security/manager/boot/src/nsEntropyCollector.cpp@b8a032363ba2 (annotated)
security/manager/boot/src/nsEntropyCollector.cpp
Thu, 22 Jan 2015 13:21:57 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 22 Jan 2015 13:21:57 +0100
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
- permissions
- -rw-r--r--
Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6
| michael@0 | 1 | /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ |
| michael@0 | 2 | /* This Source Code Form is subject to the terms of the Mozilla Public |
| michael@0 | 3 | * License, v. 2.0. If a copy of the MPL was not distributed with this |
| michael@0 | 4 | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| michael@0 | 5 | |
| michael@0 | 6 | #include "prlog.h" |
| michael@0 | 7 | #include "nsEntropyCollector.h" |
| michael@0 | 8 | #include "nsAlgorithm.h" |
| michael@0 | 9 | #include <algorithm> |
| michael@0 | 10 | |
| michael@0 | 11 | nsEntropyCollector::nsEntropyCollector() |
| michael@0 | 12 | :mBytesCollected(0), mWritePointer(mEntropyCache) |
| michael@0 | 13 | { |
| michael@0 | 14 | // We could use the uninitialized memory in mEntropyCache as initial |
| michael@0 | 15 | // random data, but that means (if any entropy is collected before NSS |
| michael@0 | 16 | // initialization and then forwarded) that we'll get warnings from |
| michael@0 | 17 | // tools like valgrind for every later operation that depends on the |
| michael@0 | 18 | // entropy. |
| michael@0 | 19 | memset(mEntropyCache, 0, sizeof(mEntropyCache)); |
| michael@0 | 20 | } |
| michael@0 | 21 | |
| michael@0 | 22 | nsEntropyCollector::~nsEntropyCollector() |
| michael@0 | 23 | { |
| michael@0 | 24 | } |
| michael@0 | 25 | |
| michael@0 | 26 | NS_IMPL_ISUPPORTS(nsEntropyCollector, |
| michael@0 | 27 | nsIEntropyCollector, |
| michael@0 | 28 | nsIBufEntropyCollector) |
| michael@0 | 29 | |
| michael@0 | 30 | NS_IMETHODIMP |
| michael@0 | 31 | nsEntropyCollector::RandomUpdate(void *new_entropy, int32_t bufLen) |
| michael@0 | 32 | { |
| michael@0 | 33 | if (bufLen > 0) { |
| michael@0 | 34 | if (mForwardTarget) { |
| michael@0 | 35 | return mForwardTarget->RandomUpdate(new_entropy, bufLen); |
| michael@0 | 36 | } |
| michael@0 | 37 | else { |
| michael@0 | 38 | const unsigned char *InputPointer = (const unsigned char *)new_entropy; |
| michael@0 | 39 | const unsigned char *PastEndPointer = mEntropyCache + entropy_buffer_size; |
| michael@0 | 40 | |
| michael@0 | 41 | // if the input is large, we only take as much as we can store |
| michael@0 | 42 | int32_t bytes_wanted = std::min(bufLen, int32_t(entropy_buffer_size)); |
| michael@0 | 43 | |
| michael@0 | 44 | // remember the number of bytes we will have after storing new_entropy |
| michael@0 | 45 | mBytesCollected = std::min(int32_t(entropy_buffer_size), |
| michael@0 | 46 | mBytesCollected + bytes_wanted); |
| michael@0 | 47 | |
| michael@0 | 48 | // as the above statements limit bytes_wanted to the entropy_buffer_size, |
| michael@0 | 49 | // this loop will iterate at most twice. |
| michael@0 | 50 | while (bytes_wanted > 0) { |
| michael@0 | 51 | |
| michael@0 | 52 | // how many bytes to end of cyclic buffer? |
| michael@0 | 53 | const int32_t space_to_end = PastEndPointer - mWritePointer; |
| michael@0 | 54 | |
| michael@0 | 55 | // how many bytes can we copy, not reaching the end of the buffer? |
| michael@0 | 56 | const int32_t this_time = std::min(space_to_end, bytes_wanted); |
| michael@0 | 57 | |
| michael@0 | 58 | // copy at most to the end of the cyclic buffer |
| michael@0 | 59 | for (int32_t i = 0; i < this_time; ++i) { |
| michael@0 | 60 | |
| michael@0 | 61 | unsigned int old = *mWritePointer; |
| michael@0 | 62 | |
| michael@0 | 63 | // combine new and old value already stored in buffer |
| michael@0 | 64 | // this logic comes from PSM 1 |
| michael@0 | 65 | *mWritePointer++ = ((old << 1) | (old >> 7)) ^ *InputPointer++; |
| michael@0 | 66 | } |
| michael@0 | 67 | |
| michael@0 | 68 | PR_ASSERT(mWritePointer <= PastEndPointer); |
| michael@0 | 69 | PR_ASSERT(mWritePointer >= mEntropyCache); |
| michael@0 | 70 | |
| michael@0 | 71 | // have we arrived at the end of the buffer? |
| michael@0 | 72 | if (PastEndPointer == mWritePointer) { |
| michael@0 | 73 | // reset write pointer back to begining of our buffer |
| michael@0 | 74 | mWritePointer = mEntropyCache; |
| michael@0 | 75 | } |
| michael@0 | 76 | |
| michael@0 | 77 | // subtract the number of bytes we have already copied |
| michael@0 | 78 | bytes_wanted -= this_time; |
| michael@0 | 79 | } |
| michael@0 | 80 | } |
| michael@0 | 81 | } |
| michael@0 | 82 | |
| michael@0 | 83 | return NS_OK; |
| michael@0 | 84 | } |
| michael@0 | 85 | |
| michael@0 | 86 | NS_IMETHODIMP |
| michael@0 | 87 | nsEntropyCollector::ForwardTo(nsIEntropyCollector *aCollector) |
| michael@0 | 88 | { |
| michael@0 | 89 | NS_PRECONDITION(!mForwardTarget, "|ForwardTo| should only be called once."); |
| michael@0 | 90 | |
| michael@0 | 91 | mForwardTarget = aCollector; |
| michael@0 | 92 | mForwardTarget->RandomUpdate(mEntropyCache, mBytesCollected); |
| michael@0 | 93 | mBytesCollected = 0; |
| michael@0 | 94 | |
| michael@0 | 95 | return NS_OK; |
| michael@0 | 96 | } |
| michael@0 | 97 | |
| michael@0 | 98 | NS_IMETHODIMP |
| michael@0 | 99 | nsEntropyCollector::DontForward() |
| michael@0 | 100 | { |
| michael@0 | 101 | mForwardTarget = nullptr; |
| michael@0 | 102 | return NS_OK; |
| michael@0 | 103 | } |
