From b8ef99c3a7be2835b2395faff2d46e46f5c4adb3 Mon Sep 17 00:00:00 2001 From: Michael Graff Date: Thu, 16 Dec 1999 00:07:21 +0000 Subject: [PATCH] make the lfsr's real lfsr's, and use two of them to generate random-looking IDs --- bin/tests/lfsr_test.c | 57 ++++++++--------- lib/dns/dispatch.c | 30 +++++++-- lib/isc/include/isc/lfsr.h | 86 +++++++++++++------------ lib/isc/lfsr.c | 124 ++++++++++++++++++++----------------- 4 files changed, 162 insertions(+), 135 deletions(-) diff --git a/bin/tests/lfsr_test.c b/bin/tests/lfsr_test.c index c1b8342e11..de244ab326 100644 --- a/bin/tests/lfsr_test.c +++ b/bin/tests/lfsr_test.c @@ -27,32 +27,23 @@ int main(int argc, char **argv) { isc_lfsr_t lfsr1, lfsr2; - int i, j; + int i; isc_uint32_t temp; UNUSED(argc); UNUSED(argv); - printf("Known LFSRs:\n"); - i = 0; - while (isc_lfsr_standard[i].bits != 0) { - printf("%2d: %2d bits, %08x initial state, %08x tap\n", - i, isc_lfsr_standard[i].bits, - isc_lfsr_standard[i].state, isc_lfsr_standard[i].tap); - i++; - } - /* * Verify that returned values are reproducable. */ - lfsr1 = isc_lfsr_standard[3]; + isc_lfsr_init(&lfsr1, 0, 32, 0x80000057U, 0, NULL, NULL); for (i = 0 ; i < 32 ; i++) { - state[i] = isc_lfsr_generate(&lfsr1); + isc_lfsr_generate(&lfsr1, &state[i], 4); printf("lfsr1: state[%2d] = %08x\n", i, state[i]); } - lfsr1 = isc_lfsr_standard[3]; + isc_lfsr_init(&lfsr1, 0, 32, 0x80000057U, 0, NULL, NULL); for (i = 0 ; i < 32 ; i++) { - temp = isc_lfsr_generate(&lfsr1); + isc_lfsr_generate(&lfsr1, &temp, 4); if (state[i] != temp) printf("lfsr1: state[%2d] = %08x, but new state is %08x\n", i, state[i], temp); @@ -61,14 +52,16 @@ main(int argc, char **argv) /* * Now do the same with skipping. */ - lfsr1 = isc_lfsr_standard[3]; + isc_lfsr_init(&lfsr1, 0, 32, 0x80000057U, 0, NULL, NULL); for (i = 0 ; i < 32 ; i++) { - state[i] = isc_lfsr_skipgenerate(&lfsr1, 6); + isc_lfsr_generate(&lfsr1, &state[i], 4); + isc_lfsr_skip(&lfsr1, 32); printf("lfsr1: state[%2d] = %08x\n", i, state[i]); } - lfsr1 = isc_lfsr_standard[3]; + isc_lfsr_init(&lfsr1, 0, 32, 0x80000057U, 0, NULL, NULL); for (i = 0 ; i < 32 ; i++) { - temp = isc_lfsr_skipgenerate(&lfsr1, 6); + isc_lfsr_generate(&lfsr1, &temp, 4); + isc_lfsr_skip(&lfsr1, 32); if (state[i] != temp) printf("lfsr1: state[%2d] = %08x, but new state is %08x\n", i, state[i], temp); @@ -76,22 +69,22 @@ main(int argc, char **argv) /* * Try to find the period of the LFSR. + * + * x^16 + x^5 + x^3 + x^2 + 1 */ - lfsr2 = isc_lfsr_standard[1]; - printf("Searching for repeating patterns in a %d-bit LFSR\n", - lfsr2.bits); - for (i = 0 ; i < (1024 * 64) ; i++) - state[i] = isc_lfsr_generate(&lfsr2); - for (i = 0 ; i < (1024 * 64) ; i++) { - for (j = i + 1 ; j < (1024 * 64) ; j++) { - if (state[i] == state[j]) { - printf("%08x: state %d and %d are the same, distance %d.\n", - state[i], i, j, j - i); - goto next_i; - } - } - next_i: + isc_lfsr_init(&lfsr2, 0, 16, 0x00008016U, 0, NULL, NULL); + for (i = 0 ; i < 32 ; i++) { + isc_lfsr_generate(&lfsr2, &state[i], 4); + printf("lfsr2: state[%2d] = %08x\n", i, state[i]); } + isc_lfsr_init(&lfsr2, 0, 16, 0x00008016U, 0, NULL, NULL); + for (i = 0 ; i < 32 ; i++) { + isc_lfsr_generate(&lfsr2, &temp, 4); + if (state[i] != temp) + printf("lfsr2: state[%2d] = %08x, but new state is %08x\n", + i, state[i], temp); + } + return (0); } diff --git a/lib/dns/dispatch.c b/lib/dns/dispatch.c index ba6ee2bc4c..30dc737774 100644 --- a/lib/dns/dispatch.c +++ b/lib/dns/dispatch.c @@ -88,7 +88,8 @@ struct dns_dispatch { ISC_LIST(dns_dispentry_t) rq_handlers; /* request handler list */ ISC_LIST(dns_dispatchevent_t) rq_events; /* holder for rq events */ dns_tcpmsg_t tcpmsg; /* for tcp streams */ - isc_lfsr_t qid_lfsr; /* state generator info */ + isc_lfsr_t qid_lfsr1; /* state generator info */ + isc_lfsr_t qid_lfsr2; /* state generator info */ unsigned int qid_nbuckets; /* hash table size */ unsigned int qid_increment; /* id increment on collision */ dns_displist_t *qid_table; /* the table itself */ @@ -125,6 +126,16 @@ static dns_dispentry_t *linear_first(dns_dispatch_t *disp); static dns_dispentry_t *linear_next(dns_dispatch_t *disp, dns_dispentry_t *resp); +static void +reseed_lfsr(isc_lfsr_t *lfsr, void *arg) +{ + UNUSED(arg); + + lfsr->count = (random() & 0x1f) + 32; /* From 32 to 63 states */ + + lfsr->state = random(); +} + /* * Return an unpredictable message ID. */ @@ -133,7 +144,7 @@ randomid(dns_dispatch_t *disp) { isc_uint32_t id; - id = isc_lfsr_generate(&disp->qid_lfsr); + id = isc_lfsr_generate32(&disp->qid_lfsr1, &disp->qid_lfsr2); return ((dns_messageid_t)(id & 0x0000ffff)); } @@ -887,10 +898,19 @@ dns_dispatch_create(isc_mem_t *mctx, isc_socket_t *sock, isc_task_t *task, } /* - * Initialize to a 32-bit LFSR. - * x^31 + x^6 + x^4 + x^2 + x + 1 + * Initialize to a 32-bit LFSR. Both of these are from Applied + * Cryptography. + * + * lfsr1: + * x^32 + x^7 + x^5 + x^3 + x^2 + x + 1 + * + * lfsr2: + * x^32 + x^7 + x^6 + x^2 + 1 */ - isc_lfsr_init(&disp->qid_lfsr, random(), 32, 0x80000057U); + isc_lfsr_init(&disp->qid_lfsr1, 0, 32, 0x80000057U, + 0, reseed_lfsr, disp); + isc_lfsr_init(&disp->qid_lfsr2, 0, 32, 0x800000c2U, + 0, reseed_lfsr, disp); disp->magic = DISPATCH_MAGIC; diff --git a/lib/isc/include/isc/lfsr.h b/lib/isc/include/isc/lfsr.h index f92f890a9a..afa52b6cec 100644 --- a/lib/isc/include/isc/lfsr.h +++ b/lib/isc/include/isc/lfsr.h @@ -20,22 +20,31 @@ #include +typedef struct isc_lfsr isc_lfsr_t; + +/* + * This function is called when reseeding is needed. It is allowed to + * modify any state in the LFSR in any way it sees fit OTHER THAN "bits". + * + * It MUST set "count" to a new value or the lfsr will never reseed again. + * + * Also, a reseed will never occur in the middle of an extraction. This + * is purely an optimization, and is probably what one would want. + */ +typedef void (*isc_lfsrreseed_t)(isc_lfsr_t *, void *); + /* * The members of this structure can be used by the application, but care * needs to be taken to not change state once the lfsr is in operation. */ -typedef struct { - isc_uint32_t state; /* previous state */ - unsigned int bits; /* length */ - isc_uint32_t tap; /* bit taps */ -} isc_lfsr_t; - -/* - * This structure contains some standard LFSR values that can be used. - * One can use the isc_lfsr_findlfsr() to search for one with at least - * a certain number of bits. - */ -extern isc_lfsr_t isc_lfsr_standard[]; +struct isc_lfsr { + isc_uint32_t state; /* previous state */ + unsigned int bits; /* length */ + isc_uint32_t tap; /* bit taps */ + unsigned int count; /* reseed count (in BITS!) */ + isc_lfsrreseed_t reseed; /* reseed function */ + void *arg; /* reseed function argument */ +}; ISC_LANG_BEGINDECLS @@ -45,24 +54,9 @@ ISC_LANG_BEGINDECLS * bit length 32 will have 2^32 unique states before repeating. */ -isc_lfsr_t *isc_lfsr_findlfsr(unsigned int bits); -/* - * Find an LFSR that has at least "bits" of state. - * - * Requires: - * - * 8 <= bits <= 32 - * - * Returns: - * - * NULL if no LFSR can be found. - * - * If NON-null, it points to the first LFSR in the standard LFSR table - * that satisfies the requirements. - */ - void isc_lfsr_init(isc_lfsr_t *lfsr, isc_uint32_t state, unsigned int bits, - isc_uint32_t tap); + isc_uint32_t tap, unsigned int count, + isc_lfsrreseed_t reseed, void *arg); /* * Initialize an LFSR. * @@ -80,28 +74,40 @@ void isc_lfsr_init(isc_lfsr_t *lfsr, isc_uint32_t state, unsigned int bits, * tap != 0 */ -isc_uint32_t isc_lfsr_generate(isc_lfsr_t *lfsr); +void isc_lfsr_generate(isc_lfsr_t *lfsr, void *data, unsigned int count); /* - * Return the next state in the LFSR. + * Returns "count" bytes of data from the LFSR. + * + * Requires: + * + * lfsr be valid. + * + * data != NULL. + * + * count > 0. + */ + +void isc_lfsr_skip(isc_lfsr_t *lfsr, unsigned int skip); +/* + * Skip "skip" states. * * Requires: * * lfsr be valid. */ -isc_uint32_t isc_lfsr_skipgenerate(isc_lfsr_t *lfsr, unsigned int skip); -/* - * Skip "skip" states, then return the next state after that. - * - * Requiremens are the same as for isc_lfsr_generate(), above. - */ - -isc_uint32_t isc_lfsr_lfsrskipgenerate(isc_lfsr_t *lfsr1, isc_lfsr_t *lfsr2, - unsigned int skipbits); +isc_uint32_t isc_lfsr_generate32(isc_lfsr_t *lfsr1, isc_lfsr_t *lfsr2); /* * Given two LFSRs, use the current state from each to skip entries in the * other. The next states are then xor'd together and returned. * + * WARNING: + * + * This function is used only for very, very low security data, such + * as DNS message IDs where it is desired to have an unpredictable + * stream of bytes that are harder to predict than a simple flooding + * attack. + * * Notes: * * Since the current state from each of the LFSRs is used to skip diff --git a/lib/isc/lfsr.c b/lib/isc/lfsr.c index fd311111d9..ec4113b6de 100644 --- a/lib/isc/lfsr.c +++ b/lib/isc/lfsr.c @@ -20,31 +20,12 @@ #include #include -/* - * Any LFSR added to this table needs to have a large period. - * Entries should be added from longest bit state to smallest bit state. - * XXXMLG Need to pull some from Applied Crypto. - */ -isc_lfsr_t isc_lfsr_standard[] = { - { 0, 32, 0x80000057U }, /* 32-bit, x^31 + x^6 + x^4 + x^2 + x + 1 */ - { 0, 32, 0x80000047U }, /* 32-bit, x^31 + x^6 + x^2 + x + 1 */ - { 0, 30, 0x20000029U }, /* 30-bit, x^29 + x^6 + x^3 + 1 */ - { 0, 19, 0x00040013U }, /* 19-bit, x^18 + x^4 + x + 1 */ - { 0, 13, 0x0000100dU }, /* 13-bit, x^12 + x^3 + x^2 + 1 */ - { 0, 0, 0} -}; - #define VALID_LFSR(x) (x != NULL) -isc_lfsr_t * -isc_lfsr_findlfsr(unsigned int bits) -{ - return (NULL); /* XXXMLG implement? */ -} - void isc_lfsr_init(isc_lfsr_t *lfsr, isc_uint32_t state, unsigned int bits, - isc_uint32_t tap) + isc_uint32_t tap, unsigned int count, + isc_lfsrreseed_t reseed, void *arg) { REQUIRE(VALID_LFSR(lfsr)); REQUIRE(8 <= bits && bits <= 32); @@ -53,6 +34,14 @@ isc_lfsr_init(isc_lfsr_t *lfsr, isc_uint32_t state, unsigned int bits, lfsr->state = state; lfsr->bits = bits; lfsr->tap = tap; + lfsr->count = count; + lfsr->reseed = reseed; + lfsr->arg = arg; + + if (count == 0 && reseed != NULL) + reseed(lfsr, arg); + if (lfsr->state == 0) + lfsr->state = 0xffffffffU >> (32 - lfsr->bits); } /* @@ -61,31 +50,63 @@ isc_lfsr_init(isc_lfsr_t *lfsr, isc_uint32_t state, unsigned int bits, static inline isc_uint32_t lfsr_generate(isc_lfsr_t *lfsr) { - unsigned int nbits; + unsigned int highbit; - nbits = lfsr->bits - 1; + highbit = 1 << (lfsr->bits - 1); /* * If the previous state is zero, we must fill it with something * here, or we will begin to generate an extremely predictable output. + * + * First, give the reseed function a crack at it. If the state is + * still 0, set it to all ones. */ - if (lfsr->state == 0) - lfsr->state = (-1) & ((1 << nbits) - 1); + if (lfsr->state == 0) { + if (lfsr->reseed != NULL) + lfsr->reseed(lfsr, lfsr->arg); + if (lfsr->state == 0) + lfsr->state = 0xffffffffU >> (32 - lfsr->bits); + } - if (lfsr->state & 1) - lfsr->state = ((lfsr->state ^ lfsr->tap) >> 1) | (1 << nbits); - else + if (lfsr->state & 0x01) { + lfsr->state = ((lfsr->state ^ lfsr->tap) >> 1) | highbit; + return (1); + } else { lfsr->state >>= 1; - - return (lfsr->state); + return (0); + } } -isc_uint32_t -isc_lfsr_generate(isc_lfsr_t *lfsr) +void +isc_lfsr_generate(isc_lfsr_t *lfsr, void *data, unsigned int count) { - REQUIRE(VALID_LFSR(lfsr)); + unsigned char *p; + unsigned int bit; + unsigned int byte; - return (lfsr_generate(lfsr)); + REQUIRE(VALID_LFSR(lfsr)); + REQUIRE(data != NULL); + REQUIRE(count > 0); + + p = data; + byte = count; + + while (byte--) { + *p = 0; + for (bit = 0 ; bit < 7 ; bit++) { + *p |= lfsr_generate(lfsr); + *p <<= 1; + } + *p |= lfsr_generate(lfsr); + p++; + } + + if (lfsr->count != 0 && lfsr->reseed != NULL) { + if (lfsr->count <= count * 8) + lfsr->reseed(lfsr, lfsr->arg); + else + lfsr->count -= (count * 8); + } } static inline isc_uint32_t @@ -94,51 +115,38 @@ lfsr_skipgenerate(isc_lfsr_t *lfsr, unsigned int skip) while (skip--) (void)lfsr_generate(lfsr); - return (lfsr_generate(lfsr)); + (void)lfsr_generate(lfsr); + + return (lfsr->state); } /* - * Skip "skip" states in "lfsr" and return the ending state. + * Skip "skip" states in "lfsr". */ -isc_uint32_t -isc_lfsr_skipgenerate(isc_lfsr_t *lfsr, unsigned int skip) +void +isc_lfsr_skip(isc_lfsr_t *lfsr, unsigned int skip) { REQUIRE(VALID_LFSR(lfsr)); - return (lfsr_skipgenerate(lfsr, skip)); + while (skip--) + (void)lfsr_generate(lfsr); } /* * Skip states in lfsr1 and lfsr2 using the other's current state. * Return the final state of lfsr1 ^ lfsr2. - * - * Since this uses the _previous_ state of the lfsrs, the the actual values - * they contain should never be released to anyone other than by return from - * this function. - * - * "skipbits" indicates how many lower bits should be used to advance the - * lfsrs. A good value is 1. If simple combining is desired (without - * skipping any values) one can use 0. */ isc_uint32_t -isc_lfsr_lfsrskipgenerate(isc_lfsr_t *lfsr1, isc_lfsr_t *lfsr2, - unsigned int skipbits) +isc_lfsr_generate32(isc_lfsr_t *lfsr1, isc_lfsr_t *lfsr2) { isc_uint32_t state1, state2; isc_uint32_t skip1, skip2; - isc_uint32_t skipmask; REQUIRE(VALID_LFSR(lfsr1)); REQUIRE(VALID_LFSR(lfsr2)); - REQUIRE(skipbits < 31); - if (skipbits == 0) - skipmask = 0; - else - skipmask = (1 << skipbits) - 1; - - skip1 = lfsr1->state & skipmask; - skip2 = lfsr2->state & skipmask; + skip1 = lfsr1->state & 0x01; + skip2 = lfsr2->state & 0x01; /* cross-skip. */ state1 = lfsr_skipgenerate(lfsr1, skip2);