From f6f5e09d00e2054e1f159bdbb3fdb2fe11794876 Mon Sep 17 00:00:00 2001
From: "@syxhe" <https://t.me/syxhe>
Date: Tue, 30 Jul 2024 20:04:24 -0500
Subject: Fix bad phrasegen randomness (what was I smoking lmao)

---
 src/main.c | 54 ++++++++++++------------------------------------------
 1 file changed, 12 insertions(+), 42 deletions(-)

(limited to 'src/main.c')

diff --git a/src/main.c b/src/main.c
index ce20fa0..7da36b8 100644
--- a/src/main.c
+++ b/src/main.c
@@ -14,6 +14,8 @@
 #include "search.h"
 #include "ll.h"
 
+#include <sodium.h>
+
 #include <sys/random.h>
 #include <sys/types.h>
 #include <sys/stat.h>
@@ -69,48 +71,23 @@ static error_t parse_opt(int key, char *arg, struct argp_state *state) {
 
 static struct argp argp = {options, parse_opt, argdoc, doc, NULL, 0, 0};
 
-// Stolen from stackoverflow. Thanks Laurence (https://stackoverflow.com/a/822361)
-int randint(int n) {
-    if ((n - 1) == RAND_MAX) {
-        return random();
-    } else {
-        // Supporting larger values for n would requires an even more
-        // elaborate implementation that combines multiple calls to rand()
-        assert (n <= RAND_MAX);
-
-        // Chop off all of the values that would cause skew...
-        int end = RAND_MAX / n; // truncate skew
-        assert (end > 0);
-        end *= n;
-
-        // ... and ignore results from rand() that fall above that limit.
-        // (Worst case the loop condition should succeed 50% of the time,
-        // so we can expect to bail out of this loop pretty quickly.)
-        int r;
-        while ((r = random()) >= end);
-
-        return r % n;
-    }
-}
-
-char* genphrase(size_t phrasesize) {
-    char *phrase = calloc(phrasesize, sizeof(char));
-    if(phrase == NULL) {
-        error(0, errno, "Couldn't allocate space for generating random phrase");
-        return NULL;
-    }
 
+int genphrase(char *phrase, size_t phrasesize) {
+    memset(phrase, 0, phrasesize);
     for(size_t i = 0; i < phrasesize; i++) {
-        phrase[i] = randint(25 + 1) + 65;
-        if(random() > RAND_MAX / 2)
-            phrase[i] += 32;
+        phrase[i] = randombytes_uniform(('Z' - 'A') + 1) + 'A';
+        if(randombytes_random() > (0xffffffff / 2))
+            phrase[i] += ('a' - 'A');
     }
 
-    return phrase;
+    return 0;
 }
 
 
 int main(int argc, char *argv[]) {
+    if(sodium_init() < 0)
+        error(1, errno, "[VX-GAMBLEGROUND] Could not init sodium");
+
     struct arguments args;
     args.inputpass = NULL;
     args.skipslots = 0;
@@ -124,15 +101,8 @@ int main(int argc, char *argv[]) {
 
         printf("Using input passphrase \"%s\"\n", args.inputpass);
     } else {
-        // Fuck you
-        srandom((unsigned int)time(NULL));
-
         char phrase[PHRASESIZE];
-        for(size_t i = 0; i < sizeof(phrase); i++) {
-            phrase[i] = randint(25 + 1) + 65;
-            if(random() > (RAND_MAX / 2))
-                phrase[i] += 32;
-        }
+        genphrase(phrase, PHRASESIZE);
 
         printf("Encryption phrase: %s\n\nWrite this phrase down EXACTLY if you want to recover your files\n", phrase);
         
-- 
cgit v1.2.3