1 /* $MirOS: contrib/code/Snippets/arc4random.c,v 1.2 2007/09/09 22:14:04 tg Exp $ */
4 * Arc4 random number generator for OpenBSD.
5 * Copyright 1996 David Mazieres <dm@lcs.mit.edu>.
7 * Modification and redistribution in source and binary forms is
8 * permitted provided that due credit is given to the author and the
9 * OpenBSD project by leaving this copyright notice intact.
13 * This code is derived from section 17.1 of Applied Cryptography,
14 * second edition, which describes a stream cipher allegedly
15 * compatible with RSA Labs "RC4" cipher (the actual description of
16 * which is a trade secret). The same algorithm is used as a stream
17 * cipher called "arcfour" in Tatu Ylonen's ssh package.
19 * Here the stream cipher has been modified always to include the time
20 * when initializing the state. That makes it impossible to
21 * regenerate the same random sequence twice, so this can't be used
22 * for encryption, but will generate good random numbers.
24 * RC4 is a registered trademark of RSA Laboratories.
28 * Modified by Robert Connolly from OpenBSD lib/libc/crypt/arc4random.c v1.11.
29 * This is arc4random(3) using urandom.
32 #include <sys/param.h>
33 #include <sys/types.h>
36 #include <sys/sysctl.h>
52 static int rs_initialized;
53 static struct arc4_stream rs;
54 static pid_t arc4_stir_pid;
56 static uint8_t arc4_getbyte(struct arc4_stream *);
58 u_int32_t arc4random(void);
59 void arc4random_addrandom(u_char *, int);
60 void arc4random_stir(void);
63 arc4_init(struct arc4_stream *as)
67 for (n = 0; n < 256; n++)
74 arc4_addrandom(struct arc4_stream *as, u_char *dat, int datlen)
80 for (n = 0; n < 256; n++) {
83 as->j = (as->j + si + dat[n % datlen]);
84 as->s[as->i] = as->s[as->j];
91 arc4_stir(struct arc4_stream *as)
96 u_int rnd[(128 - sizeof(struct timeval)) / sizeof(u_int)];
99 gettimeofday(&rdat.tv, NULL);
101 /* /dev/urandom is a multithread interface, sysctl is not. */
102 /* Try to use /dev/urandom before sysctl. */
103 fd = open("/dev/urandom", O_RDONLY);
105 read(fd, rdat.rnd, sizeof(rdat.rnd));
108 /* /dev/urandom failed? Maybe we're in a chroot. */
109 //#if defined(CTL_KERN) && defined(KERN_RANDOM) && defined(RANDOM_UUID)
110 #ifdef _LINUX_SYSCTL_H
111 /* XXX this is for Linux, which uses enums */
117 mib[1] = KERN_RANDOM;
118 mib[2] = RANDOM_UUID;
120 for (i = 0; i < sizeof(rdat.rnd) / sizeof(u_int); i ++) {
122 if (sysctl(mib, 3, &rdat.rnd[i], &len, NULL, 0) == -1) {
123 fprintf(stderr, "warning: no entropy source\n");
128 /* XXX kFreeBSD doesn't seem to have KERN_ARND or so */
133 arc4_stir_pid = getpid();
135 * Time to give up. If no entropy could be found then we will just
138 arc4_addrandom(as, (void *)&rdat, sizeof(rdat));
141 * Discard early keystream, as per recommendations in:
142 * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps
143 * We discard 256 words. A long word is 4 bytes.
145 for (n = 0; n < 256 * 4; n ++)
150 arc4_getbyte(struct arc4_stream *as)
156 as->j = (as->j + si);
160 return (as->s[(si + sj) & 0xff]);
164 arc4_getword(struct arc4_stream *as)
167 val = arc4_getbyte(as) << 24;
168 val |= arc4_getbyte(as) << 16;
169 val |= arc4_getbyte(as) << 8;
170 val |= arc4_getbyte(as);
175 arc4random_stir(void)
177 if (!rs_initialized) {
185 arc4random_addrandom(u_char *dat, int datlen)
189 arc4_addrandom(&rs, dat, datlen);
195 if (!rs_initialized || arc4_stir_pid != getpid())
197 return arc4_getword(&rs);