arc4random.c revision 104900
1/*- 2 * THE BEER-WARE LICENSE 3 * 4 * <dan@FreeBSD.ORG> wrote this file. As long as you retain this notice you 5 * can do whatever you want with this stuff. If we meet some day, and you 6 * think this stuff is worth it, you can buy me a beer in return. 7 * 8 * Dan Moschuk 9 * 10 * $FreeBSD: head/sys/libkern/arc4random.c 104900 2002-10-11 13:13:08Z phk $ 11 */ 12 13#include <sys/types.h> 14#include <sys/random.h> 15#include <sys/libkern.h> 16#include <sys/time.h> 17 18#define ARC4_RESEED_BYTES 65536 19#define ARC4_RESEED_SECONDS 300 20#define ARC4_KEYBYTES (256 / 8) 21 22static u_int8_t arc4_i, arc4_j; 23static int arc4_initialized = 0; 24static int arc4_numruns = 0; 25static u_int8_t arc4_sbox[256]; 26static time_t arc4_t_reseed; 27 28static u_int8_t arc4_randbyte(void); 29 30static __inline void 31arc4_swap(u_int8_t *a, u_int8_t *b) 32{ 33 u_int8_t c; 34 35 c = *a; 36 *a = *b; 37 *b = c; 38} 39 40/* 41 * Stir our S-box. 42 */ 43static void 44arc4_randomstir (void) 45{ 46 u_int8_t key[256]; 47 int r, n; 48 struct timeval tv_now; 49 50 /* 51 * XXX read_random() returns unsafe numbers if the entropy 52 * device is not loaded -- MarkM. 53 */ 54 r = read_random(key, ARC4_KEYBYTES); 55 /* If r == 0 || -1, just use what was on the stack. */ 56 if (r > 0) { 57 for (n = r; n < sizeof(key); n++) 58 key[n] = key[n % r]; 59 } 60 61 for (n = 0; n < 256; n++) { 62 arc4_j = (arc4_j + arc4_sbox[n] + key[n]) % 256; 63 arc4_swap(&arc4_sbox[n], &arc4_sbox[arc4_j]); 64 } 65 66 /* Reset for next reseed cycle. */ 67 getmicrouptime(&tv_now); 68 arc4_t_reseed = tv_now.tv_sec + ARC4_RESEED_SECONDS; 69 arc4_numruns = 0; 70} 71 72/* 73 * Initialize our S-box to its beginning defaults. 74 */ 75static void 76arc4_init(void) 77{ 78 int n; 79 80 arc4_i = arc4_j = 0; 81 for (n = 0; n < 256; n++) 82 arc4_sbox[n] = (u_int8_t) n; 83 84 arc4_randomstir(); 85 arc4_initialized = 1; 86 87 /* 88 * Throw away the first N words of output, as suggested in the 89 * paper "Weaknesses in the Key Scheduling Algorithm of RC4" 90 * by Fluher, Mantin, and Shamir. (N = 256 in our case.) 91 */ 92 for (n = 0; n < 256*4; n++) 93 arc4_randbyte(); 94} 95 96/* 97 * Generate a random byte. 98 */ 99static u_int8_t 100arc4_randbyte(void) 101{ 102 u_int8_t arc4_t; 103 104 arc4_i = (arc4_i + 1) % 256; 105 arc4_j = (arc4_j + arc4_sbox[arc4_i]) % 256; 106 107 arc4_swap(&arc4_sbox[arc4_i], &arc4_sbox[arc4_j]); 108 109 arc4_t = (arc4_sbox[arc4_i] + arc4_sbox[arc4_j]) % 256; 110 return arc4_sbox[arc4_t]; 111} 112 113void 114arc4rand(void *ptr, u_int len, int reseed) 115{ 116 u_char *p; 117 struct timeval tv; 118 119 /* Initialize array if needed. */ 120 if (!arc4_initialized) 121 arc4_init(); 122 123 getmicrouptime(&tv); 124 arc4_numruns += len; 125 if (reseed || 126 (arc4_numruns > ARC4_RESEED_BYTES) || 127 (tv.tv_sec > arc4_t_reseed)) 128 arc4_randomstir(); 129 130 p = ptr; 131 while (len--) 132 *p++ = arc4_randbyte(); 133} 134 135uint32_t 136arc4random(void) 137{ 138 uint32_t ret; 139 140 arc4rand(&ret, sizeof ret, 0); 141 return ret; 142} 143