Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: ca6682f3f8
Branches Tags
tor
/
src
/
ext
/
ed25519
/
donna
/
ed25519-randombytes.h

ed25519-randombytes.h 1.8 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091 
  1. #if defined(ED25519_TEST)
    2. 

  2. /*
    3. 

  3. 	ISAAC+ "variant", the paper is not clear on operator precedence and other
    4. 

  4. 	things. This is the "first in, first out" option!
    5. 

  5. 

  6. 	Not threadsafe or securely initialized, only for deterministic testing
    7. 

  7. */
    8. 

  8. typedef struct isaacp_state_t {
    9. 

  9. 	uint32_t state[256];
    10. 

  10. 	unsigned char buffer[1024];
    11. 

  11. 	uint32_t a, b, c;
    12. 

  12. 	size_t left;
    13. 

  13. } isaacp_state;
    14. 

  14. 

  15. #define isaacp_step(offset, mix) \
    16. 

  16. 	x = mm[i + offset]; \
    17. 

  17. 	a = (a ^ (mix)) + (mm[(i + offset + 128) & 0xff]); \
    18. 

  18. 	y = (a ^ b) + mm[(x >> 2) & 0xff]; \
    19. 

  19. 	mm[i + offset] = y; \
    20. 

  20. 	b = (x + a) ^ mm[(y >> 10) & 0xff]; \
    21. 

  21. 	U32TO8_LE(out + (i + offset) * 4, b);
    22. 

  22. 

  23. static void
    24. 

  24. isaacp_mix(isaacp_state *st) {
    25. 

  25. 	uint32_t i, x, y;
    26. 

  26. 	uint32_t a = st->a, b = st->b, c = st->c;
    27. 

  27. 	uint32_t *mm = st->state;
    28. 

  28. 	unsigned char *out = st->buffer;
    29. 

  29. 

  30. 	c = c + 1;
    31. 

  31. 	b = b + c;
    32. 

  32. 

  33. 	for (i = 0; i < 256; i += 4) {
    34. 

  34. 		isaacp_step(0, ROTL32(a,13))
    35. 

  35. 		isaacp_step(1, ROTR32(a, 6))
    36. 

  36. 		isaacp_step(2, ROTL32(a, 2))
    37. 

  37. 		isaacp_step(3, ROTR32(a,16))
    38. 

  38. 	}
    39. 

  39. 

  40. 	st->a = a;
    41. 

  41. 	st->b = b;
    42. 

  42. 	st->c = c;
    43. 

  43. 	st->left = 1024;
    44. 

  44. }
    45. 

  45. 

  46. static void
    47. 

  47. isaacp_random(isaacp_state *st, void *p, size_t len) {
    48. 

  48. 	size_t use;
    49. 

  49. 	unsigned char *c = (unsigned char *)p;
    50. 

  50. 	while (len) {
    51. 

  51. 		use = (len > st->left) ? st->left : len;
    52. 

  52. 		memcpy(c, st->buffer + (sizeof(st->buffer) - st->left), use);
    53. 

  53. 

  54. 		st->left -= use;
    55. 

  55. 		c += use;
    56. 

  56. 		len -= use;
    57. 

  57. 

  58. 		if (!st->left)
    59. 

  59. 			isaacp_mix(st);
    60. 

  60. 	}
    61. 

  61. }
    62. 

  62. 

  63. void
    64. 

  64. ED25519_FN(ed25519_randombytes_unsafe) (void *p, size_t len) {
    65. 

  65. 	static int initialized = 0;
    66. 

  66. 	static isaacp_state rng;
    67. 

  67. 

  68. 	if (!initialized) {
    69. 

  69. 		memset(&rng, 0, sizeof(rng));
    70. 

  70. 		isaacp_mix(&rng);
    71. 

  71. 		isaacp_mix(&rng);
    72. 

  72. 		initialized = 1;
    73. 

  73. 	}
    74. 

  74. 

  75. 	isaacp_random(&rng, p, len);
    76. 

  76. }
    77. 

  77. #elif defined(ED25519_CUSTOMRANDOM)
    78. 

  78. 

  79. #include "ed25519-randombytes-custom.h"
    80. 

  80. 

  81. #else
    82. 

  82. 

  83. #include <openssl/rand.h>
    84. 

  84. 

  85. void
    86. 

  86. ED25519_FN(ed25519_randombytes_unsafe) (void *p, size_t len) {
    87. 

  87. 

  88.   RAND_bytes(p, (int) len);
    89. 

  89. 

  90. }
    91. 

  91. #endif
    92.