* cryptographic random number generator for PuTTY's ssh client
*/
+#include "putty.h"
#include "ssh.h"
void noise_get_heavy(void (*func) (void *, int));
};
static struct RandPool pool;
+int random_active = 0;
-void random_add_noise(void *noise, int length) {
- unsigned char *p = noise;
-
- while (length >= (HASHINPUT - pool.incomingpos)) {
- memcpy(pool.incomingb + pool.incomingpos, p,
- HASHINPUT - pool.incomingpos);
- p += HASHINPUT - pool.incomingpos;
- length -= HASHINPUT - pool.incomingpos;
- SHATransform((word32 *)pool.incoming, (word32 *)pool.incomingb);
- pool.incomingpos = 0;
- }
-
- memcpy(pool.incomingb, p, length);
- pool.incomingpos = length;
-}
-
-void random_stir(void) {
- word32 block[HASHINPUT/sizeof(word32)];
- word32 digest[HASHSIZE/sizeof(word32)];
+static void random_stir(void)
+{
+ word32 block[HASHINPUT / sizeof(word32)];
+ word32 digest[HASHSIZE / sizeof(word32)];
int i, j, k;
noise_get_light(random_add_noise);
- SHATransform((word32 *)pool.incoming, (word32 *)pool.incomingb);
+ SHATransform((word32 *) pool.incoming, (word32 *) pool.incomingb);
pool.incomingpos = 0;
/*
* things will be that much less predictable that way
* round, when we subsequently return bytes ...
*/
- for (j = POOLSIZE; (j -= HASHSIZE) >= 0 ;) {
+ for (j = POOLSIZE; (j -= HASHSIZE) >= 0;) {
/*
* XOR the bit of the pool we're processing into the
* digest.
*/
- for (k = 0; k < sizeof(digest)/sizeof(*digest); k++)
- digest[k] ^= ((word32 *)(pool.pool+j))[k];
+ for (k = 0; k < sizeof(digest) / sizeof(*digest); k++)
+ digest[k] ^= ((word32 *) (pool.pool + j))[k];
/*
* Munge our unrevealed first block of the pool into
* Stick the result back into the pool.
*/
- for (k = 0; k < sizeof(digest)/sizeof(*digest); k++)
- ((word32 *)(pool.pool+j))[k] = digest[k];
+ for (k = 0; k < sizeof(digest) / sizeof(*digest); k++)
+ ((word32 *) (pool.pool + j))[k] = digest[k];
}
}
* there'll be some extra bizarreness there.
*/
SHATransform(digest, block);
- memcpy(digest, pool.incoming, sizeof(digest));
+ memcpy(pool.incoming, digest, sizeof(digest));
pool.poolpos = sizeof(pool.incoming);
}
-static void random_add_heavynoise(void *noise, int length) {
+void random_add_noise(void *noise, int length)
+{
unsigned char *p = noise;
+ int i;
- while (length >= (POOLSIZE - pool.poolpos)) {
- memcpy(pool.pool + pool.poolpos, p, POOLSIZE - pool.poolpos);
- p += POOLSIZE - pool.poolpos;
- length -= POOLSIZE - pool.poolpos;
+ if (!random_active)
+ return;
+
+ /*
+ * This function processes HASHINPUT bytes into only HASHSIZE
+ * bytes, so _if_ we were getting incredibly high entropy
+ * sources then we would be throwing away valuable stuff.
+ */
+ while (length >= (HASHINPUT - pool.incomingpos)) {
+ memcpy(pool.incomingb + pool.incomingpos, p,
+ HASHINPUT - pool.incomingpos);
+ p += HASHINPUT - pool.incomingpos;
+ length -= HASHINPUT - pool.incomingpos;
+ SHATransform((word32 *) pool.incoming, (word32 *) pool.incomingb);
+ for (i = 0; i < HASHSIZE; i++) {
+ pool.pool[pool.poolpos++] ^= pool.incomingb[i];
+ if (pool.poolpos >= POOLSIZE)
+ pool.poolpos = 0;
+ }
+ if (pool.poolpos < HASHSIZE)
+ random_stir();
+
+ pool.incomingpos = 0;
+ }
+
+ memcpy(pool.incomingb + pool.incomingpos, p, length);
+ pool.incomingpos += length;
+}
+
+void random_add_heavynoise(void *noise, int length)
+{
+ unsigned char *p = noise;
+ int i;
+
+ while (length >= POOLSIZE) {
+ for (i = 0; i < POOLSIZE; i++)
+ pool.pool[i] ^= *p++;
random_stir();
+ length -= POOLSIZE;
+ }
+
+ for (i = 0; i < length; i++)
+ pool.pool[i] ^= *p++;
+ random_stir();
+}
+
+static void random_add_heavynoise_bitbybit(void *noise, int length)
+{
+ unsigned char *p = noise;
+ int i;
+
+ while (length >= POOLSIZE - pool.poolpos) {
+ for (i = 0; i < POOLSIZE - pool.poolpos; i++)
+ pool.pool[pool.poolpos + i] ^= *p++;
+ random_stir();
+ length -= POOLSIZE - pool.poolpos;
pool.poolpos = 0;
}
- memcpy(pool.pool, p, length);
- pool.poolpos = length;
+ for (i = 0; i < length; i++)
+ pool.pool[i] ^= *p++;
+ pool.poolpos = i;
}
-void random_init(void) {
+void random_init(void)
+{
memset(&pool, 0, sizeof(pool)); /* just to start with */
- /*
- * For noise_get_heavy, we temporarily use `poolpos' as the
- * pointer for addition of noise, rather than extraction of
- * random numbers.
- */
- pool.poolpos = 0;
- noise_get_heavy(random_add_heavynoise);
+ random_active = 1;
+ noise_get_heavy(random_add_heavynoise_bitbybit);
random_stir();
}
-int random_byte(void) {
+int random_byte(void)
+{
if (pool.poolpos >= POOLSIZE)
random_stir();
return pool.pool[pool.poolpos++];
}
-void random_get_savedata(void **data, int *len) {
+void random_get_savedata(void **data, int *len)
+{
+ void *buf = smalloc(POOLSIZE / 2);
+ random_stir();
+ memcpy(buf, pool.pool + pool.poolpos, POOLSIZE / 2);
+ *len = POOLSIZE / 2;
+ *data = buf;
random_stir();
- *data = pool.pool+pool.poolpos;
- *len = POOLSIZE/2;
}