Subject: Re: CVS commit: src/sys/netinet
To: None <perry@piermont.com>
From: Jun-ichiro itojun Hagino <itojun@itojun.org>
List: tech-crypto
Date: 09/07/2003 05:03:01
> > I'm not sure that arc4random is appropriate for ip sequence numbers,
> > it doesn't have the correct properties. In particular the same output
> > value can be generated by adjacent calls to the function - which you
> > definitely don't want! This will be true for any generator with more
> > that 32 bits of state (or rather if the required value is smaller than
> > the state).
>
> Ideally, we want something that generates an unpredictable ergodic
> sequence of some sort -- that is to say, a sequence guaranteed to
> cycle through all possible values, but in an unpredictable order.
>
> I'm not entirely sure what the right way to do this is, though.
i'm thinking of turning niels' collision-resistant generator code
(sys/netinet/ip_id.c) into some generic library function, maybe in
libc. it should make it easier to use it in multiple places.
- each consumer has to have context
- each consumer initialize context with (1) rekey timer, (2) # of bits
she wants (like 16bit in IPv4 fragment ID case), and such.
- a function gives the consumer collision-resistant number stream
- a function to free() the context
rough draft is below. does it look ok?
itojun
/* in library-local header */
struct {
/* users shouldn't look at the content */
} randomid_ctxt;
/* in public header */
struct randomid_ctxt;
typedef struct randomid_ctxt *randomid_t;
/*
* returns 0 on success (and sets *p)
* negative on failure (-EINVAL and such) (and sets *p to NULL)
* supported bits: 32 and 16 for now, maybe 20 too?
* (need to choose prime carefully so we can't just support any "bits")
*/
int randomid_init(int bits, long timeout, randomid_t *p);
u_int32_t randomid(randomid_t p);
void randomid_free(randomid_t p);