OpenWrt – Blame information for rev 1
?pathlinks?
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 1 | office | 1 | /* |
| 2 | * Physically random numbers (very nearly uniform) |
||
| 3 | * D. P. Mitchell |
||
| 4 | * Modified by Matt Blaze 7/95 |
||
| 5 | */ |
||
| 6 | /* |
||
| 7 | * The authors of this software are Don Mitchell and Matt Blaze. |
||
| 8 | * Copyright (c) 1995 by AT&T. |
||
| 9 | * Permission to use, copy, and modify this software without fee |
||
| 10 | * is hereby granted, provided that this entire notice is included in |
||
| 11 | * all copies of any software which is or includes a copy or |
||
| 12 | * modification of this software and in all copies of the supporting |
||
| 13 | * documentation for such software. |
||
| 14 | * |
||
| 15 | * This software may be subject to United States export controls. |
||
| 16 | * |
||
| 17 | * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR IMPLIED |
||
| 18 | * WARRANTY. IN PARTICULAR, NEITHER THE AUTHORS NOR AT&T MAKE ANY |
||
| 19 | * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE MERCHANTABILITY |
||
| 20 | * OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR PURPOSE. |
||
| 21 | */ |
||
| 22 | |||
| 23 | /* |
||
| 24 | * WARNING: depending on the particular platform, raw_truerand() |
||
| 25 | * output may be biased or correlated. In general, you can expect |
||
| 26 | * about 16 bits of "pseudo-entropy" out of each 32 bit word returned |
||
| 27 | * by truerand(), but it may not be uniformly diffused. You should |
||
| 28 | * raw_therefore run the output through some post-whitening function |
||
| 29 | * (like MD5 or DES or whatever) before using it to generate key |
||
| 30 | * material. (RSAREF's random package does this for you when you feed |
||
| 31 | * raw_truerand() bits to the seed input function.) |
||
| 32 | * |
||
| 33 | * The application interface, for 8, 16, and 32 bit properly "whitened" |
||
| 34 | * random numbers, can be found in trand8(), trand16(), and trand32(). |
||
| 35 | * Use those instead of calling raw_truerand() directly. |
||
| 36 | * |
||
| 37 | * The basic idea here is that between clock "skew" and various |
||
| 38 | * hard-to-predict OS event arrivals, counting a tight loop will yield |
||
| 39 | * a little (maybe a third of a bit or so) of "good" randomness per |
||
| 40 | * interval clock tick. This seems to work well even on unloaded |
||
| 41 | * machines. If there is a human operator at the machine, you should |
||
| 42 | * augment truerand with other measure, like keyboard event timing. |
||
| 43 | * On server machines (e.g., when you need to generate a |
||
| 44 | * Diffie-Hellman secret) truerand alone may be good enough. |
||
| 45 | * |
||
| 46 | * Test these assumptions on your own platform before fielding a |
||
| 47 | * system based on this software or these techniques. |
||
| 48 | * |
||
| 49 | * This software seems to work well (at 10 or so bits per |
||
| 50 | * raw_truerand() call) on a Sun Sparc-20 under SunOS 4.1.3 and on a |
||
| 51 | * P100 under BSDI 2.0. You're on your own elsewhere. |
||
| 52 | * |
||
| 53 | */ |
||
| 54 | |||
| 55 | #include "t_defines.h" |
||
| 56 | |||
| 57 | #include <signal.h> |
||
| 58 | #include <setjmp.h> |
||
| 59 | #include <sys/time.h> |
||
| 60 | #include <math.h> |
||
| 61 | #include <stdio.h> |
||
| 62 | |||
| 63 | #ifdef OLD_TRUERAND |
||
| 64 | static jmp_buf env; |
||
| 65 | #endif |
||
| 66 | static unsigned volatile count |
||
| 67 | #ifndef OLD_TRUERAND |
||
| 68 | , done = 0 |
||
| 69 | #endif |
||
| 70 | ; |
||
| 71 | |||
| 72 | static unsigned ocount; |
||
| 73 | static unsigned buffer; |
||
| 74 | |||
| 75 | static void |
||
| 76 | tick() |
||
| 77 | { |
||
| 78 | struct itimerval it, oit; |
||
| 79 | |||
| 80 | it.it_interval.tv_sec = 0; |
||
| 81 | it.it_interval.tv_usec = 0; |
||
| 82 | it.it_value.tv_sec = 0; |
||
| 83 | it.it_value.tv_usec = 16665; |
||
| 84 | if (setitimer(ITIMER_REAL, &it, &oit) < 0) |
||
| 85 | perror("tick"); |
||
| 86 | } |
||
| 87 | |||
| 88 | static void |
||
| 89 | interrupt() |
||
| 90 | { |
||
| 91 | if (count) { |
||
| 92 | #ifdef OLD_TRUERAND |
||
| 93 | longjmp(env, 1); |
||
| 94 | #else |
||
| 95 | ++done; |
||
| 96 | return; |
||
| 97 | #endif |
||
| 98 | } |
||
| 99 | |||
| 100 | (void) signal(SIGALRM, interrupt); |
||
| 101 | tick(); |
||
| 102 | } |
||
| 103 | |||
| 104 | static unsigned long |
||
| 105 | roulette() |
||
| 106 | { |
||
| 107 | #ifdef OLD_TRUERAND |
||
| 108 | if (setjmp(env)) { |
||
| 109 | count ^= (count>>3) ^ (count>>6) ^ ocount; |
||
| 110 | count &= 0x7; |
||
| 111 | ocount=count; |
||
| 112 | buffer = (buffer<<3) ^ count; |
||
| 113 | return buffer; |
||
| 114 | } |
||
| 115 | #else |
||
| 116 | done = 0; |
||
| 117 | #endif |
||
| 118 | (void) signal(SIGALRM, interrupt); |
||
| 119 | count = 0; |
||
| 120 | tick(); |
||
| 121 | #ifdef OLD_TRUERAND |
||
| 122 | for (;;) |
||
| 123 | #else |
||
| 124 | while(done == 0) |
||
| 125 | #endif |
||
| 126 | count++; /* about 1 MHz on VAX 11/780 */ |
||
| 127 | #ifndef OLD_TRUERAND |
||
| 128 | count ^= (count>>3) ^ (count>>6) ^ ocount; |
||
| 129 | count &= 0x7; |
||
| 130 | ocount=count; |
||
| 131 | buffer = (buffer<<3) ^ count; |
||
| 132 | return buffer; |
||
| 133 | #endif |
||
| 134 | } |
||
| 135 | |||
| 136 | unsigned long |
||
| 137 | raw_truerand() |
||
| 138 | { |
||
| 139 | count=0; |
||
| 140 | (void) roulette(); |
||
| 141 | (void) roulette(); |
||
| 142 | (void) roulette(); |
||
| 143 | (void) roulette(); |
||
| 144 | (void) roulette(); |
||
| 145 | (void) roulette(); |
||
| 146 | (void) roulette(); |
||
| 147 | (void) roulette(); |
||
| 148 | (void) roulette(); |
||
| 149 | (void) roulette(); |
||
| 150 | return roulette(); |
||
| 151 | } |