Crypto++ 8.2
Free C&
rng.cpp
1// rng.cpp - originally written and placed in the public domain by Wei Dai
2
3#include "pch.h"
4
5#include "rng.h"
6#include "fips140.h"
7
8#include <time.h>
9#include <math.h>
10
11NAMESPACE_BEGIN(CryptoPP)
12
13// linear congruential generator
14// originally by William S. England
15
16// do not use for cryptographic purposes
17
18/*
19** Original_numbers are the original published m and q in the
20** ACM article above. John Burton has furnished numbers for
21** a reportedly better generator. The new numbers are now
22** used in this program by default.
23*/
24
25#ifndef LCRNG_ORIGINAL_NUMBERS
26const word32 LC_RNG::m=2147483647L;
27const word32 LC_RNG::q=44488L;
28
29const word16 LC_RNG::a=(unsigned int)48271L;
30const word16 LC_RNG::r=3399;
31#else
32const word32 LC_RNG::m=2147483647L;
33const word32 LC_RNG::q=127773L;
34
35const word16 LC_RNG::a=16807;
36const word16 LC_RNG::r=2836;
37#endif
38
39void LC_RNG::GenerateBlock(byte *output, size_t size)
40{
41 while (size--)
42 {
43 word32 hi = seed/q;
44 word32 lo = seed%q;
45
46 long test = a*lo - r*hi;
47
48 if (test > 0)
49 seed = test;
50 else
51 seed = test+ m;
52
53 *output++ = byte((GETBYTE(seed, 0) ^ GETBYTE(seed, 1) ^ GETBYTE(seed, 2) ^ GETBYTE(seed, 3)));
54 }
55}
56
57// ********************************************************
58
59#ifndef CRYPTOPP_IMPORTS
60
61X917RNG::X917RNG(BlockTransformation *c, const byte *seed, const byte *deterministicTimeVector)
62 : m_cipher(c),
63 m_size(m_cipher->BlockSize()),
64 m_datetime(m_size),
65 m_randseed(seed, m_size),
66 m_lastBlock(m_size),
67 m_deterministicTimeVector(deterministicTimeVector, deterministicTimeVector ? m_size : 0)
68{
69 // Valgrind finding, http://github.com/weidai11/cryptopp/issues/105
70 // Garbage in the tail creates a non-conforming X9.17 or X9.31 generator.
71 if (m_size > 8)
72 {
73 memset(m_datetime, 0x00, m_size);
74 memset(m_lastBlock, 0x00, m_size);
75 }
76
77 if (!deterministicTimeVector)
78 {
79 time_t tstamp1 = ::time(NULLPTR);
80 xorbuf(m_datetime, (byte *)&tstamp1, UnsignedMin(sizeof(tstamp1), m_size));
81 m_cipher->ProcessBlock(m_datetime);
82 clock_t tstamp2 = clock();
83 xorbuf(m_datetime, (byte *)&tstamp2, UnsignedMin(sizeof(tstamp2), m_size));
84 m_cipher->ProcessBlock(m_datetime);
85 }
86
87 // for FIPS 140-2
88 // GenerateBlock(m_lastBlock, m_size);
89
90 // Make explicit call to avoid virtual-dispatch findings in ctor
91 ArraySink target(m_lastBlock, m_size);
92 X917RNG::GenerateIntoBufferedTransformation(target, DEFAULT_CHANNEL, m_size);
93}
94
95void X917RNG::GenerateIntoBufferedTransformation(BufferedTransformation &target, const std::string &channel, lword size)
96{
97 while (size > 0)
98 {
99 // calculate new enciphered timestamp
100 if (m_deterministicTimeVector.size())
101 {
102 m_cipher->ProcessBlock(m_deterministicTimeVector, m_datetime);
103 IncrementCounterByOne(m_deterministicTimeVector, m_size);
104 }
105 else
106 {
107 clock_t c = clock();
108 xorbuf(m_datetime, (byte *)&c, UnsignedMin(sizeof(c), m_size));
109 time_t t = ::time(NULLPTR);
110 xorbuf(m_datetime+m_size-UnsignedMin(sizeof(t), m_size), (byte *)&t, UnsignedMin(sizeof(t), m_size));
111 m_cipher->ProcessBlock(m_datetime);
112 }
113
114 // combine enciphered timestamp with seed
115 xorbuf(m_randseed, m_datetime, m_size);
116
117 // generate a new block of random bytes
118 m_cipher->ProcessBlock(m_randseed);
119 if (memcmp(m_lastBlock, m_randseed, m_size) == 0)
120 throw SelfTestFailure("X917RNG: Continuous random number generator test failed.");
121
122 // output random bytes
123 size_t len = UnsignedMin(m_size, size);
124 target.ChannelPut(channel, m_randseed, len);
125 size -= len;
126
127 // compute new seed vector
128 memcpy(m_lastBlock, m_randseed, m_size);
129 xorbuf(m_randseed, m_datetime, m_size);
130 m_cipher->ProcessBlock(m_randseed);
131 }
132}
133
134#endif
135
137 : sum(0.0), n(0)
138{
139 for (unsigned i=0; i<V; i++)
140 tab[i] = 0;
141}
142
143size_t MaurerRandomnessTest::Put2(const byte *inString, size_t length, int /*messageEnd*/, bool /*blocking*/)
144{
145 while (length--)
146 {
147 byte inByte = *inString++;
148 if (n >= Q)
149 sum += ::log(double(n - tab[inByte]));
150 tab[inByte] = n;
151 n++;
152 }
153 return 0;
154}
155
156double MaurerRandomnessTest::GetTestValue() const
157{
158 if (BytesNeeded() > 0)
159 throw Exception(Exception::OTHER_ERROR, "MaurerRandomnessTest: " + IntToString(BytesNeeded()) + " more bytes of input needed");
160
161 double fTu = (sum/(n-Q))/::log(2.0); // this is the test value defined by Maurer
162
163 double value = fTu * 0.1392; // arbitrarily normalize it to
164 return value > 1.0 ? 1.0 : value; // a number between 0 and 1
165}
166
167NAMESPACE_END
Copy input to a memory buffer.
Definition: filters.h:1137
Interface for the data processing part of block ciphers.
Definition: cryptlib.h:828
void ProcessBlock(const byte *inBlock, byte *outBlock) const
Encrypt or decrypt a block.
Definition: cryptlib.h:851
Interface for buffered transformations.
Definition: cryptlib.h:1599
size_t ChannelPut(const std::string &channel, byte inByte, bool blocking=true)
Input a byte for processing on a channel.
Definition: cryptlib.h:2106
Base class for all exceptions thrown by the library.
Definition: cryptlib.h:159
@ OTHER_ERROR
Some other error occurred not belonging to other categories.
Definition: cryptlib.h:177
void GenerateBlock(byte *output, size_t size)
Generate random array of bytes.
Definition: rng.cpp:39
MaurerRandomnessTest()
Construct a MaurerRandomnessTest.
Definition: rng.cpp:136
unsigned int BytesNeeded() const
Provides the number of bytes of input is needed by the test.
Definition: rng.h:94
size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking)
Input multiple bytes for processing.
Definition: rng.cpp:143
size_type size() const
Provides the count of elements in the SecBlock.
Definition: secblock.h:797
Exception thrown when a crypto algorithm is used after a self test fails.
Definition: fips140.h:23
void GenerateIntoBufferedTransformation(BufferedTransformation &target, const std::string &channel, lword size)
Generate random bytes into a BufferedTransformation.
Definition: rng.cpp:95
X917RNG(BlockTransformation *cipher, const byte *seed, const byte *deterministicTimeVector=NULL)
Construct a X917RNG.
Definition: rng.cpp:61
Classes and functions for the FIPS 140-2 validated library.
void IncrementCounterByOne(byte *inout, unsigned int size)
Performs an addition with carry on a block of bytes.
Definition: misc.h:1226
std::string IntToString(T value, unsigned int base=10)
Converts a value to a string.
Definition: misc.h:636
const T1 UnsignedMin(const T1 &a, const T2 &b)
Safe comparison of values that could be neagtive and incorrectly promoted.
Definition: misc.h:606
Crypto++ library namespace.
Precompiled header file.
Miscellaneous classes for RNGs.