1 /*****************************************************************************
2 * rand.c : non-predictible random bytes generator
3 *****************************************************************************
4 * Copyright © 2007 Rémi Denis-Courmont
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA.
20 *****************************************************************************/
26 #include <vlc_common.h>
34 #include <sys/types.h>
42 * Pseudo-random number generator using a HMAC-MD5 in counter mode.
43 * Probably not very secure (expert patches welcome) but definitely
44 * better than rand() which is defined to be reproducible...
48 static uint8_t okey
[BLOCK_SIZE
], ikey
[BLOCK_SIZE
];
50 static void vlc_rand_init (void)
52 #if defined (__OpenBSD__) || defined (__OpenBSD_kernel__)
53 static const char randfile
[] = "/dev/random";
55 static const char randfile
[] = "/dev/urandom";
57 uint8_t key
[BLOCK_SIZE
];
59 /* Get non-predictible value as key for HMAC */
60 int fd
= open (randfile
, O_RDONLY
);
64 for (size_t i
= 0; i
< sizeof (key
);)
66 ssize_t val
= read (fd
, key
+ i
, sizeof (key
) - i
);
71 /* Precompute outer and inner keys for HMAC */
72 for (size_t i
= 0; i
< sizeof (key
); i
++)
74 okey
[i
] = key
[i
] ^ 0x5c;
75 ikey
[i
] = key
[i
] ^ 0x36;
82 void vlc_rand_bytes (void *buf
, size_t len
)
84 static pthread_mutex_t lock
= PTHREAD_MUTEX_INITIALIZER
;
85 static uint64_t counter
= 0;
87 uint64_t stamp
= NTPtime64 ();
92 struct md5_s mdi
, mdo
;
94 pthread_mutex_lock (&lock
);
98 pthread_mutex_unlock (&lock
);
101 AddMD5 (&mdi
, ikey
, sizeof (ikey
));
102 AddMD5 (&mdi
, &stamp
, sizeof (stamp
));
103 AddMD5 (&mdi
, &val
, sizeof (val
));
106 AddMD5 (&mdo
, okey
, sizeof (okey
));
107 AddMD5 (&mdo
, mdi
.p_digest
, sizeof (mdi
.p_digest
));
110 if (len
< sizeof (mdo
.p_digest
))
112 memcpy (buf
, mdo
.p_digest
, len
);
116 memcpy (buf
, mdo
.p_digest
, sizeof (mdo
.p_digest
));
117 len
-= sizeof (mdo
.p_digest
);
118 buf
= ((uint8_t *)buf
) + sizeof (mdo
.p_digest
);
124 #include <wincrypt.h>
126 void vlc_rand_bytes (void *buf
, size_t len
)
130 uint8_t *p_buf
= (uint8_t *)buf
;
132 /* fill buffer with pseudo-random data */
137 if (count
< sizeof (val
))
139 memcpy (p_buf
, &val
, count
);
143 memcpy (p_buf
, &val
, sizeof (val
));
144 count
-= sizeof (val
);
145 p_buf
+= sizeof (val
);
148 /* acquire default encryption context */
149 if( CryptAcquireContext(
150 &hProv
, // Variable to hold returned handle.
151 NULL
, // Use default key container.
152 MS_DEF_PROV
, // Use default CSP.
153 PROV_RSA_FULL
, // Type of provider to acquire.
156 /* fill buffer with pseudo-random data, intial buffer content
157 is used as auxillary random seed */
158 CryptGenRandom(hProv
, len
, buf
);
159 CryptReleaseContext(hProv
, 0);