2 * Copyright (c) 1996, David Mazieres <dm@uun.org>
3 * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 * Arc4 random number generator for OpenBSD.
21 * This code is derived from section 17.1 of Applied Cryptography,
22 * second edition, which describes a stream cipher allegedly
23 * compatible with RSA Labs "RC4" cipher (the actual description of
24 * which is a trade secret). The same algorithm is used as a stream
25 * cipher called "arcfour" in Tatu Ylonen's ssh package.
27 * RC4 is a registered trademark of RSA Laboratories.
31 #include "CryptographicallyRandomNumber.h"
33 #include "OSRandomSource.h"
34 #include "StdLibExtras.h"
35 #include "ThreadingPrimitives.h"
39 #if USE(OS_RANDOMNESS)
52 class ARC4RandomNumberGenerator {
54 ARC4RandomNumberGenerator();
56 uint32_t randomNumber();
57 void randomValues(void* buffer, size_t length);
60 inline void addRandomData(unsigned char *data, int length);
63 inline uint8_t getByte();
64 inline uint32_t getWord();
71 ARC4Stream::ARC4Stream()
73 for (int n = 0; n < 256; n++)
79 ARC4RandomNumberGenerator::ARC4RandomNumberGenerator()
84 void ARC4RandomNumberGenerator::addRandomData(unsigned char* data, int length)
87 for (int n = 0; n < 256; n++) {
89 uint8_t si = m_stream.s[m_stream.i];
90 m_stream.j += si + data[n % length];
91 m_stream.s[m_stream.i] = m_stream.s[m_stream.j];
92 m_stream.s[m_stream.j] = si;
94 m_stream.j = m_stream.i;
97 void ARC4RandomNumberGenerator::stir()
99 unsigned char randomness[128];
100 size_t length = sizeof(randomness);
101 cryptographicallyRandomValuesFromOS(randomness, length);
102 addRandomData(randomness, length);
104 // Discard early keystream, as per recommendations in:
105 // http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps
106 for (int i = 0; i < 256; i++)
111 void ARC4RandomNumberGenerator::stirIfNeeded()
117 uint8_t ARC4RandomNumberGenerator::getByte()
120 uint8_t si = m_stream.s[m_stream.i];
122 uint8_t sj = m_stream.s[m_stream.j];
123 m_stream.s[m_stream.i] = sj;
124 m_stream.s[m_stream.j] = si;
125 return (m_stream.s[(si + sj) & 0xff]);
128 uint32_t ARC4RandomNumberGenerator::getWord()
131 val = getByte() << 24;
132 val |= getByte() << 16;
133 val |= getByte() << 8;
138 uint32_t ARC4RandomNumberGenerator::randomNumber()
140 MutexLocker locker(m_mutex);
147 void ARC4RandomNumberGenerator::randomValues(void* buffer, size_t length)
149 MutexLocker locker(m_mutex);
151 unsigned char* result = reinterpret_cast<unsigned char*>(buffer);
156 result[length] = getByte();
160 ARC4RandomNumberGenerator& sharedRandomNumberGenerator()
162 DEFINE_STATIC_LOCAL(ARC4RandomNumberGenerator, randomNumberGenerator, ());
163 return randomNumberGenerator;
168 uint32_t cryptographicallyRandomNumber()
170 return sharedRandomNumberGenerator().randomNumber();
173 void cryptographicallyRandomValues(void* buffer, size_t length)
175 sharedRandomNumberGenerator().randomValues(buffer, length);