def configure_trng(config):
"""Initialize the true entropy source from a given Config object. If
none is provided, tries some sane defaults."""
global _TRNG_FILENAME
global _theTrueRNG
if sys.platform == 'win32':
# We have two entropy sources on windows: openssl's built-in
# entropy generator that takes data from the screen, and
# Windows's CryptGenRandom function. Because the former is
# insecure, and the latter is closed-source, we xor them.
_ml.win32_openssl_seed()
_ml.openssl_seed(_ml.win32_get_random_bytes(32))
_theTrueRNG = _XorRNG(_OpensslRNG(), _WinTrueRNG())
return
if config is not None:
requestedFile = config['Host'].get('EntropySource')
else:
requestedFile = None
# Build a list of candidates
defaults = PLATFORM_TRNG_DEFAULTS.get(sys.platform,
PLATFORM_TRNG_DEFAULTS['***'])
files = [requestedFile] + defaults
# Now find the first of our candidates that exists and is a character
# device.
randFile = None
for filename in files:
if filename is None:
continue
verbose = (filename == requestedFile)
if not os.path.exists(filename):
if verbose:
log.warn("No such file as %s", filename)
else:
st = os.stat(filename)
if not (st[stat.ST_MODE] & stat.S_IFCHR):
if verbose:
log.error("Entropy source %s isn't a character device",
filename)
else:
randFile = filename
break
if randFile is None and _TRNG_FILENAME is None:
log.critical("No entropy source available: Tried all of %s",
files)
raise MixFatalError("No entropy source available")
elif randFile is None:
log.warn("Falling back to previous entropy source %s",
_TRNG_FILENAME)
else:
log.info("Setting entropy source to %r", randFile)
_TRNG_FILENAME = randFile
_theTrueRNG = _TrueRNG(1024)
def configure_trng(config):
"""Initialize the true entropy source from a given Config object. If
none is provided, tries some sane defaults."""
global _TRNG_FILENAME
global _theTrueRNG
if sys.platform == 'win32':
# We have two entropy sources on windows: openssl's built-in
# entropy generator that takes data from the screen, and
# Windows's CryptGenRandom function. Because the former is
# insecure, and the latter is closed-source, we xor them.
_ml.win32_openssl_seed()
_ml.openssl_seed(_ml.win32_get_random_bytes(32))
_theTrueRNG = _XorRNG(_OpensslRNG(), _WinTrueRNG())
return
if config is not None:
requestedFile = config['Host'].get('EntropySource')
else:
requestedFile = None
# Build a list of candidates
defaults = PLATFORM_TRNG_DEFAULTS.get(sys.platform,
PLATFORM_TRNG_DEFAULTS['***'])
files = [requestedFile] + defaults
# Now find the first of our candidates that exists and is a character
# device.
randFile = None
for filename in files:
if filename is None:
continue
verbose = (filename == requestedFile)
if not os.path.exists(filename):
if verbose:
LOG.warn("No such file as %s", filename)
else:
st = os.stat(filename)
if not (st[stat.ST_MODE] & stat.S_IFCHR):
if verbose:
LOG.error("Entropy source %s isn't a character device",
filename)
else:
randFile = filename
break
if randFile is None and _TRNG_FILENAME is None:
LOG.fatal("No entropy source available: Tried all of %s", files)
raise MixFatalError("No entropy source available")
elif randFile is None:
LOG.warn("Falling back to previous entropy source %s", _TRNG_FILENAME)
else:
LOG.info("Setting entropy source to %r", randFile)
_TRNG_FILENAME = randFile
_theTrueRNG = _TrueRNG(1024)
def testLeaks1():
print "Trying to leak (sha1,aes,xor,seed,oaep)"
s20k="a"*20*1024
keytxt="a"*16
key = _ml.aes_key(keytxt)
while 1:
_ml.aes_key(keytxt)
_ml.sha1(s20k)
_ml.aes_ctr128_crypt(key,s20k,0)
_ml.aes_ctr128_crypt(key,s20k,2000)
_ml.aes_ctr128_crypt(key,"",2000,20000)
_ml.aes_ctr128_crypt(key,"",0,20000)
_ml.aes_ctr128_crypt(key,s20k,0,2000)
try:
_ml.aes_ctr128_crypt("abc",s20k,0,2000)
except:
pass
_ml.strxor(s20k,s20k)
try:
_ml.strxor(s20k,keytxt)
except:
pass
_ml.openssl_seed(s20k)
r = _ml.add_oaep_padding("Hello",OAEP_PARAMETER,128)
_ml.check_oaep_padding(r,OAEP_PARAMETER,128)
try:
_ml.check_oaep_padding("hello",OAEP_PARAMETER,128)
except:
pass
try:
_ml.add_oaep_padding(s20k,OAEP_PARAMETER,128)
except:
pass
try:
_ml.add_oaep_padding("a"*127,OAEP_PARAMETER,128)
except:
pass
def openssl_seed(count):
"""Seeds the openssl rng with 'count' bytes of real entropy."""
_ml.openssl_seed(trng(count))
def openssl_seed(count):
"""Seeds the openssl rng with 'count' bytes of real entropy."""
_ml.openssl_seed(trng(count))