OLD | NEW |
| (Empty) |
1 /* | |
2 * prng.c | |
3 * | |
4 * pseudorandom source | |
5 * | |
6 * David A. McGrew | |
7 * Cisco Systems, Inc. | |
8 */ | |
9 /* | |
10 * | |
11 * Copyright(c) 2001-2006 Cisco Systems, Inc. | |
12 * All rights reserved. | |
13 * | |
14 * Redistribution and use in source and binary forms, with or without | |
15 * modification, are permitted provided that the following conditions | |
16 * are met: | |
17 * | |
18 * Redistributions of source code must retain the above copyright | |
19 * notice, this list of conditions and the following disclaimer. | |
20 * | |
21 * Redistributions in binary form must reproduce the above | |
22 * copyright notice, this list of conditions and the following | |
23 * disclaimer in the documentation and/or other materials provided | |
24 * with the distribution. | |
25 * | |
26 * Neither the name of the Cisco Systems, Inc. nor the names of its | |
27 * contributors may be used to endorse or promote products derived | |
28 * from this software without specific prior written permission. | |
29 * | |
30 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | |
31 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | |
32 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS | |
33 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE | |
34 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, | |
35 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | |
36 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR | |
37 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
38 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
39 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
40 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
41 * OF THE POSSIBILITY OF SUCH DAMAGE. | |
42 * | |
43 */ | |
44 | |
45 | |
46 #ifdef HAVE_CONFIG_H | |
47 #include <config.h> | |
48 #endif | |
49 | |
50 #include "prng.h" | |
51 | |
52 /* single, global prng structure */ | |
53 | |
54 x917_prng_t x917_prng; | |
55 | |
56 err_status_t | |
57 x917_prng_init(rand_source_func_t random_source) { | |
58 uint8_t tmp_key[16]; | |
59 err_status_t status; | |
60 | |
61 /* initialize output count to zero */ | |
62 x917_prng.octet_count = 0; | |
63 | |
64 /* set random source */ | |
65 x917_prng.rand = random_source; | |
66 | |
67 /* initialize secret key from random source */ | |
68 status = random_source(tmp_key, 16); | |
69 if (status) | |
70 return status; | |
71 | |
72 /* expand aes key */ | |
73 aes_expand_encryption_key(tmp_key, 16, &x917_prng.key); | |
74 | |
75 /* initialize prng state from random source */ | |
76 status = x917_prng.rand((uint8_t *)&x917_prng.state, 16); | |
77 if (status) | |
78 return status; | |
79 | |
80 return err_status_ok; | |
81 } | |
82 | |
83 err_status_t | |
84 x917_prng_get_octet_string(uint8_t *dest, uint32_t len) { | |
85 uint32_t t; | |
86 v128_t buffer; | |
87 uint32_t i, tail_len; | |
88 err_status_t status; | |
89 | |
90 /* | |
91 * if we need to re-initialize the prng, do so now | |
92 * | |
93 * avoid overflows by subtracting instead of adding | |
94 */ | |
95 if (x917_prng.octet_count > MAX_PRNG_OUT_LEN - len) { | |
96 status = x917_prng_init(x917_prng.rand); | |
97 if (status) | |
98 return status; | |
99 } | |
100 x917_prng.octet_count += len; | |
101 | |
102 /* find out the time */ | |
103 t = (uint32_t)time(NULL); | |
104 | |
105 /* loop until we have output enough data */ | |
106 for (i=0; i < len/16; i++) { | |
107 | |
108 /* exor time into state */ | |
109 x917_prng.state.v32[0] ^= t; | |
110 | |
111 /* copy state into buffer */ | |
112 v128_copy(&buffer, &x917_prng.state); | |
113 | |
114 /* apply aes to buffer */ | |
115 aes_encrypt(&buffer, &x917_prng.key); | |
116 | |
117 /* write data to output */ | |
118 *dest++ = buffer.v8[0]; | |
119 *dest++ = buffer.v8[1]; | |
120 *dest++ = buffer.v8[2]; | |
121 *dest++ = buffer.v8[3]; | |
122 *dest++ = buffer.v8[4]; | |
123 *dest++ = buffer.v8[5]; | |
124 *dest++ = buffer.v8[6]; | |
125 *dest++ = buffer.v8[7]; | |
126 *dest++ = buffer.v8[8]; | |
127 *dest++ = buffer.v8[9]; | |
128 *dest++ = buffer.v8[10]; | |
129 *dest++ = buffer.v8[11]; | |
130 *dest++ = buffer.v8[12]; | |
131 *dest++ = buffer.v8[13]; | |
132 *dest++ = buffer.v8[14]; | |
133 *dest++ = buffer.v8[15]; | |
134 | |
135 /* exor time into buffer */ | |
136 buffer.v32[0] ^= t; | |
137 | |
138 /* encrypt buffer */ | |
139 aes_encrypt(&buffer, &x917_prng.key); | |
140 | |
141 /* copy buffer into state */ | |
142 v128_copy(&x917_prng.state, &buffer); | |
143 | |
144 } | |
145 | |
146 /* if we need to output any more octets, we'll do so now */ | |
147 tail_len = len % 16; | |
148 if (tail_len) { | |
149 | |
150 /* exor time into state */ | |
151 x917_prng.state.v32[0] ^= t; | |
152 | |
153 /* copy value into buffer */ | |
154 v128_copy(&buffer, &x917_prng.state); | |
155 | |
156 /* apply aes to buffer */ | |
157 aes_encrypt(&buffer, &x917_prng.key); | |
158 | |
159 /* write data to output */ | |
160 for (i=0; i < tail_len; i++) { | |
161 *dest++ = buffer.v8[i]; | |
162 } | |
163 | |
164 /* now update the state one more time */ | |
165 | |
166 /* exor time into buffer */ | |
167 buffer.v32[0] ^= t; | |
168 | |
169 /* encrypt buffer */ | |
170 aes_encrypt(&buffer, &x917_prng.key); | |
171 | |
172 /* copy buffer into state */ | |
173 v128_copy(&x917_prng.state, &buffer); | |
174 | |
175 } | |
176 | |
177 return err_status_ok; | |
178 } | |
179 | |
180 err_status_t | |
181 x917_prng_deinit(void) { | |
182 | |
183 return err_status_ok; | |
184 } | |
OLD | NEW |