entropium/entropium.c

   1 /* entropium.c */
   2 /*
   3     This file is part of the AVR-Crypto-Lib.
   4     Copyright (C) 2006-2015 Daniel Otte (bg@nerilex.org)
   5
   6     This program is free software: you can redistribute it and/or modify
   7     it under the terms of the GNU General Public License as published by
   8     the Free Software Foundation, either version 3 of the License, or
   9     (at your option) any later version.
  10
  11     This program is distributed in the hope that it will be useful,
  12     but WITHOUT ANY WARRANTY; without even the implied warranty of
  13     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14     GNU General Public License for more details.
  15
  16     You should have received a copy of the GNU General Public License
  17     along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18 */
  19 /**
  20  * \file    entropium.c
  21  * \author  Daniel Otte
  22  * \email   bg@nerilex.org
  23  * \date    2006-05-17
  24  * \license     GPLv3 or later
  25  * \brief       This file contains an implementaition of a pseudo-random-number generator.
  26  *
  27  * Extension 1:
  28  *      rndCore is expanded to 512 bits for more security.
  29  *
  30   \verbatim
  31                        ################################################################################################
  32                        #                                                                                              #
  33                        #         +---------------------------+                                                        #
  34                        #         |                           |                                                        #
  35                        #         V                           |                                                        #
  36                        #      (concat)                       |                                                        #
  37    +---------------+   #    o---------o             (xor)+---------+      o---------o        o----o     o---------o   #    +--------------+
  38    | entropy Block | -----> | sha-256 | --(offset)-<     | rndCore | ---> | sha-256 | --+----| +1 |---> | sha-256 | -----> | random Block |
  39    +---------------+   #    o---------o             (xor)+---------+      o---------o   |    o----o     o---------o   #    +--------------+
  40                        #                                 (xor) (xor)                    |                             #
  41                        #                                   ^     ^                      |                             #
  42                        #                                    \   /                       |                             #
  43                        #                                   (offset)---------------------+                             #
  44                        #                                                                                              #
  45                        ################################################################################################
  46   \endverbatim
  47  */
  48
  49 #include <stdint.h>
  50 #include <string.h>
  51 #include "sha256.h"
  52 #include "entropium.h"
  53
  54 /**
  55  * \brief secret entropy pool.
  56  * This is the core of the random which is generated
  57  */
  58 uint32_t rndCore[16];
  59
  60 /*************************************************************************/
  61
  62 /* idea is: hash the message and add it via xor to rndCore
  63  *
  64  * length in bits
  65  *
  66  * we simply first "hash" rndCore, then entropy.
  67  */
  68 void entropium_addEntropy(unsigned length_b, const void *data){
  69         sha256_ctx_t s;
  70         static uint8_t offset=0; /* selects if higher or lower half gets updated */
  71         sha256_init(&s);
  72         sha256_nextBlock(&s, rndCore);
  73         while (length_b>=512){
  74                 sha256_nextBlock(&s, data);
  75                 data = (uint8_t*)data+ 512/8;
  76                 length_b -= 512;
  77         }
  78         sha256_lastBlock(&s, data, length_b);
  79         uint8_t i;
  80         for (i=0; i<8; ++i){
  81                 rndCore[i+offset] ^= s.h[i];
  82         }
  83         offset ^= 8; /* hehe */
  84 }
  85
  86 /*************************************************************************/
  87
  88 void entropium_getRandomBlock(void *b){
  89         sha256_ctx_t s;
  90         static uint8_t offset=8;
  91
  92         sha256_init(&s);
  93         sha256_lastBlock(&s, rndCore, 512); /* remeber the byte order! */
  94         uint8_t i;
  95         for (i=0; i<8; ++i){
  96                 rndCore[i+offset] ^= s.h[i];
  97         }
  98         offset ^= 8; /* hehe */
  99         memcpy(b, s.h, 32); /* back up first hash in b */
 100         ((uint8_t*)b)[*((uint8_t*)b)&31]++;     /* the important increment step */
 101         sha256_init(&s);
 102         sha256_lastBlock(&s, b, 256);
 103         memcpy(b, s.h, 32);
 104 }
 105
 106 /*************************************************************************/
 107
 108 uint8_t entropium_getRandomByte(void){
 109         static uint8_t block[32];
 110         static uint8_t i=32;
 111
 112         if (i==32){
 113                 entropium_getRandomBlock((void*)block);
 114                 i=0;
 115         }
 116         return block[i++];
 117 }
 118
 119 void entropium_fillBlockRandom(void *block, unsigned length_B){
 120         while(length_B>ENTROPIUM_RANDOMBLOCK_SIZE){
 121                 entropium_getRandomBlock(block);
 122                 block = (uint8_t*)block + ENTROPIUM_RANDOMBLOCK_SIZE;
 123                 length_B -= ENTROPIUM_RANDOMBLOCK_SIZE;
 124         }
 125         while(length_B){
 126                 *((uint8_t*)block) = entropium_getRandomByte();
 127                 block= (uint8_t*)block +1; --length_B;
 128         }
 129 }
 130
 131