The Tor Browser / file comparison
comparison: netwerk/srtp/src/crypto/rng/prng.c
netwerk/srtp/src/crypto/rng/prng.c
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
equal
deleted
inserted
replaced
| -1:000000000000 | 0:435fe28e84ae |
|---|---|
| 1 /* | |
| 2 * prng.c | |
| 3 * | |
| 4 * pseudorandom source | |
| 5 * | |
| 6 * David A. McGrew | |
| 7 * Cisco Systems, Inc. | |
| 8 */ | |
| 9 /* | |
| 10 * | |
| 11 * Copyright(c) 2001-2006 Cisco Systems, Inc. | |
| 12 * All rights reserved. | |
| 13 * | |
| 14 * Redistribution and use in source and binary forms, with or without | |
| 15 * modification, are permitted provided that the following conditions | |
| 16 * are met: | |
| 17 * | |
| 18 * Redistributions of source code must retain the above copyright | |
| 19 * notice, this list of conditions and the following disclaimer. | |
| 20 * | |
| 21 * Redistributions in binary form must reproduce the above | |
| 22 * copyright notice, this list of conditions and the following | |
| 23 * disclaimer in the documentation and/or other materials provided | |
| 24 * with the distribution. | |
| 25 * | |
| 26 * Neither the name of the Cisco Systems, Inc. nor the names of its | |
| 27 * contributors may be used to endorse or promote products derived | |
| 28 * from this software without specific prior written permission. | |
| 29 * | |
| 30 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | |
| 31 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | |
| 32 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS | |
| 33 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE | |
| 34 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, | |
| 35 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | |
| 36 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR | |
| 37 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
| 38 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
| 39 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
| 40 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
| 41 * OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 42 * | |
| 43 */ | |
| 44 | |
| 45 | |
| 46 #include "prng.h" | |
| 47 | |
| 48 /* single, global prng structure */ | |
| 49 | |
| 50 x917_prng_t x917_prng; | |
| 51 | |
| 52 err_status_t | |
| 53 x917_prng_init(rand_source_func_t random_source) { | |
| 54 uint8_t tmp_key[16]; | |
| 55 err_status_t status; | |
| 56 | |
| 57 /* initialize output count to zero */ | |
| 58 x917_prng.octet_count = 0; | |
| 59 | |
| 60 /* set random source */ | |
| 61 x917_prng.rand = random_source; | |
| 62 | |
| 63 /* initialize secret key from random source */ | |
| 64 status = random_source(tmp_key, 16); | |
| 65 if (status) | |
| 66 return status; | |
| 67 | |
| 68 /* expand aes key */ | |
| 69 aes_expand_encryption_key(tmp_key, 16, &x917_prng.key); | |
| 70 | |
| 71 /* initialize prng state from random source */ | |
| 72 status = x917_prng.rand((uint8_t *)&x917_prng.state, 16); | |
| 73 if (status) | |
| 74 return status; | |
| 75 | |
| 76 return err_status_ok; | |
| 77 } | |
| 78 | |
| 79 err_status_t | |
| 80 x917_prng_get_octet_string(uint8_t *dest, uint32_t len) { | |
| 81 uint32_t t; | |
| 82 v128_t buffer; | |
| 83 uint32_t i, tail_len; | |
| 84 err_status_t status; | |
| 85 | |
| 86 /* | |
| 87 * if we need to re-initialize the prng, do so now | |
| 88 * | |
| 89 * avoid overflows by subtracting instead of adding | |
| 90 */ | |
| 91 if (x917_prng.octet_count > MAX_PRNG_OUT_LEN - len) { | |
| 92 status = x917_prng_init(x917_prng.rand); | |
| 93 if (status) | |
| 94 return status; | |
| 95 } | |
| 96 x917_prng.octet_count += len; | |
| 97 | |
| 98 /* find out the time */ | |
| 99 t = (uint32_t)time(NULL); | |
| 100 | |
| 101 /* loop until we have output enough data */ | |
| 102 for (i=0; i < len/16; i++) { | |
| 103 | |
| 104 /* exor time into state */ | |
| 105 x917_prng.state.v32[0] ^= t; | |
| 106 | |
| 107 /* copy state into buffer */ | |
| 108 v128_copy(&buffer, &x917_prng.state); | |
| 109 | |
| 110 /* apply aes to buffer */ | |
| 111 aes_encrypt(&buffer, &x917_prng.key); | |
| 112 | |
| 113 /* write data to output */ | |
| 114 *dest++ = buffer.v8[0]; | |
| 115 *dest++ = buffer.v8[1]; | |
| 116 *dest++ = buffer.v8[2]; | |
| 117 *dest++ = buffer.v8[3]; | |
| 118 *dest++ = buffer.v8[4]; | |
| 119 *dest++ = buffer.v8[5]; | |
| 120 *dest++ = buffer.v8[6]; | |
| 121 *dest++ = buffer.v8[7]; | |
| 122 *dest++ = buffer.v8[8]; | |
| 123 *dest++ = buffer.v8[9]; | |
| 124 *dest++ = buffer.v8[10]; | |
| 125 *dest++ = buffer.v8[11]; | |
| 126 *dest++ = buffer.v8[12]; | |
| 127 *dest++ = buffer.v8[13]; | |
| 128 *dest++ = buffer.v8[14]; | |
| 129 *dest++ = buffer.v8[15]; | |
| 130 | |
| 131 /* exor time into buffer */ | |
| 132 buffer.v32[0] ^= t; | |
| 133 | |
| 134 /* encrypt buffer */ | |
| 135 aes_encrypt(&buffer, &x917_prng.key); | |
| 136 | |
| 137 /* copy buffer into state */ | |
| 138 v128_copy(&x917_prng.state, &buffer); | |
| 139 | |
| 140 } | |
| 141 | |
| 142 /* if we need to output any more octets, we'll do so now */ | |
| 143 tail_len = len % 16; | |
| 144 if (tail_len) { | |
| 145 | |
| 146 /* exor time into state */ | |
| 147 x917_prng.state.v32[0] ^= t; | |
| 148 | |
| 149 /* copy value into buffer */ | |
| 150 v128_copy(&buffer, &x917_prng.state); | |
| 151 | |
| 152 /* apply aes to buffer */ | |
| 153 aes_encrypt(&buffer, &x917_prng.key); | |
| 154 | |
| 155 /* write data to output */ | |
| 156 for (i=0; i < tail_len; i++) { | |
| 157 *dest++ = buffer.v8[i]; | |
| 158 } | |
| 159 | |
| 160 /* now update the state one more time */ | |
| 161 | |
| 162 /* exor time into buffer */ | |
| 163 buffer.v32[0] ^= t; | |
| 164 | |
| 165 /* encrypt buffer */ | |
| 166 aes_encrypt(&buffer, &x917_prng.key); | |
| 167 | |
| 168 /* copy buffer into state */ | |
| 169 v128_copy(&x917_prng.state, &buffer); | |
| 170 | |
| 171 } | |
| 172 | |
| 173 return err_status_ok; | |
| 174 } | |
| 175 | |
| 176 err_status_t | |
| 177 x917_prng_deinit(void) { | |
| 178 | |
| 179 return err_status_ok; | |
| 180 } |
