diff options
| author | Michael Brown | 2018-03-20 19:42:39 +0100 |
|---|---|---|
| committer | Michael Brown | 2018-03-20 19:56:01 +0100 |
| commit | 0d35411f88dd37dda755d52b4549337f8299c698 (patch) | |
| tree | 9129fb0cee236f97af83024b5910cb2cb2b83b08 | |
| parent | [golan] Set log_max_qp to 1 (diff) | |
| download | ipxe-0d35411f88dd37dda755d52b4549337f8299c698.tar.gz ipxe-0d35411f88dd37dda755d52b4549337f8299c698.tar.xz ipxe-0d35411f88dd37dda755d52b4549337f8299c698.zip | |
[rng] Use fixed-point calculations for min-entropy quantities
We currently perform various min-entropy calculations using build-time
floating-point arithmetic. No floating-point code ends up in the
final binary, since the results are eventually converted to integers
and asserted to be compile-time constants.
Though this mechanism is undoubtedly cute, it inhibits us from using
"-mno-sse" to prevent the use of SSE registers by the compiler.
Fix by using fixed-point arithmetic instead.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
| -rw-r--r-- | src/arch/x86/include/ipxe/rtc_entropy.h | 4 | ||||
| -rw-r--r-- | src/crypto/entropy.c | 5 | ||||
| -rw-r--r-- | src/include/ipxe/efi/efi_entropy.h | 4 | ||||
| -rw-r--r-- | src/include/ipxe/entropy.h | 26 | ||||
| -rw-r--r-- | src/include/ipxe/linux/linux_entropy.h | 4 | ||||
| -rw-r--r-- | src/include/ipxe/null_entropy.h | 4 |
6 files changed, 34 insertions, 13 deletions
diff --git a/src/arch/x86/include/ipxe/rtc_entropy.h b/src/arch/x86/include/ipxe/rtc_entropy.h index e214745d..581abcd3 100644 --- a/src/arch/x86/include/ipxe/rtc_entropy.h +++ b/src/arch/x86/include/ipxe/rtc_entropy.h @@ -22,7 +22,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); * * @ret min_entropy min-entropy of each sample */ -static inline __always_inline double +static inline __always_inline min_entropy_t ENTROPY_INLINE ( rtc, min_entropy_per_sample ) ( void ) { /* The min-entropy has been measured on several platforms @@ -38,7 +38,7 @@ ENTROPY_INLINE ( rtc, min_entropy_per_sample ) ( void ) { * safety margin to allow for some potential non-independence * of samples. */ - return 1.3; + return MIN_ENTROPY ( 1.3 ); } extern uint8_t rtc_sample ( void ); diff --git a/src/crypto/entropy.c b/src/crypto/entropy.c index 5acbc025..ced6fd92 100644 --- a/src/crypto/entropy.c +++ b/src/crypto/entropy.c @@ -70,7 +70,8 @@ repetition_count_cutoff ( void ) { * where W is set at 2^(-30) (in ANS X9.82 Part 2 (October * 2011 Draft) Section 8.5.2.1.3.1). */ - max_repetitions = ( 1 + ( 30 / min_entropy_per_sample() ) ); + max_repetitions = ( 1 + ( MIN_ENTROPY ( 30 ) / + min_entropy_per_sample() ) ); /* Round up to a whole number of repetitions. We don't have * the ceil() function available, so do the rounding by hand. @@ -237,7 +238,7 @@ adaptive_proportion_cutoff ( void ) { /* Look up cutoff value in cutoff table */ n = ADAPTIVE_PROPORTION_WINDOW_SIZE; - h = min_entropy_per_sample(); + h = ( min_entropy_per_sample() / MIN_ENTROPY_SCALE ); cutoff = adaptive_proportion_cutoff_lookup ( n, h ); /* Fail unless cutoff value is a build-time constant */ diff --git a/src/include/ipxe/efi/efi_entropy.h b/src/include/ipxe/efi/efi_entropy.h index 39a66735..5b16fd7f 100644 --- a/src/include/ipxe/efi/efi_entropy.h +++ b/src/include/ipxe/efi/efi_entropy.h @@ -22,14 +22,14 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); * * @ret min_entropy min-entropy of each sample */ -static inline __always_inline double +static inline __always_inline min_entropy_t ENTROPY_INLINE ( efi, min_entropy_per_sample ) ( void ) { /* We use essentially the same mechanism as for the BIOS * RTC-based entropy source, and so assume the same * min-entropy per sample. */ - return 1.3; + return MIN_ENTROPY ( 1.3 ); } #endif /* _IPXE_EFI_ENTROPY_H */ diff --git a/src/include/ipxe/entropy.h b/src/include/ipxe/entropy.h index beeb3abf..d2e3ce50 100644 --- a/src/include/ipxe/entropy.h +++ b/src/include/ipxe/entropy.h @@ -52,6 +52,25 @@ typedef uint8_t noise_sample_t; /** An entropy sample */ typedef uint8_t entropy_sample_t; +/** An amount of min-entropy + * + * Expressed as a fixed-point quantity in order to avoid floating + * point calculations. + */ +typedef unsigned int min_entropy_t; + +/** Fixed-point scale for min-entropy amounts */ +#define MIN_ENTROPY_SCALE ( 1 << 16 ) + +/** + * Construct a min-entropy fixed-point value + * + * @v bits min-entropy in bits + * @ret min_entropy min-entropy as a fixed-point value + */ +#define MIN_ENTROPY( bits ) \ + ( ( min_entropy_t ) ( (bits) * MIN_ENTROPY_SCALE ) ) + /* Include all architecture-independent entropy API headers */ #include <ipxe/null_entropy.h> #include <ipxe/efi/efi_entropy.h> @@ -87,7 +106,7 @@ void entropy_disable ( void ); * * This must be a compile-time constant. */ -double min_entropy_per_sample ( void ); +min_entropy_t min_entropy_per_sample ( void ); /** * Get noise sample @@ -142,7 +161,7 @@ get_entropy_input ( unsigned int min_entropy_bits, void *data, size_t min_len, /* Sanity checks */ linker_assert ( ( min_entropy_per_sample() <= - ( 8 * sizeof ( noise_sample_t ) ) ), + MIN_ENTROPY ( 8 * sizeof ( noise_sample_t ) ) ), min_entropy_per_sample_is_impossibly_high ); linker_assert ( ( min_entropy_bits <= ( 8 * max_len ) ), entropy_buffer_too_small ); @@ -151,7 +170,8 @@ get_entropy_input ( unsigned int min_entropy_bits, void *data, size_t min_len, min_entropy_bits = ( ( min_entropy_bits + 7 ) & ~7 ); /* Calculate number of samples required to contain sufficient entropy */ - min_samples = ( ( min_entropy_bits * 1.0 ) / min_entropy_per_sample() ); + min_samples = ( MIN_ENTROPY ( min_entropy_bits ) / + min_entropy_per_sample() ); /* Round up to a whole number of samples. We don't have the * ceil() function available, so do the rounding by hand. diff --git a/src/include/ipxe/linux/linux_entropy.h b/src/include/ipxe/linux/linux_entropy.h index afef6fe1..ea8c1f16 100644 --- a/src/include/ipxe/linux/linux_entropy.h +++ b/src/include/ipxe/linux/linux_entropy.h @@ -20,7 +20,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); * * @ret min_entropy min-entropy of each sample */ -static inline __always_inline double +static inline __always_inline min_entropy_t ENTROPY_INLINE ( linux, min_entropy_per_sample ) ( void ) { /* linux_get_noise() reads a single byte from /dev/random, @@ -28,7 +28,7 @@ ENTROPY_INLINE ( linux, min_entropy_per_sample ) ( void ) { * entropy is available. We therefore assume that each sample * contains exactly 8 bits of entropy. */ - return 8.0; + return MIN_ENTROPY ( 8.0 ); } #endif /* _IPXE_LINUX_ENTROPY_H */ diff --git a/src/include/ipxe/null_entropy.h b/src/include/ipxe/null_entropy.h index 91adefa6..5a6bb621 100644 --- a/src/include/ipxe/null_entropy.h +++ b/src/include/ipxe/null_entropy.h @@ -30,14 +30,14 @@ ENTROPY_INLINE ( null, entropy_disable ) ( void ) { /* Do nothing */ } -static inline __always_inline double +static inline __always_inline min_entropy_t ENTROPY_INLINE ( null, min_entropy_per_sample ) ( void ) { /* Actual amount of min-entropy is zero. To avoid * division-by-zero errors and to allow compilation of * entropy-consuming code, pretend to have 1 bit of entropy in * each sample. */ - return 1.0; + return MIN_ENTROPY ( 1.0 ); } static inline __always_inline int |