-
Notifications
You must be signed in to change notification settings - Fork 53
Expand file tree
/
Copy pathZrtpRandom.cpp
More file actions
187 lines (157 loc) · 5.45 KB
/
ZrtpRandom.cpp
File metadata and controls
187 lines (157 loc) · 5.45 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
/*
* Copyright (C) 2006-2012 Werner Dittmann
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <fcntl.h>
#include <time.h>
#include <cryptcommon/ZrtpRandom.h>
#include <cryptcommon/aescpp.h>
#include <common/Thread.h>
#include <zrtp/crypto/sha2.h>
static sha512_ctx mainCtx;
static CMutexClass lockRandom;
static bool initialized = false;
/*
* Random bits are produced as follows.
* First stir new entropy into the random state (zrtp->rand_ctx).
* Then make a copy of the random context and finalize it.
* Use the digest to seed an AES-256 context and, if space remains, to
* initialize a counter.
* Then encrypt the counter with the AES-256 context, incrementing it
* per block, until we have produced the desired quantity of data.
*/
/*----------------------------------------------------------------------------*/
int ZrtpRandom::getRandomData(uint8_t* buffer, uint32_t length) {
AESencrypt aesCtx;
sha512_ctx randCtx2;
uint8_t md[SHA512_DIGEST_SIZE];
uint8_t ctr[AES_BLOCK_SIZE];
uint8_t rdata[AES_BLOCK_SIZE];
uint32_t generated = length;
/*
* Add entropy from system state
* We will include whatever happens to be in the buffer, it can't hurt
*/
ZrtpRandom::addEntropy(buffer, length);
lockRandom.Lock();
/* Copy the mainCtx and finalize it into the md buffer */
memcpy(&randCtx2, &mainCtx, sizeof(sha512_ctx));
sha512_end(md, &randCtx2);
lockRandom.Unlock();
/* Key an AES context from this buffer */
aesCtx.key256(md);
/* Initialize counter, using excess from md if available */
memset (ctr, 0, sizeof(ctr));
if (SHA512_DIGEST_SIZE > (256/8)) {
uint32_t ctrbytes = SHA512_DIGEST_SIZE - (256/8);
if (ctrbytes > AES_BLOCK_SIZE)
ctrbytes = AES_BLOCK_SIZE;
memcpy(ctr + sizeof(ctr) - ctrbytes, md + (256/8), ctrbytes);
}
/* Encrypt counter, copy to destination buffer, increment counter */
while (length) {
uint8_t *ctrptr;
uint32_t copied;
aesCtx.encrypt(ctr, rdata);
copied = (sizeof(rdata) < length) ? sizeof(rdata) : length;
memcpy (buffer, rdata, copied);
buffer += copied;
length -= copied;
/* Increment counter */
ctrptr = ctr + sizeof(ctr) - 1;
while (ctrptr >= ctr) {
if ((*ctrptr-- += 1) != 0) {
break;
}
}
}
memset(&randCtx2, 0, sizeof(randCtx2));
memset(md, 0, sizeof(md));
memset(&aesCtx, 0, sizeof(aesCtx));
memset(ctr, 0, sizeof(ctr));
memset(rdata, 0, sizeof(rdata));
return generated;
}
int ZrtpRandom::addEntropy(const uint8_t *buffer, uint32_t length)
{
uint8_t newSeed[64];
size_t len = getSystemSeed(newSeed, sizeof(newSeed));
lockRandom.Lock();
initialize();
if (buffer && length) {
sha512_hash(buffer, length, &mainCtx);
}
if (len > 0) {
sha512_hash(newSeed, len, &mainCtx);
length += len;
}
lockRandom.Unlock();
return length;
}
void ZrtpRandom::initialize() {
if (initialized)
return;
sha512_begin(&mainCtx);
initialized = true;
// Use the processor time consumed by the program and the
// current time for additional entropy
clock_t clock1 = clock();
time_t time1 = time(NULL);
sha512_hash((unsigned char*)&clock1, sizeof(clock1), &mainCtx);
sha512_hash((unsigned char*)&time1, sizeof(time1), &mainCtx);
#if defined(_WIN32) || defined(_WIN64)
// On Windows the /dev/urandom is not used so additional
// entropy has to be gathered from timers. The run time
// of this loop should be not deterministic, because
// it depends on CPU frequency, cache status, context
// switching speed.
// It runs under 1 second.
clock_t clock2;
time_t time2;
do {
clock2 = clock();
time2 = time(NULL);
sha512_hash((unsigned char*)&clock2, sizeof(clock2), &mainCtx);
sha512_hash((unsigned char*)&time2, sizeof(time2), &mainCtx);
} while (clock1 == clock1 && time1 == time2);
#endif
}
/*
* This works for Linux and similar systems. For other systems add
* other functions (using #ifdef conditional compile) to get some
* random data that we can use as seed for the internal PRNG below.
*/
size_t ZrtpRandom::getSystemSeed(uint8_t *seed, size_t length)
{
size_t num = 0;
#if !(defined(_WIN32) || defined(_WIN64))
int rnd = open("/dev/urandom", O_RDONLY);
if (rnd >= 0) {
num = read(rnd, seed, length);
close(rnd);
}
else
return num;
#else
#error This random number generator can not be used on Windows platform without seeding!
#endif
return num;
}
int zrtp_AddEntropy(const uint8_t *buffer, uint32_t length) {
return ZrtpRandom::addEntropy(buffer, length);
}
int zrtp_getRandomData(uint8_t *buffer, uint32_t length) {
return ZrtpRandom::getRandomData(buffer, length);
}