summaryrefslogtreecommitdiff
path: root/lib/crypto
diff options
context:
space:
mode:
authorOri Bernstein <ori@eigenstate.org>2016-12-02 00:11:30 -0800
committerOri Bernstein <ori@eigenstate.org>2016-12-02 00:11:30 -0800
commit9f26b5a77063d222e3c62cfdcc77f221991b5c4a (patch)
tree9ac173d48b8006add991563dc1376d85d264b956 /lib/crypto
parent9d6574afc35fe96fbd8f2172fc62f9037df0efb1 (diff)
downloadmc-9f26b5a77063d222e3c62cfdcc77f221991b5c4a.tar.gz
Add CSPRNG based on arc4random.
Diffstat (limited to 'lib/crypto')
-rw-r--r--lib/crypto/bld.sub1
-rw-r--r--lib/crypto/rand.myr100
2 files changed, 101 insertions, 0 deletions
diff --git a/lib/crypto/bld.sub b/lib/crypto/bld.sub
index b378d09..ddd00c6 100644
--- a/lib/crypto/bld.sub
+++ b/lib/crypto/bld.sub
@@ -13,6 +13,7 @@ lib crypto =
# randomness
entropy.myr # currently assumes a /dev/random
+ rand.myr
lib ../std:std
lib ../sys:sys
diff --git a/lib/crypto/rand.myr b/lib/crypto/rand.myr
new file mode 100644
index 0000000..34e8ec9
--- /dev/null
+++ b/lib/crypto/rand.myr
@@ -0,0 +1,100 @@
+use std
+
+use "entropy"
+use "sha256"
+use "chacha20"
+
+pkg crypto =
+ /* designed to mirror std.rand() */
+ const randbytes : (buf : byte[:] -> void)
+ generic rand : (lo : @a::(integral,numeric), hi : @a::(integral,numeric) -> @a::(numeric,integral))
+ generic randnum : (-> @a::(numeric,integral))
+
+ pkglocal const rekey : (entropy : byte[:] -> void)
+;;
+
+const Stirinterval = 16*std.MiB
+const Secretsz = 40
+var buf : byte[4096] /* let's not encrypt too often */
+var rem : std.size /* size remaining in buffer */
+var cnt : std.size /* count we've read since last stirring of entropy */
+var ctx : chacha20ctx /* the generator */
+var pid : std.pid /* for rekeying on fork and exec */
+
+generic rand = {lo, hi
+ var span, lim, val, max
+
+ span = std.abs(hi - lo)
+ max = ~0
+ /* if ~0 is negative, we have a signed value with a different max */
+ if max < 0
+ max = (1 << (8*sizeof(@a)-1)) - 1
+ ;;
+
+ lim = (max/span)*span
+ val = (randnum() & max)
+ while val > lim
+ val = (randnum() & max)
+ ;;
+ -> val % span + lo
+}
+
+generic randnum = {
+ var buf : byte[8]
+
+ randbytes(buf[:])
+ -> std.getle64(buf[:])
+}
+
+const randbytes = {dst
+ var n, off, rdlen
+
+ /* costly? */
+ if pid != std.getpid()
+ stir()
+ pid = std.getpid()
+ ;;
+ n = 0
+ while n < dst.len
+ if cnt + buf.len >= Stirinterval
+ stir()
+ ;;
+ off = buf.len - rem
+ rdlen = std.min(dst.len - n, rem)
+ std.slcp(dst[n:n+rdlen], buf[off:off+rdlen])
+ std.slfill(buf[off:off+rdlen], 0)
+ cnt += rdlen
+ rem -= rdlen
+ n += rdlen
+ if rem == 0
+ rekey([][:])
+ ;;
+ ;;
+}
+
+const stir = {
+ var entropy : byte[40]
+ rekey(entropy[:])
+ std.slfill(entropy[:], 0)
+ std.slfill(buf[:], 0)
+ rem = 0
+ cnt = 0
+}
+
+const rekey = {entropy
+ var len
+
+ chacha20encrypt(&ctx, buf[:], buf[:])
+ len = std.min(buf.len, entropy.len)
+ for var i = 0; i < len; i++
+ buf[i] ^= entropy[i]
+ ;;
+ init(buf[:])
+ std.slfill(buf[:40], 0)
+ rem = buf.len - 40
+}
+
+const init = {buf
+ chacha20keysetup(&ctx, buf[:32])
+ chacha20ivsetup(&ctx, buf[32:40])
+}