Sync usage with man page.
[netbsd-mini2440.git] / crypto / dist / heimdal / lib / hcrypto / rnd_keys.c
bloba65110f9de0ad5169c29fb9cbec1c8a171c88e59
1 /*
2 * Copyright (c) 1995, 1996, 1997, 1999 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
34 #ifdef HAVE_CONFIG_H
35 #include "config.h"
37 __RCSID("$Heimdal: rnd_keys.c 17445 2006-05-05 10:37:46Z lha $"
38 "$NetBSD$");
39 #endif
41 #ifdef KRB5
42 #include <krb5-types.h>
43 #endif
44 #include <des.h>
46 #include <stdlib.h>
47 #include <string.h>
49 #ifdef TIME_WITH_SYS_TIME
50 #include <sys/time.h>
51 #include <time.h>
52 #elif defined(HAVE_SYS_TIME_H)
53 #include <sys/time.h>
54 #else
55 #include <time.h>
56 #endif
58 #ifdef HAVE_SYS_TYPES_H
59 #include <sys/types.h>
60 #endif
62 #ifdef HAVE_UNISTD_H
63 #include <unistd.h>
64 #endif
65 #ifdef HAVE_IO_H
66 #include <io.h>
67 #endif
69 #ifdef HAVE_SIGNAL_H
70 #include <signal.h>
71 #endif
72 #ifdef HAVE_FCNTL_H
73 #include <fcntl.h>
74 #endif
77 * Generate "random" data by checksumming a file.
79 * Returns -1 if there were any problems with permissions or I/O
80 * errors.
82 static
83 int
84 sumFile (const char *name, int len, void *res)
86 uint32_t sum[2] = { 0, 0 };
87 uint32_t buf[1024*2];
88 int fd, i;
90 fd = open (name, 0);
91 if (fd < 0)
92 return -1;
94 while (len > 0)
96 int n = read(fd, buf, sizeof(buf));
97 if (n < 0)
99 close(fd);
100 return n;
102 for (i = 0; i < (n/sizeof(buf[0])); i++)
104 sum[0] += buf[i];
105 i++;
106 sum[1] += buf[i];
108 len -= n;
110 close (fd);
111 memcpy (res, &sum, sizeof(sum));
112 return 0;
115 #if 0
116 static
118 md5sumFile (const char *name, int len, int32_t sum[4])
120 int32_t buf[1024*2];
121 int fd, cnt;
122 struct md5 md5;
124 fd = open (name, 0);
125 if (fd < 0)
126 return -1;
128 md5_init(&md5);
129 while (len > 0)
131 int n = read(fd, buf, sizeof(buf));
132 if (n < 0)
134 close(fd);
135 return n;
137 md5_update(&md5, buf, n);
138 len -= n;
140 md5_finito(&md5, (unsigned char *)sum);
141 close (fd);
142 return 0;
144 #endif
147 * Create a sequence of random 64 bit blocks.
148 * The sequence is indexed with a long long and
149 * based on an initial des key used as a seed.
151 static DES_key_schedule sequence_seed;
152 static uint32_t sequence_index[2];
155 * Random number generator based on ideas from truerand in cryptolib
156 * as described on page 424 in Applied Cryptography 2 ed. by Bruce
157 * Schneier.
160 static volatile int counter;
161 static volatile unsigned char *gdata; /* Global data */
162 static volatile int igdata; /* Index into global data */
163 static int gsize;
165 #if !defined(WIN32) && !defined(__EMX__) && !defined(__OS2__) && !defined(__CYGWIN32__)
166 /* Visual C++ 4.0 (Windows95/NT) */
168 static
169 RETSIGTYPE
170 sigALRM(int sig)
172 if (igdata < gsize)
173 gdata[igdata++] ^= counter & 0xff;
175 #ifndef HAVE_SIGACTION
176 signal(SIGALRM, sigALRM); /* Reinstall SysV signal handler */
177 #endif
178 SIGRETURN(0);
181 #endif
183 #if !defined(HAVE_RANDOM) && defined(HAVE_RAND)
184 #ifndef srandom
185 #define srandom srand
186 #endif
187 #ifndef random
188 #define random rand
189 #endif
190 #endif
192 #if !defined(HAVE_SETITIMER) || defined(WIN32) || defined(__EMX__) || defined(__OS2__) || defined(__CYGWIN32__)
193 static void
194 des_not_rand_data(unsigned char *data, int size)
196 int i;
198 srandom (time (NULL));
200 for(i = 0; i < size; ++i)
201 data[i] ^= random() % 0x100;
203 #endif
205 #if !defined(WIN32) && !defined(__EMX__) && !defined(__OS2__) && !defined(__CYGWIN32__)
207 #ifndef HAVE_SETITIMER
208 static void
209 pacemaker(struct timeval *tv)
211 fd_set fds;
212 pid_t pid;
213 pid = getppid();
214 while(1){
215 FD_ZERO(&fds);
216 FD_SET(0, &fds);
217 select(1, &fds, NULL, NULL, tv);
218 kill(pid, SIGALRM);
221 #endif
223 #ifdef HAVE_SIGACTION
224 /* XXX ugly hack, should perhaps use function from roken */
225 static RETSIGTYPE
226 (*fake_signal(int sig, RETSIGTYPE (*f)(int)))(int)
228 struct sigaction sa, osa;
229 sa.sa_handler = f;
230 sa.sa_flags = 0;
231 sigemptyset(&sa.sa_mask);
232 sigaction(sig, &sa, &osa);
233 return osa.sa_handler;
235 #define signal(S, F) fake_signal((S), (F))
236 #endif
239 * Generate size bytes of "random" data using timed interrupts.
240 * It takes about 40ms/byte random data.
241 * It's not neccessary to be root to run it.
243 void
244 DES_rand_data(void *outdata, int size)
246 unsigned char *data = outdata;
247 struct itimerval tv, otv;
248 RETSIGTYPE (*osa)(int);
249 int i, j;
250 #ifndef HAVE_SETITIMER
251 RETSIGTYPE (*ochld)(int);
252 pid_t pid;
253 #endif
254 const char *rnd_devices[] = {"/dev/random",
255 "/dev/srandom",
256 "/dev/urandom",
257 "/dev/arandom",
258 NULL};
259 const char **p;
261 for(p = rnd_devices; *p; p++) {
262 int fd = open(*p, O_RDONLY | O_NDELAY);
264 if(fd >= 0 && read(fd, data, size) == size) {
265 close(fd);
266 return;
268 close(fd);
271 /* Paranoia? Initialize data from /dev/mem if we can read it. */
272 if (size >= 8)
273 sumFile("/dev/mem", (1024*1024*2), data);
275 gdata = data;
276 gsize = size;
277 igdata = 0;
279 osa = signal(SIGALRM, sigALRM);
281 /* Start timer */
282 tv.it_value.tv_sec = 0;
283 tv.it_value.tv_usec = 10 * 1000; /* 10 ms */
284 tv.it_interval = tv.it_value;
285 #ifdef HAVE_SETITIMER
286 setitimer(ITIMER_REAL, &tv, &otv);
287 #else
288 ochld = signal(SIGCHLD, SIG_IGN);
289 pid = fork();
290 if(pid == -1){
291 signal(SIGCHLD, ochld != SIG_ERR ? ochld : SIG_DFL);
292 des_not_rand_data(data, size);
293 return;
295 if(pid == 0)
296 pacemaker(&tv.it_interval);
297 #endif
299 for(i = 0; i < 4; i++) {
300 for (igdata = 0; igdata < size;) /* igdata++ in sigALRM */
301 counter++;
302 for (j = 0; j < size; j++) /* Only use 2 bits each lap */
303 gdata[j] = (gdata[j]>>2) | (gdata[j]<<6);
305 #ifdef HAVE_SETITIMER
306 setitimer(ITIMER_REAL, &otv, 0);
307 #else
308 kill(pid, SIGKILL);
309 while(waitpid(pid, NULL, 0) != pid);
310 signal(SIGCHLD, ochld != SIG_ERR ? ochld : SIG_DFL);
311 #endif
312 signal(SIGALRM, osa != SIG_ERR ? osa : SIG_DFL);
314 #else
315 void
316 DES_rand_data(unsigned char *p, int s)
318 des_not_rand_data (p, s);
320 #endif
322 void
323 DES_generate_random_block(DES_cblock *block)
325 DES_rand_data((unsigned char *)block, sizeof(*block));
328 #define DES_rand_data_key hc_DES_rand_data_key
330 void
331 DES_rand_data_key(DES_cblock *key);
334 * Generate a "random" DES key.
336 void
337 DES_rand_data_key(DES_cblock *key)
339 unsigned char data[8];
340 DES_key_schedule sched;
341 do {
342 DES_rand_data(data, sizeof(data));
343 DES_rand_data((unsigned char*)key, sizeof(DES_cblock));
344 DES_set_odd_parity(key);
345 DES_set_key(key, &sched);
346 DES_ecb_encrypt(&data, key, &sched, DES_ENCRYPT);
347 memset(&data, 0, sizeof(data));
348 memset(&sched, 0, sizeof(sched));
349 DES_set_odd_parity(key);
350 } while(DES_is_weak_key(key));
354 * Generate "random" data by checksumming /dev/mem
356 * It's neccessary to be root to run it. Returns -1 if there were any
357 * problems with permissions.
360 #define DES_mem_rand8 hc_DES_mem_rand8
363 DES_mem_rand8(unsigned char *data);
366 DES_mem_rand8(unsigned char *data)
368 return 1;
372 * In case the generator does not get initialized use this as fallback.
374 static int initialized;
376 static void
377 do_initialize(void)
379 DES_cblock default_seed;
380 do {
381 DES_generate_random_block(&default_seed);
382 DES_set_odd_parity(&default_seed);
383 } while (DES_is_weak_key(&default_seed));
384 DES_init_random_number_generator(&default_seed);
387 #define zero_long_long(ll) do { ll[0] = ll[1] = 0; } while (0)
389 #define incr_long_long(ll) do { if (++ll[0] == 0) ++ll[1]; } while (0)
391 #define set_sequence_number(ll) \
392 memcpy((char *)sequence_index, (ll), sizeof(sequence_index));
395 * Set the sequnce number to this value (a long long).
397 void
398 DES_set_sequence_number(void *ll)
400 set_sequence_number(ll);
404 * Set the generator seed and reset the sequence number to 0.
406 void
407 DES_set_random_generator_seed(DES_cblock *seed)
409 DES_set_key(seed, &sequence_seed);
410 zero_long_long(sequence_index);
411 initialized = 1;
415 * Generate a sequence of random des keys
416 * using the random block sequence, fixup
417 * parity and skip weak keys.
420 DES_new_random_key(DES_cblock *key)
422 if (!initialized)
423 do_initialize();
425 do {
426 DES_ecb_encrypt((DES_cblock *) sequence_index,
427 key,
428 &sequence_seed,
429 DES_ENCRYPT);
430 incr_long_long(sequence_index);
431 /* random key must have odd parity and not be weak */
432 DES_set_odd_parity(key);
433 } while (DES_is_weak_key(key));
434 return(0);
438 * des_init_random_number_generator:
440 * Initialize the sequence of random 64 bit blocks. The input seed
441 * can be a secret key since it should be well hidden and is also not
442 * kept.
445 void
446 DES_init_random_number_generator(DES_cblock *seed)
448 struct timeval now;
449 DES_cblock uniq;
450 DES_cblock new_key;
452 gettimeofday(&now, (struct timezone *)0);
453 DES_generate_random_block(&uniq);
455 /* Pick a unique random key from the shared sequence. */
456 DES_set_random_generator_seed(seed);
457 set_sequence_number((unsigned char *)&uniq);
458 DES_new_random_key(&new_key);
460 /* Select a new nonshared sequence, */
461 DES_set_random_generator_seed(&new_key);
463 /* and use the current time to pick a key for the new sequence. */
464 set_sequence_number((unsigned char *)&now);
465 DES_new_random_key(&new_key);
466 DES_set_random_generator_seed(&new_key);
469 /* This is for backwards compatibility. */
470 void
471 DES_random_key(DES_cblock *ret)
473 DES_new_random_key(ret);
476 #ifdef TESTRUN
478 main()
480 unsigned char data[8];
481 int i;
483 while (1)
485 if (sumFile("/dev/mem", (1024*1024*8), data) != 0)
486 { perror("sumFile"); exit(1); }
487 for (i = 0; i < 8; i++)
488 printf("%02x", data[i]);
489 printf("\n");
492 #endif
494 #ifdef TESTRUN2
496 main()
498 DES_cblock data;
499 int i;
501 while (1)
503 do_initialize();
504 DES_random_key(data);
505 for (i = 0; i < 8; i++)
506 printf("%02x", data[i]);
507 printf("\n");
510 #endif