1 /*-
2 * THE BEER-WARE LICENSE
3 *
4 * <dan@FreeBSD.ORG> wrote this file. As long as you retain this notice you
5 * can do whatever you want with this stuff. If we meet some day, and you
6 * think this stuff is worth it, you can buy me a beer in return.
7 *
8 * Dan Moschuk
9 *
10 * $FreeBSD: src/sys/libkern/arc4random.c,v 1.3.2.2 2001/09/17 07:06:50 silby Exp $
11 * $DragonFly: src/sys/libkern/arc4random.c,v 1.3 2006/09/03 17:31:55 dillon Exp $
12 */
13
14 #include <sys/types.h>
15 #include <sys/random.h>
16 #include <sys/libkern.h>
17 #include <sys/time.h>
18
19 #define ARC4_MAXRUNS 16384
20 #define ARC4_RESEED_SECONDS 300
21 #define ARC4_KEYBYTES 32 /* 256 bit key */
22
23 static u_int8_t arc4_i, arc4_j;
24 static int arc4_initialized = 0;
25 static int arc4_numruns = 0;
26 static u_int8_t arc4_sbox[256];
27 static struct timeval arc4_tv_nextreseed;
28
29 static u_int8_t arc4_randbyte(void);
30
31 static __inline void
32 arc4_swap(u_int8_t *a, u_int8_t *b)
33 {
34 u_int8_t c;
35
36 c = *a;
37 *a = *b;
38 *b = c;
39 }
40
41 /*
42 * Stir our S-box.
43 */
44 static void
45 arc4_randomstir (void)
46 {
47 u_int8_t key[256];
48 int r, n;
49
50 /*
51 * XXX read_random() returns unsafe numbers if the entropy
52 * device is not loaded -- MarkM.
53 */
54 r = read_random_unlimited(key, ARC4_KEYBYTES);
55 /* If r == 0 || -1, just use what was on the stack. */
56 if (r > 0)
57 {
58 for (n = r; n < sizeof(key); n++)
59 key[n] = key[n % r];
60 }
61
62 for (n = 0; n < 256; n++)
63 {
64 arc4_j = (arc4_j + arc4_sbox[n] + key[n]) % 256;
65 arc4_swap(&arc4_sbox[n], &arc4_sbox[arc4_j]);
66 }
67
68 /* Reset for next reseed cycle. */
69 getmicrotime(&arc4_tv_nextreseed);
70 arc4_tv_nextreseed.tv_sec += ARC4_RESEED_SECONDS;
71 arc4_numruns = 0;
72 }
73
74 /*
75 * Initialize our S-box to its beginning defaults.
76 */
77 static void
78 arc4_init(void)
79 {
80 int n;
81
82 arc4_i = arc4_j = 0;
83 for (n = 0; n < 256; n++)
84 arc4_sbox[n] = (u_int8_t) n;
85
86 arc4_randomstir();
87 arc4_initialized = 1;
88
89 /*
90 * Throw away the first N words of output, as suggested in the
91 * paper "Weaknesses in the Key Scheduling Algorithm of RC4"
92 * by Fluher, Mantin, and Shamir. (N = 256 in our case.)
93 */
94 for (n = 0; n < 256*4; n++)
95 arc4_randbyte();
96 }
97
98 /*
99 * Generate a random byte.
100 */
101 static u_int8_t
102 arc4_randbyte(void)
103 {
104 u_int8_t arc4_t;
105
106 arc4_i = (arc4_i + 1) % 256;
107 arc4_j = (arc4_j + arc4_sbox[arc4_i]) % 256;
108
109 arc4_swap(&arc4_sbox[arc4_i], &arc4_sbox[arc4_j]);
110
111 arc4_t = (arc4_sbox[arc4_i] + arc4_sbox[arc4_j]) % 256;
112 return arc4_sbox[arc4_t];
113 }
114
115 u_int32_t
116 karc4random(void)
117 {
118 u_int32_t ret;
119 struct timeval tv_now;
120
121 /* Initialize array if needed. */
122 if (!arc4_initialized)
123 arc4_init();
124
125 getmicrotime(&tv_now);
126 if ((++arc4_numruns > ARC4_MAXRUNS) ||
127 (tv_now.tv_sec > arc4_tv_nextreseed.tv_sec))
128 {
129 arc4_randomstir();
130 }
131
132 ret = arc4_randbyte();
133 ret |= arc4_randbyte() << 8;
134 ret |= arc4_randbyte() << 16;
135 ret |= arc4_randbyte() << 24;
136
137 return ret;
138 }
139
140 void
141 karc4rand(void *ptr, size_t len)
142 {
143 uint8_t *p;
144 struct timeval tv_now;
145
146 p = ptr;
147
148 /* Initialize array if needed. */
149 if (!arc4_initialized)
150 arc4_init();
151
152 getmicrotime(&tv_now);
153 if ((++arc4_numruns > ARC4_MAXRUNS) ||
154 (tv_now.tv_sec > arc4_tv_nextreseed.tv_sec))
155 {
156 arc4_randomstir();
157 }
158
159 while (len--)
160 *p++ = arc4_randbyte();
161 }
Cache object: 08536471cc169fa39d00277d47f7d6cc
|