Try to use truly random data to initialize the random number generator

Fixed: crash when closing the PasswordDlg by clicking on the x
Fixed: -cfg parameter not working
Fixed: does not compile for Windows
Fixed some compiler warnings

git-svn-id: https://svn.code.sf.net/p/keepassx/code/trunk@176 b624d157-de02-0410-bad0-e51aec6abb33
master
sniperbeamer 17 years ago
parent e9a85f91fc
commit b8f59f9f04
  1. 7
      src/Database.cpp
  2. 2
      src/crypto/arcfour.h
  3. 2
      src/crypto/blowfish.h
  4. 10
      src/crypto/yarrow.cpp
  5. 6
      src/dialogs/PasswordDlg.h
  6. 2
      src/import/Import_PwManager.cpp
  7. 62
      src/keepassx.h
  8. 55
      src/lib/random.cpp
  9. 3
      src/lib/random.h
  10. 2
      src/main.cpp
  11. 2
      src/main_win32.cpp

@ -20,8 +20,7 @@
KpxUuid::KpxUuid(){ KpxUuid::KpxUuid() : Data(16,0){
Data.fill(0,16);
} }
KpxUuid::KpxUuid(const void* src){ KpxUuid::KpxUuid(const void* src){
@ -30,7 +29,7 @@ KpxUuid::KpxUuid(const void* src){
void KpxUuid::generate(){ void KpxUuid::generate(){
char uuid[16]; char uuid[16];
getRandomBytes(uuid,16); randomize(uuid,16);
quint32 Secs=QDateTime::currentDateTime().toTime_t(); quint32 Secs=QDateTime::currentDateTime().toTime_t();
quint16 mSecs=QTime::currentTime().msec(); quint16 mSecs=QTime::currentTime().msec();
mSecs=(mSecs & 0x3FF) | (*((quint16*)(uuid+4)) & 0xFC00); //msec has only 10 Bits, filling the rest with random data mSecs=(mSecs & 0x3FF) | (*((quint16*)(uuid+4)) & 0xFC00); //msec has only 10 Bits, filling the rest with random data
@ -61,7 +60,7 @@ void KpxUuid::toRaw(void* dst)const{
} }
void KpxUuid::fromRaw(const void* src){ void KpxUuid::fromRaw(const void* src){
Data=QByteArray((char*)src,16); Data.replace(0,16,(char*)src);
} }
bool KpxUuid::operator==(const KpxUuid& other)const{ bool KpxUuid::operator==(const KpxUuid& other)const{

@ -22,7 +22,7 @@
#define _ARCFOUR_H_ #define _ARCFOUR_H_
#ifndef byte #ifndef byte
#define byte unsigned char #define byte quint8
#endif #endif
class CArcFour{ class CArcFour{

@ -37,7 +37,9 @@ using std::string;
#define uint8_t quint8 #define uint8_t quint8
#define uint16_t quint16 #define uint16_t quint16
#define uint32_t quint32 #define uint32_t quint32
#ifndef byte
#define byte quint8 #define byte quint8
#endif
/** blowfish encryption algorithm. /** blowfish encryption algorithm.
* Derived from libgcrypt-1.1.12 * Derived from libgcrypt-1.1.12

@ -400,12 +400,9 @@ void initYarrow(){
yarrow256_init(&WeakCtx,2,WeakSrc); yarrow256_init(&WeakCtx,2,WeakSrc);
yarrow256_init(&StrongCtx,2,StrongSrc); yarrow256_init(&StrongCtx,2,StrongSrc);
quint8 buffer[100]; quint8 buffer[100];
srand(time(0)); getRandomBytes(buffer,100);
for(int i=0;i<100;i++)
buffer[i]=rand()%256+1;
yarrow256_update(&WeakCtx,0,800,100,buffer); yarrow256_update(&WeakCtx,0,800,100,buffer);
for(int i=0;i<100;i++) getRandomBytes(buffer,100);
buffer[i]=rand()%256+1;
yarrow256_update(&WeakCtx,1,800,100,buffer); yarrow256_update(&WeakCtx,1,800,100,buffer);
Q_ASSERT(yarrow256_is_seeded(&WeakCtx)); Q_ASSERT(yarrow256_is_seeded(&WeakCtx));
} }
@ -429,8 +426,7 @@ void reseedStrongPool(quint8* buffer1,int l1,quint8* buffer2,int l2){
buffer1=buffer1+100; buffer1=buffer1+100;
l1=l1-100; l1=l1-100;
} }
else else{
{
yarrow256_update(&StrongCtx,1,100,25,buffer2); yarrow256_update(&StrongCtx,1,100,25,buffer2);
buffer2=buffer2+25; buffer2=buffer2+25;
l2=l2-25; l2=l2-25;

@ -43,9 +43,9 @@ public:
}; };
enum DlgExit { enum DlgExit {
Exit_Ok, Exit_Ok=QDialog::Accepted,
Exit_Cancel, Exit_Cancel=QDialog::Rejected,
Exit_Quit Exit_Quit=3
}; };
typedef bool (KeyFileGenProc)(const QString& filename,QString* error); typedef bool (KeyFileGenProc)(const QString& filename,QString* error);

@ -31,7 +31,7 @@ bool Import_PwManager::importDatabase(QWidget* GuiParent, IDatabase* db){
char* buffer=NULL; char* buffer=NULL;
int offset=0; int offset=0;
int len=0; int len=0;
if(len=file->size()){ if((len=file->size())){
buffer=new char[len]; buffer=new char[len];
} }
else { else {

@ -34,60 +34,62 @@
#ifdef __cplusplus #ifdef __cplusplus
#include <cstdlib>
#include <iostream> #include <iostream>
#include <assert.h>
#include <math.h> #include <math.h>
#include <time.h> #include <time.h>
#include <assert.h>
#include <cstdlib> #include <QApplication>
#include <QHash>
#include <QList>
#include <QStringList>
#include <QBitArray> #include <QBitArray>
#include <QBrush>
#include <QByteArray> #include <QByteArray>
#include <QVarLengthArray> #include <QCheckBox>
#include <QColor>
#include <QComboBox>
#include <QDataStream> #include <QDataStream>
#include <QString> #include <QDateTime>
#include <QFile> #include <QDialog>
#include <QDir> #include <QDir>
#include <QDomElement>
#include <QFile>
#include <QHash>
#include <QIcon> #include <QIcon>
#include <QPixmap>
#include <QMessageBox>
#include <QDialog>
#include <QImage> #include <QImage>
#include <QPainter>
#include <QBrush>
#include <QColor>
#include <QLineEdit>
#include <QCheckBox>
#include <QComboBox>
#include <QSettings>
#include <QLabel> #include <QLabel>
#include <QDateTime> #include <QLineEdit>
#include <QTreeWidget> #include <QList>
#include <QTimer> #include <QMenu>
#include <QApplication> #include <QMessageBox>
#include <QPainter>
#include <QPaintEvent> #include <QPaintEvent>
#include <QDomElement> #include <QPixmap>
#include <QPushButton> #include <QPushButton>
#include <QSettings>
#include <QString>
#include <QStringList>
#include <QTimer>
#include <QToolButton> #include <QToolButton>
#include <QMenu> #include <QTreeWidget>
#include <QUrl> #include <QUrl>
#include <QVarLengthArray>
#include "crypto/aescpp.h"
#include "crypto/arcfour.h"
#include "crypto/blowfish.h" #include "crypto/blowfish.h"
#include "crypto/sha1.h" #include "crypto/sha1.h"
#include "crypto/twoclass.h"
#include "crypto/aescpp.h"
#include "crypto/sha256.h" #include "crypto/sha256.h"
#include "crypto/twoclass.h"
#include "crypto/yarrow.h" #include "crypto/yarrow.h"
#include "crypto/arcfour.h" #include "lib/bookmarks.h"
#include "lib/FileDialogs.h"
#include "lib/random.h" #include "lib/random.h"
#include "lib/SecString.h" #include "lib/SecString.h"
#include "lib/tools.h" #include "lib/tools.h"
#include "lib/FileDialogs.h"
#include "lib/bookmarks.h"
#include "lib/UrlLabel.h" #include "lib/UrlLabel.h"
#include "KpxConfig.h"
#include "Database.h" #include "Database.h"
#include "KpxConfig.h"
extern QString PluginLoadError; extern QString PluginLoadError;
extern KpxConfig *config; extern KpxConfig *config;

@ -19,29 +19,44 @@
***************************************************************************/ ***************************************************************************/
#include <iostream> #include <iostream>
#include <fstream> #include <fstream>
#include <QDateTime>
#include <QObject>
#include "random.h" #include "random.h"
using namespace std;
void getRandomBytes(void* buffer,int NumBlocks,int BlockSize,bool Strong){ #if defined(Q_WS_WIN)
FILE *dev_random; #include <QSysInfo>
if(Strong){ #include <QMessageBox>
dev_random = fopen("/dev/random","r");} #include <windows.h>
else{ #endif
dev_random = fopen("/dev/urandom","r");}
using namespace std;
if (dev_random==NULL){ void getRandomBytes(void* buffer,int NumBlocks){
srand(QTime(0,0,0).secsTo(QTime::currentTime())); #if defined(Q_WS_WIN)
for(int i=0;i<NumBlocks*BlockSize;i++){ // RtlGenRandom
quint8 rnd=rand()%256; if (QSysInfo::WindowsVersion>=QSysInfo::WV_XP){
((quint8*)buffer)[i]=rnd; bool success=false;
HMODULE hLib=LoadLibraryA("ADVAPI32.DLL");
if (hLib) {
BOOLEAN (APIENTRY *pfn)(void*, ULONG) = (BOOLEAN (APIENTRY *)(void*,ULONG))GetProcAddress(hLib,"SystemFunction036");
if (pfn && pfn(buffer,NumBlocks)) {
success=true;
} }
FreeLibrary(hLib);
}
if (success)
return; return;
} }
else{ #else
fread(buffer,BlockSize,NumBlocks,dev_random); FILE* dev_random = fopen("/dev/random","r");
fclose(dev_random); if (dev_random){
return; size_t bytesRead = fread(buffer,1,NumBlocks,dev_random);
} fclose(dev_random);
if (bytesRead==NumBlocks)
return;
}
#endif
srand(time(NULL));
for(int i=0;i<NumBlocks;i++){
((quint8*)buffer)[i] = (quint8) (rand()%256);
}
} }

@ -20,7 +20,6 @@
#ifndef RANDOM_H_ #ifndef RANDOM_H_
#define RANDOM_H_ #define RANDOM_H_
extern void getRandomBytes(void* buffer,int NumBlocks,int BlockSize=1,bool Strong=false); extern void getRandomBytes(void* buffer,int NumBlocks);
#endif #endif

@ -234,7 +234,7 @@ bool CmdLineArgs::parse(const QStringList& argv){
return false; return false;
} }
QFileInfo file(argv[i+1]); QFileInfo file(argv[i+1]);
ConfigLocation=file.absolutePath(); ConfigLocation=file.absoluteFilePath();
i++; i++;
continue; continue;
} }

@ -22,7 +22,7 @@
#include <windows.h> #include <windows.h>
#include "main.h" #include "main.h"
void initAppPaths(){ void initAppPaths(int argc,char** argv){
AppDir = QApplication::applicationDirPath(); AppDir = QApplication::applicationDirPath();
HomeDir = QString::fromLocal8Bit(qgetenv("APPDATA").constData()); HomeDir = QString::fromLocal8Bit(qgetenv("APPDATA").constData());