11
* Copyright(c) 2001-2006 Cisco Systems, Inc.
12
* All rights reserved.
14
* Redistribution and use in source and binary forms, with or without
15
* modification, are permitted provided that the following conditions
18
* Redistributions of source code must retain the above copyright
19
* notice, this list of conditions and the following disclaimer.
21
* Redistributions in binary form must reproduce the above
22
* copyright notice, this list of conditions and the following
23
* disclaimer in the documentation and/or other materials provided
24
* with the distribution.
26
* Neither the name of the Cisco Systems, Inc. nor the names of its
27
* contributors may be used to endorse or promote products derived
28
* from this software without specific prior written permission.
30
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
31
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
32
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
33
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
34
* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
35
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
36
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
37
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
38
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
39
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
40
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
41
* OF THE POSSIBILITY OF SUCH DAMAGE.
48
/* single, global prng structure */
50
x917_prng_t x917_prng;
53
x917_prng_init(rand_source_func_t random_source) {
57
/* initialize output count to zero */
58
x917_prng.octet_count = 0;
60
/* set random source */
61
x917_prng.rand = random_source;
63
/* initialize secret key from random source */
64
status = random_source((uint8_t *)&tmp_key, 16);
69
aes_expand_encryption_key(&tmp_key, x917_prng.key);
71
/* initialize prng state from random source */
72
status = x917_prng.rand((uint8_t *)&x917_prng.state, 16);
80
x917_prng_get_octet_string(uint8_t *dest, uint32_t len) {
87
* if we need to re-initialize the prng, do so now
89
* avoid overflows by subtracting instead of adding
91
if (x917_prng.octet_count > MAX_PRNG_OUT_LEN - len) {
92
status = x917_prng_init(x917_prng.rand);
96
x917_prng.octet_count += len;
98
/* find out the time */
99
t = (uint32_t)time(NULL);
101
/* loop until we have output enough data */
102
for (i=0; i < len/16; i++) {
104
/* exor time into state */
105
x917_prng.state.v32[0] ^= t;
107
/* copy state into buffer */
108
v128_copy(&buffer, &x917_prng.state);
110
/* apply aes to buffer */
111
aes_encrypt(&buffer, x917_prng.key);
113
/* write data to output */
114
*dest++ = buffer.v8[0];
115
*dest++ = buffer.v8[1];
116
*dest++ = buffer.v8[2];
117
*dest++ = buffer.v8[3];
118
*dest++ = buffer.v8[4];
119
*dest++ = buffer.v8[5];
120
*dest++ = buffer.v8[6];
121
*dest++ = buffer.v8[7];
122
*dest++ = buffer.v8[8];
123
*dest++ = buffer.v8[9];
124
*dest++ = buffer.v8[10];
125
*dest++ = buffer.v8[11];
126
*dest++ = buffer.v8[12];
127
*dest++ = buffer.v8[13];
128
*dest++ = buffer.v8[14];
129
*dest++ = buffer.v8[15];
131
/* exor time into buffer */
135
aes_encrypt(&buffer, x917_prng.key);
137
/* copy buffer into state */
138
v128_copy(&x917_prng.state, &buffer);
142
/* if we need to output any more octets, we'll do so now */
146
/* exor time into state */
147
x917_prng.state.v32[0] ^= t;
149
/* copy value into buffer */
150
v128_copy(&buffer, &x917_prng.state);
152
/* apply aes to buffer */
153
aes_encrypt(&buffer, x917_prng.key);
155
/* write data to output */
156
for (i=0; i < tail_len; i++) {
157
*dest++ = buffer.v8[i];
160
/* now update the state one more time */
162
/* exor time into buffer */
166
aes_encrypt(&buffer, x917_prng.key);
168
/* copy buffer into state */
169
v128_copy(&x917_prng.state, &buffer);
173
return err_status_ok;
177
x917_prng_deinit(void) {
179
return err_status_ok;