--- /dev/null
+/* Copyright (c) 1998,2011,2014 Apple Inc. All Rights Reserved.
+ *
+ * NOTICE: USE OF THE MATERIALS ACCOMPANYING THIS NOTICE IS SUBJECT
+ * TO THE TERMS OF THE SIGNED "FAST ELLIPTIC ENCRYPTION (FEE) REFERENCE
+ * SOURCE CODE EVALUATION AGREEMENT" BETWEEN APPLE, INC. AND THE
+ * ORIGINAL LICENSEE THAT OBTAINED THESE MATERIALS FROM APPLE,
+ * INC. ANY USE OF THESE MATERIALS NOT PERMITTED BY SUCH AGREEMENT WILL
+ * EXPOSE YOU TO LIABILITY.
+ ***************************************************************************
+ *
+ * FeeRandom.c - generic, portable random number generator object
+ *
+ * Revision History
+ * ----------------
+ * 10/06/98 ap
+ * Changed to compile with C++.
+ * 19 Jun 97 at Apple
+ * Eliminated predictability of bytes 4 thru 15 of random data
+ * 18 Jun 97 at Apple
+ * Reduced size of per-instance giants from 128 to 32 shorts
+ * 23 Aug 96 at NeXT
+ * Created, based on Blaine Garst's NSRandomNumberGenerator class
+ */
+
+#include "feeRandom.h"
+#include "giantIntegers.h"
+#include "elliptic.h"
+#include "falloc.h"
+#include "feeDebug.h"
+#include "byteRep.h"
+#include <stdlib.h>
+#include "platform.h"
+
+/*
+ * 1 ==> do extra nextNum on feeRandAllocWithSeed()
+ */
+#define EXTRA_NEXT_NUM 0
+
+#define RANDBITS 128 /* must be 0 mod GIANT_BITS_PER_DIGIT */
+#define RAND_GIANT_DIGITS (RANDBITS/GIANT_BITS_PER_DIGIT)
+
+typedef struct {
+ giant A;
+ giant C;
+ giant SEED;
+ giant x;
+} randInst;
+
+#if GIANTS_VIA_STACK
+
+/*
+ * Prime the curveParams and giants modules for quick allocs of giants.
+ */
+static int giantsInitd = 0;
+
+static void feeRandInitGiants()
+{
+ if(giantsInitd) {
+ return;
+ }
+ curveParamsInitGiants();
+ giantsInitd = 1;
+}
+#endif
+
+static void pmod(giant x, int bits) {
+ /* Force x to be x (mod 2^bits). */
+ int j;
+ int digits = bits / GIANT_BITS_PER_DIGIT;
+
+ for(j = (digits-1); j >= 0; j--) {
+ if(x->n[j] != 0) break;
+ }
+ x->sign = j+1;
+}
+
+
+feeRand feeRandAllocWithSeed(unsigned seed)
+{
+ randInst *rinst = (randInst *) fmalloc(sizeof(randInst));
+ int digits = RAND_GIANT_DIGITS * 4;
+ unsigned j;
+
+ #if GIANTS_VIA_STACK
+ feeRandInitGiants();
+ #endif
+ rinst->SEED = newGiant(digits);
+ rinst->C = newGiant(digits);
+ rinst->A = newGiant(digits);
+ rinst->x = newGiant(digits);
+ rinst->C->sign = rinst->A->sign = rinst->SEED->sign = RAND_GIANT_DIGITS;
+ for(j=0; j<RAND_GIANT_DIGITS; j++) {
+ rinst->C->n[j] = (giantDigit)(seed + 0xdddddddd - j);
+ rinst->A->n[j] = (giantDigit)(seed + 0xfff12223 + j);
+ rinst->SEED->n[j] = (giantDigit)(seed + j);
+ }
+
+ /*
+ * on the first feeRandBytes or feeRandNextNum, bytes 4 and 5 of
+ * the result are duplicated 4.5 times (up to byte 15). Subsequent
+ * data is indeed random. Thus...
+ */
+ #if EXTRA_NEXT_NUM
+ feeRandNextNum(rinst);
+ #endif // EXTRA_NEXT_NUM
+ return rinst;
+}
+
+feeRand feeRandAlloc(void)
+{
+ return feeRandAllocWithSeed(createRandomSeed());
+}
+
+void feeRandFree(feeRand frand)
+{
+ randInst *rinst = (randInst *) frand;
+
+ clearGiant(rinst->A);
+ freeGiant(rinst->A);
+ clearGiant(rinst->C);
+ freeGiant(rinst->C);
+ clearGiant(rinst->SEED);
+ freeGiant(rinst->SEED);
+ clearGiant(rinst->x);
+ freeGiant(rinst->x);
+ ffree(rinst);
+}
+
+unsigned feeRandNextNum(feeRand frand)
+{
+ randInst *rinst = (randInst *) frand;
+ unsigned rtn;
+
+ mulg(rinst->A, rinst->SEED);
+ addg(rinst->C, rinst->SEED);
+ pmod(rinst->SEED, RANDBITS);
+ gtog(rinst->SEED, rinst->x);
+
+ /*
+ * FIXME - this is not quite correct; rinst->x only has 4 bytes
+ * of valid data if RANDBITS is known to be greater than or equal
+ * to 32.
+ */
+ rtn = byteRepToInt((unsigned char *)&rinst->x->n);
+ return rtn;
+}
+
+void feeRandBytes(feeRand frand,
+ unsigned char *bytes, /* must be alloc'd by caller */
+ unsigned numBytes)
+{
+ randInst *rinst = (randInst *) frand;
+ int length;
+ unsigned toCopy;
+ unsigned char *cp = bytes;
+
+ for (length = numBytes; length > 0; length -= RANDBITS/8) {
+ mulg(rinst->A, rinst->SEED);
+ addg(rinst->C, rinst->SEED);
+ pmod(rinst->SEED, RANDBITS);
+ gtog(rinst->SEED, rinst->x);
+
+ toCopy = RANDBITS/8;
+ if(length < toCopy) {
+ toCopy = length;
+ }
+
+ /*
+ * FIXME - not 100% platform independent....
+ */
+ bcopy(rinst->x->n, cp, toCopy);
+ cp += toCopy;
+ }
+}
+
+/* new function, 5 March 1999 - dmitch */
+void feeRandAddEntropy(feeRand frand, unsigned entropy)
+{
+ randInst *rinst = (randInst *) frand;
+ giant tmp = borrowGiant(RAND_GIANT_DIGITS);
+ unsigned i;
+
+ if(entropy == 0) {
+ /* boy would that be a mistake */
+ entropy = 0x12345;
+ }
+ for(i=0; i<RAND_GIANT_DIGITS; i++) {
+ tmp->n[i] = (giantDigit)entropy;
+ }
+ tmp->sign = RAND_GIANT_DIGITS;
+ mulg(tmp, rinst->SEED);
+ addg(rinst->C, rinst->SEED);
+ pmod(rinst->SEED, RANDBITS);
+ entropy ^= 0xff0ff0ff;
+ if(entropy == 0) {
+ entropy = 0x12345;
+ }
+ for(i=0; i<RAND_GIANT_DIGITS; i++) {
+ tmp->n[i] = (giantDigit)entropy;
+ }
+ mulg(tmp, rinst->A);
+ addg(rinst->C, rinst->A);
+ pmod(rinst->A, RANDBITS);
+ /* leave C alone */
+ returnGiant(tmp);
+}
projects / apple / security.git / blobdiff