable file might be covered by
+ * the GNU General Public License.
+ *
+ * Copyright 2010 Develer S.r.l. (http://www.develer.com/)
+ *
+ * -->
+ *
+ * \brief Yarrow pool implementation
+ * \author Giovanni Bajo <rasky@develer.com>
+ *
+ */
+
+#ifndef SEC_ENTROPY_YARROW_POOL_H
+#define SEC_ENTROPY_YARROW_POOL_H
+
+#include <sec/entropy.h>
+#include <sec/hash/sha1.h>
+
+typedef struct
+{
+	EntropyPool e;
+
+	struct YarrowPool
+	{
+		SHA1_Context hash;
+		int entropy[CONFIG_ENTROPY_NUM_SOURCES];
+	} pools[2];
+
+	struct YarrowSources
+	{
+		int curpool;
+	} sources[CONFIG_ENTROPY_NUM_SOURCES];
+
+} YarrowPoolContext;
+
+void yarrowpool_init(YarrowPoolContext *ctx);
+
+#endif /* SEC_ENTROPY_YARROW_POOL_H */
-- 
2.25.1