- use %lua_{remove|add}_etc_shells macros

[packages/mksh.git] / arc4random.c

/* $MirOS: contrib/code/Snippets/arc4random.c,v 1.2 2007/09/09 22:14:04 tg Exp $ */

/*-
 * Arc4 random number generator for OpenBSD.
 * Copyright 1996 David Mazieres <dm@lcs.mit.edu>.
 *
 * Modification and redistribution in source and binary forms is
 * permitted provided that due credit is given to the author and the
 * OpenBSD project by leaving this copyright notice intact.
 */

/*-
 * This code is derived from section 17.1 of Applied Cryptography,
 * second edition, which describes a stream cipher allegedly
 * compatible with RSA Labs "RC4" cipher (the actual description of
 * which is a trade secret).  The same algorithm is used as a stream
 * cipher called "arcfour" in Tatu Ylonen's ssh package.
 *
 * Here the stream cipher has been modified always to include the time
 * when initializing the state.  That makes it impossible to
 * regenerate the same random sequence twice, so this can't be used
 * for encryption, but will generate good random numbers.
 *
 * RC4 is a registered trademark of RSA Laboratories.
 */

/*-
 * Modified by Robert Connolly from OpenBSD lib/libc/crypt/arc4random.c v1.11.
 * This is arc4random(3) using urandom.
 */

#include <sys/param.h>
#include <sys/types.h>
#include <sys/time.h>
#if HAVE_SYS_SYSCTL_H
#include <sys/sysctl.h>
#endif
#include <fcntl.h>
#if HAVE_STDINT_H
#include <stdint.h>
#endif
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

struct arc4_stream {
        uint8_t i;
        uint8_t j;
        uint8_t s[256];
};

static int rs_initialized;
static struct arc4_stream rs;
static pid_t arc4_stir_pid;

static uint8_t arc4_getbyte(struct arc4_stream *);

u_int32_t arc4random(void);
void arc4random_addrandom(u_char *, int);
void arc4random_stir(void);

static void
arc4_init(struct arc4_stream *as)
{
        int     n;

        for (n = 0; n < 256; n++)
                as->s[n] = n;
        as->i = 0;
        as->j = 0;
}

static void
arc4_addrandom(struct arc4_stream *as, u_char *dat, int datlen)
{
        int     n;
        uint8_t si;

        as->i--;
        for (n = 0; n < 256; n++) {
                as->i = (as->i + 1);
                si = as->s[as->i];
                as->j = (as->j + si + dat[n % datlen]);
                as->s[as->i] = as->s[as->j];
                as->s[as->j] = si;
        }
        as->j = as->i;
}

static void
arc4_stir(struct arc4_stream *as)
{
        int     n, fd;
        struct {
                struct timeval tv;
                u_int rnd[(128 - sizeof(struct timeval)) / sizeof(u_int)];
        }       rdat;

        gettimeofday(&rdat.tv, NULL);

        /* /dev/urandom is a multithread interface, sysctl is not. */
        /* Try to use /dev/urandom before sysctl. */
        fd = open("/dev/urandom", O_RDONLY);
        if (fd != -1) {
                read(fd, rdat.rnd, sizeof(rdat.rnd));
                close(fd);
        } else {
                /* /dev/urandom failed? Maybe we're in a chroot. */
//#if defined(CTL_KERN) && defined(KERN_RANDOM) && defined(RANDOM_UUID)
#ifdef _LINUX_SYSCTL_H
                /* XXX this is for Linux, which uses enums */

                int mib[3];
                size_t i, len;

                mib[0] = CTL_KERN;
                mib[1] = KERN_RANDOM;
                mib[2] = RANDOM_UUID;

                for (i = 0; i < sizeof(rdat.rnd) / sizeof(u_int); i ++) {
                        len = sizeof(u_int);
                        if (sysctl(mib, 3, &rdat.rnd[i], &len, NULL, 0) == -1) {
                                fprintf(stderr, "warning: no entropy source\n");
                                break;
                        }
                }
#else
                /* XXX kFreeBSD doesn't seem to have KERN_ARND or so */
                ;
#endif
        }

        arc4_stir_pid = getpid();
        /*
         * Time to give up. If no entropy could be found then we will just
         * use gettimeofday.
         */
        arc4_addrandom(as, (void *)&rdat, sizeof(rdat));

        /*
         * Discard early keystream, as per recommendations in:
         * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps
         * We discard 256 words. A long word is 4 bytes.
         */
        for (n = 0; n < 256 * 4; n ++)
                arc4_getbyte(as);
}

static uint8_t
arc4_getbyte(struct arc4_stream *as)
{
        uint8_t si, sj;

        as->i = (as->i + 1);
        si = as->s[as->i];
        as->j = (as->j + si);
        sj = as->s[as->j];
        as->s[as->i] = sj;
        as->s[as->j] = si;
        return (as->s[(si + sj) & 0xff]);
}

static uint32_t
arc4_getword(struct arc4_stream *as)
{
        uint32_t val;
        val = arc4_getbyte(as) << 24;
        val |= arc4_getbyte(as) << 16;
        val |= arc4_getbyte(as) << 8;
        val |= arc4_getbyte(as);
        return val;
}

void
arc4random_stir(void)
{
        if (!rs_initialized) {
                arc4_init(&rs);
                rs_initialized = 1;
        }
        arc4_stir(&rs);
}

void
arc4random_addrandom(u_char *dat, int datlen)
{
        if (!rs_initialized)
                arc4random_stir();
        arc4_addrandom(&rs, dat, datlen);
}

u_int32_t
arc4random(void)
{
        if (!rs_initialized || arc4_stir_pid != getpid())
                arc4random_stir();
        return arc4_getword(&rs);
}