2 ---------------------------------------------------------------------------
\r
3 Copyright (c) 2002, Dr Brian Gladman < >, Worcester, UK.
\r
8 The free distribution and use of this software in both source and binary
\r
9 form is allowed (with or without changes) provided that:
\r
11 1. distributions of this source code include the above copyright
\r
12 notice, this list of conditions and the following disclaimer;
\r
14 2. distributions in binary form include the above copyright
\r
15 notice, this list of conditions and the following disclaimer
\r
16 in the documentation and/or other associated materials;
\r
18 3. the copyright holder's name is not used to endorse products
\r
19 built using this software without specific written permission.
\r
21 ALTERNATIVELY, provided that this notice is retained in full, this product
\r
22 may be distributed under the terms of the GNU General Public License (GPL),
\r
23 in which case the provisions of the GPL apply INSTEAD OF those given above.
\r
27 This software is provided 'as is' with no explicit or implied warranties
\r
28 in respect of its properties, including, but not limited to, correctness
\r
29 and/or fitness for purpose.
\r
30 ---------------------------------------------------------------------------
\r
31 Issue Date: 24/01/2003
\r
33 This file implements a random data pool based on the use of an external
\r
34 entropy function. It is based on the ideas advocated by Peter Gutmann in
\r
35 his work on pseudo random sequence generators. It is not a 'paranoid'
\r
36 random sequence generator and no attempt is made to protect the pool
\r
37 from prying eyes either by memory locking or by techniques to obscure
\r
38 its location in memory.
\r
45 /* mix a random data pool using the SHA1 compression function (as */
\r
46 /* suggested by Peter Gutmann in his paper on random pools) */
\r
48 static void prng_mix(unsigned char buf[])
\r
49 { unsigned int i, len;
\r
52 /*lint -e{663} unusual array to pointer conversion */
\r
53 for(i = 0; i < PRNG_POOL_SIZE; i += SHA1_DIGEST_SIZE)
\r
55 /* copy digest size pool block into SHA1 hash block */
\r
56 memcpy(ctx->hash, buf + (i ? i : PRNG_POOL_SIZE)
\r
57 - SHA1_DIGEST_SIZE, SHA1_DIGEST_SIZE);
\r
59 /* copy data from pool into the SHA1 data buffer */
\r
60 len = PRNG_POOL_SIZE - i;
\r
61 memcpy(ctx->wbuf, buf + i, (len > SHA1_BLOCK_SIZE ? SHA1_BLOCK_SIZE : len));
\r
63 if(len < SHA1_BLOCK_SIZE)
\r
64 memcpy(((char*)ctx->wbuf) + len, buf, SHA1_BLOCK_SIZE - len);
\r
66 /* compress using the SHA1 compression function */
\r
69 /* put digest size block back into the random pool */
\r
70 memcpy(buf + i, ctx->hash, SHA1_DIGEST_SIZE);
\r
74 /* refresh the output buffer and update the random pool by adding */
\r
75 /* entropy and remixing */
\r
77 static void update_pool(prng_ctx ctx[1])
\r
78 { unsigned int i = 0;
\r
80 /* transfer random pool data to the output buffer */
\r
81 memcpy(ctx->obuf, ctx->rbuf, PRNG_POOL_SIZE);
\r
83 /* enter entropy data into the pool */
\r
84 while(i < PRNG_POOL_SIZE)
\r
85 i += ctx->entropy(ctx->rbuf + i, PRNG_POOL_SIZE - i);
\r
87 /* invert and xor the original pool data into the pool */
\r
88 for(i = 0; i < PRNG_POOL_SIZE; ++i)
\r
89 ctx->rbuf[i] ^= ~ctx->obuf[i];
\r
91 /* mix the pool and the output buffer */
\r
92 prng_mix(ctx->rbuf);
\r
93 prng_mix(ctx->obuf);
\r
96 void prng_init(prng_entropy_fn fun, prng_ctx ctx[1])
\r
99 /* clear the buffers and the counter in the context */
\r
100 memset(ctx, 0, sizeof(prng_ctx));
\r
102 /* set the pointer to the entropy collection function */
\r
103 ctx->entropy = fun;
\r
105 /* initialise the random data pool */
\r
108 /* mix the pool a minimum number of times */
\r
109 for(i = 0; i < PRNG_MIN_MIX; ++i)
\r
110 prng_mix(ctx->rbuf);
\r
112 /* update the pool to prime the pool output buffer */
\r
116 /* provide random bytes from the random data pool */
\r
118 void prng_rand(unsigned char data[], unsigned int data_len, prng_ctx ctx[1])
\r
119 { unsigned char *rp = data;
\r
120 unsigned int len, pos = ctx->pos;
\r
124 /* transfer 'data_len' bytes (or the number of bytes remaining */
\r
125 /* the pool output buffer if less) into the output */
\r
126 len = (data_len < PRNG_POOL_SIZE - pos ? data_len : PRNG_POOL_SIZE - pos);
\r
127 memcpy(rp, ctx->obuf + pos, len);
\r
128 rp += len; /* update ouput buffer position pointer */
\r
129 pos += len; /* update pool output buffer pointer */
\r
130 data_len -= len; /* update the remaining data count */
\r
132 /* refresh the random pool if necessary */
\r
133 if(pos == PRNG_POOL_SIZE)
\r
135 update_pool(ctx); pos = 0;
\r
142 void prng_end(prng_ctx ctx[1])
\r
144 /* ensure the data in the context is destroyed */
\r
145 memset(ctx, 0, sizeof(prng_ctx));
\r