X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=src%2Futil%2Fcrypto_random.c;h=0a092cdcc35d252d29987838a933dae7a47492ef;hb=555214089c7045298f23fea9e060ea931804e75f;hp=0ad1364cb592cdf6e6426acb79d0eafb52221930;hpb=c2017c2ba13736ee1fe4dc9d811d49bee1641ca3;p=oweals%2Fgnunet.git diff --git a/src/util/crypto_random.c b/src/util/crypto_random.c index 0ad1364cb..0a092cdcc 100644 --- a/src/util/crypto_random.c +++ b/src/util/crypto_random.c @@ -27,19 +27,36 @@ #include "platform.h" #include "gnunet_common.h" #include "gnunet_crypto_lib.h" +#include "gnunet_os_lib.h" #include /** + * Create a cryptographically weak pseudo-random number in the interval of 0 to 1. + * + * @return number between 0 and 1. + */ +static double +weak_random () +{ + return ((double) RANDOM () / RAND_MAX); +} + + +/** + * Produce a random value. + * + * @param mode desired quality of the random number + * @param i the upper limit (exclusive) for the random number * @return a random value in the interval [0,i[. */ uint32_t -GNUNET_CRYPTO_random_u32 (enum GNUNET_CRYPTO_Quality mode, - uint32_t i) +GNUNET_CRYPTO_random_u32 (enum GNUNET_CRYPTO_Quality mode, uint32_t i) { #ifdef gcry_fast_random_poll static unsigned int invokeCount; #endif uint32_t ret; + uint32_t ul; GNUNET_assert (i > 0); @@ -50,14 +67,18 @@ GNUNET_CRYPTO_random_u32 (enum GNUNET_CRYPTO_Quality mode, if ((invokeCount++ % 256) == 0) gcry_fast_random_poll (); #endif - gcry_randomize ((unsigned char *) &ret, - sizeof (uint32_t), - GCRY_STRONG_RANDOM); + ul = UINT32_MAX - (UINT32_MAX % i); + do + { + gcry_randomize ((unsigned char *) &ret, + sizeof (uint32_t), GCRY_STRONG_RANDOM); + } + while (ret >= ul); return ret % i; } else { - ret = i * ((double) RANDOM () / RAND_MAX); + ret = i * weak_random (); if (ret >= i) ret = i - 1; return ret; @@ -85,9 +106,9 @@ GNUNET_CRYPTO_random_permute (enum GNUNET_CRYPTO_Quality mode, unsigned int n) ret = GNUNET_malloc (n * sizeof (unsigned int)); for (i = 0; i < n; i++) ret[i] = i; - for (i = 0; i < n; i++) + for (i = n - 1; i > 0; i--) { - x = GNUNET_CRYPTO_random_u32 (mode, n); + x = GNUNET_CRYPTO_random_u32 (mode, i+1); tmp = ret[x]; ret[x] = ret[i]; ret[i] = tmp; @@ -97,26 +118,35 @@ GNUNET_CRYPTO_random_permute (enum GNUNET_CRYPTO_Quality mode, unsigned int n) /** * Random on unsigned 64-bit values. + * + * + * @param mode desired quality of the random number + * @param max value returned will be in range [0,max) (exclusive) + * @return random 64-bit number */ uint64_t -GNUNET_CRYPTO_random_u64 (enum GNUNET_CRYPTO_Quality mode, - uint64_t u) +GNUNET_CRYPTO_random_u64 (enum GNUNET_CRYPTO_Quality mode, uint64_t max) { uint64_t ret; + uint64_t ul; - GNUNET_assert (u > 0); + GNUNET_assert (max > 0); if (mode == GNUNET_CRYPTO_QUALITY_STRONG) { - gcry_randomize ((unsigned char *) &ret, - sizeof (uint64_t), - GCRY_STRONG_RANDOM); - return ret % u; + ul = UINT64_MAX - (UINT64_MAX % max); + do + { + gcry_randomize ((unsigned char *) &ret, + sizeof (uint64_t), GCRY_STRONG_RANDOM); + } + while (ret >= ul); + return ret % max; } else { - ret = u * ((double) RANDOM () / RAND_MAX); - if (ret >= u) - ret = u - 1; + ret = max * weak_random (); + if (ret >= max) + ret = max - 1; return ret; } } @@ -133,4 +163,98 @@ GNUNET_CRYPTO_random_disable_entropy_gathering () } +/** + * Process ID of the "find" process that we use for + * entropy gathering. + */ +static pid_t genproc; + +/** + * Function called by libgcrypt whenever we are + * blocked gathering entropy. + */ +static void +entropy_generator (void *cls, + const char *what, int printchar, int current, int total) +{ + unsigned long code; + enum GNUNET_OS_ProcessStatusType type; + int ret; + + if (0 != strcmp (what, "need_entropy")) + return; + if (current == total) + { + if (genproc != 0) + { + if (0 != PLIBC_KILL (genproc, SIGTERM)) + GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "kill"); + GNUNET_break (GNUNET_OK == GNUNET_OS_process_wait (genproc)); + genproc = 0; + } + return; + } + if (genproc != 0) + { + ret = GNUNET_OS_process_status (genproc, &type, &code); + if (ret == GNUNET_NO) + return; /* still running */ + if (ret == GNUNET_SYSERR) + { + GNUNET_break (0); + return; + } + if (0 != PLIBC_KILL (genproc, SIGTERM)) + GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "kill"); + GNUNET_break (GNUNET_OK == GNUNET_OS_process_wait (genproc)); + genproc = 0; + } + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + _("Starting `%s' process to generate entropy\n"), "find"); + genproc = GNUNET_OS_start_process (NULL, NULL, "sh", + "sh", + "-c", + "exec find / -mount -type f -exec cp {} /dev/null \\; 2>/dev/null", + NULL); +} + + +static void +killfind () +{ + if (genproc != 0) + { + PLIBC_KILL (genproc, SIGKILL); + genproc = 0; + } +} + + +void __attribute__ ((constructor)) GNUNET_CRYPTO_random_init () +{ + SRANDOM (time (NULL)); + gcry_control (GCRYCTL_DISABLE_SECMEM, 0); + if (!gcry_check_version (GCRYPT_VERSION)) + { + fprintf (stderr, + _ + ("libgcrypt has not the expected version (version %s is required).\n"), + GCRYPT_VERSION); + abort (); + } +#ifdef gcry_fast_random_poll + gcry_fast_random_poll (); +#endif + gcry_set_progress_handler (&entropy_generator, NULL); + atexit (&killfind); +} + + +void __attribute__ ((destructor)) GNUNET_CRYPTO_random_fini () +{ + gcry_set_progress_handler (NULL, NULL); +} + + + /* end of crypto_random.c */