prevent a malleability attack; this BREAKS THE PROTOCOL. Also change the library...

[xonotic/d0_blind_id.git] / d0_bignum-gmp.c
diff --git a/d0_bignum-gmp.c b/d0_bignum-gmp.c

index b556b81852696a69058a01347ce8b380d64234f8..30d630103d6a026671b42cf98000371ce3e8b443 100644 (file)
--- a/d0_bignum-gmp.c
+++ b/d0_bignum-gmp.c
@@ -20,6 +20,7 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
  #include "d0_bignum.h"
  
  #include <gmp.h>
+#include <string.h>
  
  struct d0_bignum_s
  {
@@ -27,17 +28,36 @@ struct d0_bignum_s
  };
  
  static gmp_randstate_t RANDSTATE;
+static d0_bignum_t temp;
  
  #include <time.h>
-void d0_bignum_INITIALIZE()
+#include <stdio.h>
+void d0_bignum_INITIALIZE(void)
  {
-       gmp_randinit_default(RANDSTATE);
-       gmp_randseed_ui(RANDSTATE, time(NULL)); // TODO seed
+       FILE *f;
+       d0_bignum_init(&temp);
+       gmp_randinit_mt(RANDSTATE);
+       gmp_randseed_ui(RANDSTATE, time(NULL));
+       f = fopen("/dev/urandom", "rb");
+       if(!f)
+               f = fopen("/dev/random", "rb");
+       if(f)
+       {
+               unsigned char buf[256];
+               setbuf(f, NULL);
+               if(fread(buf, sizeof(buf), 1, f) == 1)
+               {
+                       mpz_import(temp.z, sizeof(buf), 1, 1, 0, 0, buf);
+                       gmp_randseed(RANDSTATE, temp.z);
+               }
+               fclose(f);
+       }
  }
  
-void d0_bignum_SHUTDOWN()
+void d0_bignum_SHUTDOWN(void)
  {
-       // free RANDSTATE
+       d0_bignum_clear(&temp);
+       gmp_randclear(RANDSTATE);
  }
  
  BOOL d0_iobuf_write_bignum(d0_iobuf_t *buf, const d0_bignum_t *bignum)
@@ -77,7 +97,55 @@ d0_bignum_t *d0_iobuf_read_bignum(d0_iobuf_t *buf, d0_bignum_t *bignum)
         return bignum;
  }
  
-d0_bignum_t *d0_bignum_new()
+ssize_t d0_bignum_export_unsigned(const d0_bignum_t *bignum, void *buf, size_t bufsize)
+{
+       size_t count;
+       count = (mpz_sizeinbase(bignum->z, 2) + 7) / 8;
+       if(count > bufsize)
+               return -1;
+       if(bufsize > count)
+       {
+               // pad from left (big endian numbers!)
+               memset(buf, 0, bufsize - count);
+               buf += bufsize - count;
+       }
+       bufsize = count;
+       mpz_export(buf, &bufsize, 1, 1, 0, 0, bignum->z);
+       if(bufsize > count)
+       {
+               // REALLY BAD
+               // mpz_sizeinbase lied to us
+               // buffer overflow
+               // there is no sane way whatsoever to handle this
+               abort();
+       }
+       if(bufsize < count)
+       {
+               // BAD
+               // mpz_sizeinbase lied to us
+               // move the number
+               if(bufsize == 0)
+               {
+                       memset(buf, 0, count);
+               }
+               else
+               {
+                       memmove(buf + count - bufsize, buf, bufsize);
+                       memset(buf, 0, count - bufsize);
+               }
+       }
+       return bufsize;
+}
+
+d0_bignum_t *d0_bignum_import_unsigned(d0_bignum_t *bignum, const void *buf, size_t bufsize)
+{
+       size_t count;
+       if(!bignum) bignum = d0_bignum_new(); if(!bignum) return NULL;
+       mpz_import(bignum->z, bufsize, 1, 1, 0, 0, buf);
+       return bignum;
+}
+
+d0_bignum_t *d0_bignum_new(void)
  {
         d0_bignum_t *b = d0_malloc(sizeof(d0_bignum_t));
         mpz_init(b->z);
@@ -112,10 +180,9 @@ int d0_bignum_cmp(const d0_bignum_t *a, const d0_bignum_t *b)
  
  d0_bignum_t *d0_bignum_rand_range(d0_bignum_t *r, const d0_bignum_t *min, const d0_bignum_t *max)
  {
-       static d0_bignum_t *temp = NULL; if(!temp) temp = d0_bignum_new();
         if(!r) r = d0_bignum_new(); if(!r) return NULL;
-       mpz_sub(temp->z, max->z, min->z);
-       mpz_urandomm(r->z, RANDSTATE, temp->z);
+       mpz_sub(temp.z, max->z, min->z);
+       mpz_urandomm(r->z, RANDSTATE, temp.z);
         mpz_add(r->z, r->z, min->z);
         return r;
  }