1 /* $$$: arc4random.c 2005/02/08 robert */
2 /* $NetBSD: arc4random.c,v 1.5.2.1 2004/03/26 22:52:50 jmc Exp $ */
3 /* $OpenBSD: arc4random.c,v 1.6 2001/06/05 05:05:38 pvalchev Exp $ */
6 * Arc4 random number generator for OpenBSD.
7 * Copyright 1996 David Mazieres <dm@lcs.mit.edu>.
9 * Modification and redistribution in source and binary forms is
10 * permitted provided that due credit is given to the author and the
11 * OpenBSD project by leaving this copyright notice intact.
15 * This code is derived from section 17.1 of Applied Cryptography,
16 * second edition, which describes a stream cipher allegedly
17 * compatible with RSA Labs "RC4" cipher (the actual description of
18 * which is a trade secret). The same algorithm is used as a stream
19 * cipher called "arcfour" in Tatu Ylonen's ssh package.
21 * Here the stream cipher has been modified always to include the time
22 * when initializing the state. That makes it impossible to
23 * regenerate the same random sequence twice, so this can't be used
24 * for encryption, but will generate good random numbers.
26 * RC4 is a registered trademark of RSA Laboratories.
33 #include <sys/types.h>
34 #include <sys/param.h>
36 #ifdef __ARC4RANDOM_USE_ERANDOM__
37 #include <sys/sysctl.h>
38 //libc_hidden_proto(sysctl)
41 libc_hidden_proto(open)
42 libc_hidden_proto(read)
43 libc_hidden_proto(close)
44 libc_hidden_proto(gettimeofday)
52 static int rs_initialized;
53 static struct arc4_stream rs;
55 static inline void arc4_init(struct arc4_stream *);
56 static inline void arc4_addrandom(struct arc4_stream *, u_char *, int);
57 static void arc4_stir(struct arc4_stream *);
58 static inline uint8_t arc4_getbyte(struct arc4_stream *);
59 static inline uint32_t arc4_getword(struct arc4_stream *);
63 struct arc4_stream *as;
67 for (n = 0; n < 256; n++)
74 arc4_addrandom(as, dat, datlen)
75 struct arc4_stream *as;
83 for (n = 0; n < 256; n++) {
86 as->j = (as->j + si + dat[n % datlen]);
87 as->s[as->i] = as->s[as->j];
95 struct arc4_stream *as;
100 uint rnd[(128 - sizeof(struct timeval)) / sizeof(uint)];
104 gettimeofday(&rdat.tv, NULL);
105 fd = open("/dev/urandom", O_RDONLY);
107 read(fd, rdat.rnd, sizeof(rdat.rnd));
110 #ifdef __ARC4RANDOM_USE_ERANDOM__
116 /* Device could not be opened, we might be chrooted, take
117 * randomness from sysctl. */
120 mib[1] = KERN_RANDOM;
121 mib[2] = RANDOM_ERANDOM;
123 for (i = 0; i < sizeof(rdat.rnd) / sizeof(uint); i++) {
125 if (sysctl(mib, 3, &rdat.rnd[i], &len, NULL, 0) == -1)
131 arc4_addrandom(as, (void *) &rdat, sizeof(rdat));
134 * Throw away the first N words of output, as suggested in the
135 * paper "Weaknesses in the Key Scheduling Algorithm of RC4"
136 * by Fluher, Mantin, and Shamir.
137 * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps
138 * N = 256 in our case.
140 for (n = 0; n < 256 * 4; n++)
144 static inline uint8_t
146 struct arc4_stream *as;
152 as->j = (as->j + si);
156 return (as->s[(si + sj) & 0xff]);
159 static inline uint32_t
161 struct arc4_stream *as;
164 val = arc4_getbyte(as) << 24;
165 val |= arc4_getbyte(as) << 16;
166 val |= arc4_getbyte(as) << 8;
167 val |= arc4_getbyte(as);
171 libc_hidden_proto(arc4random_stir)
173 arc4random_stir(void)
175 if (!rs_initialized) {
181 libc_hidden_def(arc4random_stir)
184 arc4random_addrandom(u_char *dat, int datlen)
188 arc4_addrandom(&rs, dat, datlen);
196 return arc4_getword(&rs);
200 /*-------- Test code --------*/
206 random_number = arc4random() % 65536;
207 printf("%d\n", random_number);