2 * Copyright 1988 by the Massachusetts Institute of Technology.
4 * For copying and distribution information, please see the file
7 * New pseudo-random key generator, using DES encryption to make the
8 * pseudo-random cycle as hard to break as DES.
10 * Written by Mark Lillibridge, MIT Project Athena
12 * Under U.S. law, this software may not be exported outside the US
13 * without license from the U.S. Commerce department.
16 #include <mit-cpyright.h>
18 #include <afs/param.h>
19 #ifdef AFS_PTHREAD_ENV
23 #include "des_internal.h"
26 extern void des_fixup_key_parity();
27 extern int des_is_weak_key();
29 void des_set_random_generator_seed();
30 static afs_int32 des_set_sequence_number(des_cblock new_sequence_number);
31 static afs_int32 des_generate_random_block(des_cblock block);
33 #define XPRT_NEW_RND_KEY
34 #include "../permit_xprt.h"
36 static int is_inited = 0;
37 #ifdef AFS_PTHREAD_ENV
39 * This mutex protects the following global variables:
44 pthread_mutex_t des_init_mutex;
45 #define LOCK_INIT assert(pthread_mutex_lock(&des_init_mutex)==0);
46 #define UNLOCK_INIT assert(pthread_mutex_unlock(&des_init_mutex)==0);
52 * des_random_key: create a random des key
54 * You should call des_set_random_number_generater_seed at least
55 * once before this routine is called. If you haven't, I'll try
56 * to add a little randomness to the start point anyway. Yes,
57 * it recurses. Deal with it.
59 * Notes: the returned key has correct parity and is guarenteed not
60 * to be a weak des key. Des_generate_random_block is used to
61 * provide the random bits.
69 void des_init_random_number_generator();
70 des_init_random_number_generator(key);
75 des_generate_random_block(key);
76 des_fixup_key_parity(key);
77 } while (des_is_weak_key(key));
83 * des_init_random_number_generator:
85 * This routine takes a secret key possibly shared by a number
86 * of servers and uses it to generate a random number stream that is
87 * not shared by any of the other servers. It does this by using the current
88 * process id, host id, and the current time to the nearest second. The
89 * resulting stream seed is not useful information for cracking the secret
90 * key. Moreover, this routine keeps no copy of the secret key.
91 * This routine is used for example, by the kerberos server(s) with the
92 * key in question being the kerberos master key.
94 * Note: this routine calls des_set_random_generator_seed.
96 #if !defined(BSDUNIX) && !defined(AFS_SGI_ENV) && !defined(AFS_NT40_ENV) && !defined(AFS_LINUX20_ENV) && !defined(AFS_DARWIN_ENV)
97 you lose... (aka, you get to implement an analog of this for your
102 #include <winsock2.h>
104 #include <afs/afsutil.h>
106 #include <sys/time.h>
109 void des_init_random_number_generator(key)
112 struct { /* This must be 64 bits exactly */
113 afs_int32 process_id;
116 struct timeval time; /* this must also be 64 bits exactly */
121 * use a host id and process id in generating the seed to ensure
122 * that different servers have different streams:
124 #if !defined(AFS_HPUX_ENV) && !defined(AFS_NT40_ENV)
125 seed.host_id = gethostid();
127 seed.process_id = getpid();
130 * Generate a tempory value that depends on the key, host_id, and
131 * process_id such that it gives no useful information about the key:
133 des_set_random_generator_seed(key);
134 des_set_sequence_number((unsigned char *)&seed);
135 des_random_key(new_key);
138 * use it to select a random stream:
140 des_set_random_generator_seed(new_key);
143 * use a time stamp to ensure that a server started later does not reuse
146 gettimeofday(&time, (struct timezone *)0);
147 des_set_sequence_number((unsigned char *)&time);
150 * use the time stamp finally to select the final seed using the
151 * current random number stream:
153 des_random_key(new_key);
154 des_set_random_generator_seed(new_key);
157 #endif /* ifdef BSDUNIX */
160 * This module implements a random number generator faculty such that the next
161 * number in any random number stream is very hard to predict without knowing
162 * the seed for that stream even given the preceeding random numbers.
166 * The secret des key schedule for the current stream of random numbers:
171 } random_sequence_key;
174 * The sequence # in the current stream of random numbers:
176 static unsigned char sequence_number[8];
178 #ifdef AFS_PTHREAD_ENV
180 * This mutex protects the following global variables:
181 * random_sequence_key
186 pthread_mutex_t des_random_mutex;
187 #define LOCK_RANDOM assert(pthread_mutex_lock(&des_random_mutex)==0);
188 #define UNLOCK_RANDOM assert(pthread_mutex_unlock(&des_random_mutex)==0);
191 #define UNLOCK_RANDOM
195 * des_set_random_generator_seed: this routine is used to select a random
196 * number stream. The stream that results is
197 * totally determined by the passed in key.
198 * (I.e., calling this routine again with the
199 * same key allows repeating a sequence of
202 * Requires: key is a valid des key. I.e., has correct parity and is not a
206 des_set_random_generator_seed(key)
211 /* select the new stream: (note errors are not possible here...) */
213 des_key_sched(key, random_sequence_key.d);
215 /* "seek" to the start of the stream: */
217 sequence_number[i] = 0;
222 * des_set_sequence_number: this routine is used to set the sequence number
223 * of the current random number stream. This routine
224 * may be used to "seek" within the current random
227 * Note that des_set_random_generator_seed resets the sequence number to 0.
230 des_set_sequence_number(des_cblock new_sequence_number)
233 bcopy((char *)new_sequence_number, (char *)sequence_number,
234 sizeof(sequence_number));
240 * des_generate_random_block: routine to return the next random number
241 * from the current random number stream.
242 * The returned number is 64 bits long.
244 * Requires: des_set_random_generator_seed must have been called at least once
245 * before this routine is called.
248 des_generate_random_block(des_cblock block)
253 rxkad_stats.des_randoms++;
257 * Encrypt the sequence number to get the new random block:
260 des_ecb_encrypt(sequence_number, block, random_sequence_key.d, 1);
263 * Increment the sequence number as an 8 byte unsigned number with wrap:
266 for (i=0; i<8; i++) {
267 sequence_number[i] = (sequence_number[i] + 1) & 0xff;
268 if (sequence_number[i])