src/misc/rand.c

   1 /*****************************************************************************
   2  * rand.c : non-predictible random bytes generator
   3  *****************************************************************************
   4  * Copyright © 2007 Rémi Denis-Courmont
   5  * $Id$
   6  *
   7  * This program is free software; you can redistribute it and/or modify
   8  * it under the terms of the GNU General Public License as published by
   9  * the Free Software Foundation; either version 2 of the License, or
  10  * (at your option) any later version.
  11  *
  12  * This program is distributed in the hope that it will be useful,
  13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15  * GNU General Public License for more details.
  16  *
  17  * You should have received a copy of the GNU General Public License
  18  * along with this program; if not, write to the Free Software
  19  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA.
  20  *****************************************************************************/
  21
  22 #ifdef HAVE_CONFIG_H
  23 # include "config.h"
  24 #endif
  25
  26 #include <vlc_common.h>
  27 #include <vlc_rand.h>
  28
  29 #ifndef WIN32
  30 #include <stdint.h>
  31 #include <string.h>
  32 #include <stdlib.h>
  33
  34 #include <sys/types.h>
  35 #include <fcntl.h>
  36 #include <unistd.h>
  37 #include <pthread.h>
  38
  39 #include <vlc_md5.h>
  40
  41 /*
  42  * Pseudo-random number generator using a HMAC-MD5 in counter mode.
  43  * Probably not very secure (expert patches welcome) but definitely
  44  * better than rand() which is defined to be reproducible...
  45  */
  46 #define BLOCK_SIZE 64
  47
  48 static uint8_t okey[BLOCK_SIZE], ikey[BLOCK_SIZE];
  49
  50 static void vlc_rand_init (void)
  51 {
  52 #if defined (__OpenBSD__) || defined (__OpenBSD_kernel__)
  53     static const char randfile[] = "/dev/random";
  54 #else
  55     static const char randfile[] = "/dev/urandom";
  56 #endif
  57     uint8_t key[BLOCK_SIZE];
  58
  59     /* Get non-predictible value as key for HMAC */
  60     int fd = open (randfile, O_RDONLY);
  61     if (fd == -1)
  62         return; /* Uho! */
  63
  64     for (size_t i = 0; i < sizeof (key);)
  65     {
  66          ssize_t val = read (fd, key + i, sizeof (key) - i);
  67          if (val > 0)
  68              i += val;
  69     }
  70
  71     /* Precompute outer and inner keys for HMAC */
  72     for (size_t i = 0; i < sizeof (key); i++)
  73     {
  74         okey[i] = key[i] ^ 0x5c;
  75         ikey[i] = key[i] ^ 0x36;
  76     }
  77
  78     close (fd);
  79 }
  80
  81
  82 void vlc_rand_bytes (void *buf, size_t len)
  83 {
  84     static pthread_mutex_t lock = PTHREAD_MUTEX_INITIALIZER;
  85     static uint64_t counter = 0;
  86
  87     uint64_t stamp = NTPtime64 ();
  88
  89     while (len > 0)
  90     {
  91         uint64_t val;
  92         struct md5_s mdi, mdo;
  93
  94         pthread_mutex_lock (&lock);
  95         if (counter == 0)
  96             vlc_rand_init ();
  97         val = counter++;
  98         pthread_mutex_unlock (&lock);
  99
 100         InitMD5 (&mdi);
 101         AddMD5 (&mdi, ikey, sizeof (ikey));
 102         AddMD5 (&mdi, &stamp, sizeof (stamp));
 103         AddMD5 (&mdi, &val, sizeof (val));
 104         EndMD5 (&mdi);
 105         InitMD5 (&mdo);
 106         AddMD5 (&mdo, okey, sizeof (okey));
 107         AddMD5 (&mdo, mdi.p_digest, sizeof (mdi.p_digest));
 108         EndMD5 (&mdo);
 109
 110         if (len < sizeof (mdo.p_digest))
 111         {
 112             memcpy (buf, mdo.p_digest, len);
 113             break;
 114         }
 115
 116         memcpy (buf, mdo.p_digest, sizeof (mdo.p_digest));
 117         len -= sizeof (mdo.p_digest);
 118         buf = ((uint8_t *)buf) + sizeof (mdo.p_digest);
 119     }
 120 }
 121
 122 #else /* WIN32 */
 123
 124 #include <wincrypt.h>
 125
 126 void vlc_rand_bytes (void *buf, size_t len)
 127 {
 128     HCRYPTPROV hProv;
 129     size_t count = len;
 130     uint8_t *p_buf = (uint8_t *)buf;
 131
 132     /* fill buffer with pseudo-random data */
 133     while (count > 0)
 134     {
 135         unsigned int val;
 136         val = rand();
 137         if (count < sizeof (val))
 138         {
 139             memcpy (p_buf, &val, count);
 140             break;
 141         }
 142
 143         memcpy (p_buf, &val, sizeof (val));
 144         count -= sizeof (val);
 145         p_buf += sizeof (val);
 146     }
 147
 148     /* acquire default encryption context */
 149     if( CryptAcquireContext(
 150         &hProv,            // Variable to hold returned handle.
 151         NULL,              // Use default key container.
 152         MS_DEF_PROV,       // Use default CSP.
 153         PROV_RSA_FULL,     // Type of provider to acquire.
 154         0) )
 155     {
 156         /* fill buffer with pseudo-random data, intial buffer content
 157            is used as auxillary random seed */
 158         CryptGenRandom(hProv, len, buf);
 159         CryptReleaseContext(hProv, 0);
 160     }
 161 }
 162 #endif