From c196992c766cc1126b34fa7cb7586f76d8fc6c2f Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Thu, 12 May 2011 09:26:40 +0900
Subject: [PATCH] modify random

---
 ChangeLog    |  3 +++
 src/gnuk.h   |  5 +++--
 src/random.c | 33 ++++++++++++++++++++++++---------
 3 files changed, 30 insertions(+), 11 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 3c5e73b..9c50ef6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
 2011-05-12  NIIBE Yutaka  <gniibe@fsij.org>
 
+	* src/random.c (get_salt): Rename from get_random.
+	(random_bytes_get, random_bytes_free): It's 16-byte.
+
 	* src/ac.c (verify_admin_0): Use PW_ERR_PW1 counter when
 	authenticated by PW1.
 
diff --git a/src/gnuk.h b/src/gnuk.h
index b6b9f78..c851bf4 100644
--- a/src/gnuk.h
+++ b/src/gnuk.h
@@ -290,10 +290,11 @@ extern uint8_t admin_authorized;
 
 #define SIZE_PW_STATUS_BYTES 7
 
-/* 32-byte random bytes */
-extern uint32_t get_random (void);
+/* 16-byte random bytes */
 extern const uint8_t *random_bytes_get (void);
 extern void random_bytes_free (const uint8_t *);
+/* 4-byte salt */
+extern uint32_t get_salt (void);
 
 extern uint32_t hardclock (void);
 
diff --git a/src/random.c b/src/random.c
index 569d30e..3eebd84 100644
--- a/src/random.c
+++ b/src/random.c
@@ -1,7 +1,7 @@
 /*
  * random.c -- get random bytes
  *
- * Copyright (C) 2010 Free Software Initiative of Japan
+ * Copyright (C) 2010, 2011 Free Software Initiative of Japan
  * Author: NIIBE Yutaka <gniibe@fsij.org>
  *
  * This file is a part of Gnuk, a GnuPG USB Token implementation.
@@ -25,20 +25,23 @@
 #include "ch.h"
 #include "gnuk.h"
 
+/*
+ * Return pointer to random 16-byte
+ */
 const uint8_t *
 random_bytes_get (void)
 {
   uint32_t addr, addr0;
 
-  addr = (uint32_t)&random_bits_start + ((hardclock () << 5) & 0x3e0);
-  addr0 = addr; 
+  addr = (uint32_t)&random_bits_start + ((hardclock () << 4) & 0x3f0);
+  addr0 = addr;
 
   while (1)
     {
       if (*(uint32_t *)addr != 0 && *(uint32_t *)addr != 0xffffffff)
 	break;
 
-      addr += 32;
+      addr += 16;
       if (addr >= ((uint32_t)&random_bits_start) + 1024)
 	addr = ((uint32_t)&random_bits_start);
 
@@ -49,22 +52,34 @@ random_bytes_get (void)
   return (const uint8_t *)addr;
 }
 
+/*
+ * Free pointer to random 16-byte
+ */
 void
 random_bytes_free (const uint8_t *p)
 {
   int i;
   uint32_t addr = (uint32_t)p;
 
-  for (i = 0; i < 16; i++)
+  for (i = 0; i < 8; i++)
     flash_clear_halfword (addr+i*2);
 }
 
+/*
+ * Return 4-byte salt
+ */
 uint32_t
-get_random (void)
+get_salt (void)
 {
-  const uint32_t *p = (const uint32_t *)random_bytes_get ();
-  uint32_t r = *p;
+  const uint8_t *u = unique_device_id (); /* 12-byte unique id */
+  uint32_t r = 0;
+  int i;
+
+  for (i = 0; i < 4; i++)
+    {
+      r <<= 8;
+      r |= u[hardclock () % 12];
+    }
 
-  random_bytes_free ((const uint8_t *)p);
   return r;
 }