Add API gpgme_op_random_bytes.

* src/genrandom.c: New.
* src/Makefile.am: Add new file.
* src/engine-backend.h (struct engine_ops): Add func ptr getdirect.
Adjust all engine_ops.
* src/engine-gpg.c (gpg_getdirect): New.
(_gpgme_engine_ops_gpg): Connect new handler.
* src/gpgme.h.in (gpgme_random_mode_t): New.
(GPGME_RANDOM_MODE_NORMAL): New.
(GPGME_RANDOM_MODE_ZBASE32): New.
(gpgme_op_random_bytes): New public function
* src/libgpgme.vers: Add function.
* src/gpgme.def: Add function.

* tests/run-genrandom.c: New.
* tests/Makefile.am: Add new file.
--

This is a first take on this the mode parameter allows to extend the
function if ever needed.  Due to the gpg calling and fd setup overhead
this function is not yet very fast but its purpose is to get
"approved" random bytes.  We might eventually extend it to keep a
small internal cache of random numbers and get for example 128 random
bytes directly from gpg and deliver only the few required.

GnuPG-bug-id: 6694

1 files changed, 149 insertions, 0 deletions

diff --git a/src/genrandom.c b/src/genrandom.c
new file mode 100644
index 00000000..a4baa0b2
--- /dev/null
+++ b/src/genrandom.c
@@ -0,0 +1,149 @@
+/* genrandom.c - Wrapper around gpg --gen-random
+ * Copyright (C) 2025 g10 Code GmbH
+ *
+ * This file is part of GPGME.
+ *
+ * GPGME is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * GPGME is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <https://gnu.org/licenses/>.
+ * SPDX-License-Identifier: LGPL-2.1-or-later
+ */
+
+#if HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <stdlib.h>
+#include <assert.h>
+
+#include "gpgme.h"
+#include "debug.h"
+#include "context.h"
+#include "ops.h"
+
+
+static gpgme_error_t
+do_genrandom (gpgme_ctx_t ctx, gpgme_data_t dataout, size_t length, int zbase)
+{
+  gpgme_error_t err;
+  const char *argv[4];
+  char countbuf[35];
+
+  if (ctx->protocol != GPGME_PROTOCOL_OPENPGP)
+    return gpg_error (GPG_ERR_UNSUPPORTED_PROTOCOL);
+
+  err = _gpgme_op_reset (ctx, 1/*synchronous*/);
+  if (err)
+    return err;
+
+  snprintf (countbuf, sizeof countbuf, "%zu", length);
+  argv[0] = "--gen-random";
+  argv[1] = zbase? "30" : "2";
+  argv[2] = countbuf;
+  argv[3] = NULL;
+
+  err = _gpgme_engine_op_getdirect (ctx->engine, argv, dataout, 0);
+  if (!err)
+    err = _gpgme_wait_one (ctx);
+
+  return err;
+}
+
+
+/* Fill BUFFER of size BUFSIZE with random bytes retrieved from gpg.
+ * If GPGME_RANDOM_MODE_ZBASE32 is used BUFSIZE needs to be at least
+ * 31 and will be filled with a string of 30 ascii characters followed
+ * by a Nul; the remainder of the buffer is not changed.  In all other
+ * modes the entire buffer will be filled with binary data.  The
+ * function has a limit of 1024 bytes to avoid accidental overuse of
+ * the random generator. */
+gpgme_error_t
+gpgme_op_random_bytes (gpgme_ctx_t ctx, gpgme_random_mode_t mode,
+                       char *buffer, size_t bufsize)
+{
+  gpgme_error_t err = 0;
+  gpgme_data_t data = NULL;
+  char *datap = NULL;
+  size_t datalen;
+
+  TRACE_BEG  (DEBUG_CTX, "gpgme_op_random_bytes", ctx, "mode=%d size=%zu",
+              mode, bufsize);
+
+  if (!ctx || !buffer || !bufsize)
+    err = gpg_error (GPG_ERR_INV_VALUE);
+  else if (mode == GPGME_RANDOM_MODE_ZBASE32)
+    {
+      /* The output is expected to be 30 ascii characters followed by
+       * a trailing Nul. */
+      if (bufsize < 31)
+        err = gpg_error (GPG_ERR_BUFFER_TOO_SHORT);
+    }
+  else if (mode)
+    err = gpg_error (GPG_ERR_INV_VALUE);
+  else if (bufsize > 1024) /* More or an less arbitrary limit.  */
+    err = gpg_error (GPG_ERR_TOO_LARGE);
+
+  if (err)
+    goto leave;
+
+  err = gpgme_data_new (&data);
+  if (err)
+    goto leave;
+
+  err = do_genrandom (ctx, data, bufsize, (mode == GPGME_RANDOM_MODE_ZBASE32));
+  if (!err)
+    err = _gpgme_wait_one (ctx);
+  if (err)
+    goto leave;
+
+  datap = gpgme_data_release_and_get_mem (data, &datalen);
+  data = NULL;
+  if (!datap)
+    {
+      err = gpg_error_from_syserror ();
+      goto leave;
+    }
+  if (datalen > bufsize)
+    {
+      err = gpg_error (GPG_ERR_INTERNAL);
+      goto leave;
+    }
+  if (mode == GPGME_RANDOM_MODE_ZBASE32)
+    {
+      /* Strip trailing LF.  */
+      while (datalen
+             && (datap[datalen-1] == '\n' || datap[datalen-1] == '\r'))
+        datalen--;
+
+      if (datalen != 30)
+        {
+          /* 30 is the holy count, not 29, not 31 and never 32. */
+          err = gpg_error (GPG_ERR_INTERNAL);
+          goto leave;
+        }
+      memcpy (buffer, datap, datalen);
+      buffer[datalen] = 0;
+    }
+  else
+    {
+      if (datalen != bufsize)
+        {
+          err = gpg_error (GPG_ERR_INTERNAL);
+          goto leave;
+        }
+      memcpy (buffer, datap, datalen);
+    }
+
+ leave:
+  free (datap);
+  gpgme_data_release (data);
+  return TRACE_ERR (err);
+}