~samiam/MaraDNS

9ca8b8d2bd9bbd7af3dd0210e07693cf630f7784 — Sam Trenholme 2 months ago 588a570
Update Windows port to no longer need secret.txt
See https://github.com/samboy/MaraDNS/issues/59
M deadwood-github/src/DwHash.c => deadwood-github/src/DwHash.c +27 -11
@@ 1,4 1,4 @@
/* Copyright (c) 2007-2014 Sam Trenholme
/* Copyright (c) 2007-2020 Sam Trenholme
 *
 * TERMS
 *


@@ 24,6 24,9 @@
#include <stdint.h>
#include <stdio.h> /* For reading and writing the hash to a file */
#include <time.h>
#ifdef MINGW
#include <wincrypt.h> /* Windows only; *NIX has /dev/random */
#endif

#include "DwHash.h"
/* The default value for the multiply constant is a 31-bit random prime


@@ 46,23 49,17 @@ extern int64_t the_time;
 * information in a table */

/* Called before reading dwood3rc, this sets add_constant based on
 * secret.txt in Windows and /dev/urandom in Unix */
 * CryptGenRandom in Windows and /dev/urandom in Unix */
void set_add_constant() {
        FILE *in = 0;
        dwr_rg *quick_n_dirty = 0;
        dw_str *seedit = 0;
        int counter = 0;
        time_t timestamp = 0;

#ifdef MINGW
        in = fopen("secret.txt","rb");
#else
        in = fopen("/dev/urandom","rb");
#endif /* MINGW */

        if(in == 0) {
                goto catch_set_add_constant;
        }
        HCRYPTPROV CryptContext;
        int b;
#endif

        seedit = dw_create(14);



@@ 71,9 68,28 @@ void set_add_constant() {
        }

        seedit->len = 11;

#ifdef MINGW
        b = CryptAcquireContext(&CryptContext, NULL, NULL, PROV_RSA_FULL,
                CRYPT_VERIFYCONTEXT);
        if(b != 1) {
                goto catch_set_add_constant;
        }
        b = CryptGenRandom(CryptContext, 8, seedit->str);
        if(b != 1) {
                goto catch_set_add_constant;
        }
        CryptReleaseContext(CryptContext,0);
#else
        in = fopen("/dev/urandom","rb");

        if(in == 0) {
                goto catch_set_add_constant;
        }
        for(counter = 0; counter < 8; counter++) {
                *(seedit->str + counter) = getc(in);
        }
#endif /* MINGW */
        timestamp = time(0);
        *(seedit->str + 8) = (timestamp & 0xff);
        *(seedit->str + 9) = (timestamp & 0xff00) >> 8;

M deadwood-github/src/DwSys.c => deadwood-github/src/DwSys.c +24 -10
@@ 1,4 1,4 @@
/* Copyright (c) 2007-2019 Sam Trenholme
/* Copyright (c) 2007-2020 Sam Trenholme
 *
 * TERMS
 *


@@ 26,6 26,8 @@
#ifndef MINGW
#include <grp.h>
#include <signal.h>
#else
#include <wincrypt.h>
#endif /* MINGW */

#include "DwSocket.h"


@@ 593,6 595,9 @@ void noise_to_rng(uint8_t *noise, int len) {
                dw_fatal("error initializing rng_seed");
        }

        /* Make sure we are generating random numbers which differ */
        dw_log_hex("Random number test: ",dwr_rng(rng_seed),128);

        if(z != 0) {
                dw_destroy(z);
                z = 0;


@@ 603,26 608,35 @@ void noise_to_rng(uint8_t *noise, int len) {
 * random_seed_file and get between 16 bytes and the desired length from
 * said file, putting the entropy in the noise pointer */
void get_entropy_from_seedfile(uint8_t *noise,int len) {
#ifdef MINGW
        /* To make life easier for Windows users, we no longer
         * require them to make a secret.txt file before running
         * Deadwood */
        HCRYPTPROV CryptContext;
        int b;
        b = CryptAcquireContext(&CryptContext, NULL, NULL, PROV_RSA_FULL,
                CRYPT_VERIFYCONTEXT);
        if(b != 1) {
                dw_fatal("Can not call CryptAcquireContext");
        }
        b = CryptGenRandom(CryptContext, 32, noise);
        if(b != 1) {
                dw_fatal("Can not call CryptGenRandom");
        }
        CryptReleaseContext(CryptContext,0);
#else /* MINGW */
        char *filename = 0;
        int zap = 0;
        int seed = -1;

        if(key_s[DWM_S_random_seed_file] == 0) {
#ifdef MINGW
                filename = "secret.txt"; /* Default filename */
#else /* MINGW */
                filename = "/dev/urandom"; /* Default filename */
#endif /* MINGW */
        } else {
                filename = (char *)dw_to_cstr(key_s[DWM_S_random_seed_file]);
                zap = 1;
        }

#ifdef MINGW
        seed = open(filename, O_RDONLY|O_BINARY);
#else /* MINGW */
        seed = open(filename, O_RDONLY);
#endif /* MINGW */
        if(seed == -1) {
                dw_log_3strings("Fatal error opening random seed file ",
                       filename,"",1);


@@ 641,7 655,7 @@ void get_entropy_from_seedfile(uint8_t *noise,int len) {
                filename = 0;
        }
        close(seed);

#endif /* MINGW */
}

/* Initialize random number generator.  Note that some bytes of the "noise"

M maradns-win32/Deadwood-win32/Reference.txt => maradns-win32/Deadwood-win32/Reference.txt +15 -17
@@ 194,8 194,8 @@ hash_magic_number
   keep the hash generator somewhat random and immune to certain
   types of attacks. In Deadwood 3.0, entropy for the hash function
   is created by looking at the contents of /dev/urandom
   (secret.txt on Windows machines) and the current timestamp. This
   parameter is only here so older configuration files do not break
   (CryptAcquireContext() on Windows machines) and the current timestamp. 
   This parameter is only here so older configuration files do not break
   in Deadwood 3.0.

ip4


@@ 353,6 353,9 @@ ns_glueless_type

random_seed_file

   Note that this is not used in Windows, which instead uses
   the CryptAcquireContext() to get entropy.

   This is a file that contains random numbers, and is used as a
   seed for the cryptographically strong random number generator.
   Deadwood will try to read 256 bytes from this file (the RNG


@@ 360,9 363,9 @@ random_seed_file

   Note that the hash compression function obtains some of its
   entropy before parsing the mararc file, and is hard-coded to get
   entropy from /dev/urandom (secret.txt on Windows systems). Most
   other entropy used by Deadwood comes from the file pointed to by
   random_seed_file.
   entropy from /dev/urandom (CryptAcquireContext() on Windows 
   systems).  Most other entropy used by Deadwood comes from the 
   file pointed to by random_seed_file.

recurse_min_bind_port



@@ 641,13 644,8 @@ verbose_level
   entropy so that the query ID and source port are hard to guess
   (otherwise it is possible to forge DNS packets).

   The Windows port of Deadwood includes a program called
   "mkSecretTxt.exe" that creates a 64-byte (512 bit) random file
   called "secret.txt" that can be used by Deadwood (via the
   "random_seed_file" parameter); Deadwood also gets entropy from
   the timestamp when Deadwood is started and Deadwood's process ID
   number, so it is same to use the same static secret.txt file as
   the random_seed_file for multiple invocations of Deadwood.
   The Windows port of Deadwood uses the Windows-specific
   CryptAcquireContext() call to generate random bits.

   Note that Deadwood is not protected from someone on the same
   network viewing packets sent by Deadwood and sending forged


@@ 669,11 667,11 @@ verbose_level
   magic number will be suitably random.

   If using a precompiled binary of Deadwood, please ensure that
   the system has /dev/urandom support (on Windows system, please
   ensure that the file with the name secret.txt is generated by
   the included mkSecretTxt.exe program); Deadwood, at runtime,
   uses /dev/urandom (secret.txt in Windows) as a hardcoded path to
   get entropy (along with the timestamp) for the hash algorithm.
   the system has /dev/urandom support (on Windows system, 
   Deadwood uses CryptAcquireContext() get get random bits);
   Deadwood, at runtime, uses /dev/urandom (CryptAcquireContext() 
   in Windows) as a hardcoded path to get entropy (along with the 
   timestamp) for the hash algorithm.

                      Example configuration file


M maradns-win32/Deadwood-win32/Update-guide.txt => maradns-win32/Deadwood-win32/Update-guide.txt +6 -0
@@ 1,3 1,9 @@
Deadwood 3.5.0002 no longer needs to use mkSecretTxt.exe nor a file
named secret.txt to get entropy.  Instead, it uses CryptAcquireContext()
to get random numbers.

---

Deadwood 3.4.01 and Deadwood 3.4.02 do not change any Deadwood code 
relative to Deadwood 3.3.03.


M maradns-win32/Deadwood-win32/dwood3rc.txt => maradns-win32/Deadwood-win32/dwood3rc.txt +0 -3
@@ 31,9 31,6 @@ bind_address="127.0.0.1"
# The IPs allowed to connect and use the cache
recursive_acl = "127.0.0.1/16"

# The file containing a hard-to-guess secret
random_seed_file = "secret.txt" 

# This is the file Deadwood uses to read the cache to and from disk
cache_file = "dw_cache_bin"


M maradns-win32/Deadwood-win32/install.bat => maradns-win32/Deadwood-win32/install.bat +0 -1
@@ 1,4 1,3 @@
mkSecretTxt.exe
Deadwood.exe --install
net start Deadwood
Pause