2 * Copyright 1988 by the Massachusetts Institute of Technology.
4 * For copying and distribution information, please see the file
7 * New pseudo-random key generator, using DES encryption to make the
8 * pseudo-random cycle as hard to break as DES.
10 * Written by Mark Lillibridge, MIT Project Athena
12 * Under U.S. law, this software may not be exported outside the US
13 * without license from the U.S. Commerce department.
16 #include <mit-cpyright.h>
18 #include <afs/param.h>
19 #ifdef AFS_PTHREAD_ENV
24 #include "des_internal.h"
27 extern void des_fixup_key_parity();
28 extern int des_is_weak_key();
29 extern int des_ecb_encrypt();
30 extern int des_key_sched();
32 void des_set_random_generator_seed();
33 static afs_int32 des_set_sequence_number(des_cblock new_sequence_number);
34 static afs_int32 des_generate_random_block(des_cblock block);
36 #define XPRT_NEW_RND_KEY
38 static int is_inited = 0;
39 #ifdef AFS_PTHREAD_ENV
41 * This mutex protects the following global variables:
46 pthread_mutex_t des_init_mutex;
47 #define LOCK_INIT assert(pthread_mutex_lock(&des_init_mutex)==0);
48 #define UNLOCK_INIT assert(pthread_mutex_unlock(&des_init_mutex)==0);
54 * des_random_key: create a random des key
56 * You should call des_set_random_number_generater_seed at least
57 * once before this routine is called. If you haven't, I'll try
58 * to add a little randomness to the start point anyway. Yes,
59 * it recurses. Deal with it.
61 * Notes: the returned key has correct parity and is guarenteed not
62 * to be a weak des key. Des_generate_random_block is used to
63 * provide the random bits.
71 void des_init_random_number_generator();
72 des_init_random_number_generator(key);
77 des_generate_random_block(key);
78 des_fixup_key_parity(key);
79 } while (des_is_weak_key(key));
85 * des_init_random_number_generator:
87 * This routine takes a secret key possibly shared by a number
88 * of servers and uses it to generate a random number stream that is
89 * not shared by any of the other servers. It does this by using the current
90 * process id, host id, and the current time to the nearest second. The
91 * resulting stream seed is not useful information for cracking the secret
92 * key. Moreover, this routine keeps no copy of the secret key.
93 * This routine is used for example, by the kerberos server(s) with the
94 * key in question being the kerberos master key.
96 * Note: this routine calls des_set_random_generator_seed.
98 #if !defined(BSDUNIX) && !defined(AFS_SGI_ENV) && !defined(AFS_NT40_ENV) && !defined(AFS_LINUX20_ENV) && !defined(AFS_DARWIN_ENV) && !defined(AFS_DJGPP_ENV)
99 you lose... (aka, you get to implement an analog of this for your
104 #include <winsock2.h>
106 #include <afs/afsutil.h>
108 #include <sys/time.h>
112 void des_init_random_number_generator(key)
115 struct { /* This must be 64 bits exactly */
116 afs_int32 process_id;
119 struct timeval time; /* this must also be 64 bits exactly */
124 * use a host id and process id in generating the seed to ensure
125 * that different servers have different streams:
127 #if !defined(AFS_HPUX_ENV) && !defined(AFS_NT40_ENV) && !defined(AFS_DJGPP_ENV)
128 seed.host_id = gethostid();
130 seed.process_id = getpid();
133 * Generate a tempory value that depends on the key, host_id, and
134 * process_id such that it gives no useful information about the key:
136 des_set_random_generator_seed(key);
137 des_set_sequence_number((unsigned char *)&seed);
138 des_random_key(new_key);
141 * use it to select a random stream:
143 des_set_random_generator_seed(new_key);
146 * use a time stamp to ensure that a server started later does not reuse
149 gettimeofday(&time, (struct timezone *)0);
150 des_set_sequence_number((unsigned char *)&time);
153 * use the time stamp finally to select the final seed using the
154 * current random number stream:
156 des_random_key(new_key);
157 des_set_random_generator_seed(new_key);
160 #endif /* ifdef BSDUNIX */
163 * This module implements a random number generator faculty such that the next
164 * number in any random number stream is very hard to predict without knowing
165 * the seed for that stream even given the preceeding random numbers.
169 * The secret des key schedule for the current stream of random numbers:
174 } random_sequence_key;
177 * The sequence # in the current stream of random numbers:
179 static unsigned char sequence_number[8];
181 #ifdef AFS_PTHREAD_ENV
183 * This mutex protects the following global variables:
184 * random_sequence_key
189 pthread_mutex_t des_random_mutex;
190 #define LOCK_RANDOM assert(pthread_mutex_lock(&des_random_mutex)==0);
191 #define UNLOCK_RANDOM assert(pthread_mutex_unlock(&des_random_mutex)==0);
194 #define UNLOCK_RANDOM
198 * des_set_random_generator_seed: this routine is used to select a random
199 * number stream. The stream that results is
200 * totally determined by the passed in key.
201 * (I.e., calling this routine again with the
202 * same key allows repeating a sequence of
205 * Requires: key is a valid des key. I.e., has correct parity and is not a
209 des_set_random_generator_seed(key)
214 /* select the new stream: (note errors are not possible here...) */
216 des_key_sched(key, random_sequence_key.d);
218 /* "seek" to the start of the stream: */
220 sequence_number[i] = 0;
225 * des_set_sequence_number: this routine is used to set the sequence number
226 * of the current random number stream. This routine
227 * may be used to "seek" within the current random
230 * Note that des_set_random_generator_seed resets the sequence number to 0.
233 des_set_sequence_number(des_cblock new_sequence_number)
236 bcopy((char *)new_sequence_number, (char *)sequence_number,
237 sizeof(sequence_number));
243 * des_generate_random_block: routine to return the next random number
244 * from the current random number stream.
245 * The returned number is 64 bits long.
247 * Requires: des_set_random_generator_seed must have been called at least once
248 * before this routine is called.
251 des_generate_random_block(des_cblock block)
256 rxkad_stats.des_randoms++;
260 * Encrypt the sequence number to get the new random block:
263 des_ecb_encrypt(sequence_number, block, random_sequence_key.d, 1);
266 * Increment the sequence number as an 8 byte unsigned number with wrap:
269 for (i=0; i<8; i++) {
270 sequence_number[i] = (sequence_number[i] + 1) & 0xff;
271 if (sequence_number[i])