[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[minion-cvs] On Win32, use CryptGenRandom as our entropy source

To: mixminion-cvs@freehaven.net
Subject: [minion-cvs] On Win32, use CryptGenRandom as our entropy source
From: nickm@seul.org (Nick Mathewson)
Date: Mon, 14 Jul 2003 11:38:53 -0400 (EDT)
Delivered-to: archiver@seul.org
Delivered-to: mixminion-cvs-outgoing@seul.org
Delivered-to: mixminion-cvs@seul.org
Delivery-date: Mon, 14 Jul 2003 11:39:00 -0400
Reply-to: mixminion-dev@freehaven.net
Sender: owner-mixminion-cvs@freehaven.net

Update of /home/minion/cvsroot/src/minion/lib/mixminion
In directory moria.mit.edu:/tmp/cvs-serv25527/lib/mixminion

Modified Files:
	Crypto.py 
Log Message:
On Win32, use CryptGenRandom as our entropy source

Index: Crypto.py
===================================================================
RCS file: /home/minion/cvsroot/src/minion/lib/mixminion/Crypto.py,v
retrieving revision 1.48
retrieving revision 1.49
diff -u -d -r1.48 -r1.49
--- Crypto.py	13 Jul 2003 03:45:33 -0000	1.48
+++ Crypto.py	14 Jul 2003 15:38:50 -0000	1.49
@@ -53,7 +53,7 @@
         raise
     except:
         info = sys.exc_info()
-        raise MixFatalError("Error initializing entropy source: %s", info[0])
+        raise MixFatalError("Error initializing entropy source: %s" % info[1])
     openssl_seed(40)
 
 def sha1(s):
@@ -691,7 +691,7 @@
         if file is None:
             continue
 
-        verbose = 1#(file == requestedFile)
+        verbose = (file == requestedFile)
         if not os.path.exists(file):
             if verbose:
                 LOG.error("No such file as %s", file)
@@ -707,9 +707,13 @@
 
     if randFile is None and _TRNG_FILENAME is None:
         if sys.platform == 'win32':
-            LOG.warn("Using bogus screen snapshot for entropy source: beware!") 
-            _ml.openssl_seed_win32()
-            _theTrueRNG = _OpensslRNG()
+            # We have two entropy sources on windows: openssl's built-in
+            # entropy generator that takes data from the screen, and
+            # Windows's CryptGenRandom function.  Because the former is
+            # insecure, and the latter is closed-source, we xor them.
+            _ml.win32_openssl_seed()
+            _ml.openssl_seed(_ml.win32_get_random_bytes(32))
+            _theTrueRNG = _XorRNG(_OpensslRNG(), _WinTrueRNG())
         else:
             LOG.fatal("No entropy source available")
             raise MixFatalError("No entropy source available")
@@ -752,6 +756,16 @@
         self.__lock.release()
         return b
 
+if hasattr(_ml, "win32_get_random_bytes"):
+    print "WAHOO!"
+    class _WinTrueRNG(RNG):
+        """DOCDOC"""
+        def __init__(self):
+            RNG.__init__(self, 1024)
+            self.getBytes(1)
+        def _prng(self,n):
+            return _ml.win32_get_random_bytes(n)
+
 class _OpensslRNG(RNG):
     """DOCDOC"""
     def __init__(self):
@@ -759,6 +773,15 @@
         RNG.__init__(self, 1024)
     def _prng(self,n):
         return _ml.openssl_rand(n)
+
+class _XorRNG(RNG):
+    """DOCDOC"""
+    def __init__(self, base1, base2):
+        RNG.__init__(self, 1024)
+        self.base1 = base1
+        self.base2 = base2
+    def _prng(self, n):
+        return strxor(self.base1.getBytes(n), self.base2.getBytes(n))
 
 # Return the shared instance of the true RNG.
 def getTrueRNG():

Prev by Author: [minion-cvs] Spelling fixes
Next by Author: [minion-cvs] On Win32, use CryptGenRandom as our entropy source
Previous by thread: [minion-cvs] spelling fix
Next by thread: [minion-cvs] On Win32, use CryptGenRandom as our entropy source
Index(es):
- Author
- Thread