static void stir_finish(uint8_t av) { size_t n; uint8_t tb[16]; arc4_stir_pid = getpid(); /* * Discard early keystream, as per recommendations in: * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps * "(Not So) Random Shuffles of RC4" by Ilya Mironov says to * drop at least 256 * 2 bytes, with 256 * 12 being suggested. * We also discard a randomly fuzzed amount. */ n = 256 * 12 + (arc4_getbyte() & 0x0FU) + (av & 0xF0U); av &= 0x0FU; while (n--) arc4_getbyte(); while (++n < sizeof(tb)) tb[n] = arc4_getbyte(); if (arc4_writeback(tb, sizeof(tb), 0)) arc4_getbyte(); while (av--) arc4_getbyte(); arc4_count = 1600000; }
static inline u_int32_t arc4_getword(void) { u_int32_t val; val = arc4_getbyte() << 24; val |= arc4_getbyte() << 16; val |= arc4_getbyte() << 8; val |= arc4_getbyte(); return val; }
static __inline__ u_int32_t arc4_getword(struct arc4_stream *as) { u_int32_t val; val = arc4_getbyte(as) << 24; val |= arc4_getbyte(as) << 16; val |= arc4_getbyte(as) << 8; val |= arc4_getbyte(as); return val; }
static uint32_t arc4_getword(void) { uint32_t val; val = (uint32_t)arc4_getbyte() << 24; val |= (uint32_t)arc4_getbyte() << 16; val |= (uint32_t)arc4_getbyte() << 8; val |= (uint32_t)arc4_getbyte(); return (val); }
static _HB_INLINE_ HB_U32 arc4_getword( void ) { HB_U32 val; val = arc4_getbyte() << 24; val |= arc4_getbyte() << 16; val |= arc4_getbyte() << 8; val |= arc4_getbyte(); return val; }
static inline unsigned int arc4_getword(struct arc4_stream *as) { unsigned int val; val = arc4_getbyte(as) << 24; val |= arc4_getbyte(as) << 16; val |= arc4_getbyte(as) << 8; val |= arc4_getbyte(as); return (val); }
static inline unsigned int arc4_getword(void) { unsigned int val; val = arc4_getbyte() << 24; val |= arc4_getbyte() << 16; val |= arc4_getbyte() << 8; val |= arc4_getbyte(); return val; }
int break_outguess(struct ogobj *og, struct arc4_stream *as, iterator *it, char **pbuf, int *pbuflen) { u_char state[4]; static u_char buf[512]; struct arc4_stream tas = *as; int length, seed, need; int bits, i, n; state[0] = steg_retrbyte(og->coeff, 8, it) ^ arc4_getbyte(as); state[1] = steg_retrbyte(og->coeff, 8, it) ^ arc4_getbyte(as); state[2] = steg_retrbyte(og->coeff, 8, it) ^ arc4_getbyte(as); state[3] = steg_retrbyte(og->coeff, 8, it) ^ arc4_getbyte(as); seed = (state[1] << 8) | state[0]; length = (state[3] << 8) | state[2]; if (seed > max_seed || length * 8 >= og->bits/2 || length < min_len) return (0); iterator_seed(it, seed); bits = MIN(og->bits, sizeof(og->coeff) * 8); n = 0; while (iterator_current(it) < bits && length > 0 && n < sizeof(buf)) { iterator_adapt(it, og->bits, length); buf[n++] = steg_retrbyte(og->coeff, 8, it); length--; } /* For testing the randomness, we need some extra information */ need = MIN(min_len, sizeof(buf)); if (n < need || !is_random(buf, n)) return (0); /* Plaintext tests? */ for (i = 0; i < n; i++) buf[i] ^= arc4_getbyte(&tas); if (file_process(buf, n) == 0) return (0); *pbuf = buf; *pbuflen = n; return (1); }
static void arc4_stir(void) { int i, fd; union { uint32_t tsc; u_int rnd[128 / sizeof(u_int)]; } rdat; int n; if (!rs_initialized) { arc4_init(); rs_initialized = 1; } /* * Get current performance monitor ticks. */ rdat.tsc = 0; #if 0 __asm__ __volatile__("mrc p15, 0, %0, c9, c13, 0":"=r"(rdat.tsc)); #endif arc4_addrandom((void *) &rdat, sizeof(rdat)); /* * Discard early keystream, as per recommendations in: * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps */ for (i = 0; i < 256; i++) (void) arc4_getbyte(); arc4_count = 1600000; }
static void arc4_stir(struct arc4_stream *as) { int fd, n; struct { struct timeval tv; pid_t pid; unsigned char rnd[128 - sizeof(struct timeval) - sizeof(pid_t)]; } rdat; gettimeofday(&rdat.tv, NULL); rdat.pid = getpid(); fd = open(RANDOMDEV, O_RDONLY, 0); if (fd >= 0) { n = read(fd, rdat.rnd, sizeof(rdat.rnd)); close(fd); } /* fd < 0? Ah, what the heck. We'll just take whatever was on the * stack... */ arc4_addrandom(as, (void *) &rdat, sizeof(rdat)); /* * Throw away the first N bytes of output, as suggested in the * paper "Weaknesses in the Key Scheduling Algorithm of RC4" * by Fluher, Mantin, and Shamir. N=1024 is based on * suggestions in the paper "(Not So) Random Shuffles of RC4" * by Ilya Mironov. */ for (n = 0; n < 1024; n++) (void) arc4_getbyte(as); arc4_count = 400000; }
/* * __arc4_getbyte() is a libc private function intended for use * with malloc. */ u_int8_t __arc4_getbyte(void) { if (--arc4_count == 0 || !rs_initialized) __arc4random_stir(); return arc4_getbyte(&rs); }
static void arc4_stir(void) { int i, mib[2]; size_t len; u_char rnd[128]; if (!rs_initialized) { arc4_init(); rs_initialized = 1; } mib[0] = CTL_KERN; mib[1] = KERN_ARND; len = sizeof(rnd); sysctl(mib, 2, rnd, &len, NULL, 0); arc4_addrandom(rnd, sizeof(rnd)); /* * Discard early keystream, as per recommendations in: * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps */ for (i = 0; i < 256; i++) (void)arc4_getbyte(); arc4_count = 1600000; }
static void arc4_stir(void) { int i; if (!rs_initialized) { arc4_init(); rs_initialized = 1; } arc4_seed(); /* * Discard early keystream, as per recommendations in * "Weaknesses in the Key Scheduling Algorithm of RC4" by * Scott Fluhrer, Itsik Mantin, and Adi Shamir. * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps * * Ilya Mironov's "(Not So) Random Shuffles of RC4" suggests that * we drop at least 2*256 bytes, with 12*256 as a conservative * value. * * RFC4345 says to drop 6*256. * * At least some versions of this code drop 4*256, in a mistaken * belief that "words" in the Fluhrer/Mantin/Shamir paper refers * to processor words. * * We add another sect to the cargo cult, and choose 12*256. */ for (i = 0; i < 12*256; i++) (void)arc4_getbyte(); arc4_count = BYTES_BEFORE_RESEED; }
static void arc4_stir(struct arc4_stream *as) { int fd; struct { struct timeval tv; unsigned int rnd[(128 - sizeof(struct timeval)) / sizeof(unsigned int)]; } rdat; int n; gettimeofday(&rdat.tv, NULL); fd = open("/dev/urandom", O_RDONLY); if (fd != -1) { n = read(fd, rdat.rnd, sizeof(rdat.rnd)); close(fd); } /* fd < 0? Ah, what the heck. We'll just take * whatever was on the stack... */ arc4_addrandom(as, (void *) &rdat, sizeof(rdat)); /* * Throw away the first N words of output, as suggested in the * paper "Weaknesses in the Key Scheduling Algorithm of RC4" * by Fluher, Mantin, and Shamir. (N = 256 in our case.) */ for (n = 0; n < 256 * 4; n++) arc4_getbyte(as); arc4_count = 1600000; }
void arc4_init( void ) { int i, fd; unsigned char j, si, dat[128]; if ((fd = open( "/dev/urandom", O_RDONLY )) < 0 && (fd = open( "/dev/random", O_RDONLY )) < 0) { error( "Fatal: no random number source available.\n" ); exit( 3 ); } if (read( fd, dat, 128 ) != 128) { error( "Fatal: cannot read random number source.\n" ); exit( 3 ); } close( fd ); for (i = 0; i < 256; i++) rs.s[i] = i; for (i = j = 0; i < 256; i++) { si = rs.s[i]; j += si + dat[i & 127]; rs.s[i] = rs.s[j]; rs.s[j] = si; } rs.i = rs.j = 0; for (i = 0; i < 256; i++) arc4_getbyte(); }
void arc4random_buf(void *_buf, size_t n) { uint8_t *buf = (uint8_t *)_buf; if (!rs_initialized || arc4_stir_pid != getpid()) arc4random_stir(); buf[0] = arc4_getbyte() % 3; while (buf[0]--) (void)arc4_getbyte(); while (n--) { if (--arc4_count <= 0) arc4_stir(); buf[n] = arc4_getbyte(); } }
static void arc4_stir(void) { #if 1 /* BIONIC-BEGIN */ int i, fd; union { struct timeval tv; u_int rnd[128 / sizeof(u_int)]; } rdat; int n; if (!rs_initialized) { arc4_init(); rs_initialized = 1; } fd = open("/dev/urandom", O_RDONLY); if (fd != -1) { read(fd, rdat.rnd, sizeof(rdat.rnd)); close(fd); } else { /* fd < 0 ? Ah, what the heck. We'll just take * whatever was on the stack. just add a little more * time-based randomness though */ gettimeofday(&rdat.tv, NULL); } arc4_stir_pid = getpid(); arc4_addrandom((void *) &rdat, sizeof(rdat)); #else /* BIONIC-END */ int i, mib[2]; size_t len; u_char rnd[128]; if (!rs_initialized) { arc4_init(); rs_initialized = 1; } mib[0] = CTL_KERN; mib[1] = KERN_ARND; len = sizeof(rnd); sysctl(mib, 2, rnd, &len, NULL, 0); arc4_stir_pid = getpid(); arc4_addrandom(rnd, sizeof(rnd)); #endif /* * Discard early keystream, as per recommendations in: * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps */ for (i = 0; i < 256; i++) (void)arc4_getbyte(); arc4_count = 1600000; }
uint32_t arc4random_pushb(const void *src, size_t len) { size_t rlen; union { uint8_t buf[256]; struct { struct timeval tv; const void *sp, *dp; size_t sz; uint32_t vu; } s; uint32_t xbuf; } idat; uint32_t res = 1; if (!rs_initialized) { arc4_init(); rs_initialized = 1; } idat.s.sp = &idat; idat.s.dp = src; idat.s.sz = len; idat.s.vu = arc4_getword(); gettimeofday(&idat.s.tv, NULL); rlen = MAX(sizeof(idat.s), len); while (rlen--) idat.buf[rlen % sizeof(idat.buf)] ^= ((const uint8_t *)src)[rlen % len]; rlen = MIN(sizeof(idat), MAX(sizeof(idat.s), len)); if (arc4_writeback((void *)&idat, rlen, 1)) res = 0; arc4_addrandom((void *)&idat, rlen); rlen = arc4_getbyte() & 1; if (res) res = idat.xbuf; else /* we got entropy from the kernel, so consider us stirred */ stir_finish(idat.buf[5]); if (rlen) (void)arc4_getbyte(); return (res ^ arc4_getword()); }
u_int8_t __arc4_getbyte(void) { u_int8_t val; if (--arc4_count == 0 || !rs_initialized) arc4_stir(); val = arc4_getbyte(); return val; }
void arc4random_buf(void *_buf, size_t n) { u_char *buf = (u_char *) _buf; if (!rs_initialized) arc4_stir(); while (n--) { if (--arc4_count <= 0) arc4_stir(); buf[n] = arc4_getbyte(); } }
void arc4random_buf(void *_buf, size_t n) { u_char *buf = (u_char *)_buf; _ARC4_LOCK(); arc4_stir_if_needed(); while (n--) { if (--arc4_count <= 0) arc4_stir(); buf[n] = arc4_getbyte(); } _ARC4_UNLOCK(); }
ARC4RANDOM_EXPORT void arc4random_buf(void *_buf, size_t n) { unsigned char *buf = _buf; _ARC4_LOCK(); arc4_stir_if_needed(); while (n--) { if (--arc4_count <= 0) arc4_stir(); buf[n] = arc4_getbyte(); } _ARC4_UNLOCK(); }
void arc4random_buf(void *_buf, size_t n) { u_char *buf = (u_char *)_buf; _ARC4_LOCK(); if (!rs_initialized || arc4_stir_pid != getpid()) arc4_stir(); while (n--) { if (--arc4_count <= 0) arc4_stir(); buf[n] = arc4_getbyte(); } _ARC4_UNLOCK(); }
void arc4random_buf(void *_buf, size_t n) { u_char *buf = (u_char *)_buf; THREAD_LOCK(); arc4_check_init(); while (n--) { arc4_check_stir(); buf[n] = arc4_getbyte(); arc4_count--; } THREAD_UNLOCK(); }
/* * Calculate a uniformly distributed random number less than * upper_bound avoiding "modulo bias". * * Uniformity is achieved by generating new random numbers * until the one returned is outside the range * [0, 2^32 % upper_bound[. This guarantees the selected * random number will be inside the range * [2^32 % upper_bound, 2^32[ which maps back to * [0, upper_bound[ after reduction modulo upper_bound. */ uint32_t arc4random_uniform(uint32_t upper_bound) { uint32_t r, min; if (upper_bound < 2) return (0); #if defined(ULONG_MAX) && (ULONG_MAX > 0xFFFFFFFFUL) min = 0x100000000UL % upper_bound; #else /* calculate (2^32 % upper_bound) avoiding 64-bit math */ if (upper_bound > 0x80000000U) /* 2^32 - upper_bound (only one "value area") */ min = 1 + ~upper_bound; else /* ((2^32 - x) % x) == (2^32 % x) when x <= 2^31 */ min = (0xFFFFFFFFU - upper_bound + 1) % upper_bound; #endif /* * This could theoretically loop forever but each retry has * p > 0.5 (worst case, usually far better) of selecting a * number inside the range we need, so it should rarely need * to re-roll (at all). */ arc4_count -= 4; if (!rs_initialized || arc4_stir_pid != getpid() || arc4_count <= 0) arc4random_stir(); if (arc4_getbyte() & 1) (void)arc4_getbyte(); do { r = arc4_getword(); } while (r < min); return (r % upper_bound); }
static void arc4_stir(struct arc4_stream *as) { int fd; struct { struct timeval tv; uint rnd[(128 - sizeof(struct timeval)) / sizeof(uint)]; } rdat; int n; gettimeofday(&rdat.tv, NULL); fd = open("/dev/urandom", O_RDONLY); if (fd != -1) { read(fd, rdat.rnd, sizeof(rdat.rnd)); close(fd); } #ifdef __ARC4RANDOM_USE_ERANDOM__ else { int mib[3]; uint i; size_t len; /* Device could not be opened, we might be chrooted, take * randomness from sysctl. */ mib[0] = CTL_KERN; mib[1] = KERN_RANDOM; mib[2] = RANDOM_ERANDOM; for (i = 0; i < sizeof(rdat.rnd) / sizeof(uint); i++) { len = sizeof(uint); if (sysctl(mib, 3, &rdat.rnd[i], &len, NULL, 0) == -1) break; } } #endif arc4_addrandom(as, (void *) &rdat, sizeof(rdat)); /* * Throw away the first N words of output, as suggested in the * paper "Weaknesses in the Key Scheduling Algorithm of RC4" * by Fluher, Mantin, and Shamir. * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps * N = 256 in our case. */ for (n = 0; n < 256 * 4; n++) arc4_getbyte(as); }
static void arc4_atexit(void) { struct { pid_t spid; int cnt; uint8_t carr[240]; } buf; int i = 0; while (i < 240) buf.carr[i++] = arc4_getbyte(); buf.spid = arc4_stir_pid; buf.cnt = arc4_count; arc4_writeback((uint8_t *)&buf, sizeof(buf), 0); }
void hb_arc4random_buf( void * _buf, HB_SIZE n ) { HB_U8 * buf = ( HB_U8 * ) _buf; ARC4_LOCK(); arc4_stir_if_needed(); while( n-- ) { if( --arc4_count <= 0 ) arc4_stir(); buf[ n ] = arc4_getbyte(); } ARC4_UNLOCK(); }
void iterator_init(iterator *iter, struct arc4_stream *as) { int i; char derive[16]; iter->skipmod = INIT_SKIPMOD; iter->as = *as; /* Put the PRNG in different state, using key dependant data * provided by the PRNG itself. */ for (i = 0; i < sizeof(derive); i++) derive[i] = arc4_getbyte(&iter->as); arc4_addrandom(&iter->as, derive, sizeof(derive)); iter->off = arc4_getword(&iter->as) % iter->skipmod; }
static void arc4_stir(void) { int done, fd, i; struct { struct timeval tv; pid_t pid; u_char rnd[KEYSIZE]; } rdat; if (!rs_initialized) { arc4_init(); rs_initialized = 1; } done = 0; if (arc4_sysctl((u_char *)&rdat, KEYSIZE) == KEYSIZE) done = 1; if (!done) { fd = _open(RANDOMDEV, O_RDONLY | O_CLOEXEC, 0); if (fd >= 0) { if (_read(fd, &rdat, KEYSIZE) == KEYSIZE) done = 1; (void)_close(fd); } } if (!done) { (void)gettimeofday(&rdat.tv, NULL); rdat.pid = getpid(); /* We'll just take whatever was on the stack too... */ } arc4_addrandom((u_char *)&rdat, KEYSIZE); /* * Discard early keystream, as per recommendations in: * "(Not So) Random Shuffles of RC4" by Ilya Mironov. */ for (i = 0; i < 1024; i++) (void)arc4_getbyte(); arc4_count = 1600000; }