X-Git-Url: https://git.distorted.org.uk/u/mdw/catacomb/blobdiff_plain/ba6e6b64033b1f9de49feccb5c9cd438354481f7..0f00dc4c8eb47e67bc0f148c2dd109f73a451e0a:/progs/rspit.c diff --git a/progs/rspit.c b/progs/rspit.c new file mode 100644 index 0000000..1819a61 --- /dev/null +++ b/progs/rspit.c @@ -0,0 +1,1400 @@ +/* -*-c-*- + * + * Spit out random numbers + * + * (c) 1999 Straylight/Edgeware + */ + +/*----- Licensing notice --------------------------------------------------* + * + * This file is part of Catacomb. + * + * Catacomb is free software; you can redistribute it and/or modify + * it under the terms of the GNU Library General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + * + * Catacomb is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public + * License along with Catacomb; if not, write to the Free + * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, + * MA 02111-1307, USA. + */ + +/*----- Header files ------------------------------------------------------*/ + +#include "config.h" + +#include +#include +#include +#include +#include +#include +#include +#include + +#ifndef PORTABLE +# include +#endif + +#include +#include +#include +#include +#include +#include + +#include "fipstest.h" +#include "grand.h" +#include "maurer.h" +#include "key.h" + +#include "lcrand.h" +#include "fibrand.h" +#include "rand.h" +#include "noise.h" + +#include "bbs.h" +#include "mprand.h" + +#include "rc4.h" +#include "seal.h" + +#include "des-ofb.h" +#include "des3-ofb.h" +#include "rc2-ofb.h" +#include "rc5-ofb.h" +#include "mars-ofb.h" +#include "skipjack-ofb.h" +#include "tea-ofb.h" +#include "xtea-ofb.h" +#include "blowfish-ofb.h" +#include "twofish-ofb.h" +#include "idea-ofb.h" +#include "cast128-ofb.h" +#include "cast256-ofb.h" +#include "noekeon-ofb.h" +#include "rijndael-ofb.h" +#include "rijndael192-ofb.h" +#include "rijndael256-ofb.h" +#include "safer-ofb.h" +#include "safersk-ofb.h" +#include "square-ofb.h" +#include "serpent-ofb.h" + +#include "des-counter.h" +#include "des3-counter.h" +#include "rc2-counter.h" +#include "rc5-counter.h" +#include "mars-counter.h" +#include "skipjack-counter.h" +#include "tea-counter.h" +#include "xtea-counter.h" +#include "blowfish-counter.h" +#include "twofish-counter.h" +#include "idea-counter.h" +#include "cast128-counter.h" +#include "cast256-counter.h" +#include "noekeon-counter.h" +#include "rijndael-counter.h" +#include "rijndael192-counter.h" +#include "rijndael256-counter.h" +#include "safer-counter.h" +#include "safersk-counter.h" +#include "square-counter.h" +#include "serpent-counter.h" + +#include "md2-mgf.h" +#include "md4-mgf.h" +#include "md5-mgf.h" +#include "sha-mgf.h" +#include "tiger-mgf.h" +#include "rmd128-mgf.h" +#include "rmd160-mgf.h" +#include "rmd256-mgf.h" +#include "rmd320-mgf.h" + +#include "rmd160.h" + +/*----- Data structures ---------------------------------------------------*/ + +typedef struct gen { + const char *name; + grand *(*seed)(unsigned /*i*/); + unsigned i; + const char *help; +} gen; + +extern gen generators[]; + +#define CIPHERS \ + E(DES, des) \ + E(DES3, des3) \ + E(RC2, rc2) \ + E(RC5, rc5) \ + E(MARS, mars) \ + E(SKIPJACK, skipjack) \ + E(TEA, tea) \ + E(XTEA, xtea) \ + E(BLOWFISH, blowfish) \ + E(TWOFISH, twofish) \ + E(IDEA, idea) \ + E(CAST128, cast128) \ + E(CAST256, cast256) \ + E(SQUARE, square) \ + E(SAFER, safer) \ + E(SAFERSK, safersk) \ + E(NOEKEON, noekeon) \ + E(RIJNDAEL, rijndael) \ + E(RIJNDAEL192, rijndael192) \ + E(RIJNDAEL256, rijndael256) \ + E(SERPENT, serpent) + +#define HASHES \ + E(MD2, md2) \ + E(MD4, md4) \ + E(MD5, md5) \ + E(SHA, sha) \ + E(TIGER, tiger) \ + E(RMD128, rmd128) \ + E(RMD160, rmd160) \ + E(RMD256, rmd256) \ + E(RMD320, rmd320) + +#define E(PRE, pre) CIPHER_##PRE, +enum { CIPHERS CIPHER__bogus }; +#undef E + +#define E(PRE, pre) HASH_##PRE, +enum { HASHES HASH__bogus }; +#undef E + +static struct { + const octet *keysz; + size_t blksz; + grand *(*ofb)(const void */*k*/, size_t /*sz*/); + grand *(*counter)(const void */*k*/, size_t /*sz*/); +} ciphertab[] = { +#define E(PRE, pre) \ + { pre##_keysz, PRE##_BLKSZ, pre##_ofbrand, pre##_counterrand }, + CIPHERS +#undef E +}; + +static struct { + const gchash *h; + const octet *keysz; + grand *(*mgf)(const void */*k*/, size_t /*sz*/); +} hashtab[] = { +#define E(PRE, pre) \ + { &pre, pre##_mgfkeysz, pre##_mgfrand }, + HASHES +#undef E +}; + +/*----- Miscellaneous static data -----------------------------------------*/ + +static FILE *outfp; +static size_t outsz = 0; +static unsigned maurer_lo = 5, maurer_hi = 8; + +static int argc; +static char **argv; + +static unsigned flags = 0; + +#define f_progress 1u +#define f_file 2u +#define f_fips 4u +#define f_maurer 8u +#define f_timer 16u +#define f_discard 32u + +/*----- Help options ------------------------------------------------------*/ + +static void usage(FILE *fp) +{ + pquis(fp, "Usage: $ generator [options]\n"); +} + +static void version(FILE *fp) +{ + pquis(fp, "$, Catacomb version " VERSION "\n"); +} + +static void help(FILE *fp) +{ + version(fp); + fputc('\n', fp); + usage(fp); + pquis(fp, "\n\ +Emits a stream of random bytes suitable for, well, all sorts of things.\n\ +The primary objective is to be able to generate streams of input for\n\ +statistical tests, such as Diehard.\n\ +\n\ +Options are specific to the particular generator, although there's a\n\ +common core set:\n\ +\n\ +-h, --help Display this help message.\n\ +-v, --version Display the program's version number.\n\ +-u, --usage Display a useless usage message.\n\ +\n\ +-l, --list Show a list of the supported generators, with\n\ + their options.\n\ +-f, --fipstest Run the FIPS 140-1 randomness test.\n\ +-m, --maurer[=LO-HI] Run Maurer's universal statistical test.\n\ +-o, --output FILE Write output to FILE, not stdout.\n\ +-z, --size SIZE Emit SIZE bytes, not an unlimited number.\n\ +-p, --progress Show a little progress meter (on stderr).\n\ +-T, --timer Keep track of the CPU time used by the generator.\n\ +-d, --discard Discard the generated output.\n\ +\n\ +(A SIZE may be followed by `g' for gigabytes, `m' for megabytes, or\n\ +`k' for kilobytes. If unqualified, an amount in bytes is assumed.)\n\ +"); +} + +/*----- Main options parser -----------------------------------------------*/ + +static struct option opts[] = { + + /* --- Standard GNU help options --- */ + + { "help", 0, 0, 'h' }, + { "version", 0, 0, 'v' }, + { "usage", 0, 0, 'u' }, + + /* --- Other useful things --- */ + + { "list", 0, 0, 'l' }, + { "fipstest", 0, 0, 'f' }, + { "maurer", OPTF_ARGOPT, 0, 'm' }, + { "output", OPTF_ARGREQ, 0, 'o' }, + { "size", OPTF_ARGREQ, 0, 'z' }, + { "progress", 0, 0, 'p' }, + { "timer", 0, 0, 'T' }, + { "discard", 0, 0, 'd' }, + + /* --- End of main table --- */ + + { 0, 0, 0, 0 } +}; + +static const char *sopts = "hvu lfm::o:z:pTd"; + +#ifndef OPTION_V + DA_DECL(option_v, struct option); +# define OPTION_V +#endif + +static option_v optv = DA_INIT; +static dstr optd = DSTR_INIT; + +/* --- @addopts@ --- * + * + * Arguments: @const char *s@ = pointer to short options + * @struct option *l@ = pointer to long options + * + * Returns: --- + * + * Use: Adds a collection of options to the table. + */ + +static void addopts(const char *s, struct option *l) +{ + dstr_puts(&optd, s); + if (DA_LEN(&optv)) + DA_SHRINK(&optv, 1); + while (l->name) + DA_PUSH(&optv, *l++); + DA_PUSH(&optv, *l); +} + +/* --- @opt@ --- * + * + * Arguments: --- + * + * Returns: Next option from argument array. + * + * Use: Fetches options, handling the standard ones. + */ + +static int opt(void) +{ + for (;;) { + int i = mdwopt(argc, argv, optd.buf, DA(&optv), 0, 0, 0); + switch (i) { + case 'h': + help(stdout); + exit(0); + case 'v': + version(stdout); + exit(0); + case 'u': + usage(stdout); + exit(0); + case 'l': { + gen *g; + puts("Generators supported:"); + for (g = generators; g->name; g++) + printf(" %s %s\n", g->name, g->help); + exit(0); + } break; + case 'f': + flags |= f_fips; + break; + case 'm': + flags |= f_maurer; + if (optarg) { + char *p; + unsigned long lo, hi; + lo = strtoul(optarg, &p, 0); + if (*p == '-' || *p == ',') + hi = strtoul(p + 1, &p, 0); + else + hi = lo; + if (*p != 0 || hi < lo || lo == 0) + die(EXIT_FAILURE, "bad bit range `%s'", optarg); + maurer_lo = lo; + maurer_hi = hi; + } + break; + case 'o': + if (flags & f_file) + die(EXIT_FAILURE, "already set an output file"); + if (strcmp(optarg, "-") == 0) + outfp = stdout; + else { + outfp = fopen(optarg, "w"); + if (!outfp) { + die(EXIT_FAILURE, "couldn't open output file `%s': %s", + optarg, strerror(errno)); + } + } + flags |= f_file; + break; + case 'z': { + char *p; + outsz = strtoul(optarg, &p, 0); + if (!outsz) + die(EXIT_FAILURE, "bad number `%s'", optarg); + switch (*p) { + case 'G': case 'g': outsz *= 1024; + case 'M': case 'm': outsz *= 1024; + case 'K': case 'k': outsz *= 1024; + case 0: + break; + default: + die(EXIT_FAILURE, "bad suffix `%s'", p); + break; + } + if (*p && p[1] != 0) + die(EXIT_FAILURE, "bad suffix `%s'", p); + } break; + case 'p': + flags |= f_progress; + break; + case 'T': + flags |= f_timer; + break; + case 'd': + flags |= f_discard; + break; + default: + return (i); + } + } +} + +/*----- Manglers for seed strings -----------------------------------------*/ + +/* --- @unhex@ --- * + * + * Arguments: @const char *p@ = pointer to input string + * @char **end@ = where the end goes + * @dstr *d@ = output buffer + * + * Returns: --- + * + * Use: Transforms a hex string into a chunk of binary data. + */ + +static void unhex(const char *p, char **end, dstr *d) +{ + while (p[0] && p[1]) { + int x = p[0], y = p[1]; + if ('0' <= x && x <= '9') x -= '0'; + else if ('A' <= x && x <= 'F') x -= 'A' - 10; + else if ('a' <= x && x <= 'f') x -= 'a' - 10; + else x = 0; + if ('0' <= y && y <= '9') y -= '0'; + else if ('A' <= y && y <= 'F') y -= 'A' - 10; + else if ('a' <= y && y <= 'f') y -= 'a' - 10; + else y = 0; + DPUTC(d, (x << 4) + y); + p += 2; + } + *end = (char *)p; +} + +/* --- Generate a key --- */ + +static void textkey(dstr *d, const char *p, const octet *ksz) +{ + size_t sz = strlen(p); + + if (!sz) + die(EXIT_FAILURE, "zero-length key string"); + if (keysz(sz, ksz) != sz) + DPUTM(d, p, sz); + else { + rmd160_mgfctx g; + rmd160_mgfinit(&g, p, sz); + sz = keysz(0, ksz); + dstr_ensure(d, sz); + rmd160_mgfencrypt(&g, 0, d->buf, sz); + d->len += sz; + } + assert(((void)"I can't seem to choose a good key size", + keysz(d->len, ksz) == d->len)); +} + +static void hexkey(dstr *d, const char *p, const octet *ksz) +{ + char *q; + unhex(optarg, &q, d); + if (*q) + die(EXIT_FAILURE, "bad hex key `%s'", p); + if (keysz(d->len, ksz) != d->len) + die(EXIT_FAILURE, "bad key length"); +} + +static void randkey(dstr *d, const octet *ksz) +{ + size_t sz = keysz(0, ksz); + dstr_ensure(d, sz); + rand_get(RAND_GLOBAL, d->buf, sz); + d->len += sz; +} + +/*----- Generators --------------------------------------------------------*/ + +/* --- Blum-Blum-Shub strong generator --- */ + +static grand *gen_bbs(unsigned i) +{ + /* --- Default modulus --- * + * + * The factors of this number are + * + * @p = 1229936431484295969649886203367009966370895964206162032259292413@ + * @7754313537966036459299022912838407755462506416274551744201653277@ + * @313130311731673973886822067@ + * + * @q = 9798171783943489959487301695884963889684294764514008432498259742@ + * @5374320073594018817245784145742769603334292182227671519041431067@ + * @61344781426317516045890159@ + * + * Both %$p$% and %$q$% are prime; %$(p - 1)/2$% and %$(q - 1)/2$% have no + * common factors. They were found using this program, with random + * starting points. + * + * I hope that, by publishing these factors, I'll dissuade people from + * actually using this modulus in an attempt to attain real security. The + * program is quite quick at finding Blum numbers, so there's no excuse for + * not generating your own. + */ + + const char *mt = + "12051128439013574251357214209433471144307319411973256935382082" + "84356405274180923922403660880355098909699130818163691602989614" + "90135716255689660470370755013177656905237112577648090277537209" + "93607817155427455344810369808478266925293635284364998010510985" + "0503830397166360721262431179505917248447259735253684659338653"; + + /* --- Other things --- */ + + grand *r; + const char *xt = 0; + unsigned bits = 1024; + mp *m, *x; + unsigned show = 0; + const char *kfile = 0, *id = 0, *ktype = 0; + + /* --- Parse options --- */ + + static struct option opts[] = { + { "modulus", OPTF_ARGREQ, 0, 'M' }, + { "generate", 0, 0, 'g' }, + { "seed", OPTF_ARGREQ, 0, 's' }, + { "bits", OPTF_ARGREQ, 0, 'b' }, + { "show", 0, 0, 'S' }, + { "keyring", OPTF_ARGREQ, 0, 'k' }, + { "id", OPTF_ARGREQ, 0, 'i' }, + { "type", OPTF_ARGREQ, 0, 't' }, + { 0, 0, 0, 0 } + }; + + addopts("M:gs:b:Sk:i:t:", opts); + + for (;;) { + int o = opt(); + if (o < 0) + break; + switch (o) { + case 'M': + mt = optarg; + break; + case 'g': + mt = 0; + break; + case 's': + xt = optarg; + break; + case 'b': + bits = strtoul(optarg, 0, 0); + if (bits == 0) + die(EXIT_FAILURE, "bad number of bits `%s'", optarg); + break; + case 'S': + show = 1; + break; + case 'k': + kfile = optarg; + mt = 0; + break; + case 'i': + id = optarg; + mt = 0; + break; + case 't': + ktype = optarg; + mt = 0; + break; + default: + return (0); + } + } + + /* --- Generate a modulus if one is requested --- */ + + if (mt) { + char *p; + m = mp_readstring(MP_NEW, mt, &p, 0); + if (!m || *p || (m->v[0] & 3) != 1) + die(EXIT_FAILURE, "bad modulus `%s'", mt); + /* Unfortunately I don't know how to test for a Blum integer */ + } else if (kfile || id || ktype) { + key_file kf; + key *kk; + key_data *kd; + + /* --- Open the key file --- */ + + if (!kfile) + kfile = "keyring"; + if (key_open(&kf, kfile, KOPEN_READ, key_moan, 0)) { + die(EXIT_FAILURE, "error opening key file `%s': %s", + kfile, strerror(errno)); + } + + /* --- Find the key --- */ + + if (id) { + if ((kk = key_bytag(&kf, id)) == 0) + die(EXIT_FAILURE, "key `%s' not found", id); + } else { + if (!ktype) + ktype = "bbs"; + if ((kk = key_bytype(&kf, ktype)) == 0) + die(EXIT_FAILURE, "no suitable key with type `%s' found", ktype); + } + + /* --- Read the key data --- */ + + if ((kk->k->e & KF_ENCMASK) != KENC_STRUCT) + die(EXIT_FAILURE, "key is not structured"); + if ((kd = key_structfind(kk->k, "n")) == 0) + die(EXIT_FAILURE, "key has no subkey `n'"); + if ((kd->e & KF_ENCMASK) != KENC_MP) + die(EXIT_FAILURE, "incompatible subkey encoding"); + m = MP_COPY(kd->u.m); + key_close(&kf); + } else { + bbs_priv bp; + + if (bbs_gen(&bp, bits, &rand_global, 0, + (flags & f_progress) ? pgen_ev : 0, 0)) + die(EXIT_FAILURE, "modulus generation failed"); + m = bp.n; + + if (show) { + fputs("p = ", stderr); + mp_writefile(bp.p, stderr, 10); + fputs("\nq = ", stderr); + mp_writefile(bp.q, stderr, 10); + fputs("\nn = ", stderr); + mp_writefile(bp.n, stderr, 10); + fputc('\n', stderr); + } + + mp_drop(bp.p); + mp_drop(bp.q); + } + + /* --- Set up a seed --- */ + + if (!xt) + x = mprand(MP_NEW, mp_bits(m) - 1, &rand_global, 1); + else { + char *p; + x = mp_readstring(MP_NEW, xt, &p, 0); + if (*p) + die(EXIT_FAILURE, "bad modulus `%s'", xt); + } + + /* --- Right --- */ + + r = bbs_rand(m, x); + + mp_drop(m); + mp_drop(x); + return (r); +} + +/* --- Catacomb's random number generator --- */ + +static grand *gen_rand(unsigned i) +{ + grand *r = rand_create(); + dstr d = DSTR_INIT; + + static struct option opts[] = { + { "key", OPTF_ARGREQ, 0, 'k' }, + { "text", OPTF_ARGREQ, 0, 't' }, + { "hex", OPTF_ARGREQ, 0, 'H' }, + { 0, 0, 0, 0 } + }; + + addopts("k:t:H:n", opts); + + r->ops->misc(r, RAND_NOISESRC, &noise_source); + r->ops->misc(r, RAND_SEED, 160); + + for (;;) { + int o = opt(); + if (o < 0) + break; + switch (o) { + case 'k': + DRESET(&d); + textkey(&d, optarg, rmd160_hmackeysz); + r->ops->misc(r, RAND_KEY, d.buf, d.len); + break; + case 't': + r->ops->misc(r, GRAND_SEEDBLOCK, optarg, strlen(optarg)); + break; + case 'H': + DRESET(&d); + hexkey(&d, optarg, rmd160_hmackeysz); + r->ops->misc(r, GRAND_SEEDBLOCK, d.buf, d.len); + break; + } + } + + dstr_destroy(&d); + return (r); +} + +/* --- RC4 output --- */ + +static grand *gen_rc4(unsigned i) +{ + grand *r; + dstr d = DSTR_INIT; + + static struct option opts[] = { + { "key", OPTF_ARGREQ, 0, 'k' }, + { "hex", OPTF_ARGREQ, 0, 'H' }, + { 0, 0, 0, 0 } + }; + + addopts("k:H:", opts); + + for (;;) { + int o = opt(); + if (o < 0) + break; + switch (o) { + case 'k': + DRESET(&d); + textkey(&d, optarg, rc4_keysz); + break; + case 'H': + DRESET(&d); + hexkey(&d, optarg, rc4_keysz); + break; + default: + return (0); + } + } + + if (!d.len) + randkey(&d, rc4_keysz); + r = rc4_rand(d.buf, d.len); + dstr_destroy(&d); + return (r); +} + +/* --- SEAL output --- */ + +static grand *gen_seal(unsigned i) +{ + grand *r; + dstr d = DSTR_INIT; + uint32 n = 0; + + static struct option opts[] = { + { "key", OPTF_ARGREQ, 0, 'k' }, + { "hex", OPTF_ARGREQ, 0, 'H' }, + { "sequence", OPTF_ARGREQ, 0, 'n' }, + { 0, 0, 0, 0 } + }; + + addopts("k:H:n:", opts); + + for (;;) { + int o = opt(); + if (o < 0) + break; + switch (o) { + case 'k': + DRESET(&d); + textkey(&d, optarg, seal_keysz); + break; + case 'H': + DRESET(&d); + hexkey(&d, optarg, seal_keysz); + break; + case 'n': { + char *p; + n = strtoul(optarg, &p, 0); + if (*p) + die(EXIT_FAILURE, "bad number `%s'", optarg); + } break; + default: + return (0); + } + } + + if (!d.len) + randkey(&d, seal_keysz); + r = seal_rand(d.buf, d.len, n); + dstr_destroy(&d); + return (r); +} + +/* --- Output feedback generators --- */ + +static grand *gen_ofb(unsigned i) +{ + grand *r; + dstr d = DSTR_INIT; + dstr iv = DSTR_INIT; + + static struct option opts[] = { + { "key", OPTF_ARGREQ, 0, 'k' }, + { "hex", OPTF_ARGREQ, 0, 'H' }, + { "iv", OPTF_ARGREQ, 0, 'i' }, + { 0, 0, 0, 0 } + }; + + addopts("k:H:i:", opts); + + for (;;) { + int o = opt(); + if (o < 0) + break; + switch (o) { + case 'k': + DRESET(&d); + textkey(&d, optarg, ciphertab[i].keysz); + break; + case 'H': + DRESET(&d); + hexkey(&d, optarg, ciphertab[i].keysz); + break; + case 'i': { + char *p; + unhex(optarg, &p, &iv); + if (*p) + die(EXIT_FAILURE, "bad hex IV `%s'", optarg); + } break; + default: + return (0); + } + } + + if (!d.len) + randkey(&d, ciphertab[i].keysz); + r = ciphertab[i].ofb(d.buf, d.len); + if (iv.len) { + if (iv.len != ciphertab[i].blksz) { + die(EXIT_FAILURE, "bad IV length %lu (must be %lu)", + (unsigned long)iv.len, (unsigned long)ciphertab[i].blksz); + } + r->ops->misc(r, GRAND_SEEDBLOCK, iv.buf); + } + + dstr_destroy(&d); + dstr_destroy(&iv); + return (r); +} + +/* --- Counter generators --- */ + +static grand *gen_counter(unsigned i) +{ + grand *r; + dstr d = DSTR_INIT; + dstr iv = DSTR_INIT; + + static struct option opts[] = { + { "key", OPTF_ARGREQ, 0, 'k' }, + { "hex", OPTF_ARGREQ, 0, 'H' }, + { "iv", OPTF_ARGREQ, 0, 'i' }, + { 0, 0, 0, 0 } + }; + + addopts("k:H:i:", opts); + + for (;;) { + int o = opt(); + if (o < 0) + break; + switch (o) { + case 'k': + DRESET(&d); + textkey(&d, optarg, ciphertab[i].keysz); + break; + case 'H': + DRESET(&d); + hexkey(&d, optarg, ciphertab[i].keysz); + break; + case 'i': { + char *p; + unhex(optarg, &p, &iv); + if (*p) + die(EXIT_FAILURE, "bad hex IV `%s'", optarg); + } break; + default: + return (0); + } + } + + if (!d.len) + randkey(&d, ciphertab[i].keysz); + r = ciphertab[i].counter(d.buf, d.len); + if (iv.len) { + if (iv.len != ciphertab[i].blksz) { + die(EXIT_FAILURE, "bad IV length %lu (must be %lu)", + (unsigned long)iv.len, (unsigned long)ciphertab[i].blksz); + } + r->ops->misc(r, GRAND_SEEDBLOCK, iv.buf); + } + + dstr_destroy(&d); + dstr_destroy(&iv); + return (r); +} + +/* --- Mask generators --- */ + +static grand *gen_mgf(unsigned i) +{ + grand *r; + dstr d = DSTR_INIT; + uint32 c = 0; + + static struct option opts[] = { + { "key", OPTF_ARGREQ, 0, 'k' }, + { "hex", OPTF_ARGREQ, 0, 'H' }, + { "index", OPTF_ARGREQ, 0, 'i' }, + { 0, 0, 0, 0 } + }; + + addopts("k:H:i:", opts); + + for (;;) { + int o = opt(); + if (o < 0) + break; + switch (o) { + case 'k': + DRESET(&d); + textkey(&d, optarg, hashtab[i].keysz); + break; + case 'H': + DRESET(&d); + hexkey(&d, optarg, hashtab[i].keysz); + break; + case 'i': { + char *p; + c = strtoul(optarg, &p, 0); + if (*p) + die(EXIT_FAILURE, "bad index `%s'", optarg); + } break; + default: + return (0); + } + } + + if (!d.len) + randkey(&d, hashtab[i].keysz); + + r = hashtab[i].mgf(d.buf, d.len); + if (c) + r->ops->misc(r, GRAND_SEEDUINT32, c); + + dstr_destroy(&d); + return (r); +} + +/* --- Fibonacci generator --- */ + +static grand *gen_fib(unsigned i) +{ + grand *r; + uint32 s = 0; + char *p; + unsigned set = 0; + + static struct option opts[] = { + { "seed", OPTF_ARGREQ, 0, 's' }, + { 0, 0, 0, 0 } + }; + + addopts("s:", opts); + + for (;;) { + int o = opt(); + if (o < 0) + break; + switch (o) { + case 's': + s = strtoul(optarg, &p, 0); + if (*p) + die(EXIT_FAILURE, "bad integer `%s'", optarg); + set = 1; + break; + default: + return (0); + } + } + r = fibrand_create(s); + if (!set) + r->ops->misc(r, GRAND_SEEDRAND, &rand_global); + return (r); +} + +/* --- LC generator --- */ + +static grand *gen_lc(unsigned i) +{ + uint32 s = 0; + char *p; + unsigned set = 0; + + static struct option opts[] = { + { "seed", OPTF_ARGREQ, 0, 's' }, + { 0, 0, 0, 0 } + }; + + addopts("s:", opts); + + for (;;) { + int o = opt(); + if (o < 0) + break; + switch (o) { + case 's': + s = strtoul(optarg, &p, 0); + if (*p) + die(EXIT_FAILURE, "bad integer `%s'", optarg); + set = 1; + break; + default: + return (0); + } + } + if (!set) { + do + s = rand_global.ops->range(&rand_global, LCRAND_P); + while (s == LCRAND_FIXEDPT); + } + return (lcrand_create(s)); +} + +/* --- Basic options parser -- can't generate output --- */ + +static grand *gen_opts(unsigned i) +{ + while (opt() >= 0) + ; + return (0); +} + +/*----- Generators table --------------------------------------------------*/ + +gen generators[] = { + { "fibonacci", gen_fib, 0, + "[-s SEED]" }, + { "lc", gen_lc, 0, + "[-s SEED]" }, +#define E(PRE, pre) \ + { #pre "-ofb", gen_ofb, CIPHER_##PRE, \ + "[-k KEY-PHRASE] [-H HEX-KEY] [-i HEX-IV]" }, + CIPHERS +#undef E +#define E(PRE, pre) \ + { #pre "-counter", gen_counter, CIPHER_##PRE, \ + "[-k KEY-PHRASE] [-H HEX-KEY] [-i HEX-IV]" }, + CIPHERS +#undef E +#define E(PRE, pre) \ + { #pre "-mgf", gen_mgf, HASH_##PRE, \ + "[-k KEY-PHRASE] [-H HEX-KEY] [-i INDEX]" }, + HASHES +#undef E + { "rc4", gen_rc4, 0, + "[-k KEY-PHRASE] [-H HEX-KEY]" }, + { "seal", gen_seal, 0, + "[-k KEY-PHRASE] [-H HEX-KEY] [-n SEQ]" }, + { "rand", gen_rand, 0, + "[-n] [-k KEY-PHRASE] [-t TEXT-BLOCK] [-H HEX-BLOCK]" }, + { "bbs", gen_bbs, 0, + "[-gS] [-s SEED] [-M MODULUS] [-b BITS] [-k KEYRING] [-i TAG] [-t TYPE]" + }, + { 0, 0, 0, 0 }, +}; + +static gen optsg = { "options", gen_opts, 0, + "This message shouldn't be printed." }; + +/*----- Random number generation ------------------------------------------*/ + +static int genfile(const void *buf, size_t sz, void *p) +{ + FILE *fp = p; + if (fwrite(buf, 1, sz, fp) != sz) + die(EXIT_FAILURE, "error writing to file: %s", strerror(errno)); + return (0); +} + +static int genbuf(const void *buf, size_t sz, void *p) +{ + octet **pp = p; + memcpy(*pp, buf, sz); + *pp += sz; + return (0); +} + +typedef struct genmaurer_ctx { + size_t n; + maurer_ctx *m; +} genmaurer_ctx; + +static int genmaurer(const void *buf, size_t sz, void *p) +{ + genmaurer_ctx *g = p; + size_t i; + + for (i = 0; i < g->n; i++) + maurer_test(&g->m[i], buf, sz); + return (0); +} + +static int generate(grand *r, size_t outsz, + int (*func)(const void *buf, size_t sz, void *p), + void *p) +{ + static char kmg[] = { ' ', 'k', 'M', 'G', 'T', 'P', 'E', 'Z', 'Y', 0 }; + + unsigned percent = 0; + size_t kb = 0; + time_t last; + static char baton[] = "-\\|/"; + char *bp; + int rc; + clock_t clk = 0; + + /* --- Spit out random data --- */ + + last = time(0); + bp = baton; + if (flags & f_progress) { + char *errbuf = xmalloc(BUFSIZ); + setvbuf(stderr, errbuf, _IOLBF, BUFSIZ); + if (outsz) + fprintf(stderr, "[%*s] 0%% 0\r[/\b", 50, ""); + else + fputs("[ ] 0\r[/\b", stderr); + fflush(stderr); + } + +#ifdef SIGPIPE + signal(SIGPIPE, SIG_IGN); +#endif + + do { + octet buf[BUFSIZ]; + size_t sz = sizeof(buf); + clock_t c_start, c_stop; + + /* --- Emit a bufferful (or less) of data --- */ + + if (outsz) { + if (sz > outsz - kb) + sz = outsz - kb; + } + c_start = clock(); + r->ops->fill(r, buf, sz); + c_stop = clock(); + clk += c_stop - c_start; + if (func && (rc = func(buf, sz, p)) != 0) + return (rc); + kb += sz; + + /* --- Update the display --- */ + + if (flags & f_progress) { + time_t t = time(0); + unsigned up = 0; + + if (percent > 100) + up = 1; + + if (!outsz) { + if (difftime(t, last) > 1.0) { + up = 1; + } + if (up) + fputs(" ] ", stderr); + } else { + unsigned pc = kb * 100.0 / outsz; + if (pc > percent || percent > 100 || difftime(t, last) > 1.0) { + if (percent > 100) + percent = 0; + percent &= ~1; + for (; percent < (pc & ~1); percent += 2) + putc('.', stderr); + percent = pc; + for (; pc < 100; pc += 2) + putc(' ', stderr); + fprintf(stderr, "] %3i%% ", percent); + up = 1; + } + } + + if (up) { + size_t q = kb; + char *kk = kmg; + while (q > 8192 && kk[1]) { + q >>= 10; + kk++; + } + fprintf(stderr, "%4i%c\r[", q, *kk); + if (outsz) { + unsigned pc; + for (pc = 0; pc < (percent & ~1); pc += 2) + putc('.', stderr); + } + last = t; + } + + if (percent > 100) + percent = 0; + + if (percent < 100) { + putc(*bp++, stderr); + putc('\b', stderr); + if (!*bp) + bp = baton; + } + fflush(stderr); + } + + /* --- Terminate the loop --- */ + + } while (!outsz || kb < outsz); + + if (flags & f_progress) + fputc('\n', stderr); + if (flags & f_timer) { + fprintf(stderr, "generated %lu bytes ", (unsigned long)outsz); + if (!clk) + fputs("too quickly to measure\n", stderr); + else { + char *kk; + double sec = (double)clk/CLOCKS_PER_SEC; + double bps = (outsz << 3)/sec; + for (kk = kmg; bps > 1024 && kk[1]; kk++, bps /= 1024) + ; + fprintf(stderr, "in %g secs (%g %cb/s)\n", sec, bps, *kk); + } + } + return (0); +} + +/*----- Main code ---------------------------------------------------------*/ + +int main(int ac, char *av[]) +{ + gen *g = &optsg; + grand *r; + + /* --- Initialize mLib --- */ + + ego(av[0]); + sub_init(); + + /* --- Set up the main Catacomb generator --- */ + + rand_noisesrc(RAND_GLOBAL, &noise_source); + rand_seed(RAND_GLOBAL, 160); + + /* --- Initialize the options table --- */ + + addopts(sopts, opts); + argc = ac; + argv = av; + outfp = stdout; + + /* --- Read the generator out of the first argument --- */ + + if (argc > 1 && *argv[1] != '-') { + const char *arg = av[1]; + size_t sz = strlen(arg); + gen *gg; + + g = 0; + for (gg = generators; gg->name; gg++) { + if (strncmp(arg, gg->name, sz) == 0) { + if (gg->name[sz] == 0) { + g = gg; + break; + } else if (g) + die(EXIT_FAILURE, "ambiguous generator name `%s'", arg); + else + g = gg; + } + } + if (!g) + die(EXIT_FAILURE, "unknown generator name `%s'", arg); + argc--; + argv++; + } + + /* --- Get a generic random number generator --- */ + + r = g->seed(g->i); + if (!r || optind != ac - 1) { + usage(stderr); + exit(EXIT_FAILURE); + } + + /* --- Do the FIPS test --- */ + + if (flags & f_fips) { + octet buf[FIPSTEST_BUFSZ]; + unsigned rc; + octet *p = buf; + + generate(r, sizeof(buf), genbuf, &p); + rc = fipstest(buf); + if (rc & FIPSTEST_MONOBIT) + moan("failed monobit test"); + if (rc & FIPSTEST_POKER) + moan("failed poker test"); + if (rc & FIPSTEST_RUNS) + moan("failed runs test"); + if (rc & FIPSTEST_LONGRUNS) + moan("failed long runs test"); + if (!rc && (flags & f_progress)) + fputs("test passed\n", stderr); + return (rc ? EXIT_FAILURE : 0); + } + + /* --- Do Maurer's test --- */ + + if (flags & f_maurer) { + size_t bufsz; + unsigned i; + unsigned rc = 0; + genmaurer_ctx g; + + static struct { double x; const char *sig; } sigtab[] = { + { 3.2905, "1e-3" }, + { 3.0902, "2e-3" }, + { 2.8070, "5e-3" }, + { 2.5758, "1e-2" }, + { 0 , 0 } + }; + + g.n = maurer_hi - maurer_lo + 1; + g.m = xmalloc(g.n * sizeof(maurer_ctx)); + for (i = 0; i < g.n; i++) + maurer_init(&g.m[i], i + maurer_lo); + bufsz = (100 * maurer_hi) << maurer_hi; + + generate(r, bufsz, genmaurer, &g); + + for (i = maurer_lo; i <= maurer_hi; i++) { + double z = maurer_done(&g.m[i - maurer_lo]); + double zz = fabs(z); + unsigned j; + + for (j = 0; sigtab[j].sig; j++) { + if (zz > sigtab[j].x) { + rc = EXIT_FAILURE; + moan("failed, bits = %u, sig = %s, Z_u = %g", + i, sigtab[j].sig, z); + break; + } + } + if (flags & f_progress) + fprintf(stderr, "bits = %u, Z_u = %g\n", i, z); + } + + xfree(g.m); + return (rc); + } + + /* --- Discard --- */ + + if (flags & f_discard) { + generate(r, outsz, 0, 0); + return (0); + } + + /* --- Write to a file --- */ + +#ifndef PORTABLE + if (!(flags & f_file) && isatty(STDOUT_FILENO)) + die(EXIT_FAILURE, "writing output to a terminal is a bad idea"); +#endif + + generate(r, outsz, genfile, outfp); + + /* --- Done --- */ + + r->ops->destroy(r); + return (0); +} + +/*----- That's all, folks -------------------------------------------------*/