/*
* Add as much environmentally-derived random noise as possible
* to the randPool. Typically, this involves reading the most
* accurate system clocks available.
*
* Returns the number of ticks that have passed since the last call,
* for entropy estimation purposes.
*/
PGPUInt32
ranGetEntropy(PGPRandomContext const *rc)
{
PGPUInt32 delta;
PGPUInt32 d1; /* MSW of difference */
PGPUInt32 t[2]; /* little-endian 64-bit timer */
static PGPUInt32 prevt[2];
SYS$GETTIM(t); /* VMS hardware clock increments by 100000 per tick */
pgpRandomAddBytes(rc, (PGPByte const *)t, sizeof(t));
/* Get difference in d1 and delta, and old time in prevt */
d1 = t[1] - prevt[1] + (t[0] < prevt[0]);
prevt[1] = t[1];
delta = t[0] - prevt[0];
prevt[0] = t[0];
/* Now, divide the 64-bit value by 100000 = 2^5 * 5^5 = 32 * 3125 */
/* Divide value, MSW in d1 and LSW in delta, by 32 */
delta >>= 5;
delta |= d1 << (32-5);
d1 >>= 5;
/*
* Divide by 3125. This fits into 16 bits, so the following
* code is possible. 2^32 = 3125 * 1374389 + 1671.
*
* This code has confused people reading it, so here's a detailed
* explanation. First, since we only want a 32-bit result,
* reduce the input mod 3125 * 2^32 before starting. This
* amounts to reducing the most significant word mod 3125 and
* leaving the least-significant word alone.
*
* Then, using / for mathematical (real, not integer) division, we
* want to compute floor((d1 * 2^32 + d0) / 3125), which I'll denote
* using the old [ ] syntax for floor, so it's
* [ (d1 * 2^32 + d0) / 3125 ]
* = [ (d1 * (3125 * 1374389 + 1671) + d0) / 3125 ]
* = [ d1 * 1374389 + (d1 * 1671 + d0) / 3125 ]
* = d1 * 137438 + [ (d1 * 1671 + d0) / 3125 ]
* = d1 * 137438 + [ d0 / 3125 ] + [ (d1 * 1671 + d0 % 3125) / 3125 ]
*
* The C / operator, applied to integers, performs [ a / b ], so
* this can be implemented in C, and since d1 < 3125 (by the first
* modulo operation), d1 * 1671 + d0 % 3125 < 3125 * 1672, which
* is 5225000, less than 2^32, so it all fits into 32 bits.
*/
d1 %= 3125; /* Ignore overflow past 32 bits */
delta = delta/3125 + d1*1374389 + (delta%3125 + d1*1671) / 3125;
return delta;
}
/*
* Add as much environmentally-derived random noise as possible
* to the randPool. Typically, this involves reading the most
* accurate system clocks available.
*
* Returns the number of ticks that have passed since the last call,
* for entropy estimation purposes.
*/
word32
noise(void)
{
word32 delta;
#if defined(MSDOS)
static unsigned deltamask = 0;
static unsigned prevt;
unsigned t;
time_t tnow;
clock_t cnow;
if (deltamask == 0)
deltamask = has8254() ? 0xffff : 0x7fff;
t = (deltamask & 0x8000) ? read8254() : read8253();
randPoolAddBytes((byte const *)&t, sizeof(t));
delta = deltamask & (t - prevt);
prevt = t;
/* Add more-significant time components. */
cnow = clock();
randPoolAddBytes((byte *)&cnow, sizeof(cnow));
tnow = time((time_t *)0);
randPoolAddBytes((byte *)&tnow, sizeof(tnow));
/* END OF DOS */
#elif defined(VMS)
word32 t[2]; /* little-endian 64-bit timer */
word32 d1; /* MSW of difference */
static word32 prevt[2];
SYS$GETTIM(t); /* VMS hardware clock increments by 100000 per tick */
randPoolAddBytes((byte const *)t, sizeof(t));
/* Get difference in d1 and delta, and old time in prevt */
d1 = t[1] - prevt[1] + (t[0] < prevt[0]);
prevt[1] = t[1];
delta = t[0] - prevt[0];
prevt[0] = t[0];
/* Now, divide the 64-bit value by 100000 = 2^5 * 5^5 = 32 * 3125 */
/* Divide value, MSW in d1 and LSW in delta, by 32 */
delta >>= 5;
delta |= d1 << (32-5);
d1 >>= 5;
/*
* Divide by 3125. This fits into 16 bits, so the following
* code is possible. 2^32 = 3125 * 1374389 + 1671.
*
* This code has confused people reading it, so here's a detailed
* explanation. First, since we only want a 32-bit result,
* reduce the input mod 3125 * 2^32 before starting. This
* amounts to reducing the most significant word mod 3125 and
* leaving the least-significant word alone.
*
* Then, using / for mathematical (real, not integer) division, we
* want to compute floor(d1 * 2^32 + d0) / 3125), which I'll denote
* using the old [ ] syntax for floor, so it's
* [ (d1 * 2^32 + d0) / 3125 ]
* = [ (d1 * (3125 * 1374389 + 1671) + d0) / 3125 ]
* = [ d1 * 1374389 + (d1 * 1671 + d0) / 3125 ]
* = d1 * 137438 + [ (d1 * 1671 + d0) / 3125 ]
* = d1 * 137438 + [ d0 / 3125 ] + [ (d1 * 1671 + d0 % 3125) / 3125 ]
*
* The C / operator, applied to integers, performs [ a / b ], so
* this can be implemented in C, and since d1 < 3125 (by the first
* modulo operation), d1 * 1671 + d0 % 3125 < 3125 * 1672, which
* is 5225000, less than 2^32, so it all fits into 32 bits.
*/
d1 %= 3125; /* Ignore overflow past 32 bits */
delta = delta/3125 + d1*1374389 + (delta%3125 + d1*1671) / 3125;
/* END OF VMS */
#elif defined(UNIX)
timetype t;
static unsigned ticksize = 0;
static timetype prevt;
gettime(&t);
#if CHOICE_GETITIMER
/* If itimer isn't started, start it */
if (t.it_value.tv_sec == 0 && t.it_value.tv_usec == 0) {
/*
* start the timer - assume that PGP won't be running for
* more than 11 days, 13 hours, 46 minutes and 40 seconds.
*/
t.it_value.tv_sec = 1000000;
t.it_interval.tv_sec = 1000000;
t.it_interval.tv_usec = 0;
signal(SIGALRM, SIG_IGN); /* just in case.. */
setitimer(ITIMER_REAL, &t, NULL);
t.it_value.tv_sec = 0;
}
randPoolAddBytes((byte const *)&t.it_value, sizeof(t.it_value));
#else
randPoolAddBytes((byte const *)&t, sizeof(t));
#endif
if (!ticksize)
ticksize = noiseTickSize();
delta = (word32)(tickdiff(t, prevt) / ticksize);
prevt = t;
/* END OF UNIX */
#else
#error Unknown OS - define UNIX or MSDOS or add code for high-resolution timers
#endif
return delta;
}