Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fast rng squashed #702

Merged
merged 10 commits into from Feb 14, 2019
Merged

Fast rng squashed #702

merged 10 commits into from Feb 14, 2019

Conversation

Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@nmathewson @coveralls @torproject-pusher
@nmathewson
Copy link
Contributor

@nmathewson nmathewson commented Feb 14, 2019

No description provided.

nmathewson added 10 commits Feb 7, 2019
@nmathewson
Code for anonymous mappings via mmap() or CreateFileMapping().
8ca808f 
Using an anonymous mmap() is a good way to get pages that we can set
kernel-level flags on, like minherit() or madvise() or mlock().
We're going to use that so that we can make uninheritable locked
pages to store PRNG data.
@nmathewson
Remove extraneous #if/#endif wrapper in crypto_rand.c
21d184a 
I don't know how this got here, but this kind of a wrapper only
belongs in a header file.
@nmathewson
Extract numeric CSPRNG functions into a new module.
a49149f 
Some of the code for getting a random value within a range wants to
be shared between crypto_rand() and the new crypto_fast_rng() code.
@nmathewson
Extract the common body of our random-int functions into a macro
622a9a8 
This is the second part of refactoring the random-int-in-range code.
@nmathewson
Extract RNG tests into a new test module
3d3578a 
test_crypto.c is pretty big; it wouldn't hurt to split it up some
more before I start adding stuff to the PRNG tests.
@nmathewson
Implement a fast aes-ctr prng
f3cbd64 
This module is currently implemented to use the same technique as
libottery (later used by the bsds' arc4random replacement), using
AES-CTR-256 as its underlying stream cipher.  It's backtracking-
resistant immediately after each call, and prediction-resistant
after a while.

Here's how it works:

We generate psuedorandom bytes using AES-CTR-256.  We generate BUFLEN bytes
at a time.  When we do this, we keep the first SEED_LEN bytes as the key
and the IV for our next invocation of AES_CTR, and yield the remaining
BUFLEN - SEED_LEN bytes to the user as they invoke the PRNG.  As we yield
bytes to the user, we clear them from the buffer.

Every RESEED_AFTER times we refill the buffer, we mix in an additional
SEED_LEN bytes from our strong PRNG into the seed.

If the user ever asks for a huge number of bytes at once, we pull SEED_LEN
bytes from the PRNG and use them with our stream cipher to fill the user's
request.
@nmathewson
Add a benchmark for our several PRNGs.
490e187
@nmathewson
Add a test-rng program so we can pipe to dieharder.
acbde10
@nmathewson
Add test for crypto_fast_rng_get_double().
3f28b98
@nmathewson
Add whitebox test for the long-output optimization of fast_rng
6a29aa7
@torproject-pusher torproject-pusher merged commit 6a29aa7 into torproject:master Feb 14, 2019
1 of 2 checks passed
@coveralls
Copy link

@coveralls coveralls commented Feb 15, 2019

Pull Request Test Coverage Report for Build 3801

  • 104 of 112 (92.86%) changed or added relevant lines in 3 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage increased (+0.03%) to 61.778%
Changes Missing Coverage Covered Lines Changed/Added Lines %
src/lib/crypt_ops/crypto_rand_fast.c 50 58 86.21%
Totals Coverage Status
Change from base Build 3799: 0.03%
Covered Lines: 45352
Relevant Lines: 73411
💛 - Coveralls

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment