diff options
| author | Werner Koch <wk@gnupg.org> | 2016-08-08 12:08:43 +0200 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2016-08-17 10:51:10 +0200 |
| commit | 2f62103b4bb6d6f9ce806e01afb7fdc58aa33513 (patch) | |
| tree | 32193be9675c23becf3235b18c24dd1425492b3d /random/random-csprng.c | |
| parent | f38199dbc290003898a1799adc367265267784c2 (diff) | |
| download | libgcrypt-2f62103b4bb6d6f9ce806e01afb7fdc58aa33513.tar.gz | |
random: Improve the diagram showing the random mixing
* random/random-csprng.c (mix_pool): Use DIGESTLEN instead of 20.
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'random/random-csprng.c')
| -rw-r--r-- | random/random-csprng.c | 88 |
1 files changed, 48 insertions, 40 deletions
diff --git a/random/random-csprng.c b/random/random-csprng.c index a0bfc783..54ec2774 100644 --- a/random/random-csprng.c +++ b/random/random-csprng.c @@ -548,41 +548,49 @@ _gcry_rngcsprng_randomize (void *buffer, size_t length, /* - Mix the pool: - - |........blocks*20byte........|20byte|..44byte..| - <..44byte..> <20byte> - | | - | +------+ - +---------------------------|----------+ - v v - |........blocks*20byte........|20byte|..44byte..| - <.....64bytes.....> - | - +----------------------------------+ - Hash - v - |.............................|20byte|..44byte..| - <20byte><20byte><..44byte..> - | | - | +---------------------+ - +-----------------------------+ | - v v - |.............................|20byte|..44byte..| - <.....64byte......> - | - +-------------------------+ - Hash - v - |.............................|20byte|..44byte..| - <20byte><20byte><..44byte..> - - and so on until we did this for all blocks. - - To better protect against implementation errors in this code, we - xor a digest of the entire pool into the pool before mixing. - - Note: this function must only be called with a locked pool. + * Mix the 600 byte pool. Note that the 64 byte scratch area directly + * follows the pool. The numbers in the diagram give the number of + * bytes. + * <................600...............> <.64.> + * pool |------------------------------------| |------| + * <..44..> <20> + * | | + * | +-----+ + * +-----------------------------------|--+ + * v v + * |------| + * <hash> + * | + * +---------------------------------------+ + * v + * <20> + * pool' |------------------------------------| + * <20><20><..44..> + * | | + * | +------------------------------+ + * +-------------------------------------+ | + * v v + * |------| + * <hash> + * | + * +-----------------------------------+ + * v + * <20> + * pool'' |------------------------------------| + * <20><20><20><..44..> + * | | + * | +--------------------------+ + * +---------------------------------+ | + * v v + * |------| + * <hash> + * + * and so on until we did this for all 30 blocks. + * + * To better protect against implementation errors in this code, we + * xor a digest of the entire pool into the pool before mixing. + * + * Note: this function must only be called with a locked pool. */ static void mix_pool(unsigned char *pool) @@ -605,14 +613,14 @@ mix_pool(unsigned char *pool) /* Loop over the pool. */ pend = pool + POOLSIZE; - memcpy(hashbuf, pend - DIGESTLEN, DIGESTLEN ); - memcpy(hashbuf+DIGESTLEN, pool, BLOCKLEN-DIGESTLEN); + memcpy (hashbuf, pend - DIGESTLEN, DIGESTLEN ); + memcpy (hashbuf+DIGESTLEN, pool, BLOCKLEN-DIGESTLEN); nburn = _gcry_sha1_mixblock (&md, hashbuf); - memcpy(pool, hashbuf, 20 ); + memcpy (pool, hashbuf, DIGESTLEN); if (failsafe_digest_valid && pool == rndpool) { - for (i=0; i < 20; i++) + for (i=0; i < DIGESTLEN; i++) pool[i] ^= failsafe_digest[i]; } @@ -637,7 +645,7 @@ mix_pool(unsigned char *pool) } _gcry_sha1_mixblock (&md, hashbuf); - memcpy(p, hashbuf, 20 ); + memcpy(p, hashbuf, DIGESTLEN); } /* Our hash implementation does only leave small parts (64 bytes) |