svn rev #24661: trunk/src/ lib/crypto/ lib/crypto/krb/ lib/crypto/nss/
ghudson@MIT.EDU
ghudson at MIT.EDU
Fri Feb 25 12:23:55 EST 2011
http://src.mit.edu/fisheye/changelog/krb5/?cs=24661
Commit By: ghudson
Log Message:
Now that all PRNG modules fit nicely into a single source file,
simplify the PRNG abstraction, flattening the implementations into
crypto/krb and removing the indirection through function pointers.
Move the guts of the NSS PRNG implementation into the nss subdir so
that crypto/krb doesn't need to be built with CRYPTO_IMPL_CFLAGS.
Changed Files:
U trunk/src/configure.in
U trunk/src/lib/crypto/Makefile.in
U trunk/src/lib/crypto/krb/Makefile.in
U trunk/src/lib/crypto/krb/crypto_libinit.c
D trunk/src/lib/crypto/krb/prng/
A trunk/src/lib/crypto/krb/prng.c
A trunk/src/lib/crypto/krb/prng.h
A trunk/src/lib/crypto/krb/prng_fortuna.c
A trunk/src/lib/crypto/krb/prng_nss.c
A trunk/src/lib/crypto/krb/t_fortuna.c
A trunk/src/lib/crypto/krb/t_fortuna.expected
U trunk/src/lib/crypto/nss/Makefile.in
A trunk/src/lib/crypto/nss/nss_prng.h
A trunk/src/lib/crypto/nss/prng.c
Modified: trunk/src/configure.in
===================================================================
--- trunk/src/configure.in 2011-02-25 15:05:38 UTC (rev 24660)
+++ trunk/src/configure.in 2011-02-25 17:23:54 UTC (rev 24661)
@@ -1123,8 +1123,7 @@
lib/crypto/krb/old lib/crypto/krb/raw
lib/crypto/$CRYPTO_IMPL/sha1
lib/crypto/$CRYPTO_IMPL/sha2
- lib/crypto/krb/arcfour lib/crypto/krb/prng
- lib/crypto/krb/prng/$PRNG_ALG
+ lib/crypto/krb/arcfour
lib/crypto/$CRYPTO_IMPL/aes
lib/crypto/$CRYPTO_IMPL/camellia lib/crypto/crypto_tests
Modified: trunk/src/lib/crypto/Makefile.in
===================================================================
--- trunk/src/lib/crypto/Makefile.in 2011-02-25 15:05:38 UTC (rev 24660)
+++ trunk/src/lib/crypto/Makefile.in 2011-02-25 17:23:54 UTC (rev 24661)
@@ -22,8 +22,7 @@
$(CRYPTO_IMPL)/enc_provider/OBJS.ST \
$(CRYPTO_IMPL)/hash_provider/OBJS.ST \
krb/checksum/OBJS.ST krb/prf/OBJS.ST krb/rand2key/OBJS.ST \
- krb/old/OBJS.ST krb/raw/OBJS.ST krb/prng/OBJS.ST \
- krb/prng/$(PRNG_ALG)/OBJS.ST \
+ krb/old/OBJS.ST krb/raw/OBJS.ST \
$(CRYPTO_IMPL)/md4/OBJS.ST $(CRYPTO_IMPL)/md5/OBJS.ST \
$(CRYPTO_IMPL)/sha1/OBJS.ST \
$(CRYPTO_IMPL)/sha2/OBJS.ST \
@@ -36,8 +35,7 @@
$(CRYPTO_IMPL)/enc_provider/OBJS.ST \
$(CRYPTO_IMPL)/hash_provider/OBJS.ST \
krb/checksum/OBJS.ST krb/prf/OBJS.ST krb/rand2key/OBJS.ST \
- krb/old/OBJS.ST krb/raw/OBJS.ST krb/prng/OBJS.ST \
- krb/prng/$(PRNG_ALG)/OBJS.ST \
+ krb/old/OBJS.ST krb/raw/OBJS.ST \
$(CRYPTO_IMPL)/md4/OBJS.ST $(CRYPTO_IMPL)/md5/OBJS.ST \
$(CRYPTO_IMPL)/sha1/OBJS.ST \
$(CRYPTO_IMPL)/sha2/OBJS.ST \
@@ -59,8 +57,8 @@
SHLIB_RDIRS=$(KRB5_LIBDIR)
##DOS##LIBNAME=$(OUTPRE)crypto.lib
-##DOS##OBJFILEDEP=$(OUTPRE)crc32.lst $(OUTPRE)rand2key.lst $(OUTPRE)fortuna.lst $(OUTPRE)prng.lst $(OUTPRE)prf.lst $(OUTPRE)checksum.lst $(OUTPRE)krb.lst $(OUTPRE)old.lst $(OUTPRE)raw.lst $(OUTPRE)arcfour.lst $(OUTPRE)dk.lst $(OUTPRE)aes.lst $(OUTPRE)enc_provider.lst $(OUTPRE)des.lst $(OUTPRE)md5.lst $(OUTPRE)camellia.lst $(OUTPRE)md4.lst $(OUTPRE)hash_provider.lst $(OUTPRE)sha2.lst $(OUTPRE)sha1.lst $(OUTPRE)builtin.lst
-##DOS##OBJFILELIST=@$(OUTPRE)crc32.lst @$(OUTPRE)rand2key.lst @$(OUTPRE)fortuna.lst @$(OUTPRE)prng.lst @$(OUTPRE)prf.lst @$(OUTPRE)checksum.lst @$(OUTPRE)krb.lst @$(OUTPRE)old.lst @$(OUTPRE)raw.lst @$(OUTPRE)arcfour.lst @$(OUTPRE)dk.lst @$(OUTPRE)aes.lst @$(OUTPRE)enc_provider.lst @$(OUTPRE)des.lst @$(OUTPRE)md5.lst @$(OUTPRE)camellia.lst @$(OUTPRE)md4.lst @$(OUTPRE)hash_provider.lst @$(OUTPRE)sha2.lst @$(OUTPRE)sha1.lst @$(OUTPRE)builtin.lst
+##DOS##OBJFILEDEP=$(OUTPRE)crc32.lst $(OUTPRE)rand2key.lst $(OUTPRE)prf.lst $(OUTPRE)checksum.lst $(OUTPRE)krb.lst $(OUTPRE)old.lst $(OUTPRE)raw.lst $(OUTPRE)arcfour.lst $(OUTPRE)dk.lst $(OUTPRE)aes.lst $(OUTPRE)enc_provider.lst $(OUTPRE)des.lst $(OUTPRE)md5.lst $(OUTPRE)camellia.lst $(OUTPRE)md4.lst $(OUTPRE)hash_provider.lst $(OUTPRE)sha2.lst $(OUTPRE)sha1.lst $(OUTPRE)builtin.lst
+##DOS##OBJFILELIST=@$(OUTPRE)crc32.lst @$(OUTPRE)rand2key.lst @$(OUTPRE)prf.lst @$(OUTPRE)checksum.lst @$(OUTPRE)krb.lst @$(OUTPRE)old.lst @$(OUTPRE)raw.lst @$(OUTPRE)arcfour.lst @$(OUTPRE)dk.lst @$(OUTPRE)aes.lst @$(OUTPRE)enc_provider.lst @$(OUTPRE)des.lst @$(OUTPRE)md5.lst @$(OUTPRE)camellia.lst @$(OUTPRE)md4.lst @$(OUTPRE)hash_provider.lst @$(OUTPRE)sha2.lst @$(OUTPRE)sha1.lst @$(OUTPRE)builtin.lst
all-unix:: all-liblinks
install-unix:: install-libs
Modified: trunk/src/lib/crypto/krb/Makefile.in
===================================================================
--- trunk/src/lib/crypto/krb/Makefile.in 2011-02-25 15:05:38 UTC (rev 24660)
+++ trunk/src/lib/crypto/krb/Makefile.in 2011-02-25 17:23:54 UTC (rev 24661)
@@ -1,18 +1,18 @@
mydir=lib$(S)crypto$(S)krb
BUILDTOP=$(REL)..$(S)..$(S)..
-SUBDIRS= arcfour checksum crc32 dk prf rand2key old raw prng
+SUBDIRS= arcfour checksum crc32 dk prf rand2key old raw
LOCALINCLUDES = -I$(srcdir) -I$(srcdir)/../$(CRYPTO_IMPL)/enc_provider \
-I$(srcdir)/dk -I$(srcdir)/../$(CRYPTO_IMPL)/hash_provider \
-I$(srcdir)/prf -I$(srcdir)/rand2key \
-I$(srcdir)/old -I$(srcdir)/raw \
- -I$(srcdir)/prng \
- -I$(srcdir)/prng/$(PRNG_ALG) \
-I$(srcdir)/../$(CRYPTO_IMPL) \
-I$(srcdir)/../$(CRYPTO_IMPL)/des \
-I$(srcdir)/../$(CRYPTO_IMPL)/aes -I$(srcdir)/arcfour \
+ -I$(srcdir)/../$(CRYPTO_IMPL)/sha2 \
-I$(srcdir)/../$(CRYPTO_IMPL)/camellia \
-I$(srcdir)/../$(CRYPTO_IMPL)/sha1 \
-I$(srcdir)/../$(CRYPTO_IMPL)
+RUN_SETUP = @KRB5_RUN_ENV@
PROG_LIBPATH=-L$(TOPLIBD)
PROG_RPATH=$(KRB5_LIBDIR)
DEFS=
@@ -55,6 +55,8 @@
nfold.o \
old_api_glue.o \
prf.o \
+ prng.o \
+ prng_$(PRNG_ALG).o \
random_to_key.o \
state.o \
string_to_cksumtype.o \
@@ -94,6 +96,8 @@
$(OUTPRE)nfold.$(OBJEXT) \
$(OUTPRE)old_api_glue.$(OBJEXT) \
$(OUTPRE)prf.$(OBJEXT) \
+ $(OUTPRE)prng.$(OBJEXT) \
+ $(OUTPRE)prng_$(PRNG_ALG).$(OBJEXT) \
$(OUTPRE)random_to_key.$(OBJEXT) \
$(OUTPRE)state.$(OBJEXT) \
$(OUTPRE)string_to_cksumtype.$(OBJEXT) \
@@ -132,6 +136,8 @@
$(srcdir)/nfold.c \
$(srcdir)/old_api_glue.c \
$(srcdir)/prf.c \
+ $(srcdir)/prng.c \
+ $(srcdir)/prng_$(PRNG_ALG).c \
$(srcdir)/cf2.c \
$(srcdir)/random_to_key.c \
$(srcdir)/state.c \
@@ -143,11 +149,11 @@
STOBJLISTS=arcfour/OBJS.ST checksum/OBJS.ST crc32/OBJS.ST \
dk/OBJS.ST prf/OBJS.ST rand2key/OBJS.ST \
- old/OBJS.ST raw/OBJS.ST prng/$(PRNG_ALG)/OBJS.ST prng/OBJS.ST OBJS.ST
+ old/OBJS.ST raw/OBJS.ST OBJS.ST
SUBDIROBJLISTS=arcfour/OBJS.ST checksum/OBJS.ST crc32/OBJS.ST \
dk/OBJS.ST prf/OBJS.ST rand2key/OBJS.ST \
- old/OBJS.ST raw/OBJS.ST prng/$(PRNG_ALG)/OBJS.ST prng/OBJS.ST
+ old/OBJS.ST raw/OBJS.ST
##DOS##LIBOBJS = $(OBJS)
@@ -156,6 +162,15 @@
depend:: $(SRCS)
+check-unix:: t_fortuna
+ if [ $(PRNG_ALG) = fortuna ]; then \
+ $(RUN_SETUP) $(VALGRIND) ./t_fortuna > t_fortuna.output; \
+ cmp t_fortuna.output $(srcdir)/t_fortuna.expected; \
+ fi
+
+t_fortuna: t_fortuna.o $(SUPPORT_DEPLIB) $(CRYPTO_DEPLIB)
+ $(CC_LINK) -o t_fortuna t_fortuna.o $(K5CRYPTO_LIB) $(SUPPORT_LIB)
+
clean-unix:: clean-libobjs
@lib_frag@
Modified: trunk/src/lib/crypto/krb/crypto_libinit.c
===================================================================
--- trunk/src/lib/crypto/krb/crypto_libinit.c 2011-02-25 15:05:38 UTC (rev 24660)
+++ trunk/src/lib/crypto/krb/crypto_libinit.c 2011-02-25 17:23:54 UTC (rev 24661)
@@ -1,13 +1,11 @@
/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
#include <assert.h>
#include "k5-int.h"
+#include "prng.h"
MAKE_INIT_FUNCTION(cryptoint_initialize_library);
MAKE_FINI_FUNCTION(cryptoint_cleanup_library);
-extern int krb5int_prng_init(void);
-extern void krb5int_prng_cleanup (void);
-
/*
* Initialize the crypto library.
*/
@@ -15,7 +13,7 @@
int cryptoint_initialize_library (void)
{
int err;
- err = krb5int_prng_init();
+ err = k5_prng_init();
if (err)
return err;
return krb5int_crypto_impl_init();
@@ -34,6 +32,6 @@
{
if (!INITIALIZER_RAN(cryptoint_initialize_library))
return;
- krb5int_prng_cleanup();
+ k5_prng_cleanup();
krb5int_crypto_impl_cleanup();
}
Copied: trunk/src/lib/crypto/krb/prng.c (from rev 24660, trunk/src/lib/crypto/krb/prng/prng.c)
===================================================================
--- trunk/src/lib/crypto/krb/prng.c (rev 0)
+++ trunk/src/lib/crypto/krb/prng.c 2011-02-25 17:23:54 UTC (rev 24661)
@@ -0,0 +1,148 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 2001, 2002, 2004, 2007, 2008, 2010 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government. It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "prng.h"
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_random_seed(krb5_context context, krb5_data *data)
+{
+ return krb5_c_random_add_entropy(context, KRB5_C_RANDSOURCE_OLDAPI, data);
+}
+
+/* Routines to get entropy from the OS. */
+#if defined(_WIN32)
+
+krb5_boolean
+k5_get_os_entropy(unsigned char *buf, size_t len)
+{
+ krb5_boolean result;
+
+ if (!CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL, 0))
+ return FALSE;
+ result = CryptGenRandom(provider, len, buf);
+ (void)CryptReleaseContext(provider, 0);
+ return result;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_random_os_entropy(krb5_context context, int strong, int *success)
+{
+ int oursuccess = 0;
+ char buf[1024];
+ krb5_data data = make_data(buf, sizeof(buf));
+
+ if (k5_get_os_entropy(buf, sizeof(buf)) &&
+ krb5_c_random_add_entropy(context, KRB5_C_RANDSOURCE_OSRAND,
+ &data) == 0)
+ oursuccess = 1;
+ if (success != NULL)
+ *success = oursuccess;
+ return 0;
+}
+
+#else /* not Windows */
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+
+/* Open device, ensure that it is not a regular file, and read entropy. Return
+ * true on success, false on failure. */
+static krb5_boolean
+read_entropy_from_device(const char *device, unsigned char *buf, size_t len)
+{
+ struct stat sb;
+ int fd;
+ unsigned char *bp;
+ size_t left;
+ ssize_t count;
+ krb5_boolean result = FALSE;
+
+ fd = open(device, O_RDONLY);
+ if (fd == -1)
+ return FALSE;
+ set_cloexec_fd(fd);
+ if (fstat(fd, &sb) == -1 || S_ISREG(sb.st_mode))
+ goto cleanup;
+
+ for (bp = buf, left = len; left > 0;) {
+ count = read(fd, bp, left);
+ if (count <= 0)
+ goto cleanup;
+ left -= count;
+ bp += count;
+ }
+ result = TRUE;
+
+cleanup:
+ close(fd);
+ return result;
+}
+
+krb5_boolean
+k5_get_os_entropy(unsigned char *buf, size_t len)
+{
+ return read_entropy_from_device("/dev/urandom", buf, len);
+}
+
+/* Read entropy from device and contribute it to the PRNG. Returns true on
+ * success. */
+static krb5_boolean
+add_entropy_from_device(krb5_context context, const char *device)
+{
+ krb5_data data;
+ unsigned char buf[64];
+
+ if (!read_entropy_from_device(device, buf, sizeof(buf)))
+ return FALSE;
+ data = make_data(buf, sizeof(buf));
+ return (krb5_c_random_add_entropy(context, KRB5_C_RANDSOURCE_OSRAND,
+ &data) == 0);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_random_os_entropy(krb5_context context, int strong, int *success)
+{
+ int unused;
+ int *oursuccess = (success != NULL) ? success : &unused;
+
+ *oursuccess = 0;
+ /* If we are getting strong data then try that first. We are
+ guaranteed to cause a reseed of some kind if strong is true and
+ we have both /dev/random and /dev/urandom. We want the strong
+ data included in the reseed so we get it first.*/
+ if (strong) {
+ if (add_entropy_from_device(context, "/dev/random"))
+ *oursuccess = 1;
+ }
+ if (add_entropy_from_device(context, "/dev/urandom"))
+ *oursuccess = 1;
+ return 0;
+}
+
+#endif /* not Windows */
Copied: trunk/src/lib/crypto/krb/prng.h (from rev 24660, trunk/src/lib/crypto/krb/prng/prng.h)
===================================================================
--- trunk/src/lib/crypto/krb/prng.h (rev 0)
+++ trunk/src/lib/crypto/krb/prng.h 2011-02-25 17:23:54 UTC (rev 24661)
@@ -0,0 +1,48 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/krb/prng.h - Header for PRNG modules */
+/*
+ * Copyright 2010 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+
+#ifndef PRNG_H
+#define PRNG_H
+
+#include "k5-int.h"
+
+/*
+ * PRNG modules must implement the following APIs from krb5.h:
+ * krb5_c_random_add_entropy
+ * krb5_c_random_make_octets
+ *
+ * PRNG modules should implement these functions. They are called from the
+ * crypto library init and cleanup functions, and can be used to setup and tear
+ * down static state without thread safety concerns.
+ */
+int k5_prng_init(void);
+void k5_prng_cleanup(void);
+
+/* Used by PRNG modules to gather OS entropy. Returns true on success. */
+krb5_boolean k5_get_os_entropy(unsigned char *buf, size_t len);
+
+#endif
Copied: trunk/src/lib/crypto/krb/prng_fortuna.c (from rev 24656, trunk/src/lib/crypto/krb/prng/fortuna/prng_fortuna.c)
===================================================================
--- trunk/src/lib/crypto/krb/prng_fortuna.c (rev 0)
+++ trunk/src/lib/crypto/krb/prng_fortuna.c 2011-02-25 17:23:54 UTC (rev 24661)
@@ -0,0 +1,441 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/krb/prng/fortuna/prng_fortuna.c - Fortuna PRNG implementation */
+/*
+ * Copyright (c) 2005 Marko Kreen
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+/*
+ * Copyright (C) 2010, 2011 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government. It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * This file implements the generator and accumulator parts of the Fortuna PRNG
+ * as described in chapter 9 of _Cryptography Engineering_ by Ferguson,
+ * Schneier, and Kohno.
+ *
+ * The generator, once seeded with an unguessable value, produces an unlimited
+ * number of pseudo-random outputs which cannot be used to determine the
+ * internal state of the generator (without an unreasonable amount of
+ * computational power). The generator protects against the case where the OS
+ * random number generator is not cryptographically secure, but can produce an
+ * unguessable initial seed. Successive reseeds of the generator will not make
+ * the internal state any more guessable than it was before.
+ *
+ * The accumulator is layered on top of the generator, and seeks to eventually
+ * recover from the case where the OS random number generator did not produce
+ * an unguessable initial seed. Unreliable entropy inputs are collected into
+ * 32 pools, which are used to reseed the generator when enough entropy has
+ * been collected. Each pool collects twice as much entropy between reseeds as
+ * the previous one; eventually a reseed will occur involving a pool with
+ * enough entropy that an attacker cannot maintain knowledge of the generator's
+ * internal state. The accumulator is only helpful for a long-running process
+ * such as a KDC which can submit periodic entropy inputs to the PRNG.
+ */
+
+#include "k5-int.h"
+#include "prng.h"
+#include "aes.h"
+#include "enc_provider.h"
+#include "sha2.h"
+#include "enc_provider.h"
+
+/* The accumulator's number of pools. */
+#define NUM_POOLS 32
+
+/* Minimum reseed interval in microseconds. */
+#define RESEED_INTERVAL 100000 /* 0.1 sec */
+
+/* For one big request, change the key after this many bytes. */
+#define MAX_BYTES_PER_KEY (1 << 20)
+
+/* Reseed if pool 0 has had this many bytes added since last reseed. */
+#define MIN_POOL_LEN 64
+
+/* AES-256 key size in bytes. */
+#define AES256_KEYSIZE (256/8)
+
+/* AES-256 block size in bytes. */
+#define AES256_BLOCKSIZE (128/8)
+
+/* SHA-256 block size in bytes. */
+#define SHA256_BLOCKSIZE (512/8)
+
+/* SHA-256 result size in bytes. */
+#define SHA256_HASHSIZE (256/8)
+
+/* Genarator - block cipher in CTR mode */
+struct fortuna_state
+{
+ /* Generator state. */
+ unsigned char counter[AES256_BLOCKSIZE];
+ unsigned char key[AES256_KEYSIZE];
+ aes_ctx ciph;
+
+ /* Accumulator state. */
+ SHA256_CTX pool[NUM_POOLS];
+ unsigned int pool_index;
+ unsigned int reseed_count;
+ struct timeval last_reseed_time;
+ unsigned int pool0_bytes;
+
+ /* Current pid as of last request, for fork safety. */
+ pid_t pid;
+};
+
+/*
+ * SHA[d]-256(m) is defined as SHA-256(SHA-256(0^512||m))--that is, hash a
+ * block full of zeros followed by the input data, then re-hash the result.
+ * These functions implement the SHA[d]-256 function on incremental inputs.
+ */
+
+static void
+shad256_init(SHA256_CTX *ctx)
+{
+ unsigned char zero[SHA256_BLOCKSIZE];
+
+ /* Initialize the inner SHA-256 context and update it with a zero block. */
+ memset(zero, 0, sizeof(zero));
+ sha2Init(ctx);
+ sha2Update(ctx, zero, sizeof(zero));
+}
+
+static void
+shad256_update(SHA256_CTX *ctx, const unsigned char *data, int len)
+{
+ /* Feed the input to the inner SHA-256 context. */
+ sha2Update(ctx, data, len);
+}
+
+static void
+shad256_result(SHA256_CTX *ctx, unsigned char *dst)
+{
+ /* Finalize the inner context, then feed the result back through SHA256. */
+ sha2Final(dst, ctx);
+ sha2Init(ctx);
+ sha2Update(ctx, dst, SHA256_HASHSIZE);
+ sha2Final(dst, ctx);
+}
+
+/* Initialize state. */
+static void
+init_state(struct fortuna_state *st)
+{
+ unsigned int i;
+
+ memset(st, 0, sizeof(*st));
+ for (i = 0; i < NUM_POOLS; i++)
+ shad256_init(&st->pool[i]);
+}
+
+/* Increment st->counter using least significant byte first. */
+static void
+inc_counter(struct fortuna_state *st)
+{
+ UINT64_TYPE val;
+
+ val = load_64_le(st->counter) + 1;
+ store_64_le(val, st->counter);
+ if (val == 0) {
+ val = load_64_le(st->counter + 8) + 1;
+ store_64_le(val, st->counter + 8);
+ }
+}
+
+/* Encrypt and increment st->counter in the current cipher context. */
+static void
+encrypt_counter(struct fortuna_state *st, unsigned char *dst)
+{
+ krb5int_aes_enc_blk(st->counter, dst, &st->ciph);
+ inc_counter(st);
+}
+
+/* Reseed the generator based on hopefully non-guessable input. */
+static void
+generator_reseed(struct fortuna_state *st, const unsigned char *data,
+ size_t len)
+{
+ SHA256_CTX ctx;
+
+ /* Calculate SHA[d]-256(key||s) and make that the new key. Depend on the
+ * SHA-256 hash size being the AES-256 key size. */
+ shad256_init(&ctx);
+ shad256_update(&ctx, st->key, AES256_KEYSIZE);
+ shad256_update(&ctx, data, len);
+ shad256_result(&ctx, st->key);
+ zap(&ctx, sizeof(ctx));
+ krb5int_aes_enc_key(st->key, AES256_KEYSIZE, &st->ciph);
+
+ /* Increment counter. */
+ inc_counter(st);
+}
+
+/* Generate two blocks in counter mode and replace the key with the result. */
+static void
+change_key(struct fortuna_state *st)
+{
+ encrypt_counter(st, st->key);
+ encrypt_counter(st, st->key + AES256_BLOCKSIZE);
+ krb5int_aes_enc_key(st->key, AES256_KEYSIZE, &st->ciph);
+}
+
+/* Output pseudo-random data from the generator. */
+static void
+generator_output(struct fortuna_state *st, unsigned char *dst, size_t len)
+{
+ unsigned char result[AES256_BLOCKSIZE];
+ size_t n, count = 0;
+
+ while (len > 0) {
+ /* Produce bytes and copy the result into dst. */
+ encrypt_counter(st, result);
+ n = (len < AES256_BLOCKSIZE) ? len : AES256_BLOCKSIZE;
+ memcpy(dst, result, n);
+ dst += n;
+ len -= n;
+
+ /* Each time we reach MAX_BYTES_PER_KEY bytes, change the key. */
+ count += AES256_BLOCKSIZE;
+ if (count >= MAX_BYTES_PER_KEY) {
+ change_key(st);
+ count = 0;
+ }
+ }
+ zap(result, sizeof(result));
+
+ /* Change the key after each request. */
+ change_key(st);
+}
+
+/* Reseed the generator using the accumulator pools. */
+static void
+accumulator_reseed(struct fortuna_state *st)
+{
+ unsigned int i, n;
+ SHA256_CTX ctx;
+ unsigned char hash_result[SHA256_HASHSIZE];
+
+ n = ++st->reseed_count;
+
+ /*
+ * Collect entropy from pools. We use the i-th pool only 1/(2^i) of the
+ * time so that each pool collects twice as much entropy between uses as
+ * the last.
+ */
+ shad256_init(&ctx);
+ for (i = 0; i < NUM_POOLS; i++) {
+ if (n % (1 << i) != 0)
+ break;
+
+ /* Harvest this pool's hash result into ctx, then reset the pool. */
+ shad256_result(&st->pool[i], hash_result);
+ shad256_init(&st->pool[i]);
+ shad256_update(&ctx, hash_result, SHA256_HASHSIZE);
+ }
+ shad256_result(&ctx, hash_result);
+ generator_reseed(st, hash_result, SHA256_HASHSIZE);
+ zap(hash_result, SHA256_HASHSIZE);
+ zap(&ctx, sizeof(ctx));
+
+ /* Reset the count of bytes added to pool 0. */
+ st->pool0_bytes = 0;
+}
+
+/* Add possibly unguessable data to the next accumulator pool. */
+static void
+accumulator_add_event(struct fortuna_state *st, const unsigned char *data,
+ size_t len)
+{
+ unsigned char lenbuf[2];
+ SHA256_CTX *pool;
+
+ /* Track how many bytes have been added to pool 0. */
+ if (st->pool_index == 0 && st->pool0_bytes < MIN_POOL_LEN)
+ st->pool0_bytes += len;
+
+ /* Hash events into successive accumulator pools. */
+ pool = &st->pool[st->pool_index];
+ st->pool_index = (st->pool_index + 1) % NUM_POOLS;
+
+ /*
+ * Fortuna specifies that events are encoded with a source identifier byte,
+ * a length byte, and the event data itself. We do not have source
+ * identifiers and they're not really important, so just encode the
+ * length in two bytes instead.
+ */
+ store_16_be(len, lenbuf);
+ shad256_update(pool, lenbuf, 2);
+ shad256_update(pool, data, len);
+}
+
+/* Limit dependencies for test program. */
+#ifndef TEST
+
+/* Return true if RESEED_INTERVAL microseconds have passed since the last
+ * reseed. */
+static krb5_boolean
+enough_time_passed(struct fortuna_state *st)
+{
+ struct timeval tv, *last = &st->last_reseed_time;
+ krb5_boolean ok = FALSE;
+
+ gettimeofday(&tv, NULL);
+
+ /* Check how much time has passed. */
+ if (tv.tv_sec > last->tv_sec + 1)
+ ok = TRUE;
+ else if (tv.tv_sec == last->tv_sec + 1) {
+ if (1000000 + tv.tv_usec - last->tv_usec >= RESEED_INTERVAL)
+ ok = TRUE;
+ } else if (tv.tv_usec - last->tv_usec >= RESEED_INTERVAL)
+ ok = TRUE;
+
+ /* Update last_reseed_time if we're returning success. */
+ if (ok)
+ memcpy(last, &tv, sizeof(tv));
+
+ return ok;
+}
+
+static void
+accumulator_output(struct fortuna_state *st, unsigned char *dst, size_t len)
+{
+ /* Reseed the generator with data from pools if we have accumulated enough
+ * data and enough time has passed since the last accumulator reseed. */
+ if (st->pool0_bytes >= MIN_POOL_LEN && enough_time_passed(st))
+ accumulator_reseed(st);
+
+ generator_output(st, dst, len);
+}
+
+static k5_mutex_t fortuna_lock = K5_MUTEX_PARTIAL_INITIALIZER;
+static struct fortuna_state main_state;
+static pid_t last_pid;
+static krb5_boolean have_entropy = FALSE;
+
+int
+k5_prng_init(void)
+{
+ krb5_error_code ret = 0;
+ unsigned char osbuf[64];
+
+ ret = k5_mutex_finish_init(&fortuna_lock);
+ if (ret)
+ return ret;
+
+ init_state(&main_state);
+ last_pid = getpid();
+ if (k5_get_os_entropy(osbuf, sizeof(osbuf))) {
+ generator_reseed(&main_state, osbuf, sizeof(osbuf));
+ have_entropy = TRUE;
+ }
+
+ return 0;
+}
+
+void
+k5_prng_cleanup(void)
+{
+ have_entropy = FALSE;
+ zap(&main_state, sizeof(main_state));
+ k5_mutex_destroy(&fortuna_lock);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_random_add_entropy(krb5_context context, unsigned int randsource,
+ const krb5_data *indata)
+{
+ krb5_error_code ret;
+
+ ret = krb5int_crypto_init();
+ if (ret)
+ return ret;
+ ret = k5_mutex_lock(&fortuna_lock);
+ if (ret)
+ return ret;
+ if (randsource == KRB5_C_RANDSOURCE_OSRAND ||
+ randsource == KRB5_C_RANDSOURCE_TRUSTEDPARTY) {
+ /* These sources contain enough entropy that we should use them
+ * immediately, so that they benefit the next request. */
+ generator_reseed(&main_state, (unsigned char *)indata->data,
+ indata->length);
+ have_entropy = TRUE;
+ } else {
+ /* Other sources should just go into the pools and be used according to
+ * the accumulator logic. */
+ accumulator_add_event(&main_state, (unsigned char *)indata->data,
+ indata->length);
+ }
+ k5_mutex_unlock(&fortuna_lock);
+ return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_random_make_octets(krb5_context context, krb5_data *outdata)
+{
+ krb5_error_code ret;
+ pid_t pid = getpid();
+ unsigned char pidbuf[4];
+
+ ret = k5_mutex_lock(&fortuna_lock);
+ if (ret)
+ return ret;
+
+ if (!have_entropy)
+ return KRB5_CRYPTO_INTERNAL;
+
+ if (pid != last_pid) {
+ /* We forked; make sure child's PRNG stream differs from parent's. */
+ store_32_be(pid, pidbuf);
+ generator_reseed(&main_state, pidbuf, 4);
+ last_pid = pid;
+ }
+
+ accumulator_output(&main_state, (unsigned char *)outdata->data,
+ outdata->length);
+ k5_mutex_unlock(&fortuna_lock);
+ return 0;
+}
+
+#endif /* not TEST */
Copied: trunk/src/lib/crypto/krb/prng_nss.c (from rev 24660, trunk/src/lib/crypto/krb/prng/nss/prng_nss.c)
===================================================================
--- trunk/src/lib/crypto/krb/prng_nss.c (rev 0)
+++ trunk/src/lib/crypto/krb/prng_nss.c 2011-02-25 17:23:54 UTC (rev 24661)
@@ -0,0 +1,63 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * prng_nss.c
+ *
+ * Copyright (C) 2010 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government. It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "prng.h"
+#include <assert.h>
+#include "k5-thread.h"
+
+/*
+ * This PRNG module should be used whenever the NSS crypto implementation is
+ * used. The Fortuna module does not work with NSS because it needs to hold
+ * AES-256 and SHA-256 contexts across forks.
+ */
+
+#include "nss_prng.h"
+
+int
+k5_prng_init(void)
+{
+ return 0;
+}
+
+void
+k5_prng_cleanup(void)
+{
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_random_add_entropy(krb5_context context, unsigned int randsource,
+ const krb5_data *indata)
+{
+ return k5_nss_prng_add_entropy(context, indata);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_random_make_octets(krb5_context context, krb5_data *outdata)
+{
+ return k5_nss_prng_make_octets(context, outdata);
+}
Copied: trunk/src/lib/crypto/krb/t_fortuna.c (from rev 24652, trunk/src/lib/crypto/krb/prng/fortuna/t_fortuna.c)
===================================================================
--- trunk/src/lib/crypto/krb/t_fortuna.c (rev 0)
+++ trunk/src/lib/crypto/krb/t_fortuna.c 2011-02-25 17:23:54 UTC (rev 24661)
@@ -0,0 +1,178 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/krb/prng/fortuna/t_fortuna.c - Fortuna test program */
+/*
+ * Copyright (c) 2007 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+/*
+ * Copyright (C) 2011 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#ifdef FORTUNA
+
+/* Include most of prng_fortuna.c so we can test the PRNG internals. */
+#define TEST
+#include "prng_fortuna.c"
+
+static void
+display(const unsigned char *data, size_t len)
+{
+ size_t i;
+
+ for (i = 0; i < len; i++)
+ printf("%02X", data[i]);
+ printf("\n");
+}
+
+/*
+ * Generate data from st with its current internal state and check for
+ * significant bias in each bit of the resulting bytes. This test would have a
+ * small chance of failure on random inputs, but we have a predictable state
+ * after all the other tests have been run, so it will never fail if the PRNG
+ * operates the way we expect.
+ */
+static void
+head_tail_test(struct fortuna_state *st)
+{
+ unsigned char buffer[1024 * 1024], c;
+ size_t i, len = sizeof(buffer);
+ int bit, bits[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
+ double res;
+
+ memset(buffer, 0, len);
+
+ generator_output(st, buffer, len);
+ for (i = 0; i < len; i++) {
+ c = buffer[i];
+ for (bit = 0; bit < 8 && c; bit++) {
+ if (c & 1)
+ bits[bit]++;
+ c = c >> 1;
+ }
+ }
+
+ for (bit = 0; bit < 8; bit++) {
+ res = ((double)abs(len - bits[bit] * 2)) / (double)len;
+ if (res > 0.005){
+ fprintf(stderr,
+ "Bit %d: %d zero, %d one exceeds 0.5%% variance (%lf)\n",
+ bit, (int)len - bits[bit], bits[bit], res);
+ exit(1);
+ }
+ }
+}
+
+int
+main(int argc, char **argv)
+{
+ struct fortuna_state test_state;
+ struct fortuna_state *st = &test_state;
+ unsigned char buf[2 * 1024 * 1024];
+ unsigned int i;
+
+ /* Seed the generator with a known state. */
+ init_state(&test_state);
+ generator_reseed(st, (unsigned char *)"test", 4);
+
+ /* Generate two pieces of output; key should change for each request. */
+ generator_output(st, buf, 32);
+ display(buf, 32);
+ generator_output(st, buf, 32);
+ display(buf, 32);
+
+ /* Generate a lot of output to test key changes during request. */
+ generator_output(st, buf, sizeof(buf));
+ display(buf, 32);
+ display(buf + sizeof(buf) - 32, 32);
+
+ /* Reseed the generator and generate more output. */
+ generator_reseed(st, (unsigned char *)"retest", 6);
+ generator_output(st, buf, 32);
+ display(buf, 32);
+
+ /* Add sample data to accumulator pools. */
+ for (i = 0; i < 44; i++) {
+ store_32_be(i, buf);
+ accumulator_add_event(st, buf, 4);
+ }
+ assert(st->pool_index == 12);
+ assert(st->pool0_bytes == 8);
+
+ /* Exercise accumulator reseeds. */
+ accumulator_reseed(st);
+ generator_output(st, buf, 32);
+ display(buf, 32);
+ accumulator_reseed(st);
+ generator_output(st, buf, 32);
+ display(buf, 32);
+ accumulator_reseed(st);
+ generator_output(st, buf, 32);
+ display(buf, 32);
+ for (i = 0; i < 1000; i++)
+ accumulator_reseed(st);
+ assert(st->reseed_count == 1003);
+ generator_output(st, buf, 32);
+ display(buf, 32);
+
+ head_tail_test(st);
+ return 0;
+}
+
+#else /* FORTUNA */
+
+int
+main()
+{
+ return 0;
+}
+
+#endif /* FORTUNA */
Copied: trunk/src/lib/crypto/krb/t_fortuna.expected (from rev 24652, trunk/src/lib/crypto/krb/prng/fortuna/t_fortuna.expected)
===================================================================
--- trunk/src/lib/crypto/krb/t_fortuna.expected (rev 0)
+++ trunk/src/lib/crypto/krb/t_fortuna.expected 2011-02-25 17:23:54 UTC (rev 24661)
@@ -0,0 +1,9 @@
+A7C846B4EEAF6AB78AB33FFC77197BB0364C364E5A4259593464162B14C494F1
+EDC0776CA17E4FC395823653D1956D6873A55A1829D85D8B46340F3C9DD113F2
+B551F4EDF860BEB49E89BFF9B60BFD955ED85B070E18667189450962C503CBE5
+069A4F41D88CC12927672F1039C50DD50A0713E0AD542A6CDCD1E75CC4E7FB36
+E4EBA939FB027DACF1E7406461703C57B48D8BC0A1039A170FAD5E35C088B789
+68199B6755105BC22C343BD339EA2035E7A3F9535DC83DE3436C794EABA18B34
+49AD3C22E015666A269F37CA47EEF075860CC21588F3CF8D7EB5A9DC4D59C0F4
+9EFCB204F1B588A918B6A81D1E0E25C78C0921CF4839BE38D698EE8E30097BED
+66B252E879C2548A3FC3FEAF6B7ABCDBAFB1A45F5FB68EB49AB12CC13B1A091B
Modified: trunk/src/lib/crypto/nss/Makefile.in
===================================================================
--- trunk/src/lib/crypto/nss/Makefile.in 2011-02-25 15:05:38 UTC (rev 24660)
+++ trunk/src/lib/crypto/nss/Makefile.in 2011-02-25 17:23:54 UTC (rev 24661)
@@ -21,16 +21,19 @@
STLIBOBJS=\
hmac.o \
pbkdf2.o \
+ prng.o \
stubs.o
OBJS=\
$(OUTPRE)hmac.$(OBJEXT) \
$(OUTPRE)pbkdf2.$(OBJEXT) \
+ $(OUTPRE)prng.$(OBJEXT) \
$(OUTPRE)stubs.$(OBJEXT)
SRCS=\
$(srcdir)/hmac.c \
$(srcdir)/pbkdf2.c \
+ $(srcdir)/prng.c \
$(srcdir)/stubs.c
STOBJLISTS= des/OBJS.ST md4/OBJS.ST \
Added: trunk/src/lib/crypto/nss/nss_prng.h
===================================================================
--- trunk/src/lib/crypto/nss/nss_prng.h (rev 0)
+++ trunk/src/lib/crypto/nss/nss_prng.h 2011-02-25 17:23:54 UTC (rev 24661)
@@ -0,0 +1,36 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/nss/nss_prng.h - Declarations for NSS PRNG wrappers */
+/*
+ * Copyright (C) 2011 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef NSS_PRNG_H
+#define NSS_PRNG_H
+
+krb5_error_code
+k5_nss_prng_add_entropy(krb5_context context, const krb5_data *indata);
+
+krb5_error_code
+k5_nss_prng_make_octets(krb5_context context, krb5_data *outdata);
+
+#endif /* NSS_PRNG_H */
Added: trunk/src/lib/crypto/nss/prng.c
===================================================================
--- trunk/src/lib/crypto/nss/prng.c (rev 0)
+++ trunk/src/lib/crypto/nss/prng.c 2011-02-25 17:23:54 UTC (rev 24661)
@@ -0,0 +1,57 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/nss/prng.c - NSS prng functions */
+/*
+ * Copyright (C) 2011 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "nss_gen.h"
+#include "nss_prng.h"
+#include <pk11pub.h>
+
+krb5_error_code
+k5_nss_prng_add_entropy(krb5_context context, const krb5_data *indata)
+{
+ krb5_error_code ret;
+
+ ret = k5_nss_init();
+ if (ret)
+ return ret;
+ if (PK11_RandomUpdate(indata->data, indata->length) != SECSuccess)
+ return k5_nss_map_last_error();
+ return 0;
+}
+
+krb5_error_code
+k5_nss_prng_make_octets(krb5_context context, krb5_data *outdata)
+{
+ krb5_error_code ret;
+
+ ret = k5_nss_init();
+ if (ret)
+ return ret;
+ if (PK11_GenerateRandom((unsigned char *)outdata->data,
+ outdata->length) != SECSuccess)
+ return k5_nss_map_last_error();
+ return 0;
+}
More information about the cvs-krb5
mailing list