No need to add a dependency on blake2 here, use salsa20 as an extractor
This commit is contained in:
Frank Denis
parent
3998cd7228
commit
23af44d1ed
@ -27,7 +27,6 @@
|
|||||||
|
|
||||||
#include "core.h"
|
#include "core.h"
|
||||||
#include "crypto_core_salsa20.h"
|
#include "crypto_core_salsa20.h"
|
||||||
#include "crypto_generichash.h"
|
|
||||||
#include "crypto_stream_salsa20.h"
|
#include "crypto_stream_salsa20.h"
|
||||||
#include "private/common.h"
|
#include "private/common.h"
|
||||||
#include "randombytes.h"
|
#include "randombytes.h"
|
||||||
@ -50,7 +49,6 @@ BOOLEAN NTAPI RtlGenRandom(PVOID RandomBuffer, ULONG RandomBufferLength);
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#define SALSA20_RANDOM_BLOCK_SIZE crypto_core_salsa20_OUTPUTBYTES
|
#define SALSA20_RANDOM_BLOCK_SIZE crypto_core_salsa20_OUTPUTBYTES
|
||||||
#define HASH_BLOCK_SIZE 128U
|
|
||||||
|
|
||||||
#if defined(__OpenBSD__) || defined(__CloudABI__)
|
#if defined(__OpenBSD__) || defined(__CloudABI__)
|
||||||
# define HAVE_SAFE_ARC4RANDOM 1
|
# define HAVE_SAFE_ARC4RANDOM 1
|
||||||
@ -308,16 +306,8 @@ randombytes_salsa20_random_xorkey(const unsigned char * const mix)
|
|||||||
static void
|
static void
|
||||||
randombytes_salsa20_random_stir(void)
|
randombytes_salsa20_random_stir(void)
|
||||||
{
|
{
|
||||||
/* constant to personalize the hash function */
|
unsigned char m0[crypto_stream_salsa20_KEYBYTES +
|
||||||
const unsigned char hsigma[crypto_generichash_KEYBYTES] = {
|
crypto_stream_salsa20_NONCEBYTES];
|
||||||
0x54, 0x68, 0x69, 0x73, 0x49, 0x73, 0x4a, 0x75,
|
|
||||||
0x73, 0x74, 0x41, 0x54, 0x68, 0x69, 0x72, 0x74,
|
|
||||||
0x79, 0x54, 0x77, 0x6f, 0x42, 0x79, 0x74, 0x65,
|
|
||||||
0x73, 0x53, 0x65, 0x65, 0x64, 0x2e, 0x2e, 0x2e
|
|
||||||
};
|
|
||||||
unsigned char m0[crypto_stream_salsa20_KEYBYTES + HASH_BLOCK_SIZE];
|
|
||||||
unsigned char *k0 = m0 + crypto_stream_salsa20_KEYBYTES;
|
|
||||||
size_t sizeof_k0 = sizeof m0 - crypto_stream_salsa20_KEYBYTES;
|
|
||||||
|
|
||||||
memset(stream.rnd32, 0, sizeof stream.rnd32);
|
memset(stream.rnd32, 0, sizeof stream.rnd32);
|
||||||
stream.rnd32_outleft = (size_t) 0U;
|
stream.rnd32_outleft = (size_t) 0U;
|
||||||
@ -352,12 +342,9 @@ randombytes_salsa20_random_stir(void)
|
|||||||
sodium_misuse(); /* LCOV_EXCL_LINE */
|
sodium_misuse(); /* LCOV_EXCL_LINE */
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
if (crypto_generichash(stream.key, sizeof stream.key, k0, sizeof_k0,
|
|
||||||
hsigma, sizeof hsigma) != 0) {
|
crypto_stream_salsa20(stream.key, sizeof stream.key,
|
||||||
abort(); /* really abort -- it should never happen */ /* LCOV_EXCL_LINE */
|
m0 + crypto_stream_salsa20_KEYBYTES, m0);
|
||||||
}
|
|
||||||
COMPILER_ASSERT(sizeof stream.key <= sizeof m0);
|
|
||||||
randombytes_salsa20_random_xorkey(m0);
|
|
||||||
sodium_memzero(m0, sizeof m0);
|
sodium_memzero(m0, sizeof m0);
|
||||||
#ifdef HAVE_GETPID
|
#ifdef HAVE_GETPID
|
||||||
stream.pid = getpid();
|
stream.pid = getpid();
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user