cmd/auth: remove private /dev/random reading routines, use genrandom()

This commit is contained in:
cinap_lenrek 2015-08-21 22:46:26 +02:00
parent 809522e80f
commit c6a9cbb071
14 changed files with 31 additions and 131 deletions

View file

@ -52,7 +52,6 @@ main(int argc, char *argv[])
}ARGEND
initcap();
srand(getpid()*time(0));
if(argc >= 2)
runas(argv[0], argv[1]);
else
@ -96,15 +95,6 @@ usage(void)
exits("usage");
}
void
memrandom(void *p, int n)
{
uchar *cp;
for(cp = (uchar*)p; n > 0; n--)
*cp++ = fastrand();
}
/*
* keep caphash fd open since opens of it could be disabled
*/
@ -138,7 +128,7 @@ mkcap(char *from, char *to)
nfrom = strlen(from);
cap = emalloc(nfrom+1+nto+1+sizeof(rand)*3+1);
sprint(cap, "%s@%s", from, to);
memrandom(rand, sizeof(rand));
genrandom(rand, sizeof(rand));
key = cap+nfrom+1+nto+1;
enc64(key, sizeof(rand)*3, rand, sizeof(rand));

View file

@ -33,7 +33,6 @@ void replyerror(char*, ...);
void getraddr(char*);
void mkkey(Authkey*);
void mkticket(Ticketreq*, Ticket*);
void randombytes(uchar*, int);
void nthash(uchar hash[MShashlen], char *passwd);
void lmhash(uchar hash[MShashlen], char *passwd);
void ntv2hash(uchar hash[MShashlen], char *passwd, char *user, char *dom);
@ -64,7 +63,6 @@ main(int argc, char *argv[])
if(db == 0)
syslog(0, AUTHLOG, "no /lib/ndb/auth");
srand(time(0)*getpid());
for(;;){
n = readn(0, buf, sizeof(buf));
if(n <= 0 || convM2TR(buf, n, &tr) <= 0)
@ -167,7 +165,7 @@ challengebox(Ticketreq *tr)
netkey = finddeskey(NETKEYDB, tr->uid, nkbuf);
if(key == nil && netkey == nil){
/* make one up so caller doesn't know it was wrong */
randombytes((uchar*)nkbuf, DESKEYLEN);
genrandom((uchar*)nkbuf, DESKEYLEN);
netkey = nkbuf;
if(debug)
syslog(0, AUTHLOG, "cr-fail uid %s@%s", tr->uid, raddr);
@ -185,7 +183,7 @@ challengebox(Ticketreq *tr)
*/
memset(buf, 0, sizeof(buf));
buf[0] = AuthOK;
chal = lnrand(MAXNETCHAL);
chal = nfastrand(MAXNETCHAL);
sprint(buf+1, "%lud", chal);
if(write(1, buf, NETCHLEN+1) < 0)
exits(0);
@ -322,7 +320,7 @@ http(Ticketreq *tr)
/* send back a ticket encrypted with the key */
mkticket(tr, &t);
randombytes((uchar*)t.chal, CHALLEN);
genrandom((uchar*)t.chal, CHALLEN);
t.num = AuthHr;
n = 0;
tbuf[n++] = AuthOK;
@ -388,7 +386,7 @@ apop(Ticketreq *tr, int type)
/*
* Create a challenge and send it.
*/
randombytes((uchar*)rb, sizeof(rb));
genrandom((uchar*)rb, sizeof(rb));
p = chal;
p += snprint(p, sizeof(chal), "<%lux%lux.%lux%lux@%s>",
rb[0], rb[1], rb[2], rb[3], domainname());
@ -502,7 +500,7 @@ vnc(Ticketreq *tr)
/*
* Create a challenge and send it.
*/
randombytes(chal+6, VNCchallen);
genrandom(chal+6, VNCchallen);
chal[0] = AuthOKvar;
sprint((char*)chal+1, "%-5d", VNCchallen);
if(write(1, chal, sizeof(chal)) != sizeof(chal))
@ -514,7 +512,7 @@ vnc(Ticketreq *tr)
memset(sbuf, 0, sizeof(sbuf));
secret = findsecret(KEYDB, tr->uid, sbuf);
if(secret == nil){
randombytes((uchar*)sbuf, sizeof(sbuf));
genrandom((uchar*)sbuf, sizeof(sbuf));
secret = sbuf;
}
for(i = 0; i < 8; i++)
@ -565,7 +563,7 @@ chap(Ticketreq *tr)
/*
* Create a challenge and send it.
*/
randombytes((uchar*)chal, sizeof(chal));
genrandom((uchar*)chal, sizeof(chal));
write(1, chal, sizeof(chal));
/*
@ -682,7 +680,7 @@ mschap(Ticketreq *tr)
/*
* Create a challenge and send it.
*/
randombytes((uchar*)chal, sizeof(chal));
genrandom(chal, sizeof(chal));
write(1, chal, sizeof(chal));
/*
@ -1001,8 +999,8 @@ getraddr(char *dir)
void
mkkey(Authkey *k)
{
randombytes((uchar*)k->des, DESKEYLEN);
randombytes((uchar*)k->aes, AESKEYLEN);
genrandom((uchar*)k->des, DESKEYLEN);
genrandom((uchar*)k->aes, AESKEYLEN);
}
void
@ -1012,19 +1010,7 @@ mkticket(Ticketreq *tr, Ticket *t)
memmove(t->chal, tr->chal, CHALLEN);
safecpy(t->cuid, tr->uid, sizeof(t->cuid));
safecpy(t->suid, tr->uid, sizeof(t->suid));
randombytes((uchar*)t->key, DESKEYLEN);
}
void
randombytes(uchar *buf, int len)
{
int i;
if(readfile("/dev/random", (char*)buf, len) >= 0)
return;
for(i = 0; i < len; i++)
buf[i] = rand();
genrandom((uchar*)t->key, DESKEYLEN);
}
/*

View file

@ -1,5 +1,6 @@
#include <u.h>
#include <libc.h>
#include <libsec.h>
#include <authsrv.h>
#include <ctype.h>
#include <bio.h>
@ -19,13 +20,12 @@ void
main(int argc, char *argv[])
{
char *u, answer[32], p9pass[32];
int which, i, newkey, newbio, dosecret;
int which, newkey, newbio, dosecret;
long t;
Authkey key;
Acctbio a;
Fs *f;
srand(getpid()*time(0));
fmtinstall('K', deskeyfmt);
which = 0;
@ -84,8 +84,7 @@ main(int argc, char *argv[])
}
if(newkey){
memset(&key, 0, sizeof(key));
for(i=0; i<DESKEYLEN; i++)
key.des[i] = nrand(256);
genrandom((uchar*)key.des, DESKEYLEN);
}
if(a.user == 0){
t = getexpiration(f->keys, u);

View file

@ -74,23 +74,6 @@ main(int argc, char *argv[])
exits(nil);
}
void
randombytes(uchar *p, int len)
{
int i, fd;
fd = open("/dev/random", OREAD);
if(fd < 0){
fprint(2, "%s: can't open /dev/random, using rand()\n", argv0);
srand(time(0));
for(i = 0; i < len; i++)
p[i] = rand();
return;
}
read(fd, p, len);
close(fd);
}
int
badname(char *s)
{
@ -181,7 +164,7 @@ convert(char **db, int len)
keydbaes = 1;
}
randombytes((uchar*)p, keydboff);
genrandom((uchar*)p, keydboff);
if(keydbaes){
AESstate s;

View file

@ -12,7 +12,6 @@ int usepass;
int convert(char*, char*, Authkey*, int);
void usage(void);
void randombytes(uchar*, int);
void
main(int argc, char *argv[])
@ -101,7 +100,7 @@ convert(char *p, char *np, Authkey *key, int len)
if(verb)
print("%s\n", &p[off]);
}
randombytes((uchar*)np, KEYDBOFF);
genrandom((uchar*)np, KEYDBOFF);
len = (len*KEYDBLEN) + KEYDBOFF;
oldCBCencrypt(key->des, np, len);
return len;
@ -113,20 +112,3 @@ usage(void)
fprint(2, "usage: convkeys2 keyfile\n");
exits("usage");
}
void
randombytes(uchar *p, int len)
{
int i, fd;
fd = open("/dev/random", OREAD);
if(fd < 0){
fprint(2, "convkeys2: can't open /dev/random, using rand()\n");
srand(time(0));
for(i = 0; i < len; i++)
p[i] = rand();
return;
}
read(fd, p, len);
close(fd);
}

View file

@ -191,7 +191,6 @@ main(int argc, char *argv[])
fatal("cron already running: %r");
argv0 = "cron";
srand(getpid()*time(0));
last = time(0);
for(;;){
readalljobs();
@ -656,15 +655,6 @@ qidcmp(Qid a, Qid b)
return(a.path != b.path || a.vers != b.vers);
}
void
memrandom(void *p, int n)
{
uchar *cp;
for(cp = (uchar*)p; n > 0; n--)
*cp++ = fastrand();
}
/*
* keep caphash fd open since opens of it could be disabled
*/
@ -699,7 +689,7 @@ mkcap(char *from, char *to)
ncap = nfrom + 1 + nto + 1 + sizeof(rand)*3 + 1;
cap = emalloc(ncap);
snprint(cap, ncap, "%s@%s", from, to);
memrandom(rand, sizeof(rand));
genrandom(rand, sizeof(rand));
key = cap+nfrom+1+nto+1;
enc64(key, sizeof(rand)*3, rand, sizeof(rand));

View file

@ -261,7 +261,7 @@ doreply(State *s, char *user, char *response)
goto err;
}
memrandom(s->tr.chal, CHALLEN);
genrandom((uchar*)s->tr.chal, CHALLEN);
safecpy(s->tr.uid, user, sizeof(s->tr.uid));
alarm(30*1000);
if(_asrequest(s->asfd, &s->tr) < 0){

View file

@ -188,7 +188,7 @@ chapwrite(Fsstate *fss, void *va, uint n)
if(user == nil)
break;
memrandom(pchal, MSchallenv2);
genrandom((uchar*)pchal, MSchallenv2);
/* ChallengeHash() */
ds = sha1(pchal, MSchallenv2, nil, nil);
@ -579,7 +579,7 @@ domschap2(char *passwd, char *user, char *dom, uchar chal[MSchallen], uchar *res
*p++ = t >> 48;
*p++ = t >> 56;
memrandom(p, 8);
genrandom(p, 8);
p += 8; /* 64bit: client nonce */
*p++ = 0; /* 32bit: unknown data */
@ -617,7 +617,7 @@ domschap2(char *passwd, char *user, char *dom, uchar chal[MSchallen], uchar *res
* LmResponse = Cat(HMAC_MD5(LmHash, Cat(SC, CC)), CC)
*/
s = hmac_md5(chal, 8, hash, MShashlen, nil, nil);
memrandom((uchar*)r->LMresp+16, 8);
genrandom((uchar*)r->LMresp+16, 8);
hmac_md5((uchar*)r->LMresp+16, 8, hash, MShashlen, (uchar*)r->LMresp, s);
/*

View file

@ -203,7 +203,6 @@ char *getnvramkey(int);
void initcap(void);
int isclient(char*);
int matchattr(Attr*, Attr*, Attr*);
void memrandom(void*, int);
char *mkcap(char*, char*);
int phaseerror(Fsstate*, char*);
char *phasename(Fsstate*, int, char*);

View file

@ -88,7 +88,7 @@ p9skinit(Proto *p, Fsstate *fss)
switch(s->vers){
case 1:
fss->phase = CHaveChal;
memrandom(s->cchal, CHALLEN);
genrandom((uchar*)s->cchal, CHALLEN);
break;
case 2:
fss->phase = CNeedTreq;
@ -108,7 +108,7 @@ p9skinit(Proto *p, Fsstate *fss)
safecpy(s->tr.authid, _strfindattr(k->attr, "user"), sizeof(s->tr.authid));
safecpy(s->tr.authdom, _strfindattr(k->attr, "dom"), sizeof(s->tr.authdom));
s->key = k;
memrandom(s->tr.chal, sizeof s->tr.chal);
genrandom((uchar*)s->tr.chal, sizeof s->tr.chal);
switch(s->vers){
case 1:
fss->phase = SNeedChal;
@ -449,7 +449,7 @@ mkserverticket(State *s, char *tbuf, int tbuflen)
memmove(t.chal, tr->chal, CHALLEN);
strcpy(t.cuid, tr->uid);
strcpy(t.suid, tr->uid);
memrandom(t.key, DESKEYLEN);
genrandom((uchar*)t.key, DESKEYLEN);
t.num = AuthTc;
ret = convT2M(&t, tbuf, tbuflen, (Authkey*)s->key->priv);
t.num = AuthTs;

View file

@ -566,15 +566,6 @@ matchattr(Attr *pat, Attr *a0, Attr *a1)
return 1;
}
void
memrandom(void *p, int n)
{
uchar *cp;
for(cp = (uchar*)p; n > 0; n--)
*cp++ = fastrand();
}
/*
* keep caphash fd open since opens of it could be disabled
*/
@ -608,7 +599,7 @@ mkcap(char *from, char *to)
nfrom = strlen(from);
cap = emalloc(nfrom+1+nto+1+sizeof(rand)*3+1);
sprint(cap, "%s@%s", from, to);
memrandom(rand, sizeof(rand));
genrandom(rand, sizeof(rand));
key = cap+nfrom+1+nto+1;
enc64(key, sizeof(rand)*3, rand, sizeof(rand));

View file

@ -6,6 +6,7 @@
#include <fcall.h>
#include <bio.h>
#include <ndb.h>
#include <libsec.h>
#include <authsrv.h>
#include "authcmdlib.h"
@ -57,7 +58,6 @@ main(int argc, char *argv[])
getraddr(argv[argc-1]);
argv0 = "guard";
srand((getpid()*1103515245)^time(0));
notify(catchalarm);
/*
@ -69,7 +69,7 @@ main(int argc, char *argv[])
/*
* challenge-response
*/
chal = lnrand(MAXNETCHAL);
chal = nfastrand(MAXNETCHAL);
sprint(buf, "challenge: %lud\nresponse: ", chal);
n = strlen(buf) + 1;
if(write(1, buf, n) != n){

View file

@ -696,24 +696,6 @@ dostat(User *user, ulong qtype, void *p, int n)
return convD2M(&d, p, n);
}
void
randombytes(uchar *p, int len)
{
int i, fd;
fd = open("/dev/random", OREAD);
if(fd < 0){
fprint(2, "keyfs: can't open /dev/random, using rand()\n");
srand(time(0));
for(i = 0; i < len; i++)
p[i] = rand();
return;
}
read(fd, p, len);
close(fd);
}
void
writeusers(void)
{
@ -740,7 +722,7 @@ writeusers(void)
/* pack into buffer */
buf = emalloc(keydboff + nu*keydblen);
p = buf;
randombytes(p, keydboff);
genrandom(p, keydboff);
p += keydboff;
for(i = 0; i < Nuser; i++)
for(u = users[i]; u != nil; u = u->link){

View file

@ -148,16 +148,14 @@ getfile(SConn *conn, char *gf, uchar **buf, ulong *buflen, uchar *key, int nkey)
static int
putfile(SConn *conn, char *pf, uchar *buf, ulong len, uchar *key, int nkey)
{
int i, n, fd, ivo, bufi, done;
int n, fd, ivo, bufi, done;
char s[Maxmsg];
uchar skey[SHA1dlen], b[CHK+Maxmsg], IV[AESbsize];
AESstate aes;
DigestState *sha;
/* create initialization vector */
srand(time(0)); /* doesn't need to be unpredictable */
for(i=0; i<AESbsize; i++)
IV[i] = 0xff & rand();
genrandom(IV, AESbsize);
sha = sha1((uchar*)"aescbc file", 11, nil, nil);
sha1(key, nkey, skey, sha);
setupAESstate(&aes, skey, AESbsize, IV);