diff --git a/autogen.sh b/autogen.sh index 5640583..271d2c0 100755 --- a/autogen.sh +++ b/autogen.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # simple autogen script that generates basic layout for autotools. diff --git a/man/ccr.1 b/man/ccr.1 index 384742e..e8552c2 100644 --- a/man/ccr.1 +++ b/man/ccr.1 @@ -237,9 +237,14 @@ private keyring. Backups of user data (i.e. for each file the last state that was loaded successfully) are, on each change, written to files "pubkeys~" and "secrets~". -When Codecrypt is running, it locks the .ccr directory using a lockfile "lock" +When Codecrypt is running, it locks the ".ccr" directory using a lockfile "lock" and applying flock(2) to it. +For seeding the random number generator, Codecrypt uses data from "/dev/random" +for generating keys and "/dev/urandom" for everything else, e.g. nonces or +envelopes. Both cases can be overriden at once by specifying some other +filename in environment variable CCR_RANDOM_SEED. + .SH RETURN VALUE \fBccr\fR returns exit status 0 if there was no error and all cryptography went @@ -353,6 +358,17 @@ import of keys can bring serious inconsistencies into your key naming scheme. In a distant universe after much computation, KeyIDs can collide. If you find someone who has a colliding KeyID, kiss him and generate another key. +.SS Own sources of random seed + +Using CCR_RANDOM_SEED is slightly counterintuitive and dangerous, use it only +for debugging. + +If your system does not have /dev/(u)random, make a port by choosing a safe +value in the source code instead of specifying the seed each time you invoke +Codecrypt. + +If the seed source of your system can not be trusted, fix the system instead. + .SH Troubleshooting/FAQ Q: I can't read/verify messages from versions 1.3.1 and older! @@ -443,5 +459,5 @@ it with caution. .SH AUTHORS -Codecrypt was written by Mirek Kratochvil in 2013-2016. +Codecrypt was written by Mirek Kratochvil in 2013-2017. diff --git a/src/actions.cpp b/src/actions.cpp index 642e076..49c015f 100644 --- a/src/actions.cpp +++ b/src/actions.cpp @@ -2,7 +2,7 @@ /* * This file is part of Codecrypt. * - * Copyright (C) 2013-2016 Mirek Kratochvil + * Copyright (C) 2013-2017 Mirek Kratochvil * * Codecrypt is free software: you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as published by @@ -46,6 +46,8 @@ #define MSG_CLEARTEXT "MESSAGE-IN-CLEARTEXT" #define MSG_DETACHED "MESSAGE-DETACHED" +#define SEED_FAILED { err("error: could not seed PRNG"); return 1; } + inline bool open_keyring (keyring&KR) { if (!KR.open()) { @@ -62,7 +64,7 @@ int action_gen_symkey (const std::string&algspec, { symkey sk; ccr_rng r; - r.seed (256); + if (!r.seed (256)) SEED_FAILED; if (!sk.create (algspec, r)) { err ("error: symkey creation failed"); @@ -219,7 +221,7 @@ int action_gen_key (const std::string& p_algspec, const std::string&name, err ("If nothing happens, move mouse, type random stuff on keyboard,"); err ("or just wait longer."); - r.seed (512, false); + if (!r.seed (512, false)) SEED_FAILED; err ("Seeding done, generating the key..."); @@ -312,7 +314,7 @@ int action_sym_encrypt (const std::string&symmetric, bool armor) sencode_destroy (SK); ccr_rng r; - r.seed (256); + if (!r.seed (256)) SEED_FAILED; if (!sk.encrypt (std::cin, std::cout, r)) { err ("error: encryption failed"); @@ -375,7 +377,7 @@ int action_encrypt (const std::string&recipient, bool armor, //encryption part encrypted_msg msg; ccr_rng r; - r.seed (256); + if (!r.seed (256)) SEED_FAILED; bvector plaintext; plaintext.from_string (data); @@ -589,7 +591,7 @@ int action_hash_sign (bool armor, const std::string&symmetric) parts.resize (1); base64_encode (data, parts[0]); ccr_rng r; - r.seed (128); + if (!r.seed (256)) SEED_FAILED; data = envelope_format (ENVELOPE_HASHFILE, parts, r); } @@ -679,7 +681,7 @@ int action_sign (const std::string&user, bool armor, const std::string&detach, //signature production part signed_msg msg; ccr_rng r; - r.seed (256); + if (!r.seed (256)) SEED_FAILED; bvector message; message.from_string (data); @@ -1120,7 +1122,7 @@ int action_sign_encrypt (const std::string&user, const std::string&recipient, //make a signature signed_msg smsg; ccr_rng r; - r.seed (256); + if (!r.seed (256)) SEED_FAILED; bvector bv; bv.from_string (data); @@ -1521,7 +1523,7 @@ int action_export (bool armor, parts.resize (1); base64_encode (data, parts[0]); ccr_rng r; - r.seed (128); + if (!r.seed (256)) SEED_FAILED; data = envelope_format (ENVELOPE_PUBKEYS, parts, r); } @@ -1777,7 +1779,7 @@ int action_export_sec (bool armor, bool yes, parts.resize (1); base64_encode (data, parts[0]); ccr_rng r; - r.seed (128); + if (!r.seed (256)) SEED_FAILED; data = envelope_format (ENVELOPE_SECRETS, parts, r); } diff --git a/src/generator.cpp b/src/generator.cpp index 967d888..c0d3911 100644 --- a/src/generator.cpp +++ b/src/generator.cpp @@ -2,7 +2,7 @@ /* * This file is part of Codecrypt. * - * Copyright (C) 2013-2016 Mirek Kratochvil + * Copyright (C) 2013-2017 Mirek Kratochvil * * Codecrypt is free software: you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as published by @@ -19,16 +19,20 @@ */ #include "generator.h" +#include "iohelpers.h" #include #include +#include //for strerror +#include //for getenv + static inline uint bytes (uint bits) { return (bits >> 3) + ( (bits & 7) ? 1 : 0); } -void ccr_rng::seed (uint bits, bool quick) +bool ccr_rng::seed (uint bits, bool quick) { std::vector s; std::ifstream f; @@ -36,12 +40,22 @@ void ccr_rng::seed (uint bits, bool quick) uint b = bytes (bits); if (b > 256) b = 256; - f.open (quick ? "/dev/urandom" : "/dev/random", - std::ios::in | std::ios::binary); + char*user_source = getenv ("CCR_RANDOM_SEED"); + std::string seed_source = user_source ? user_source : + quick ? "/dev/urandom" : + "/dev/random"; + + f.open (seed_source, std::ios::in | std::ios::binary); + if (!f.good()) { + err ("opening " << seed_source << " failed: " + << strerror (errno)); + return false; + } s.resize (b); for (uint i = 0; i < b; ++i) f >> s[i]; f.close(); r.load_key_vector (s); + return true; } diff --git a/src/generator.h b/src/generator.h index 5de44e2..27c7c33 100644 --- a/src/generator.h +++ b/src/generator.h @@ -2,7 +2,7 @@ /* * This file is part of Codecrypt. * - * Copyright (C) 2013-2016 Mirek Kratochvil + * Copyright (C) 2013-2017 Mirek Kratochvil * * Codecrypt is free software: you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as published by @@ -40,7 +40,7 @@ public: r.clear(); } - void seed (uint bits, bool quick = true); + bool seed (uint bits, bool quick = true); uint random (uint n) { randmax_type i; diff --git a/src/main.cpp b/src/main.cpp index 4651dc7..dd41dfb 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -2,7 +2,7 @@ /* * This file is part of Codecrypt. * - * Copyright (C) 2013-2016 Mirek Kratochvil + * Copyright (C) 2013-2017 Mirek Kratochvil * * Codecrypt is free software: you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as published by @@ -23,7 +23,7 @@ void print_version() { out ("codecrypt " PACKAGE_VERSION); - out ("Copyright (C) 2013-2016 Mirek Kratochvil "); + out ("Copyright (C) 2013-2017 Mirek Kratochvil "); out ("This is free software; see the source " "for copying conditions. There is NO"); out ("warranty; not even for MERCHANTABILITY " diff --git a/src/xsynd.h b/src/xsynd.h index 28633d4..85edbb1 100644 --- a/src/xsynd.h +++ b/src/xsynd.h @@ -26,7 +26,7 @@ #include /* - * XSYND is a stream cipher based on XSYND, the stream cipher with + * This is a stream cipher based on XSYND, the stream cipher with * mathematicaly provable (AND also proven) security. * * Parameters chosen for this implementation were chosen to have better attack