add nonce generation function to remove strain on /dev/urandom on

slow embedded devices. Wrote test to make sure that nonces are indeed unique.
2025-04-07 11:08:36 +00:00 · 2013-05-07 14:41:59 +09:30 · 2013-05-07 14:41:59 +09:30 · 3f77702ee6
commit 3f77702ee6
parent 243a26707e
3 changed files with 77 additions and 0 deletions
--- a/nonce.c
+++ b/nonce.c
@ -0,0 +1,73 @@
+/*
+Copyright (C) 2013 Paul Gardner-Stephen, Serval Project.
+ 
+This program is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License
+as published by the Free Software Foundation; either version 2
+of the License, or (at your option) any later version.
+ 
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+ 
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+*/
+
+#include "serval.h"
+
+int nonce_initialised=0;
+unsigned char nonce_buffer[128];
+
+int generate_nonce(unsigned char *nonce,int bytes)
+{
+  if (bytes<1||bytes>128) return -1;
+ start:
+  if (!nonce_initialised) {
+    if (urandombytes(nonce_buffer,128))
+      return -1;
+    nonce_initialised=1;
+  }
+
+  // Increment nonce
+  int i;
+  for(i=0;i<128;i++)
+    {
+      unsigned char b=nonce_buffer[i]+1;
+      nonce_buffer[i]=b;
+      if (b) break;
+    }
+  if (i>=128) {
+    nonce_initialised=0;
+    goto start;
+  }
+
+  bcopy(nonce_buffer,nonce,bytes);
+  return 0;
+}
+
+int app_nonce_test(const struct cli_parsed *parsed, void *context)
+{
+  int i,j;
+  unsigned char nonces[0x10001][32];
+  for(i=0;i<0x10001;i++)
+    {
+      if (generate_nonce(&nonces[i][0],32))
+	{
+	  printf("Failed to generate nonce #%d\n",i);
+	  exit(-1);
+	}
+      for(j=0;j<i;j++) {
+	if (!bcmp(&nonces[i][0],&nonces[j][0],32)) {
+	  printf("Nonce #%d is the same as nonce #%d\n",i,j);
+	  exit(-1);
+	}
+      }
+      if (!(random()&0xff)) printf("Nonce #%d = %02x%02x%02x%02x...\n",
+			    i,nonces[i][0],nonces[i][1],nonces[i][2],nonces[i][3]);
+    }
+  printf("Test passed\n");
+  return 0;
+}
--- a/serval.h
+++ b/serval.h
@ -675,6 +675,7 @@ int directory_registration();
 int directory_service_init();

 struct cli_parsed;
+int app_nonce_test(const struct cli_parsed *parsed, void *context);
 int app_rhizome_direct_sync(const struct cli_parsed *parsed, void *context);
 #ifdef HAVE_VOIPTEST
 int app_pa_phone(const struct cli_parsed *parsed, void *context);
@ -833,4 +834,6 @@ int link_receive(overlay_mdp_frame *mdp);
 void link_explained(struct subscriber *subscriber);
 void link_interface_down(struct overlay_interface *interface);

+int generate_nonce(unsigned char *nonce,int bytes);
+
 #endif // __SERVALD_SERVALD_H
--- a/sourcefiles.mk
+++ b/sourcefiles.mk
@ -26,6 +26,7 @@ SERVAL_SOURCES = $(SERVAL_BASE)audiodevices.c \
 	$(SERVAL_BASE)monitor-client.c \
 	$(SERVAL_BASE)monitor-cli.c \
 	$(SERVAL_BASE)net.c \
+	$(SERVAL_BASE)nonce.c \
 	$(SERVAL_BASE)overlay.c \
 	$(SERVAL_BASE)overlay_address.c \
 	$(SERVAL_BASE)overlay_buffer.c \