211 lines
6.1 KiB
C
211 lines
6.1 KiB
C
/*
|
|
* $Source: /usr/src/kerberosIV/des/RCS/new_rnd_key.c,v $
|
|
* $Author: bostic $
|
|
*
|
|
* Copyright 1988 by the Massachusetts Institute of Technology.
|
|
*
|
|
* For copying and distribution information, please see the file
|
|
* <mit-copyright.h>.
|
|
*
|
|
* New pseudo-random key generator, using DES encryption to make the
|
|
* pseudo-random cycle as hard to break as DES.
|
|
*
|
|
* Written by Mark Lillibridge, MIT Project Athena
|
|
*
|
|
* Under U.S. law, this software may not be exported outside the US
|
|
* without license from the U.S. Commerce department.
|
|
*/
|
|
|
|
#ifndef lint
|
|
static char rcsid_new_rnd_key_c[] =
|
|
"$Header: /usr/src/kerberosIV/des/RCS/new_rnd_key.c,v 4.2 91/02/25 15:14:22 bostic Exp $";
|
|
#endif lint
|
|
|
|
#include <mit-copyright.h>
|
|
|
|
#include <des.h>
|
|
#include "des_internal.h"
|
|
|
|
extern void des_fixup_key_parity();
|
|
extern int des_is_weak_key();
|
|
|
|
void des_set_random_generator_seed(), des_set_sequence_number();
|
|
void des_generate_random_block();
|
|
|
|
/*
|
|
* des_new_random_key: create a random des key
|
|
*
|
|
* Requires: des_set_random_number_generater_seed must be at called least
|
|
* once before this routine is called.
|
|
*
|
|
* Notes: the returned key has correct parity and is guarenteed not
|
|
* to be a weak des key. Des_generate_random_block is used to
|
|
* provide the random bits.
|
|
*/
|
|
int
|
|
des_new_random_key(key)
|
|
des_cblock key;
|
|
{
|
|
do {
|
|
des_generate_random_block(key);
|
|
des_fixup_key_parity(key);
|
|
} while (des_is_weak_key(key));
|
|
|
|
return(0);
|
|
}
|
|
|
|
/*
|
|
* des_init_random_number_generator:
|
|
*
|
|
* This routine takes a secret key possibly shared by a number
|
|
* of servers and uses it to generate a random number stream that is
|
|
* not shared by any of the other servers. It does this by using the current
|
|
* process id, host id, and the current time to the nearest second. The
|
|
* resulting stream seed is not useful information for cracking the secret
|
|
* key. Moreover, this routine keeps no copy of the secret key.
|
|
* This routine is used for example, by the kerberos server(s) with the
|
|
* key in question being the kerberos master key.
|
|
*
|
|
* Note: this routine calls des_set_random_generator_seed.
|
|
*/
|
|
#ifndef BSDUNIX
|
|
you lose... (aka, you get to implement an analog of this for your
|
|
system...)
|
|
#else
|
|
|
|
#include <sys/time.h>
|
|
|
|
void des_init_random_number_generator(key)
|
|
des_cblock key;
|
|
{
|
|
struct { /* This must be 64 bits exactly */
|
|
long process_id;
|
|
long host_id;
|
|
} seed;
|
|
struct timeval time; /* this must also be 64 bits exactly */
|
|
des_cblock new_key;
|
|
long gethostid();
|
|
|
|
/*
|
|
* use a host id and process id in generating the seed to ensure
|
|
* that different servers have different streams:
|
|
*/
|
|
seed.host_id = gethostid();
|
|
seed.process_id = getpid();
|
|
|
|
/*
|
|
* Generate a tempory value that depends on the key, host_id, and
|
|
* process_id such that it gives no useful information about the key:
|
|
*/
|
|
des_set_random_generator_seed(key);
|
|
des_set_sequence_number((unsigned char *)&seed);
|
|
des_new_random_key(new_key);
|
|
|
|
/*
|
|
* use it to select a random stream:
|
|
*/
|
|
des_set_random_generator_seed(new_key);
|
|
|
|
/*
|
|
* use a time stamp to ensure that a server started later does not reuse
|
|
* an old stream:
|
|
*/
|
|
gettimeofday(&time, (struct timezone *)0);
|
|
des_set_sequence_number((unsigned char *)&time);
|
|
|
|
/*
|
|
* use the time stamp finally to select the final seed using the
|
|
* current random number stream:
|
|
*/
|
|
des_new_random_key(new_key);
|
|
des_set_random_generator_seed(new_key);
|
|
}
|
|
|
|
#endif /* ifdef BSDUNIX */
|
|
|
|
/*
|
|
* This module implements a random number generator faculty such that the next
|
|
* number in any random number stream is very hard to predict without knowing
|
|
* the seed for that stream even given the preceeding random numbers.
|
|
*/
|
|
|
|
/*
|
|
* The secret des key schedule for the current stream of random numbers:
|
|
*/
|
|
static des_key_schedule random_sequence_key;
|
|
|
|
/*
|
|
* The sequence # in the current stream of random numbers:
|
|
*/
|
|
static unsigned char sequence_number[8];
|
|
|
|
/*
|
|
* des_set_random_generator_seed: this routine is used to select a random
|
|
* number stream. The stream that results is
|
|
* totally determined by the passed in key.
|
|
* (I.e., calling this routine again with the
|
|
* same key allows repeating a sequence of
|
|
* random numbers)
|
|
*
|
|
* Requires: key is a valid des key. I.e., has correct parity and is not a
|
|
* weak des key.
|
|
*/
|
|
void
|
|
des_set_random_generator_seed(key)
|
|
des_cblock key;
|
|
{
|
|
register int i;
|
|
|
|
/* select the new stream: (note errors are not possible here...) */
|
|
des_key_sched(key, random_sequence_key);
|
|
|
|
/* "seek" to the start of the stream: */
|
|
for (i=0; i<8; i++)
|
|
sequence_number[i] = 0;
|
|
}
|
|
|
|
/*
|
|
* des_set_sequence_number: this routine is used to set the sequence number
|
|
* of the current random number stream. This routine
|
|
* may be used to "seek" within the current random
|
|
* number stream.
|
|
*
|
|
* Note that des_set_random_generator_seed resets the sequence number to 0.
|
|
*/
|
|
void
|
|
des_set_sequence_number(new_sequence_number)
|
|
des_cblock new_sequence_number;
|
|
{
|
|
bcopy((char *)new_sequence_number, (char *)sequence_number,
|
|
sizeof(sequence_number));
|
|
}
|
|
|
|
/*
|
|
* des_generate_random_block: routine to return the next random number
|
|
* from the current random number stream.
|
|
* The returned number is 64 bits long.
|
|
*
|
|
* Requires: des_set_random_generator_seed must have been called at least once
|
|
* before this routine is called.
|
|
*/
|
|
void des_generate_random_block(block)
|
|
des_cblock block;
|
|
{
|
|
int i;
|
|
|
|
/*
|
|
* Encrypt the sequence number to get the new random block:
|
|
*/
|
|
des_ecb_encrypt(sequence_number, block, random_sequence_key, 1);
|
|
|
|
/*
|
|
* Increment the sequence number as an 8 byte unsigned number with wrap:
|
|
* (using LSB here)
|
|
*/
|
|
for (i=0; i<8; i++) {
|
|
sequence_number[i] = (sequence_number[i] + 1) & 0xff;
|
|
if (sequence_number[i])
|
|
break;
|
|
}
|
|
}
|