removed prng.c from libfreeswan
This commit is contained in:
parent
e92e687584
commit
5922c484f6
|
@ -3,7 +3,7 @@ libfreeswan_a_SOURCES = addrtoa.c addrtot.c addrtypeof.c anyaddr.c atoaddr.c ato
|
|||
atosa.c atosubnet.c atoul.c copyright.c datatot.c freeswan.h \
|
||||
goodmask.c initaddr.c initsaid.c initsubnet.c internal.h ipsec_param.h \
|
||||
keyblobtoid.c pfkey_v2_build.c pfkey_v2_debug.c \
|
||||
pfkey_v2_ext_bits.c pfkey_v2_parse.c portof.c prng.c rangetoa.c \
|
||||
pfkey_v2_ext_bits.c pfkey_v2_parse.c portof.c rangetoa.c \
|
||||
pfkey.h pfkeyv2.h rangetosubnet.c sameaddr.c satoa.c \
|
||||
satot.c subnetof.c subnettoa.c subnettot.c \
|
||||
subnettypeof.c ttoaddr.c ttodata.c ttoprotoport.c ttosa.c ttosubnet.c ttoul.c \
|
||||
|
@ -15,6 +15,6 @@ INCLUDES = \
|
|||
-I$(top_srcdir)/src/pluto
|
||||
|
||||
dist_man3_MANS = anyaddr.3 atoaddr.3 atoasr.3 atosa.3 atoul.3 goodmask.3 initaddr.3 initsubnet.3 \
|
||||
keyblobtoid.3 portof.3 prng.3 rangetosubnet.3 sameaddr.3 subnetof.3 \
|
||||
keyblobtoid.3 portof.3 rangetosubnet.3 sameaddr.3 subnetof.3 \
|
||||
ttoaddr.3 ttodata.3 ttosa.3 ttoul.3
|
||||
|
||||
|
|
|
@ -206,12 +206,6 @@ void setportof(int port, ip_address *dst);
|
|||
struct sockaddr *sockaddrof(ip_address *src);
|
||||
size_t sockaddrlenof(const ip_address *src);
|
||||
|
||||
/* PRNG */
|
||||
void prng_init(struct prng *prng, const unsigned char *key, size_t keylen);
|
||||
void prng_bytes(struct prng *prng, unsigned char *dst, size_t dstlen);
|
||||
unsigned long prng_count(struct prng *prng);
|
||||
void prng_final(struct prng *prng);
|
||||
|
||||
/* odds and ends */
|
||||
const char **ipsec_copyright_notice(void);
|
||||
|
||||
|
|
|
@ -1,120 +0,0 @@
|
|||
.TH IPSEC_PRNG 3 "1 April 2002"
|
||||
.SH NAME
|
||||
ipsec prng_init \- initialize IPsec pseudorandom-number generator
|
||||
.br
|
||||
ipsec prng_bytes \- get bytes from IPsec pseudorandom-number generator
|
||||
.br
|
||||
ipsec prng_final \- close down IPsec pseudorandom-number generator
|
||||
.SH SYNOPSIS
|
||||
.B "#include <freeswan.h>
|
||||
.sp
|
||||
.B "void prng_init(struct prng *prng,"
|
||||
.ti +1c
|
||||
.B "const unsigned char *key, size_t keylen);"
|
||||
.br
|
||||
.B "void prng_bytes(struct prng *prng, char *dst,"
|
||||
.ti +1c
|
||||
.B "size_t dstlen);"
|
||||
.br
|
||||
.B "unsigned long prng_count(struct prng *prng);"
|
||||
.br
|
||||
.B "void prng_final(struct prng *prng);"
|
||||
.SH DESCRIPTION
|
||||
.I Prng_init
|
||||
initializes a crypto-quality pseudo-random-number generator from a key;
|
||||
.I prng_bytes
|
||||
obtains pseudo-random bytes from it;
|
||||
.I prng_count
|
||||
reports the number of bytes extracted from it to date;
|
||||
.I prng_final
|
||||
closes it down.
|
||||
It is the user's responsibility to initialize a PRNG before using it,
|
||||
and not to use it again after it is closed down.
|
||||
.PP
|
||||
.I Prng_init
|
||||
initializes,
|
||||
or re-initializes,
|
||||
the specified
|
||||
.I prng
|
||||
from the
|
||||
.IR key ,
|
||||
whose length is given by
|
||||
.IR keylen .
|
||||
The user must allocate the
|
||||
.B "struct prng"
|
||||
pointed to by
|
||||
.IR prng .
|
||||
There is no particular constraint on the length of the key,
|
||||
although a key longer than 256 bytes is unnecessary because
|
||||
only the first 256 would be used.
|
||||
Initialization requires on the order of 3000 integer operations,
|
||||
independent of key length.
|
||||
.PP
|
||||
.I Prng_bytes
|
||||
obtains
|
||||
.I dstlen
|
||||
pseudo-random bytes from the PRNG and puts them in
|
||||
.IR buf .
|
||||
This is quite fast,
|
||||
on the order of 10 integer operations per byte.
|
||||
.PP
|
||||
.I Prng_count
|
||||
reports the number of bytes obtained from the PRNG
|
||||
since it was (last) initialized.
|
||||
.PP
|
||||
.I Prng_final
|
||||
closes down a PRNG by
|
||||
zeroing its internal memory,
|
||||
obliterating all trace of the state used to generate its previous output.
|
||||
This requires on the order of 250 integer operations.
|
||||
.PP
|
||||
The
|
||||
.B <freeswan.h>
|
||||
header file supplies the definition of the
|
||||
.B prng
|
||||
structure.
|
||||
Examination of its innards is discouraged, as they may change.
|
||||
.PP
|
||||
The PRNG algorithm
|
||||
used by these functions is currently identical to that of RC4(TM).
|
||||
This algorithm is cryptographically strong,
|
||||
sufficiently unpredictable that even a hostile observer will
|
||||
have difficulty determining the next byte of output from past history,
|
||||
provided it is initialized from a reasonably large key composed of
|
||||
highly random bytes (see
|
||||
.IR random (4)).
|
||||
The usual run of software pseudo-random-number generators
|
||||
(e.g.
|
||||
.IR random (3))
|
||||
are
|
||||
.I not
|
||||
cryptographically strong.
|
||||
.PP
|
||||
The well-known attacks against RC4(TM),
|
||||
e.g. as found in 802.11b's WEP encryption system,
|
||||
apply only if multiple PRNGs are initialized with closely-related keys
|
||||
(e.g., using a counter appended to a base key).
|
||||
If such keys are used, the first few hundred pseudo-random bytes
|
||||
from each PRNG should be discarded,
|
||||
to give the PRNGs a chance to randomize their innards properly.
|
||||
No useful attacks are known if the key is well randomized to begin with.
|
||||
.SH SEE ALSO
|
||||
random(3), random(4)
|
||||
.br
|
||||
Bruce Schneier,
|
||||
\fIApplied Cryptography\fR, 2nd ed., 1996, ISBN 0-471-11709-9,
|
||||
pp. 397-8.
|
||||
.SH HISTORY
|
||||
Written for the FreeS/WAN project by Henry Spencer.
|
||||
.SH BUGS
|
||||
If an attempt is made to obtain more than 4e9 bytes
|
||||
between initializations,
|
||||
the PRNG will continue to work but
|
||||
.IR prng_count 's
|
||||
output will stick at
|
||||
.BR 4000000000 .
|
||||
Fixing this would require a longer integer type and does
|
||||
not seem worth the trouble,
|
||||
since you should probably re-initialize before then anyway...
|
||||
.PP
|
||||
``RC4'' is a trademark of RSA Data Security, Inc.
|
|
@ -1,200 +0,0 @@
|
|||
/*
|
||||
* crypto-class pseudorandom number generator
|
||||
* currently uses same algorithm as RC4(TM), from Schneier 2nd ed p397
|
||||
* Copyright (C) 2002 Henry Spencer.
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU Library General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
|
||||
*
|
||||
* This library is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
|
||||
* License for more details.
|
||||
*/
|
||||
#include "internal.h"
|
||||
#include "freeswan.h"
|
||||
|
||||
/*
|
||||
- prng_init - initialize PRNG from a key
|
||||
*/
|
||||
void
|
||||
prng_init(prng, key, keylen)
|
||||
struct prng *prng;
|
||||
const unsigned char *key;
|
||||
size_t keylen;
|
||||
{
|
||||
unsigned char k[256];
|
||||
int i, j;
|
||||
unsigned const char *p;
|
||||
unsigned const char *keyend = key + keylen;
|
||||
unsigned char t;
|
||||
|
||||
for (i = 0; i <= 255; i++)
|
||||
prng->sbox[i] = i;
|
||||
p = key;
|
||||
for (i = 0; i <= 255; i++) {
|
||||
k[i] = *p++;
|
||||
if (p >= keyend)
|
||||
p = key;
|
||||
}
|
||||
j = 0;
|
||||
for (i = 0; i <= 255; i++) {
|
||||
j = (j + prng->sbox[i] + k[i]) & 0xff;
|
||||
t = prng->sbox[i];
|
||||
prng->sbox[i] = prng->sbox[j];
|
||||
prng->sbox[j] = t;
|
||||
k[i] = 0; /* clear out key memory */
|
||||
}
|
||||
prng->i = 0;
|
||||
prng->j = 0;
|
||||
prng->count = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
- prng_bytes - get some pseudorandom bytes from PRNG
|
||||
*/
|
||||
void
|
||||
prng_bytes(prng, dst, dstlen)
|
||||
struct prng *prng;
|
||||
unsigned char *dst;
|
||||
size_t dstlen;
|
||||
{
|
||||
int i, j, t;
|
||||
unsigned char *p = dst;
|
||||
size_t remain = dstlen;
|
||||
# define MAX 4000000000ul
|
||||
|
||||
while (remain > 0) {
|
||||
i = (prng->i + 1) & 0xff;
|
||||
prng->i = i;
|
||||
j = (prng->j + prng->sbox[i]) & 0xff;
|
||||
prng->j = j;
|
||||
t = prng->sbox[i];
|
||||
prng->sbox[i] = prng->sbox[j];
|
||||
prng->sbox[j] = t;
|
||||
t = (t + prng->sbox[i]) & 0xff;
|
||||
*p++ = prng->sbox[t];
|
||||
remain--;
|
||||
}
|
||||
if (prng->count < MAX - dstlen)
|
||||
prng->count += dstlen;
|
||||
else
|
||||
prng->count = MAX;
|
||||
}
|
||||
|
||||
/*
|
||||
- prnt_count - how many bytes have been extracted from PRNG so far?
|
||||
*/
|
||||
unsigned long
|
||||
prng_count(prng)
|
||||
struct prng *prng;
|
||||
{
|
||||
return prng->count;
|
||||
}
|
||||
|
||||
/*
|
||||
- prng_final - clear out PRNG to ensure nothing left in memory
|
||||
*/
|
||||
void
|
||||
prng_final(prng)
|
||||
struct prng *prng;
|
||||
{
|
||||
int i;
|
||||
|
||||
for (i = 0; i <= 255; i++)
|
||||
prng->sbox[i] = 0;
|
||||
prng->i = 0;
|
||||
prng->j = 0;
|
||||
prng->count = 0; /* just for good measure */
|
||||
}
|
||||
|
||||
|
||||
|
||||
#ifdef PRNG_MAIN
|
||||
|
||||
#include <stdio.h>
|
||||
|
||||
void regress();
|
||||
|
||||
int
|
||||
main(argc, argv)
|
||||
int argc;
|
||||
char *argv[];
|
||||
{
|
||||
struct prng pr;
|
||||
unsigned char buf[100];
|
||||
unsigned char *p;
|
||||
size_t n;
|
||||
|
||||
if (argc < 2) {
|
||||
fprintf(stderr, "Usage: %s {key|-r}\n", argv[0]);
|
||||
exit(2);
|
||||
}
|
||||
|
||||
if (strcmp(argv[1], "-r") == 0) {
|
||||
regress();
|
||||
fprintf(stderr, "regress() returned?!?\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
prng_init(&pr, argv[1], strlen(argv[1]));
|
||||
prng_bytes(&pr, buf, 32);
|
||||
printf("0x");
|
||||
for (p = buf, n = 32; n > 0; p++, n--)
|
||||
printf("%02x", *p);
|
||||
printf("\n%lu bytes\n", prng_count(&pr));
|
||||
prng_final(&pr);
|
||||
exit(0);
|
||||
}
|
||||
|
||||
void
|
||||
regress()
|
||||
{
|
||||
struct prng pr;
|
||||
unsigned char buf[100];
|
||||
unsigned char *p;
|
||||
size_t n;
|
||||
/* somewhat non-random sample key */
|
||||
unsigned char key[] = "here we go gathering nuts in May";
|
||||
/* first thirty bytes of output from that key */
|
||||
unsigned char good[] = "\x3f\x02\x8e\x4a\x2a\xea\x23\x18\x92\x7c"
|
||||
"\x09\x52\x83\x61\xaa\x26\xce\xbb\x9d\x71"
|
||||
"\x71\xe5\x10\x22\xaf\x60\x54\x8d\x5b\x28";
|
||||
int nzero, none;
|
||||
int show = 0;
|
||||
|
||||
prng_init(&pr, key, strlen(key));
|
||||
prng_bytes(&pr, buf, sizeof(buf));
|
||||
for (p = buf, n = sizeof(buf); n > 0; p++, n--) {
|
||||
if (*p == 0)
|
||||
nzero++;
|
||||
if (*p == 255)
|
||||
none++;
|
||||
}
|
||||
if (nzero > 3 || none > 3) {
|
||||
fprintf(stderr, "suspiciously non-random output!\n");
|
||||
show = 1;
|
||||
}
|
||||
if (memcmp(buf, good, strlen(good)) != 0) {
|
||||
fprintf(stderr, "incorrect output!\n");
|
||||
show = 1;
|
||||
}
|
||||
if (show) {
|
||||
fprintf(stderr, "0x");
|
||||
for (p = buf, n = sizeof(buf); n > 0; p++, n--)
|
||||
fprintf(stderr, "%02x", *p);
|
||||
fprintf(stderr, "\n");
|
||||
exit(1);
|
||||
}
|
||||
if (prng_count(&pr) != sizeof(buf)) {
|
||||
fprintf(stderr, "got %u bytes, but count is %lu\n",
|
||||
sizeof(buf), prng_count(&pr));
|
||||
exit(1);
|
||||
}
|
||||
prng_final(&pr);
|
||||
exit(0);
|
||||
}
|
||||
|
||||
#endif /* PRNG_MAIN */
|
Loading…
Reference in New Issue