Tor
0.4.7.0-alpha-dev
|
A fast strong PRNG for use when our underlying cryptographic library's PRNG isn't fast enough. More...
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_cipher.h"
#include "lib/crypt_ops/crypto_digest.h"
#include "lib/crypt_ops/crypto_util.h"
#include "lib/intmath/cmp.h"
#include "lib/cc/ctassert.h"
#include "lib/malloc/map_anon.h"
#include "lib/thread/threads.h"
#include "lib/log/util_bug.h"
#include <string.h>
Go to the source code of this file.
Data Structures | |
struct | crypto_fast_rng_t |
struct | crypto_fast_rng_t::cbuf_t |
Macros | |
#define | CRYPTO_PRIVATE |
#define | PID_FIELD_LEN 0 |
#define | SEED_LEN (CRYPTO_FAST_RNG_SEED_LEN) |
#define | MAPLEN 4096 |
#define | BUFLEN (MAPLEN - 2*sizeof(uint16_t) - SEED_LEN - PID_FIELD_LEN) |
#define | RESEED_AFTER 16 |
#define | KEY_LEN (CRYPTO_FAST_RNG_SEED_LEN - CIPHER_IV_LEN) |
#define | KEY_BITS (KEY_LEN * 8) |
Functions | |
CTASSERT (KEY_BITS==128||KEY_BITS==192||KEY_BITS==256) | |
CTASSERT (sizeof(struct cbuf_t)==BUFLEN+SEED_LEN) | |
CTASSERT (sizeof(crypto_fast_rng_t)<=MAPLEN) | |
crypto_fast_rng_t * | crypto_fast_rng_new (void) |
crypto_fast_rng_t * | crypto_fast_rng_new_from_seed (const uint8_t *seed) |
static crypto_cipher_t * | cipher_from_seed (const uint8_t *seed) |
static void | crypto_fast_rng_add_entopy (crypto_fast_rng_t *rng) |
static void | crypto_fast_rng_refill (crypto_fast_rng_t *rng) |
void | crypto_fast_rng_free_ (crypto_fast_rng_t *rng) |
static void | crypto_fast_rng_getbytes_impl (crypto_fast_rng_t *rng, uint8_t *out, const size_t n) |
void | crypto_fast_rng_getbytes (crypto_fast_rng_t *rng, uint8_t *out, size_t n) |
crypto_fast_rng_t * | get_thread_fast_rng (void) |
void | destroy_thread_fast_rng (void) |
void | crypto_rand_fast_init (void) |
void | crypto_rand_fast_shutdown (void) |
Variables | |
static tor_threadlocal_t | thread_rng |
A fast strong PRNG for use when our underlying cryptographic library's PRNG isn't fast enough.
Definition in file crypto_rand_fast.c.
|
inlinestatic |
Helper: create a crypto_cipher_t object from SEED_LEN bytes of input. The first KEY_LEN bytes are used as the stream cipher's key, and the remaining CIPHER_IV_LEN bytes are used as its IV.
Definition at line 210 of file crypto_rand_fast.c.
|
static |
Helper: mix additional entropy into rng by using our XOF to mix the old value for the seed with some additional bytes from crypto_strongest_rand().
Definition at line 221 of file crypto_rand_fast.c.
Referenced by crypto_fast_rng_refill().
void crypto_fast_rng_free_ | ( | crypto_fast_rng_t * | rng | ) |
Release all storage held by rng.
Definition at line 273 of file crypto_rand_fast.c.
void crypto_fast_rng_getbytes | ( | crypto_fast_rng_t * | rng, |
uint8_t * | out, | ||
size_t | n | ||
) |
Extract n bytes from rng into the buffer at out.
Definition at line 334 of file crypto_rand_fast.c.
Referenced by crypto_fast_rng_get_double(), crypto_fast_rng_get_u32(), crypto_fast_rng_get_uint(), and crypto_fast_rng_get_uint64().
|
static |
Helper: extract bytes from the PRNG, refilling it as necessary. Does not optimize the case when the user has asked for a huge output.
Definition at line 286 of file crypto_rand_fast.c.
crypto_fast_rng_t* crypto_fast_rng_new | ( | void | ) |
Initialize and return a new fast PRNG, using a strong random seed.
Note that this object is NOT thread-safe. If you need a thread-safe prng, use crypto_rand(), or wrap this in a mutex.
Definition at line 138 of file crypto_rand_fast.c.
crypto_fast_rng_t* crypto_fast_rng_new_from_seed | ( | const uint8_t * | seed | ) |
Initialize and return a new fast PRNG, using a seed value specified in seed. This value must be CRYPTO_FAST_RNG_SEED_LEN bytes long.
Note that this object is NOT thread-safe. If you need a thread-safe prng, you should probably look at get_thread_fast_rng(). Alternatively, use crypto_rand(), wrap this in a mutex.
Definition at line 157 of file crypto_rand_fast.c.
|
static |
Helper: refill the seed bytes and output buffer of rng, using the input seed bytes as input (key and IV) for the stream cipher.
If the n_till_reseed counter has reached zero, mix more random bytes into the seed before refilling the buffer.
Definition at line 243 of file crypto_rand_fast.c.
Referenced by crypto_fast_rng_getbytes_impl().
void crypto_rand_fast_init | ( | void | ) |
Initialize the global thread-local key that will be used to keep track of per-thread fast RNG instances. Called from the crypto subsystem's initialization code.
Definition at line 423 of file crypto_rand_fast.c.
void crypto_rand_fast_shutdown | ( | void | ) |
Initialize the global thread-local key that will be used to keep track of per-thread fast RNG instances. Called from the crypto subsystem's shutdown code.
Definition at line 434 of file crypto_rand_fast.c.
void destroy_thread_fast_rng | ( | void | ) |
Used when a thread is exiting: free the per-thread fast RNG if needed. Invoked from the crypto subsystem's thread-cleanup code.
Definition at line 394 of file crypto_rand_fast.c.
Referenced by crypto_rand_fast_shutdown(), and crypto_thread_cleanup().
crypto_fast_rng_t* get_thread_fast_rng | ( | void | ) |
Return a per-thread fast RNG, initializing it if necessary.
You do not need to free this yourself.
It is NOT safe to share this value across threads.
Definition at line 377 of file crypto_rand_fast.c.
Referenced by circuit_reset_sendme_randomness(), circuit_resume_edge_reading_helper(), extend_info_pick_orport(), genpareto_sample(), geometric_sample(), log_logistic_sample(), logistic_sample(), random_uniform_01(), and weibull_sample().
|
static |
Thread-local instance for our fast RNG.
Definition at line 367 of file crypto_rand_fast.c.
Referenced by crypto_rand_fast_init(), crypto_rand_fast_shutdown(), destroy_thread_fast_rng(), and get_thread_fast_rng().