openldap/libraries/liblutil/entropy.c

/* $OpenLDAP$ */
/*
 * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.
 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
 */

#include "portable.h"

#include <ac/string.h>
#include <ac/time.h>

#ifdef HAVE_WINCRYPT_H
#include <wincrypt.h>
#endif
#ifdef HAVE_PROCESS_H
#include <process.h>
#endif

#include <fcntl.h>

#include <lutil.h>
#include <lutil_md5.h>

/*
 * lutil_entropy() provides nbytes of entropy in buf.
 * Quality offerred is suitable for one-time uses, such as "once" keys.
 */
int lutil_entropy( char *buf, int nbytes )
{
	if( nbytes < 0 ) return -1;
	if( nbytes == 0 ) return 0;

#ifdef URANDOM_DEVICE
	/* Linux and *BSD offer a urandom device */
	{
		int rc, fd;

		fd = open( URANDOM_DEVICE, O_RDONLY );

		if( fd < 0 ) return -1;

		rc = read( fd, buf, nbytes );
		close(fd);

		/* should return nbytes */
		if( rc < nbytes ) return -1;

		return 0;
	}
#elif PROV_RSA_FULL
	{
		/* Not used since _WIN32_WINNT not set... */
		HCRYPTPROV hProv = 0;

		/* Get handle to user default provider */
		if(!CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, 0)) {
		   return -1;
		}

		/* Generate random initialization vector */
		if(!CryptGenRandom(hProv, (DWORD) nbytes, (BYTE *) buf)) {
		   return -1;
		}

		/* Release provider handle */
		if(hProv != 0) CryptReleaseContext(hProv, 0);

		return 0;
	}
#else
	{
		/* based upon Phil Karn's "practical randomness" idea
		 * but implementation 100% OpenLDAP.  So don't blame Phil. */
		/* worse case is this is a MD5 hash of a counter, if
		 *	MD5 is a strong cryptographic hash, this should
		 *	be fairly resistant to attack
		 */
		static int counter = 0;
		int n;

		struct rdata_s {
			int counter;

			char *buf;
			struct rdata_s *stack;

			pid_t	pid;

#ifdef HAVE_GETTIMEOFDAY
			struct timeval *tv;
#else
			time_t	time;
#endif
			unsigned long	junk;
		} rdata;

		/* make sure rdata differs for each process */
		rdata.pid = getpid();

		/* make sure rdata differs for each program */
		rdata.buf = buf;
		rdata.stack = &rdata;

		for( n = 0; n < nbytes; n += 16 ) {
			struct lutil_MD5Context ctx;
			char digest[16];

			/* hopefully has good resolution */
#ifdef HAVE_GETTIMEOFDAY
			(void) gettimeofday( &rdata.tv, sizeof( rdata.tv ) );
#else
			(void) time( &rdata.time );
#endif

			/* make sure rdata differs */
			rdata.counter = ++counter;
			rdata.pid++;
			rdata.junk++;

			lutil_MD5Init( &ctx );
			lutil_MD5Update( &ctx, (char *) &rdata, sizeof( rdata ) );
			lutil_MD5Final( digest, &ctx );

			memcpy( &buf[n], digest,
				nbytes - n > 16 ? 16 : nbytes - n );
		}

		return 0;
	}
#endif
	return -1;
}
Add lutil_entropy(). Currently only supports /dev/urandom or Linux equivs. Should be extended to support other quality sources of entropy. Should be extended to support a reasonable fallback. 1999-10-27 06:57:39 +08:00			`/* $OpenLDAP$ */`
			`/*`
			`* Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.`
			`* COPYING RESTRICTIONS APPLY, see COPYRIGHT file`
			`*/`

Fix compilation errors. 1999-10-27 07:00:30 +08:00			`#include "portable.h"`

Port to NT. 1999-10-27 12:41:38 +08:00			`#include <ac/string.h>`
			`#include <ac/time.h>`

			`#ifdef HAVE_WINCRYPT_H`
			`#include <wincrypt.h>`
			`#endif`
			`#ifdef HAVE_PROCESS_H`
			`#include <process.h>`
			`#endif`

Fix compilation errors. 1999-10-27 07:00:30 +08:00			`#include <fcntl.h>`

			`#include <lutil.h>`
Add a fallback based upon Phil Karn's "practical randomness" idea. 1999-10-27 07:41:09 +08:00			`#include <lutil_md5.h>`
Fix compilation errors. 1999-10-27 07:00:30 +08:00
Add lutil_entropy(). Currently only supports /dev/urandom or Linux equivs. Should be extended to support other quality sources of entropy. Should be extended to support a reasonable fallback. 1999-10-27 06:57:39 +08:00			`/*`
Minor cleanup. 1999-10-27 07:04:44 +08:00			`* lutil_entropy() provides nbytes of entropy in buf.`
Add lutil_entropy(). Currently only supports /dev/urandom or Linux equivs. Should be extended to support other quality sources of entropy. Should be extended to support a reasonable fallback. 1999-10-27 06:57:39 +08:00			`* Quality offerred is suitable for one-time uses, such as "once" keys.`
			`*/`
			`int lutil_entropy( char *buf, int nbytes )`
			`{`
			`if( nbytes < 0 ) return -1;`
			`if( nbytes == 0 ) return 0;`

			`#ifdef URANDOM_DEVICE`
			`/* Linux and BSD offer a urandom device /`
			`{`
			`int rc, fd;`

			`fd = open( URANDOM_DEVICE, O_RDONLY );`

			`if( fd < 0 ) return -1;`

			`rc = read( fd, buf, nbytes );`
			`close(fd);`

Minor cleanup. 1999-10-27 07:04:44 +08:00			`/* should return nbytes */`
Add lutil_entropy(). Currently only supports /dev/urandom or Linux equivs. Should be extended to support other quality sources of entropy. Should be extended to support a reasonable fallback. 1999-10-27 06:57:39 +08:00			`if( rc < nbytes ) return -1;`

Port to NT. 1999-10-27 12:41:38 +08:00			`return 0;`
			`}`
			`#elif PROV_RSA_FULL`
			`{`
			`/* Not used since _WIN32_WINNT not set... */`
			`HCRYPTPROV hProv = 0;`

			`/* Get handle to user default provider */`
			`if(!CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, 0)) {`
			`return -1;`
			`}`

			`/* Generate random initialization vector */`
			`if(!CryptGenRandom(hProv, (DWORD) nbytes, (BYTE *) buf)) {`
			`return -1;`
			`}`

			`/* Release provider handle */`
			`if(hProv != 0) CryptReleaseContext(hProv, 0);`

Add a fallback based upon Phil Karn's "practical randomness" idea. 1999-10-27 07:41:09 +08:00			`return 0;`
			`}`
			`#else`
			`{`
			`/* based upon Phil Karn's "practical randomness" idea`
			`* but implementation 100% OpenLDAP. So don't blame Phil. */`
			`/* worse case is this is a MD5 hash of a counter, if`
			`* MD5 is a strong cryptographic hash, this should`
Rework counter code in fallback. 1999-10-27 07:54:39 +08:00			`* be fairly resistant to attack`
Add a fallback based upon Phil Karn's "practical randomness" idea. 1999-10-27 07:41:09 +08:00			`*/`
Rework counter code in fallback. 1999-10-27 07:54:39 +08:00			`static int counter = 0;`
Add a fallback based upon Phil Karn's "practical randomness" idea. 1999-10-27 07:41:09 +08:00			`int n;`

Make sure rdata differs for each program. 1999-10-27 08:08:31 +08:00			`struct rdata_s {`
Rework counter code in fallback. 1999-10-27 07:54:39 +08:00			`int counter;`
Make sure rdata differs for each program. 1999-10-27 08:08:31 +08:00
			`char *buf;`
			`struct rdata_s *stack;`

Add a fallback based upon Phil Karn's "practical randomness" idea. 1999-10-27 07:41:09 +08:00			`pid_t pid;`

			`#ifdef HAVE_GETTIMEOFDAY`
			`struct timeval *tv;`
			`#else`
			`time_t time;`
			`#endif`
			`unsigned long junk;`
			`} rdata;`

Make sure rdata differs for each program. 1999-10-27 08:08:31 +08:00			`/* make sure rdata differs for each process */`
Rework counter code in fallback. 1999-10-27 07:54:39 +08:00			`rdata.pid = getpid();`
Make sure rdata differs for each program. 1999-10-27 08:08:31 +08:00
			`/* make sure rdata differs for each program */`
			`rdata.buf = buf;`
			`rdata.stack = &rdata;`

Add a fallback based upon Phil Karn's "practical randomness" idea. 1999-10-27 07:41:09 +08:00			`for( n = 0; n < nbytes; n += 16 ) {`
			`struct lutil_MD5Context ctx;`
			`char digest[16];`

Make sure rdata differs for each program. 1999-10-27 08:08:31 +08:00			`/* hopefully has good resolution */`
Add a fallback based upon Phil Karn's "practical randomness" idea. 1999-10-27 07:41:09 +08:00			`#ifdef HAVE_GETTIMEOFDAY`
			`(void) gettimeofday( &rdata.tv, sizeof( rdata.tv ) );`
			`#else`
			`(void) time( &rdata.time );`
			`#endif`

Make sure rdata differs for each program. 1999-10-27 08:08:31 +08:00			`/* make sure rdata differs */`
Rework counter code in fallback. 1999-10-27 07:54:39 +08:00			`rdata.counter = ++counter;`
Add a fallback based upon Phil Karn's "practical randomness" idea. 1999-10-27 07:41:09 +08:00			`rdata.pid++;`
			`rdata.junk++;`

			`lutil_MD5Init( &ctx );`
			`lutil_MD5Update( &ctx, (char *) &rdata, sizeof( rdata ) );`
			`lutil_MD5Final( digest, &ctx );`

			`memcpy( &buf[n], digest,`
			`nbytes - n > 16 ? 16 : nbytes - n );`
			`}`

Add lutil_entropy(). Currently only supports /dev/urandom or Linux equivs. Should be extended to support other quality sources of entropy. Should be extended to support a reasonable fallback. 1999-10-27 06:57:39 +08:00			`return 0;`
			`}`
			`#endif`
			`return -1;`
			`}`