The Tor Browser: netwerk/srtp/src/crypto/rng/prng.c@6474c204b198 (annotated)

netwerk/srtp/src/crypto/rng/prng.c@6474c204b198 (annotated)

netwerk/srtp/src/crypto/rng/prng.c

Wed, 31 Dec 2014 06:09:35 +0100

author: Michael Schloh von Bennewitz <michael@schloh.com>
date: Wed, 31 Dec 2014 06:09:35 +0100
changeset 0: 6474c204b198
permissions: -rw-r--r--

Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.

 /*
  * prng.c
  *
  * pseudorandom source
  *
  * David A. McGrew
  * Cisco Systems, Inc.
  */
 /*
  *
  * Copyright(c) 2001-2006 Cisco Systems, Inc.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  *
  *   Redistributions of source code must retain the above copyright
  *   notice, this list of conditions and the following disclaimer.
  *
  *   Redistributions in binary form must reproduce the above
  *   copyright notice, this list of conditions and the following
  *   disclaimer in the documentation and/or other materials provided
  *   with the distribution.
  *
  *   Neither the name of the Cisco Systems, Inc. nor the names of its
  *   contributors may be used to endorse or promote products derived
  *   from this software without specific prior written permission.
  *
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
  * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
  * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  * OF THE POSSIBILITY OF SUCH DAMAGE.
  *
  */
 #include "prng.h"
 /* single, global prng structure */
 x917_prng_t x917_prng;
 err_status_t
 x917_prng_init(rand_source_func_t random_source) {
   uint8_t tmp_key[16];
   err_status_t status;
   /* initialize output count to zero */
   x917_prng.octet_count = 0;
   /* set random source */
   x917_prng.rand = random_source;
   /* initialize secret key from random source */
   status = random_source(tmp_key, 16);
   if (status)
     return status;
   /* expand aes key */
   aes_expand_encryption_key(tmp_key, 16, &x917_prng.key);
   /* initialize prng state from random source */
   status = x917_prng.rand((uint8_t *)&x917_prng.state, 16);
   if (status)
     return status;
   return err_status_ok;
 }
 err_status_t
 x917_prng_get_octet_string(uint8_t *dest, uint32_t len) {
   uint32_t t;
   v128_t buffer;
   uint32_t i, tail_len;
   err_status_t status;
   /*
    * if we need to re-initialize the prng, do so now
    *
    * avoid overflows by subtracting instead of adding
    */
   if (x917_prng.octet_count > MAX_PRNG_OUT_LEN - len) {
     status = x917_prng_init(x917_prng.rand);
     if (status)
       return status;
   }
   x917_prng.octet_count += len;
   /* find out the time */
   t = (uint32_t)time(NULL);
   /* loop until we have output enough data */
   for (i=0; i < len/16; i++) {
     /* exor time into state */
     x917_prng.state.v32[0] ^= t;
     /* copy state into buffer */
     v128_copy(&buffer, &x917_prng.state);
     /* apply aes to buffer */
     aes_encrypt(&buffer, &x917_prng.key);
     /* write data to output */
     *dest++ = buffer.v8[0];
     *dest++ = buffer.v8[1];
     *dest++ = buffer.v8[2];
     *dest++ = buffer.v8[3];
     *dest++ = buffer.v8[4];
     *dest++ = buffer.v8[5];
     *dest++ = buffer.v8[6];
     *dest++ = buffer.v8[7];
     *dest++ = buffer.v8[8];
     *dest++ = buffer.v8[9];
     *dest++ = buffer.v8[10];
     *dest++ = buffer.v8[11];
     *dest++ = buffer.v8[12];
     *dest++ = buffer.v8[13];
     *dest++ = buffer.v8[14];
     *dest++ = buffer.v8[15];
     /* exor time into buffer */
     buffer.v32[0] ^= t;
     /* encrypt buffer */
     aes_encrypt(&buffer, &x917_prng.key);
     /* copy buffer into state */
     v128_copy(&x917_prng.state, &buffer);
   }
   /* if we need to output any more octets, we'll do so now */
   tail_len = len % 16;
   if (tail_len) {
     /* exor time into state */
     x917_prng.state.v32[0] ^= t;
     /* copy value into buffer */
     v128_copy(&buffer, &x917_prng.state);
     /* apply aes to buffer */
     aes_encrypt(&buffer, &x917_prng.key);
     /* write data to output */
     for (i=0; i < tail_len; i++) {
       *dest++ = buffer.v8[i];
     }
     /* now update the state one more time */
     /* exor time into buffer */
     buffer.v32[0] ^= t;
     /* encrypt buffer */
     aes_encrypt(&buffer, &x917_prng.key);
     /* copy buffer into state */
     v128_copy(&x917_prng.state, &buffer);
   }
   return err_status_ok;
 }
 err_status_t
 x917_prng_deinit(void) {
   return err_status_ok;
 }

The Tor Browser / annotate

netwerk/srtp/src/crypto/rng/prng.c@6474c204b198 (annotated)

netwerk/srtp/src/crypto/rng/prng.c