Remove Yarrow PRNG implementation

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24660 dc483132-0cff-0310-8789-dd5450dbe970

6 files changed, 1 insertions, 465 deletions

diff --git a/src/lib/crypto/crypto_tests/Makefile.in b/src/lib/crypto/crypto_tests/Makefile.in
index 50700fd6c..81f9b5e0a 100644
--- a/src/lib/crypto/crypto_tests/Makefile.in
+++ b/src/lib/crypto/crypto_tests/Makefile.in
@@ -37,17 +37,13 @@ EXTRADEPSRCS=\
 	$(srcdir)/t_short.c	\
 	$(srcdir)/t_str2key.c	\
 	$(srcdir)/t_derive.c	\
-	$(srcdir)/t_fork.c	\
-	$(srcdir)/ytest.c	
+	$(srcdir)/t_fork.c
 
 ##DOS##BUILDTOP = ..\..\..
 
 # NOTE: The t_cksum known checksum values are primarily for regression
 # testing.  They are not derived a priori, but are known to produce
 # checksums that interoperate.
-#
-# We use the NSS PRNG when NSS is the crypto back end, so don't test
-# against the expected output for Yarrow.
 check-unix:: t_nfold t_encrypt t_decrypt t_prf t_prng t_cmac t_hmac \
 		t_cksum4 t_cksum5 t_cksums \
 		aes-test  \
@@ -58,9 +54,6 @@ check-unix:: t_nfold t_encrypt t_decrypt t_prf t_prng t_cmac t_hmac \
 	$(RUN_SETUP) $(VALGRIND) ./t_encrypt
 	$(RUN_SETUP) $(VALGRIND) ./t_decrypt
 	$(RUN_SETUP) $(VALGRIND) ./t_prng <$(srcdir)/t_prng.seed >t_prng.output
-	if [ $(PRNG_ALG) = yarrow ]; then \
-		diff t_prng.output $(srcdir)/t_prng.expected; \
-	fi
 	$(RUN_SETUP) $(VALGRIND) ./t_cmac
 	$(RUN_SETUP) $(VALGRIND) ./t_hmac
 	$(RUN_SETUP) $(VALGRIND) ./t_prf <$(srcdir)/t_prf.in >t_prf.output
@@ -172,11 +165,6 @@ t_derive$(EXEEXT): t_derive.$(OBJEXT) $(SUPPORT_DEPLIB)
 t_fork$(EXEEXT): t_fork.$(OBJEXT) $(SUPPORT_DEPLIB)
 	$(CC_LINK) -o $@ t_fork.$(OBJEXT) -lkrb5 -lk5crypto -lcom_err $(SUPPORT_LIB)
 
-ytest: ytest.o shs.o $(SUPPORT_DEPLIB) $(CRYPTO_DEPLIB)
-	$(CC_LINK) -o ytest ytest.o  $(SUPPORT_LIB)  $(CRYPTO_DEPLIB)
-
-
-
 clean::
 	$(RM) t_nfold.o t_nfold nfold.$(OBJEXT) t_encrypt t_encrypt.o \
 		t_decrypt.o t_decrypt t_prng.o t_prng t_cmac.o t_cmac \
diff --git a/src/lib/crypto/crypto_tests/deps b/src/lib/crypto/crypto_tests/deps
index 73505bf1a..03010c0c8 100644
--- a/src/lib/crypto/crypto_tests/deps
+++ b/src/lib/crypto/crypto_tests/deps
@@ -207,17 +207,3 @@ $(OUTPRE)t_fork.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \
   $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
   $(top_srcdir)/include/socket-utils.h t_fork.c
-$(OUTPRE)ytest.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../builtin/sha1/shs.h \
-  $(srcdir)/../builtin/yhash.h $(srcdir)/../krb/prng/yarrow/yarrow.h \
-  $(srcdir)/../krb/prng/yarrow/ycipher.h $(srcdir)/../krb/prng/yarrow/yexcep.h \
-  $(srcdir)/../krb/prng/yarrow/ytypes.h $(top_srcdir)/include/k5-buf.h \
-  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
-  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
-  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
-  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
-  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
-  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \
-  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
-  $(top_srcdir)/include/socket-utils.h ytest.c
diff --git a/src/lib/crypto/crypto_tests/t_prng.reseedtest b/src/lib/crypto/crypto_tests/t_prng.reseedtest
deleted file mode 100644
index 5eee0c064..000000000
--- a/src/lib/crypto/crypto_tests/t_prng.reseedtest
+++ /dev/null
@@ -1,31 +0,0 @@
-1
-160
- cb 12 70 40 ee fb 76 2e 32 0d f1 0c a7 a9 36 f8
- c8 f3 35 4e 0f 51 18 cd 25 0f 48 5b e4 97 aa 4f
- be 7e 93 af dd 15 29 fc 24 4f 0b 9a 9b 1d ad 7f
- 32 c8 a6 96 d4 34 aa 83 d2 d7 33 b0 2f aa ba f6
- cf 8c 78 ad 8a 52 e1 48 e4 7c a7 c5 57 49 31 ea
- db b7 9b 6b ab 13 f3 12 a5 ec 67 db 1e 83 73 be
- ca 59 fc ed 29 8c f3 ef ca fd 81 55 fa 91 3b 31
- da 24 d2 8b c1 a5 c1 3a 9c 50 a6 3c a1 60 31 0f
- 62 c7 88 9b 1a e9 9f 3c 0f 04 d0 35 11 45 f0 8b
- 84 a2 26 85 67 f1 e6 2b 34 6b ab 9b 3f c1 a1 0e
-0
-1
-40
- f4 fc ab 98 45 a0 41 e4 4d 65 9c eb c2 c9 74 a4
- 55 df 6c 78 78 bc db ae e7 63 b8 a7 33 3b d7 50
- f6 33 c4 a0 1d 14 45 04
-0
-0
-40
- 16 80 1d 78 39 4b 3a 27 80 87 08 6c a9 37 59 74
- 60 f8 fc 37 10 4a 8a c4 d6 3e 6a 41 1a e1 5f 69
- 92 12 5a e1 3b 86 f1 5d
-0
-0
-40
- a3 c8 78 4a a0 4d ce 3c 2a 8e 34 bf f7 06 dc d7
- 92 13 bd 74 45 72 40 b6 1c d6 55 28 47 1e f4 70
- 74 e4 94 d7 17 a6 7e 3b
-20
diff --git a/src/lib/crypto/crypto_tests/t_prng.reseedtest-comments b/src/lib/crypto/crypto_tests/t_prng.reseedtest-comments
deleted file mode 100644
index e50e09602..000000000
--- a/src/lib/crypto/crypto_tests/t_prng.reseedtest-comments
+++ /dev/null
@@ -1,21 +0,0 @@
-The reseedtest is intended to allow confirmation that if sufficient
-entropy is provided then the PRNG will reseed (well initially seed)
-itself before the first random data is requested.  This test is not
-useful to run in an automated manner because the point is to look at
-internal function call order.
-
-To test this, set a break point at krb5int_yarrow_reseed and
-krb5_c_random_make_octets and run the test.  The reseed function
-should be called with a pool of 1 (YARROW_SLOW_POOL) before
-krb5_c_random_make_octets is called.
-
-A slow reseed should require two sources to reach sufficient entropy.
-Sources  start out sending entropy to fast pool then alternate with
-slow pool.  So this test does the following:
-* Seed source 1
-* Seed source 1 (this time to slow pool)
-* Seed source 0
-* Seed source 0 (to slow pool triggering reseed)
-* Output some random data
-
-
diff --git a/src/lib/crypto/crypto_tests/t_prng.reseedtest-expected b/src/lib/crypto/crypto_tests/t_prng.reseedtest-expected
deleted file mode 100644
index d7b50801e..000000000
--- a/src/lib/crypto/crypto_tests/t_prng.reseedtest-expected
+++ /dev/null
@@ -1 +0,0 @@
-fd543f42aded9bd725c9b05682cd0f504c1b33d1
diff --git a/src/lib/crypto/crypto_tests/ytest.c b/src/lib/crypto/crypto_tests/ytest.c
deleted file mode 100644
index 5b9ffafb7..000000000
--- a/src/lib/crypto/crypto_tests/ytest.c
+++ /dev/null
@@ -1,385 +0,0 @@
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/*
- * Yarrow - Cryptographic Pseudo-Random Number Generator
- * Copyright (c) 2000 Zero-Knowledge Systems, Inc.
- *
- * See the accompanying LICENSE file for license information.
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "yarrow.h"
-#include "yexcep.h"
-
-void hex_print( FILE* f, const char* var, void* data, size_t size );
-void dump_yarrow_state( FILE* f, Yarrow_CTX* y );
-
-#define YARROW_SEED_FILE "seed"
-
-static void print_yarrow_status( Yarrow_CTX *y )
-{
-    int sid, pool;
-    Source* source;
-
-    for ( pool = 0; pool < 2; pool++ )
-    {
-        printf( " %s: ", pool == YARROW_SLOW_POOL ? "slow" : "fast" );
-        for ( sid = 0; sid < y->num_sources; sid++ )
-        {
-            source = &y->source[ sid ];
-            printf( "#%d=%d/%d, ", sid, source->entropy[pool],
-                    pool == YARROW_SLOW_POOL ?
-                    y->slow_thresh : y->fast_thresh );
-        }
-    }
-    printf( "\n" );
-}
-
-int yarrow_verbose = 0;
-#define VERBOSE( x ) if ( yarrow_verbose ) { x }
-
-int Instrumented_krb5int_yarrow_input( Yarrow_CTX* y, int sid, void* sample,
-                                       size_t size, int entropy )
-{
-    int ret;
-
-    VERBOSE( printf( "krb5int_yarrow_input( #%d, %d bits, %s ) = [", sid, entropy,
-                     y->source[sid].pool ==
-                     YARROW_SLOW_POOL ? "slow" : "fast" ); );
-    ret = krb5int_yarrow_input( y, sid, sample, size, entropy );
-
-    VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); );
-    VERBOSE( print_yarrow_status( y ); );
-    return (ret);
-}
-
-typedef int (*test_fn)( void );
-
-int test_1( void );
-int test_2( void );
-int test_3( void );
-int test_4( void );
-
-test_fn test_func[] =
-{
-    test_1, test_2, test_3, test_4
-};
-
-#define num_tests ( sizeof(test_func) / sizeof(test_fn) )
-
-int do_test( int t )
-{
-    EXCEP_DECL;
-    int ret;
-
-    printf( "doing test %d ... ", t ); fflush( stdout );
-    ret = test_func[ t-1 ]();
-    VERBOSE( printf( "\ndone test %d ", t ); );
-    printf( "[%s]\n", krb5int_yarrow_str_error( ret ) ); fflush( stdout );
-    THROW( ret );
-
-CATCH:
-    THROW( EXCEP_BOOL );
-    EXCEP_RET;
-}
-
-int main( int argc, char* argv[] )
-{
-    EXCEP_DECL;
-    int test = 0;
-    char** argvp;
-    char* arg;
-    char* conv_ok = NULL;
-    int ok = YARROW_OK;
-    int done_some_tests = 0;
-    int i;
-    int ret;
-
-    for ( argvp = argv+1, i = 1; i < argc; i++, argvp++ )
-    {
-        arg = *argvp;
-        if ( arg[0] == '-' )
-        {
-            switch ( arg[1] )
-            {
-            case 'v': yarrow_verbose = 1; continue;
-            default: fprintf( stderr, "usage: test [-v] [[test] ... ]\n" );
-                THROW( YARROW_FAIL );
-            }
-        }
-        conv_ok = NULL;
-        test = strtoul( arg, &conv_ok, 10 );
-        if ( !conv_ok || test < 1 || test > num_tests )
-        {
-            fprintf( stderr, "usage: test [-v] [[test] ... ]\n" );
-            THROW( YARROW_FAIL );
-        }
-        else
-        {
-            ret = do_test( test );
-            if ( ok ) { ok = ret; }
-            done_some_tests = 1;
-        }
-    }
-
-    if ( !done_some_tests )
-    {
-        for ( i = 1; i <= num_tests; i++ )
-        {
-            ret = do_test( i );
-            if ( ok ) { ok = ret; }
-        }
-    }
-    THROW( ok );
-
-CATCH:
-    switch (EXCEPTION)
-    {
-    case YARROW_OK:
-        exit (EXIT_SUCCESS);
-    default:
-        exit (EXIT_FAILURE);
-    }
-}
-
-int test_1( void )
-{
-    EXCEP_DECL;
-
-#if defined(YARROW_HASH_SHA1)
-    VERBOSE( printf( "\nsha1 test\n\n" ); );
-    THROW( YARROW_NOT_IMPL );
-#elif defined(YARROW_MD5)
-    VERBOSE( printf( "\nmd5 test\n\n" ); );
-    THROW( YARROW_NOT_IMPL );
-#else
-    VERBOSE( printf( "\nunknown hash function\n\n" ); );
-    THROW( YARROW_NOT_IMPL );
-#endif
-CATCH:
-    EXCEP_RET;
-}
-
-int test_2( void )
-{
-    EXCEP_DECL;
-
-#if defined(YARROW_CIPHER_3DES)
-    VERBOSE( printf( "\n3des test\n\n" ); );
-    THROW( YARROW_NOT_IMPL );
-#elif defined(YARROW_CIPHER_BLOWFISH)
-    VERBOSE( printf( "\nblowfish test\n\n" ); );
-    THROW( YARROW_NOT_IMPL );
-#elif defined(YARROW_CIPHER_IDEA)
-    VERBOSE( printf( "\nidea test\n\n" ); );
-    THROW( YARROW_NOT_IMPL );
-#else
-    VERBOSE( printf( "\nunknown encryption function\n\n" ); );
-    THROW( YARROW_NOT_IMPL );
-#endif
-CATCH:
-    EXCEP_RET;
-}
-
-int test_3( void )
-{
-    EXCEP_DECL;
-
-#if !defined(YARROW_CIPHER_3DES) || !defined(YARROW_HASH_SHA1)
-    VERBOSE( printf( "\nnot Yarrow-SHA1-3DES (aka Yarrow-160)\n\n" ); );
-    THROW( YARROW_NOT_IMPL );
-#endif
-
-    VERBOSE( printf( "\nkrb5int_yarrow_stretch\n\n" ); );
-    THROW( YARROW_NOT_IMPL );
-
-CATCH:
-    EXCEP_RET;
-}
-
-int test_4( void )
-{
-    EXCEP_DECL;
-    Yarrow_CTX yarrow;
-    int initialized = 0;
-    unsigned user, mouse, keyboard;
-    int i, ret;
-    byte user_sample[ 20 ];
-    byte mouse_sample[ 4 ];
-    byte keyboard_sample[ 2 ];
-    byte random[ 30 ];
-    byte junk[ 48 ];
-
-    memset( user_sample,     3, sizeof( user_sample ) );
-    memset( mouse_sample,    1, sizeof( mouse_sample ) );
-    memset( keyboard_sample, 2, sizeof( keyboard_sample ) );
-
-    VERBOSE( printf( "\nGeneral workout test\n\n" ); )
-
-        VERBOSE( printf( "krb5int_yarrow_init() = [" ); );
-    ret = krb5int_yarrow_init( &yarrow, YARROW_SEED_FILE );
-    VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); );
-
-    if ( ret != YARROW_OK && ret != YARROW_NOT_SEEDED ) { THROW( ret ); }
-    initialized = 1;
-
-#if defined( YARROW_DEBUG )
-    dump_yarrow_state( stdout, &yarrow );
-#endif
-
-    ret = krb5int_yarrow_new_source( &yarrow, &user );
-    VERBOSE( printf( "krb5int_yarrow_new_source() = [%s]\n",
-                     krb5int_yarrow_str_error( ret ) ); );
-    if ( ret != YARROW_OK ) { THROW( ret ); }
-
-    VERBOSE( printf( "Yarrow_Poll( #%d ) = [", user ); );
-    ret = Yarrow_Poll( &yarrow, user );
-    VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); );
-
-    ret = krb5int_yarrow_new_source( &yarrow, &mouse );
-    VERBOSE( printf( "krb5int_yarrow_new_source() = [%s]\n",
-                     krb5int_yarrow_str_error( ret ) ); );
-    if ( ret != YARROW_OK ) { THROW( ret ); }
-
-    ret = krb5int_yarrow_new_source( &yarrow, &keyboard );
-    VERBOSE( printf( "krb5int_yarrow_new_source() = [%s]\n",
-                     krb5int_yarrow_str_error( ret ) ); );
-    if ( ret != YARROW_OK ) { THROW( ret ); }
-
-/*  prematurely try to draw output, to check failure when no
- *  seed file, or state saving turned off
- */
-
-    VERBOSE( printf( "krb5int_yarrow_output( %d ) = [", sizeof( random ) ); );
-    ret = krb5int_yarrow_output( &yarrow, random, sizeof( random ) );
-    VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); );
-
-/*   do it twice so that we some slow samples
- *   (first sample goes to fast pool, and then samples alternate)
- */
-
-    for ( i = 0; i < 2; i++ )
-    {
-        TRY( Instrumented_krb5int_yarrow_input( &yarrow, mouse, mouse_sample,
-                                                sizeof( mouse_sample ), 2 ) );
-
-        TRY( Instrumented_krb5int_yarrow_input( &yarrow, keyboard, keyboard_sample,
-                                                sizeof( keyboard_sample ), 2 ) );
-
-        TRY( Instrumented_krb5int_yarrow_input( &yarrow, user, user_sample,
-                                                sizeof( user_sample ), 2 ) );
-    }
-
-#if defined( YARROW_DEBUG )
-    dump_yarrow_state( stdout, &yarrow );
-#endif
-
-    VERBOSE( printf( "\nInduce user source (#%d) to reach "
-                     "slow threshold\n\n", user ); );
-
-    /* induce fast reseed */
-
-    for ( i = 0; i < 7; i++ )
-    {
-        TRY( Instrumented_krb5int_yarrow_input( &yarrow, user, user_sample,
-                                                sizeof( user_sample ),
-                                                sizeof( user_sample ) * 3 ) );
-    }
-
-    VERBOSE( printf( "\nInduce mouse source (#%d) to reach "
-                     "slow threshold reseed\n\n", mouse ); );
-
-    /* induce slow reseed, by triggering a second source to reach it's
-       threshold */
-
-    for ( i = 0; i < 40; i++ )
-    {
-        TRY( Instrumented_krb5int_yarrow_input( &yarrow, mouse, mouse_sample,
-                                                sizeof( mouse_sample ),
-                                                sizeof( mouse_sample )*2 ) );
-    }
-
-    VERBOSE( printf( "\nProduce some output\n\n" ); );
-
-    for ( i = 0; i < 30; i++ )
-    {
-        VERBOSE( printf( "krb5int_yarrow_output( %d ) = [", sizeof( junk ) ); );
-        ret = krb5int_yarrow_output( &yarrow, junk, sizeof( junk ) );
-        VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); );
-        if ( ret != YARROW_OK ) { THROW( ret ); }
-    }
-
-    memset( junk, 0, sizeof( junk ) );
-
-    VERBOSE( printf( "\nTrigger some fast and slow reseeds\n\n" ); );
-
-    for ( i = 0; i < 30; i++ )
-    {
-        /* odd input to a different source so there are some slow reseeds */
-
-        if ( i % 16 == 0 )
-        {
-            TRY( Instrumented_krb5int_yarrow_input( &yarrow, mouse, junk,
-                                                    sizeof( junk ),
-                                                    sizeof( junk ) * 3 ) );
-        }
-        else
-        {
-            TRY( Instrumented_krb5int_yarrow_input( &yarrow, user, junk,
-                                                    sizeof( junk ),
-                                                    sizeof( junk ) * 3 ) );
-        }
-    }
-
-    VERBOSE( printf( "\nPrint some random output\n\n" ); );
-
-    VERBOSE( printf( "krb5int_yarrow_output( %d ) = [", sizeof( random ) ); );
-    ret = krb5int_yarrow_output( &yarrow, random, sizeof( random ) );
-    VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); );
-    if ( ret != YARROW_OK )
-    {
-        THROW( ret );
-    }
-    else
-    {
-        VERBOSE( hex_print( stdout, "random", random, sizeof( random ) ); );
-    }
-
-    VERBOSE( printf( "\nClose down Yarrow\n\n" ); );
-
-CATCH:
-    if ( initialized )
-    {
-        VERBOSE( printf( "krb5int_yarrow_final() = [" ); );
-        ret = krb5int_yarrow_final( &yarrow );
-        VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); );
-        THROW( ret );
-    }
-    EXCEP_RET;
-}
-
-void hex_print( FILE* f, const char* var, void* data, size_t size )
-{
-    const char* conv = "0123456789abcdef";
-    size_t i;
-    char* p = (char*) data;
-    char c, d;
-
-    fprintf( f, var );
-    fprintf( f, " = " );
-    for ( i = 0; i < size; i++ )
-    {
-        c = conv[ (p[ i ] >> 4) & 0xf ];
-        d = conv[ p[ i ] & 0xf ];
-        fprintf( f, "%c%c", c, d );
-    }
-    fprintf( f, "\n" );
-}
-
-void dump_yarrow_state( FILE* f, Yarrow_CTX* y )
-{
-    fprintf( f, "===Yarrow State===\n" );
-    hex_print( f, "C", y->C, sizeof( y->C ) );
-    hex_print( f, "K", y->K, sizeof( y->K ) );
-}