d4/d3f/havege_8c_source.html

/*

 *  The HAVEGE RNG was designed by Andre Seznec in 2002.

 *

 *  http://www.irisa.fr/caps/projects/hipsor/publi.php

 *

 *  Contact: seznec(at)irisa_dot_fr - orocheco(at)irisa_dot_fr

 */


#if !defined(MBEDTLS_CONFIG_FILE)

#include "mbedtls/config.h"

#else

#include MBEDTLS_CONFIG_FILE

#endif


#if defined(MBEDTLS_HAVEGE_C)


#include "mbedtls/havege.h"

#include "mbedtls/timing.h"

#include "mbedtls/platform_util.h"


#include <limits.h>

#include <string.h>


/* If int isn't capable of storing 2^32 distinct values, the code of this

 * module may cause a processor trap or a miscalculation. If int is more

 * than 32 bits, the code may not calculate the intended values. */

#if INT_MIN + 1 != -0x7fffffff

#error "The HAVEGE module requires int to be exactly 32 bits, with INT_MIN = -2^31."

#endif

#if UINT_MAX != 0xffffffff

#error "The HAVEGE module requires unsigned to be exactly 32 bits."

#endif


/* ------------------------------------------------------------------------

 * On average, one iteration accesses two 8-word blocks in the havege WALK

 * table, and generates 16 words in the RES array.

 *

 * The data read in the WALK table is updated and permuted after each use.

 * The result of the hardware clock counter read is used  for this update.

 *

 * 25 conditional tests are present.  The conditional tests are grouped in

 * two nested  groups of 12 conditional tests and 1 test that controls the

 * permutation; on average, there should be 6 tests executed and 3 of them

 * should be mispredicted.

 * ------------------------------------------------------------------------

 */


#define SWAP(X,Y) { unsigned *T = (X); (X) = (Y); (Y) = T; }


#define TST1_ENTER if( PTEST & 1 ) { PTEST ^= 3; PTEST >>= 1;

#define TST2_ENTER if( PTEST & 1 ) { PTEST ^= 3; PTEST >>= 1;


#define TST1_LEAVE U1++; }

#define TST2_LEAVE U2++; }


#define ONE_ITERATION                                   \

                                                        \

    PTEST = PT1 >> 20;                                  \

                                                        \

    TST1_ENTER  TST1_ENTER  TST1_ENTER  TST1_ENTER      \

    TST1_ENTER  TST1_ENTER  TST1_ENTER  TST1_ENTER      \

    TST1_ENTER  TST1_ENTER  TST1_ENTER  TST1_ENTER      \

                                                        \

    TST1_LEAVE  TST1_LEAVE  TST1_LEAVE  TST1_LEAVE      \

    TST1_LEAVE  TST1_LEAVE  TST1_LEAVE  TST1_LEAVE      \

    TST1_LEAVE  TST1_LEAVE  TST1_LEAVE  TST1_LEAVE      \

                                                        \

    PTX = (PT1 >> 18) & 7;                              \

    PT1 &= 0x1FFF;                                      \

    PT2 &= 0x1FFF;                                      \

    CLK = (unsigned) mbedtls_timing_hardclock();        \

                                                        \

    i = 0;                                              \

    A = &WALK[PT1    ]; RES[i++] ^= *A;                 \

    B = &WALK[PT2    ]; RES[i++] ^= *B;                 \

    C = &WALK[PT1 ^ 1]; RES[i++] ^= *C;                 \

    D = &WALK[PT2 ^ 4]; RES[i++] ^= *D;                 \

                                                        \

    IN = (*A >> (1)) ^ (*A << (31)) ^ CLK;              \

    *A = (*B >> (2)) ^ (*B << (30)) ^ CLK;              \

    *B = IN ^ U1;                                       \

    *C = (*C >> (3)) ^ (*C << (29)) ^ CLK;              \

    *D = (*D >> (4)) ^ (*D << (28)) ^ CLK;              \

                                                        \

    A = &WALK[PT1 ^ 2]; RES[i++] ^= *A;                 \

    B = &WALK[PT2 ^ 2]; RES[i++] ^= *B;                 \

    C = &WALK[PT1 ^ 3]; RES[i++] ^= *C;                 \

    D = &WALK[PT2 ^ 6]; RES[i++] ^= *D;                 \

                                                        \

    if( PTEST & 1 ) SWAP( A, C );                       \

                                                        \

    IN = (*A >> (5)) ^ (*A << (27)) ^ CLK;              \

    *A = (*B >> (6)) ^ (*B << (26)) ^ CLK;              \

    *B = IN; CLK = (unsigned) mbedtls_timing_hardclock(); \

    *C = (*C >> (7)) ^ (*C << (25)) ^ CLK;              \

    *D = (*D >> (8)) ^ (*D << (24)) ^ CLK;              \

                                                        \

    A = &WALK[PT1 ^ 4];                                 \

    B = &WALK[PT2 ^ 1];                                 \

                                                        \

    PTEST = PT2 >> 1;                                   \

                                                        \

    PT2 = (RES[(i - 8) ^ PTY] ^ WALK[PT2 ^ PTY ^ 7]);   \

    PT2 = ((PT2 & 0x1FFF) & (~8)) ^ ((PT1 ^ 8) & 0x8);  \

    PTY = (PT2 >> 10) & 7;                              \

                                                        \

    TST2_ENTER  TST2_ENTER  TST2_ENTER  TST2_ENTER      \

    TST2_ENTER  TST2_ENTER  TST2_ENTER  TST2_ENTER      \

    TST2_ENTER  TST2_ENTER  TST2_ENTER  TST2_ENTER      \

                                                        \

    TST2_LEAVE  TST2_LEAVE  TST2_LEAVE  TST2_LEAVE      \

    TST2_LEAVE  TST2_LEAVE  TST2_LEAVE  TST2_LEAVE      \

    TST2_LEAVE  TST2_LEAVE  TST2_LEAVE  TST2_LEAVE      \

                                                        \

    C = &WALK[PT1 ^ 5];                                 \

    D = &WALK[PT2 ^ 5];                                 \

                                                        \

    RES[i++] ^= *A;                                     \

    RES[i++] ^= *B;                                     \

    RES[i++] ^= *C;                                     \

    RES[i++] ^= *D;                                     \

                                                        \

    IN = (*A >> ( 9)) ^ (*A << (23)) ^ CLK;             \

    *A = (*B >> (10)) ^ (*B << (22)) ^ CLK;             \

    *B = IN ^ U2;                                       \

    *C = (*C >> (11)) ^ (*C << (21)) ^ CLK;             \

    *D = (*D >> (12)) ^ (*D << (20)) ^ CLK;             \

                                                        \

    A = &WALK[PT1 ^ 6]; RES[i++] ^= *A;                 \

    B = &WALK[PT2 ^ 3]; RES[i++] ^= *B;                 \

    C = &WALK[PT1 ^ 7]; RES[i++] ^= *C;                 \

    D = &WALK[PT2 ^ 7]; RES[i++] ^= *D;                 \

                                                        \

    IN = (*A >> (13)) ^ (*A << (19)) ^ CLK;             \

    *A = (*B >> (14)) ^ (*B << (18)) ^ CLK;             \

    *B = IN;                                            \

    *C = (*C >> (15)) ^ (*C << (17)) ^ CLK;             \

    *D = (*D >> (16)) ^ (*D << (16)) ^ CLK;             \

                                                        \

    PT1 = ( RES[( i - 8 ) ^ PTX] ^                      \

            WALK[PT1 ^ PTX ^ 7] ) & (~1);               \

    PT1 ^= (PT2 ^ 0x10) & 0x10;                         \

                                                        \

    for( n++, i = 0; i < 16; i++ )                      \

        POOL[n % MBEDTLS_HAVEGE_COLLECT_SIZE] ^= RES[i];


/*

 * Entropy gathering function

 */

static void havege_fill( mbedtls_havege_state *hs )

{

    unsigned i, n = 0;

    unsigned  U1,  U2, *A, *B, *C, *D;

    unsigned PT1, PT2, *WALK, *POOL, RES[16];

    unsigned PTX, PTY, CLK, PTEST, IN;


    WALK = (unsigned *) hs->WALK;

    POOL = (unsigned *) hs->pool;

    PT1  = hs->PT1;

    PT2  = hs->PT2;


    PTX  = U1 = 0;

    PTY  = U2 = 0;


    (void)PTX;


    memset( RES, 0, sizeof( RES ) );


    while( n < MBEDTLS_HAVEGE_COLLECT_SIZE * 4 )

    {

        ONE_ITERATION

        ONE_ITERATION

        ONE_ITERATION

        ONE_ITERATION

    }


    hs->PT1 = PT1;

    hs->PT2 = PT2;


    hs->offset[0] = 0;

    hs->offset[1] = MBEDTLS_HAVEGE_COLLECT_SIZE / 2;

}


/*

 * HAVEGE initialization

 */

void mbedtls_havege_init( mbedtls_havege_state *hs )

{

    memset( hs, 0, sizeof( mbedtls_havege_state ) );


    havege_fill( hs );

}


void mbedtls_havege_free( mbedtls_havege_state *hs )

{

    if( hs == NULL )

        return;


    mbedtls_platform_zeroize( hs, sizeof( mbedtls_havege_state ) );

}


/*

 * HAVEGE rand function

 */

int mbedtls_havege_random( void *p_rng, unsigned char *buf, size_t len )

{

    int val;

    size_t use_len;

    mbedtls_havege_state *hs = (mbedtls_havege_state *) p_rng;

    unsigned char *p = buf;


    while( len > 0 )

    {

        use_len = len;

        if( use_len > sizeof(int) )

            use_len = sizeof(int);


        if( hs->offset[1] >= MBEDTLS_HAVEGE_COLLECT_SIZE )

            havege_fill( hs );


        val  = hs->pool[hs->offset[0]++];

        val ^= hs->pool[hs->offset[1]++];


        memcpy( p, &val, use_len );


        len -= use_len;

        p += use_len;

    }


    return( 0 );

}


#endif /* MBEDTLS_HAVEGE_C */

U2
#define U2(x)
Definition: wordpad.c:46

D
#define D(d)
Definition: builtin.c:4557

C
#define C(c)
Definition: builtin.c:4556

NULL
#define NULL
Definition: types.h:112

A
#define A(row, col)

B
#define B(row, col)

n
GLdouble n
Definition: glext.h:7729

buf
GLenum GLuint GLenum GLsizei const GLchar * buf
Definition: glext.h:7751

val
GLuint GLfloat * val
Definition: glext.h:7180

p
GLfloat GLfloat p
Definition: glext.h:8902

len
GLenum GLsizei len
Definition: glext.h:6722

i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248

havege.h
HAVEGE: HArdware Volatile Entropy Gathering and Expansion.

mbedtls_havege_free
void mbedtls_havege_free(mbedtls_havege_state *hs)
Clear HAVEGE state.

mbedtls_havege_init
void mbedtls_havege_init(mbedtls_havege_state *hs)
HAVEGE initialization.

mbedtls_havege_random
int mbedtls_havege_random(void *p_rng, unsigned char *output, size_t len)
HAVEGE rand function.

MBEDTLS_HAVEGE_COLLECT_SIZE
#define MBEDTLS_HAVEGE_COLLECT_SIZE
Definition: havege.h:60

void
Definition: nsiface.idl:2307

memcpy
#define memcpy(s1, s2, n)
Definition: mkisofs.h:878

mbedtls_platform_zeroize
void mbedtls_platform_zeroize(void *buf, size_t len)
Securely zeroize a buffer.
Definition: platform_util.c:98

platform_util.h
Common and shared functions used by multiple modules in the Mbed TLS library.

PTEST
struct tagTEST * PTEST

config.h
Configuration options (set of defines)

U1
#define U1(x)
Definition: test.h:199

memset
#define memset(x, y, z)
Definition: compat.h:39

mbedtls_havege_state
HAVEGE state structure.
Definition: havege.h:70

mbedtls_havege_state::WALK
int WALK[8192]
Definition: havege.h:73

mbedtls_havege_state::pool
int pool[MBEDTLS_HAVEGE_COLLECT_SIZE]
Definition: havege.h:72

mbedtls_havege_state::offset
int offset[2]
Definition: havege.h:71

mbedtls_havege_state::PT1
int PT1
Definition: havege.h:71

mbedtls_havege_state::PT2
int PT2
Definition: havege.h:71

timing.h
Portable interface to timeouts and to the CPU cycle counter.

IN
#define IN
Definition: typedefs.h:39