1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-20 14:37:08 +01:00
gnupg/cipher/random.c

292 lines
6.8 KiB
C
Raw Normal View History

1997-11-18 14:06:00 +00:00
/* random.c - random number generator
1998-02-24 18:50:46 +00:00
* Copyright (C) 1998 Free Software Foundation, Inc.
1997-11-18 14:06:00 +00:00
*
1998-02-24 18:50:46 +00:00
* This file is part of GNUPG.
1997-11-18 14:06:00 +00:00
*
1998-02-24 18:50:46 +00:00
* GNUPG is free software; you can redistribute it and/or modify
1997-11-18 14:06:00 +00:00
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
1998-02-24 18:50:46 +00:00
* GNUPG is distributed in the hope that it will be useful,
1997-11-18 14:06:00 +00:00
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
1998-03-09 21:44:06 +00:00
/****************
1998-05-13 17:53:36 +00:00
* This random number generator is modelled after the one described
* in Peter Gutmann's Paper: "Software Generation of Practically
* Strong Random Numbers".
1998-03-09 21:44:06 +00:00
*/
1997-11-18 14:06:00 +00:00
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
1998-01-02 20:40:10 +00:00
#include <assert.h>
1997-11-18 14:06:00 +00:00
#include <errno.h>
1998-02-03 12:09:20 +00:00
#include <string.h>
1997-11-18 14:06:00 +00:00
#include "util.h"
1998-03-09 21:44:06 +00:00
#include "rmd.h"
1998-01-16 21:15:24 +00:00
#include "ttyio.h"
1998-01-28 16:09:43 +00:00
#include "i18n.h"
1998-05-13 17:53:36 +00:00
#include "rand-internal.h"
1997-11-18 14:06:00 +00:00
1998-03-09 21:44:06 +00:00
#if SIZEOF_UNSIGNED_LONG == 8
#define ADD_VALUE 0xa5a5a5a5a5a5a5a5
#elif SIZEOF_UNSIGNED_LONG == 4
#define ADD_VALUE 0xa5a5a5a5
#else
#error weird size for an unsigned long
#endif
1997-12-12 12:03:58 +00:00
struct cache {
1997-11-18 14:06:00 +00:00
int len;
1998-03-09 21:44:06 +00:00
int size;
byte *buffer;
1997-12-12 12:03:58 +00:00
};
1998-03-09 21:44:06 +00:00
static int is_initialized;
1997-12-12 12:03:58 +00:00
static struct cache cache[3];
#define MASK_LEVEL(a) do {if( a > 2 ) a = 2; else if( a < 0 ) a = 0; } while(0)
1998-03-09 21:44:06 +00:00
static char *rndpool; /* allocated size is POOLSIZE+BLOCKLEN */
static char *keypool; /* allocated size is POOLSIZE+BLOCKLEN */
static size_t pool_readpos;
static size_t pool_writepos;
static int pool_filled;
1998-03-19 15:27:29 +00:00
static int pool_balance;
1998-03-09 21:44:06 +00:00
static int just_mixed;
static int secure_alloc;
static int quick_test;
1997-12-12 12:03:58 +00:00
1998-03-09 21:44:06 +00:00
static void read_pool( byte *buffer, size_t length, int level );
1998-01-16 21:15:24 +00:00
1998-03-09 21:44:06 +00:00
static void
initialize()
{
/* The data buffer is allocated somewhat larger, so that
* we can use this extra space (which is allocated in secure memory)
* as a temporary hash buffer */
rndpool = secure_alloc ? m_alloc_secure_clear(POOLSIZE+BLOCKLEN)
: m_alloc_clear(POOLSIZE+BLOCKLEN);
keypool = secure_alloc ? m_alloc_secure_clear(POOLSIZE+BLOCKLEN)
: m_alloc_clear(POOLSIZE+BLOCKLEN);
is_initialized = 1;
}
void
secure_random_alloc()
{
secure_alloc = 1;
}
1998-05-13 17:53:36 +00:00
1998-01-16 21:15:24 +00:00
int
quick_random_gen( int onoff )
{
int last = quick_test;
if( onoff != -1 )
quick_test = onoff;
1998-05-13 17:53:36 +00:00
#ifdef USE_RAND_DUMMY
1998-02-24 18:50:46 +00:00
last = 1; /* insecure RNG */
1998-01-28 16:09:43 +00:00
#endif
1998-02-24 18:50:46 +00:00
return last;
1998-01-16 21:15:24 +00:00
}
1997-11-18 14:06:00 +00:00
/****************
1998-04-14 17:51:16 +00:00
* Fill the buffer with LENGTH bytes of cryptographically strong
1997-11-18 14:06:00 +00:00
* random bytes. level 0 is not very strong, 1 is strong enough
* for most usage, 2 is good for key generation stuff but may be very slow.
*/
void
randomize_buffer( byte *buffer, size_t length, int level )
{
for( ; length; length-- )
1997-12-12 12:03:58 +00:00
*buffer++ = get_random_byte(level);
1997-11-18 14:06:00 +00:00
}
byte
get_random_byte( int level )
{
1997-12-12 12:03:58 +00:00
MASK_LEVEL(level);
if( !cache[level].len ) {
1998-03-09 21:44:06 +00:00
if( !is_initialized )
initialize();
if( !cache[level].buffer ) {
cache[level].size = 100;
cache[level].buffer = level && secure_alloc?
m_alloc_secure( cache[level].size )
: m_alloc( cache[level].size );
}
read_pool(cache[level].buffer, cache[level].size, level );
cache[level].len = cache[level].size;
1997-11-18 14:06:00 +00:00
}
1997-12-12 12:03:58 +00:00
return cache[level].buffer[--cache[level].len];
1997-11-18 14:06:00 +00:00
}
1998-03-19 15:27:29 +00:00
/****************
* Return a pointer to a randomized buffer of level 0 and LENGTH bits
* caller must free the buffer. This function does not use the
* cache (will be removed in future). Note: The returned value is
* rounded up to bytes.
*/
byte *
get_random_bits( size_t nbits, int level, int secure )
{
byte *buf;
size_t nbytes = (nbits+7)/8;
MASK_LEVEL(level);
buf = secure? m_alloc_secure( nbytes ) : m_alloc( nbytes );
read_pool( buf, nbytes, level );
return buf;
}
1998-03-09 21:44:06 +00:00
/****************
* Mix the pool
*/
static void
mix_pool(byte *pool)
{
char *hashbuf = pool + POOLSIZE;
char *p, *pend;
int i, n;
RMD160_CONTEXT md;
rmd160_init( &md );
#if DIGESTLEN != 20
#error must have a digest length of 20 for ripe-md-160
#endif
/* loop over the pool */
pend = pool + POOLSIZE;
memcpy(hashbuf, pend - DIGESTLEN, DIGESTLEN );
memcpy(hashbuf+DIGESTLEN, pool, BLOCKLEN-DIGESTLEN);
rmd160_mixblock( &md, hashbuf);
memcpy(pool, hashbuf, 20 );
p = pool;
for( n=1; n < POOLBLOCKS; n++ ) {
memcpy(hashbuf, p, DIGESTLEN );
p += DIGESTLEN;
if( p+DIGESTLEN+BLOCKLEN < pend )
memcpy(hashbuf+DIGESTLEN, p+DIGESTLEN, BLOCKLEN-DIGESTLEN);
else {
char *pp = p+DIGESTLEN;
for(i=DIGESTLEN; i < BLOCKLEN; i++ ) {
if( pp >= pend )
pp = pool;
hashbuf[i] = *pp++;
}
}
rmd160_mixblock( &md, hashbuf);
memcpy(p, hashbuf, 20 );
}
}
static void
read_pool( byte *buffer, size_t length, int level )
{
int i;
ulong *sp, *dp;
if( length >= POOLSIZE )
BUG(); /* not allowed */
if( !level ) { /* read simple random bytes */
1998-05-13 17:53:36 +00:00
read_random_source( buffer, length, level );
1998-03-09 21:44:06 +00:00
return;
}
1998-03-19 15:27:29 +00:00
/* for level 2 make sure that there is enough random in the pool */
if( level == 2 && pool_balance < length ) {
size_t needed;
byte *p;
if( pool_balance < 0 )
pool_balance = 0;
needed = length - pool_balance;
if( needed > POOLSIZE )
BUG();
p = m_alloc_secure( needed );
1998-05-13 17:53:36 +00:00
read_random_source( p, needed, 2 ); /* read /dev/random */
1998-03-19 15:27:29 +00:00
add_randomness( p, needed, 3);
m_free(p);
pool_balance += needed;
}
1998-03-09 21:44:06 +00:00
/* make sure the pool is filled */
while( !pool_filled )
random_poll();
/* do always a fast random poll */
fast_random_poll();
/* mix the pool (if add_randomness() didn't it) */
if( !just_mixed )
mix_pool(rndpool);
/* create a new pool */
for(i=0,dp=(ulong*)keypool, sp=(ulong*)rndpool;
i < POOLWORDS; i++, dp++, sp++ )
*dp = *sp + ADD_VALUE;
/* and mix both pools */
mix_pool(rndpool);
mix_pool(keypool);
/* read the required data
* we use a readpoiter to read from a different postion each
* time */
while( length-- ) {
*buffer++ = keypool[pool_readpos++];
if( pool_readpos >= POOLSIZE )
pool_readpos = 0;
1998-03-19 15:27:29 +00:00
pool_balance--;
1998-03-09 21:44:06 +00:00
}
1998-03-19 15:27:29 +00:00
if( pool_balance < 0 )
pool_balance = 0;
1998-03-09 21:44:06 +00:00
/* and clear the keypool */
memset( keypool, 0, POOLSIZE );
}
/****************
* Add LENGTH bytes of randomness from buffer to the pool.
* source may be used to specify the randomeness source.
*/
void
add_randomness( const void *buffer, size_t length, int source )
{
if( !is_initialized )
initialize();
while( length-- ) {
rndpool[pool_writepos++] = *((byte*)buffer)++;
if( pool_writepos >= POOLSIZE ) {
1998-05-13 17:53:36 +00:00
if( source > 1 )
pool_filled = 1;
1998-03-09 21:44:06 +00:00
pool_writepos = 0;
mix_pool(rndpool);
just_mixed = !length;
}
}
}