From e1e2273076b43a4535a139de21b9ead7835f7c79 Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <vda.linux@googlemail.com>
Date: Fri, 19 Jun 2009 09:49:01 +0200
Subject: mkswap: improve randomness of UUID generation set version/variant
 bits

function                                             old     new   delta
mkswap_main                                          317     410     +93

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
---
 util-linux/mkswap.c | 59 +++++++++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 55 insertions(+), 4 deletions(-)

(limited to 'util-linux/mkswap.c')

diff --git a/util-linux/mkswap.c b/util-linux/mkswap.c
index 167b9ee03..c4e30fd92 100644
--- a/util-linux/mkswap.c
+++ b/util-linux/mkswap.c
@@ -53,14 +53,65 @@ static void mkswap_selinux_setcontext(int fd, const char *path)
 #if ENABLE_DESKTOP
 static void mkswap_generate_uuid(uint8_t *buf)
 {
+	pid_t pid;
 	unsigned i;
 	char uuid_string[32];
 
-	/* rand() is guaranteed to generate at least [0, 2^15) range,
+	/* http://www.ietf.org/rfc/rfc4122.txt
+	 *  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+	 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 * |                          time_low                             |
+	 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 * |       time_mid                |         time_hi_and_version   |
+	 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 * |clk_seq__and_variant           |         node (0-1)            |
+	 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 * |                         node (2-5)                            |
+	 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	 * IOW, uuid has this layout:
+	 * uint32_t time_low (big endian)
+	 * uint16_t time_mid (big endian)
+	 * uint16_t time_hi_and_version (big endian)
+	 *  version is a 4-bit field:
+	 *   1 Time-based version
+	 *   2 DCE Security version, with embedded POSIX UIDs
+	 *   3 Name-based version (MD5)
+	 *   4 Randomly generated version
+	 *   5 Name-based version (SHA-1)
+	 * uint16_t clk_seq_and_variant (big endian)
+	 *  variant is a 3-bit field:
+	 *   0xx Reserved, NCS backward compatibility
+	 *   10x The variant specified in rfc4122
+	 *   110 Reserved, Microsoft backward compatibility
+	 *   111 Reserved for future definition
+	 * uint8_t node[6]
+	 *
+	 * For version 4, these bits are set/cleared:
+	 * time_hi_and_version & 0x0fff | 0x4000
+	 * clk_seq_and_variant & 0x3fff | 0x8000
+	 */
+
+	i = open("/dev/urandom", O_RDONLY);
+	if (i >= 0) {
+		read(i, buf, 16);
+		close(i);
+	}
+	/* Paranoia. /dev/urandom may be missing.
+	 * rand() is guaranteed to generate at least [0, 2^15) range,
 	 * but lowest bits in some libc are not so "random".  */
-	srand((unsigned)monotonic_us() + getpid());
-	for (i = 0; i < 16; i++)
-		buf[i] = rand() >> 5;
+	srand(monotonic_us());
+	pid = getpid();
+	while (1) {
+		for (i = 0; i < 16; i++)
+			buf[i] ^= rand() >> 5;
+		if (pid == 0)
+			break;
+		srand(pid);
+		pid = 0;
+	}
+
+	buf[4 + 2    ] = (buf[4 + 2    ] & 0x0f) | 0x40; /* time_hi_and_version */
+	buf[4 + 2 + 2] = (buf[4 + 2 + 2] & 0x3f) | 0x80; /* clk_seq_and_variant */
 
 	bin2hex(uuid_string, (void*) buf, 16);
 	/* f.e. UUID=dfd9c173-be52-4d27-99a5-c34c6c2ff55f */
-- 
cgit v1.2.3