Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
tor
/
src
/
lib
/
intmath
/
weakrng.c

weakrng.c 2.1 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960 
  1. /* Copyright (c) 2003, Roger Dingledine
    2. 

  2.  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
    3. 

  3.  * Copyright (c) 2007-2019, The Tor Project, Inc. */
    4. 

  4. /* See LICENSE for licensing information */
    5. 

  5. 

  6. /**
    7. 

  7.  * \file weakrng.c
    8. 

  8.  *
    9. 

  9.  * \brief A weak but fast PRNG based on a linear congruential generator.
    10. 

  10.  *
    11. 

  11.  * We don't want to use the platform random(), since some of them are even
    12. 

  12.  * worse than this.
    13. 

  13.  **/
    14. 

  14. 

  15. #include "lib/intmath/weakrng.h"
    16. 

  16. #include "lib/err/torerr.h"
    17. 

  17. 

  18. #include <stdlib.h>
    19. 

  19. 

  20. /** Initialize the insecure RNG <b>rng</b> from a seed value <b>seed</b>. */
    21. 

  21. void
    22. 

  22. tor_init_weak_random(tor_weak_rng_t *rng, unsigned seed)
    23. 

  23. {
    24. 

  24.   rng->state = (uint32_t)(seed & 0x7fffffff);
    25. 

  25. }
    26. 

  26. 

  27. /** Return a randomly chosen value in the range 0..TOR_WEAK_RANDOM_MAX based
    28. 

  28.  * on the RNG state of <b>rng</b>.  This entropy will not be cryptographically
    29. 

  29.  * strong; do not rely on it for anything an adversary should not be able to
    30. 

  30.  * predict. */
    31. 

  31. int32_t
    32. 

  32. tor_weak_random(tor_weak_rng_t *rng)
    33. 

  33. {
    34. 

  34.   /* Here's a linear congruential generator. OpenBSD and glibc use these
    35. 

  35.    * parameters; they aren't too bad, and should have maximal period over the
    36. 

  36.    * range 0..INT32_MAX. We don't want to use the platform rand() or random(),
    37. 

  37.    * since some platforms have bad weak RNGs that only return values in the
    38. 

  38.    * range 0..INT16_MAX, which just isn't enough. */
    39. 

  39.   rng->state = (rng->state * 1103515245 + 12345) & 0x7fffffff;
    40. 

  40.   return (int32_t) rng->state;
    41. 

  41. }
    42. 

  42. 

  43. /** Return a random number in the range [0 , <b>top</b>). {That is, the range
    44. 

  44.  * of integers i such that 0 <= i < top.}  Chooses uniformly.  Requires that
    45. 

  45.  * top is greater than 0. This randomness is not cryptographically strong; do
    46. 

  46.  * not rely on it for anything an adversary should not be able to predict. */
    47. 

  47. int32_t
    48. 

  48. tor_weak_random_range(tor_weak_rng_t *rng, int32_t top)
    49. 

  49. {
    50. 

  50.   /* We don't want to just do tor_weak_random() % top, since random() is often
    51. 

  51.    * implemented with an LCG whose modulus is a power of 2, and those are
    52. 

  52.    * cyclic in their low-order bits. */
    53. 

  53.   int divisor, result;
    54. 

  54.   raw_assert(top > 0);
    55. 

  55.   divisor = TOR_WEAK_RANDOM_MAX / top;
    56. 

  56.   do {
    57. 

  57.     result = (int32_t)(tor_weak_random(rng) / divisor);
    58. 

  58.   } while (result >= top);
    59. 

  59.   return result;
    60. 

  60. }
    61.