Changeset 14354

Timestamp:

Dec 4, 2014, 11:27:38 AM (8 years ago)

Author:

mikedld

Message:

#4400, #5462: Move random helpers to crypto-utils

On a way to factoring out OpenSSL support to a standalone file to ease
addition of other crypto libraries support in the future, move helpers
providing random numbers/data generation to crypto-utils.{c,h}. OpenSSL-
related functionality (generation of cryptographically strong random
data) is moved to crypto-utils-openssl.c.

Rename functions to follow currently accepted style:

• tr_cryptoRandBuf -> tr_rand_buffer
• tr_cryptoRandInt -> tr_rand_int
• tr_cryptoWeakRandInt -> tr_rand_int_weak

Fix rare case of invalid value being returned from tr_rand_int. Return
value for abs(INT_MIN) may be undefined and thus negative, and so
tr_rand_int will return negative value which is incorrect (out of
requested and expected range).

Location:

trunk/libtransmission

Files:

• Makefile.am (modified) (2 diffs)
• announcer-udp.c (modified) (2 diffs)
• announcer.c (modified) (4 diffs)
• bandwidth.c (modified) (2 diffs)
• bitfield-test.c (modified) (2 diffs)
• crypto-test.c (modified) (3 diffs)
• crypto-utils-openssl.c (added)
• crypto-utils.c (added)
• crypto-utils.h (added)
• crypto.c (modified) (4 diffs)
• crypto.h (modified) (1 diff)
• file-win32.c (modified) (2 diffs)
• handshake.c (modified) (3 diffs)
• makemeta-test.c (modified) (2 diffs)
• peer-io.c (modified) (1 diff)
• peer-mgr.c (modified) (7 diffs)
• peer-msgs.c (modified) (1 diff)
• rpc-server.c (modified) (2 diffs)
• session.c (modified) (3 diffs)
• torrent.c (modified) (2 diffs)
• tr-dht.c (modified) (8 diffs)
• tr-utp.c (modified) (3 diffs)
• utils-test.c (modified) (4 diffs)

trunk/libtransmission/Makefile.am

@@ -29 +29 @@
   ConvertUTF.c \
   crypto.c \
+  crypto-utils.c \
+  crypto-utils-openssl.c \
   error.c \
   fdlimit.c \
@@ -90 +92 @@
   ConvertUTF.h \
   crypto.h \
+  crypto-utils.h \
   completion.h \
   error.h \

trunk/libtransmission/announcer-udp.c

@@ -20 +20 @@
 #include "announcer.h"
 #include "announcer-common.h"
-#include "crypto.h" /* tr_cryptoRandBuf () */
+#include "crypto-utils.h" /* tr_rand_buffer () */
 #include "log.h"
 #include "peer-io.h"
@@ -109 +109 @@
 {
     tau_transaction_t tmp;
-    tr_cryptoRandBuf (&tmp, sizeof (tau_transaction_t));
+    tr_rand_buffer (&tmp, sizeof (tau_transaction_t));
     return tmp;
 }

trunk/libtransmission/announcer.c

@@ -22 +22 @@
 #include "announcer.h"
 #include "announcer-common.h"
-#include "crypto.h" /* tr_cryptoRandInt (), tr_cryptoWeakRandInt () */
+#include "crypto-utils.h" /* tr_rand_int (), tr_rand_int_weak () */
 #include "log.h"
 #include "peer-mgr.h" /* tr_peerMgrCompactToPex () */
@@ -168 +168 @@
     a = tr_new0 (tr_announcer, 1);
     a->stops = TR_PTR_ARRAY_INIT;
-    a->key = tr_cryptoRandInt (INT_MAX);
+    a->key = tr_rand_int (INT_MAX);
     a->session = session;
     a->slotsAvailable = MAX_CONCURRENT_TASKS;
@@ -350 +350 @@
     tier->announceIntervalSec = DEFAULT_ANNOUNCE_INTERVAL_SEC;
     tier->announceMinIntervalSec = DEFAULT_ANNOUNCE_MIN_INTERVAL_SEC;
-    tier->scrapeAt = get_next_scrape_time (tor->session, tier, tr_cryptoWeakRandInt (180));
+    tier->scrapeAt = get_next_scrape_time (tor->session, tier, tr_rand_int_weak (180));
     tier->tor = tor;
 }
@@ -964 +964 @@
       case 0:  return 0;
       case 1:  return 20;
-      case 2:  return tr_cryptoWeakRandInt (60) + (60 * 5);
-      case 3:  return tr_cryptoWeakRandInt (60) + (60 * 15);
-      case 4:  return tr_cryptoWeakRandInt (60) + (60 * 30);
-      case 5:  return tr_cryptoWeakRandInt (60) + (60 * 60);
-      default: return tr_cryptoWeakRandInt (60) + (60 * 120);
+      case 2:  return tr_rand_int_weak (60) + (60 * 5);
+      case 3:  return tr_rand_int_weak (60) + (60 * 15);
+      case 4:  return tr_rand_int_weak (60) + (60 * 30);
+      case 5:  return tr_rand_int_weak (60) + (60 * 60);
+      default: return tr_rand_int_weak (60) + (60 * 120);
     }
 }

trunk/libtransmission/bandwidth.c

@@ -13 +13 @@
 #include "transmission.h"
 #include "bandwidth.h"
-#include "crypto.h" /* tr_cryptoWeakRandInt () */
+#include "crypto-utils.h" /* tr_rand_int_weak () */
 #include "log.h"
 #include "peer-io.h"
@@ -211 +211 @@
   while (n > 0)
     {
-      const int i = tr_cryptoWeakRandInt (n); /* pick a peer at random */
+      const int i = tr_rand_int_weak (n); /* pick a peer at random */
 
       /* value of 3000 bytes chosen so that when using uTP we'll send a full-size

trunk/libtransmission/bitfield-test.c

@@ -10 +10 @@
 #include <string.h> /* strlen () */
 #include "transmission.h"
-#include "crypto.h"
+#include "crypto-utils.h"
 #include "bitfield.h"
 #include "utils.h" /* tr_free */
@@ -25 +25 @@
   int count1;
   int count2;
-  const int bitCount = 100 + tr_cryptoWeakRandInt (1000);
+  const int bitCount = 100 + tr_rand_int_weak (1000);
   tr_bitfield bf;
 
   /* generate a random bitfield */
   tr_bitfieldConstruct (&bf, bitCount);
-  for (i=0, n=tr_cryptoWeakRandInt (bitCount); i<n; ++i)
-    tr_bitfieldAdd (&bf, tr_cryptoWeakRandInt (bitCount));
-  begin = tr_cryptoWeakRandInt (bitCount);
+  for (i=0, n=tr_rand_int_weak (bitCount); i<n; ++i)
+    tr_bitfieldAdd (&bf, tr_rand_int_weak (bitCount));
+  begin = tr_rand_int_weak (bitCount);
   do
-    end = tr_cryptoWeakRandInt (bitCount);
+    end = tr_rand_int_weak (bitCount);
   while (end == begin);
 

trunk/libtransmission/crypto-test.c

@@ -12 +12 @@
 #include "transmission.h"
 #include "crypto.h"
+#include "crypto-utils.h"
 
 #include "libtransmission-test.h"
@@ -167 +168 @@
 }
 
+static int
+test_random (void)
+{
+  int i;
+
+  /* test that tr_rand_int () stays in-bounds */
+  for (i = 0; i < 100000; ++i)
+    {
+      const int val = tr_rand_int (100);
+      check (val >= 0);
+      check (val < 100);
+    }
+
+  return 0;
+}
+
 int
 main (void)
@@ -173 +190 @@
                              test_encrypt_decrypt,
                              test_sha1,
-                             test_ssha1 };
+                             test_ssha1,
+                             test_random };
 
   return runTests (tests, NUM_TESTS (tests));

trunk/libtransmission/crypto.c

@@ -9 +9 @@
 
 #include <assert.h>
-#include <inttypes.h> /* uint8_t */
 #include <stdarg.h>
-#include <stdlib.h> /* abs () */
 #include <string.h> /* memcpy (), memset (), strcmp () */
 
@@ -19 +17 @@
 #include <openssl/rc4.h>
 #include <openssl/sha.h>
-#include <openssl/rand.h>
 
 #include "transmission.h"
 #include "crypto.h"
+#include "crypto-utils.h"
 #include "log.h"
 #include "utils.h"
@@ -295 +293 @@
 }
 
-int
-tr_cryptoRandInt (int upperBound)
-{
-  int noise;
-  int val;
-
-  assert (upperBound > 0);
-
-  if (RAND_pseudo_bytes ((unsigned char *) &noise, sizeof noise) >= 0)
-    {
-      val = abs (noise) % upperBound;
-    }
-  else /* fall back to a weaker implementation... */
-    {
-      val = tr_cryptoWeakRandInt (upperBound);
-    }
-
-  return val;
-}
-
-int
-tr_cryptoWeakRandInt (int upperBound)
-{
-  static bool init = false;
-
-  assert (upperBound > 0);
-
-  if (!init)
-    {
-      srand (tr_time_msec ());
-      init = true;
-    }
-
-  return rand () % upperBound;
-}
-
-void
-tr_cryptoRandBuf (void * buf, size_t len)
-{
-  if (RAND_pseudo_bytes ((unsigned char*)buf, len) != 1)
-    logErrorFromSSL ();
-}
-
 /***
 ****
@@ -357 +312 @@
   char buf[2*SHA_DIGEST_LENGTH + saltval_len + 2];
 
-  tr_cryptoRandBuf (salt, saltval_len);
+  tr_rand_buffer (salt, saltval_len);
   for (i=0; i<saltval_len; ++i)
     salt[i] = salter[ salt[i] % salter_len ];

trunk/libtransmission/crypto.h

@@ -95 +95 @@
 
 
-/** @brief returns a random number in the range of [0...n) */
-int tr_cryptoRandInt (int n);
-
-/**
- * @brief returns a pseudorandom number in the range of [0...n)
- *
- * This is faster, BUT WEAKER, than tr_cryptoRandInt () and never
- * be used in sensitive cases.
- * @see tr_cryptoRandInt ()
- */
-int            tr_cryptoWeakRandInt (int n);
-
-/** @brief fill a buffer with random bytes */
-void  tr_cryptoRandBuf (void * buf, size_t len);
-
 /** @brief generate a SSHA password from its plaintext source */
 char*  tr_ssha1 (const void * plaintext);

trunk/libtransmission/file-win32.c

@@ -15 +15 @@
 
 #include "transmission.h"
-#include "crypto.h" /* tr_cryptoRandInt () */
+#include "crypto-utils.h" /* tr_rand_int () */
 #include "file.h"
 #include "utils.h"
@@ -206 +206 @@
       while (i > 0 && path_template[i - 1] == 'X')
         {
-          const int c = tr_cryptoRandInt (26 + 26 + 10);
+          const int c = tr_rand_int (26 + 26 + 10);
           path[i - 1] = c < 26 ? c + 'A' : (c < 26 + 26 ? (c - 26) + 'a' : (c - 26 - 26) + '0');
           --i;

trunk/libtransmission/handshake.c

@@ -17 +17 @@
 #include "transmission.h"
 #include "clients.h"
-#include "crypto.h"
+#include "crypto-utils.h"
 #include "handshake.h"
 #include "log.h"
@@ -325 +325 @@
 
   /* add some bullshit padding */
-  len = tr_cryptoRandInt (PadA_MAXLEN);
-  tr_cryptoRandBuf (walk, len);
+  len = tr_rand_int (PadA_MAXLEN);
+  tr_rand_buffer (walk, len);
   walk += len;
 
@@ -749 +749 @@
   memcpy (walk, myKey, len);
   walk += len;
-  len = tr_cryptoRandInt (PadB_MAXLEN);
-  tr_cryptoRandBuf (walk, len);
+  len = tr_rand_int (PadB_MAXLEN);
+  tr_rand_buffer (walk, len);
   walk += len;
 

trunk/libtransmission/makemeta-test.c

@@ -11 +11 @@
 
 #include "transmission.h"
-#include "crypto.h"
+#include "crypto-utils.h"
 #include "file.h"
 #include "makemeta.h"
@@ -230 +230 @@
 
   /* build random payloads */
-  payloadCount = 1 + tr_cryptoWeakRandInt (maxFileCount);
+  payloadCount = 1 + tr_rand_int_weak (maxFileCount);
   payloads = tr_new0 (void*, payloadCount);
   payloadSizes = tr_new0 (size_t, payloadCount);
   for (i=0; i<payloadCount; i++)
     {
-      const size_t n = 1 + tr_cryptoWeakRandInt (maxFileSize);
+      const size_t n = 1 + tr_rand_int_weak (maxFileSize);
       payloads[i] = tr_new (char, n);
-      tr_cryptoRandBuf (payloads[i], n);
+      tr_rand_buffer (payloads[i], n);
       payloadSizes[i] = n;
     }

trunk/libtransmission/peer-io.c

@@ -21 +21 @@
 #include "session.h"
 #include "bandwidth.h"
-#include "crypto.h"
 #include "log.h"
 #include "net.h"

trunk/libtransmission/peer-mgr.c

@@ -25 +25 @@
 #include "clients.h"
 #include "completion.h"
-#include "crypto.h"
+#include "crypto-utils.h"
 #include "handshake.h"
 #include "log.h"
@@ -1098 +1098 @@
           piece->index = pool[i];
           piece->requestCount = 0;
-          piece->salt = tr_cryptoWeakRandInt (4096);
+          piece->salt = tr_rand_int_weak (4096);
         }
 
@@ -1864 +1864 @@
   if (a == NULL)
     {
-      const int jitter = tr_cryptoWeakRandInt (60*10);
+      const int jitter = tr_rand_int_weak (60*10);
       a = tr_new0 (struct peer_atom, 1);
       a->addr = *addr;
@@ -2949 +2949 @@
               rechoke[rechoke_count].peer = peer;
               rechoke[rechoke_count].rechoke_state = rechoke_state;
-              rechoke[rechoke_count].salt = tr_cryptoWeakRandInt (INT_MAX);
+              rechoke[rechoke_count].salt = tr_rand_int_weak (INT_MAX);
               rechoke_count++;
             }
@@ -3089 +3089 @@
           n->wasChoked    = tr_peerMsgsIsPeerChoked (msgs);
           n->rate         = getRate (s->tor, atom, now);
-          n->salt         = tr_cryptoWeakRandInt (INT_MAX);
+          n->salt         = tr_rand_int_weak (INT_MAX);
           n->isChoked     = true;
         }
@@ -3140 +3140 @@
       if ((n = tr_ptrArraySize (&randPool)))
         {
-          c = tr_ptrArrayNth (&randPool, tr_cryptoWeakRandInt (n));
+          c = tr_ptrArrayNth (&randPool, tr_rand_int_weak (n));
           c->isChoked = false;
           s->optimistic = c->msgs;
@@ -3983 +3983 @@
           if (isPeerCandidate (tor, atom, now))
             {
-              const uint8_t salt = tr_cryptoWeakRandInt (1024);
+              const uint8_t salt = tr_rand_int_weak (1024);
               walk->tor = tor;
               walk->atom = atom;

trunk/libtransmission/peer-msgs.c

@@ -21 +21 @@
 #include "cache.h"
 #include "completion.h"
-#include "crypto.h" /* tr_sha1 () */
 #include "file.h"
 #include "log.h"

trunk/libtransmission/rpc-server.c

@@ -20 +20 @@
 
 #include "transmission.h"
-#include "crypto.h" /* tr_cryptoRandBuf (), tr_ssha1_matches () */
+#include "crypto.h" /* tr_ssha1_matches () */
+#include "crypto-utils.h" /* tr_rand_buffer () */
 #include "fdlimit.h"
 #include "list.h"
@@ -92 +93 @@
       unsigned char * buf = tr_new (unsigned char, n+1);
 
-      tr_cryptoRandBuf (buf, n);
+      tr_rand_buffer (buf, n);
       for (i=0; i<n; ++i)
         buf[i] = pool[ buf[i] % pool_size ];

trunk/libtransmission/session.c

@@ -29 +29 @@
 #include "blocklist.h"
 #include "cache.h"
-#include "crypto.h"
+#include "crypto-utils.h"
 #include "fdlimit.h"
 #include "file.h"
@@ -79 +79 @@
 getRandomPort (tr_session * s)
 {
-  return tr_cryptoWeakRandInt (s->randomPortHigh - s->randomPortLow + 1) + s->randomPortLow;
+  return tr_rand_int_weak (s->randomPortHigh - s->randomPortLow + 1) + s->randomPortLow;
 }
 
@@ -97 +97 @@
   memcpy (buf, PEERID_PREFIX, 8);
 
-  tr_cryptoRandBuf (buf+8, 11);
+  tr_rand_buffer (buf+8, 11);
   for (i=8; i<19; ++i)
     {

trunk/libtransmission/torrent.c

@@ -32 +32 @@
 #include "completion.h"
 #include "crypto.h" /* for tr_sha1 */
+#include "crypto-utils.h"
 #include "error.h"
 #include "fdlimit.h" /* tr_fdTorrentClose */
@@ -1649 +1650 @@
   tr_torrentResetTransferStats (tor);
   tr_announcerTorrentStarted (tor);
-  tor->dhtAnnounceAt = now + tr_cryptoWeakRandInt (20);
-  tor->dhtAnnounce6At = now + tr_cryptoWeakRandInt (20);
+  tor->dhtAnnounceAt = now + tr_rand_int_weak (20);
+  tor->dhtAnnounce6At = now + tr_rand_int_weak (20);
   tor->lpdAnnounceAt = now;
   tr_peerMgrStartTorrent (tor);

trunk/libtransmission/tr-dht.c

@@ -51 +51 @@
 #include "transmission.h"
 #include "crypto.h"
+#include "crypto-utils.h"
 #include "file.h"
 #include "log.h"
@@ -94 +95 @@
 {
     const int roughly_msec = roughly_sec * 1000;
-    const int msec = roughly_msec/2 + tr_cryptoWeakRandInt (roughly_msec);
+    const int msec = roughly_msec/2 + tr_rand_int_weak (roughly_msec);
     tr_wait_msec (msec);
 }
@@ -308 +309 @@
          * so it should be something truly random. */
         tr_logAddNamedInfo ("DHT", "Generating new id");
-        tr_cryptoRandBuf (myid, 20);
+        tr_rand_buffer (myid, 20);
     }
 
@@ -326 +327 @@
 
     dht_timer = evtimer_new (session->event_base, timer_callback, session);
-    tr_timerAdd (dht_timer, 0, tr_cryptoWeakRandInt (1000000));
+    tr_timerAdd (dht_timer, 0, tr_rand_int_weak (1000000));
 
     tr_logAddNamedDbg ("DHT", "DHT initialized");
@@ -610 +611 @@
 
             tor->dhtAnnounceAt = now + ((rc == 0)
-                                     ? 5 + tr_cryptoWeakRandInt (5)
-                                     : 25 * 60 + tr_cryptoWeakRandInt (3*60));
+                                     ? 5 + tr_rand_int_weak (5)
+                                     : 25 * 60 + tr_rand_int_weak (3*60));
         }
 
@@ -619 +620 @@
 
             tor->dhtAnnounce6At = now + ((rc == 0)
-                                      ? 5 + tr_cryptoWeakRandInt (5)
-                                      : 25 * 60 + tr_cryptoWeakRandInt (3*60));
+                                      ? 5 + tr_rand_int_weak (5)
+                                      : 25 * 60 + tr_rand_int_weak (3*60));
         }
     }
@@ -653 +654 @@
     /* Being slightly late is fine,
        and has the added benefit of adding some jitter. */
-    tr_timerAdd (dht_timer, tosleep, tr_cryptoWeakRandInt (1000000));
+    tr_timerAdd (dht_timer, tosleep, tr_rand_int_weak (1000000));
 }
 
@@ -689 +690 @@
 dht_random_bytes (void * buf, size_t size)
 {
-    tr_cryptoRandBuf (buf, size);
+    tr_rand_buffer (buf, size);
     return size;
 }

trunk/libtransmission/tr-utp.c

@@ -32 +32 @@
 #include "net.h"
 #include "session.h"
-#include "crypto.h" /* tr_cryptoWeakRandInt () */
+#include "crypto-utils.h" /* tr_rand_int_weak () */
 #include "peer-mgr.h"
 #include "tr-utp.h"
@@ -144 +144 @@
     if (tr_sessionIsUTPEnabled (ss)) {
         sec = 0;
-        usec = UTP_INTERVAL_US / 2 + tr_cryptoWeakRandInt (UTP_INTERVAL_US);
+        usec = UTP_INTERVAL_US / 2 + tr_rand_int_weak (UTP_INTERVAL_US);
     } else {
         /* If somebody has disabled uTP, then we still want to run
@@ -152 +152 @@
            well use a large timeout. */
         sec = 2;
-        usec = tr_cryptoWeakRandInt (1000000);
+        usec = tr_rand_int_weak (1000000);
     }
     tr_timerAdd (utp_timer, sec, usec);

trunk/libtransmission/utils-test.c

@@ -22 +22 @@
 #include "ConvertUTF.h" /* tr_utf8_validate*/
 #include "platform.h"
-#include "crypto.h"
+#include "crypto-utils.h" /* tr_rand_int_weak */
 #include "utils.h"
 #include "web.h"
@@ -244 +244 @@
   /* populate buf with random ints */
   for (i=0; i<n; ++i)
-    buf[i] = tr_cryptoWeakRandInt (range);
+    buf[i] = tr_rand_int_weak (range);
 
   /* find the best k */
@@ -413 +413 @@
 }
 
-static int
-test_cryptoRand (void)
-{
-  int i;
-
-  /* test that tr_cryptoRandInt () stays in-bounds */
-  for (i = 0; i < 100000; ++i)
-    {
-      const int val = tr_cryptoRandInt (100);
-       check (val >= 0);
-       check (val < 100);
-    }
-
-  return 0;
-}
-
 static char *
 test_strdup_printf_valist (const char * fmt, ...)
@@ -537 +521 @@
                              test_base64,
                              test_buildpath,
-                             test_cryptoRand,
                              test_hex,
                              test_lowerbound,