Commit Graph

6 Commits

Author SHA1 Message Date
Nick Mathewson
4f02812242 It's 2020. Update the copyright dates with "make update-copyright" 2020-01-08 18:39:17 -05:00
Nick Mathewson
208f04e9b8 Add a quick test for get_thread_fast_rng() 2019-02-19 15:36:11 -05:00
Nick Mathewson
6a29aa7b8c Add whitebox test for the long-output optimization of fast_rng 2019-02-14 09:26:40 -05:00
Nick Mathewson
3f28b98220 Add test for crypto_fast_rng_get_double(). 2019-02-14 09:26:40 -05:00
Nick Mathewson
f3cbd6426c Implement a fast aes-ctr prng
This module is currently implemented to use the same technique as
libottery (later used by the bsds' arc4random replacement), using
AES-CTR-256 as its underlying stream cipher.  It's backtracking-
resistant immediately after each call, and prediction-resistant
after a while.

Here's how it works:

We generate psuedorandom bytes using AES-CTR-256.  We generate BUFLEN bytes
at a time.  When we do this, we keep the first SEED_LEN bytes as the key
and the IV for our next invocation of AES_CTR, and yield the remaining
BUFLEN - SEED_LEN bytes to the user as they invoke the PRNG.  As we yield
bytes to the user, we clear them from the buffer.

Every RESEED_AFTER times we refill the buffer, we mix in an additional
SEED_LEN bytes from our strong PRNG into the seed.

If the user ever asks for a huge number of bytes at once, we pull SEED_LEN
bytes from the PRNG and use them with our stream cipher to fill the user's
request.
2019-02-14 09:26:40 -05:00
Nick Mathewson
3d3578ab41 Extract RNG tests into a new test module
test_crypto.c is pretty big; it wouldn't hurt to split it up some
more before I start adding stuff to the PRNG tests.
2019-02-14 09:26:40 -05:00