def configure_trng(config): """Initialize the true entropy source from a given Config object. If none is provided, tries some sane defaults.""" global _TRNG_FILENAME global _theTrueRNG if sys.platform == 'win32': # We have two entropy sources on windows: openssl's built-in # entropy generator that takes data from the screen, and # Windows's CryptGenRandom function. Because the former is # insecure, and the latter is closed-source, we xor them. _ml.win32_openssl_seed() _ml.openssl_seed(_ml.win32_get_random_bytes(32)) _theTrueRNG = _XorRNG(_OpensslRNG(), _WinTrueRNG()) return if config is not None: requestedFile = config['Host'].get('EntropySource') else: requestedFile = None # Build a list of candidates defaults = PLATFORM_TRNG_DEFAULTS.get(sys.platform, PLATFORM_TRNG_DEFAULTS['***']) files = [requestedFile] + defaults # Now find the first of our candidates that exists and is a character # device. randFile = None for filename in files: if filename is None: continue verbose = (filename == requestedFile) if not os.path.exists(filename): if verbose: log.warn("No such file as %s", filename) else: st = os.stat(filename) if not (st[stat.ST_MODE] & stat.S_IFCHR): if verbose: log.error("Entropy source %s isn't a character device", filename) else: randFile = filename break if randFile is None and _TRNG_FILENAME is None: log.critical("No entropy source available: Tried all of %s", files) raise MixFatalError("No entropy source available") elif randFile is None: log.warn("Falling back to previous entropy source %s", _TRNG_FILENAME) else: log.info("Setting entropy source to %r", randFile) _TRNG_FILENAME = randFile _theTrueRNG = _TrueRNG(1024)
def configure_trng(config): """Initialize the true entropy source from a given Config object. If none is provided, tries some sane defaults.""" global _TRNG_FILENAME global _theTrueRNG if sys.platform == 'win32': # We have two entropy sources on windows: openssl's built-in # entropy generator that takes data from the screen, and # Windows's CryptGenRandom function. Because the former is # insecure, and the latter is closed-source, we xor them. _ml.win32_openssl_seed() _ml.openssl_seed(_ml.win32_get_random_bytes(32)) _theTrueRNG = _XorRNG(_OpensslRNG(), _WinTrueRNG()) return if config is not None: requestedFile = config['Host'].get('EntropySource') else: requestedFile = None # Build a list of candidates defaults = PLATFORM_TRNG_DEFAULTS.get(sys.platform, PLATFORM_TRNG_DEFAULTS['***']) files = [requestedFile] + defaults # Now find the first of our candidates that exists and is a character # device. randFile = None for filename in files: if filename is None: continue verbose = (filename == requestedFile) if not os.path.exists(filename): if verbose: LOG.warn("No such file as %s", filename) else: st = os.stat(filename) if not (st[stat.ST_MODE] & stat.S_IFCHR): if verbose: LOG.error("Entropy source %s isn't a character device", filename) else: randFile = filename break if randFile is None and _TRNG_FILENAME is None: LOG.fatal("No entropy source available: Tried all of %s", files) raise MixFatalError("No entropy source available") elif randFile is None: LOG.warn("Falling back to previous entropy source %s", _TRNG_FILENAME) else: LOG.info("Setting entropy source to %r", randFile) _TRNG_FILENAME = randFile _theTrueRNG = _TrueRNG(1024)
def testLeaks1(): print "Trying to leak (sha1,aes,xor,seed,oaep)" s20k="a"*20*1024 keytxt="a"*16 key = _ml.aes_key(keytxt) while 1: _ml.aes_key(keytxt) _ml.sha1(s20k) _ml.aes_ctr128_crypt(key,s20k,0) _ml.aes_ctr128_crypt(key,s20k,2000) _ml.aes_ctr128_crypt(key,"",2000,20000) _ml.aes_ctr128_crypt(key,"",0,20000) _ml.aes_ctr128_crypt(key,s20k,0,2000) try: _ml.aes_ctr128_crypt("abc",s20k,0,2000) except: pass _ml.strxor(s20k,s20k) try: _ml.strxor(s20k,keytxt) except: pass _ml.openssl_seed(s20k) r = _ml.add_oaep_padding("Hello",OAEP_PARAMETER,128) _ml.check_oaep_padding(r,OAEP_PARAMETER,128) try: _ml.check_oaep_padding("hello",OAEP_PARAMETER,128) except: pass try: _ml.add_oaep_padding(s20k,OAEP_PARAMETER,128) except: pass try: _ml.add_oaep_padding("a"*127,OAEP_PARAMETER,128) except: pass
def openssl_seed(count): """Seeds the openssl rng with 'count' bytes of real entropy.""" _ml.openssl_seed(trng(count))