From patchwork Tue Dec 2 08:37:07 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: George Spelvin X-Patchwork-Id: 5417781 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Original-To: patchwork-linux-crypto@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 8F08DBEEA8 for ; Tue, 2 Dec 2014 08:37:18 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 9CA9C2028D for ; Tue, 2 Dec 2014 08:37:17 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id E70C22026C for ; Tue, 2 Dec 2014 08:37:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751283AbaLBIhK (ORCPT ); Tue, 2 Dec 2014 03:37:10 -0500 Received: from ns.horizon.com ([71.41.210.147]:42555 "HELO ns.horizon.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with SMTP id S1751285AbaLBIhI (ORCPT ); Tue, 2 Dec 2014 03:37:08 -0500 Received: (qmail 17997 invoked by uid 1000); 2 Dec 2014 03:37:07 -0500 Date: 2 Dec 2014 03:37:07 -0500 Message-ID: <20141202083707.17996.qmail@ns.horizon.com> From: "George Spelvin" To: herbert@gondor.apana.org.au, nhorman@tuxdriver.com Subject: [PATCH 03/17] crypto: ansi_cprng - Eliminate ctx->I Cc: linux-crypto@vger.kernel.org, linux@horizon.com, smueller@chronox.de In-Reply-To: <20141202083314.17647.qmail@ns.horizon.com> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, T_RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP It's also not necessary. We do have to change some debugging output. Signed-off-by: George Spelvin --- crypto/ansi_cprng.c | 39 ++++++++++++++++++++------------------- 1 file changed, 20 insertions(+), 19 deletions(-) diff --git a/crypto/ansi_cprng.c b/crypto/ansi_cprng.c index c0a27288..6b844f13 100644 --- a/crypto/ansi_cprng.c +++ b/crypto/ansi_cprng.c @@ -35,19 +35,22 @@ #define PRNG_NEED_RESET 0x2 /* - * Note: DT is our counter value - * I is our intermediate value - * V is our seed vector + * Note: In addition to the fixed encryption key, there are three + * block-sized state buffers: + * 1. rand_data is the current output data (R in the spec). + * 2. V is our main state vector + * 3. DT is the current "data/time" used for seeding. The fact that + * this is a deterministic counter rather than an actual timestamp + * (with some small amount of seed entropy) means that this code is + * NOT an implmentation of X9.31. + * * See http://csrc.nist.gov/groups/STM/cavp/documents/rng/931rngext.pdf * for implementation details */ - - struct prng_context { spinlock_t prng_lock; unsigned char rand_data[DEFAULT_BLK_SZ]; unsigned char DT[DEFAULT_BLK_SZ]; - unsigned char I[DEFAULT_BLK_SZ]; unsigned char V[DEFAULT_BLK_SZ]; u32 rand_read_pos; /* Offset into rand_data[] */ struct crypto_cipher *tfm; @@ -93,13 +96,13 @@ static int _get_more_prng_bytes(struct prng_context *ctx, int cont_test) ctx); hexdump("Input DT: ", ctx->DT, DEFAULT_BLK_SZ); - hexdump("Input I: ", ctx->I, DEFAULT_BLK_SZ); hexdump("Input V: ", ctx->V, DEFAULT_BLK_SZ); /* * This algorithm is a 3 stage state machine */ for (i = 0; i < 3; i++) { + unsigned char const *input; unsigned char *output; switch (i) { @@ -108,9 +111,9 @@ static int _get_more_prng_bytes(struct prng_context *ctx, int cont_test) * Start by encrypting the counter value * This gives us an intermediate value I */ - memcpy(tmp, ctx->DT, DEFAULT_BLK_SZ); - output = ctx->I; - hexdump("tmp stage 0: ", tmp, DEFAULT_BLK_SZ); + input = ctx->DT; + output = tmp; + hexdump("input stage 0: ", ctx->DT, DEFAULT_BLK_SZ); break; case 1: /* @@ -120,9 +123,9 @@ static int _get_more_prng_bytes(struct prng_context *ctx, int cont_test) * in (no longer used) V until we have done the * anti-repetition compare. */ - xor_vectors(ctx->I, ctx->V, tmp, DEFAULT_BLK_SZ); - hexdump("tmp stage 1: ", tmp, DEFAULT_BLK_SZ); - output = ctx->V; + xor_vectors(tmp, ctx->V, ctx->V, DEFAULT_BLK_SZ); + hexdump("input stage 1: ", ctx->V, DEFAULT_BLK_SZ); + input = output = ctx->V; break; case 2: /* @@ -148,15 +151,14 @@ static int _get_more_prng_bytes(struct prng_context *ctx, int cont_test) * Lastly xor the random data with I * and encrypt that to obtain a new secret vector V */ - xor_vectors(ctx->I, ctx->V, tmp, DEFAULT_BLK_SZ); - output = ctx->V; - hexdump("tmp stage 2: ", tmp, DEFAULT_BLK_SZ); + xor_vectors(tmp, ctx->V, ctx->V, DEFAULT_BLK_SZ); + hexdump("input stage 2: ", ctx->V, DEFAULT_BLK_SZ); + input = output = ctx->V; break; } - /* do the encryption */ - crypto_cipher_encrypt_one(ctx->tfm, output, tmp); + crypto_cipher_encrypt_one(ctx->tfm, output, input); } /* @@ -172,7 +174,6 @@ static int _get_more_prng_bytes(struct prng_context *ctx, int cont_test) ctx->rand_read_pos = 0; hexdump("Output DT: ", ctx->DT, DEFAULT_BLK_SZ); - hexdump("Output I: ", ctx->I, DEFAULT_BLK_SZ); hexdump("Output V: ", ctx->V, DEFAULT_BLK_SZ); hexdump("New Random Data: ", ctx->rand_data, DEFAULT_BLK_SZ);