From a2169368bbd92b77636e39b5cfe864a1236b083b Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Thu, 28 Jan 2021 22:28:01 +0100
Subject: implement #6716

---
 src/include/gnunet_common.h     |  7 ++++++-
 src/include/gnunet_crypto_lib.h | 16 +++++++++++++++
 src/util/crypto_random.c        | 44 +++++++++++++++++++++++++++++++++++++----
 src/util/test_crypto_random.c   |  3 +++
 4 files changed, 65 insertions(+), 5 deletions(-)

diff --git a/src/include/gnunet_common.h b/src/include/gnunet_common.h
index 707108289..4dab71f7f 100644
--- a/src/include/gnunet_common.h
+++ b/src/include/gnunet_common.h
@@ -256,7 +256,12 @@ struct GNUNET_ShortHashCode
 
 
 /**
- * A UUID, a 128 bit random value.
+ * A UUID, a 128 bit "random" value.  We OFTEN use
+ * timeflakes (see: https://github.com/anthonynsimon/timeflake),
+ * where only 80 bits are random and the rest encodes
+ * a timestamp to improve database access.
+ *
+ * See #GNUNET_CRYPTO_random_timeflake().
  */
 struct GNUNET_Uuid
 {
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index 5521dad3c..d01457b4a 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -475,6 +475,22 @@ GNUNET_CRYPTO_random_block (enum GNUNET_CRYPTO_Quality mode,
                             void *buffer,
                             size_t length);
 
+
+/**
+ * @ingroup crypto
+ * Fill UUID with a timeflake pseudo-random value.  Note that
+ * timeflakes use only 80 bits of randomness and 48 bits
+ * to encode a timestamp in milliseconds. So what we return
+ * here is not a completely random number.
+ *
+ * @param mode desired quality of the random number
+ * @param uuid the value to fill
+ */
+void
+GNUNET_CRYPTO_random_timeflake (enum GNUNET_CRYPTO_Quality mode,
+                                struct GNUNET_Uuid *uuid);
+
+
 /**
  * @ingroup crypto
  * Produce a random value.
diff --git a/src/util/crypto_random.c b/src/util/crypto_random.c
index ffcabd0df..0c5d6fe7e 100644
--- a/src/util/crypto_random.c
+++ b/src/util/crypto_random.c
@@ -26,6 +26,7 @@
  */
 #include "platform.h"
 #include "gnunet_crypto_lib.h"
+#include "gnunet_time_lib.h"
 #include <gcrypt.h>
 
 #define LOG(kind, ...) GNUNET_log_from (kind, "util-crypto-random", __VA_ARGS__)
@@ -80,7 +81,7 @@ glibc_weak_rand32 ()
  * @return number between 0 and 1.
  */
 static double
-get_weak_random ()
+get_weak_random (void)
 {
   return((double) random () / RAND_MAX);
 }
@@ -176,7 +177,8 @@ GNUNET_CRYPTO_random_block (enum GNUNET_CRYPTO_Quality mode,
  * @return a random value in the interval [0,i[.
  */
 uint32_t
-GNUNET_CRYPTO_random_u32 (enum GNUNET_CRYPTO_Quality mode, uint32_t i)
+GNUNET_CRYPTO_random_u32 (enum GNUNET_CRYPTO_Quality mode,
+                          uint32_t i)
 {
 #ifdef gcry_fast_random_poll
   static unsigned int invokeCount;
@@ -235,7 +237,8 @@ GNUNET_CRYPTO_random_u32 (enum GNUNET_CRYPTO_Quality mode, uint32_t i)
  * @return the permutation array (allocated from heap)
  */
 unsigned int *
-GNUNET_CRYPTO_random_permute (enum GNUNET_CRYPTO_Quality mode, unsigned int n)
+GNUNET_CRYPTO_random_permute (enum GNUNET_CRYPTO_Quality mode,
+                              unsigned int n)
 {
   unsigned int *ret;
   unsigned int i;
@@ -265,7 +268,8 @@ GNUNET_CRYPTO_random_permute (enum GNUNET_CRYPTO_Quality mode, unsigned int n)
  * @return random 64-bit number
  */
 uint64_t
-GNUNET_CRYPTO_random_u64 (enum GNUNET_CRYPTO_Quality mode, uint64_t max)
+GNUNET_CRYPTO_random_u64 (enum GNUNET_CRYPTO_Quality mode,
+                          uint64_t max)
 {
   uint64_t ret;
   uint64_t ul;
@@ -307,6 +311,38 @@ GNUNET_CRYPTO_random_u64 (enum GNUNET_CRYPTO_Quality mode, uint64_t max)
 }
 
 
+/**
+ * @ingroup crypto
+ * Fill UUID with a timeflake pseudo-random value.  Note that
+ * timeflakes use only 80 bits of randomness and 48 bits
+ * to encode a timestamp in milliseconds. So what we return
+ * here is not a completely random number.
+ *
+ * @param mode desired quality of the random number
+ * @param uuid the value to fill
+ */
+void
+GNUNET_CRYPTO_random_timeflake (enum GNUNET_CRYPTO_Quality mode,
+                                struct GNUNET_Uuid *uuid)
+{
+  struct GNUNET_TIME_Absolute now;
+  uint64_t ms;
+  uint64_t be;
+  char *base;
+
+  GNUNET_CRYPTO_random_block (mode,
+                              uuid,
+                              sizeof (struct GNUNET_Uuid));
+  now = GNUNET_TIME_absolute_get ();
+  ms = now.abs_value_us / GNUNET_TIME_UNIT_MILLISECONDS.rel_value_us;
+  be = GNUNET_htonll (ms);
+  base = (char *) &be;
+  memcpy (uuid,
+          base + 2,
+          sizeof (be) - 2);
+}
+
+
 /**
  * Allocation wrapper for libgcrypt, used to avoid bad locking
  * strategy of libgcrypt implementation.
diff --git a/src/util/test_crypto_random.c b/src/util/test_crypto_random.c
index 5e159d949..b9cbbdf76 100644
--- a/src/util/test_crypto_random.c
+++ b/src/util/test_crypto_random.c
@@ -33,6 +33,7 @@ test (enum GNUNET_CRYPTO_Quality mode)
   unsigned int *b2;
   int i;
   unsigned long long n;
+  struct GNUNET_Uuid tf;
 
   for (i = 0; i < 1024; i++)
     GNUNET_break (1024 > (buf[i] = GNUNET_CRYPTO_random_u32 (mode, 1024)));
@@ -53,6 +54,8 @@ test (enum GNUNET_CRYPTO_Quality mode)
 
   for (n = 10; n < 1024LL * 1024LL * 1024LL; n *= 10)
     GNUNET_break (n > GNUNET_CRYPTO_random_u64 (mode, n));
+  GNUNET_CRYPTO_random_timeflake (mode,
+                                  &tf);
   return 0;
 }
 
-- 
cgit v1.2.3