2 * Copyright 1988 by the Massachusetts Institute of Technology.
4 * For copying and distribution information, please see the file
7 * New pseudo-random key generator, using DES encryption to make the
8 * pseudo-random cycle as hard to break as DES.
10 * Written by Mark Lillibridge, MIT Project Athena
12 * Under U.S. law, this software may not be exported outside the US
13 * without license from the U.S. Commerce department.
16 #include "mit-cpyright.h"
18 #include <afsconfig.h>
19 #include <afs/param.h>
26 #include "des_internal.h"
27 #include "des_prototypes.h"
29 #ifdef AFS_PTHREAD_ENV
40 static afs_int32 des_set_sequence_number(des_cblock new_sequence_number);
41 static afs_int32 des_generate_random_block(des_cblock block);
43 #define XPRT_NEW_RND_KEY
45 static int is_inited = 0;
46 #ifdef AFS_PTHREAD_ENV
48 * This mutex protects the following global variables:
53 pthread_mutex_t des_init_mutex
54 #ifdef PTHREAD_MUTEX_INITIALIZER
55 = PTHREAD_MUTEX_INITIALIZER
58 #define LOCK_INIT assert(pthread_mutex_lock(&des_init_mutex)==0)
59 #define UNLOCK_INIT assert(pthread_mutex_unlock(&des_init_mutex)==0)
65 * des_random_key: create a random des key
67 * You should call des_set_random_number_generater_seed at least
68 * once before this routine is called. If you haven't, I'll try
69 * to add a little randomness to the start point anyway. Yes,
70 * it recurses. Deal with it.
72 * Notes: the returned key has correct parity and is guarenteed not
73 * to be a weak des key. Des_generate_random_block is used to
74 * provide the random bits.
77 des_random_key(des_cblock key)
81 des_init_random_number_generator(key);
85 des_generate_random_block(key);
86 des_fixup_key_parity(key);
87 } while (des_is_weak_key(key));
93 * des_init_random_number_generator:
95 * This routine takes a secret key possibly shared by a number
96 * of servers and uses it to generate a random number stream that is
97 * not shared by any of the other servers. It does this by using the current
98 * process id, host id, and the current time to the nearest second. The
99 * resulting stream seed is not useful information for cracking the secret
100 * key. Moreover, this routine keeps no copy of the secret key.
101 * This routine is used for example, by the kerberos server(s) with the
102 * key in question being the kerberos master key.
104 * Note: this routine calls des_set_random_generator_seed.
106 #if !defined(BSDUNIX) && !defined(AFS_SGI_ENV) && !defined(AFS_NT40_ENV) && !defined(AFS_LINUX20_ENV) && !defined(AFS_DARWIN_ENV)
107 you lose ... (aka, you get to implement an analog of this for your system ...)
111 #include <winsock2.h>
113 #include <afs/afsutil.h>
115 #include <sys/time.h>
120 des_init_random_number_generator(des_cblock key)
122 struct { /* This must be 64 bits exactly */
123 afs_int32 process_id;
126 struct timeval time; /* this must also be 64 bits exactly */
131 * use a host id and process id in generating the seed to ensure
132 * that different servers have different streams:
134 #if !defined(AFS_HPUX_ENV) && !defined(AFS_NT40_ENV)
135 seed.host_id = gethostid();
137 seed.process_id = getpid();
140 * Generate a tempory value that depends on the key, host_id, and
141 * process_id such that it gives no useful information about the key:
143 des_set_random_generator_seed(key);
144 des_set_sequence_number((unsigned char *)&seed);
145 des_random_key(new_key);
148 * use it to select a random stream:
150 des_set_random_generator_seed(new_key);
153 * use a time stamp to ensure that a server started later does not reuse
156 gettimeofday(&time, NULL);
157 des_set_sequence_number((unsigned char *)&time);
160 * use the time stamp finally to select the final seed using the
161 * current random number stream:
163 des_random_key(new_key);
164 des_set_random_generator_seed(new_key);
167 #endif /* ifdef BSDUNIX */
170 * This module implements a random number generator faculty such that the next
171 * number in any random number stream is very hard to predict without knowing
172 * the seed for that stream even given the preceeding random numbers.
176 * The secret des key schedule for the current stream of random numbers:
181 } random_sequence_key;
184 * The sequence # in the current stream of random numbers:
186 static unsigned char sequence_number[8];
188 #ifdef AFS_PTHREAD_ENV
190 * This mutex protects the following global variables:
191 * random_sequence_key
196 pthread_mutex_t des_random_mutex
197 #ifdef PTHREAD_MUTEX_INITIALIZER
198 = PTHREAD_MUTEX_INITIALIZER
201 #define LOCK_RANDOM assert(pthread_mutex_lock(&des_random_mutex)==0)
202 #define UNLOCK_RANDOM assert(pthread_mutex_unlock(&des_random_mutex)==0)
205 #define UNLOCK_RANDOM
209 * des_set_random_generator_seed: this routine is used to select a random
210 * number stream. The stream that results is
211 * totally determined by the passed in key.
212 * (I.e., calling this routine again with the
213 * same key allows repeating a sequence of
216 * Requires: key is a valid des key. I.e., has correct parity and is not a
220 des_set_random_generator_seed(des_cblock key)
224 /* select the new stream: (note errors are not possible here...) */
226 des_key_sched(key, random_sequence_key.d);
228 /* "seek" to the start of the stream: */
229 for (i = 0; i < 8; i++)
230 sequence_number[i] = 0;
235 * des_set_sequence_number: this routine is used to set the sequence number
236 * of the current random number stream. This routine
237 * may be used to "seek" within the current random
240 * Note that des_set_random_generator_seed resets the sequence number to 0.
243 des_set_sequence_number(des_cblock new_sequence_number)
246 memcpy((char *)sequence_number, (char *)new_sequence_number,
247 sizeof(sequence_number));
253 * des_generate_random_block: routine to return the next random number
254 * from the current random number stream.
255 * The returned number is 64 bits long.
257 * Requires: des_set_random_generator_seed must have been called at least once
258 * before this routine is called.
261 des_generate_random_block(des_cblock block)
266 * Encrypt the sequence number to get the new random block:
269 des_ecb_encrypt(sequence_number, block, random_sequence_key.d, 1);
272 * Increment the sequence number as an 8 byte unsigned number with wrap:
275 for (i = 0; i < 8; i++) {
276 sequence_number[i] = (sequence_number[i] + 1) & 0xff;
277 if (sequence_number[i])