1*49d46fa3Schristos /* $NetBSD: ornd_keys.c,v 1.1 2009/07/19 23:30:58 christos Exp $ */
2*49d46fa3Schristos
3*49d46fa3Schristos #include "des_locl.h"
4*49d46fa3Schristos #include <sys/time.h>
5*49d46fa3Schristos #include <sys/types.h>
6*49d46fa3Schristos
7*49d46fa3Schristos #include <fcntl.h>
8*49d46fa3Schristos #include <unistd.h>
9*49d46fa3Schristos
10*49d46fa3Schristos #include <sha1.h>
11*49d46fa3Schristos
12*49d46fa3Schristos void
des_set_random_generator_seed(des_cblock * seed)13*49d46fa3Schristos des_set_random_generator_seed(des_cblock *seed)
14*49d46fa3Schristos {
15*49d46fa3Schristos
16*49d46fa3Schristos des_random_seed(seed);
17*49d46fa3Schristos }
18*49d46fa3Schristos
19*49d46fa3Schristos /*
20*49d46fa3Schristos * Generate a sequence of random des keys
21*49d46fa3Schristos * using the random block sequence, fixup
22*49d46fa3Schristos * parity and skip weak keys.
23*49d46fa3Schristos */
24*49d46fa3Schristos int
des_new_random_key(des_cblock * key)25*49d46fa3Schristos des_new_random_key(des_cblock *key)
26*49d46fa3Schristos {
27*49d46fa3Schristos int urandom;
28*49d46fa3Schristos
29*49d46fa3Schristos again:
30*49d46fa3Schristos urandom = open("/dev/urandom", O_RDONLY);
31*49d46fa3Schristos
32*49d46fa3Schristos if (urandom < 0)
33*49d46fa3Schristos des_random_key(key);
34*49d46fa3Schristos else {
35*49d46fa3Schristos if (read(urandom, key,
36*49d46fa3Schristos sizeof(des_cblock)) != sizeof(des_cblock)) {
37*49d46fa3Schristos close(urandom);
38*49d46fa3Schristos des_random_key(key);
39*49d46fa3Schristos } else
40*49d46fa3Schristos close(urandom);
41*49d46fa3Schristos }
42*49d46fa3Schristos
43*49d46fa3Schristos /* random key must have odd parity and not be weak */
44*49d46fa3Schristos des_set_odd_parity(key);
45*49d46fa3Schristos if (des_is_weak_key(key))
46*49d46fa3Schristos goto again;
47*49d46fa3Schristos
48*49d46fa3Schristos return (0);
49*49d46fa3Schristos }
50*49d46fa3Schristos
51*49d46fa3Schristos /*
52*49d46fa3Schristos * des_init_random_number_generator:
53*49d46fa3Schristos *
54*49d46fa3Schristos * This routine takes a secret key possibly shared by a number of servers
55*49d46fa3Schristos * and uses it to generate a random number stream that is not shared by
56*49d46fa3Schristos * any of the other servers. It does this by using the current process id,
57*49d46fa3Schristos * host id, and the current time to the nearest second. The resulting
58*49d46fa3Schristos * stream seed is not useful information for cracking the secret key.
59*49d46fa3Schristos * Moreover, this routine keeps no copy of the secret key.
60*49d46fa3Schristos */
61*49d46fa3Schristos void
des_init_random_number_generator(des_cblock * seed)62*49d46fa3Schristos des_init_random_number_generator(des_cblock *seed)
63*49d46fa3Schristos {
64*49d46fa3Schristos u_int64_t seed_q;
65*49d46fa3Schristos des_cblock seed_new;
66*49d46fa3Schristos SHA1_CTX sha;
67*49d46fa3Schristos
68*49d46fa3Schristos u_char results[20];
69*49d46fa3Schristos char hname[64], accum[512];
70*49d46fa3Schristos
71*49d46fa3Schristos struct timeval when;
72*49d46fa3Schristos
73*49d46fa3Schristos SHA1Init(&sha);
74*49d46fa3Schristos
75*49d46fa3Schristos gethostname(hname, sizeof(hname) - 1);
76*49d46fa3Schristos gettimeofday(&when, NULL);
77*49d46fa3Schristos
78*49d46fa3Schristos memcpy(&seed_q, seed, sizeof(seed_q));
79*49d46fa3Schristos
80*49d46fa3Schristos snprintf(accum, sizeof(accum), "%lld%ld%d%s%d%lld",
81*49d46fa3Schristos (long long)when.tv_sec, (long)when.tv_usec, getpid(), hname,
82*49d46fa3Schristos getuid(), (long long)seed_q);
83*49d46fa3Schristos
84*49d46fa3Schristos SHA1Update(&sha, (u_char *) accum, strlen(accum));
85*49d46fa3Schristos
86*49d46fa3Schristos memset(accum, 0, sizeof(accum));
87*49d46fa3Schristos
88*49d46fa3Schristos SHA1Final(results, &sha);
89*49d46fa3Schristos
90*49d46fa3Schristos memcpy(seed_new, results, sizeof(seed_new));
91*49d46fa3Schristos des_random_seed(&seed_new);
92*49d46fa3Schristos
93*49d46fa3Schristos memset(seed_new, 0, sizeof(seed_new));
94*49d46fa3Schristos memset(results, 0, sizeof(results));
95*49d46fa3Schristos }
96