1 /*****************************************************************************
2 * rand.c : non-predictible random bytes generator
3 *****************************************************************************
4 * Copyright © 2007 Rémi Denis-Courmont
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA.
20 *****************************************************************************/
26 #include <vlc_common.h>
34 #include <sys/types.h>
42 * Pseudo-random number generator using a HMAC-MD5 in counter mode.
43 * Probably not very secure (expert patches welcome) but definitely
44 * better than rand() which is defined to be reproducible...
48 static uint8_t okey[BLOCK_SIZE], ikey[BLOCK_SIZE];
50 static void vlc_rand_init (void)
52 #if defined (__OpenBSD__) || defined (__OpenBSD_kernel__)
53 static const char randfile[] = "/dev/random";
55 static const char randfile[] = "/dev/urandom";
57 uint8_t key[BLOCK_SIZE];
59 /* Get non-predictible value as key for HMAC */
60 int fd = open (randfile, O_RDONLY);
64 for (size_t i = 0; i < sizeof (key);)
66 ssize_t val = read (fd, key + i, sizeof (key) - i);
71 /* Precompute outer and inner keys for HMAC */
72 for (size_t i = 0; i < sizeof (key); i++)
74 okey[i] = key[i] ^ 0x5c;
75 ikey[i] = key[i] ^ 0x36;
82 void vlc_rand_bytes (void *buf, size_t len)
84 static pthread_mutex_t lock = PTHREAD_MUTEX_INITIALIZER;
85 static uint64_t counter = 0;
87 uint64_t stamp = NTPtime64 ();
92 struct md5_s mdi, mdo;
94 pthread_mutex_lock (&lock);
98 pthread_mutex_unlock (&lock);
101 AddMD5 (&mdi, ikey, sizeof (ikey));
102 AddMD5 (&mdi, &stamp, sizeof (stamp));
103 AddMD5 (&mdi, &val, sizeof (val));
106 AddMD5 (&mdo, okey, sizeof (okey));
107 AddMD5 (&mdo, mdi.p_digest, sizeof (mdi.p_digest));
110 if (len < sizeof (mdo.p_digest))
112 memcpy (buf, mdo.p_digest, len);
116 memcpy (buf, mdo.p_digest, sizeof (mdo.p_digest));
117 len -= sizeof (mdo.p_digest);
118 buf = ((uint8_t *)buf) + sizeof (mdo.p_digest);
124 #include <wincrypt.h>
126 void vlc_rand_bytes (void *buf, size_t len)
130 uint8_t *p_buf = (uint8_t *)buf;
132 /* fill buffer with pseudo-random data */
137 if (count < sizeof (val))
139 memcpy (p_buf, &val, count);
143 memcpy (p_buf, &val, sizeof (val));
144 count -= sizeof (val);
145 p_buf += sizeof (val);
148 /* acquire default encryption context */
149 if( CryptAcquireContext(
150 &hProv, // Variable to hold returned handle.
151 NULL, // Use default key container.
152 MS_DEF_PROV, // Use default CSP.
153 PROV_RSA_FULL, // Type of provider to acquire.
156 /* fill buffer with pseudo-random data, intial buffer content
157 is used as auxillary random seed */
158 CryptGenRandom(hProv, len, buf);
159 CryptReleaseContext(hProv, 0);