diff options
Diffstat (limited to 'netwerk/srtp/src/crypto/rng')
-rw-r--r-- | netwerk/srtp/src/crypto/rng/ctr_prng.c | 108 | ||||
-rw-r--r-- | netwerk/srtp/src/crypto/rng/prng.c | 180 | ||||
-rw-r--r-- | netwerk/srtp/src/crypto/rng/rand_linux_kernel.c | 65 | ||||
-rw-r--r-- | netwerk/srtp/src/crypto/rng/rand_source.c | 158 |
4 files changed, 511 insertions, 0 deletions
diff --git a/netwerk/srtp/src/crypto/rng/ctr_prng.c b/netwerk/srtp/src/crypto/rng/ctr_prng.c new file mode 100644 index 000000000..41d46a8f5 --- /dev/null +++ b/netwerk/srtp/src/crypto/rng/ctr_prng.c @@ -0,0 +1,108 @@ +/* + * ctr_prng.c + * + * counter mode based pseudorandom source + * + * David A. McGrew + * Cisco Systems, Inc. + */ +/* + * + * Copyright(c) 2001-2006 Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#include "prng.h" + +/* single, global prng structure */ + +ctr_prng_t ctr_prng; + +err_status_t +ctr_prng_init(rand_source_func_t random_source) { + uint8_t tmp_key[32]; + err_status_t status; + + /* initialize output count to zero */ + ctr_prng.octet_count = 0; + + /* set random source */ + ctr_prng.rand = random_source; + + /* initialize secret key from random source */ + status = random_source(tmp_key, 32); + if (status) + return status; + + /* initialize aes ctr context with random key */ + status = aes_icm_context_init(&ctr_prng.state, tmp_key, 30); + if (status) + return status; + + return err_status_ok; +} + +err_status_t +ctr_prng_get_octet_string(void *dest, uint32_t len) { + err_status_t status; + + /* + * if we need to re-initialize the prng, do so now + * + * avoid 32-bit overflows by subtracting instead of adding + */ + if (ctr_prng.octet_count > MAX_PRNG_OUT_LEN - len) { + status = ctr_prng_init(ctr_prng.rand); + if (status) + return status; + } + ctr_prng.octet_count += len; + + /* + * write prng output + */ + status = aes_icm_output(&ctr_prng.state, (uint8_t*)dest, len); + if (status) + return status; + + return err_status_ok; +} + +err_status_t +ctr_prng_deinit(void) { + + /* nothing */ + + return err_status_ok; +} diff --git a/netwerk/srtp/src/crypto/rng/prng.c b/netwerk/srtp/src/crypto/rng/prng.c new file mode 100644 index 000000000..62b5e11d4 --- /dev/null +++ b/netwerk/srtp/src/crypto/rng/prng.c @@ -0,0 +1,180 @@ +/* + * prng.c + * + * pseudorandom source + * + * David A. McGrew + * Cisco Systems, Inc. + */ +/* + * + * Copyright(c) 2001-2006 Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#include "prng.h" + +/* single, global prng structure */ + +x917_prng_t x917_prng; + +err_status_t +x917_prng_init(rand_source_func_t random_source) { + uint8_t tmp_key[16]; + err_status_t status; + + /* initialize output count to zero */ + x917_prng.octet_count = 0; + + /* set random source */ + x917_prng.rand = random_source; + + /* initialize secret key from random source */ + status = random_source(tmp_key, 16); + if (status) + return status; + + /* expand aes key */ + aes_expand_encryption_key(tmp_key, 16, &x917_prng.key); + + /* initialize prng state from random source */ + status = x917_prng.rand((uint8_t *)&x917_prng.state, 16); + if (status) + return status; + + return err_status_ok; +} + +err_status_t +x917_prng_get_octet_string(uint8_t *dest, uint32_t len) { + uint32_t t; + v128_t buffer; + uint32_t i, tail_len; + err_status_t status; + + /* + * if we need to re-initialize the prng, do so now + * + * avoid overflows by subtracting instead of adding + */ + if (x917_prng.octet_count > MAX_PRNG_OUT_LEN - len) { + status = x917_prng_init(x917_prng.rand); + if (status) + return status; + } + x917_prng.octet_count += len; + + /* find out the time */ + t = (uint32_t)time(NULL); + + /* loop until we have output enough data */ + for (i=0; i < len/16; i++) { + + /* exor time into state */ + x917_prng.state.v32[0] ^= t; + + /* copy state into buffer */ + v128_copy(&buffer, &x917_prng.state); + + /* apply aes to buffer */ + aes_encrypt(&buffer, &x917_prng.key); + + /* write data to output */ + *dest++ = buffer.v8[0]; + *dest++ = buffer.v8[1]; + *dest++ = buffer.v8[2]; + *dest++ = buffer.v8[3]; + *dest++ = buffer.v8[4]; + *dest++ = buffer.v8[5]; + *dest++ = buffer.v8[6]; + *dest++ = buffer.v8[7]; + *dest++ = buffer.v8[8]; + *dest++ = buffer.v8[9]; + *dest++ = buffer.v8[10]; + *dest++ = buffer.v8[11]; + *dest++ = buffer.v8[12]; + *dest++ = buffer.v8[13]; + *dest++ = buffer.v8[14]; + *dest++ = buffer.v8[15]; + + /* exor time into buffer */ + buffer.v32[0] ^= t; + + /* encrypt buffer */ + aes_encrypt(&buffer, &x917_prng.key); + + /* copy buffer into state */ + v128_copy(&x917_prng.state, &buffer); + + } + + /* if we need to output any more octets, we'll do so now */ + tail_len = len % 16; + if (tail_len) { + + /* exor time into state */ + x917_prng.state.v32[0] ^= t; + + /* copy value into buffer */ + v128_copy(&buffer, &x917_prng.state); + + /* apply aes to buffer */ + aes_encrypt(&buffer, &x917_prng.key); + + /* write data to output */ + for (i=0; i < tail_len; i++) { + *dest++ = buffer.v8[i]; + } + + /* now update the state one more time */ + + /* exor time into buffer */ + buffer.v32[0] ^= t; + + /* encrypt buffer */ + aes_encrypt(&buffer, &x917_prng.key); + + /* copy buffer into state */ + v128_copy(&x917_prng.state, &buffer); + + } + + return err_status_ok; +} + +err_status_t +x917_prng_deinit(void) { + + return err_status_ok; +} diff --git a/netwerk/srtp/src/crypto/rng/rand_linux_kernel.c b/netwerk/srtp/src/crypto/rng/rand_linux_kernel.c new file mode 100644 index 000000000..c51978e5e --- /dev/null +++ b/netwerk/srtp/src/crypto/rng/rand_linux_kernel.c @@ -0,0 +1,65 @@ +/* + * rand_linux_kernel.c + * + * implements a random source using Linux kernel functions + * + * Marcus Sundberg + * Ingate Systems AB + */ +/* + * + * Copyright(c) 2005 Ingate Systems AB + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the author(s) nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "config.h" +#include "rand_source.h" + + +err_status_t +rand_source_init(void) { + return err_status_ok; +} + +err_status_t +rand_source_get_octet_string(void *dest, uint32_t len) { + + get_random_bytes(dest, len); + + return err_status_ok; +} + +err_status_t +rand_source_deinit(void) { + return err_status_ok; +} diff --git a/netwerk/srtp/src/crypto/rng/rand_source.c b/netwerk/srtp/src/crypto/rng/rand_source.c new file mode 100644 index 000000000..1eb6fbb09 --- /dev/null +++ b/netwerk/srtp/src/crypto/rng/rand_source.c @@ -0,0 +1,158 @@ +/* + * rand_source.c + * + * implements a random source based on /dev/random + * + * David A. McGrew + * Cisco Systems, Inc. + */ +/* + * + * Copyright(c) 2001-2006 Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "config.h" + +#ifdef DEV_URANDOM +# include <fcntl.h> /* for open() */ +# include <unistd.h> /* for close() */ +#elif defined(HAVE_RAND_S) +# define _CRT_RAND_S +# include <stdlib.h> +#else +# include <stdio.h> +#endif + +#include "rand_source.h" + + +/* + * global dev_rand_fdes is file descriptor for /dev/random + * + * This variable is also used to indicate that the random source has + * been initialized. When this variable is set to the value of the + * #define RAND_SOURCE_NOT_READY, it indicates that the random source + * is not ready to be used. The value of the #define + * RAND_SOURCE_READY is for use whenever that variable is used as an + * indicator of the state of the random source, but not as a file + * descriptor. + */ + +#define RAND_SOURCE_NOT_READY (-1) +#define RAND_SOURCE_READY (17) + +static int dev_random_fdes = RAND_SOURCE_NOT_READY; + + +err_status_t +rand_source_init(void) { + if (dev_random_fdes >= 0) { + /* already open */ + return err_status_ok; + } +#ifdef DEV_URANDOM + /* open random source for reading */ + dev_random_fdes = open(DEV_URANDOM, O_RDONLY); + if (dev_random_fdes < 0) + return err_status_init_fail; +#elif defined(HAVE_RAND_S) + dev_random_fdes = RAND_SOURCE_READY; +#else + /* no random source available; let the user know */ + fprintf(stderr, "WARNING: no real random source present!\n"); + dev_random_fdes = RAND_SOURCE_READY; +#endif + return err_status_ok; +} + +err_status_t +rand_source_get_octet_string(void *dest, uint32_t len) { + + /* + * read len octets from /dev/random to dest, and + * check return value to make sure enough octets were + * written + */ +#ifdef DEV_URANDOM + uint8_t *dst = (uint8_t *)dest; + while (len) + { + ssize_t num_read = read(dev_random_fdes, dst, len); + if (num_read <= 0 || num_read > len) + return err_status_fail; + len -= num_read; + dst += num_read; + } +#elif defined(HAVE_RAND_S) + uint8_t *dst = (uint8_t *)dest; + while (len) + { + unsigned int val; + errno_t err = rand_s(&val); + + if (err != 0) + return err_status_fail; + + *dst++ = val & 0xff; + len--; + } +#else + /* Generic C-library (rand()) version */ + /* This is a random source of last resort */ + uint8_t *dst = (uint8_t *)dest; + while (len) + { + int val = rand(); + /* rand() returns 0-32767 (ugh) */ + /* Is this a good enough way to get random bytes? + It is if it passes FIPS-140... */ + *dst++ = val & 0xff; + len--; + } +#endif + return err_status_ok; +} + +err_status_t +rand_source_deinit(void) { + if (dev_random_fdes < 0) + return err_status_dealloc_fail; /* well, we haven't really failed, * + * but there is something wrong */ +#ifdef DEV_URANDOM + close(dev_random_fdes); +#endif + dev_random_fdes = RAND_SOURCE_NOT_READY; + + return err_status_ok; +} |