1 /*****************************************************************************
2 * rand.c : non-predictible random bytes generator
3 *****************************************************************************
4 * Copyright © 2007 Rémi Denis-Courmont
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA.
20 *****************************************************************************/
26 #include <vlc_common.h>
34 #include <sys/types.h>
43 * Pseudo-random number generator using a HMAC-MD5 in counter mode.
44 * Probably not very secure (expert patches welcome) but definitely
45 * better than rand() which is defined to be reproducible...
49 static uint8_t okey[BLOCK_SIZE], ikey[BLOCK_SIZE];
51 static void vlc_rand_init (void)
53 #if defined (__OpenBSD__) || defined (__OpenBSD_kernel__)
54 static const char randfile[] = "/dev/random";
56 static const char randfile[] = "/dev/urandom";
58 uint8_t key[BLOCK_SIZE];
60 /* Get non-predictible value as key for HMAC */
61 int fd = vlc_open (randfile, O_RDONLY);
65 for (size_t i = 0; i < sizeof (key);)
67 ssize_t val = read (fd, key + i, sizeof (key) - i);
72 /* Precompute outer and inner keys for HMAC */
73 for (size_t i = 0; i < sizeof (key); i++)
75 okey[i] = key[i] ^ 0x5c;
76 ikey[i] = key[i] ^ 0x36;
83 void vlc_rand_bytes (void *buf, size_t len)
85 static pthread_mutex_t lock = PTHREAD_MUTEX_INITIALIZER;
86 static uint64_t counter = 0;
88 uint64_t stamp = NTPtime64 ();
93 struct md5_s mdi, mdo;
95 pthread_mutex_lock (&lock);
99 pthread_mutex_unlock (&lock);
102 AddMD5 (&mdi, ikey, sizeof (ikey));
103 AddMD5 (&mdi, &stamp, sizeof (stamp));
104 AddMD5 (&mdi, &val, sizeof (val));
107 AddMD5 (&mdo, okey, sizeof (okey));
108 AddMD5 (&mdo, mdi.p_digest, sizeof (mdi.p_digest));
111 if (len < sizeof (mdo.p_digest))
113 memcpy (buf, mdo.p_digest, len);
117 memcpy (buf, mdo.p_digest, sizeof (mdo.p_digest));
118 len -= sizeof (mdo.p_digest);
119 buf = ((uint8_t *)buf) + sizeof (mdo.p_digest);
125 #include <wincrypt.h>
127 void vlc_rand_bytes (void *buf, size_t len)
131 uint8_t *p_buf = (uint8_t *)buf;
133 /* fill buffer with pseudo-random data */
138 if (count < sizeof (val))
140 memcpy (p_buf, &val, count);
144 memcpy (p_buf, &val, sizeof (val));
145 count -= sizeof (val);
146 p_buf += sizeof (val);
149 /* acquire default encryption context */
150 if( CryptAcquireContext(
151 &hProv, // Variable to hold returned handle.
152 NULL, // Use default key container.
153 MS_DEF_PROV, // Use default CSP.
154 PROV_RSA_FULL, // Type of provider to acquire.
157 /* fill buffer with pseudo-random data, intial buffer content
158 is used as auxillary random seed */
159 CryptGenRandom(hProv, len, buf);
160 CryptReleaseContext(hProv, 0);