1*c9496f6bSchristos /* $NetBSD: rnd_keys.c,v 1.1.1.1 2018/02/03 22:43:37 christos Exp $ */
2*c9496f6bSchristos
3*c9496f6bSchristos #include "des_locl.h"
4*c9496f6bSchristos #include <sys/time.h>
5*c9496f6bSchristos #include <sys/types.h>
6*c9496f6bSchristos
7*c9496f6bSchristos #include <fcntl.h>
8*c9496f6bSchristos #include <unistd.h>
9*c9496f6bSchristos
10*c9496f6bSchristos #include <sha1.h>
11*c9496f6bSchristos
12*c9496f6bSchristos void
des_set_random_generator_seed(des_cblock * seed)13*c9496f6bSchristos des_set_random_generator_seed(des_cblock *seed)
14*c9496f6bSchristos {
15*c9496f6bSchristos
16*c9496f6bSchristos des_random_seed(seed);
17*c9496f6bSchristos }
18*c9496f6bSchristos
19*c9496f6bSchristos /*
20*c9496f6bSchristos * Generate a sequence of random des keys
21*c9496f6bSchristos * using the random block sequence, fixup
22*c9496f6bSchristos * parity and skip weak keys.
23*c9496f6bSchristos */
24*c9496f6bSchristos int
des_new_random_key(des_cblock * key)25*c9496f6bSchristos des_new_random_key(des_cblock *key)
26*c9496f6bSchristos {
27*c9496f6bSchristos int urandom;
28*c9496f6bSchristos
29*c9496f6bSchristos again:
30*c9496f6bSchristos urandom = open("/dev/urandom", O_RDONLY);
31*c9496f6bSchristos
32*c9496f6bSchristos if (urandom < 0)
33*c9496f6bSchristos des_random_key(key);
34*c9496f6bSchristos else {
35*c9496f6bSchristos if (read(urandom, key,
36*c9496f6bSchristos sizeof(des_cblock)) != sizeof(des_cblock)) {
37*c9496f6bSchristos close(urandom);
38*c9496f6bSchristos des_random_key(key);
39*c9496f6bSchristos } else
40*c9496f6bSchristos close(urandom);
41*c9496f6bSchristos }
42*c9496f6bSchristos
43*c9496f6bSchristos /* random key must have odd parity and not be weak */
44*c9496f6bSchristos des_set_odd_parity(key);
45*c9496f6bSchristos if (des_is_weak_key(key))
46*c9496f6bSchristos goto again;
47*c9496f6bSchristos
48*c9496f6bSchristos return (0);
49*c9496f6bSchristos }
50*c9496f6bSchristos
51*c9496f6bSchristos /*
52*c9496f6bSchristos * des_init_random_number_generator:
53*c9496f6bSchristos *
54*c9496f6bSchristos * This routine takes a secret key possibly shared by a number of servers
55*c9496f6bSchristos * and uses it to generate a random number stream that is not shared by
56*c9496f6bSchristos * any of the other servers. It does this by using the current process id,
57*c9496f6bSchristos * host id, and the current time to the nearest second. The resulting
58*c9496f6bSchristos * stream seed is not useful information for cracking the secret key.
59*c9496f6bSchristos * Moreover, this routine keeps no copy of the secret key.
60*c9496f6bSchristos */
61*c9496f6bSchristos void
des_init_random_number_generator(des_cblock * seed)62*c9496f6bSchristos des_init_random_number_generator(des_cblock *seed)
63*c9496f6bSchristos {
64*c9496f6bSchristos u_int64_t seed_q;
65*c9496f6bSchristos des_cblock seed_new;
66*c9496f6bSchristos SHA1_CTX sha;
67*c9496f6bSchristos
68*c9496f6bSchristos u_char results[20];
69*c9496f6bSchristos char hname[64], accum[512];
70*c9496f6bSchristos
71*c9496f6bSchristos struct timeval when;
72*c9496f6bSchristos
73*c9496f6bSchristos SHA1Init(&sha);
74*c9496f6bSchristos
75*c9496f6bSchristos gethostname(hname, sizeof(hname) - 1);
76*c9496f6bSchristos gettimeofday(&when, NULL);
77*c9496f6bSchristos
78*c9496f6bSchristos memcpy(&seed_q, seed, sizeof(seed_q));
79*c9496f6bSchristos
80*c9496f6bSchristos snprintf(accum, sizeof(accum), "%ld%ld%d%s%d%lld",
81*c9496f6bSchristos when.tv_sec, when.tv_usec, getpid(), hname, getuid(),
82*c9496f6bSchristos (long long) seed_q);
83*c9496f6bSchristos
84*c9496f6bSchristos SHA1Update(&sha, (u_char *) accum, strlen(accum));
85*c9496f6bSchristos
86*c9496f6bSchristos memset(accum, 0, sizeof(accum));
87*c9496f6bSchristos
88*c9496f6bSchristos SHA1Final(results, &sha);
89*c9496f6bSchristos
90*c9496f6bSchristos memcpy(seed_new, results, sizeof(seed_new));
91*c9496f6bSchristos des_random_seed(&seed_new);
92*c9496f6bSchristos
93*c9496f6bSchristos memset(seed_new, 0, sizeof(seed_new));
94*c9496f6bSchristos memset(results, 0, sizeof(results));
95*c9496f6bSchristos }
96