generator: allow own PRNG seed source

autogen.sh

@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 
 # simple autogen script that generates basic layout for autotools.
 

man/ccr.1

@@ -237,9 +237,14 @@ private keyring.
 Backups of user data (i.e. for each file the last state that was loaded
 successfully) are, on each change, written to files "pubkeys~" and "secrets~".
 
-When Codecrypt is running, it locks the .ccr directory using a lockfile "lock"
+When Codecrypt is running, it locks the ".ccr" directory using a lockfile "lock"
 and applying flock(2) to it.
 
+For seeding the random number generator, Codecrypt uses data from "/dev/random"
+for generating keys and "/dev/urandom" for everything else, e.g. nonces or
+envelopes. Both cases can be overriden at once by specifying some other
+filename in environment variable CCR_RANDOM_SEED.
+
 .SH RETURN VALUE
 
 \fBccr\fR returns exit status 0 if there was no error and all cryptography went
@@ -353,6 +358,17 @@ import of keys can bring serious inconsistencies into your key naming scheme.
 In a distant universe after much computation, KeyIDs can collide. If you find
 someone who has a colliding KeyID, kiss him and generate another key.
 
+.SS Own sources of random seed
+
+Using CCR_RANDOM_SEED is slightly counterintuitive and dangerous, use it only
+for debugging.
+
+If your system does not have /dev/(u)random, make a port by choosing a safe
+value in the source code instead of specifying the seed each time you invoke
+Codecrypt.
+
+If the seed source of your system can not be trusted, fix the system instead.
+
 .SH Troubleshooting/FAQ
 
 Q: I can't read/verify messages from versions 1.3.1 and older!
@@ -443,5 +459,5 @@ it with caution.
 
 .SH AUTHORS
 
-Codecrypt was written by Mirek Kratochvil in 2013-2016.
+Codecrypt was written by Mirek Kratochvil in 2013-2017.
 

src/actions.cpp

@@ -2,7 +2,7 @@
 /*
  * This file is part of Codecrypt.
  *
- * Copyright (C) 2013-2016 Mirek Kratochvil <exa.exa@gmail.com>
+ * Copyright (C) 2013-2017 Mirek Kratochvil <exa.exa@gmail.com>
  *
  * Codecrypt is free software: you can redistribute it and/or modify it
  * under the terms of the GNU Lesser General Public License as published by
@@ -46,6 +46,8 @@
 #define MSG_CLEARTEXT "MESSAGE-IN-CLEARTEXT"
 #define MSG_DETACHED "MESSAGE-DETACHED"
 
+#define SEED_FAILED { err("error: could not seed PRNG"); return 1; }
+
 inline bool open_keyring (keyring&KR)
 {
 	if (!KR.open()) {
@@ -62,7 +64,7 @@ int action_gen_symkey (const std::string&algspec,
 {
 	symkey sk;
 	ccr_rng r;
-	r.seed (256);
+	if (!r.seed (256)) SEED_FAILED;
 
 	if (!sk.create (algspec, r)) {
 		err ("error: symkey creation failed");
@@ -219,7 +221,7 @@ int action_gen_key (const std::string& p_algspec, const std::string&name,
 	err ("If nothing happens, move mouse, type random stuff on keyboard,");
 	err ("or just wait longer.");
 
-	r.seed (512, false);
+	if (!r.seed (512, false)) SEED_FAILED;
 
 	err ("Seeding done, generating the key...");
 
@@ -312,7 +314,7 @@ int action_sym_encrypt (const std::string&symmetric, bool armor)
 	sencode_destroy (SK);
 
 	ccr_rng r;
-	r.seed (256);
+	if (!r.seed (256)) SEED_FAILED;
 
 	if (!sk.encrypt (std::cin, std::cout, r)) {
 		err ("error: encryption failed");
@@ -375,7 +377,7 @@ int action_encrypt (const std::string&recipient, bool armor,
 	//encryption part
 	encrypted_msg msg;
 	ccr_rng r;
-	r.seed (256);
+	if (!r.seed (256)) SEED_FAILED;
 
 	bvector plaintext;
 	plaintext.from_string (data);
@@ -589,7 +591,7 @@ int action_hash_sign (bool armor, const std::string&symmetric)
 		parts.resize (1);
 		base64_encode (data, parts[0]);
 		ccr_rng r;
-		r.seed (128);
+		if (!r.seed (256)) SEED_FAILED;
 		data = envelope_format (ENVELOPE_HASHFILE, parts, r);
 	}
 
@@ -679,7 +681,7 @@ int action_sign (const std::string&user, bool armor, const std::string&detach,
 	//signature production part
 	signed_msg msg;
 	ccr_rng r;
-	r.seed (256);
+	if (!r.seed (256)) SEED_FAILED;
 
 	bvector message;
 	message.from_string (data);
@@ -1120,7 +1122,7 @@ int action_sign_encrypt (const std::string&user, const std::string&recipient,
 	//make a signature
 	signed_msg smsg;
 	ccr_rng r;
-	r.seed (256);
+	if (!r.seed (256)) SEED_FAILED;
 
 	bvector bv;
 	bv.from_string (data);
@@ -1521,7 +1523,7 @@ int action_export (bool armor,
 		parts.resize (1);
 		base64_encode (data, parts[0]);
 		ccr_rng r;
-		r.seed (128);
+		if (!r.seed (256)) SEED_FAILED;
 		data = envelope_format (ENVELOPE_PUBKEYS, parts, r);
 	}
 
@@ -1777,7 +1779,7 @@ int action_export_sec (bool armor, bool yes,
 		parts.resize (1);
 		base64_encode (data, parts[0]);
 		ccr_rng r;
-		r.seed (128);
+		if (!r.seed (256)) SEED_FAILED;
 		data = envelope_format (ENVELOPE_SECRETS, parts, r);
 	}
 

src/generator.cpp

@@ -2,7 +2,7 @@
 /*
  * This file is part of Codecrypt.
  *
- * Copyright (C) 2013-2016 Mirek Kratochvil <exa.exa@gmail.com>
+ * Copyright (C) 2013-2017 Mirek Kratochvil <exa.exa@gmail.com>
  *
  * Codecrypt is free software: you can redistribute it and/or modify it
  * under the terms of the GNU Lesser General Public License as published by
@@ -19,16 +19,20 @@
  */
 
 #include "generator.h"
+#include "iohelpers.h"
 
 #include <fstream>
 #include <vector>
 
+#include <string.h> //for strerror
+#include <stdlib.h> //for getenv
+
 static inline uint bytes (uint bits)
 {
 	return (bits >> 3) + ( (bits & 7) ? 1 : 0);
 }
 
-void ccr_rng::seed (uint bits, bool quick)
+bool ccr_rng::seed (uint bits, bool quick)
 {
 	std::vector<byte> s;
 	std::ifstream f;
@@ -36,12 +40,22 @@ void ccr_rng::seed (uint bits, bool quick)
 	uint b = bytes (bits);
 	if (b > 256) b = 256;
 
-	f.open (quick ? "/dev/urandom" : "/dev/random",
+	char*user_source = getenv ("CCR_RANDOM_SEED");
-	        std::ios::in | std::ios::binary);
+	std::string seed_source = user_source ? user_source :
+	                          quick ? "/dev/urandom" :
+	                          "/dev/random";
+
+	f.open (seed_source, std::ios::in | std::ios::binary);
+	if (!f.good()) {
+		err ("opening " << seed_source << " failed: "
+		     << strerror (errno));
+		return false;
+	}
 	s.resize (b);
 	for (uint i = 0; i < b; ++i) f >> s[i];
 	f.close();
 
 	r.load_key_vector (s);
+	return true;
 }
 

src/generator.h

@@ -2,7 +2,7 @@
 /*
  * This file is part of Codecrypt.
  *
- * Copyright (C) 2013-2016 Mirek Kratochvil <exa.exa@gmail.com>
+ * Copyright (C) 2013-2017 Mirek Kratochvil <exa.exa@gmail.com>
  *
  * Codecrypt is free software: you can redistribute it and/or modify it
  * under the terms of the GNU Lesser General Public License as published by
@@ -40,7 +40,7 @@ public:
 		r.clear();
 	}
 
-	void seed (uint bits, bool quick = true);
+	bool seed (uint bits, bool quick = true);
 
 	uint random (uint n) {
 		randmax_type i;

src/main.cpp

@@ -2,7 +2,7 @@
 /*
  * This file is part of Codecrypt.
  *
- * Copyright (C) 2013-2016 Mirek Kratochvil <exa.exa@gmail.com>
+ * Copyright (C) 2013-2017 Mirek Kratochvil <exa.exa@gmail.com>
  *
  * Codecrypt is free software: you can redistribute it and/or modify it
  * under the terms of the GNU Lesser General Public License as published by
@@ -23,7 +23,7 @@
 void print_version()
 {
 	out ("codecrypt " PACKAGE_VERSION);
-	out ("Copyright (C) 2013-2016 Mirek Kratochvil <exa.exa@gmail.com>");
+	out ("Copyright (C) 2013-2017 Mirek Kratochvil <exa.exa@gmail.com>");
 	out ("This is free software; see the source "
 	     "for copying conditions.  There is NO");
 	out ("warranty; not even for MERCHANTABILITY "

src/xsynd.h

@@ -26,7 +26,7 @@
 #include <stdint.h>
 
 /*
- * XSYND is a stream cipher based on XSYND, the stream cipher with
+ * This is a stream cipher based on XSYND, the stream cipher with
  * mathematicaly provable (AND also proven) security.
  *
  * Parameters chosen for this implementation were chosen to have better attack