prng.c

   1 /**
   2  * File:                prng.c
   3  * Author:              Daniel Otte
   4  * Date:                17.05.2006
   5  * License:             GPL
   6  * Description: This file contains an implementaition of a pseudo-random-number generator.
   7  * Extension 1:
   8  *      rndCore is expanded to 512 bits for more security.
   9  **/
  10
  11
  12 /*
  13  *
  14  *                      ####################################################################################
  15  *                      #                                                                                                                                                      #
  16  *                                          #             +---------------------------+                                                                                    #
  17  *                                          #             |                                           |                                                                                    #
  18  *                                          #             V                                           |                                                                                    #
  19  *                      #      (concat)                           |                                                                                        #
  20  *  +---------------+   #    o---------o             (xor)+---------+      o---------o       o---------o   #    +--------------+
  21  *  | entropy Block | -----> | sha-256 | --(offset)-<     | rndCore | ---> | sha-256 | --+-> | sha-256 | -----> | random Block |
  22  *  +---------------+   #    o---------o             (xor)+---------+      o---------o   |   o---------o   #    +--------------+
  23  *                                              #                                                     (xor)     (xor)                                    |                                 #
  24  *                                              #                                                           ^     ^                                              |                                 #
  25  *                                              #                                                            \   /                                               |                                 #
  26  *                                              #                                                           (offset)---------------------+                                 #
  27  *                                              #                                                                                                                                                      #
  28  *                                              ####################################################################################
  29  *
  30  */
  31
  32 #include <stdint.h>
  33 #include <string.h>
  34 #include "sha256.h"
  35
  36
  37
  38
  39 uint32_t rndCore[16]; /* secret */
  40
  41 /*
  42  * idea is: hash the message and add it via xor to rndCore
  43  *
  44  * length in bits
  45  *
  46  * we simply first "hash" rndCore, then entropy.
  47  */
  48 void addEntropy(unsigned length, void* data){
  49         sha256_ctx_t s;
  50         static uint8_t offset=0; /* selects if higher or lower half gets updated */
  51         sha256_init(&s);
  52         sha256_nextBlock(&s, rndCore);
  53         while (length>=512){
  54                 sha256_nextBlock(&s, data);
  55                 data += 512/8;
  56                 length -= 512;
  57         }
  58         sha256_lastBlock(&s, data, length);
  59         uint8_t i;
  60         for (i=0; i<8; ++i){
  61                 rndCore[i+offset] ^= s.h[i];
  62         }
  63         offset ^= 8; /* hehe */
  64 }
  65
  66 void getRandomBlock(uint32_t *b){
  67         sha256_ctx_t s;
  68         uint8_t offset=8;
  69
  70         sha256_init(&s);
  71         sha256_lastBlock(&s, rndCore, 512); /* remeber the byte order! */
  72         uint8_t i;
  73         for (i=0; i<8; ++i){
  74                 rndCore[i+offset] ^= s.h[i];
  75         }
  76         offset ^= 8; /* hehe */
  77         memcpy(b, s.h, 32); /* back up first hash in b */
  78         sha256_init(&s);
  79         sha256_lastBlock(&s, b, 256);
  80         memcpy(b, s.h, 32);
  81 }
  82
  83 /* this does some simple buffering */
  84 uint8_t getRandomByte(void){
  85         static uint8_t block[32];
  86         static uint8_t i=32;
  87
  88         if (i==32){
  89                 getRandomBlock((void*)block);
  90                 i=0;
  91         }
  92         return block[i++];
  93 }
  94
  95