2003-11-26 07:17:08 +08:00
|
|
|
/* entropy.c -- routines for providing pseudo-random data */
|
1999-10-27 06:57:39 +08:00
|
|
|
/* $OpenLDAP$ */
|
2003-11-26 07:17:08 +08:00
|
|
|
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
|
|
|
|
*
|
2021-01-12 03:25:53 +08:00
|
|
|
* Copyright 1999-2021 The OpenLDAP Foundation.
|
2003-11-26 07:17:08 +08:00
|
|
|
* Portions Copyright 1999-2003 Kurt D. Zeilenga.
|
|
|
|
* All rights reserved.
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted only as authorized by the OpenLDAP
|
|
|
|
* Public License.
|
|
|
|
*
|
|
|
|
* A copy of this license is available in the file LICENSE in the
|
|
|
|
* top-level directory of the distribution or, alternatively, at
|
|
|
|
* <http://www.OpenLDAP.org/license.html>.
|
|
|
|
*/
|
|
|
|
/* This work was initially developed by Kurt D. Zeilenga for
|
2021-02-16 07:58:50 +08:00
|
|
|
* inclusion in OpenLDAP Software based, in part, on publicly
|
2003-11-26 07:17:08 +08:00
|
|
|
* available works (as noted below).
|
1999-10-27 06:57:39 +08:00
|
|
|
*/
|
|
|
|
|
1999-10-27 07:00:30 +08:00
|
|
|
#include "portable.h"
|
|
|
|
|
1999-10-27 12:41:38 +08:00
|
|
|
#include <ac/string.h>
|
|
|
|
#include <ac/time.h>
|
2000-09-15 11:11:03 +08:00
|
|
|
#include <ac/unistd.h>
|
1999-10-27 12:41:38 +08:00
|
|
|
|
|
|
|
#ifdef HAVE_PROCESS_H
|
|
|
|
#include <process.h>
|
|
|
|
#endif
|
|
|
|
|
1999-10-27 07:00:30 +08:00
|
|
|
#include <fcntl.h>
|
|
|
|
|
|
|
|
#include <lutil.h>
|
1999-10-27 07:41:09 +08:00
|
|
|
#include <lutil_md5.h>
|
1999-10-27 07:00:30 +08:00
|
|
|
|
1999-10-27 06:57:39 +08:00
|
|
|
/*
|
1999-10-27 07:04:44 +08:00
|
|
|
* lutil_entropy() provides nbytes of entropy in buf.
|
2017-02-26 15:49:31 +08:00
|
|
|
* Quality offered is suitable for one-time uses, such as "once" keys.
|
1999-10-29 01:42:46 +08:00
|
|
|
* Values may not be suitable for multi-time uses.
|
1999-10-28 03:42:27 +08:00
|
|
|
*
|
|
|
|
* Note: Callers are encouraged to provide additional bytes of
|
|
|
|
* of entropy in the buf argument. This information is used in
|
|
|
|
* fallback mode to improve the quality of bytes returned.
|
1999-10-29 01:42:46 +08:00
|
|
|
*
|
|
|
|
* This routinue should be extended to support additional sources
|
|
|
|
* of entropy.
|
1999-10-27 06:57:39 +08:00
|
|
|
*/
|
2000-10-14 10:14:38 +08:00
|
|
|
int lutil_entropy( unsigned char *buf, ber_len_t nbytes )
|
1999-10-27 06:57:39 +08:00
|
|
|
{
|
|
|
|
if( nbytes == 0 ) return 0;
|
|
|
|
|
|
|
|
#ifdef URANDOM_DEVICE
|
2002-06-04 00:43:57 +08:00
|
|
|
#define URANDOM_NREADS 4
|
1999-10-27 06:57:39 +08:00
|
|
|
/* Linux and *BSD offer a urandom device */
|
|
|
|
{
|
2002-06-04 00:43:57 +08:00
|
|
|
int rc, fd, n=0;
|
1999-10-27 06:57:39 +08:00
|
|
|
|
|
|
|
fd = open( URANDOM_DEVICE, O_RDONLY );
|
|
|
|
|
|
|
|
if( fd < 0 ) return -1;
|
|
|
|
|
2002-06-04 00:43:57 +08:00
|
|
|
do {
|
|
|
|
rc = read( fd, buf, nbytes );
|
|
|
|
if( rc <= 0 ) break;
|
|
|
|
|
|
|
|
buf+=rc;
|
|
|
|
nbytes-=rc;
|
1999-10-27 06:57:39 +08:00
|
|
|
|
2002-06-04 00:43:57 +08:00
|
|
|
if( ++n >= URANDOM_NREADS ) break;
|
|
|
|
} while( nbytes > 0 );
|
1999-10-27 06:57:39 +08:00
|
|
|
|
2002-06-04 00:43:57 +08:00
|
|
|
close(fd);
|
|
|
|
return nbytes > 0 ? -1 : 0;
|
1999-10-27 12:41:38 +08:00
|
|
|
}
|
2011-02-17 08:36:30 +08:00
|
|
|
#elif defined(PROV_RSA_FULL)
|
1999-10-27 12:41:38 +08:00
|
|
|
{
|
|
|
|
/* Not used since _WIN32_WINNT not set... */
|
|
|
|
HCRYPTPROV hProv = 0;
|
|
|
|
|
|
|
|
/* Get handle to user default provider */
|
|
|
|
if(!CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, 0)) {
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Generate random initialization vector */
|
|
|
|
if(!CryptGenRandom(hProv, (DWORD) nbytes, (BYTE *) buf)) {
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Release provider handle */
|
|
|
|
if(hProv != 0) CryptReleaseContext(hProv, 0);
|
|
|
|
|
1999-10-27 07:41:09 +08:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
#else
|
|
|
|
{
|
|
|
|
/* based upon Phil Karn's "practical randomness" idea
|
1999-10-29 01:42:46 +08:00
|
|
|
* but implementation 100% OpenLDAP. So don't blame Phil.
|
|
|
|
*
|
|
|
|
* Worse case is that this is a MD5 hash of a counter, if
|
|
|
|
* MD5 is a strong cryptographic hash, this should be fairly
|
|
|
|
* resistant to attack
|
1999-10-27 07:41:09 +08:00
|
|
|
*/
|
1999-10-28 05:50:49 +08:00
|
|
|
|
|
|
|
/*
|
1999-10-28 06:00:29 +08:00
|
|
|
* the caller may need to provide external synchronization OR
|
|
|
|
* provide entropy (in buf) to ensure quality results as
|
|
|
|
* access to this counter may not be atomic.
|
1999-10-28 05:50:49 +08:00
|
|
|
*/
|
|
|
|
static int counter = 0;
|
1999-12-13 12:53:59 +08:00
|
|
|
ber_len_t n;
|
1999-10-27 07:41:09 +08:00
|
|
|
|
1999-10-27 08:08:31 +08:00
|
|
|
struct rdata_s {
|
1999-10-27 07:54:39 +08:00
|
|
|
int counter;
|
1999-10-27 08:08:31 +08:00
|
|
|
|
2000-10-18 08:28:39 +08:00
|
|
|
unsigned char *buf;
|
1999-10-27 08:08:31 +08:00
|
|
|
struct rdata_s *stack;
|
|
|
|
|
1999-10-27 07:41:09 +08:00
|
|
|
pid_t pid;
|
|
|
|
|
|
|
|
#ifdef HAVE_GETTIMEOFDAY
|
1999-10-28 05:50:49 +08:00
|
|
|
struct timeval tv;
|
1999-10-27 07:41:09 +08:00
|
|
|
#else
|
|
|
|
time_t time;
|
|
|
|
#endif
|
1999-10-28 06:00:29 +08:00
|
|
|
|
|
|
|
unsigned long junk; /* purposely not initialized */
|
1999-10-27 07:41:09 +08:00
|
|
|
} rdata;
|
|
|
|
|
1999-10-27 08:08:31 +08:00
|
|
|
/* make sure rdata differs for each process */
|
1999-10-27 07:54:39 +08:00
|
|
|
rdata.pid = getpid();
|
1999-10-27 08:08:31 +08:00
|
|
|
|
|
|
|
/* make sure rdata differs for each program */
|
|
|
|
rdata.buf = buf;
|
|
|
|
rdata.stack = &rdata;
|
|
|
|
|
1999-10-27 07:41:09 +08:00
|
|
|
for( n = 0; n < nbytes; n += 16 ) {
|
|
|
|
struct lutil_MD5Context ctx;
|
2003-05-02 21:29:28 +08:00
|
|
|
unsigned char digest[16];
|
1999-10-27 07:41:09 +08:00
|
|
|
|
1999-10-28 06:00:29 +08:00
|
|
|
/* poor resolution */
|
1999-10-27 07:41:09 +08:00
|
|
|
#ifdef HAVE_GETTIMEOFDAY
|
1999-10-28 05:53:41 +08:00
|
|
|
(void) gettimeofday( &rdata.tv, NULL );
|
1999-10-27 07:41:09 +08:00
|
|
|
#else
|
|
|
|
(void) time( &rdata.time );
|
|
|
|
#endif
|
|
|
|
|
1999-10-27 08:08:31 +08:00
|
|
|
/* make sure rdata differs */
|
1999-10-27 07:54:39 +08:00
|
|
|
rdata.counter = ++counter;
|
1999-10-27 07:41:09 +08:00
|
|
|
rdata.pid++;
|
|
|
|
rdata.junk++;
|
|
|
|
|
|
|
|
lutil_MD5Init( &ctx );
|
2000-10-18 08:28:39 +08:00
|
|
|
lutil_MD5Update( &ctx, (unsigned char *) &rdata, sizeof( rdata ) );
|
1999-10-28 03:42:27 +08:00
|
|
|
|
1999-10-28 06:00:29 +08:00
|
|
|
/* allow caller to provided additional entropy */
|
2000-10-18 08:28:39 +08:00
|
|
|
lutil_MD5Update( &ctx, buf, nbytes );
|
1999-10-28 03:42:27 +08:00
|
|
|
|
1999-10-27 07:41:09 +08:00
|
|
|
lutil_MD5Final( digest, &ctx );
|
|
|
|
|
2000-07-28 09:07:07 +08:00
|
|
|
AC_MEMCPY( &buf[n], digest,
|
1999-10-28 03:42:27 +08:00
|
|
|
nbytes - n >= 16 ? 16 : nbytes - n );
|
1999-10-27 07:41:09 +08:00
|
|
|
}
|
|
|
|
|
1999-10-27 06:57:39 +08:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
return -1;
|
|
|
|
}
|