2 * Copyright (c) 1995, 1996, 1997, 1999 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
37 RCSID("$Id: rnd_keys.c,v 1.68 2005/06/29 22:28:10 lha Exp $");
41 #include <krb5-types.h>
48 #ifdef TIME_WITH_SYS_TIME
51 #elif defined(HAVE_SYS_TIME_H)
57 #ifdef HAVE_SYS_TYPES_H
58 #include <sys/types.h>
76 * Generate "random" data by checksumming a file.
78 * Returns -1 if there were any problems with permissions or I/O
83 sumFile (const char *name, int len, void *res)
85 u_int32_t sum[2] = { 0, 0 };
86 u_int32_t buf[1024*2];
95 int n = read(fd, buf, sizeof(buf));
101 for (i = 0; i < (n/sizeof(buf[0])); i++)
110 memcpy (res, &sum, sizeof(sum));
117 md5sumFile (const char *name, int len, int32_t sum[4])
130 int n = read(fd, buf, sizeof(buf));
136 md5_update(&md5, buf, n);
139 md5_finito(&md5, (unsigned char *)sum);
146 * Create a sequence of random 64 bit blocks.
147 * The sequence is indexed with a long long and
148 * based on an initial des key used as a seed.
150 static DES_key_schedule sequence_seed;
151 static u_int32_t sequence_index[2];
154 * Random number generator based on ideas from truerand in cryptolib
155 * as described on page 424 in Applied Cryptography 2 ed. by Bruce
159 static volatile int counter;
160 static volatile unsigned char *gdata; /* Global data */
161 static volatile int igdata; /* Index into global data */
164 #if !defined(WIN32) && !defined(__EMX__) && !defined(__OS2__) && !defined(__CYGWIN32__)
165 /* Visual C++ 4.0 (Windows95/NT) */
172 gdata[igdata++] ^= counter & 0xff;
174 #ifndef HAVE_SIGACTION
175 signal(SIGALRM, sigALRM); /* Reinstall SysV signal handler */
182 #if !defined(HAVE_RANDOM) && defined(HAVE_RAND)
184 #define srandom srand
191 #if !defined(HAVE_SETITIMER) || defined(WIN32) || defined(__EMX__) || defined(__OS2__) || defined(__CYGWIN32__)
193 des_not_rand_data(unsigned char *data, int size)
197 srandom (time (NULL));
199 for(i = 0; i < size; ++i)
200 data[i] ^= random() % 0x100;
204 #if !defined(WIN32) && !defined(__EMX__) && !defined(__OS2__) && !defined(__CYGWIN32__)
206 #ifndef HAVE_SETITIMER
208 pacemaker(struct timeval *tv)
216 select(1, &fds, NULL, NULL, tv);
222 #ifdef HAVE_SIGACTION
223 /* XXX ugly hack, should perhaps use function from roken */
225 (*fake_signal(int sig, RETSIGTYPE (*f)(int)))(int)
227 struct sigaction sa, osa;
230 sigemptyset(&sa.sa_mask);
231 sigaction(sig, &sa, &osa);
232 return osa.sa_handler;
234 #define signal(S, F) fake_signal((S), (F))
238 * Generate size bytes of "random" data using timed interrupts.
239 * It takes about 40ms/byte random data.
240 * It's not neccessary to be root to run it.
243 DES_rand_data(unsigned char *data, int size)
245 struct itimerval tv, otv;
246 RETSIGTYPE (*osa)(int);
248 #ifndef HAVE_SETITIMER
249 RETSIGTYPE (*ochld)(int);
252 const char *rnd_devices[] = {"/dev/random",
259 for(p = rnd_devices; *p; p++) {
260 int fd = open(*p, O_RDONLY | O_NDELAY);
262 if(fd >= 0 && read(fd, data, size) == size) {
269 /* Paranoia? Initialize data from /dev/mem if we can read it. */
271 sumFile("/dev/mem", (1024*1024*2), data);
277 osa = signal(SIGALRM, sigALRM);
280 tv.it_value.tv_sec = 0;
281 tv.it_value.tv_usec = 10 * 1000; /* 10 ms */
282 tv.it_interval = tv.it_value;
283 #ifdef HAVE_SETITIMER
284 setitimer(ITIMER_REAL, &tv, &otv);
286 ochld = signal(SIGCHLD, SIG_IGN);
289 signal(SIGCHLD, ochld != SIG_ERR ? ochld : SIG_DFL);
290 des_not_rand_data(data, size);
294 pacemaker(&tv.it_interval);
297 for(i = 0; i < 4; i++) {
298 for (igdata = 0; igdata < size;) /* igdata++ in sigALRM */
300 for (j = 0; j < size; j++) /* Only use 2 bits each lap */
301 gdata[j] = (gdata[j]>>2) | (gdata[j]<<6);
303 #ifdef HAVE_SETITIMER
304 setitimer(ITIMER_REAL, &otv, 0);
307 while(waitpid(pid, NULL, 0) != pid);
308 signal(SIGCHLD, ochld != SIG_ERR ? ochld : SIG_DFL);
310 signal(SIGALRM, osa != SIG_ERR ? osa : SIG_DFL);
314 DES_rand_data(unsigned char *p, int s)
316 des_not_rand_data (p, s);
321 DES_generate_random_block(DES_cblock *block)
323 DES_rand_data((unsigned char *)block, sizeof(*block));
327 DES_rand_data_key(DES_cblock *key);
330 * Generate a "random" DES key.
333 DES_rand_data_key(DES_cblock *key)
335 unsigned char data[8];
336 DES_key_schedule sched;
338 DES_rand_data(data, sizeof(data));
339 DES_rand_data((unsigned char*)key, sizeof(DES_cblock));
340 DES_set_odd_parity(key);
341 DES_set_key(key, &sched);
342 DES_ecb_encrypt(&data, key, &sched, DES_ENCRYPT);
343 memset(&data, 0, sizeof(data));
344 memset(&sched, 0, sizeof(sched));
345 DES_set_odd_parity(key);
346 } while(DES_is_weak_key(key));
350 * Generate "random" data by checksumming /dev/mem
352 * It's neccessary to be root to run it. Returns -1 if there were any
353 * problems with permissions.
356 DES_mem_rand8(unsigned char *data);
359 DES_mem_rand8(unsigned char *data)
365 * In case the generator does not get initialized use this as fallback.
367 static int initialized;
372 DES_cblock default_seed;
374 DES_generate_random_block(&default_seed);
375 DES_set_odd_parity(&default_seed);
376 } while (DES_is_weak_key(&default_seed));
377 DES_init_random_number_generator(&default_seed);
380 #define zero_long_long(ll) do { ll[0] = ll[1] = 0; } while (0)
382 #define incr_long_long(ll) do { if (++ll[0] == 0) ++ll[1]; } while (0)
384 #define set_sequence_number(ll) \
385 memcpy((char *)sequence_index, (ll), sizeof(sequence_index));
388 * Set the sequnce number to this value (a long long).
391 DES_set_sequence_number(unsigned char *ll)
393 set_sequence_number(ll);
397 * Set the generator seed and reset the sequence number to 0.
400 DES_set_random_generator_seed(DES_cblock *seed)
402 DES_set_key(seed, &sequence_seed);
403 zero_long_long(sequence_index);
408 * Generate a sequence of random des keys
409 * using the random block sequence, fixup
410 * parity and skip weak keys.
413 DES_new_random_key(DES_cblock *key)
419 DES_ecb_encrypt((DES_cblock *) sequence_index,
423 incr_long_long(sequence_index);
424 /* random key must have odd parity and not be weak */
425 DES_set_odd_parity(key);
426 } while (DES_is_weak_key(key));
431 * des_init_random_number_generator:
433 * Initialize the sequence of random 64 bit blocks. The input seed
434 * can be a secret key since it should be well hidden and is also not
439 DES_init_random_number_generator(DES_cblock *seed)
445 gettimeofday(&now, (struct timezone *)0);
446 DES_generate_random_block(&uniq);
448 /* Pick a unique random key from the shared sequence. */
449 DES_set_random_generator_seed(seed);
450 set_sequence_number((unsigned char *)&uniq);
451 DES_new_random_key(&new_key);
453 /* Select a new nonshared sequence, */
454 DES_set_random_generator_seed(&new_key);
456 /* and use the current time to pick a key for the new sequence. */
457 set_sequence_number((unsigned char *)&now);
458 DES_new_random_key(&new_key);
459 DES_set_random_generator_seed(&new_key);
462 /* This is for backwards compatibility. */
464 DES_random_key(DES_cblock *ret)
466 DES_new_random_key(ret);
473 unsigned char data[8];
478 if (sumFile("/dev/mem", (1024*1024*8), data) != 0)
479 { perror("sumFile"); exit(1); }
480 for (i = 0; i < 8; i++)
481 printf("%02x", data[i]);
497 DES_random_key(data);
498 for (i = 0; i < 8; i++)
499 printf("%02x", data[i]);