2 * Copyright (c) 1995, 1996, 1997, 1999 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
37 RCSID("$Id: rnd_keys.c,v 1.58 2001/08/21 15:32:07 assar Exp $");
43 #include <krb5-types.h>
50 #ifdef TIME_WITH_SYS_TIME
53 #elif defined(HAVE_SYS_TIME_H)
59 #ifdef HAVE_SYS_TYPES_H
60 #include <sys/types.h>
78 * Generate "random" data by checksumming a file.
80 * Returns -1 if there were any problems with permissions or I/O
85 sumFile (const char *name, int len, void *res)
88 u_int32_t buf[1024*2];
97 int n = read(fd, buf, sizeof(buf));
103 for (i = 0; i < (n/sizeof(buf[0])); i++)
112 memcpy (res, &sum, sizeof(sum));
119 md5sumFile (const char *name, int len, int32_t sum[4])
132 int n = read(fd, buf, sizeof(buf));
138 md5_update(&md5, buf, n);
141 md5_finito(&md5, (unsigned char *)sum);
148 * Create a sequence of random 64 bit blocks.
149 * The sequence is indexed with a long long and
150 * based on an initial des key used as a seed.
152 static des_key_schedule sequence_seed;
153 static u_int32_t sequence_index[2];
156 * Random number generator based on ideas from truerand in cryptolib
157 * as described on page 424 in Applied Cryptography 2 ed. by Bruce
161 static volatile int counter;
162 static volatile unsigned char *gdata; /* Global data */
163 static volatile int igdata; /* Index into global data */
166 #if !defined(WIN32) && !defined(__EMX__) && !defined(__OS2__) && !defined(__CYGWIN32__)
167 /* Visual C++ 4.0 (Windows95/NT) */
174 gdata[igdata++] ^= counter & 0xff;
176 #ifndef HAVE_SIGACTION
177 signal(SIGALRM, sigALRM); /* Reinstall SysV signal handler */
184 #if !defined(HAVE_RANDOM) && defined(HAVE_RAND)
186 #define srandom srand
193 #ifndef HAVE_SETITIMER
195 des_not_rand_data(unsigned char *data, int size)
199 srandom (time (NULL));
201 for(i = 0; i < size; ++i)
202 data[i] ^= random() % 0x100;
206 #if !defined(WIN32) && !defined(__EMX__) && !defined(__OS2__) && !defined(__CYGWIN32__)
208 #ifndef HAVE_SETITIMER
210 pacemaker(struct timeval *tv)
218 select(1, &fds, NULL, NULL, tv);
224 #ifdef HAVE_SIGACTION
225 /* XXX ugly hack, should perhaps use function from roken */
227 (*fake_signal(int sig, RETSIGTYPE (*f)(int)))(int)
229 struct sigaction sa, osa;
232 sigemptyset(&sa.sa_mask);
233 sigaction(sig, &sa, &osa);
234 return osa.sa_handler;
236 #define signal(S, F) fake_signal((S), (F))
240 * Generate size bytes of "random" data using timed interrupts.
241 * It takes about 40ms/byte random data.
242 * It's not neccessary to be root to run it.
245 des_rand_data(unsigned char *data, int size)
247 struct itimerval tv, otv;
248 RETSIGTYPE (*osa)(int);
250 #ifndef HAVE_SETITIMER
251 RETSIGTYPE (*ochld)(int);
254 char *rnd_devices[] = {"/dev/random",
260 for(p = rnd_devices; *p; p++) {
261 int fd = open(*p, O_RDONLY | O_NDELAY);
263 if(fd >= 0 && read(fd, data, size) == size) {
270 /* Paranoia? Initialize data from /dev/mem if we can read it. */
272 sumFile("/dev/mem", (1024*1024*2), data);
278 osa = signal(SIGALRM, sigALRM);
281 tv.it_value.tv_sec = 0;
282 tv.it_value.tv_usec = 10 * 1000; /* 10 ms */
283 tv.it_interval = tv.it_value;
284 #ifdef HAVE_SETITIMER
285 setitimer(ITIMER_REAL, &tv, &otv);
287 ochld = signal(SIGCHLD, SIG_IGN);
290 signal(SIGCHLD, ochld != SIG_ERR ? ochld : SIG_DFL);
291 des_not_rand_data(data, size);
295 pacemaker(&tv.it_interval);
298 for(i = 0; i < 4; i++) {
299 for (igdata = 0; igdata < size;) /* igdata++ in sigALRM */
301 for (j = 0; j < size; j++) /* Only use 2 bits each lap */
302 gdata[j] = (gdata[j]>>2) | (gdata[j]<<6);
304 #ifdef HAVE_SETITIMER
305 setitimer(ITIMER_REAL, &otv, 0);
308 while(waitpid(pid, NULL, 0) != pid);
309 signal(SIGCHLD, ochld != SIG_ERR ? ochld : SIG_DFL);
311 signal(SIGALRM, osa != SIG_ERR ? osa : SIG_DFL);
315 des_rand_data(unsigned char *p, int s)
317 des_not_rand_data (p, s);
322 des_generate_random_block(des_cblock *block)
324 des_rand_data((unsigned char *)block, sizeof(*block));
328 * Generate a "random" DES key.
331 des_rand_data_key(des_cblock *key)
333 unsigned char data[8];
334 des_key_schedule sched;
336 des_rand_data(data, sizeof(data));
337 des_rand_data((unsigned char*)key, sizeof(des_cblock));
338 des_set_odd_parity(key);
339 des_key_sched(key, sched);
340 des_ecb_encrypt(&data, key, sched, DES_ENCRYPT);
341 memset(&data, 0, sizeof(data));
342 memset(&sched, 0, sizeof(sched));
343 des_set_odd_parity(key);
344 } while(des_is_weak_key(key));
348 * Generate "random" data by checksumming /dev/mem
350 * It's neccessary to be root to run it. Returns -1 if there were any
351 * problems with permissions.
354 des_mem_rand8(unsigned char *data)
360 * In case the generator does not get initialized use this as fallback.
362 static int initialized;
367 des_cblock default_seed;
369 des_generate_random_block(&default_seed);
370 des_set_odd_parity(&default_seed);
371 } while (des_is_weak_key(&default_seed));
372 des_init_random_number_generator(&default_seed);
375 #define zero_long_long(ll) do { ll[0] = ll[1] = 0; } while (0)
377 #define incr_long_long(ll) do { if (++ll[0] == 0) ++ll[1]; } while (0)
379 #define set_sequence_number(ll) \
380 memcpy((char *)sequence_index, (ll), sizeof(sequence_index));
383 * Set the sequnce number to this value (a long long).
386 des_set_sequence_number(unsigned char *ll)
388 set_sequence_number(ll);
392 * Set the generator seed and reset the sequence number to 0.
395 des_set_random_generator_seed(des_cblock *seed)
397 des_key_sched(seed, sequence_seed);
398 zero_long_long(sequence_index);
403 * Generate a sequence of random des keys
404 * using the random block sequence, fixup
405 * parity and skip weak keys.
408 des_new_random_key(des_cblock *key)
414 des_ecb_encrypt((des_cblock *) sequence_index,
418 incr_long_long(sequence_index);
419 /* random key must have odd parity and not be weak */
420 des_set_odd_parity(key);
421 } while (des_is_weak_key(key));
426 * des_init_random_number_generator:
428 * Initialize the sequence of random 64 bit blocks. The input seed
429 * can be a secret key since it should be well hidden and is also not
434 des_init_random_number_generator(des_cblock *seed)
440 gettimeofday(&now, (struct timezone *)0);
441 des_generate_random_block(&uniq);
443 /* Pick a unique random key from the shared sequence. */
444 des_set_random_generator_seed(seed);
445 set_sequence_number((unsigned char *)&uniq);
446 des_new_random_key(&new_key);
448 /* Select a new nonshared sequence, */
449 des_set_random_generator_seed(&new_key);
451 /* and use the current time to pick a key for the new sequence. */
452 set_sequence_number((unsigned char *)&now);
453 des_new_random_key(&new_key);
454 des_set_random_generator_seed(&new_key);
457 /* This is for backwards compatibility. */
459 des_random_key(des_cblock ret)
461 des_new_random_key((des_cblock *)ret);
468 unsigned char data[8];
473 if (sumFile("/dev/mem", (1024*1024*8), data) != 0)
474 { perror("sumFile"); exit(1); }
475 for (i = 0; i < 8; i++)
476 printf("%02x", data[i]);
492 des_random_key(data);
493 for (i = 0; i < 8; i++)
494 printf("%02x", data[i]);