diff options
author | Mike Frysinger <vapier@gentoo.org> | 2006-01-08 09:06:40 +0000 |
---|---|---|
committer | Mike Frysinger <vapier@gentoo.org> | 2006-01-08 09:06:40 +0000 |
commit | 50118cba9e5f1b019a125321ec7a960f49148302 (patch) | |
tree | 61f6d9819bc89e12411704aa8c02bb70d19f2d80 /libc | |
parent | 91f3e82038ed8c864242d741b1a74575392f14dd (diff) |
import the arc4random() function by ashes in Bug 90
Diffstat (limited to 'libc')
-rw-r--r-- | libc/stdlib/Makefile.in | 2 | ||||
-rw-r--r-- | libc/stdlib/arc4random.c | 208 |
2 files changed, 209 insertions, 1 deletions
diff --git a/libc/stdlib/Makefile.in b/libc/stdlib/Makefile.in index 52527e1e5..7c943dd56 100644 --- a/libc/stdlib/Makefile.in +++ b/libc/stdlib/Makefile.in @@ -62,7 +62,7 @@ CSRC:= \ getpt.c ptsname.c grantpt.c unlockpt.c gcvt.c drand48-iter.c jrand48.c \ jrand48_r.c lrand48.c lrand48_r.c mrand48.c mrand48_r.c nrand48.c \ nrand48_r.c rand_r.c srand48.c srand48_r.c seed48.c seed48_r.c \ - valloc.c posix_memalign.c a64l.c l64a.c + valloc.c posix_memalign.c a64l.c l64a.c arc4random.c ifeq ($(UCLIBC_HAS_FLOATS),y) CSRC+=drand48.c drand48_r.c erand48.c erand48_r.c endif diff --git a/libc/stdlib/arc4random.c b/libc/stdlib/arc4random.c new file mode 100644 index 000000000..ebdd7d561 --- /dev/null +++ b/libc/stdlib/arc4random.c @@ -0,0 +1,208 @@ +/* $$$: arc4random.c 2005/02/08 robert */ +/* $NetBSD: arc4random.c,v 1.5.2.1 2004/03/26 22:52:50 jmc Exp $ */ +/* $OpenBSD: arc4random.c,v 1.6 2001/06/05 05:05:38 pvalchev Exp $ */ + +/* + * Arc4 random number generator for OpenBSD. + * Copyright 1996 David Mazieres <dm@lcs.mit.edu>. + * + * Modification and redistribution in source and binary forms is + * permitted provided that due credit is given to the author and the + * OpenBSD project by leaving this copyright notice intact. + */ + +/* + * This code is derived from section 17.1 of Applied Cryptography, + * second edition, which describes a stream cipher allegedly + * compatible with RSA Labs "RC4" cipher (the actual description of + * which is a trade secret). The same algorithm is used as a stream + * cipher called "arcfour" in Tatu Ylonen's ssh package. + * + * Here the stream cipher has been modified always to include the time + * when initializing the state. That makes it impossible to + * regenerate the same random sequence twice, so this can't be used + * for encryption, but will generate good random numbers. + * + * RC4 is a registered trademark of RSA Laboratories. + */ + +#include <features.h> +#ifdef __UCLIBC_HAS_ARC4RANDOM__ + +#include <fcntl.h> +#include <stdlib.h> +#include <unistd.h> +#include <sys/types.h> +#include <sys/param.h> +#include <sys/time.h> +#ifdef __ARC4RANDOM_USE_ERANDOM__ +#include <sys/sysctl.h> +#endif + +struct arc4_stream { + u_int8_t i; + u_int8_t j; + u_int8_t s[256]; +}; + +static int rs_initialized; +static struct arc4_stream rs; + +static inline void arc4_init(struct arc4_stream *); +static inline void arc4_addrandom(struct arc4_stream *, u_char *, int); +static void arc4_stir(struct arc4_stream *); +static inline u_int8_t arc4_getbyte(struct arc4_stream *); +static inline u_int32_t arc4_getword(struct arc4_stream *); + +static inline void +arc4_init(as) + struct arc4_stream *as; +{ + int n; + + for (n = 0; n < 256; n++) + as->s[n] = n; + as->i = 0; + as->j = 0; +} + +static inline void +arc4_addrandom(as, dat, datlen) + struct arc4_stream *as; + u_char *dat; + int datlen; +{ + int n; + u_int8_t si; + + as->i--; + for (n = 0; n < 256; n++) { + as->i = (as->i + 1); + si = as->s[as->i]; + as->j = (as->j + si + dat[n % datlen]); + as->s[as->i] = as->s[as->j]; + as->s[as->j] = si; + } + as->j = as->i; +} + +static void +arc4_stir(as) + struct arc4_stream *as; +{ + int fd; + struct { + struct timeval tv; + u_int rnd[(128 - sizeof(struct timeval)) / sizeof(u_int)]; + } rdat; + int n; + + gettimeofday(&rdat.tv, NULL); + fd = __open("/dev/urandom", O_RDONLY); + if (fd != -1) { + __read(fd, rdat.rnd, sizeof(rdat.rnd)); + __close(fd); + } +#ifdef __ARC4RANDOM_USE_ERANDOM__ + else { + int mib[3]; + u_int i; + size_t len; + + /* Device could not be opened, we might be chrooted, take + * randomness from sysctl. */ + + mib[0] = CTL_KERN; + mib[1] = KERN_RANDOM; + mib[2] = RANDOM_ERANDOM; + + for (i = 0; i < sizeof(rdat.rnd) / sizeof(u_int); i++) { + len = sizeof(u_int); + if (sysctl(mib, 3, &rdat.rnd[i], &len, NULL, 0) == -1) + break; + } + } +#endif + + arc4_addrandom(as, (void *) &rdat, sizeof(rdat)); + + /* + * Throw away the first N words of output, as suggested in the + * paper "Weaknesses in the Key Scheduling Algorithm of RC4" + * by Fluher, Mantin, and Shamir. + * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps + * N = 256 in our case. + */ + for (n = 0; n < 256 * 4; n++) + arc4_getbyte(as); +} + +static inline u_int8_t +arc4_getbyte(as) + struct arc4_stream *as; +{ + u_int8_t si, sj; + + as->i = (as->i + 1); + si = as->s[as->i]; + as->j = (as->j + si); + sj = as->s[as->j]; + as->s[as->i] = sj; + as->s[as->j] = si; + return (as->s[(si + sj) & 0xff]); +} + +static inline u_int32_t +arc4_getword(as) + struct arc4_stream *as; +{ + u_int32_t val; + val = arc4_getbyte(as) << 24; + val |= arc4_getbyte(as) << 16; + val |= arc4_getbyte(as) << 8; + val |= arc4_getbyte(as); + return val; +} + +void +arc4random_stir() +{ + if (!rs_initialized) { + arc4_init(&rs); + rs_initialized = 1; + } + arc4_stir(&rs); +} + +void +arc4random_addrandom(dat, datlen) + u_char *dat; + int datlen; +{ + if (!rs_initialized) + arc4random_stir(); + arc4_addrandom(&rs, dat, datlen); +} + +u_int32_t +arc4random() +{ + if (!rs_initialized) + arc4random_stir(); + return arc4_getword(&rs); +} + +#if 0 +/*-------- Test code --------*/ +#include <stdlib.h> +#include <stdio.h> + +int main(void) { + int random_number; + random_number = arc4random() % 65536; + printf("%d\n", random_number); + return 0; +} +#endif + +#endif /* __UCLIBC_HAS_ARC4RANDOM__ */ |