arc4random.c 4.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191
  1. /* $$$: arc4random.c 2005/02/08 robert */
  2. /* $NetBSD: arc4random.c,v 1.5.2.1 2004/03/26 22:52:50 jmc Exp $ */
  3. /* $OpenBSD: arc4random.c,v 1.6 2001/06/05 05:05:38 pvalchev Exp $ */
  4. /*
  5. * Arc4 random number generator for OpenBSD.
  6. * Copyright 1996 David Mazieres <dm@lcs.mit.edu>.
  7. *
  8. * Modification and redistribution in source and binary forms is
  9. * permitted provided that due credit is given to the author and the
  10. * OpenBSD project by leaving this copyright notice intact.
  11. */
  12. /*
  13. * This code is derived from section 17.1 of Applied Cryptography,
  14. * second edition, which describes a stream cipher allegedly
  15. * compatible with RSA Labs "RC4" cipher (the actual description of
  16. * which is a trade secret). The same algorithm is used as a stream
  17. * cipher called "arcfour" in Tatu Ylonen's ssh package.
  18. *
  19. * Here the stream cipher has been modified always to include the time
  20. * when initializing the state. That makes it impossible to
  21. * regenerate the same random sequence twice, so this can't be used
  22. * for encryption, but will generate good random numbers.
  23. *
  24. * RC4 is a registered trademark of RSA Laboratories.
  25. */
  26. #include <features.h>
  27. #include <fcntl.h>
  28. #include <stdlib.h>
  29. #include <unistd.h>
  30. #include <sys/types.h>
  31. #include <sys/param.h>
  32. #include <sys/time.h>
  33. #ifdef __ARC4RANDOM_USE_ERANDOM__
  34. #include <sys/sysctl.h>
  35. #endif
  36. struct arc4_stream {
  37. u_int8_t i;
  38. u_int8_t j;
  39. u_int8_t s[256];
  40. };
  41. static smallint rs_initialized;
  42. static struct arc4_stream rs;
  43. static __inline__ void
  44. arc4_init(struct arc4_stream *as)
  45. {
  46. int n;
  47. for (n = 0; n < 256; n++)
  48. as->s[n] = n;
  49. as->i = 0;
  50. as->j = 0;
  51. }
  52. static __inline__ u_int8_t
  53. arc4_getbyte(struct arc4_stream *as)
  54. {
  55. u_int8_t si, sj;
  56. as->i = (as->i + 1);
  57. si = as->s[as->i];
  58. as->j = (as->j + si);
  59. sj = as->s[as->j];
  60. as->s[as->i] = sj;
  61. as->s[as->j] = si;
  62. return (as->s[(si + sj) & 0xff]);
  63. }
  64. static __inline__ void
  65. arc4_addrandom(struct arc4_stream *as, u_char *dat, int datlen)
  66. {
  67. int n;
  68. u_int8_t si;
  69. as->i--;
  70. for (n = 0; n < 256; n++) {
  71. as->i = (as->i + 1);
  72. si = as->s[as->i];
  73. as->j = (as->j + si + dat[n % datlen]);
  74. as->s[as->i] = as->s[as->j];
  75. as->s[as->j] = si;
  76. }
  77. as->j = as->i;
  78. }
  79. static void
  80. arc4_stir(struct arc4_stream *as)
  81. {
  82. int fd;
  83. struct {
  84. struct timeval tv;
  85. uint rnd[(128 - sizeof(struct timeval)) / sizeof(uint)];
  86. } rdat;
  87. int n;
  88. gettimeofday(&rdat.tv, NULL);
  89. fd = open("/dev/urandom", O_RDONLY);
  90. if (fd != -1) {
  91. read(fd, rdat.rnd, sizeof(rdat.rnd));
  92. close(fd);
  93. }
  94. #ifdef __ARC4RANDOM_USE_ERANDOM__
  95. else {
  96. int mib[3];
  97. uint i;
  98. size_t len;
  99. /* Device could not be opened, we might be chrooted, take
  100. * randomness from sysctl. */
  101. mib[0] = CTL_KERN;
  102. mib[1] = KERN_RANDOM;
  103. mib[2] = RANDOM_ERANDOM;
  104. for (i = 0; i < sizeof(rdat.rnd) / sizeof(uint); i++) {
  105. len = sizeof(uint);
  106. if (sysctl(mib, 3, &rdat.rnd[i], &len, NULL, 0) == -1)
  107. break;
  108. }
  109. }
  110. #endif
  111. arc4_addrandom(as, (void *) &rdat, sizeof(rdat));
  112. /*
  113. * Throw away the first N words of output, as suggested in the
  114. * paper "Weaknesses in the Key Scheduling Algorithm of RC4"
  115. * by Fluher, Mantin, and Shamir. N = 1024 is based on
  116. * suggestions in the paper "(Not So) Random Shuffles of RC4"
  117. * by Ilya Mironov.
  118. */
  119. for (n = 0; n < 1024; n++)
  120. arc4_getbyte(as);
  121. }
  122. static __inline__ u_int32_t
  123. arc4_getword(struct arc4_stream *as)
  124. {
  125. u_int32_t val;
  126. val = arc4_getbyte(as) << 24;
  127. val |= arc4_getbyte(as) << 16;
  128. val |= arc4_getbyte(as) << 8;
  129. val |= arc4_getbyte(as);
  130. return val;
  131. }
  132. static void
  133. __arc4random_stir(void)
  134. {
  135. if (!rs_initialized) {
  136. arc4_init(&rs);
  137. rs_initialized = 1;
  138. }
  139. arc4_stir(&rs);
  140. }
  141. strong_alias(__arc4random_stir,arc4random_stir)
  142. void
  143. arc4random_addrandom(u_char *dat, int datlen)
  144. {
  145. if (!rs_initialized)
  146. __arc4random_stir();
  147. arc4_addrandom(&rs, dat, datlen);
  148. }
  149. u_int32_t
  150. arc4random(void)
  151. {
  152. if (!rs_initialized)
  153. __arc4random_stir();
  154. return arc4_getword(&rs);
  155. }
  156. #if 0
  157. /*-------- Test code --------*/
  158. #include <stdlib.h>
  159. #include <stdio.h>
  160. int main(void) {
  161. int random_number;
  162. random_number = arc4random() % 65536;
  163. printf("%d\n", random_number);
  164. return 0;
  165. }
  166. #endif