The Tor Browser: netwerk/srtp/src/crypto/rng/prng.c@6474c204b198

Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.

     1 /*

     2  * prng.c

     3  *

     4  * pseudorandom source

     5  *

     6  * David A. McGrew

     7  * Cisco Systems, Inc.

     8  */

     9 /*

    10  *

    11  * Copyright(c) 2001-2006 Cisco Systems, Inc.

    12  * All rights reserved.

    13  *

    14  * Redistribution and use in source and binary forms, with or without

    15  * modification, are permitted provided that the following conditions

    16  * are met:

    17  *

    18  *   Redistributions of source code must retain the above copyright

    19  *   notice, this list of conditions and the following disclaimer.

    20  *

    21  *   Redistributions in binary form must reproduce the above

    22  *   copyright notice, this list of conditions and the following

    23  *   disclaimer in the documentation and/or other materials provided

    24  *   with the distribution.

    25  *

    26  *   Neither the name of the Cisco Systems, Inc. nor the names of its

    27  *   contributors may be used to endorse or promote products derived

    28  *   from this software without specific prior written permission.

    29  *

    30  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS

    31  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT

    32  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS

    33  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE

    34  * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,

    35  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES

    36  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR

    37  * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

    38  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

    39  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

    40  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

    41  * OF THE POSSIBILITY OF SUCH DAMAGE.

    42  *

    43  */

    46 #include "prng.h"

    48 /* single, global prng structure */

    50 x917_prng_t x917_prng;

    52 err_status_t

    53 x917_prng_init(rand_source_func_t random_source) {

    54   uint8_t tmp_key[16];

    55   err_status_t status;

    57   /* initialize output count to zero */

    58   x917_prng.octet_count = 0;

    60   /* set random source */

    61   x917_prng.rand = random_source;

    63   /* initialize secret key from random source */

    64   status = random_source(tmp_key, 16);

    65   if (status)

    66     return status;

    68   /* expand aes key */

    69   aes_expand_encryption_key(tmp_key, 16, &x917_prng.key);

    71   /* initialize prng state from random source */

    72   status = x917_prng.rand((uint8_t *)&x917_prng.state, 16);

    73   if (status)

    74     return status;

    76   return err_status_ok;

    77 }

    79 err_status_t

    80 x917_prng_get_octet_string(uint8_t *dest, uint32_t len) {

    81   uint32_t t;

    82   v128_t buffer;

    83   uint32_t i, tail_len;

    84   err_status_t status;

    86   /*

    87    * if we need to re-initialize the prng, do so now

    88    *

    89    * avoid overflows by subtracting instead of adding

    90    */

    91   if (x917_prng.octet_count > MAX_PRNG_OUT_LEN - len) {

    92     status = x917_prng_init(x917_prng.rand);

    93     if (status)

    94       return status;

    95   }

    96   x917_prng.octet_count += len;

    98   /* find out the time */

    99   t = (uint32_t)time(NULL);

   101   /* loop until we have output enough data */

   102   for (i=0; i < len/16; i++) {

   104     /* exor time into state */

   105     x917_prng.state.v32[0] ^= t;

   107     /* copy state into buffer */

   108     v128_copy(&buffer, &x917_prng.state);

   110     /* apply aes to buffer */

   111     aes_encrypt(&buffer, &x917_prng.key);

   113     /* write data to output */

   114     *dest++ = buffer.v8[0];

   115     *dest++ = buffer.v8[1];

   116     *dest++ = buffer.v8[2];

   117     *dest++ = buffer.v8[3];

   118     *dest++ = buffer.v8[4];

   119     *dest++ = buffer.v8[5];

   120     *dest++ = buffer.v8[6];

   121     *dest++ = buffer.v8[7];

   122     *dest++ = buffer.v8[8];

   123     *dest++ = buffer.v8[9];

   124     *dest++ = buffer.v8[10];

   125     *dest++ = buffer.v8[11];

   126     *dest++ = buffer.v8[12];

   127     *dest++ = buffer.v8[13];

   128     *dest++ = buffer.v8[14];

   129     *dest++ = buffer.v8[15];

   131     /* exor time into buffer */

   132     buffer.v32[0] ^= t;

   134     /* encrypt buffer */

   135     aes_encrypt(&buffer, &x917_prng.key);

   137     /* copy buffer into state */

   138     v128_copy(&x917_prng.state, &buffer);

   140   }

   142   /* if we need to output any more octets, we'll do so now */

   143   tail_len = len % 16;

   144   if (tail_len) {

   146     /* exor time into state */

   147     x917_prng.state.v32[0] ^= t;

   149     /* copy value into buffer */

   150     v128_copy(&buffer, &x917_prng.state);

   152     /* apply aes to buffer */

   153     aes_encrypt(&buffer, &x917_prng.key);

   155     /* write data to output */

   156     for (i=0; i < tail_len; i++) {

   157       *dest++ = buffer.v8[i];

   158     }

   160     /* now update the state one more time */

   162     /* exor time into buffer */

   163     buffer.v32[0] ^= t;

   165     /* encrypt buffer */

   166     aes_encrypt(&buffer, &x917_prng.key);

   168     /* copy buffer into state */

   169     v128_copy(&x917_prng.state, &buffer);

   171   }

   173   return err_status_ok;

   174 }

   176 err_status_t

   177 x917_prng_deinit(void) {

   179   return err_status_ok;

   180 }

The Tor Browser / file revision