hammer2 - Fix root remount for hammer2 root
[dragonfly.git] / sys / libkern / arc4random.c
CommitLineData
984263bc
MD
1/*-
2 * THE BEER-WARE LICENSE
3 *
4 * <dan@FreeBSD.ORG> wrote this file. As long as you retain this notice you
5 * can do whatever you want with this stuff. If we meet some day, and you
6 * think this stuff is worth it, you can buy me a beer in return.
7 *
8 * Dan Moschuk
9 *
10 * $FreeBSD: src/sys/libkern/arc4random.c,v 1.3.2.2 2001/09/17 07:06:50 silby Exp $
0ced1954 11 * $DragonFly: src/sys/libkern/arc4random.c,v 1.3 2006/09/03 17:31:55 dillon Exp $
984263bc
MD
12 */
13
14#include <sys/types.h>
15#include <sys/random.h>
16#include <sys/libkern.h>
17#include <sys/time.h>
18
19#define ARC4_MAXRUNS 16384
20#define ARC4_RESEED_SECONDS 300
21#define ARC4_KEYBYTES 32 /* 256 bit key */
22
23static u_int8_t arc4_i, arc4_j;
24static int arc4_initialized = 0;
25static int arc4_numruns = 0;
26static u_int8_t arc4_sbox[256];
27static struct timeval arc4_tv_nextreseed;
28
29static u_int8_t arc4_randbyte(void);
30
31static __inline void
32arc4_swap(u_int8_t *a, u_int8_t *b)
33{
34 u_int8_t c;
35
36 c = *a;
37 *a = *b;
38 *b = c;
39}
40
41/*
42 * Stir our S-box.
43 */
44static void
45arc4_randomstir (void)
46{
47 u_int8_t key[256];
48 int r, n;
49
50 /*
51 * XXX read_random() returns unsafe numbers if the entropy
52 * device is not loaded -- MarkM.
53 */
54 r = read_random_unlimited(key, ARC4_KEYBYTES);
55 /* If r == 0 || -1, just use what was on the stack. */
56 if (r > 0)
57 {
58 for (n = r; n < sizeof(key); n++)
59 key[n] = key[n % r];
60 }
61
32cfd90a 62 for (n = 0; n < 256; n++) {
984263bc
MD
63 arc4_j = (arc4_j + arc4_sbox[n] + key[n]) % 256;
64 arc4_swap(&arc4_sbox[n], &arc4_sbox[arc4_j]);
65 }
66
32cfd90a
MD
67 /*
68 * Discard early keystream, as per recommendations in:
69 * "(Not So) Random Shuffles of RC4" by Ilya Mironov.
70 */
71 for (n = 0; n < 768*4; n++)
72 arc4_randbyte();
73
984263bc
MD
74 /* Reset for next reseed cycle. */
75 getmicrotime(&arc4_tv_nextreseed);
76 arc4_tv_nextreseed.tv_sec += ARC4_RESEED_SECONDS;
77 arc4_numruns = 0;
78}
79
80/*
81 * Initialize our S-box to its beginning defaults.
82 */
83static void
84arc4_init(void)
85{
86 int n;
87
88 arc4_i = arc4_j = 0;
89 for (n = 0; n < 256; n++)
90 arc4_sbox[n] = (u_int8_t) n;
91
92 arc4_randomstir();
93 arc4_initialized = 1;
94
95 /*
32cfd90a
MD
96 * Discard early keystream, as per recommendations in:
97 * "(Not So) Random Shuffles of RC4" by Ilya Mironov.
984263bc 98 */
32cfd90a 99 for (n = 0; n < 768*4; n++)
984263bc
MD
100 arc4_randbyte();
101}
102
103/*
104 * Generate a random byte.
105 */
106static u_int8_t
107arc4_randbyte(void)
108{
109 u_int8_t arc4_t;
110
111 arc4_i = (arc4_i + 1) % 256;
112 arc4_j = (arc4_j + arc4_sbox[arc4_i]) % 256;
113
114 arc4_swap(&arc4_sbox[arc4_i], &arc4_sbox[arc4_j]);
115
116 arc4_t = (arc4_sbox[arc4_i] + arc4_sbox[arc4_j]) % 256;
117 return arc4_sbox[arc4_t];
118}
119
120u_int32_t
0ced1954 121karc4random(void)
984263bc
MD
122{
123 u_int32_t ret;
124 struct timeval tv_now;
125
126 /* Initialize array if needed. */
127 if (!arc4_initialized)
128 arc4_init();
129
130 getmicrotime(&tv_now);
131 if ((++arc4_numruns > ARC4_MAXRUNS) ||
132 (tv_now.tv_sec > arc4_tv_nextreseed.tv_sec))
133 {
134 arc4_randomstir();
135 }
136
137 ret = arc4_randbyte();
138 ret |= arc4_randbyte() << 8;
139 ret |= arc4_randbyte() << 16;
140 ret |= arc4_randbyte() << 24;
141
142 return ret;
143}
007c7af8
AH
144
145void
146karc4rand(void *ptr, size_t len)
147{
148 uint8_t *p;
149 struct timeval tv_now;
150
151 p = ptr;
152
153 /* Initialize array if needed. */
154 if (!arc4_initialized)
155 arc4_init();
156
157 getmicrotime(&tv_now);
158 if ((++arc4_numruns > ARC4_MAXRUNS) ||
159 (tv_now.tv_sec > arc4_tv_nextreseed.tv_sec))
160 {
161 arc4_randomstir();
162 }
163
164 while (len--)
165 *p++ = arc4_randbyte();
166}