summaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2018-06-28 11:39:49 -0400
committerNick Mathewson <nickm@torproject.org>2018-06-28 11:39:49 -0400
commit48ebd9bf76a0e5ff60b88f8906919016de82e819 (patch)
tree76047a0a4227be696a54987d7d6f4430ec4597e3 /src/lib
parentaa3edfd2053bb418907f204e171ae8f7e78c30eb (diff)
downloadtor-48ebd9bf76a0e5ff60b88f8906919016de82e819.tar.gz
tor-48ebd9bf76a0e5ff60b88f8906919016de82e819.zip
Move weakrng into lib/intmath
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/crypt_ops/crypto_rand.c1
-rw-r--r--src/lib/intmath/include.am6
-rw-r--r--src/lib/intmath/weakrng.c51
-rw-r--r--src/lib/intmath/weakrng.h25
4 files changed, 81 insertions, 2 deletions
diff --git a/src/lib/crypt_ops/crypto_rand.c b/src/lib/crypt_ops/crypto_rand.c
index 247a502241..8ac7d3bfe8 100644
--- a/src/lib/crypt_ops/crypto_rand.c
+++ b/src/lib/crypt_ops/crypto_rand.c
@@ -30,6 +30,7 @@
#include "lib/log/torlog.h"
#include "common/util.h"
#include "lib/encoding/binascii.h"
+#include "lib/intmath/weakrng.h"
DISABLE_GCC_WARNING(redundant-decls)
#include <openssl/rand.h>
diff --git a/src/lib/intmath/include.am b/src/lib/intmath/include.am
index 40459d106d..1ae5d618d4 100644
--- a/src/lib/intmath/include.am
+++ b/src/lib/intmath/include.am
@@ -8,7 +8,8 @@ endif
src_lib_libtor_intmath_a_SOURCES = \
src/lib/intmath/addsub.c \
src/lib/intmath/bits.c \
- src/lib/intmath/muldiv.c
+ src/lib/intmath/muldiv.c \
+ src/lib/intmath/weakrng.c
src_lib_libtor_intmath_testing_a_SOURCES = \
$(src_lib_libtor_intmath_a_SOURCES)
@@ -19,4 +20,5 @@ noinst_HEADERS += \
src/lib/intmath/addsub.h \
src/lib/intmath/cmp.h \
src/lib/intmath/bits.h \
- src/lib/intmath/muldiv.h
+ src/lib/intmath/muldiv.h \
+ src/lib/intmath/weakrng.h
diff --git a/src/lib/intmath/weakrng.c b/src/lib/intmath/weakrng.c
new file mode 100644
index 0000000000..2ecab97cc1
--- /dev/null
+++ b/src/lib/intmath/weakrng.c
@@ -0,0 +1,51 @@
+/* Copyright (c) 2003, Roger Dingledine
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#include "lib/intmath/weakrng.h"
+#include "lib/err/torerr.h"
+
+#include <stdlib.h>
+
+/** Initialize the insecure RNG <b>rng</b> from a seed value <b>seed</b>. */
+void
+tor_init_weak_random(tor_weak_rng_t *rng, unsigned seed)
+{
+ rng->state = (uint32_t)(seed & 0x7fffffff);
+}
+
+/** Return a randomly chosen value in the range 0..TOR_WEAK_RANDOM_MAX based
+ * on the RNG state of <b>rng</b>. This entropy will not be cryptographically
+ * strong; do not rely on it for anything an adversary should not be able to
+ * predict. */
+int32_t
+tor_weak_random(tor_weak_rng_t *rng)
+{
+ /* Here's a linear congruential generator. OpenBSD and glibc use these
+ * parameters; they aren't too bad, and should have maximal period over the
+ * range 0..INT32_MAX. We don't want to use the platform rand() or random(),
+ * since some platforms have bad weak RNGs that only return values in the
+ * range 0..INT16_MAX, which just isn't enough. */
+ rng->state = (rng->state * 1103515245 + 12345) & 0x7fffffff;
+ return (int32_t) rng->state;
+}
+
+/** Return a random number in the range [0 , <b>top</b>). {That is, the range
+ * of integers i such that 0 <= i < top.} Chooses uniformly. Requires that
+ * top is greater than 0. This randomness is not cryptographically strong; do
+ * not rely on it for anything an adversary should not be able to predict. */
+int32_t
+tor_weak_random_range(tor_weak_rng_t *rng, int32_t top)
+{
+ /* We don't want to just do tor_weak_random() % top, since random() is often
+ * implemented with an LCG whose modulus is a power of 2, and those are
+ * cyclic in their low-order bits. */
+ int divisor, result;
+ raw_assert(top > 0);
+ divisor = TOR_WEAK_RANDOM_MAX / top;
+ do {
+ result = (int32_t)(tor_weak_random(rng) / divisor);
+ } while (result >= top);
+ return result;
+}
diff --git a/src/lib/intmath/weakrng.h b/src/lib/intmath/weakrng.h
new file mode 100644
index 0000000000..e5a88b30fe
--- /dev/null
+++ b/src/lib/intmath/weakrng.h
@@ -0,0 +1,25 @@
+/* Copyright (c) 2003, Roger Dingledine
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#ifndef TOR_WEAKRNG_H
+#define TOR_WEAKRNG_H
+
+#include "lib/cc/torint.h"
+
+/* ===== Insecure rng */
+typedef struct tor_weak_rng_t {
+ uint32_t state;
+} tor_weak_rng_t;
+
+#define TOR_WEAK_RNG_INIT {383745623}
+#define TOR_WEAK_RANDOM_MAX (INT_MAX)
+void tor_init_weak_random(tor_weak_rng_t *weak_rng, unsigned seed);
+int32_t tor_weak_random(tor_weak_rng_t *weak_rng);
+int32_t tor_weak_random_range(tor_weak_rng_t *rng, int32_t top);
+/** Randomly return true according to <b>rng</b> with probability 1 in
+ * <b>n</b> */
+#define tor_weak_random_one_in_n(rng, n) (0==tor_weak_random_range((rng),(n)))
+
+#endif