removed prng.c from libfreeswan

src/libfreeswan/Makefile.am

@@ -3,7 +3,7 @@ libfreeswan_a_SOURCES = addrtoa.c addrtot.c addrtypeof.c anyaddr.c atoaddr.c ato
 			atosa.c atosubnet.c atoul.c copyright.c datatot.c freeswan.h \
 			goodmask.c initaddr.c initsaid.c initsubnet.c internal.h ipsec_param.h \
 			keyblobtoid.c pfkey_v2_build.c pfkey_v2_debug.c \
-			pfkey_v2_ext_bits.c pfkey_v2_parse.c portof.c prng.c rangetoa.c \
+			pfkey_v2_ext_bits.c pfkey_v2_parse.c portof.c rangetoa.c \
 			pfkey.h pfkeyv2.h rangetosubnet.c sameaddr.c satoa.c \
 			satot.c subnetof.c subnettoa.c subnettot.c \
 			subnettypeof.c ttoaddr.c ttodata.c ttoprotoport.c ttosa.c ttosubnet.c ttoul.c \
@@ -15,6 +15,6 @@ INCLUDES = \
 -I$(top_srcdir)/src/pluto
 
 dist_man3_MANS = anyaddr.3 atoaddr.3 atoasr.3 atosa.3 atoul.3 goodmask.3 initaddr.3 initsubnet.3 \
-                 keyblobtoid.3 portof.3 prng.3 rangetosubnet.3 sameaddr.3 subnetof.3 \
+                 keyblobtoid.3 portof.3 rangetosubnet.3 sameaddr.3 subnetof.3 \
                  ttoaddr.3 ttodata.3 ttosa.3 ttoul.3
 

src/libfreeswan/freeswan.h

@@ -206,12 +206,6 @@ void setportof(int port, ip_address *dst);
 struct sockaddr *sockaddrof(ip_address *src);
 size_t sockaddrlenof(const ip_address *src);
 
-/* PRNG */
-void prng_init(struct prng *prng, const unsigned char *key, size_t keylen);
-void prng_bytes(struct prng *prng, unsigned char *dst, size_t dstlen);
-unsigned long prng_count(struct prng *prng);
-void prng_final(struct prng *prng);
-
 /* odds and ends */
 const char **ipsec_copyright_notice(void);
 

src/libfreeswan/prng.3

@@ -1,120 +0,0 @@
-.TH IPSEC_PRNG 3 "1 April 2002"
-.SH NAME
-ipsec prng_init \- initialize IPsec pseudorandom-number generator
-.br
-ipsec prng_bytes \- get bytes from IPsec pseudorandom-number generator
-.br
-ipsec prng_final \- close down IPsec pseudorandom-number generator
-.SH SYNOPSIS
-.B "#include <freeswan.h>
-.sp
-.B "void prng_init(struct prng *prng,"
-.ti +1c
-.B "const unsigned char *key, size_t keylen);"
-.br
-.B "void prng_bytes(struct prng *prng, char *dst,"
-.ti +1c
-.B "size_t dstlen);"
-.br
-.B "unsigned long prng_count(struct prng *prng);"
-.br
-.B "void prng_final(struct prng *prng);"
-.SH DESCRIPTION
-.I Prng_init
-initializes a crypto-quality pseudo-random-number generator from a key;
-.I prng_bytes
-obtains pseudo-random bytes from it;
-.I prng_count
-reports the number of bytes extracted from it to date;
-.I prng_final
-closes it down.
-It is the user's responsibility to initialize a PRNG before using it,
-and not to use it again after it is closed down.
-.PP
-.I Prng_init
-initializes,
-or re-initializes,
-the specified
-.I prng
-from the
-.IR key ,
-whose length is given by
-.IR keylen .
-The user must allocate the
-.B "struct prng"
-pointed to by
-.IR prng .
-There is no particular constraint on the length of the key,
-although a key longer than 256 bytes is unnecessary because
-only the first 256 would be used.
-Initialization requires on the order of 3000 integer operations,
-independent of key length.
-.PP
-.I Prng_bytes
-obtains
-.I dstlen
-pseudo-random bytes from the PRNG and puts them in
-.IR buf .
-This is quite fast,
-on the order of 10 integer operations per byte.
-.PP
-.I Prng_count
-reports the number of bytes obtained from the PRNG
-since it was (last) initialized.
-.PP
-.I Prng_final
-closes down a PRNG by
-zeroing its internal memory,
-obliterating all trace of the state used to generate its previous output.
-This requires on the order of 250 integer operations.
-.PP
-The
-.B <freeswan.h>
-header file supplies the definition of the
-.B prng
-structure.
-Examination of its innards is discouraged, as they may change.
-.PP
-The PRNG algorithm
-used by these functions is currently identical to that of RC4(TM).
-This algorithm is cryptographically strong,
-sufficiently unpredictable that even a hostile observer will
-have difficulty determining the next byte of output from past history,
-provided it is initialized from a reasonably large key composed of
-highly random bytes (see
-.IR random (4)).
-The usual run of software pseudo-random-number generators
-(e.g.
-.IR random (3))
-are
-.I not
-cryptographically strong.
-.PP
-The well-known attacks against RC4(TM),
-e.g. as found in 802.11b's WEP encryption system,
-apply only if multiple PRNGs are initialized with closely-related keys
-(e.g., using a counter appended to a base key).
-If such keys are used, the first few hundred pseudo-random bytes
-from each PRNG should be discarded,
-to give the PRNGs a chance to randomize their innards properly.
-No useful attacks are known if the key is well randomized to begin with.
-.SH SEE ALSO
-random(3), random(4)
-.br
-Bruce Schneier,
-\fIApplied Cryptography\fR, 2nd ed., 1996, ISBN 0-471-11709-9,
-pp. 397-8.
-.SH HISTORY
-Written for the FreeS/WAN project by Henry Spencer.
-.SH BUGS
-If an attempt is made to obtain more than 4e9 bytes
-between initializations,
-the PRNG will continue to work but
-.IR prng_count 's
-output will stick at
-.BR 4000000000 .
-Fixing this would require a longer integer type and does
-not seem worth the trouble,
-since you should probably re-initialize before then anyway...
-.PP
-``RC4'' is a trademark of RSA Data Security, Inc.

src/libfreeswan/prng.c

@@ -1,200 +0,0 @@
-/*
- * crypto-class pseudorandom number generator
- * currently uses same algorithm as RC4(TM), from Schneier 2nd ed p397
- * Copyright (C) 2002  Henry Spencer.
- *
- * This library is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Library General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/lgpl.txt>.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Library General Public
- * License for more details.
- */
-#include "internal.h"
-#include "freeswan.h"
-
-/*
- - prng_init - initialize PRNG from a key
- */
-void
-prng_init(prng, key, keylen)
-struct prng *prng;
-const unsigned char *key;
-size_t keylen;
-{
-	unsigned char k[256];
-	int i, j;
-	unsigned const char *p;
-	unsigned const char *keyend = key + keylen;
-	unsigned char t;
-
-	for (i = 0; i <= 255; i++)
-		prng->sbox[i] = i;
-	p = key;
-	for (i = 0; i <= 255; i++) {
-		k[i] = *p++;
-		if (p >= keyend)
-			p = key;
-	}
-	j = 0;
-	for (i = 0; i <= 255; i++) {
-		j = (j + prng->sbox[i] + k[i]) & 0xff;
-		t = prng->sbox[i];
-		prng->sbox[i] = prng->sbox[j];
-		prng->sbox[j] = t;
-		k[i] = 0;	/* clear out key memory */
-	}
-	prng->i = 0;
-	prng->j = 0;
-	prng->count = 0;
-}
-
-/*
- - prng_bytes - get some pseudorandom bytes from PRNG
- */
-void
-prng_bytes(prng, dst, dstlen)
-struct prng *prng;
-unsigned char *dst;
-size_t dstlen;
-{
-	int i, j, t;
-	unsigned char *p = dst;
-	size_t remain = dstlen;
-#	define	MAX	4000000000ul
-
-	while (remain > 0) {
-		i = (prng->i + 1) & 0xff;
-		prng->i = i;
-		j = (prng->j + prng->sbox[i]) & 0xff;
-		prng->j = j;
-		t = prng->sbox[i];
-		prng->sbox[i] = prng->sbox[j];
-		prng->sbox[j] = t;
-		t = (t + prng->sbox[i]) & 0xff;
-		*p++ = prng->sbox[t];
-		remain--;
-	}
-	if (prng->count < MAX - dstlen)
-		prng->count += dstlen;
-	else
-		prng->count = MAX;
-}
-
-/*
- - prnt_count - how many bytes have been extracted from PRNG so far?
- */
-unsigned long
-prng_count(prng)
-struct prng *prng;
-{
-	return prng->count;
-}
-
-/*
- - prng_final - clear out PRNG to ensure nothing left in memory
- */
-void
-prng_final(prng)
-struct prng *prng;
-{
-	int i;
-
-	for (i = 0; i <= 255; i++)
-		prng->sbox[i] = 0;
-	prng->i = 0;
-	prng->j = 0;
-	prng->count = 0;	/* just for good measure */
-}
-
-
-
-#ifdef PRNG_MAIN
-
-#include <stdio.h>
-
-void regress();
-
-int
-main(argc, argv)
-int argc;
-char *argv[];
-{
-	struct prng pr;
-	unsigned char buf[100];
-	unsigned char *p;
-	size_t n;
-
-	if (argc < 2) {
-		fprintf(stderr, "Usage: %s {key|-r}\n", argv[0]);
-		exit(2);
-	}
-
-	if (strcmp(argv[1], "-r") == 0) {
-		regress();
-		fprintf(stderr, "regress() returned?!?\n");
-		exit(1);
-	}
-
-	prng_init(&pr, argv[1], strlen(argv[1]));
-	prng_bytes(&pr, buf, 32);
-	printf("0x");
-	for (p = buf, n = 32; n > 0; p++, n--)
-		printf("%02x", *p);
-	printf("\n%lu bytes\n", prng_count(&pr));
-	prng_final(&pr);
-	exit(0);
-}
-
-void
-regress()
-{
-	struct prng pr;
-	unsigned char buf[100];
-	unsigned char *p;
-	size_t n;
-	/* somewhat non-random sample key */
-	unsigned char key[] = "here we go gathering nuts in May";
-	/* first thirty bytes of output from that key */
-	unsigned char good[] = "\x3f\x02\x8e\x4a\x2a\xea\x23\x18\x92\x7c"
-				"\x09\x52\x83\x61\xaa\x26\xce\xbb\x9d\x71"
-				"\x71\xe5\x10\x22\xaf\x60\x54\x8d\x5b\x28";
-	int nzero, none;
-	int show = 0;
-
-	prng_init(&pr, key, strlen(key));
-	prng_bytes(&pr, buf, sizeof(buf));
-	for (p = buf, n = sizeof(buf); n > 0; p++, n--) {
-		if (*p == 0)
-			nzero++;
-		if (*p == 255)
-			none++;
-	}
-	if (nzero > 3 || none > 3) {
-		fprintf(stderr, "suspiciously non-random output!\n");
-		show = 1;
-	}
-	if (memcmp(buf, good, strlen(good)) != 0) {
-		fprintf(stderr, "incorrect output!\n");
-		show = 1;
-	}
-	if (show) {
-		fprintf(stderr, "0x");
-		for (p = buf, n = sizeof(buf); n > 0; p++, n--)
-			fprintf(stderr, "%02x", *p);
-		fprintf(stderr, "\n");
-		exit(1);
-	}
-	if (prng_count(&pr) != sizeof(buf)) {
-		fprintf(stderr, "got %u bytes, but count is %lu\n",
-					sizeof(buf), prng_count(&pr));
-		exit(1);
-	}
-	prng_final(&pr);
-	exit(0);
-}
-
-#endif /* PRNG_MAIN */