mirror
/
OpenTTD
mirror of https://github.com/OpenTTD/OpenTTD
1
0
Fork 0
Code Issues

Change: use a stronger hash and actual random information to generate Uids

pull/11842/head
Patric Stout 2024-01-18 23:52:53 +01:00 committed by Patric Stout
parent 37244bc8c5
commit bd85f61a40
4 changed files with 78 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CMakeLists.txt
View File

@ -448,6 +448,7 @@ if(WIN32)
usp10 usp10
psapi psapi
winhttp winhttp
bcrypt
) )
endif() endif()

60
src/core/random_func.cpp
View File

@ -10,6 +10,7 @@
#include "../stdafx.h" #include "../stdafx.h"
#include "random_func.hpp" #include "random_func.hpp"
#include "bitmath_func.hpp" #include "bitmath_func.hpp"
#include "../debug.h"
#ifdef RANDOM_DEBUG #ifdef RANDOM_DEBUG
#include "../network/network.h" #include "../network/network.h"
@ -20,6 +21,15 @@
#include "../timer/timer_game_calendar.h" #include "../timer/timer_game_calendar.h"
#endif /* RANDOM_DEBUG */ #endif /* RANDOM_DEBUG */
#if defined(_WIN32)
# include <windows.h>
# include <bcrypt.h>
#elif defined(__EMSCRIPTEN__)
# include <emscripten.h>
#elif !defined(__APPLE__) && !defined(__NetBSD__) && !defined(__FreeBSD__)
# include <sys/random.h>
#endif
#include "../safeguards.h" #include "../safeguards.h"
Randomizer _random, _interactive_random; Randomizer _random, _interactive_random;
@ -83,3 +93,53 @@ uint32_t DoRandomRange(uint32_t limit, int line, const char *file)
return ((uint64_t)DoRandom(line, file) * (uint64_t)limit) >> 32; return ((uint64_t)DoRandom(line, file) * (uint64_t)limit) >> 32;
} }
#endif /* RANDOM_DEBUG */ #endif /* RANDOM_DEBUG */
/**
* Fill the given buffer with random bytes.
*
* This function will attempt to use a cryptographically-strong random
* generator, but will fall back to a weaker random generator if none is
* available.
*
* In the end, the buffer will always be filled with some form of random
* bytes when this function returns.
*
* @param buf The buffer to fill with random bytes.
*/
void RandomBytesWithFallback(std::span<uint8_t> buf)
{
#if defined(_WIN32)
auto res = BCryptGenRandom(nullptr, static_cast<PUCHAR>(buf.data()), static_cast<ULONG>(buf.size()), BCRYPT_USE_SYSTEM_PREFERRED_RNG);
if (res >= 0) return;
#elif defined(__APPLE__) || defined(__NetBSD__) || defined(__FreeBSD__)
arc4random_buf(buf.data(), buf.size());
return;
#elif defined(__GLIBC__) && ((__GLIBC__ > 2) || ((__GLIBC__ == 2) && (__GLIBC_MINOR__ >= 25)))
auto res = getrandom(buf.data(), buf.size(), 0);
if (res > 0 && static_cast<size_t>(res) == buf.size()) return;
#elif defined(__EMSCRIPTEN__)
auto res = EM_ASM_INT({
var buf = $0;
var bytes = $1;
var crypto = window.crypto;
if (crypto === undefined || crypto.getRandomValues === undefined) {
return -1;
}
crypto.getRandomValues(Module.HEAPU8.subarray(buf, buf + bytes));
return 1;
}, buf.data(), buf.size());
if (res > 0) return;
#else
# warning "No cryptographically-strong random generator available; using a fallback instead"
#endif
static bool warned_once = false;
Debug(misc, warned_once ? 1 : 0, "Cryptographically-strong random generator unavailable; using fallback");
warned_once = true;
for (uint i = 0; i < buf.size(); i++) {
buf[i] = static_cast<uint8_t>(InteractiveRandom());
}
}

2
src/core/random_func.hpp
View File

@ -159,4 +159,6 @@ inline bool Chance16R(const uint a, const uint b, uint32_t &r)
} }
#endif /* RANDOM_DEBUG */ #endif /* RANDOM_DEBUG */
void RandomBytesWithFallback(std::span<uint8_t> buf);
#endif /* RANDOM_FUNC_HPP */ #endif /* RANDOM_FUNC_HPP */

31
src/misc.cpp
View File

@ -31,7 +31,7 @@
#include "town_kdtree.h" #include "town_kdtree.h"
#include "viewport_kdtree.h" #include "viewport_kdtree.h"
#include "newgrf_profiling.h" #include "newgrf_profiling.h"
#include "3rdparty/md5/md5.h" #include "3rdparty/monocypher/monocypher.h"
#include "safeguards.h" #include "safeguards.h"
@ -61,25 +61,24 @@ void InitializeOldNames();
/** /**
* Generate an unique ID. * Generate an unique ID.
* *
* It isn't as much of an unique ID as we would like, but our random generator * It isn't as much of an unique ID but more a hashed digest of a random
* can only produce 32bit random numbers. * string and a time. It is very likely to be unique, but it does not follow
* That is why we combine InteractiveRandom with the current (steady) clock. * any UUID standard.
* The first to add a bit of randomness, the second to ensure you can't get
* the same unique ID when you run it twice from the same state at different
* times.
*
* This makes it unlikely that two users generate the same ID for different
* subjects. But as this is not an UUID, so it can't be ruled out either.
*/ */
std::string GenerateUid(std::string_view subject) std::string GenerateUid(std::string_view subject)
{ {
auto current_time = std::chrono::duration_cast<std::chrono::nanoseconds>(std::chrono::steady_clock::now().time_since_epoch()).count(); std::array<uint8_t, 32> random_bytes;
std::string coding_string = fmt::format("{}{}{}", InteractiveRandom(), current_time, subject); RandomBytesWithFallback(random_bytes);
Md5 checksum; auto current_time = std::chrono::duration_cast<std::chrono::nanoseconds>(std::chrono::steady_clock::now().time_since_epoch()).count();
MD5Hash digest; std::string coding_string = fmt::format("{}{}", current_time, subject);
checksum.Append(coding_string.c_str(), coding_string.length());
checksum.Finish(digest); std::array<uint8_t, 16> digest;
crypto_blake2b_ctx ctx;
crypto_blake2b_init(&ctx, digest.size());
crypto_blake2b_update(&ctx, random_bytes.data(), random_bytes.size());
crypto_blake2b_update(&ctx, reinterpret_cast<const uint8_t *>(coding_string.data()), coding_string.size());
crypto_blake2b_final(&ctx, digest.data());
return FormatArrayAsHex(digest); return FormatArrayAsHex(digest);
} }