vibe.crypto.cryptorand 0/106(0%) line coverage

      
10
20
30
40
50
60
70
80
90
100
110
120
130
140
150
160
170
180
190
200
210
220
230
240
250
260
270
280
290
300
310
320
330
340
350
360
370
380
390
400
410
420
430
440
450
460
470
480
490
500
510
520
530
540
550
560
570
580
590
600
610
620
630
640
650
660
670
680
690
700
710
720
730
740
750
760
770
780
790
800
810
820
830
840
850
860
870
880
890
900
910
920
930
940
950
960
970
980
990
1000
1010
1020
1030
1040
1050
1060
1070
1080
1090
1100
1110
1120
1130
1140
1150
1160
1170
1180
1190
1200
1210
1220
1230
1240
1250
1260
1270
1280
1290
1300
1310
1320
1330
1340
1350
1360
1370
1380
1390
1400
1410
1420
1430
1440
1450
1460
1470
1480
1490
1500
1510
1520
1530
1540
1550
1560
1570
1580
1590
1600
1610
1620
1630
1640
1650
1660
1670
1680
1690
1700
1710
1720
1730
1740
1750
1760
1770
1780
1790
1800
1810
1820
1830
1840
1850
1860
1870
1880
1890
1900
1910
1920
1930
1940
1950
1960
1970
1980
1990
2000
2010
2020
2030
2040
2050
2060
2070
2080
2090
2100
2110
2120
2130
2140
2150
2160
2170
2180
2190
2200
2210
2220
2230
2240
2250
2260
2270
2280
2290
2300
2310
2320
2330
2340
2350
2360
2370
2380
2390
2400
2410
2420
2430
2440
2450
2460
2470
2480
2490
2500
2510
2520
2530
2540
2550
2560
2570
2580
2590
2600
2610
2620
2630
2640
2650
2660
2670
2680
2690
2700
2710
2720
2730
2740
2750
2760
2770
2780
2790
2800
2810
2820
2830
2840
2850
2860
2870
2880
2890
2900
2910
2920
2930
2940
2950
2960
2970
2980
2990
3000
3010
3020
3030
3040
3050
3060
3070
3080
3090
3100
3110
3120
3130
3140
3150
3160
3170
3180
3190
3200
3210
3220
3230
3240
3250
3260
3270
3280
3290
3300
3310
3320
3330
3340
3350
3360
3370
3380
3390
3400
3410
3420
3430
3440
3450
3460
3470
3480
3490
3500
3510
3520
3530
3540
3550
3560
3570
3580
3590
3600
3610
3620
3630
3640
3650
3660
3670
3680
3690
3700
3710
3720
3730
3740
3750
3760
3770
3780
3790
3800
3810
3820
3830
3840
3850
3860
3870
3880
3890
3900
3910
3920
3930
3940
3950
3960
3970
3980
3990
4000
4010
4020
4030
4040
4050
4060
4070
4080
4090
4100
4110
4120
4130
4140
4150
4160
4170
4180
4190
4200
4210
4220
4230
4240
4250
4260
4270
4280
4290
4300
4310
4320
4330
4340
4350
4360
4370
4380
4390
4400
4410
4420
4430
4440
4450
4460
4470
4480
4490
4500
4510
4520
4530
4540
4550
4560
4570
4580
4590
4600
4610
4620
4630
4640
4650
4660
4670
4680
4690
4700
4710
4720
4730
4740
4750
4760
4770
4780
4790
4800
4810
4820
4830
4840
4850
4860
4870
4880
4890
4900
4910
4920
4930
/** Implements cryptographically secure random number generators. Copyright: © 2013 RejectedSoftware e.K. License: Subject to the terms of the MIT license, as written in the included LICENSE.txt file. Authors: Ilya Shipunov */ module vibe.crypto.cryptorand; import std.conv : text; import std.digest.sha; import vibe.core.stream; /** Creates a cryptographically secure random number generator. Note that the returned RNG will operate in a non-blocking mode, which means that if no sufficient entropy has been generated, new random numbers will be generated from previous state. */ RandomNumberStream secureRNG() @safe { static SystemRNG m_rng; if (!m_rng) m_rng = new SystemRNG; return m_rng; } /** Base interface for all cryptographically secure RNGs. */ interface RandomNumberStream : InputStream { /** Fills the buffer new random numbers. Params: dst = The buffer that will be filled with random numbers. It will contain buffer.length random ubytes. Supportes both heap-based and stack-based arrays. Throws: CryptoException on error. */ override size_t read(scope ubyte[] dst, IOMode mode) @safe; alias read = InputStream.read; } /** Operating system specific cryptography secure random number generator. It uses the "CryptGenRandom" function for Windows and "/dev/urandom" for Posix. It's recommended to combine the output use additional processing generated random numbers via provided functions for systems where security matters. Remarks: Windows "CryptGenRandom" RNG has known security vulnerabilities on Windows 2000 and Windows XP (assuming the attacker has control of the machine). Fixed for Windows XP Service Pack 3 and Windows Vista. See_Also: $(LINK http://en.wikipedia.org/wiki/CryptGenRandom) */ final class SystemRNG : RandomNumberStream { @safe: import std.exception; version(Windows) { //cryptographic service provider private HCRYPTPROV hCryptProv; } else version(Posix) { import core.stdc.errno : errno; import core.stdc.stdio : FILE, _IONBF, fopen, fclose, fread, setvbuf; //cryptographic file stream private FILE* m_file; } else { static assert(0, "OS is not supported"); } /** Creates new system random generator */ this() @trusted { version(Windows) { //init cryptographic service provider enforce!CryptoException(CryptAcquireContext(&this.hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT) != 0, text("Cannot init SystemRNG: Error id is ", GetLastError())); } else version(Posix) { //open file m_file = fopen("/dev/urandom", "rb"); enforce!CryptoException(m_file !is null, "Failed to open /dev/urandom"); scope (failure) fclose(m_file); //do not use buffering stream to avoid possible attacks enforce!CryptoException(setvbuf(m_file, null, 0, _IONBF) == 0, "Failed to disable buffering for random number file handle"); } } ~this() @trusted { version(Windows) { CryptReleaseContext(this.hCryptProv, 0); } else version (Posix) { fclose(m_file); } } @property bool empty() { return false; } @property ulong leastSize() { return ulong.max; } @property bool dataAvailableForRead() { return true; } const(ubyte)[] peek() { return null; } size_t read(scope ubyte[] buffer, IOMode mode) @trusted in { assert(buffer.length, "buffer length must be larger than 0"); assert(buffer.length <= uint.max, "buffer length must be smaller or equal uint.max"); } body { version (Windows) { if(0 == CryptGenRandom(this.hCryptProv, cast(DWORD)buffer.length, buffer.ptr)) { throw new CryptoException(text("Cannot get next random number: Error id is ", GetLastError())); } } else version (Posix) { enforce!CryptoException(fread(buffer.ptr, buffer.length, 1, m_file) == 1, text("Failed to read next random number: ", errno)); } return buffer.length; } alias read = RandomNumberStream.read; } //test heap-based arrays unittest { import std.algorithm; import std.range; //number random bytes in the buffer enum uint bufferSize = 20; //number of iteration counts enum iterationCount = 10; auto rng = new SystemRNG(); //holds the random number ubyte[] rand = new ubyte[bufferSize]; //holds the previous random number after the creation of the next one ubyte[] prevRadn = new ubyte[bufferSize]; //create the next random number rng.read(prevRadn); assert(!equal(prevRadn, take(repeat(0), bufferSize)), "it's almost unbelievable - all random bytes is zero"); //take "iterationCount" arrays with random bytes foreach(i; 0..iterationCount) { //create the next random number rng.read(rand); assert(!equal(rand, take(repeat(0), bufferSize)), "it's almost unbelievable - all random bytes is zero"); assert(!equal(rand, prevRadn), "it's almost unbelievable - current and previous random bytes are equal"); //copy current random bytes for next iteration prevRadn[] = rand[]; } } //test stack-based arrays unittest { import std.algorithm; import std.range; import std.array; //number random bytes in the buffer enum uint bufferSize = 20; //number of iteration counts enum iterationCount = 10; //array that contains only zeros ubyte[bufferSize] zeroArray; zeroArray[] = take(repeat(cast(ubyte)0), bufferSize).array()[]; auto rng = new SystemRNG(); //holds the random number ubyte[bufferSize] rand; //holds the previous random number after the creation of the next one ubyte[bufferSize] prevRadn; //create the next random number rng.read(prevRadn); assert(prevRadn != zeroArray, "it's almost unbelievable - all random bytes is zero"); //take "iterationCount" arrays with random bytes foreach(i; 0..iterationCount) { //create the next random number rng.read(rand); assert(prevRadn != zeroArray, "it's almost unbelievable - all random bytes is zero"); assert(rand != prevRadn, "it's almost unbelievable - current and previous random bytes are equal"); //copy current random bytes for next iteration prevRadn[] = rand[]; } } /** Hash-based cryptographically secure random number mixer. This RNG uses a hash function to mix a specific amount of random bytes from the input RNG. Use only cryptographically secure hash functions like SHA-512, Whirlpool or SHA-256, but not MD5. Params: Hash: The hash function used, for example SHA1 factor: Determines how many times the hash digest length of input data is used as input to the hash function. Increase factor value if you need more security because it increases entropy level or decrease the factor value if you need more speed. */ final class HashMixerRNG(Hash, uint factor) : RandomNumberStream if(isDigest!Hash) { static assert(factor, "factor must be larger than 0"); //random number generator SystemRNG rng; /** Creates new hash-based mixer random generator. */ this() { //create random number generator this.rng = new SystemRNG(); } @property bool empty() { return false; } @property ulong leastSize() { return ulong.max; } @property bool dataAvailableForRead() { return true; } const(ubyte)[] peek() { return null; } size_t read(scope ubyte[] buffer, IOMode mode) in { assert(buffer.length, "buffer length must be larger than 0"); assert(buffer.length <= uint.max, "buffer length must be smaller or equal uint.max"); } body { auto len = buffer.length; //use stack to allocate internal buffer ubyte[factor * digestLength!Hash] internalBuffer = void; //init internal buffer this.rng.read(internalBuffer); //create new random number on stack ubyte[digestLength!Hash] randomNumber = digest!Hash(internalBuffer); //allows to fill buffers longer than hash digest length while(buffer.length > digestLength!Hash) { //fill the buffer's beginning buffer[0..digestLength!Hash] = randomNumber[0..$]; //receive the buffer's end buffer = buffer[digestLength!Hash..$]; //re-init internal buffer this.rng.read(internalBuffer); //create next random number randomNumber = digest!Hash(internalBuffer); } //fill the buffer's end buffer[0..$] = randomNumber[0..buffer.length]; return len; } alias read = RandomNumberStream.read; } /// A SHA-1 based mixing RNG. Alias for HashMixerRNG!(SHA1, 5). alias SHA1HashMixerRNG = HashMixerRNG!(SHA1, 5); //test heap-based arrays unittest { import std.algorithm; import std.range; import std.typetuple; import std.digest.md; //number of iteration counts enum iterationCount = 10; enum uint factor = 5; //tested hash functions foreach(Hash; TypeTuple!(SHA1, MD5)) { //test for different number random bytes in the buffer from 10 to 80 inclusive foreach(bufferSize; iota(10, 81)) { auto rng = new HashMixerRNG!(Hash, factor)(); //holds the random number ubyte[] rand = new ubyte[bufferSize]; //holds the previous random number after the creation of the next one ubyte[] prevRadn = new ubyte[bufferSize]; //create the next random number rng.read(prevRadn); assert(!equal(prevRadn, take(repeat(0), bufferSize)), "it's almost unbelievable - all random bytes is zero"); //take "iterationCount" arrays with random bytes foreach(i; 0..iterationCount) { //create the next random number rng.read(rand); assert(!equal(rand, take(repeat(0), bufferSize)), "it's almost unbelievable - all random bytes is zero"); assert(!equal(rand, prevRadn), "it's almost unbelievable - current and previous random bytes are equal"); //make sure that we have different random bytes in different hash digests if(bufferSize > digestLength!Hash) { //begin and end of random number array ubyte[] begin = rand[0..digestLength!Hash]; ubyte[] end = rand[digestLength!Hash..$]; //compare all nearby hash digests while(end.length >= digestLength!Hash) { assert(!equal(begin, end[0..digestLength!Hash]), "it's almost unbelievable - random bytes in different hash digests are equal"); //go to the next hash digests begin = end[0..digestLength!Hash]; end = end[digestLength!Hash..$]; } } //copy current random bytes for next iteration prevRadn[] = rand[]; } } } } //test stack-based arrays unittest { import std.algorithm; import std.range; import std.array; import std.typetuple; import std.digest.md; //number of iteration counts enum iterationCount = 10; enum uint factor = 5; //tested hash functions foreach(Hash; TypeTuple!(SHA1, MD5)) { //test for different number random bytes in the buffer foreach(bufferSize; TypeTuple!(10, 15, 20, 25, 30, 35, 40, 45, 50, 55, 60, 65, 70, 75, 80)) { //array that contains only zeros ubyte[bufferSize] zeroArray; zeroArray[] = take(repeat(cast(ubyte)0), bufferSize).array()[]; auto rng = new HashMixerRNG!(Hash, factor)(); //holds the random number ubyte[bufferSize] rand; //holds the previous random number after the creation of the next one ubyte[bufferSize] prevRadn; //create the next random number rng.read(prevRadn); assert(prevRadn != zeroArray, "it's almost unbelievable - all random bytes is zero"); //take "iterationCount" arrays with random bytes foreach(i; 0..iterationCount) { //create the next random number rng.read(rand); assert(prevRadn != zeroArray, "it's almost unbelievable - all random bytes is zero"); assert(rand != prevRadn, "it's almost unbelievable - current and previous random bytes are equal"); //make sure that we have different random bytes in different hash digests if(bufferSize > digestLength!Hash) { //begin and end of random number array ubyte[] begin = rand[0..digestLength!Hash]; ubyte[] end = rand[digestLength!Hash..$]; //compare all nearby hash digests while(end.length >= digestLength!Hash) { assert(!equal(begin, end[0..digestLength!Hash]), "it's almost unbelievable - random bytes in different hash digests are equal"); //go to the next hash digests begin = end[0..digestLength!Hash]; end = end[digestLength!Hash..$]; } } //copy current random bytes for next iteration prevRadn[] = rand[]; } } } } /** Thrown when an error occurs during random number generation. */ class CryptoException : Exception { this(string msg, string file = __FILE__, size_t line = __LINE__, Throwable next = null) @safe pure nothrow { super(msg, file, line, next); } } version(Windows) { import core.sys.windows.windows; private extern(Windows) nothrow { alias HCRYPTPROV = size_t; enum LPCTSTR NULL = cast(LPCTSTR)0; enum DWORD PROV_RSA_FULL = 1; enum DWORD CRYPT_VERIFYCONTEXT = 0xF0000000; BOOL CryptAcquireContextA(HCRYPTPROV *phProv, LPCTSTR pszContainer, LPCTSTR pszProvider, DWORD dwProvType, DWORD dwFlags); alias CryptAcquireContext = CryptAcquireContextA; BOOL CryptReleaseContext(HCRYPTPROV hProv, DWORD dwFlags); BOOL CryptGenRandom(HCRYPTPROV hProv, DWORD dwLen, BYTE *pbBuffer); } }