kris
/
pqcrypto
miroir de https://github.com/henrydcase/pqc.git
1
1
Bifurcation 0
Code Tickets 1 Versions 2 Wiki Activité
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
1132 Révisions
9 Branches
27 MiB
 
 
 
Aborescence: 1e9241932f
Branches Tags
${ item.name }
Créer la branche ${ searchTerm }
de '1e9241932f'
${ noResults }
pqcrypto/3rd/jitterentropy/jitterentropy-gcd.c

186 lignes
4.4 KiB
Brut Annotations Historique 

  1. /* Jitter RNG: GCD health test

  2.  *

  3.  * Copyright (C) 2021 - 2022, Joshua E. Hill <josh@keypair.us>

  4.  * Copyright (C) 2021 - 2022, Stephan Mueller <smueller@chronox.de>

  5.  *

  6.  * License: see LICENSE file in root directory

  7.  *

  8.  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED

  9.  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES

  10.  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ALL OF

  11.  * WHICH ARE HEREBY DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE

  12.  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR

  13.  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT

  14.  * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR

  15.  * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF

  16.  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

  17.  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE

  18.  * USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH

  19.  * DAMAGE.

  20.  */

  21. 

  22. #include "jitterentropy.h"

  23. #include "jitterentropy-gcd.h"

  24. 

  25. /* The common divisor for all timestamp deltas */

  26. static uint64_t jent_common_timer_gcd = 0;

  27. 

  28. static inline int jent_gcd_tested(void)

  29. {

  30. 	return (jent_common_timer_gcd != 0);

  31. }

  32. 

  33. /* A straight forward implementation of the Euclidean algorithm for GCD. */

  34. static inline uint64_t jent_gcd64(uint64_t a, uint64_t b)

  35. {

  36. 	/* Make a greater a than or equal b. */

  37. 	if (a < b) {

  38. 		uint64_t c = a;

  39. 

  40. 		a = b;

  41. 		b = c;

  42. 	}

  43. 

  44. 	/* Now perform the standard inner-loop for this algorithm.*/

  45. 	while (b != 0) {

  46. 		uint64_t r;

  47. 

  48. 		r = a % b;

  49. 

  50. 		a = b;

  51. 		b = r;

  52. 	}

  53. 

  54. 	return a;

  55. }

  56. 

  57. static int jent_gcd_analyze_internal(uint64_t *delta_history, size_t nelem,

  58. 				     uint64_t *running_gcd_out,

  59. 				     uint64_t *delta_sum_out)

  60. {

  61. 	uint64_t running_gcd, delta_sum = 0;

  62. 	size_t i;

  63. 

  64. 	if (!delta_history)

  65. 		return -EAGAIN;

  66. 

  67. 	running_gcd = delta_history[0];

  68. 

  69. 	/* Now perform the analysis on the accumulated delta data. */

  70. 	for (i = 1; i < nelem; i++) {

  71. 		/*

  72. 		 * ensure that we have a varying delta timer which is necessary

  73. 		 * for the calculation of entropy -- perform this check

  74. 		 * only after the first loop is executed as we need to prime

  75. 		 * the old_data value

  76. 		 */

  77. 		if (delta_history[i] >= delta_history[i - 1])

  78. 			delta_sum +=  delta_history[i] - delta_history[i - 1];

  79. 		else

  80. 			delta_sum +=  delta_history[i - 1] - delta_history[i];

  81. 

  82. 		/*

  83. 		 * This calculates the gcd of all the delta values. that is

  84. 		 * gcd(delta_1, delta_2, ..., delta_nelem)

  85. 

  86. 		 * Some timers increment by a fixed (non-1) amount each step.

  87. 		 * This code checks for such increments, and allows the library

  88. 		 * to output the number of such changes have occurred.

  89. 		 */

  90. 		running_gcd = jent_gcd64(delta_history[i], running_gcd);

  91. 	}

  92. 

  93. 	*running_gcd_out = running_gcd;

  94. 	*delta_sum_out = delta_sum;

  95. 

  96. 	return 0;

  97. }

  98. 

  99. int jent_gcd_analyze(uint64_t *delta_history, size_t nelem)

  100. {

  101. 	uint64_t running_gcd, delta_sum;

  102. 	int ret = jent_gcd_analyze_internal(delta_history, nelem, &running_gcd,

  103. 					    &delta_sum);

  104. 

  105. 	if (ret == -EAGAIN)

  106. 		return 0;

  107. 

  108. 	/*

  109. 	 * Variations of deltas of time must on average be larger than 1 to

  110. 	 * ensure the entropy estimation implied with 1 is preserved.

  111. 	 */

  112. 	if (delta_sum <= nelem - 1) {

  113. 		ret = EMINVARVAR;

  114. 		goto out;

  115. 	}

  116. 

  117. 	/* Set a sensible maximum value. */

  118. 	if (running_gcd >= UINT32_MAX / 2) {

  119. 		ret = ECOARSETIME;

  120. 		goto out;

  121. 	}

  122. 

  123. 	/*  Adjust all deltas by the observed (small) common factor. */

  124. 	if (!jent_gcd_tested())

  125. 		jent_common_timer_gcd = running_gcd;

  126. 

  127. out:

  128. 	return ret;

  129. }

  130. 

  131. uint64_t *jent_gcd_init(size_t nelem)

  132. {

  133. 	uint64_t *delta_history;

  134. 

  135. 	delta_history = jent_zalloc(nelem * sizeof(uint64_t));

  136. 	if (!delta_history)

  137. 		return NULL;

  138. 

  139. 	return delta_history;

  140. }

  141. 

  142. void jent_gcd_fini(uint64_t *delta_history, size_t nelem)

  143. {

  144. 	if (delta_history)

  145. 		jent_zfree(delta_history,

  146. 			   (unsigned int)(nelem * sizeof(uint64_t)));

  147. }

  148. 

  149. int jent_gcd_get(uint64_t *value)

  150. {

  151. 	if (!jent_gcd_tested())

  152. 		return 1;

  153. 

  154. 	*value = jent_common_timer_gcd;

  155. 	return 0;

  156. }

  157. 

  158. int jent_gcd_selftest(void)

  159. {

  160. #define JENT_GCD_SELFTEST_ELEM 10

  161. #define JENT_GCD_SELFTEST_EXP 3ULL

  162. 	uint64_t *gcd = jent_gcd_init(JENT_GCD_SELFTEST_ELEM);

  163. 	uint64_t running_gcd, delta_sum;

  164. 	unsigned int i;

  165. 	int ret = EGCD;

  166. 

  167. 	if (!gcd)

  168. 		return EMEM;

  169. 

  170. 	for (i = 0; i < JENT_GCD_SELFTEST_ELEM; i++)

  171. 		jent_gcd_add_value(gcd, i * JENT_GCD_SELFTEST_EXP, i);

  172. 

  173. 	if (jent_gcd_analyze_internal(gcd, JENT_GCD_SELFTEST_ELEM,

  174. 				      &running_gcd, &delta_sum))

  175. 		goto out;

  176. 

  177. 	if (running_gcd != JENT_GCD_SELFTEST_EXP)

  178. 		goto out;

  179. 

  180. 	ret = 0;

  181. 

  182. out:

  183. 	jent_gcd_fini(gcd, JENT_GCD_SELFTEST_ELEM);

  184. 	return ret;

  185. }