From 93d5edc86b27e0ffa3b6badd4c18cd7f0e23cec9 Mon Sep 17 00:00:00 2001 From: dimitri staessens Date: Sat, 8 Jul 2017 16:29:16 +0200 Subject: lib: Add secure random generator This adds a secure random number generator. It will use OS specific calls with a fallback to OpenSSL if available. --- include/ouroboros/random.h | 32 +++++++++++++++++++++++++++++ src/lib/CMakeLists.txt | 35 ++++++++++++++++++++++++++----- src/lib/random.c | 51 ++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 113 insertions(+), 5 deletions(-) create mode 100644 include/ouroboros/random.h create mode 100644 src/lib/random.c diff --git a/include/ouroboros/random.h b/include/ouroboros/random.h new file mode 100644 index 00000000..08555e89 --- /dev/null +++ b/include/ouroboros/random.h @@ -0,0 +1,32 @@ +/* + * Ouroboros - Copyright (C) 2016 - 2017 + * + * Pseudo random generator + * + * Dimitri Staessens + * Sander Vrijders + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * version 2.1 as published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301 USA + */ + +#ifndef OUROBOROS_RANDOM_H +#define OUROBOROS_RANDOM_H + +#include + +int random_buffer(void * buf, + size_t len); + +#endif /* OUROBOROS_RANDOM_H */ diff --git a/src/lib/CMakeLists.txt b/src/lib/CMakeLists.txt index 99dd96fc..e08869b8 100644 --- a/src/lib/CMakeLists.txt +++ b/src/lib/CMakeLists.txt @@ -16,7 +16,7 @@ protobuf_generate_c(FRCT_ENROLL_SRCS FRCT_ENROLL_HDRS frct_enroll.proto) if (NOT APPLE) find_library(LIBRT_LIBRARIES rt) if (NOT LIBRT_LIBRARIES) - message(FATAL_ERROR "librt not found") + message(FATAL_ERROR "Could not find librt.") endif () else () set(LIBRT_LIBRARIES "") @@ -24,9 +24,14 @@ endif () find_library(LIBPTHREAD_LIBRARIES pthread) if (NOT LIBPTHREAD_LIBRARIES) - message(FATAL_ERROR "libpthread not found") + message(FATAL_ERROR "Could not find libpthread.") endif () +find_path(LINUX_RND_HDR + sys/random.h + HINTS /usr/include /usr/local/include + ) + set(SOURCE_FILES # Add source files here bitmap.c @@ -46,6 +51,7 @@ set(SOURCE_FILES nsm.c qos.c qoscube.c + random.c rib.c sha3.c shm_flow_set.c @@ -60,14 +66,33 @@ add_library(ouroboros SHARED ${SOURCE_FILES} ${IRM_PROTO_SRCS} ${IPCP_PROTO_SRCS} ${DIF_CONFIG_PROTO_SRCS} ${CDAP_PROTO_SRCS} ${CACEP_PROTO_SRCS} ${RO_PROTO_SRCS} ${FRCT_ENROLL_SRCS}) -target_link_libraries(ouroboros ${LIBRT_LIBRARIES} - ${LIBPTHREAD_LIBRARIES} ${PROTOBUF_C_LIBRARY}) - include(AddCompileFlags) if (CMAKE_BUILD_TYPE MATCHES Debug) add_compile_flags(ouroboros -DCONFIG_OUROBOROS_DEBUG) endif (CMAKE_BUILD_TYPE MATCHES Debug) +if (CMAKE_SYSTEM_NAME STREQUAL "FreeBSD") + message(STATUS "Found FreeBSD, using arc4random.") +else() + if (${LINUX_RND_HDR} STREQUAL "LINUX_RND_HDR-NOTFOUND") + find_package(OpenSSL) + if (NOT OPENSSL_FOUND) + message(STATUS "No secure random generation, please install OpenSSL.") + else() + message(STATUS "OpenSSL found") + include_directories($OPENSSL_INCLUDE_DIR}) + add_compile_flags(ouroboros -DHAVE_OPENSSL) + endif() + else () + message(STATUS "Found linux random header in ${LINUX_RND_HDR}.") + include_directories(${LINUX_RND_HDR}) + add_compile_flags(ouroboros -DHAVE_SYS_RANDOM) + endif () +endif() + +target_link_libraries(ouroboros ${LIBRT_LIBRARIES} + ${LIBPTHREAD_LIBRARIES} ${PROTOBUF_C_LIBRARY} ${OPENSSL_LIBRARIES}) + install(TARGETS ouroboros LIBRARY DESTINATION usr/lib) target_include_directories(ouroboros PUBLIC ${CMAKE_CURRENT_BINARY_DIR}) diff --git a/src/lib/random.c b/src/lib/random.c new file mode 100644 index 00000000..d6bde0f8 --- /dev/null +++ b/src/lib/random.c @@ -0,0 +1,51 @@ +/* + * Ouroboros - Copyright (C) 2016 - 2017 + * + * Pseudo random generator + * + * Dimitri Staessens + * Sander Vrijders + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * version 2.1 as published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301 USA + */ + +#include + +#if defined(HAVE_SYS_RANDOM) +#include +#elif defined(__FreeBSD__) +#include +#elif defined(HAVE_OPENSSL) +#include +#include +#endif + +int random_buffer(void * buf, + size_t len) +{ +#if defined(HAVE_SYS_RANDOM) + return getrandom(buf, len, GRND_NONBLOCK); /* also in glibc 2.25 */ +#elif defined(__FreeBSD__) + return arc4random_buf(buf, len); +#elif defined(HAVE_OPENSSL) + if (len > 0 && len < INT_MAX) + return RAND_bytes((unsigned char *) buf, (int) len); + return -1; +#else + (void) buf; + (void) len; + return -1; +#endif +} -- cgit v1.2.3