tor/src
Nick Mathewson f3cbd6426c Implement a fast aes-ctr prng
This module is currently implemented to use the same technique as
libottery (later used by the bsds' arc4random replacement), using
AES-CTR-256 as its underlying stream cipher.  It's backtracking-
resistant immediately after each call, and prediction-resistant
after a while.

Here's how it works:

We generate psuedorandom bytes using AES-CTR-256.  We generate BUFLEN bytes
at a time.  When we do this, we keep the first SEED_LEN bytes as the key
and the IV for our next invocation of AES_CTR, and yield the remaining
BUFLEN - SEED_LEN bytes to the user as they invoke the PRNG.  As we yield
bytes to the user, we clear them from the buffer.

Every RESEED_AFTER times we refill the buffer, we mix in an additional
SEED_LEN bytes from our strong PRNG into the seed.

If the user ever asks for a huge number of bytes at once, we pull SEED_LEN
bytes from the PRNG and use them with our stream cipher to fill the user's
request.
2019-02-14 09:26:40 -05:00
..
app Bump copyright date to 2019 2019-01-16 12:33:22 -05:00
config Merge branch 'maint-0.3.5' 2019-01-07 08:43:46 -05:00
core Bump copyright date to 2019 2019-01-16 12:33:22 -05:00
ext Bump copyright date to 2019 2019-01-16 12:33:22 -05:00
feature Merge branch 'maint-0.3.5' 2019-01-23 11:18:14 -05:00
lib Implement a fast aes-ctr prng 2019-02-14 09:26:40 -05:00
rust Merge branch 'maint-0.3.5' 2019-02-05 08:10:43 -05:00
test Implement a fast aes-ctr prng 2019-02-14 09:26:40 -05:00
tools Bump copyright date to 2019 2019-01-16 12:33:22 -05:00
trunnel Add padding negotiation trunnel output. 2019-01-02 15:12:20 +02:00
win32 Bump to 0.4.0.1-alpha-dev 2019-01-18 10:08:57 -05:00
include.am Move buffers.c out of lib/containers to resolve a circularity. 2018-11-14 16:07:03 -05:00