/*
 * Copyright (c) 1995, 1996, 1997, 1999 Kungliga Tekniska H�gskolan
 * (Royal Institute of Technology, Stockholm, Sweden).
 * All rights reserved.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 
 * 3. Neither the name of the Institute nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 * 
 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#ifdef HAVE_CONFIG_H
#include "config.h"

RCSID("$Id: rnd_keys.c 17445 2006-05-05 10:37:46Z lha $");
#endif

#ifdef KRB5
#include <krb5-types.h>
#endif
#include <des.h>

#include <stdlib.h>
#include <string.h>

#ifdef TIME_WITH_SYS_TIME
#include <sys/time.h>
#include <time.h>
#elif defined(HAVE_SYS_TIME_H)
#include <sys/time.h>
#else
#include <time.h>
#endif

#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif

#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
#ifdef HAVE_IO_H
#include <io.h>
#endif

#ifdef HAVE_SIGNAL_H
#include <signal.h>
#endif
#ifdef HAVE_FCNTL_H
#include <fcntl.h>
#endif

/*
 * Generate "random" data by checksumming a file.
 *
 * Returns -1 if there were any problems with permissions or I/O
 * errors.
 */
static
int
sumFile (const char *name, int len, void *res)
{
  uint32_t sum[2] = { 0, 0 };
  uint32_t buf[1024*2];
  int fd, i;

  fd = open (name, 0);
  if (fd < 0)
    return -1;

  while (len > 0)
    {
      int n = read(fd, buf, sizeof(buf));
      if (n < 0)
	{
	  close(fd);
	  return n;
	}
      for (i = 0; i < (n/sizeof(buf[0])); i++)
	{
	  sum[0] += buf[i];
	  i++;
	  sum[1] += buf[i];
	}
      len -= n;
    }
  close (fd);
  memcpy (res, &sum, sizeof(sum));
  return 0;
}

#if 0
static
int
md5sumFile (const char *name, int len, int32_t sum[4])
{
  int32_t buf[1024*2];
  int fd, cnt;
  struct md5 md5;

  fd = open (name, 0);
  if (fd < 0)
    return -1;

  md5_init(&md5);
  while (len > 0)
    {
      int n = read(fd, buf, sizeof(buf));
      if (n < 0)
	{
	  close(fd);
	  return n;
	}
      md5_update(&md5, buf, n);
      len -= n;
    }
  md5_finito(&md5, (unsigned char *)sum);
  close (fd);
  return 0;
}
#endif

/*
 * Create a sequence of random 64 bit blocks.
 * The sequence is indexed with a long long and 
 * based on an initial des key used as a seed.
 */
static DES_key_schedule sequence_seed;
static uint32_t sequence_index[2];

/* 
 * Random number generator based on ideas from truerand in cryptolib
 * as described on page 424 in Applied Cryptography 2 ed. by Bruce
 * Schneier.
 */

static volatile int counter;
static volatile unsigned char *gdata; /* Global data */
static volatile int igdata;	/* Index into global data */
static int gsize;

#if !defined(WIN32) && !defined(__EMX__) && !defined(__OS2__) && !defined(__CYGWIN32__)
/* Visual C++ 4.0 (Windows95/NT) */

static
RETSIGTYPE
sigALRM(int sig)
{
    if (igdata < gsize)
	gdata[igdata++] ^= counter & 0xff;

#ifndef HAVE_SIGACTION
    signal(SIGALRM, sigALRM); /* Reinstall SysV signal handler */
#endif
    SIGRETURN(0);
}

#endif

#if !defined(HAVE_RANDOM) && defined(HAVE_RAND)
#ifndef srandom
#define srandom srand
#endif
#ifndef random
#define random rand
#endif
#endif

#if !defined(HAVE_SETITIMER) || defined(WIN32) || defined(__EMX__) || defined(__OS2__) || defined(__CYGWIN32__)
static void
des_not_rand_data(unsigned char *data, int size)
{
  int i;

  srandom (time (NULL));

  for(i = 0; i < size; ++i)
    data[i] ^= random() % 0x100;
}
#endif

#if !defined(WIN32) && !defined(__EMX__) && !defined(__OS2__) && !defined(__CYGWIN32__)

#ifndef HAVE_SETITIMER
static void
pacemaker(struct timeval *tv)
{
    fd_set fds;
    pid_t pid;
    pid = getppid();
    while(1){
	FD_ZERO(&fds);
	FD_SET(0, &fds);
	select(1, &fds, NULL, NULL, tv);
	kill(pid, SIGALRM);
    }
}
#endif

#ifdef HAVE_SIGACTION
/* XXX ugly hack, should perhaps use function from roken */
static RETSIGTYPE 
(*fake_signal(int sig, RETSIGTYPE (*f)(int)))(int)
{
    struct sigaction sa, osa;
    sa.sa_handler = f;
    sa.sa_flags = 0;
    sigemptyset(&sa.sa_mask);
    sigaction(sig, &sa, &osa);
    return osa.sa_handler;
}
#define signal(S, F) fake_signal((S), (F))
#endif

/*
 * Generate size bytes of "random" data using timed interrupts.
 * It takes about 40ms/byte random data.
 * It's not neccessary to be root to run it.
 */
void
DES_rand_data(void *outdata, int size)
{
    unsigned char *data = outdata;
    struct itimerval tv, otv;
    RETSIGTYPE (*osa)(int);
    int i, j;
#ifndef HAVE_SETITIMER 
    RETSIGTYPE (*ochld)(int);
    pid_t pid;
#endif
    const char *rnd_devices[] = {"/dev/random",
			   "/dev/srandom",
			   "/dev/urandom",
			   "/dev/arandom",
			   NULL};
    const char **p;

    for(p = rnd_devices; *p; p++) {
      int fd = open(*p, O_RDONLY | O_NDELAY);
      
      if(fd >= 0 && read(fd, data, size) == size) {
	close(fd);
	return;
      }
      close(fd);
    }

    /* Paranoia? Initialize data from /dev/mem if we can read it. */
    if (size >= 8)
      sumFile("/dev/mem", (1024*1024*2), data);

    gdata = data;
    gsize = size;
    igdata = 0;

    osa = signal(SIGALRM, sigALRM);
  
    /* Start timer */
    tv.it_value.tv_sec = 0;
    tv.it_value.tv_usec = 10 * 1000; /* 10 ms */
    tv.it_interval = tv.it_value;
#ifdef HAVE_SETITIMER
    setitimer(ITIMER_REAL, &tv, &otv);
#else
    ochld = signal(SIGCHLD, SIG_IGN);
    pid = fork();
    if(pid == -1){
	signal(SIGCHLD, ochld != SIG_ERR ? ochld : SIG_DFL);
	des_not_rand_data(data, size);
	return;
    }
    if(pid == 0)
	pacemaker(&tv.it_interval);
#endif

    for(i = 0; i < 4; i++) {
	for (igdata = 0; igdata < size;) /* igdata++ in sigALRM */
	    counter++;
	for (j = 0; j < size; j++) /* Only use 2 bits each lap */
	    gdata[j] = (gdata[j]>>2) | (gdata[j]<<6);
    }
#ifdef HAVE_SETITIMER
    setitimer(ITIMER_REAL, &otv, 0);
#else
    kill(pid, SIGKILL);
    while(waitpid(pid, NULL, 0) != pid);
    signal(SIGCHLD, ochld != SIG_ERR ? ochld : SIG_DFL);
#endif
    signal(SIGALRM, osa != SIG_ERR ? osa : SIG_DFL);
}
#else
void
DES_rand_data(unsigned char *p, int s)
{
  des_not_rand_data (p, s);
}
#endif

void
DES_generate_random_block(DES_cblock *block)
{
  DES_rand_data((unsigned char *)block, sizeof(*block));
}

#define DES_rand_data_key hc_DES_rand_data_key

void
DES_rand_data_key(DES_cblock *key);

/*
 * Generate a "random" DES key.
 */
void
DES_rand_data_key(DES_cblock *key)
{
    unsigned char data[8];
    DES_key_schedule sched;
    do {
	DES_rand_data(data, sizeof(data));
	DES_rand_data((unsigned char*)key, sizeof(DES_cblock));
	DES_set_odd_parity(key);
	DES_set_key(key, &sched);
	DES_ecb_encrypt(&data, key, &sched, DES_ENCRYPT);
	memset(&data, 0, sizeof(data));
	memset(&sched, 0, sizeof(sched));
	DES_set_odd_parity(key);
    } while(DES_is_weak_key(key));
}

/*
 * Generate "random" data by checksumming /dev/mem
 *
 * It's neccessary to be root to run it. Returns -1 if there were any
 * problems with permissions.
 */

#define DES_mem_rand8 hc_DES_mem_rand8

int
DES_mem_rand8(unsigned char *data);

int
DES_mem_rand8(unsigned char *data)
{
  return 1;
}

/*
 * In case the generator does not get initialized use this as fallback.
 */
static int initialized;

static void
do_initialize(void)
{
    DES_cblock default_seed;
    do {
	DES_generate_random_block(&default_seed);
	DES_set_odd_parity(&default_seed);
    } while (DES_is_weak_key(&default_seed));
    DES_init_random_number_generator(&default_seed);
}

#define zero_long_long(ll) do { ll[0] = ll[1] = 0; } while (0)

#define incr_long_long(ll) do { if (++ll[0] == 0) ++ll[1]; } while (0)

#define set_sequence_number(ll) \
memcpy((char *)sequence_index, (ll), sizeof(sequence_index));

/*
 * Set the sequnce number to this value (a long long).
 */
void
DES_set_sequence_number(void *ll)
{
    set_sequence_number(ll);
}

/*
 * Set the generator seed and reset the sequence number to 0.
 */
void
DES_set_random_generator_seed(DES_cblock *seed)
{
    DES_set_key(seed, &sequence_seed);
    zero_long_long(sequence_index);
    initialized = 1;
}

/*
 * Generate a sequence of random des keys
 * using the random block sequence, fixup
 * parity and skip weak keys.
 */
int
DES_new_random_key(DES_cblock *key)
{
    if (!initialized)
	do_initialize();

    do {
	DES_ecb_encrypt((DES_cblock *) sequence_index,
			key,
			&sequence_seed,
			DES_ENCRYPT);
	incr_long_long(sequence_index);
	/* random key must have odd parity and not be weak */
	DES_set_odd_parity(key);
    } while (DES_is_weak_key(key));
    return(0);
}

/*
 * des_init_random_number_generator:
 *
 * Initialize the sequence of random 64 bit blocks.  The input seed
 * can be a secret key since it should be well hidden and is also not
 * kept.
 *
 */
void 
DES_init_random_number_generator(DES_cblock *seed)
{
    struct timeval now;
    DES_cblock uniq;
    DES_cblock new_key;

    gettimeofday(&now, (struct timezone *)0);
    DES_generate_random_block(&uniq);

    /* Pick a unique random key from the shared sequence. */
    DES_set_random_generator_seed(seed);
    set_sequence_number((unsigned char *)&uniq);
    DES_new_random_key(&new_key);

    /* Select a new nonshared sequence, */
    DES_set_random_generator_seed(&new_key);

    /* and use the current time to pick a key for the new sequence. */
    set_sequence_number((unsigned char *)&now);
    DES_new_random_key(&new_key);
    DES_set_random_generator_seed(&new_key);
}

/* This is for backwards compatibility. */
void
DES_random_key(DES_cblock *ret)
{
    DES_new_random_key(ret);
}

#ifdef TESTRUN
int
main()
{
    unsigned char data[8];
    int i;

    while (1)
        {
	    if (sumFile("/dev/mem", (1024*1024*8), data) != 0)
	      { perror("sumFile"); exit(1); }
            for (i = 0; i < 8; i++)
                printf("%02x", data[i]);
            printf("\n");
        }
}
#endif

#ifdef TESTRUN2
int
main()
{
    DES_cblock data;
    int i;

    while (1)
        {
	    do_initialize();
            DES_random_key(data);
            for (i = 0; i < 8; i++)
                printf("%02x", data[i]);
            printf("\n");
        }
}
#endif