1*4840a75dSapb /* $NetBSD: rnd_keys.c,v 1.2 2014/03/27 16:26:22 apb Exp $ */
249d46fa3Schristos
349d46fa3Schristos #include "des_locl.h"
449d46fa3Schristos #include <sys/time.h>
549d46fa3Schristos #include <sys/types.h>
649d46fa3Schristos
749d46fa3Schristos #include <fcntl.h>
849d46fa3Schristos #include <unistd.h>
949d46fa3Schristos
1049d46fa3Schristos #include <sha1.h>
1149d46fa3Schristos
1249d46fa3Schristos void
des_set_random_generator_seed(des_cblock * seed)1349d46fa3Schristos des_set_random_generator_seed(des_cblock *seed)
1449d46fa3Schristos {
1549d46fa3Schristos
1649d46fa3Schristos des_random_seed(seed);
1749d46fa3Schristos }
1849d46fa3Schristos
1949d46fa3Schristos /*
2049d46fa3Schristos * Generate a sequence of random des keys
2149d46fa3Schristos * using the random block sequence, fixup
2249d46fa3Schristos * parity and skip weak keys.
2349d46fa3Schristos */
2449d46fa3Schristos int
des_new_random_key(des_cblock * key)2549d46fa3Schristos des_new_random_key(des_cblock *key)
2649d46fa3Schristos {
2749d46fa3Schristos int urandom;
2849d46fa3Schristos
2949d46fa3Schristos again:
3049d46fa3Schristos urandom = open("/dev/urandom", O_RDONLY);
3149d46fa3Schristos
3249d46fa3Schristos if (urandom < 0)
3349d46fa3Schristos des_random_key(key);
3449d46fa3Schristos else {
3549d46fa3Schristos if (read(urandom, key,
3649d46fa3Schristos sizeof(des_cblock)) != sizeof(des_cblock)) {
3749d46fa3Schristos close(urandom);
3849d46fa3Schristos des_random_key(key);
3949d46fa3Schristos } else
4049d46fa3Schristos close(urandom);
4149d46fa3Schristos }
4249d46fa3Schristos
4349d46fa3Schristos /* random key must have odd parity and not be weak */
4449d46fa3Schristos des_set_odd_parity(key);
4549d46fa3Schristos if (des_is_weak_key(key))
4649d46fa3Schristos goto again;
4749d46fa3Schristos
4849d46fa3Schristos return (0);
4949d46fa3Schristos }
5049d46fa3Schristos
5149d46fa3Schristos /*
5249d46fa3Schristos * des_init_random_number_generator:
5349d46fa3Schristos *
5449d46fa3Schristos * This routine takes a secret key possibly shared by a number of servers
5549d46fa3Schristos * and uses it to generate a random number stream that is not shared by
5649d46fa3Schristos * any of the other servers. It does this by using the current process id,
5749d46fa3Schristos * host id, and the current time to the nearest second. The resulting
5849d46fa3Schristos * stream seed is not useful information for cracking the secret key.
5949d46fa3Schristos * Moreover, this routine keeps no copy of the secret key.
6049d46fa3Schristos */
6149d46fa3Schristos void
des_init_random_number_generator(des_cblock * seed)6249d46fa3Schristos des_init_random_number_generator(des_cblock *seed)
6349d46fa3Schristos {
6449d46fa3Schristos u_int64_t seed_q;
6549d46fa3Schristos des_cblock seed_new;
6649d46fa3Schristos SHA1_CTX sha;
6749d46fa3Schristos
6849d46fa3Schristos u_char results[20];
6949d46fa3Schristos char hname[64], accum[512];
7049d46fa3Schristos
7149d46fa3Schristos struct timeval when;
7249d46fa3Schristos
7349d46fa3Schristos SHA1Init(&sha);
7449d46fa3Schristos
75*4840a75dSapb gethostname(hname, sizeof(hname) - 1);
7649d46fa3Schristos gettimeofday(&when, NULL);
7749d46fa3Schristos
7849d46fa3Schristos memcpy(&seed_q, seed, sizeof(seed_q));
7949d46fa3Schristos
8049d46fa3Schristos snprintf(accum, sizeof(accum), "%ld%ld%d%s%d%lld",
8149d46fa3Schristos when.tv_sec, when.tv_usec, getpid(), hname, getuid(),
8249d46fa3Schristos (long long) seed_q);
8349d46fa3Schristos
8449d46fa3Schristos SHA1Update(&sha, (u_char *) accum, strlen(accum));
8549d46fa3Schristos
8649d46fa3Schristos memset(accum, 0, sizeof(accum));
8749d46fa3Schristos
8849d46fa3Schristos SHA1Final(results, &sha);
8949d46fa3Schristos
9049d46fa3Schristos memcpy(seed_new, results, sizeof(seed_new));
9149d46fa3Schristos des_random_seed(&seed_new);
9249d46fa3Schristos
9349d46fa3Schristos memset(seed_new, 0, sizeof(seed_new));
9449d46fa3Schristos memset(results, 0, sizeof(results));
9549d46fa3Schristos }
96