Files
itgmania212121/extern/crypto/CryptRand.cpp
T
Jason Felds f941519e87 [sm130futures] Move the crypto stuff over.
This right now isn't used by us, but just in case...
2011-05-04 23:42:14 -04:00

242 lines
6.6 KiB
C++

/*
* cryptographic random number generator for PuTTY's ssh client
*/
#include "global.h"
#include "CryptSHA.h"
#include "CryptRand.h"
void noise_get_heavy(void (*func) (void *, int));
void noise_get_light(void (*func) (void *, int));
/*
* `pool' itself is a pool of random data which we actually use: we
* return bytes from `pool', at position `poolpos', until `poolpos'
* reaches the end of the pool. At this point we generate more
* random data, by adding noise, stirring well, and resetting
* `poolpos' to point to just past the beginning of the pool (not
* _the_ beginning, since otherwise we'd give away the whole
* contents of our pool, and attackers would just have to guess the
* next lot of noise).
*
* `incomingb' buffers acquired noise data, until it gets full, at
* which point the acquired noise is SHA'ed into `incoming' and
* `incomingb' is cleared. The noise in `incoming' is used as part
* of the noise for each stirring of the pool, in addition to local
* time, process listings, and other such stuff.
*/
#define HASHINPUT 64 /* 64 bytes SHA input */
#define HASHSIZE 20 /* 160 bits SHA output */
#define POOLSIZE 1200 /* size of random pool */
struct RandPool
{
unsigned char pool[POOLSIZE];
int poolpos;
unsigned char incoming[HASHSIZE];
unsigned char incomingb[HASHINPUT];
int incomingpos;
};
static struct RandPool pool;
bool random_active = false;
static void random_stir(void)
{
unsigned block[HASHINPUT / sizeof(unsigned)];
unsigned digest[HASHSIZE / sizeof(unsigned)];
int i, j;
SHATransform((unsigned *) pool.incoming, (unsigned *) pool.incomingb);
pool.incomingpos = 0;
/*
* Chunks of this code are blatantly endianness-dependent, but
* as it's all random bits anyway, WHO CARES?
*/
memcpy(digest, pool.incoming, sizeof(digest));
/*
* Make two passes over the pool.
*/
for (i = 0; i < 2; i++) {
/*
* We operate SHA in CFB mode, repeatedly adding the same
* block of data to the digest. But we're also fiddling
* with the digest-so-far, so this shouldn't be Bad or
* anything.
*/
memcpy(block, pool.pool, sizeof(block));
/*
* Each pass processes the pool backwards in blocks of
* HASHSIZE, just so that in general we get the output of
* SHA before the corresponding input, in the hope that
* things will be that much less predictable that way
* round, when we subsequently return bytes ...
*/
for (j = POOLSIZE; (j -= HASHSIZE) >= 0;) {
/*
* XOR the bit of the pool we're processing into the
* digest.
*/
unsigned k;
for (k = 0; k < sizeof(digest) / sizeof(*digest); k++)
digest[k] ^= ((unsigned *) (pool.pool + j))[k];
/*
* Munge our unrevealed first block of the pool into
* it.
*/
SHATransform(digest, block);
/*
* Stick the result back into the pool.
*/
for( k = 0; k < sizeof(digest) / sizeof(*digest); k++ )
((unsigned *) (pool.pool + j))[k] = digest[k];
}
}
/*
* Might as well save this value back into `incoming', just so
* there'll be some extra bizarreness there.
*/
SHATransform(digest, block);
memcpy(pool.incoming, digest, sizeof(digest));
pool.poolpos = sizeof(pool.incoming);
}
void random_add_noise( const RString &noise )
{
unsigned char *p = (unsigned char *) noise.data();
int i;
if (!random_active)
return;
/*
* This function processes HASHINPUT bytes into only HASHSIZE
* bytes, so _if_ we were getting incredibly high entropy
* sources then we would be throwing away valuable stuff.
*/
int length = noise.size();
while (length >= (HASHINPUT - pool.incomingpos)) {
memcpy(pool.incomingb + pool.incomingpos, p,
HASHINPUT - pool.incomingpos);
p += HASHINPUT - pool.incomingpos;
length -= HASHINPUT - pool.incomingpos;
SHATransform((unsigned *) pool.incoming, (unsigned *) pool.incomingb);
for (i = 0; i < HASHSIZE; i++) {
pool.pool[pool.poolpos++] ^= pool.incomingb[i];
if (pool.poolpos >= POOLSIZE)
pool.poolpos = 0;
}
if (pool.poolpos < HASHSIZE)
random_stir();
pool.incomingpos = 0;
}
memcpy(pool.incomingb + pool.incomingpos, p, length);
pool.incomingpos += length;
}
void random_add_heavynoise(void *noise, int length)
{
unsigned char *p = (unsigned char *) noise;
int i;
while (length >= POOLSIZE) {
for (i = 0; i < POOLSIZE; i++)
pool.pool[i] ^= *p++;
random_stir();
length -= POOLSIZE;
}
for (i = 0; i < length; i++)
pool.pool[i] ^= *p++;
random_stir();
}
static void random_add_heavynoise_bitbybit(void *noise, int length)
{
unsigned char *p = (unsigned char *) noise;
int i;
while (length >= POOLSIZE - pool.poolpos) {
for (i = 0; i < POOLSIZE - pool.poolpos; i++)
pool.pool[pool.poolpos + i] ^= *p++;
random_stir();
length -= POOLSIZE - pool.poolpos;
pool.poolpos = 0;
}
for (i = 0; i < length; i++)
pool.pool[i] ^= *p++;
pool.poolpos = i;
}
void random_init(void)
{
if( random_active )
return;
random_active = true;
memset(&pool, 0, sizeof(pool)); /* just to start with */
noise_get_heavy(random_add_heavynoise_bitbybit);
random_stir();
}
unsigned char random_byte(void)
{
if (pool.poolpos >= POOLSIZE)
random_stir();
return pool.pool[pool.poolpos++];
}
void random_get_savedata(char **data, int *len)
{
char *buf = new char[POOLSIZE / 2];
random_stir();
memcpy(buf, pool.pool + pool.poolpos, POOLSIZE / 2);
*len = POOLSIZE / 2;
*data = buf;
random_stir();
}
/*
* PuTTY is copyright 1997-2001 Simon Tatham.
*
* Portions copyright Robert de Bath, Joris van Rantwijk, Delian
* Delchev, Andreas Schultz, Jeroen Massar, Wez Furlong, Nicolas Barry,
* Justin Bradford, and CORE SDI S.A.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation files
* (the "Software"), to deal in the Software without restriction,
* including without limitation the rights to use, copy, modify, merge,
* publish, distribute, sublicense, and/or sell copies of the Software,
* and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE COPYRIGHT HOLDERS BE LIABLE
* FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
* CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/