[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Dotgnu-pnet-commits] CVS: pnet/engine engine.h,1.62,1.63 lib_crypt.c,1.
From: |
Rhys Weatherley <address@hidden> |
Subject: |
[Dotgnu-pnet-commits] CVS: pnet/engine engine.h,1.62,1.63 lib_crypt.c,1.9,1.10 process.c,1.39,1.40 |
Date: |
Tue, 26 Nov 2002 19:24:51 -0500 |
Update of /cvsroot/dotgnu-pnet/pnet/engine
In directory subversions:/tmp/cvs-serv21081/engine
Modified Files:
engine.h lib_crypt.c process.c
Log Message:
Implement the internalcall for cryptographically secure random
number generation.
Index: engine.h
===================================================================
RCS file: /cvsroot/dotgnu-pnet/pnet/engine/engine.h,v
retrieving revision 1.62
retrieving revision 1.63
diff -C2 -r1.62 -r1.63
*** engine.h 17 Nov 2002 18:11:31 -0000 1.62
--- engine.h 27 Nov 2002 00:24:49 -0000 1.63
***************
*** 151,154 ****
--- 151,161 ----
#endif /* IL_CONFIG_DEBUG_LINES */
+ /* Cryptographic seed material */
+ ILMutex *randomLock;
+ int randomBytesDelivered;
+ ILInt64 randomLastTime;
+ unsigned char randomPool[20];
+ int randomCount;
+
};
Index: lib_crypt.c
===================================================================
RCS file: /cvsroot/dotgnu-pnet/pnet/engine/lib_crypt.c,v
retrieving revision 1.9
retrieving revision 1.10
diff -C2 -r1.9 -r1.10
*** lib_crypt.c 25 Nov 2002 22:55:35 -0000 1.9
--- lib_crypt.c 27 Nov 2002 00:24:49 -0000 1.10
***************
*** 23,26 ****
--- 23,38 ----
#include "il_crypt.h"
#include "il_bignum.h"
+ #ifdef HAVE_SYS_STAT_H
+ #include <sys/stat.h>
+ #endif
+ #ifdef HAVE_SYS_TYPES_H
+ #include <sys/types.h>
+ #endif
+ #ifdef HAVE_UNISTD_H
+ #include <unistd.h>
+ #endif
+ #ifdef HAVE_FCNTL_H
+ #include <fcntl.h>
+ #endif
#ifdef __cplusplus
***************
*** 369,378 ****
/*
* pubilc static void GenerateRandom(byte[] buf, int offset, int count);
! */
! void _IL_CryptoMethods_GenerateRandom(ILExecThread *_thread,
System_Array *buf, ILInt32 offset,
ILInt32 count)
{
! /* TODO */
}
--- 381,495 ----
/*
* pubilc static void GenerateRandom(byte[] buf, int offset, int count);
! *
! * The mixing algorithm used here is based on that described in section
! * 17.14 of the second edition of "Applied Cryptography.
! *
! * We extract seed information from the system (which is "/dev/random" if
! * it is present), and then mix it to generate the material that we require.
! * Once we've extracted roughly 1024 bytes, or the pool is more than
! * 2 seconds old, we discard the pool and acquire new seed material.
! *
! * Feel free to submit patches that make this a better random number
! * generator, particularly when acquiring seed material from the system.
! */
! static void SeedMix(unsigned char *pool, void *data, int len)
! {
! ILSHAContext sha;
! ILSHAInit(&sha);
! ILSHAData(&sha, pool, IL_SHA_HASH_SIZE);
! ILSHAData(&sha, data, len);
! ILSHAFinalize(&sha, pool);
! }
! void _IL_CryptoMethods_GenerateRandom(ILExecThread *thread,
System_Array *buf, ILInt32 offset,
ILInt32 count)
{
! unsigned char *output;
! ILCurrTime currentTime;
! ILInt32 num;
! ILSHAContext sha;
! unsigned char hash[IL_SHA_HASH_SIZE];
! #ifdef HAVE_OPEN
! int fd, size;
! #endif
!
! /* Lock the seed pool while we do this, as only one thread
! can access the seed information at a time */
! ILMutexLock(thread->process->randomLock);
!
! /* Convert the array into a flat buffer to be filled */
! output = ((unsigned char *)(ArrayToBuffer(buf))) + offset;
!
! /* Fill the buffer */
! while(count > 0)
! {
! /* Do we need to acquire new seed material? */
! ILGetCurrTime(¤tTime);
! if(thread->process->randomBytesDelivered >= 1024 ||
! (currentTime.secs - thread->process->randomLastTime) >= 2)
! {
! /* Warning! If the system doesn't have /dev/random,
! then this code is unlikely to give good results.
!
! Most Unix-like systems do have /dev/random these
days,
! but non-Unix OS'es may require changes to this code.
!
! We deliberately don't use /dev/urandom as we want the
! kernel to make sure that the values returned are
based
! on actual system entropy, and not expanded entropy.
! We will expand the entropy ourselves. */
! ILMemZero(thread->process->randomPool,
IL_SHA_HASH_SIZE);
! #ifdef HAVE_OPEN
! fd = open("/dev/random", O_RDONLY, 0);
! if(fd >= 0)
! {
! size = read(fd, hash, IL_SHA_HASH_SIZE);
! if(size > 0)
! {
! SeedMix(thread->process->randomPool,
hash, size);
! }
! close(fd);
! ILMemZero(hash, IL_SHA_HASH_SIZE);
! }
! #endif
! SeedMix(thread->process->randomPool, ¤tTime,
! sizeof(currentTime));
! thread->process->randomBytesDelivered = 0;
! thread->process->randomLastTime = currentTime.secs;
! thread->process->randomCount = 0;
! }
!
! /* How many bytes do we need to extract this time? */
! num = count;
! if(num > IL_SHA_HASH_SIZE)
! {
! num = IL_SHA_HASH_SIZE;
! }
!
! /* Mix the seed pool with SHA and extract the output bytes */
! ILSHAInit(&sha);
! ILSHAData(&sha, thread->process->randomPool, IL_SHA_HASH_SIZE);
! ILSHAData(&sha, &(thread->process->randomCount),
! sizeof(thread->process->randomCount));
! if(num == IL_SHA_HASH_SIZE)
! {
! ILSHAFinalize(&sha, output);
! }
! else
! {
! ILSHAFinalize(&sha, hash);
! ILMemCpy(output, hash, num);
! ILMemZero(hash, IL_SHA_HASH_SIZE);
! }
! ++(thread->process->randomCount);
!
! /* Advance to the next buffer position to be filled */
! output += num;
! count -= num;
! thread->process->randomBytesDelivered += num;
! }
!
! /* Unlock the seed pool */
! ILMutexUnlock(thread->process->randomLock);
}
Index: process.c
===================================================================
RCS file: /cvsroot/dotgnu-pnet/pnet/engine/process.c,v
retrieving revision 1.39
retrieving revision 1.40
diff -C2 -r1.39 -r1.40
*** process.c 17 Nov 2002 18:11:31 -0000 1.39
--- process.c 27 Nov 2002 00:24:49 -0000 1.40
***************
*** 75,78 ****
--- 75,81 ----
process->debugWatchAll = 0;
#endif
+ process->randomBytesDelivered = 1024;
+ process->randomLastTime = 0;
+ process->randomCount = 0;
/* Initialize the image loading context */
***************
*** 117,120 ****
--- 120,131 ----
ILThreadSetObject(process->mainThread->osThread, process->mainThread);
+ /* Initialize the random seed pool lock */
+ process->randomLock = ILMutexCreate();
+ if(!(process->randomLock))
+ {
+ ILExecProcessDestroy(process);
+ return 0;
+ }
+
/* Return the process record to the caller */
return process;
***************
*** 193,196 ****
--- 204,211 ----
}
#endif
+
+ /* Destroy the random seed pool */
+ ILMutexDestroy(process->randomLock);
+ ILMemZero(process->randomPool, sizeof(process->randomPool));
/* Destroy the object lock */
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Dotgnu-pnet-commits] CVS: pnet/engine engine.h,1.62,1.63 lib_crypt.c,1.9,1.10 process.c,1.39,1.40,
Rhys Weatherley <address@hidden> <=