2 * IRC - Internet Relay Chat, ircd/random.c
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 1, or (at your option)
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
19 * @brief 32-bit pseudo-random number generator implementation.
27 #include "ircd_reply.h"
33 /** 8 bytes of local pseudo-random number generator state. */
34 static char localkey[9] = "12345678";
36 /** Rotate \a c left by \a r bits. */
37 #define char_roll(c, r) (((c) << (r)) | ((c) >> (8 - (r))))
39 /** Seed the PRNG with a string.
40 * @param[in] from Client setting the seed (may be NULL).
41 * @param[in] fields Input arguments (fields[0] is used).
42 * @param[in] count Number of input arguments.
43 * @return Non-zero on success, zero on error.
46 random_seed_set(struct Client* from, const char* const* fields, int count)
52 if (from) /* send an error */
53 return need_more_params(from, "SET");
55 log_write(LS_CONFIG, L_ERROR, 0, "Not enough fields in F line");
60 len = strlen(fields[0]);
62 /* logic is: go through loop at least 8 times, but use all bits of seed */
63 for (i = 0; i < (len < 8 ? 8 : len); i++, p++) {
64 if (!(i % len)) { /* if we've exceeded the string length, reset */
66 roll++; /* so latter part of string looks different from former */
69 /* set the appropriate location of localkey according to the following
70 * rules: first, roll current value by an amount depending on how many
71 * times we've touched this character. Then take seed value and roll
72 * it by an amount depending upon how many times we've touched that
73 * character. Finally, xor the values together.
75 localkey[i % 8] = char_roll(localkey[i % 8], (i / 8) % 8) ^
76 char_roll(*p, roll % 8);
82 /** Perform bitwise XOR on two buffers of memory.
83 * @param[in,out] dest Buffer to be XOR'ed.
84 * @param[in] src Buffer of data to XOR with.
85 * @param[in] n Number of bytes to transfor.
88 memxor(void *dest, void *src, int n)
90 unsigned char *d = (unsigned char *)dest;
91 unsigned char *s = (unsigned char *)src;
98 * MD5 transform algorithm, taken from code written by Colin Plumb,
99 * and put into the public domain
101 * Kev: Taken from Ted T'so's /dev/random random.c code and modified to
102 * be slightly simpler. That code is released under a BSD-style copyright
103 * OR under the terms of the GNU Public License, which should be included
104 * at the top of this source file.
106 * record: Cleaned up to work with ircd. RANDOM_TOKEN is defined in
107 * setup.h by the make script; if people start to "guess" your cookies,
108 * consider recompiling your server with a different random token.
110 * Kev: Now the seed comes from the feature subsystem and is fed into a
111 * mash routine (random_set_seed) that depends on previous values of the
112 * localkey array; also, part of the output of the RNG is fed back into
113 * the localkey array. Finally, the time values are xor'd with the local
114 * key to enhance non-determinability of the data fed into the MD5 core.
117 /* The four core functions - F1 is optimized somewhat */
118 /** Helper function for first round of MD5. */
119 #define F1(x, y, z) (z ^ (x & (y ^ z)))
120 /** Helper function for second round of MD5. */
121 #define F2(x, y, z) F1(z, x, y)
122 /** Helper function for third round of MD5. */
123 #define F3(x, y, z) (x ^ y ^ z)
124 /** Helper function for fourth round of MD5. */
125 #define F4(x, y, z) (y ^ (x | ~z))
127 /** Step function for MD5. */
128 #define MD5STEP(f, w, x, y, z, data, s) \
129 ( w += f(x, y, z) + data, w = w<<s | w>>(32-s), w += x )
132 * The core of the MD5 algorithm, this alters an existing MD5 hash to
133 * reflect the addition of 16 longwords of new data. MD5Update blocks
134 * the data and converts bytes into longwords for this routine.
136 * original comment left in; this used to be called MD5Transform and took
137 * two arguments; I've internalized those arguments, creating the character
138 * array "localkey," which should contain 8 bytes of data. The function also
139 * originally returned nothing; now it returns an unsigned long that is the
140 * random number. It appears to be reallyrandom, so... -Kev
142 * I don't really know what this does. I tried to figure it out and got
143 * a headache. If you know what's good for you, you'll leave this stuff
144 * for the smart people and do something else. -record
146 /** Generate a pseudo-random number.
147 * This uses the #localkey variable plus current time as input to MD5,
148 * feeding half of the MD5 output back to #localkey and XORing the
149 * other two output words to generate the pseudo-random output.
150 * @return A 32-bit pseudo-random number.
152 unsigned int ircrandom(void)
154 unsigned int a, b, c, d;
155 unsigned char in[16];
158 gettimeofday(&tv, 0);
160 memcpy((void *)in, (void *)localkey, 8);
161 memcpy((void *)(in + 8), (void *)localkey, 8);
162 memxor((void *)(in + 8), (void *)&tv.tv_sec, 4);
163 memxor((void *)(in + 12), (void *)&tv.tv_usec, 4);
170 MD5STEP(F1, a, b, c, d, (int)in[0] + 0xd76aa478, 7);
171 MD5STEP(F1, d, a, b, c, (int)in[1] + 0xe8c7b756, 12);
172 MD5STEP(F1, c, d, a, b, (int)in[2] + 0x242070db, 17);
173 MD5STEP(F1, b, c, d, a, (int)in[3] + 0xc1bdceee, 22);
174 MD5STEP(F1, a, b, c, d, (int)in[4] + 0xf57c0faf, 7);
175 MD5STEP(F1, d, a, b, c, (int)in[5] + 0x4787c62a, 12);
176 MD5STEP(F1, c, d, a, b, (int)in[6] + 0xa8304613, 17);
177 MD5STEP(F1, b, c, d, a, (int)in[7] + 0xfd469501, 22);
178 MD5STEP(F1, a, b, c, d, (int)in[8] + 0x698098d8, 7);
179 MD5STEP(F1, d, a, b, c, (int)in[9] + 0x8b44f7af, 12);
180 MD5STEP(F1, c, d, a, b, (int)in[10] + 0xffff5bb1, 17);
181 MD5STEP(F1, b, c, d, a, (int)in[11] + 0x895cd7be, 22);
182 MD5STEP(F1, a, b, c, d, (int)in[12] + 0x6b901122, 7);
183 MD5STEP(F1, d, a, b, c, (int)in[13] + 0xfd987193, 12);
184 MD5STEP(F1, c, d, a, b, (int)in[14] + 0xa679438e, 17);
185 MD5STEP(F1, b, c, d, a, (int)in[15] + 0x49b40821, 22);
187 MD5STEP(F2, a, b, c, d, (int)in[1] + 0xf61e2562, 5);
188 MD5STEP(F2, d, a, b, c, (int)in[6] + 0xc040b340, 9);
189 MD5STEP(F2, c, d, a, b, (int)in[11] + 0x265e5a51, 14);
190 MD5STEP(F2, b, c, d, a, (int)in[0] + 0xe9b6c7aa, 20);
191 MD5STEP(F2, a, b, c, d, (int)in[5] + 0xd62f105d, 5);
192 MD5STEP(F2, d, a, b, c, (int)in[10] + 0x02441453, 9);
193 MD5STEP(F2, c, d, a, b, (int)in[15] + 0xd8a1e681, 14);
194 MD5STEP(F2, b, c, d, a, (int)in[4] + 0xe7d3fbc8, 20);
195 MD5STEP(F2, a, b, c, d, (int)in[9] + 0x21e1cde6, 5);
196 MD5STEP(F2, d, a, b, c, (int)in[14] + 0xc33707d6, 9);
197 MD5STEP(F2, c, d, a, b, (int)in[3] + 0xf4d50d87, 14);
198 MD5STEP(F2, b, c, d, a, (int)in[8] + 0x455a14ed, 20);
199 MD5STEP(F2, a, b, c, d, (int)in[13] + 0xa9e3e905, 5);
200 MD5STEP(F2, d, a, b, c, (int)in[2] + 0xfcefa3f8, 9);
201 MD5STEP(F2, c, d, a, b, (int)in[7] + 0x676f02d9, 14);
202 MD5STEP(F2, b, c, d, a, (int)in[12] + 0x8d2a4c8a, 20);
204 MD5STEP(F3, a, b, c, d, (int)in[5] + 0xfffa3942, 4);
205 MD5STEP(F3, d, a, b, c, (int)in[8] + 0x8771f681, 11);
206 MD5STEP(F3, c, d, a, b, (int)in[11] + 0x6d9d6122, 16);
207 MD5STEP(F3, b, c, d, a, (int)in[14] + 0xfde5380c, 23);
208 MD5STEP(F3, a, b, c, d, (int)in[1] + 0xa4beea44, 4);
209 MD5STEP(F3, d, a, b, c, (int)in[4] + 0x4bdecfa9, 11);
210 MD5STEP(F3, c, d, a, b, (int)in[7] + 0xf6bb4b60, 16);
211 MD5STEP(F3, b, c, d, a, (int)in[10] + 0xbebfbc70, 23);
212 MD5STEP(F3, a, b, c, d, (int)in[13] + 0x289b7ec6, 4);
213 MD5STEP(F3, d, a, b, c, (int)in[0] + 0xeaa127fa, 11);
214 MD5STEP(F3, c, d, a, b, (int)in[3] + 0xd4ef3085, 16);
215 MD5STEP(F3, b, c, d, a, (int)in[6] + 0x04881d05, 23);
216 MD5STEP(F3, a, b, c, d, (int)in[9] + 0xd9d4d039, 4);
217 MD5STEP(F3, d, a, b, c, (int)in[12] + 0xe6db99e5, 11);
218 MD5STEP(F3, c, d, a, b, (int)in[15] + 0x1fa27cf8, 16);
219 MD5STEP(F3, b, c, d, a, (int)in[2] + 0xc4ac5665, 23);
221 MD5STEP(F4, a, b, c, d, (int)in[0] + 0xf4292244, 6);
222 MD5STEP(F4, d, a, b, c, (int)in[7] + 0x432aff97, 10);
223 MD5STEP(F4, c, d, a, b, (int)in[14] + 0xab9423a7, 15);
224 MD5STEP(F4, b, c, d, a, (int)in[5] + 0xfc93a039, 21);
225 MD5STEP(F4, a, b, c, d, (int)in[12] + 0x655b59c3, 6);
226 MD5STEP(F4, d, a, b, c, (int)in[3] + 0x8f0ccc92, 10);
227 MD5STEP(F4, c, d, a, b, (int)in[10] + 0xffeff47d, 15);
228 MD5STEP(F4, b, c, d, a, (int)in[1] + 0x85845dd1, 21);
229 MD5STEP(F4, a, b, c, d, (int)in[8] + 0x6fa87e4f, 6);
230 MD5STEP(F4, d, a, b, c, (int)in[15] + 0xfe2ce6e0, 10);
231 MD5STEP(F4, c, d, a, b, (int)in[6] + 0xa3014314, 15);
232 MD5STEP(F4, b, c, d, a, (int)in[13] + 0x4e0811a1, 21);
233 MD5STEP(F4, a, b, c, d, (int)in[4] + 0xf7537e82, 6);
234 MD5STEP(F4, d, a, b, c, (int)in[11] + 0xbd3af235, 10);
235 MD5STEP(F4, c, d, a, b, (int)in[2] + 0x2ad7d2bb, 15);
236 MD5STEP(F4, b, c, d, a, (int)in[9] + 0xeb86d391, 21);
238 /* This feeds part of the output of the random number generator into the
239 * seed to further obscure any patterns
241 memxor((void *)localkey, (void *)&a, 4);
242 memxor((void *)(localkey + 4), (void *)&b, 4);
245 * We have 4 unsigned longs generated by the above sequence; this scrambles
246 * them together so that if there is any pattern, it will be obscured.
248 * a and b are now part of the state of the random number generator;
249 * returning them is a security hazard.