src/misc/rand.c

   1 /*****************************************************************************
   2  * rand.c : non-predictible random bytes generator
   3  *****************************************************************************
   4  * Copyright © 2007 Rémi Denis-Courmont
   5  * $Id$
   6  *
   7  * This program is free software; you can redistribute it and/or modify
   8  * it under the terms of the GNU General Public License as published by
   9  * the Free Software Foundation; either version 2 of the License, or
  10  * (at your option) any later version.
  11  *
  12  * This program is distributed in the hope that it will be useful,
  13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15  * GNU General Public License for more details.
  16  *
  17  * You should have received a copy of the GNU General Public License
  18  * along with this program; if not, write to the Free Software
  19  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA.
  20  *****************************************************************************/
  21
  22 #ifdef HAVE_CONFIG_H
  23 # include "config.h"
  24 #endif
  25
  26 #include <vlc_common.h>
  27 #include <vlc_rand.h>
  28
  29 #ifndef WIN32
  30 #include <stdint.h>
  31 #include <string.h>
  32 #include <stdlib.h>
  33
  34 #include <sys/types.h>
  35 #include <fcntl.h>
  36 #include <unistd.h>
  37 #include <pthread.h>
  38 #include <vlc_charset.h>
  39
  40 #include <vlc_md5.h>
  41
  42 /*
  43  * Pseudo-random number generator using a HMAC-MD5 in counter mode.
  44  * Probably not very secure (expert patches welcome) but definitely
  45  * better than rand() which is defined to be reproducible...
  46  */
  47 #define BLOCK_SIZE 64
  48
  49 static uint8_t okey[BLOCK_SIZE], ikey[BLOCK_SIZE];
  50
  51 static void vlc_rand_init (void)
  52 {
  53 #if defined (__OpenBSD__) || defined (__OpenBSD_kernel__)
  54     static const char randfile[] = "/dev/random";
  55 #else
  56     static const char randfile[] = "/dev/urandom";
  57 #endif
  58     uint8_t key[BLOCK_SIZE];
  59
  60     /* Get non-predictible value as key for HMAC */
  61     int fd = utf8_open (randfile, O_RDONLY);
  62     if (fd == -1)
  63         return; /* Uho! */
  64
  65     for (size_t i = 0; i < sizeof (key);)
  66     {
  67          ssize_t val = read (fd, key + i, sizeof (key) - i);
  68          if (val > 0)
  69              i += val;
  70     }
  71
  72     /* Precompute outer and inner keys for HMAC */
  73     for (size_t i = 0; i < sizeof (key); i++)
  74     {
  75         okey[i] = key[i] ^ 0x5c;
  76         ikey[i] = key[i] ^ 0x36;
  77     }
  78
  79     close (fd);
  80 }
  81
  82
  83 void vlc_rand_bytes (void *buf, size_t len)
  84 {
  85     static pthread_mutex_t lock = PTHREAD_MUTEX_INITIALIZER;
  86     static uint64_t counter = 0;
  87
  88     uint64_t stamp = NTPtime64 ();
  89
  90     while (len > 0)
  91     {
  92         uint64_t val;
  93         struct md5_s mdi, mdo;
  94
  95         pthread_mutex_lock (&lock);
  96         if (counter == 0)
  97             vlc_rand_init ();
  98         val = counter++;
  99         pthread_mutex_unlock (&lock);
 100
 101         InitMD5 (&mdi);
 102         AddMD5 (&mdi, ikey, sizeof (ikey));
 103         AddMD5 (&mdi, &stamp, sizeof (stamp));
 104         AddMD5 (&mdi, &val, sizeof (val));
 105         EndMD5 (&mdi);
 106         InitMD5 (&mdo);
 107         AddMD5 (&mdo, okey, sizeof (okey));
 108         AddMD5 (&mdo, mdi.p_digest, sizeof (mdi.p_digest));
 109         EndMD5 (&mdo);
 110
 111         if (len < sizeof (mdo.p_digest))
 112         {
 113             memcpy (buf, mdo.p_digest, len);
 114             break;
 115         }
 116
 117         memcpy (buf, mdo.p_digest, sizeof (mdo.p_digest));
 118         len -= sizeof (mdo.p_digest);
 119         buf = ((uint8_t *)buf) + sizeof (mdo.p_digest);
 120     }
 121 }
 122
 123 #else /* WIN32 */
 124
 125 #include <wincrypt.h>
 126
 127 void vlc_rand_bytes (void *buf, size_t len)
 128 {
 129     HCRYPTPROV hProv;
 130     size_t count = len;
 131     uint8_t *p_buf = (uint8_t *)buf;
 132
 133     /* fill buffer with pseudo-random data */
 134     while (count > 0)
 135     {
 136         unsigned int val;
 137         val = rand();
 138         if (count < sizeof (val))
 139         {
 140             memcpy (p_buf, &val, count);
 141             break;
 142         }
 143
 144         memcpy (p_buf, &val, sizeof (val));
 145         count -= sizeof (val);
 146         p_buf += sizeof (val);
 147     }
 148
 149     /* acquire default encryption context */
 150     if( CryptAcquireContext(
 151         &hProv,            // Variable to hold returned handle.
 152         NULL,              // Use default key container.
 153         MS_DEF_PROV,       // Use default CSP.
 154         PROV_RSA_FULL,     // Type of provider to acquire.
 155         0) )
 156     {
 157         /* fill buffer with pseudo-random data, intial buffer content
 158            is used as auxillary random seed */
 159         CryptGenRandom(hProv, len, buf);
 160         CryptReleaseContext(hProv, 0);
 161     }
 162 }
 163 #endif