1 files changed, 123 insertions, 0 deletions

diff --git a/src/cryptech_random.c b/src/cryptech_random.c
new file mode 100644
index 0000000..d8f711b
--- /dev/null
+++ b/src/cryptech_random.c
@@ -0,0 +1,123 @@
+/* 
+ * cryptech_random.c
+ * -----------------
+ *
+ * This is a shim to connect the Cryptech TRNG to Cryptlib's CSPRNG.
+ *
+ * Prototype HAL code for the Cryptech environment already provides
+ * the RNG code required by the HAL, but it doesn't look like Cryptlib
+ * itself ever calls that, it only seems to use the system device's
+ * random function.  So this shim just uses the code we already wrote
+ * to meet the HAL API requirement to feed Cryptlib's CSPRNG.
+ *
+ * Whether it makes sense to use what we hope is already a good TRNG
+ * just to provide entropy for a CSPRNG is a question for another day.
+ *
+ * Author: Rob Austein
+ * Copyright (c) 2014, SUNET
+ * 
+ * Redistribution and use in source and binary forms, with or 
+ * without modification, are permitted provided that the following 
+ * conditions are met: 
+ * 
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in 
+ *    the documentation and/or other materials provided with the 
+ *    distribution. 
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#if defined( INC_ALL )
+  #include "crypt.h"
+  #include "context.h"
+  #include "hardware.h"
+  #include "random.h"
+#else
+  #include "crypt.h"
+  #include "context/context.h"
+  #include "device/hardware.h"
+  #include "random/random.h"
+#endif
+
+#define FAST_BUFSIZE    bitsToBytes(64)
+#define SLOW_BUFSIZE    (5 * FAST_BUFSIZE)
+
+void fastPoll(void)
+{
+  MESSAGE_DATA msgData;
+  unsigned char buffer[FAST_BUFSIZE];
+
+  if (hwGetRandom(buffer, sizeof(buffer)) == CRYPT_OK) {
+	setMessageData(&msgData, buffer, sizeof(buffer));
+    krnlSendMessage(SYSTEM_OBJECT_HANDLE, IMESSAGE_SETATTRIBUTE_S, &msgData, CRYPT_IATTRIBUTE_ENTROPY);
+    zeroise(buffer, sizeof(buffer));
+  }
+}
+
+void slowPoll(void)
+{
+  MESSAGE_DATA msgData;
+  unsigned char buffer[SLOW_BUFSIZE];
+  int quality = 100;
+
+  if (hwGetRandom(buffer, sizeof(buffer)) == CRYPT_OK) {
+	setMessageData(&msgData, buffer, sizeof(buffer));
+    krnlSendMessage(SYSTEM_OBJECT_HANDLE, IMESSAGE_SETATTRIBUTE_S, &msgData, CRYPT_IATTRIBUTE_ENTROPY);
+    zeroise(buffer, sizeof(buffer));
+    krnlSendMessage(SYSTEM_OBJECT_HANDLE, IMESSAGE_SETATTRIBUTE, &quality, CRYPT_IATTRIBUTE_ENTROPY_QUALITY);
+  }
+}
+
+/*
+ * Might patch these out in random/random.h eventually, but no-op
+ * stubs will do for testing.
+ */
+
+void initRandomPolling(void)
+{
+  return;
+}
+
+void endRandomPolling(void)
+{
+  return;
+}
+
+CHECK_RETVAL \
+int waitforRandomCompletion(const BOOLEAN force)
+{
+  return CRYPT_OK;
+}
+
+CHECK_RETVAL_BOOL \
+BOOLEAN checkForked(void)
+{
+  return FALSE;
+}
+
+/*
+ * "Any programmer who fails to comply with the standard naming, formatting,
+ *  or commenting conventions should be shot.  If it so happens that it is
+ *  inconvenient to shoot him, then he is to be politely requested to recode
+ *  his program in adherence to the above standard."
+ *                      -- Michael Spier, Digital Equipment Corporation
+ *
+ * Local variables:
+ * indent-tabs-mode: nil
+ * End:
+ */