* @author Christian Grothoff
*/
#include "platform.h"
+#include <gcrypt.h>
#include "gnunet_util_lib.h"
#include "gnunet-service-core.h"
#include "gnunet-service-core_clients.h"
*publicKey);
-/**
- * This function should only be called in testcases
- * where strong entropy gathering is not desired
- * (for example, for hostkey generation).
- */
-void
-GNUNET_CRYPTO_random_disable_entropy_gathering (void);
-
-
-/**
- * Check if we are using weak random number generation.
- *
- * @return GNUNET_YES if weak number generation is on
- * (thus will return YES if 'GNUNET_CRYPTO_random_disable_entropy_gathering'
- * was called previously).
- */
-int
-GNUNET_CRYPTO_random_is_weak (void);
-
-
#if 0 /* keep Emacsens' auto-indent happy */
{
#endif
(filename != NULL))
GNUNET_CONFIGURATION_set_value_string (cfg, "PATHS", "DEFAULTCONFIG",
filename);
- if ((GNUNET_YES ==
- GNUNET_CONFIGURATION_have_value (cfg, "TESTING", "WEAKRANDOM")) &&
- (GNUNET_YES ==
- GNUNET_CONFIGURATION_get_value_yesno (cfg, "TESTING", "WEAKRANDOM")))
- GNUNET_CRYPTO_random_disable_entropy_gathering ();
return GNUNET_OK;
}
{
struct GNUNET_CRYPTO_EccKeyGenerationContext *gc;
struct GNUNET_CRYPTO_EccPrivateKey *pk;
- const char *weak_random;
if (NULL != (pk = try_read_key (filename)))
{
GNUNET_free (gc);
return NULL;
}
- weak_random = NULL;
- if (GNUNET_YES ==
- GNUNET_CRYPTO_random_is_weak ())
- weak_random = "-w";
gc->gnunet_ecc = GNUNET_OS_start_process (GNUNET_NO,
GNUNET_OS_INHERIT_STD_ERR,
NULL,
"gnunet-ecc",
"gnunet-ecc",
gc->filename,
- weak_random,
NULL);
if (NULL == gc->gnunet_ecc)
{
#define LOG_STRERROR(kind,syscall) GNUNET_log_from_strerror (kind, "util", syscall)
-/**
- * GNUNET_YES if we are using a 'weak' (low-entropy) PRNG.
- */
-static int weak_random;
-
-
-
/* TODO: ndurner, move this to plibc? */
/* The code is derived from glibc, obviously */
#if MINGW
}
-/**
- * Check if we are using weak random number generation.
- *
- * @return GNUNET_YES if weak number generation is on
- */
-int
-GNUNET_CRYPTO_random_is_weak ()
-{
- return weak_random;
-}
-
-
-/**
- * This function should only be called in testcases
- * where strong entropy gathering is not desired
- * (for example, for hostkey generation).
- */
-void
-GNUNET_CRYPTO_random_disable_entropy_gathering ()
-{
- weak_random = GNUNET_YES;
- gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
-}
-
-
/**
* Process ID of the "find" process that we use for
* entropy gathering.
}
-void __attribute__ ((constructor)) GNUNET_CRYPTO_random_init ()
+void __attribute__ ((constructor))
+GNUNET_CRYPTO_random_init ()
{
- gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
- if (!gcry_check_version (NEED_LIBGCRYPT_VERSION))
+ gcry_error_t rc;
+
+ if (! gcry_check_version (NEED_LIBGCRYPT_VERSION))
{
FPRINTF (stderr,
_
NEED_LIBGCRYPT_VERSION);
GNUNET_abort ();
}
+ if ((rc = gcry_control (GCRYCTL_DISABLE_SECMEM, 0)))
+ FPRINTF (stderr, "Failed to set libgcrypt option %s: %s\n", "DISABLE_SECMEM",
+ gcry_strerror (rc));
+ /* we only generate ephemeral keys in-process; for those,
+ we are fine with "just" using GCRY_STRONG_RANDOM */
+ if ((rc = gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0)))
+ FPRINTF (stderr, "Failed to set libgcrypt option %s: %s\n", "ENABLE_QUICK_RANDOM",
+ gcry_strerror (rc));
+
#ifdef GCRYCTL_INITIALIZATION_FINISHED
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
#endif
}
-void __attribute__ ((destructor)) GNUNET_CRYPTO_random_fini ()
+void __attribute__ ((destructor))
+GNUNET_CRYPTO_random_fini ()
{
gcry_set_progress_handler (NULL, NULL);
}
{
struct GNUNET_CRYPTO_RsaKeyGenerationContext *gc;
struct GNUNET_CRYPTO_RsaPrivateKey *pk;
- const char *weak_random;
if (NULL != (pk = try_read_key (filename)))
{
GNUNET_free (gc);
return NULL;
}
- weak_random = NULL;
- if (GNUNET_YES ==
- GNUNET_CRYPTO_random_is_weak ())
- weak_random = "-w";
gc->gnunet_rsa = GNUNET_OS_start_process (GNUNET_NO,
GNUNET_OS_INHERIT_STD_ERR,
NULL,
"gnunet-rsa",
"gnunet-rsa",
gc->filename,
- weak_random,
NULL);
if (NULL == gc->gnunet_rsa)
{
*/
static int print_short_identity;
-/**
- * Use weak random number generator for key generation.
- */
-static int weak_random;
-
/**
* Option set to create a bunch of keys at once.
*/
fprintf (stderr, _("No hostkey file specified on command line\n"));
return;
}
- if (0 != weak_random)
- GNUNET_CRYPTO_random_disable_entropy_gathering ();
if (make_keys > 0)
{
create_keys (args[0]);
{ 's', "print-short-identity", NULL,
gettext_noop ("print the short hash of the public key in ASCII format"),
0, &GNUNET_GETOPT_set_one, &print_short_identity },
- { 'w', "weak-random", NULL,
- gettext_noop ("use insecure, weak random number generator for key generation (for testing only)"),
- 0, &GNUNET_GETOPT_set_one, &weak_random },
GNUNET_GETOPT_OPTION_END
};
int ret;
*/
static int print_short_identity;
-/**
- * Use weak random number generator for key generation.
- */
-static int weak_random;
-
/**
* Main function that will be run by the scheduler.
fprintf (stderr, _("No hostkey file specified on command line\n"));
return;
}
- if (0 != weak_random)
- GNUNET_CRYPTO_random_disable_entropy_gathering ();
pk = GNUNET_CRYPTO_rsa_key_create_from_file (args[0]);
if (NULL == pk)
return;
{ 's', "print-short-identity", NULL,
gettext_noop ("print the short hash of the public key in ASCII format"),
0, &GNUNET_GETOPT_set_one, &print_short_identity },
- { 'w', "weak-random", NULL,
- gettext_noop ("use insecure, weak random number generator for key generation (for testing only)"),
- 0, &GNUNET_GETOPT_set_one, &weak_random },
GNUNET_GETOPT_OPTION_END
};
int ret;
int failureCount = 0;
GNUNET_log_setup ("test-crypto-aes", "WARNING", NULL);
- GNUNET_CRYPTO_random_disable_entropy_gathering ();
GNUNET_assert (strlen (INITVALUE) >
sizeof (struct GNUNET_CRYPTO_AesInitializationVector));
failureCount += testSymcipher ();
int weak_keys;
GNUNET_log_setup ("test-crypto-aes-weak", "WARNING", NULL);
- GNUNET_CRYPTO_random_disable_entropy_gathering ();
if (GENERATE_WEAK_KEYS)
{
weak_keys = getWeakKeys ();
return 0;
}
GNUNET_log_setup ("test-crypto-ecc", "WARNING", NULL);
- GNUNET_CRYPTO_random_disable_entropy_gathering ();
if (GNUNET_OK != testCreateFromFile ())
failureCount++;
GNUNET_SCHEDULER_run (&test_async_creation, NULL);
int failureCount = 0;
GNUNET_log_setup ("test-crypto-rsa", "WARNING", NULL);
- GNUNET_CRYPTO_random_disable_entropy_gathering ();
if (GNUNET_OK != testCreateFromFile ())
failureCount++;
GNUNET_SCHEDULER_run (&test_async_creation, NULL);
GNUNET_log_setup ("test-pseudonym", "WARNING", NULL);
ok = GNUNET_YES;
- GNUNET_CRYPTO_random_disable_entropy_gathering ();
(void) GNUNET_DISK_directory_remove ("/tmp/gnunet-pseudonym-test");
cfg = GNUNET_CONFIGURATION_create ();
if (-1 == GNUNET_CONFIGURATION_parse (cfg, "test_pseudonym_data.conf"))