/**
* @ingroup crypto
* Fill block with a random values.
*
* @param mode desired quality of the random number
* @param buffer the buffer to fill
* @param length buffer length
*/
void
GNUNET_CRYPTO_random_block (enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
{
#ifdef gcry_fast_random_poll
static unsigned int invokeCount;
#endif
switch (mode)
{
case GNUNET_CRYPTO_QUALITY_STRONG:
/* see http://lists.gnupg.org/pipermail/gcrypt-devel/2004-May/000613.html */
#ifdef gcry_fast_random_poll
if ((invokeCount++ % 256) == 0)
gcry_fast_random_poll ();
#endif
gcry_randomize (buffer, length, GCRY_STRONG_RANDOM);
return;
case GNUNET_CRYPTO_QUALITY_NONCE:
gcry_create_nonce (buffer, length);
return;
case GNUNET_CRYPTO_QUALITY_WEAK:
/* see http://lists.gnupg.org/pipermail/gcrypt-devel/2004-May/000613.html */
#ifdef gcry_fast_random_poll
if ((invokeCount++ % 256) == 0)
gcry_fast_random_poll ();
#endif
gcry_randomize (buffer, length, GCRY_WEAK_RANDOM);
return;
default:
GNUNET_assert (0);
}
}
GNUNET_CRYPTO_random_init ()
{
gcry_error_t rc;
if (! gcry_check_version (NEED_LIBGCRYPT_VERSION))
{
FPRINTF (stderr,
_("libgcrypt has not the expected version (version %s is required).\n"),
NEED_LIBGCRYPT_VERSION);
GNUNET_assert (0);
}
if ((rc = gcry_control (GCRYCTL_DISABLE_SECMEM, 0)))
FPRINTF (stderr,
"Failed to set libgcrypt option %s: %s\n",
"DISABLE_SECMEM",
gcry_strerror (rc));
/* Otherwise gnunet-ecc takes forever to complete, besides
we are fine with "just" using GCRY_STRONG_RANDOM */
if ((rc = gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0)))
FPRINTF (stderr,
"Failed to set libgcrypt option %s: %s\n",
"ENABLE_QUICK_RANDOM",
gcry_strerror (rc));
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
gcry_fast_random_poll ();
GNUNET_CRYPTO_seed_weak_random (time (NULL) ^
GNUNET_CRYPTO_random_u32
(GNUNET_CRYPTO_QUALITY_NONCE, UINT32_MAX));
}
int
rb_init_prng(const char *path, prng_seed_t seed_type)
{
#if GNUTLS_VERSION_MAJOR < 3
gcry_fast_random_poll();
#endif
return 1;
}
static int rand_do_bytes(lua_State *L, enum gcry_random_level level)
{
size_t count = luaL_checkint(L, 1);
void* buf = gcry_random_bytes/*_secure*/(count, level);
gcry_fast_random_poll();
lua_pushlstring(L, (char *)buf, count);
return 1;
}
/**
* Produce a random unsigned 32-bit number modulo @a i.
*
* @param mode desired quality of the random number
* @param i the upper limit (exclusive) for the random number
* @return a random value in the interval [0,i[.
*/
uint32_t
GNUNET_CRYPTO_random_u32 (enum GNUNET_CRYPTO_Quality mode,
uint32_t i)
{
#ifdef gcry_fast_random_poll
static unsigned int invokeCount;
#endif
uint32_t ret;
uint32_t ul;
GNUNET_assert (i > 0);
switch (mode)
{
case GNUNET_CRYPTO_QUALITY_STRONG:
/* see http://lists.gnupg.org/pipermail/gcrypt-devel/2004-May/000613.html */
#ifdef gcry_fast_random_poll
if ((invokeCount++ % 256) == 0)
gcry_fast_random_poll ();
#endif
ul = UINT32_MAX - (UINT32_MAX % i);
do
{
gcry_randomize ((unsigned char *) &ret, sizeof (uint32_t),
GCRY_STRONG_RANDOM);
}
while (ret >= ul);
return ret % i;
case GNUNET_CRYPTO_QUALITY_NONCE:
ul = UINT32_MAX - (UINT32_MAX % i);
do
{
gcry_create_nonce (&ret, sizeof (ret));
}
while (ret >= ul);
return ret % i;
case GNUNET_CRYPTO_QUALITY_WEAK:
ret = i * get_weak_random ();
if (ret >= i)
ret = i - 1;
return ret;
default:
GNUNET_assert (0);
}
return 0;
}
int Curl_gtls_seed(struct SessionHandle *data)
{
/* we have the "SSL is seeded" boolean static to prevent multiple
time-consuming seedings in vain */
static bool ssl_seeded = FALSE;
/* Quickly add a bit of entropy */
gcry_fast_random_poll();
if(!ssl_seeded || data->set.str[STRING_SSL_RANDOM_FILE] ||
data->set.str[STRING_SSL_EGDSOCKET]) {
/* TODO: to a good job seeding the RNG
This may involve the gcry_control function and these options:
GCRYCTL_SET_RANDOM_SEED_FILE
GCRYCTL_SET_RNDEGD_SOCKET
*/
ssl_seeded = TRUE;
}
return 0;
}
int
rb_init_prng(const char *path, prng_seed_t seed_type)
{
gcry_fast_random_poll();
return 1;
}
static void
rb_gcry_random_seed(void *unused)
{
gcry_fast_random_poll();
}
