Mercurial > dropbear

comparison random.c @ 4:fe6bca95afa7

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Makefile.in contains updated files required
author Matt Johnston <matt@ucc.asn.au>
date Tue, 01 Jun 2004 02:46:09 +0000
parents
children b0316ce64e4b
comparison
equal deleted inserted replaced
-1:000000000000 4:fe6bca95afa7
1 /*
2 * Dropbear - a SSH2 server
3 *
4 * Copyright (c) 2002,2003 Matt Johnston
5 * All rights reserved.
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23 * SOFTWARE. */
24
25 #include "includes.h"
26 #include "buffer.h"
27 #include "dbutil.h"
28
29 int donerandinit = 0;
30
31 /* this is used to generate unique output from the same hashpool */
32 unsigned int counter = 0;
33 #define MAX_COUNTER 1000000/* the max value for the counter, so it won't loop */
34
35 unsigned char hashpool[SHA1_HASH_SIZE];
36
37 #define INIT_SEED_SIZE 32 /* 256 bits */
38
39 static void readrand(unsigned char* buf, unsigned int buflen);
40
41 /* The basic setup is we read some data from DEV_URANDOM or PRNGD and hash it
42 * into hashpool. To read data, we hash together current hashpool contents,
43 * and a counter. We feed more data in by hashing the current pool and new
44 * data into the pool.
45 *
46 * It is important to ensure that counter doesn't wrap around before we
47 * feed in new entropy.
48 *
49 */
50
51 static void readrand(unsigned char* buf, unsigned int buflen) {
52
53 int readfd;
54 unsigned int readpos;
55 int readlen;
56 #ifdef DROPBEAR_EGD
57 struct sockaddr_un egdsock;
58 char egdcmd[2];
59 #endif
60
61 #ifdef DROPBEAR_DEV_URANDOM
62 readfd = open(DEV_URANDOM, O_RDONLY);
63 if (!readfd) {
64 dropbear_exit("couldn't open random device");
65 }
66 #endif
67
68 #ifdef DROPBEAR_EGD
69 memset((void*)&egdsock, 0x0, sizeof(egdsock));
70 egdsock.sun_family = AF_UNIX;
71 strlcpy(egdsock.sun_path, DROPBEAR_EGD_SOCKET,
72 sizeof(egdsock.sun_path));
73
74 if ((readfd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) {
75 dropbear_exit("couldn't open random device");
76 }
77 /* todo - try various common locations */
78 if (connect(readfd, (struct sockaddr*)&egdsock,
79 sizeof(struct sockaddr_un)) < 0) {
80 dropbear_exit("couldn't open random device");
81 }
82
83 if (buflen > 255)
84 dropbear_exit("can't request more than 255 bytes from egd");
85 egdcmd[0] = 0x02; /* blocking read */
86 egdcmd[1] = (unsigned char)buflen;
87 if (write(readfd, egdcmd, 2) < 0)
88 dropbear_exit("can't send command to egd");
89 #endif
90
91 /* read the actual random data */
92 readpos = 0;
93 do {
94 readlen = read(readfd, &buf[readpos], buflen - readpos);
95 if (readlen <= 0) {
96 if (readlen < 0 && errno == EINTR) {
97 continue;
98 }
99 dropbear_exit("error reading random source");
100 }
101 readpos += readlen;
102 } while (readpos < buflen);
103
104 close (readfd);
105 }
106
107 /* initialise the prng from /dev/urandom or prngd */
108 void seedrandom() {
109
110 unsigned char readbuf[INIT_SEED_SIZE];
111
112 hash_state hs;
113
114 /* initialise so compilers will be happy about hashing it */
115 if (!donerandinit) {
116 m_burn(hashpool, sizeof(hashpool));
117 }
118
119 /* get the seed data */
120 readrand(readbuf, sizeof(readbuf));
121
122 /* hash in the new seed data */
123 sha1_init(&hs);
124 sha1_process(&hs, (void*)hashpool, sizeof(hashpool));
125 sha1_process(&hs, (void*)readbuf, sizeof(readbuf));
126 sha1_done(&hs, hashpool);
127
128 counter = 0;
129 donerandinit = 1;
130 }
131
132 /* return len bytes of pseudo-random data */
133 void genrandom(unsigned char* buf, unsigned int len) {
134
135 hash_state hs;
136 unsigned char hash[SHA1_HASH_SIZE];
137 unsigned int copylen;
138
139 if (!donerandinit) {
140 dropbear_exit("seedrandom not done");
141 }
142
143 while (len > 0) {
144 sha1_init(&hs);
145 sha1_process(&hs, (void*)hashpool, sizeof(hashpool));
146 sha1_process(&hs, (void*)&counter, sizeof(counter));
147 sha1_done(&hs, hash);
148
149 counter++;
150 if (counter > MAX_COUNTER) {
151 seedrandom();
152 }
153
154 copylen = MIN(len, SHA1_HASH_SIZE);
155 memcpy(buf, hash, copylen);
156 len -= copylen;
157 buf += copylen;
158 }
159 m_burn(hash, sizeof(hash));
160 }
161
162 /* Adds entropy to the PRNG state. As long as the hash is strong, then we
163 * don't need to worry about entropy being added "diluting" the current
164 * state - it should only make it stronger. */
165 void addrandom(unsigned char* buf, unsigned int len) {
166
167 hash_state hs;
168 if (!donerandinit) {
169 dropbear_exit("seedrandom not done");
170 }
171
172 sha1_init(&hs);
173 sha1_process(&hs, (void*)buf, len);
174 sha1_process(&hs, (void*)hashpool, sizeof(hashpool));
175 sha1_done(&hs, hashpool);
176 counter = 0;
177
178 }