From: Felix Fietkau Date: Tue, 22 Sep 2015 09:06:00 +0000 (+0000) Subject: px5g-standalone: use /dev/urandom instead of havege (fixes #20216) X-Git-Tag: reboot~1928 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=9893f5f00e0bb677049dc851a76c050d2a64381a;p=oweals%2Fopenwrt.git px5g-standalone: use /dev/urandom instead of havege (fixes #20216) Signed-off-by: Felix Fietkau SVN-Revision: 47025 --- diff --git a/package/utils/px5g-standalone/src/library/havege.c b/package/utils/px5g-standalone/src/library/havege.c deleted file mode 100644 index 266299d3bb..0000000000 --- a/package/utils/px5g-standalone/src/library/havege.c +++ /dev/null @@ -1,276 +0,0 @@ -/* - * HAVEGE: HArdware Volatile Entropy Gathering and Expansion - * - * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine - * - * Copyright (C) 2009 Paul Bakker - * - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * * Neither the names of PolarSSL or XySSL nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/* - * The HAVEGE RNG was designed by Andre Seznec in 2002. - * - * http://www.irisa.fr/caps/projects/hipsor/publi.php - * - * Contact: seznec(at)irisa_dot_fr - orocheco(at)irisa_dot_fr - */ - -#include -#include - -#include "polarssl/config.h" - -#if defined(POLARSSL_HAVEGE_C) - -#include "polarssl/havege.h" -#include "polarssl/timing.h" - -/* ------------------------------------------------------------------------ - * On average, one iteration accesses two 8-word blocks in the havege WALK - * table, and generates 16 words in the RES array. - * - * The data read in the WALK table is updated and permuted after each use. - * The result of the hardware clock counter read is used for this update. - * - * 25 conditional tests are present. The conditional tests are grouped in - * two nested groups of 12 conditional tests and 1 test that controls the - * permutation; on average, there should be 6 tests executed and 3 of them - * should be mispredicted. - * ------------------------------------------------------------------------ - */ - -#define SWAP(X,Y) { int *T = X; X = Y; Y = T; } - -#define TST1_ENTER if( PTEST & 1 ) { PTEST ^= 3; PTEST >>= 1; -#define TST2_ENTER if( PTEST & 1 ) { PTEST ^= 3; PTEST >>= 1; - -#define TST1_LEAVE U1++; } -#define TST2_LEAVE U2++; } - -#define ONE_ITERATION \ - \ - PTEST = PT1 >> 20; \ - \ - TST1_ENTER TST1_ENTER TST1_ENTER TST1_ENTER \ - TST1_ENTER TST1_ENTER TST1_ENTER TST1_ENTER \ - TST1_ENTER TST1_ENTER TST1_ENTER TST1_ENTER \ - \ - TST1_LEAVE TST1_LEAVE TST1_LEAVE TST1_LEAVE \ - TST1_LEAVE TST1_LEAVE TST1_LEAVE TST1_LEAVE \ - TST1_LEAVE TST1_LEAVE TST1_LEAVE TST1_LEAVE \ - \ - PTX = (PT1 >> 18) & 7; \ - PT1 &= 0x1FFF; \ - PT2 &= 0x1FFF; \ - CLK = (int) hardclock(); \ - \ - i = 0; \ - A = &WALK[PT1 ]; RES[i++] ^= *A; \ - B = &WALK[PT2 ]; RES[i++] ^= *B; \ - C = &WALK[PT1 ^ 1]; RES[i++] ^= *C; \ - D = &WALK[PT2 ^ 4]; RES[i++] ^= *D; \ - \ - IN = (*A >> (1)) ^ (*A << (31)) ^ CLK; \ - *A = (*B >> (2)) ^ (*B << (30)) ^ CLK; \ - *B = IN ^ U1; \ - *C = (*C >> (3)) ^ (*C << (29)) ^ CLK; \ - *D = (*D >> (4)) ^ (*D << (28)) ^ CLK; \ - \ - A = &WALK[PT1 ^ 2]; RES[i++] ^= *A; \ - B = &WALK[PT2 ^ 2]; RES[i++] ^= *B; \ - C = &WALK[PT1 ^ 3]; RES[i++] ^= *C; \ - D = &WALK[PT2 ^ 6]; RES[i++] ^= *D; \ - \ - if( PTEST & 1 ) SWAP( A, C ); \ - \ - IN = (*A >> (5)) ^ (*A << (27)) ^ CLK; \ - *A = (*B >> (6)) ^ (*B << (26)) ^ CLK; \ - *B = IN; CLK = (int) hardclock(); \ - *C = (*C >> (7)) ^ (*C << (25)) ^ CLK; \ - *D = (*D >> (8)) ^ (*D << (24)) ^ CLK; \ - \ - A = &WALK[PT1 ^ 4]; \ - B = &WALK[PT2 ^ 1]; \ - \ - PTEST = PT2 >> 1; \ - \ - PT2 = (RES[(i - 8) ^ PTY] ^ WALK[PT2 ^ PTY ^ 7]); \ - PT2 = ((PT2 & 0x1FFF) & (~8)) ^ ((PT1 ^ 8) & 0x8); \ - PTY = (PT2 >> 10) & 7; \ - \ - TST2_ENTER TST2_ENTER TST2_ENTER TST2_ENTER \ - TST2_ENTER TST2_ENTER TST2_ENTER TST2_ENTER \ - TST2_ENTER TST2_ENTER TST2_ENTER TST2_ENTER \ - \ - TST2_LEAVE TST2_LEAVE TST2_LEAVE TST2_LEAVE \ - TST2_LEAVE TST2_LEAVE TST2_LEAVE TST2_LEAVE \ - TST2_LEAVE TST2_LEAVE TST2_LEAVE TST2_LEAVE \ - \ - C = &WALK[PT1 ^ 5]; \ - D = &WALK[PT2 ^ 5]; \ - \ - RES[i++] ^= *A; \ - RES[i++] ^= *B; \ - RES[i++] ^= *C; \ - RES[i++] ^= *D; \ - \ - IN = (*A >> ( 9)) ^ (*A << (23)) ^ CLK; \ - *A = (*B >> (10)) ^ (*B << (22)) ^ CLK; \ - *B = IN ^ U2; \ - *C = (*C >> (11)) ^ (*C << (21)) ^ CLK; \ - *D = (*D >> (12)) ^ (*D << (20)) ^ CLK; \ - \ - A = &WALK[PT1 ^ 6]; RES[i++] ^= *A; \ - B = &WALK[PT2 ^ 3]; RES[i++] ^= *B; \ - C = &WALK[PT1 ^ 7]; RES[i++] ^= *C; \ - D = &WALK[PT2 ^ 7]; RES[i++] ^= *D; \ - \ - IN = (*A >> (13)) ^ (*A << (19)) ^ CLK; \ - *A = (*B >> (14)) ^ (*B << (18)) ^ CLK; \ - *B = IN; \ - *C = (*C >> (15)) ^ (*C << (17)) ^ CLK; \ - *D = (*D >> (16)) ^ (*D << (16)) ^ CLK; \ - \ - PT1 = ( RES[(i - 8) ^ PTX] ^ \ - WALK[PT1 ^ PTX ^ 7] ) & (~1); \ - PT1 ^= (PT2 ^ 0x10) & 0x10; \ - \ - for( n++, i = 0; i < 16; i++ ) \ - hs->pool[n % COLLECT_SIZE] ^= RES[i]; - -/* - * Entropy gathering function - */ -static void havege_fill( havege_state *hs ) -{ - int i, n = 0; - int U1, U2, *A, *B, *C, *D; - int PT1, PT2, *WALK, RES[16]; - int PTX, PTY, CLK, PTEST, IN; - - WALK = hs->WALK; - PT1 = hs->PT1; - PT2 = hs->PT2; - - PTX = U1 = 0; - PTY = U2 = 0; - - memset( RES, 0, sizeof( RES ) ); - - while( n < COLLECT_SIZE * 4 ) - { - ONE_ITERATION - ONE_ITERATION - ONE_ITERATION - ONE_ITERATION - } - - hs->PT1 = PT1; - hs->PT2 = PT2; - - hs->offset[0] = 0; - hs->offset[1] = COLLECT_SIZE / 2; -} - -/* - * HAVEGE initialization - */ -void havege_init( havege_state *hs ) -{ - memset( hs, 0, sizeof( havege_state ) ); - - havege_fill( hs ); -} - -/* - * HAVEGE rand function - */ -int havege_rand( void *p_rng ) -{ - int ret; - havege_state *hs = (havege_state *) p_rng; - - if( hs->offset[1] >= COLLECT_SIZE ) - havege_fill( hs ); - - ret = hs->pool[hs->offset[0]++]; - ret ^= hs->pool[hs->offset[1]++]; - - return( ret ); -} - -#if defined(POLARSSL_RAND_TEST) - -#include - -int main( int argc, char *argv[] ) -{ - FILE *f; - time_t t; - int i, j, k; - havege_state hs; - unsigned char buf[1024]; - - if( argc < 2 ) - { - fprintf( stderr, "usage: %s \n", argv[0] ); - return( 1 ); - } - - if( ( f = fopen( argv[1], "wb+" ) ) == NULL ) - { - printf( "failed to open '%s' for writing.\n", argv[0] ); - return( 1 ); - } - - havege_init( &hs ); - - t = time( NULL ); - - for( i = 0, k = 32768; i < k; i++ ) - { - for( j = 0; j < sizeof( buf ); j++ ) - buf[j] = havege_rand( &hs ); - - fwrite( buf, sizeof( buf ), 1, f ); - - printf( "Generating 32Mb of data in file '%s'... %04.1f" \ - "%% done\r", argv[1], (100 * (float) (i + 1)) / k ); - fflush( stdout ); - } - - if( t == time( NULL ) ) - t--; - - fclose( f ); - return( 0 ); -} - -#endif - -#endif diff --git a/package/utils/px5g-standalone/src/polarssl/havege.h b/package/utils/px5g-standalone/src/polarssl/havege.h deleted file mode 100644 index c27cecac0f..0000000000 --- a/package/utils/px5g-standalone/src/polarssl/havege.h +++ /dev/null @@ -1,75 +0,0 @@ -/** - * \file havege.h - * - * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine - * - * Copyright (C) 2009 Paul Bakker - * - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * * Neither the names of PolarSSL or XySSL nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#ifndef POLARSSL_HAVEGE_H -#define POLARSSL_HAVEGE_H - -#define COLLECT_SIZE 1024 - -/** - * \brief HAVEGE state structure - */ -typedef struct -{ - int PT1, PT2, offset[2]; - int pool[COLLECT_SIZE]; - int WALK[8192]; -} -havege_state; - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \brief HAVEGE initialization - * - * \param hs HAVEGE state to be initialized - */ -void havege_init( havege_state *hs ); - -/** - * \brief HAVEGE rand function - * - * \param rng_st points to an HAVEGE state - * - * \return A random int - */ -int havege_rand( void *p_rng ); - -#ifdef __cplusplus -} -#endif - -#endif /* havege.h */ diff --git a/package/utils/px5g-standalone/src/px5g.c b/package/utils/px5g-standalone/src/px5g.c index cf50ad28e2..34ab34f32d 100644 --- a/package/utils/px5g-standalone/src/px5g.c +++ b/package/utils/px5g-standalone/src/px5g.c @@ -23,7 +23,8 @@ #include #include #include -#include "polarssl/havege.h" +#include +#include #include "polarssl/bignum.h" #include "polarssl/x509.h" #include "polarssl/rsa.h" @@ -32,8 +33,17 @@ #define PX5G_COPY "Copyright (c) 2009 Steven Barth " #define PX5G_LICENSE "Licensed under the GNU Lesser General Public License v2.1" +static int urandom_fd; + +static int _urandom(void *ctx) +{ + int ret; + read(urandom_fd, &ret, sizeof(ret)); + return ret; +} + + int rsakey(char **arg) { - havege_state hs; rsa_context rsa; unsigned int ksize = 512; @@ -57,8 +67,7 @@ int rsakey(char **arg) { ksize = (unsigned int)atoi(*arg); } - havege_init(&hs); - rsa_init(&rsa, RSA_PKCS_V15, 0, havege_rand, &hs); + rsa_init(&rsa, RSA_PKCS_V15, 0, _urandom, NULL); fprintf(stderr, "Generating RSA private key, %i bit long modulus\n", ksize); if (rsa_gen_key(&rsa, ksize, exp)) { @@ -76,7 +85,6 @@ int rsakey(char **arg) { } int selfsigned(char **arg) { - havege_state hs; rsa_context rsa; x509_node node; @@ -139,8 +147,7 @@ int selfsigned(char **arg) { arg++; } - havege_init(&hs); - rsa_init(&rsa, RSA_PKCS_V15, 0, havege_rand, &hs); + rsa_init(&rsa, RSA_PKCS_V15, 0, _urandom, NULL); x509write_init_node(&node); fprintf(stderr, "Generating RSA private key, %i bit long modulus\n", ksize); if (rsa_gen_key(&rsa, ksize, exp)) { @@ -184,6 +191,12 @@ int selfsigned(char **arg) { } int main(int argc, char *argv[]) { + urandom_fd = open("/dev/urandom", O_RDONLY); + if (urandom_fd < 0) { + perror("open(/dev/urandom)"); + return 1; + } + if (!argv[1]) { //Usage } else if (!strcmp(argv[1], "rsakey")) {