forked from Mirrors/freeswitch
181 lines
4.6 KiB
C
181 lines
4.6 KiB
C
/*
|
|
* prng.c
|
|
*
|
|
* pseudorandom source
|
|
*
|
|
* David A. McGrew
|
|
* Cisco Systems, Inc.
|
|
*/
|
|
/*
|
|
*
|
|
* Copyright(c) 2001-2006 Cisco Systems, Inc.
|
|
* All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
*
|
|
* Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
*
|
|
* Redistributions in binary form must reproduce the above
|
|
* copyright notice, this list of conditions and the following
|
|
* disclaimer in the documentation and/or other materials provided
|
|
* with the distribution.
|
|
*
|
|
* Neither the name of the Cisco Systems, Inc. nor the names of its
|
|
* contributors may be used to endorse or promote products derived
|
|
* from this software without specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
|
|
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
|
* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
|
|
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
|
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
|
|
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
|
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
*
|
|
*/
|
|
|
|
|
|
#include "prng.h"
|
|
|
|
/* single, global prng structure */
|
|
|
|
x917_prng_t x917_prng;
|
|
|
|
err_status_t
|
|
x917_prng_init(rand_source_func_t random_source) {
|
|
uint8_t tmp_key[16];
|
|
err_status_t status;
|
|
|
|
/* initialize output count to zero */
|
|
x917_prng.octet_count = 0;
|
|
|
|
/* set random source */
|
|
x917_prng.rand = random_source;
|
|
|
|
/* initialize secret key from random source */
|
|
status = random_source(tmp_key, 16);
|
|
if (status)
|
|
return status;
|
|
|
|
/* expand aes key */
|
|
aes_expand_encryption_key(tmp_key, 16, &x917_prng.key);
|
|
|
|
/* initialize prng state from random source */
|
|
status = x917_prng.rand((uint8_t *)&x917_prng.state, 16);
|
|
if (status)
|
|
return status;
|
|
|
|
return err_status_ok;
|
|
}
|
|
|
|
err_status_t
|
|
x917_prng_get_octet_string(uint8_t *dest, uint32_t len) {
|
|
uint32_t t;
|
|
v128_t buffer;
|
|
uint32_t i, tail_len;
|
|
err_status_t status;
|
|
|
|
/*
|
|
* if we need to re-initialize the prng, do so now
|
|
*
|
|
* avoid overflows by subtracting instead of adding
|
|
*/
|
|
if (x917_prng.octet_count > MAX_PRNG_OUT_LEN - len) {
|
|
status = x917_prng_init(x917_prng.rand);
|
|
if (status)
|
|
return status;
|
|
}
|
|
x917_prng.octet_count += len;
|
|
|
|
/* find out the time */
|
|
t = (uint32_t)time(NULL);
|
|
|
|
/* loop until we have output enough data */
|
|
for (i=0; i < len/16; i++) {
|
|
|
|
/* exor time into state */
|
|
x917_prng.state.v32[0] ^= t;
|
|
|
|
/* copy state into buffer */
|
|
v128_copy(&buffer, &x917_prng.state);
|
|
|
|
/* apply aes to buffer */
|
|
aes_encrypt(&buffer, &x917_prng.key);
|
|
|
|
/* write data to output */
|
|
*dest++ = buffer.v8[0];
|
|
*dest++ = buffer.v8[1];
|
|
*dest++ = buffer.v8[2];
|
|
*dest++ = buffer.v8[3];
|
|
*dest++ = buffer.v8[4];
|
|
*dest++ = buffer.v8[5];
|
|
*dest++ = buffer.v8[6];
|
|
*dest++ = buffer.v8[7];
|
|
*dest++ = buffer.v8[8];
|
|
*dest++ = buffer.v8[9];
|
|
*dest++ = buffer.v8[10];
|
|
*dest++ = buffer.v8[11];
|
|
*dest++ = buffer.v8[12];
|
|
*dest++ = buffer.v8[13];
|
|
*dest++ = buffer.v8[14];
|
|
*dest++ = buffer.v8[15];
|
|
|
|
/* exor time into buffer */
|
|
buffer.v32[0] ^= t;
|
|
|
|
/* encrypt buffer */
|
|
aes_encrypt(&buffer, &x917_prng.key);
|
|
|
|
/* copy buffer into state */
|
|
v128_copy(&x917_prng.state, &buffer);
|
|
|
|
}
|
|
|
|
/* if we need to output any more octets, we'll do so now */
|
|
tail_len = len % 16;
|
|
if (tail_len) {
|
|
|
|
/* exor time into state */
|
|
x917_prng.state.v32[0] ^= t;
|
|
|
|
/* copy value into buffer */
|
|
v128_copy(&buffer, &x917_prng.state);
|
|
|
|
/* apply aes to buffer */
|
|
aes_encrypt(&buffer, &x917_prng.key);
|
|
|
|
/* write data to output */
|
|
for (i=0; i < tail_len; i++) {
|
|
*dest++ = buffer.v8[i];
|
|
}
|
|
|
|
/* now update the state one more time */
|
|
|
|
/* exor time into buffer */
|
|
buffer.v32[0] ^= t;
|
|
|
|
/* encrypt buffer */
|
|
aes_encrypt(&buffer, &x917_prng.key);
|
|
|
|
/* copy buffer into state */
|
|
v128_copy(&x917_prng.state, &buffer);
|
|
|
|
}
|
|
|
|
return err_status_ok;
|
|
}
|
|
|
|
err_status_t
|
|
x917_prng_deinit(void) {
|
|
|
|
return err_status_ok;
|
|
}
|