make the lfsr's real lfsr's, and use two of them to generate random-looking IDs

2025-08-30 05:57:52 +00:00 · 1999-12-16 00:07:21 +00:00 · 1999-12-16 00:07:21 +00:00 · b8ef99c3a7
commit b8ef99c3a7
parent 0287710fe0
4 changed files with 162 additions and 135 deletions
--- a/bin/tests/lfsr_test.c
+++ b/bin/tests/lfsr_test.c
@ -27,32 +27,23 @@ int
 main(int argc, char **argv)
 {
 	isc_lfsr_t lfsr1, lfsr2;
-	int i, j;
+	int i;
 	isc_uint32_t temp;

 	UNUSED(argc);
 	UNUSED(argv);

-	printf("Known LFSRs:\n");
-	i = 0;
-	while (isc_lfsr_standard[i].bits != 0) {
-		printf("%2d: %2d bits, %08x initial state, %08x tap\n",
-		       i, isc_lfsr_standard[i].bits,
-		       isc_lfsr_standard[i].state, isc_lfsr_standard[i].tap);
-		i++;
-	}
-
 	/*
 	 * Verify that returned values are reproducable.
 	 */
-	lfsr1 = isc_lfsr_standard[3];
+	isc_lfsr_init(&lfsr1, 0, 32, 0x80000057U, 0, NULL, NULL);
 	for (i = 0 ; i < 32 ; i++) {
-		state[i] = isc_lfsr_generate(&lfsr1);
+		isc_lfsr_generate(&lfsr1, &state[i], 4);
 		printf("lfsr1:  state[%2d] = %08x\n", i, state[i]);
 	}
-	lfsr1 = isc_lfsr_standard[3];
+	isc_lfsr_init(&lfsr1, 0, 32, 0x80000057U, 0, NULL, NULL);
 	for (i = 0 ; i < 32 ; i++) {
-		temp = isc_lfsr_generate(&lfsr1);
+		isc_lfsr_generate(&lfsr1, &temp, 4);
 		if (state[i] != temp)
 			printf("lfsr1:  state[%2d] = %08x, but new state is %08x\n",
 			       i, state[i], temp);
@ -61,14 +52,16 @@ main(int argc, char **argv)
 	/*
 	 * Now do the same with skipping.
 	 */
-	lfsr1 = isc_lfsr_standard[3];
+	isc_lfsr_init(&lfsr1, 0, 32, 0x80000057U, 0, NULL, NULL);
 	for (i = 0 ; i < 32 ; i++) {
-		state[i] = isc_lfsr_skipgenerate(&lfsr1, 6);
+		isc_lfsr_generate(&lfsr1, &state[i], 4);
+		isc_lfsr_skip(&lfsr1, 32);
 		printf("lfsr1:  state[%2d] = %08x\n", i, state[i]);
 	}
-	lfsr1 = isc_lfsr_standard[3];
+	isc_lfsr_init(&lfsr1, 0, 32, 0x80000057U, 0, NULL, NULL);
 	for (i = 0 ; i < 32 ; i++) {
-		temp = isc_lfsr_skipgenerate(&lfsr1, 6);
+		isc_lfsr_generate(&lfsr1, &temp, 4);
+		isc_lfsr_skip(&lfsr1, 32);
 		if (state[i] != temp)
 			printf("lfsr1:  state[%2d] = %08x, but new state is %08x\n",
 			       i, state[i], temp);
@ -76,22 +69,22 @@ main(int argc, char **argv)

 	/*
 	 * Try to find the period of the LFSR.
+	 *
+	 *	x^16 + x^5 + x^3 + x^2 + 1
 	 */
-	lfsr2 = isc_lfsr_standard[1];
-	printf("Searching for repeating patterns in a %d-bit LFSR\n",
-	       lfsr2.bits);
-	for (i = 0 ; i < (1024 * 64) ; i++)
-		state[i] = isc_lfsr_generate(&lfsr2);
-	for (i = 0 ; i < (1024 * 64) ; i++) {
-		for (j = i + 1 ; j < (1024 * 64) ; j++) {
-			if (state[i] == state[j]) {
-				printf("%08x: state %d and %d are the same, distance %d.\n",
-				       state[i], i, j, j - i);
-				goto next_i;
-			}
-		}
-		next_i:
+	isc_lfsr_init(&lfsr2, 0, 16, 0x00008016U, 0, NULL, NULL);
+	for (i = 0 ; i < 32 ; i++) {
+		isc_lfsr_generate(&lfsr2, &state[i], 4);
+		printf("lfsr2:  state[%2d] = %08x\n", i, state[i]);
 	}
+	isc_lfsr_init(&lfsr2, 0, 16, 0x00008016U, 0, NULL, NULL);
+	for (i = 0 ; i < 32 ; i++) {
+		isc_lfsr_generate(&lfsr2, &temp, 4);
+		if (state[i] != temp)
+			printf("lfsr2:  state[%2d] = %08x, but new state is %08x\n",
+			       i, state[i], temp);
+	}
+

 	return (0);
 }
--- a/lib/dns/dispatch.c
+++ b/lib/dns/dispatch.c
@ -88,7 +88,8 @@ struct dns_dispatch {
 	ISC_LIST(dns_dispentry_t) rq_handlers;	/* request handler list */
 	ISC_LIST(dns_dispatchevent_t) rq_events; /* holder for rq events */
 	dns_tcpmsg_t		tcpmsg;		/* for tcp streams */
-	isc_lfsr_t		qid_lfsr;	/* state generator info */
+	isc_lfsr_t		qid_lfsr1;	/* state generator info */
+	isc_lfsr_t		qid_lfsr2;	/* state generator info */
 	unsigned int		qid_nbuckets;	/* hash table size */
 	unsigned int		qid_increment;	/* id increment on collision */
 	dns_displist_t	        *qid_table;	/* the table itself */
@ -125,6 +126,16 @@ static dns_dispentry_t *linear_first(dns_dispatch_t *disp);
 static dns_dispentry_t *linear_next(dns_dispatch_t *disp,
 				    dns_dispentry_t *resp);

+static void
+reseed_lfsr(isc_lfsr_t *lfsr, void *arg)
+{
+	UNUSED(arg);
+
+	lfsr->count = (random() & 0x1f) + 32;	/* From 32 to 63 states */
+
+	lfsr->state = random();
+}
+
 /*
 * Return an unpredictable message ID.
 */
@ -133,7 +144,7 @@ randomid(dns_dispatch_t *disp)
 {
 	isc_uint32_t id;

-	id = isc_lfsr_generate(&disp->qid_lfsr);
+	id = isc_lfsr_generate32(&disp->qid_lfsr1, &disp->qid_lfsr2);

 	return ((dns_messageid_t)(id & 0x0000ffff));
 }
@ -887,10 +898,19 @@ dns_dispatch_create(isc_mem_t *mctx, isc_socket_t *sock, isc_task_t *task,
 	}

 	/*
-	 * Initialize to a 32-bit LFSR.
-	 *	x^31 + x^6 + x^4 + x^2 + x + 1
+	 * Initialize to a 32-bit LFSR.  Both of these are from Applied
+	 * Cryptography.
+	 *
+	 * lfsr1:
+	 *	x^32 + x^7 + x^5 + x^3 + x^2 + x + 1
+	 *
+	 * lfsr2:
+	 *	x^32 + x^7 + x^6 + x^2 + 1
 	 */
-	isc_lfsr_init(&disp->qid_lfsr, random(), 32, 0x80000057U);
+	isc_lfsr_init(&disp->qid_lfsr1, 0, 32, 0x80000057U,
+		      0, reseed_lfsr, disp);
+	isc_lfsr_init(&disp->qid_lfsr2, 0, 32, 0x800000c2U,
+		      0, reseed_lfsr, disp);

 	disp->magic = DISPATCH_MAGIC;

--- a/lib/isc/include/isc/lfsr.h
+++ b/lib/isc/include/isc/lfsr.h
@ -20,22 +20,31 @@

 #include <isc/types.h>

+typedef struct isc_lfsr isc_lfsr_t;
+
+/*
+ * This function is called when reseeding is needed.  It is allowed to
+ * modify any state in the LFSR in any way it sees fit OTHER THAN "bits".
+ *
+ * It MUST set "count" to a new value or the lfsr will never reseed again.
+ *
+ * Also, a reseed will never occur in the middle of an extraction.  This
+ * is purely an optimization, and is probably what one would want.
+ */
+typedef void (*isc_lfsrreseed_t)(isc_lfsr_t *, void *);
+
 /*
 * The members of this structure can be used by the application, but care
 * needs to be taken to not change state once the lfsr is in operation.
 */
-typedef struct {
-	isc_uint32_t	state;	/* previous state */
-	unsigned int	bits;	/* length */
-	isc_uint32_t	tap;	/* bit taps */
-} isc_lfsr_t;
-
-/*
- * This structure contains some standard LFSR values that can be used.
- * One can use the isc_lfsr_findlfsr() to search for one with at least
- * a certain number of bits.
- */
-extern isc_lfsr_t isc_lfsr_standard[];
+struct isc_lfsr {
+	isc_uint32_t		state;	/* previous state */
+	unsigned int		bits;	/* length */
+	isc_uint32_t		tap;	/* bit taps */
+	unsigned int		count;	/* reseed count (in BITS!) */
+	isc_lfsrreseed_t	reseed;	/* reseed function */
+	void		       *arg;	/* reseed function argument */
+};

 ISC_LANG_BEGINDECLS

@ -45,24 +54,9 @@ ISC_LANG_BEGINDECLS
 * bit length 32 will have 2^32 unique states before repeating.
 */

-isc_lfsr_t *isc_lfsr_findlfsr(unsigned int bits);
-/*
- * Find an LFSR that has at least "bits" of state.
- *
- * Requires:
- *
- *	8 <= bits <= 32
- *
- * Returns:
- *
- *	NULL if no LFSR can be found.
- *
- *	If NON-null, it points to the first LFSR in the standard LFSR table
- *	that satisfies the requirements.
- */
-
 void isc_lfsr_init(isc_lfsr_t *lfsr, isc_uint32_t state, unsigned int bits,
-		   isc_uint32_t tap);
+		   isc_uint32_t tap, unsigned int count,
+		   isc_lfsrreseed_t reseed, void *arg);
 /*
 * Initialize an LFSR.
 *
@ -80,28 +74,40 @@ void isc_lfsr_init(isc_lfsr_t *lfsr, isc_uint32_t state, unsigned int bits,
 *	tap != 0
 */

-isc_uint32_t isc_lfsr_generate(isc_lfsr_t *lfsr);
+void isc_lfsr_generate(isc_lfsr_t *lfsr, void *data, unsigned int count);
 /*
- * Return the next state in the LFSR.
+ * Returns "count" bytes of data from the LFSR.
+ *
+ * Requires:
+ *
+ *	lfsr be valid.
+ *
+ *	data != NULL.
+ *
+ *	count > 0.
+ */
+
+void isc_lfsr_skip(isc_lfsr_t *lfsr, unsigned int skip);
+/*
+ * Skip "skip" states.
 *
 * Requires:
 *
 *	lfsr be valid.
 */

-isc_uint32_t isc_lfsr_skipgenerate(isc_lfsr_t *lfsr, unsigned int skip);
-/*
- * Skip "skip" states, then return the next state after that.
- *
- * Requiremens are the same as for isc_lfsr_generate(), above.
- */
-
-isc_uint32_t isc_lfsr_lfsrskipgenerate(isc_lfsr_t *lfsr1, isc_lfsr_t *lfsr2,
-				       unsigned int skipbits);
+isc_uint32_t isc_lfsr_generate32(isc_lfsr_t *lfsr1, isc_lfsr_t *lfsr2);
 /*
 * Given two LFSRs, use the current state from each to skip entries in the
 * other.  The next states are then xor'd together and returned.
 *
+ * WARNING:
+ *
+ *	This function is used only for very, very low security data, such
+ *	as DNS message IDs where it is desired to have an unpredictable
+ *	stream of bytes that are harder to predict than a simple flooding
+ *	attack.
+ *
 * Notes:
 *
 *	Since the current state from each of the LFSRs is used to skip
--- a/lib/isc/lfsr.c
+++ b/lib/isc/lfsr.c
@ -20,31 +20,12 @@
 #include <isc/assertions.h>
 #include <isc/lfsr.h>

-/*
- * Any LFSR added to this table needs to have a large period.
- * Entries should be added from longest bit state to smallest bit state.
- * XXXMLG Need to pull some from Applied Crypto.
- */
-isc_lfsr_t isc_lfsr_standard[] = {
-	{ 0, 32, 0x80000057U },	/* 32-bit, x^31 + x^6 + x^4 + x^2 + x + 1 */
-	{ 0, 32, 0x80000047U },	/* 32-bit, x^31 + x^6 + x^2 + x + 1 */
-	{ 0, 30, 0x20000029U },	/* 30-bit, x^29 + x^6 + x^3 + 1 */
-	{ 0, 19, 0x00040013U },	/* 19-bit, x^18 + x^4 + x + 1 */
-	{ 0, 13, 0x0000100dU },	/* 13-bit, x^12 + x^3 + x^2 + 1 */
-	{ 0, 0, 0}
-};
-
 #define VALID_LFSR(x)	(x != NULL)

-isc_lfsr_t *
-isc_lfsr_findlfsr(unsigned int bits)
-{
-	return (NULL);  /* XXXMLG implement? */
-}
-
 void
 isc_lfsr_init(isc_lfsr_t *lfsr, isc_uint32_t state, unsigned int bits,
-	      isc_uint32_t tap)
+	      isc_uint32_t tap, unsigned int count,
+	      isc_lfsrreseed_t reseed, void *arg)
 {
 	REQUIRE(VALID_LFSR(lfsr));
 	REQUIRE(8 <= bits && bits <= 32);
@ -53,6 +34,14 @@ isc_lfsr_init(isc_lfsr_t *lfsr, isc_uint32_t state, unsigned int bits,
 	lfsr->state = state;
 	lfsr->bits = bits;
 	lfsr->tap = tap;
+	lfsr->count = count;
+	lfsr->reseed = reseed;
+	lfsr->arg = arg;
+
+	if (count == 0 && reseed != NULL)
+		reseed(lfsr, arg);
+	if (lfsr->state == 0)
+		lfsr->state = 0xffffffffU >> (32 - lfsr->bits);
 }

 /*
@ -61,31 +50,63 @@ isc_lfsr_init(isc_lfsr_t *lfsr, isc_uint32_t state, unsigned int bits,
 static inline isc_uint32_t
 lfsr_generate(isc_lfsr_t *lfsr)
 {
-	unsigned int nbits;
+	unsigned int highbit;

-	nbits = lfsr->bits - 1;
+	highbit = 1 << (lfsr->bits - 1);

 	/*
 	 * If the previous state is zero, we must fill it with something
 	 * here, or we will begin to generate an extremely predictable output.
+	 *
+	 * First, give the reseed function a crack at it.  If the state is
+	 * still 0, set it to all ones.
 	 */
-	if (lfsr->state == 0)
-		lfsr->state = (-1) & ((1 << nbits) - 1);
+	if (lfsr->state == 0) {
+		if (lfsr->reseed != NULL)
+			lfsr->reseed(lfsr, lfsr->arg);
+		if (lfsr->state == 0)
+			lfsr->state = 0xffffffffU >> (32 - lfsr->bits);
+	}

-	if (lfsr->state & 1)
-		lfsr->state = ((lfsr->state ^ lfsr->tap) >> 1) | (1 << nbits);
-	else
+	if (lfsr->state & 0x01) {
+		lfsr->state = ((lfsr->state ^ lfsr->tap) >> 1) | highbit;
+		return (1);
+	} else {
 		lfsr->state >>= 1;
-
-	return (lfsr->state);
+		return (0);
+	}
 }

-isc_uint32_t
-isc_lfsr_generate(isc_lfsr_t *lfsr)
+void
+isc_lfsr_generate(isc_lfsr_t *lfsr, void *data, unsigned int count)
 {
-	REQUIRE(VALID_LFSR(lfsr));
+	unsigned char *p;
+	unsigned int bit;
+	unsigned int byte;

-	return (lfsr_generate(lfsr));
+	REQUIRE(VALID_LFSR(lfsr));
+	REQUIRE(data != NULL);
+	REQUIRE(count > 0);
+
+	p = data;
+	byte = count;
+
+	while (byte--) {
+		*p = 0;
+		for (bit = 0 ; bit < 7 ; bit++) {
+			*p |= lfsr_generate(lfsr);
+			*p <<= 1;
+		}
+		*p |= lfsr_generate(lfsr);
+		p++;
+	}
+
+	if (lfsr->count != 0 && lfsr->reseed != NULL) {
+		if (lfsr->count <= count * 8)
+			lfsr->reseed(lfsr, lfsr->arg);
+		else
+			lfsr->count -= (count * 8);
+	}
 }

 static inline isc_uint32_t
@ -94,51 +115,38 @@ lfsr_skipgenerate(isc_lfsr_t *lfsr, unsigned int skip)
 	while (skip--)
 		(void)lfsr_generate(lfsr);

-	return (lfsr_generate(lfsr));
+	(void)lfsr_generate(lfsr);
+
+	return (lfsr->state);
 }

 /*
- * Skip "skip" states in "lfsr" and return the ending state.
+ * Skip "skip" states in "lfsr".
 */
-isc_uint32_t
-isc_lfsr_skipgenerate(isc_lfsr_t *lfsr, unsigned int skip)
+void
+isc_lfsr_skip(isc_lfsr_t *lfsr, unsigned int skip)
 {
 	REQUIRE(VALID_LFSR(lfsr));

-	return (lfsr_skipgenerate(lfsr, skip));
+	while (skip--)
+		(void)lfsr_generate(lfsr);
 }

 /*
 * Skip states in lfsr1 and lfsr2 using the other's current state.
 * Return the final state of lfsr1 ^ lfsr2.
- *
- * Since this uses the _previous_ state of the lfsrs, the the actual values
- * they contain should never be released to anyone other than by return from
- * this function.
- *
- * "skipbits" indicates how many lower bits should be used to advance the
- * lfsrs.  A good value is 1.  If simple combining is desired (without
- * skipping any values) one can use 0.
 */
 isc_uint32_t
-isc_lfsr_lfsrskipgenerate(isc_lfsr_t *lfsr1, isc_lfsr_t *lfsr2,
-			  unsigned int skipbits)
+isc_lfsr_generate32(isc_lfsr_t *lfsr1, isc_lfsr_t *lfsr2)
 {
 	isc_uint32_t state1, state2;
 	isc_uint32_t skip1, skip2;
-	isc_uint32_t skipmask;

 	REQUIRE(VALID_LFSR(lfsr1));
 	REQUIRE(VALID_LFSR(lfsr2));
-	REQUIRE(skipbits < 31);

-	if (skipbits == 0)
-		skipmask = 0;
-	else
-		skipmask = (1 << skipbits) - 1;
-
-	skip1 = lfsr1->state & skipmask;
-	skip2 = lfsr2->state & skipmask;
+	skip1 = lfsr1->state & 0x01;
+	skip2 = lfsr2->state & 0x01;

 	/* cross-skip. */
 	state1 = lfsr_skipgenerate(lfsr1, skip2);