5 Author: Pekka Riikonen <priikone@poseidon.pspt.fi>
7 Copyright (C) 1997 - 2001 Pekka Riikonen
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
22 * Created: Sun Mar 9 00:09:18 1997
24 * The original RNG was based on Secure Shell's random number generator
25 * by Tatu Ylönen. This RNG has been rewritten twice since the creation.
28 #include "silcincludes.h"
31 /*#define SILC_RNG_DEBUG*/
33 static uint32 silc_rng_get_position(SilcRng rng);
34 static void silc_rng_stir_pool(SilcRng rng);
35 static void silc_rng_xor(SilcRng rng, uint32 val, unsigned int pos);
36 static void silc_rng_exec_command(SilcRng rng, char *command);
37 static void silc_rng_get_hard_noise(SilcRng rng);
38 static void silc_rng_get_medium_noise(SilcRng rng);
39 static void silc_rng_get_soft_noise(SilcRng rng);
42 SILC SilcRng State context.
44 This object is used by the random number generator to provide
45 variable points where the actual random number is fetched from
46 the random pool. This provides that the data is not fetched always
47 from the same point of the pool. Short description of the fields
53 The index for the random pool buffer. Lowest and current
56 SilcRngStateContext *next
58 Pointer to the next state. If this is the last state this
59 will point to the first state thus providing circular list.
62 typedef struct SilcRngStateContext {
65 struct SilcRngStateContext *next;
69 SILC Random Number Generator object.
71 This object holds random pool which is used to generate the random
72 numbers used by various routines needing cryptographically strong
73 random numbers. Following short descriptions of the fields.
77 The random pool. This buffer holds the random data. This is
78 frequently stirred thus providing ever changing randomnes.
82 Key used in stirring the random pool. The pool is encrypted
83 with SHA1 hash function in CFB (Cipher Feedback) mode.
85 SilcSilcRngState state
87 State object that is used to get the next position for the
88 random pool. This position is used to fetch data from pool
89 or to save the data to the pool. The state changes everytime
94 Hash object (SHA1) used to make the CFB encryption to the
95 random pool. This is allocated when RNG object is allocated and
96 free'd when RNG object is free'd.
100 Threshold to indicate when it is required to acquire more
101 noise from the environment. More soft noise is acquired after
102 64 bits of output and hard noise every 160 bits of output.
105 typedef struct SilcRngObjectStruct {
106 unsigned char pool[SILC_RNG_POOLSIZE];
107 unsigned char key[64];
113 /* Allocates new RNG object. */
115 SilcRng silc_rng_alloc()
119 SILC_LOG_DEBUG(("Allocating new RNG object"));
121 new = silc_calloc(1, sizeof(*new));
123 memset(new->pool, 0, sizeof(new->pool));
124 memset(new->key, 0, sizeof(new->key));
126 silc_hash_alloc("sha1", &new->sha1);
131 /* Free's RNG object. */
133 void silc_rng_free(SilcRng rng)
136 memset(rng->pool, 0, sizeof(rng->pool));
137 memset(rng->key, 0, sizeof(rng->key));
138 silc_free(rng->sha1);
143 /* Initializes random number generator by getting noise from environment.
144 The environmental noise is our so called seed. One should not call
145 this function more than once. */
147 void silc_rng_init(SilcRng rng)
150 SilcRngState first, next;
154 SILC_LOG_DEBUG(("Initializing RNG object"));
156 /* Initialize the states for the RNG. */
157 rng->state = silc_calloc(1, sizeof(*rng->state));
160 rng->state->next = NULL;
162 for (i = SILC_RNG_STATE_NUM - 1; i >= 1; i--) {
163 next = silc_calloc(1, sizeof(*rng->state));
165 (i * (sizeof(rng->pool) / SILC_RNG_STATE_NUM));
167 (i * (sizeof(rng->pool) / SILC_RNG_STATE_NUM)) + 8;
168 next->next = rng->state;
174 memset(rng->pool, 0, sizeof(rng->pool));
176 /* Get noise from various environmental sources */
177 silc_rng_get_soft_noise(rng);
178 silc_rng_get_medium_noise(rng);
179 silc_rng_get_hard_noise(rng);
180 silc_rng_get_soft_noise(rng);
183 /* This function gets 'soft' noise from environment. */
185 static void silc_rng_get_soft_noise(SilcRng rng)
190 pos = silc_rng_get_position(rng);
192 silc_rng_xor(rng, clock(), 0);
193 silc_rng_xor(rng, getpid(), 1);
194 silc_rng_xor(rng, getpgid(getpid() << 8), 2);
195 silc_rng_xor(rng, getpgid(getpid() << 8), 3);
196 silc_rng_xor(rng, getgid(), 4);
197 silc_rng_xor(rng, getpgrp(), 5);
198 silc_rng_xor(rng, getsid(getpid() << 16), 6);
199 silc_rng_xor(rng, times(&ptime), 7);
200 silc_rng_xor(rng, ptime.tms_utime, 8);
201 silc_rng_xor(rng, (ptime.tms_utime + ptime.tms_stime), pos++);
202 silc_rng_xor(rng, (ptime.tms_stime + ptime.tms_cutime), pos++);
203 silc_rng_xor(rng, (ptime.tms_utime + ptime.tms_stime), pos++);
204 silc_rng_xor(rng, (ptime.tms_cutime ^ ptime.tms_stime), pos++);
205 silc_rng_xor(rng, (ptime.tms_cutime ^ ptime.tms_cstime), pos++);
206 silc_rng_xor(rng, (ptime.tms_utime ^ ptime.tms_stime), pos++);
207 silc_rng_xor(rng, (ptime.tms_stime ^ ptime.tms_cutime), pos++);
208 silc_rng_xor(rng, (ptime.tms_cutime + ptime.tms_stime), pos++);
209 silc_rng_xor(rng, (ptime.tms_stime << 8), pos++);
210 silc_rng_xor(rng, clock() << 4, pos++);
211 silc_rng_xor(rng, getpgid(getpid() << 8), pos++);
212 silc_rng_xor(rng, getpgrp(), pos++);
213 silc_rng_xor(rng, getsid(getpid() << 16), pos++);
214 silc_rng_xor(rng, times(&ptime), pos++);
215 silc_rng_xor(rng, ptime.tms_utime, pos++);
216 silc_rng_xor(rng, getpgrp(), pos++);
218 #ifdef SILC_RNG_DEBUG
219 SILC_LOG_HEXDUMP(("pool"), rng->pool, sizeof(rng->pool));
222 /* Stir random pool */
223 silc_rng_stir_pool(rng);
226 /* This function gets noise from different commands */
228 static void silc_rng_get_medium_noise(SilcRng rng)
230 silc_rng_exec_command(rng, "ps -lefaww 2> /dev/null");
231 silc_rng_exec_command(rng, "ls -afiln 2> /dev/null");
232 silc_rng_exec_command(rng, "ls -afiln /proc 2> /dev/null");
233 silc_rng_exec_command(rng, "ps -asww 2> /dev/null");
235 #ifdef SILC_RNG_DEBUG
236 SILC_LOG_HEXDUMP(("pool"), rng->pool, sizeof(rng->pool));
240 /* This function gets 'hard' noise from environment. This tries to
241 get the noise from /dev/random if available. */
243 static void silc_rng_get_hard_noise(SilcRng rng)
248 /* Get noise from /dev/random if available */
249 fd = open("/dev/random", O_RDONLY);
253 fcntl(fd, F_SETFL, O_NONBLOCK);
255 for (i = 0; i < 2; i++) {
256 len = read(fd, buf, sizeof(buf));
259 silc_rng_add_noise(rng, buf, len);
262 #ifdef SILC_RNG_DEBUG
263 SILC_LOG_HEXDUMP(("pool"), rng->pool, sizeof(rng->pool));
268 memset(buf, 0, sizeof(buf));
271 /* Execs command and gets noise from its output */
273 static void silc_rng_exec_command(SilcRng rng, char *command)
281 fd = popen(command, "r");
285 /* Get data as much as we can get into the buffer */
286 for (i = 0; i < sizeof(buf); i++) {
298 /* Add the buffer into random pool */
299 silc_rng_add_noise(rng, buf, strlen(buf));
300 memset(buf, 0, sizeof(buf));
303 /* This function adds the contents of the buffer as noise into random
304 pool. After adding the noise the pool is stirred. */
306 void silc_rng_add_noise(SilcRng rng, unsigned char *buffer, uint32 len)
310 pos = silc_rng_get_position(rng);
312 /* Add the buffer one by one into the pool */
313 for(i = 0; i < len; i++, buffer++) {
314 if(pos >= SILC_RNG_POOLSIZE)
316 rng->pool[pos++] ^= *buffer;
319 /* Stir random pool */
320 silc_rng_stir_pool(rng);
323 /* XOR's data into the pool */
325 static void silc_rng_xor(SilcRng rng, uint32 val, unsigned int pos)
328 rng->pool[pos] ^= val + val;
331 /* This function stirs the random pool by encrypting buffer in CFB
332 (cipher feedback) mode with SHA1 algorithm. */
334 static void silc_rng_stir_pool(SilcRng rng)
340 memcpy(iv, &rng->pool[SILC_RNG_POOLSIZE - 256], sizeof(iv));
343 for (i = 0; i < SILC_RNG_POOLSIZE; i += 5) {
344 rng->sha1->hash->transform(iv, rng->key);
345 iv[0] = rng->pool[i] ^= iv[0];
346 iv[1] = rng->pool[i + 1] ^= iv[1];
347 iv[2] = rng->pool[i + 2] ^= iv[2];
348 iv[3] = rng->pool[i + 3] ^= iv[3];
349 iv[4] = rng->pool[i + 4] ^= iv[4];
353 memcpy(rng->key, &rng->pool[silc_rng_get_position(rng)], sizeof(rng->key));
355 /* Second CFB pass */
356 for (i = 0; i < SILC_RNG_POOLSIZE; i += 5) {
357 rng->sha1->hash->transform(iv, rng->key);
358 iv[0] = rng->pool[i] ^= iv[0];
359 iv[1] = rng->pool[i + 1] ^= iv[1];
360 iv[2] = rng->pool[i + 2] ^= iv[2];
361 iv[3] = rng->pool[i + 3] ^= iv[3];
362 iv[4] = rng->pool[i + 4] ^= iv[4];
365 memset(iv, 0, sizeof(iv));
368 /* Returns next position where data is fetched from the pool or
371 static uint32 silc_rng_get_position(SilcRng rng)
376 next = rng->state->next;
378 pos = rng->state->pos++;
379 if ((next->low != 0 && pos >= next->low) || (pos >= SILC_RNG_POOLSIZE))
380 rng->state->pos = rng->state->low;
382 #ifdef SILC_RNG_DEBUG
383 fprintf(stderr, "state: %p: low: %lu, pos: %lu\n",
384 rng->state, rng->state->low, rng->state->pos);
392 /* Returns random byte. */
394 unsigned char silc_rng_get_byte(SilcRng rng)
398 /* Get more soft noise after 64 bits threshold */
399 if (rng->threshold >= 8)
400 silc_rng_get_soft_noise(rng);
402 /* Get hard noise after 160 bits threshold, zero the threshold. */
403 if (rng->threshold >= 20) {
405 silc_rng_get_hard_noise(rng);
408 return rng->pool[silc_rng_get_position(rng)];
411 /* Returns 16 bit random number */
413 uint16 silc_rng_get_rn16(SilcRng rng)
418 rn[0] = silc_rng_get_byte(rng);
419 rn[1] = silc_rng_get_byte(rng);
420 SILC_GET16_MSB(num, rn);
425 /* Returns 32 bit random number */
427 uint32 silc_rng_get_rn32(SilcRng rng)
432 rn[0] = silc_rng_get_byte(rng);
433 rn[1] = silc_rng_get_byte(rng);
434 rn[2] = silc_rng_get_byte(rng);
435 rn[3] = silc_rng_get_byte(rng);
436 SILC_GET32_MSB(num, rn);
441 /* Returns random number string. Returned string is in HEX format. */
443 unsigned char *silc_rng_get_rn_string(SilcRng rng, uint32 len)
446 unsigned char *string;
448 string = silc_calloc((len * 2 + 1), sizeof(unsigned char));
450 for (i = 0; i < len; i++)
451 sprintf(string + 2 * i, "%02x", silc_rng_get_byte(rng));
456 /* Returns random number binary data. */
458 unsigned char *silc_rng_get_rn_data(SilcRng rng, uint32 len)
463 data = silc_calloc(len + 1, sizeof(*data));
465 for (i = 0; i < len; i++)
466 data[i] = silc_rng_get_byte(rng);
471 /* Global RNG. This is global RNG that application can initialize so
472 that any part of code anywhere can use RNG without having to allocate
473 new RNG object everytime. If this is not initialized then these routines
474 will fail. Note: currently in SILC applications always initialize this. */
476 SilcRng global_rng = NULL;
478 /* Initialize global RNG. If `rng' is provided it is set as the global
479 RNG object (it can be allocated by the application for example). */
481 int silc_rng_global_init(SilcRng rng)
486 global_rng = silc_rng_alloc();
491 /* Uninitialize global RNG */
493 int silc_rng_global_uninit()
496 silc_rng_free(global_rng);
503 /* These are analogous to the functions above. */
505 unsigned char silc_rng_global_get_byte()
507 return global_rng ? silc_rng_get_byte(global_rng) : 0;
510 uint16 silc_rng_global_get_rn16()
512 return global_rng ? silc_rng_get_rn16(global_rng) : 0;
515 uint32 silc_rng_global_get_rn32()
517 return global_rng ? silc_rng_get_rn32(global_rng) : 0;
520 unsigned char *silc_rng_global_get_rn_string(uint32 len)
522 return global_rng ? silc_rng_get_rn_string(global_rng, len) : NULL;
525 unsigned char *silc_rng_global_get_rn_data(uint32 len)
527 return global_rng ? silc_rng_get_rn_data(global_rng, len) : NULL;
530 void silc_rng_global_add_noise(unsigned char *buffer, uint32 len)
533 silc_rng_add_noise(global_rng, buffer, len);