Improve clarity

2017-11-26 13:05:47 +01:00 · 2017-11-26 13:05:47 +01:00 · 4098a12635
commit 4098a12635
parent f5a4064646
1 changed files with 104 additions and 58 deletions
--- a/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c
+++ b/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c
@ -62,6 +62,13 @@ BOOLEAN NTAPI RtlGenRandom(PVOID RandomBuffer, ULONG RandomBufferLength);
 #ifndef SSIZE_MAX
 # define SSIZE_MAX (SIZE_MAX / 2 - 1)
 #endif
+#ifndef S_ISNAM
+# ifdef __COMPCERT__
+#  define S_ISNAM(X) 1
+# else
+#  define S_ISNAM(X) 0
+# endif
+#endif

 #ifndef TLS
 # ifdef _WIN32
@ -99,34 +106,53 @@ static TLS Salsa20Random stream = {
    SODIUM_C99(.rnd32_outleft =) (size_t) 0U
 };

+
+/*
+ * Get a high-resolution timestamp, as a uint64_t value
+ */
+
+#ifdef _WIN32
 static uint64_t
 sodium_hrtime(void)
 {
-    uint64_t ts;
-
-#ifdef _WIN32
-    {
-        struct _timeb tb;
+    struct _timeb tb;
 # pragma warning(push)
 # pragma warning(disable: 4996)
-        _ftime(&tb);
+    _ftime(&tb);
 # pragma warning(pop)
-        ts = ((uint64_t) tb.time) * 1000000U + ((uint64_t) tb.millitm) * 1000U;
-    }
-#else
-    {
-        struct timeval tv;
-
-        if (gettimeofday(&tv, NULL) != 0) {
-            sodium_misuse(); /* LCOV_EXCL_LINE */
-        }
-        ts = ((uint64_t) tv.tv_sec) * 1000000U + (uint64_t) tv.tv_usec;
-    }
-#endif
-    return ts;
+    return ((uint64_t) tb.time) * 1000000U + ((uint64_t) tb.millitm) * 1000U;
 }

-#ifndef _WIN32
+#else /* _WIN32 */
+
+static uint64_t
+sodium_hrtime(void)
+{
+    struct   timeval tv;
+
+    if (gettimeofday(&tv, NULL) != 0) {
+        sodium_misuse(); /* LCOV_EXCL_LINE */
+    }
+    return ((uint64_t) tv.tv_sec) * 1000000U + (uint64_t) tv.tv_usec;
+}
+#endif
+
+/*
+ * Initialize the entropy source
+ */
+
+#ifdef _WIN32
+
+static void
+randombytes_salsa20_random_init(void)
+{
+    stream.nonce = sodium_hrtime();
+    assert(stream.nonce != (uint64_t) 0U);
+    global.rdrand_available = sodium_runtime_has_rdrand();
+}
+
+#else /* _WIN32 */
+
 static ssize_t
 safe_read(const int fd, void * const buf_, size_t size)
 {
@ -150,9 +176,7 @@ safe_read(const int fd, void * const buf_, size_t size)

    return (ssize_t) (buf - (unsigned char *) buf_);
 }
-#endif

-#ifndef _WIN32
 # if defined(__linux__) && !defined(USE_BLOCKING_RANDOM) && !defined(NO_BLOCKING_RANDOM_POLL)
 static int
 randombytes_block_on_dev_random(void)
@ -203,13 +227,7 @@ randombytes_salsa20_random_random_dev_open(void)
    do {
        fd = open(*device, O_RDONLY);
        if (fd != -1) {
-            if (fstat(fd, &st) == 0 &&
-# if defined(S_ISNAM)
-                (S_ISNAM(st.st_mode) || S_ISCHR(st.st_mode))
-# else
-                S_ISCHR(st.st_mode)
-# endif
-               ) {
+            if (fstat(fd, &st) == 0 && (S_ISNAM(st.st_mode) || S_ISCHR(st.st_mode))) {
 #  if defined(F_SETFD) && defined(FD_CLOEXEC)
                (void) fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
 #  endif
@ -302,27 +320,11 @@ randombytes_salsa20_random_init(void)
 # endif /* HAVE_SAFE_ARC4RANDOM */
 }

-#else /* _WIN32 */
+#endif /* _WIN32 */

-static void
-randombytes_salsa20_random_init(void)
-{
-    stream.nonce = sodium_hrtime();
-    assert(stream.nonce != (uint64_t) 0U);
-    global.rdrand_available = sodium_runtime_has_rdrand();
-}
-#endif
-
-static void
-randombytes_salsa20_random_xorkey(const unsigned char * const mix)
-{
-    unsigned char *key = stream.key;
-    size_t         i;
-
-    for (i = (size_t) 0U; i < sizeof stream.key; i++) {
-        key[i] ^= mix[i];
-    }
-}
+/*
+ * (Re)seed the generator using the entropy source
+ */

 static void
 randombytes_salsa20_random_stir(void)
@ -374,6 +376,10 @@ randombytes_salsa20_random_stir(void)
    stream.initialized = 1;
 }

+/*
+ * Reseed the generator if it hasn't been initialized yet
+ */
+
 static void
 randombytes_salsa20_random_stir_if_needed(void)
 {
@ -390,12 +396,30 @@ randombytes_salsa20_random_stir_if_needed(void)
 #endif
 }

+/*
+ * Close the stream, free global resources
+ */
+
+#ifdef _WIN32
+static int
+randombytes_salsa20_random_close(void)
+{
+    int ret = -1;
+
+    if (global.initialized != 0) {
+        global.initialized = 0;
+        ret = 0;
+    }
+    sodium_memzero(&stream, sizeof stream);
+
+    return ret;
+}
+#else
 static int
 randombytes_salsa20_random_close(void)
 {
    int ret = -1;

-#ifndef _WIN32
    if (global.random_data_source_fd != -1 &&
        close(global.random_data_source_fd) == 0) {
        global.random_data_source_fd = -1;
@ -416,19 +440,16 @@ randombytes_salsa20_random_close(void)
    }
 # endif

-#else /* _WIN32 */
-    if (global.initialized != 0) {
-        global.initialized = 0;
-        ret = 0;
-    }
-#endif
-
    sodium_memzero(&stream, sizeof stream);

    return ret;
 }
+#endif
+
+/*
+ * RDRAND is only used to mitigate prediction if a key is compromised
+ */

-/* RDRAND is only used to mitigate prediction if a key is compromised */
 static void
 randombytes_salsa20_random_xorhwrand(void)
 {
@ -444,6 +465,25 @@ randombytes_salsa20_random_xorhwrand(void)
 #endif
 }

+/*
+ * XOR the key with another same-length secret
+ */
+
+static inline void
+randombytes_salsa20_random_xorkey(const unsigned char * const mix)
+{
+    unsigned char *key = stream.key;
+    size_t         i;
+
+    for (i = (size_t) 0U; i < sizeof stream.key; i++) {
+        key[i] ^= mix[i];
+    }
+}
+
+/*
+ * Put `size` random bytes into `buf` and overwrite the key
+ */
+
 static void
 randombytes_salsa20_random_buf(void * const buf, const size_t size)
 {
@ -470,6 +510,12 @@ randombytes_salsa20_random_buf(void * const buf, const size_t size)
                              (unsigned char *) &stream.nonce, stream.key);
 }

+/*
+ * Pop a 32-bit value from the random pool
+ *
+ * Overwrite the key after the pool gets refilled.
+ */
+
 static uint32_t
 randombytes_salsa20_random(void)
 {