tech-crypto archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: CVS commit: src/sys/netinet



> > I'm not sure that arc4random is appropriate for ip sequence numbers,
> > it doesn't have the correct properties.  In particular the same output
> > value can be generated by adjacent calls to the function - which you
> > definitely don't want!  This will be true for any generator with more
> > that 32 bits of state (or rather if the required value is smaller than
> > the state).
> 
> Ideally, we want something that generates an unpredictable ergodic
> sequence of some sort -- that is to say, a sequence guaranteed to
> cycle through all possible values, but in an unpredictable order.
> 
> I'm not entirely sure what the right way to do this is, though.

        i'm thinking of turning niels' collision-resistant generator code
        (sys/netinet/ip_id.c) into some generic library function, maybe in
        libc.  it should make it easier to use it in multiple places.

        - each consumer has to have context
        - each consumer initialize context with (1) rekey timer, (2) # of bits
          she wants (like 16bit in IPv4 fragment ID case), and such.
        - a function gives the consumer collision-resistant number stream
        - a function to free() the context

        rough draft is below.  does it look ok?

itojun


        /* in library-local header */
        struct {
                /* users shouldn't look at the content */
        } randomid_ctxt;

        /* in public header */
        struct randomid_ctxt;
        typedef struct randomid_ctxt *randomid_t;

        /*
         * returns 0 on success (and sets *p)
         * negative on failure (-EINVAL and such) (and sets *p to NULL)
         * supported bits: 32 and 16 for now, maybe 20 too?
         * (need to choose prime carefully so we can't just support any "bits")
         */
        int randomid_init(int bits, long timeout, randomid_t *p);

        u_int32_t randomid(randomid_t p);

        void randomid_free(randomid_t p);



Home | Main Index | Thread Index | Old Index