# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# This Source Code Form is "Incompatible With Secondary Licenses", as
# defined by the Mozilla Public License, v. 2.0.
package Bugzilla::RNG;
use 5.10.1;
use strict;
use warnings;
use parent qw(Exporter);
use Bugzilla::Constants qw(ON_WINDOWS);
use Math::Random::ISAAC;
use if ON_WINDOWS, 'Win32::API';
our $RNG;
our @EXPORT_OK = qw(rand srand irand);
# ISAAC, a 32-bit generator, should only be capable of generating numbers
# between 0 and 2^32 - 1. We want _to_float to generate numbers possibly
# including 0, but always less than 1.0. Dividing the integer produced
# by irand() by this number should do that exactly.
use constant DIVIDE_BY => 2**32;
# How many bytes of seed to read.
use constant SEED_SIZE => 16; # 128 bits.
#################
# Windows Stuff #
#################
# The type of cryptographic service provider we want to use.
# This doesn't really matter for our purposes, so we just pick
# PROV_RSA_FULL, which seems reasonable. For more info, see
# http://msdn.microsoft.com/en-us/library/aa380244(v=VS.85).aspx
use constant PROV_RSA_FULL => 1;
# Flags for CryptGenRandom:
# Don't ever display a UI to the user, just fail if one would be needed.
use constant CRYPT_SILENT => 64;
# Don't require existing public/private keypairs.
use constant CRYPT_VERIFYCONTEXT => 0xF0000000;
# For some reason, BOOLEAN doesn't work properly as a return type with
# Win32::API.
use constant RTLGENRANDOM_PROTO => <<END;
INT SystemFunction036(
PVOID RandomBuffer,
ULONG RandomBufferLength
)
END
#################
# RNG Functions #
#################
sub rand (;$) {
my ($limit) = @_;
my $int = irand();
return _to_float($int, $limit);
}
sub irand (;$) {
my ($limit) = @_;
Bugzilla::RNG::srand() if !defined $RNG;
my $int = $RNG->irand();
if (defined $limit) {
# We can't just use the mod operator because it will bias
# our output. Search for "modulo bias" on the Internet for
# details. This is slower than mod(), but does not have a bias,
# as demonstrated by Math::Random::Secure's uniform.t test.
return int(_to_float($int, $limit));
}
return $int;
}
sub srand (;$) {
my ($value) = @_;
# Remove any RNG that might already have been made.
$RNG = undef;
my %args;
if (defined $value) {
$args{seed} = $value;
}
$RNG = _create_rng(\%args);
}
sub _to_float {
my ($integer, $limit) = @_;
$limit ||= 1;
return ($integer / DIVIDE_BY) * $limit;
}
##########################
# Seed and PRNG Creation #
##########################
sub _create_rng {
my ($params) = @_;
if (!defined $params->{seed}) {
$params->{seed} = _get_seed();
}
_check_seed($params->{seed});
my @seed_ints = unpack('L*', $params->{seed});
my $rng = Math::Random::ISAAC->new(@seed_ints);
# It's faster to skip the frontend interface of Math::Random::ISAAC
# and just use the backend directly. However, in case the internal
# code of Math::Random::ISAAC changes at some point, we do make sure
# that the {backend} element actually exists first.
return $rng->{backend} ? $rng->{backend} : $rng;
}
sub _check_seed {
my ($seed) = @_;
if (length($seed) < 8) {
warn "Your seed is less than 8 bytes (64 bits). It could be" . " easy to crack";
}
# If it looks like we were seeded with a 32-bit integer, warn the
# user that they are making a dangerous, easily-crackable mistake.
elsif (length($seed) <= 10 and $seed =~ /^\d+$/) {
warn "RNG seeded with a 32-bit integer, this is easy to crack";
}
}
sub _get_seed {
return _windows_seed() if ON_WINDOWS;
if (-r '/dev/urandom') {
return _read_seed_from('/dev/urandom');
}
return _read_seed_from('/dev/random');
}
sub _read_seed_from {
my ($from) = @_;
open(my $fh, '<', $from) or die "$from: $!";
my $buffer;
read($fh, $buffer, SEED_SIZE);
if (length($buffer) < SEED_SIZE) {
die "Could not read enough seed bytes from $from, got only " . length($buffer);
}
close $fh;
return $buffer;
}
sub _windows_seed {
my ($major, $minor) = (Win32::GetOSVersion())[1, 2];
if ($major < 5) {
die "Bugzilla does not support versions of Windows before" . " Windows 2000";
}
# This means Windows 2000.
if ($major == 5 and $minor == 0) {
return _win2k_seed();
}
my $rtlgenrand = Win32::API->new('advapi32', RTLGENRANDOM_PROTO);
if (!defined $rtlgenrand) {
die "Could not import RtlGenRand: $^E";
}
my $buffer = chr(0) x SEED_SIZE;
my $result = $rtlgenrand->Call($buffer, SEED_SIZE);
if (!$result) {
die "RtlGenRand failed: $^E";
}
return $buffer;
}
sub _win2k_seed {
my $crypt_acquire
= Win32::API->new("advapi32", 'CryptAcquireContext', 'PPPNN', 'I');
if (!defined $crypt_acquire) {
die "Could not import CryptAcquireContext: $^E";
}
my $crypt_release
= Win32::API->new("advapi32", 'CryptReleaseContext', 'NN', 'I');
if (!defined $crypt_release) {
die "Could not import CryptReleaseContext: $^E";
}
my $crypt_gen_random
= Win32::API->new("advapi32", 'CryptGenRandom', 'NNP', 'I');
if (!defined $crypt_gen_random) {
die "Could not import CryptGenRandom: $^E";
}
my $context = chr(0) x Win32::API::Type->sizeof('PULONG');
my $acquire_result = $crypt_acquire->Call($context, 0, 0, PROV_RSA_FULL,
CRYPT_SILENT | CRYPT_VERIFYCONTEXT);
if (!defined $acquire_result) {
die "CryptAcquireContext failed: $^E";
}
my $pack_type = Win32::API::Type::packing('PULONG');
$context = unpack($pack_type, $context);
my $buffer = chr(0) x SEED_SIZE;
my $rand_result = $crypt_gen_random->Call($context, SEED_SIZE, $buffer);
my $rand_error = $^E;
# We don't check this if it fails, we don't care.
$crypt_release->Call($context, 0);
if (!defined $rand_result) {
die "CryptGenRandom failed: $rand_error";
}
return $buffer;
}
1;
=head1 B<Methods in need of POD>
=over
=item srand
=item rand
=item irand
=back