]> git.cryptolib.org Git - avr-crypto-lib.git/blob - entropium/entropium.c
0cc360397b17f7cfb1dec806663bd21b9949516d
[avr-crypto-lib.git] / entropium / entropium.c
1 /* entropium.c */
2 /*
3     This file is part of the AVR-Crypto-Lib.
4     Copyright (C) 2008  Daniel Otte (daniel.otte@rub.de)
5
6     This program is free software: you can redistribute it and/or modify
7     it under the terms of the GNU General Public License as published by
8     the Free Software Foundation, either version 3 of the License, or
9     (at your option) any later version.
10
11     This program is distributed in the hope that it will be useful,
12     but WITHOUT ANY WARRANTY; without even the implied warranty of
13     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14     GNU General Public License for more details.
15
16     You should have received a copy of the GNU General Public License
17     along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 */
19 /**
20  * \file    entropium.c
21  * \author  Daniel Otte
22  * \email   daniel.otte@rub.de
23  * \date    2006-05-17
24  * \license     GPLv3 or later
25  * \brief       This file contains an implementaition of a pseudo-random-number generator.
26  * 
27  * Extension 1:
28  *      rndCore is expanded to 512 bits for more security.
29  *
30   \verbatim
31                        ################################################################################################
32                        #                                                                                              #
33                        #         +---------------------------+                                                        #
34                        #         |                           |                                                        #
35                        #         V                           |                                                        #
36                        #      (concat)                       |                                                        #
37    +---------------+   #    o---------o             (xor)+---------+      o---------o        o----o     o---------o   #    +--------------+
38    | entropy Block | -----> | sha-256 | --(offset)-<     | rndCore | ---> | sha-256 | --+----| +1 |---> | sha-256 | -----> | random Block |
39    +---------------+   #    o---------o             (xor)+---------+      o---------o   |    o----o     o---------o   #    +--------------+
40                        #                                 (xor) (xor)                    |                             #
41                        #                                   ^     ^                      |                             #
42                        #                                    \   /                       |                             #
43                        #                                   (offset)---------------------+                             #
44                        #                                                                                              #
45                        ################################################################################################
46   \endverbatim
47  */
48
49 #include <stdint.h>
50 #include <string.h>
51 #include "sha256.h"
52 #include "entropium.h"
53
54 /**
55  * \brief secret entropy pool. 
56  * This is the core of the random which is generated
57  */
58 uint32_t rndCore[16]; 
59
60 /*************************************************************************/
61
62 /* idea is: hash the message and add it via xor to rndCore
63  *
64  * length in bits 
65  * 
66  * we simply first "hash" rndCore, then entropy.
67  */
68 void entropium_addEntropy(unsigned length_b, const void* data){
69         sha256_ctx_t s;
70         static uint8_t offset=0; /* selects if higher or lower half gets updated */
71         sha256_init(&s);
72         sha256_nextBlock(&s, rndCore);
73         while (length_b>=512){
74                 sha256_nextBlock(&s, data);
75                 data = (uint8_t*)data+ 512/8;
76                 length_b -= 512;        
77         }
78         sha256_lastBlock(&s, data, length_b);
79         uint8_t i;
80         for (i=0; i<8; ++i){
81                 rndCore[i+offset] ^= s.h[i];
82         }
83         offset ^= 8; /* hehe */
84 }
85
86 /*************************************************************************/
87
88 void entropium_getRandomBlock(void *b){
89         sha256_ctx_t s;
90         static uint8_t offset=8;
91         
92         sha256_init(&s);
93         sha256_lastBlock(&s, rndCore, 512); /* remeber the byte order! */
94         uint8_t i;
95         for (i=0; i<8; ++i){
96                 rndCore[i+offset] ^= s.h[i];
97         }
98         offset ^= 8; /* hehe */
99         memcpy(b, s.h, 32); /* back up first hash in b */
100         ((uint8_t*)b)[*((uint8_t*)b)&31]++;     /* the important increment step */
101         sha256_init(&s);
102         sha256_lastBlock(&s, b, 256);
103         memcpy(b, s.h, 32);
104 }
105
106 /*************************************************************************/
107
108 uint8_t entropium_getRandomByte(void){
109         static uint8_t block[32];
110         static uint8_t i=32;
111         
112         if (i==32){
113                 entropium_getRandomBlock((void*)block);
114                 i=0;
115         }       
116         return block[i++];
117 }
118
119 void entropium_fillBlockRandom(void* block, unsigned length_B){
120         while(length_B>ENTROPIUM_RANDOMBLOCK_SIZE){
121                 entropium_getRandomBlock(block);
122                 block = (uint8_t*)block + ENTROPIUM_RANDOMBLOCK_SIZE;
123                 length_B -= ENTROPIUM_RANDOMBLOCK_SIZE;
124         }
125         while(length_B){
126                 *((uint8_t*)block) = entropium_getRandomByte();
127                 block= (uint8_t*)block +1; --length_B;
128         }
129 }
130  
131