async def meme(ctx, option: str = None):
'''Send an ALMA meme'''
meme_list = glob.glob(os.path.join(cfg.MEMES_PATH_TO_FOLDER, '*.jpg')) + \
glob.glob(os.path.join(cfg.MEMES_PATH_TO_FOLDER, '*.png'))
if not meme_list:
await ctx.message.channel.send(
'No meme was found. This is a real emergency. Contact a meme specialist.'
)
logger.info('{}/#{} - Memes not found in folder {}'.format(
ctx.message.guild.name, ctx.message.channel.name,
cfg.MEMES_PATH_TO_FOLDER))
else:
if option is None or option == "random":
random.seed(os.getrandom(10))
chosen_meme = random.choice(meme_list)
elif option == 'latest':
meme_list.sort(key=os.path.getmtime)
chosen_meme = meme_list[-1]
logger.info('{}/#{} - Latest meme requested by {}'.format(
ctx.message.guild.name, ctx.message.channel.name,
ctx.message.author.display_name))
else:
random.seed(os.getrandom(10))
chosen_meme = random.choice(meme_list)
await ctx.send(
f'{option} is not a valid option. Just giving you a random meme so you don\'t leave empty handed.'
)
logger.info(f'Invalid {option} for command meme')
await ctx.channel.send(file=discord.File(chosen_meme))
logger.info('{}/#{} - Sending meme {} requested by {}'.format(
ctx.message.guild.name, ctx.message.channel.name, chosen_meme,
ctx.message.author.display_name))
def hello_world(request):
"""Responds to any HTTP request.
Args:
request (flask.Request): HTTP request object.
Returns:
The response text or any set of values that can be turned into a
Response object using
`make_response <http://flask.pocoo.org/docs/1.0/api/#flask.Flask.make_response>`.
"""
proc = subprocess.Popen(["cat /proc/sys/kernel/random/boot_id"], stdout=subprocess.PIPE, shell=True)
output = ""
proc = subprocess.Popen(["cat /proc/uptime"], stdout=subprocess.PIPE, shell=True)
(out, err) = proc.communicate()
output = output + "uptime: " + str(out) + "\n"
proc = subprocess.Popen(["cat /proc/meminfo"], stdout=subprocess.PIPE, shell=True)
(out, err) = proc.communicate()
output = output + "meminfo: " + str(out) + "\n"
print(out)
mac = ':'.join(['{:02x}'.format((uuid.getnode() >> ele) & 0xff) for ele in range(0,8*6,8)][::-1])
output = output + "mac: " + mac + "\n"
print (os.uname())
device = os.stat("/home").st_dev
# Print the raw device number
print("Raw device number:", device)
# Extract the device minor number
# from the above raw device number
output = output + "times: " + str(os.times()) + "\n"
print (os.getrandom(200, os.GRND_RANDOM))
return output
def _reset_user_password(email, user):
with app.app_context():
import random
from os import getrandom
random.seed(getrandom(100))
new_password = "".join([
chr(random.randint(33, 126))
for _ in range((random.randint(14, 20)))
])
user.set_password(new_password)
user.save_to_db(db)
if os.getenv("ENV") == "production":
send_email(
to=[email],
subject="Forgot your password?",
template_name="password_reset",
payload={"new_password": new_password},
)
else:
print(new_password)
# This is just to simulate network errors in a dev environemnt
requests.get("https://www.mysecretsanta.io/math")
def keygen() -> bytes:
"""Generate list of random keys for use in different encryption functions.
Hash chain is used to add strong pre-image resistance to internal state or
/dev/urandom that that only uses SHA1 to compress output.
As of Python3.6.0, os.urandom is a wrapper for best available CSPRNG. Linux
3.17 and older kernels do not support the GETRANDOM call, thus on such
kernels, Python3.6's os.urandom will fallback to non-blocking /dev/urandom
that is not secure on live distros that have low entropy at the start of
session.
TFC uses os.getrandom(32, flags=0) explicitly. This forces the version of
Python interpreter to version 3.6 or later and Linux kernel version to 3.17
or later. The flag 0 will block urandom if internal state has less than 128
bits of entropy. Secure key entropy is thus enforced on all platforms.
Since kernel 4.8, /dev/urandom has been upgraded to use ChaCha20 instead
of SHA1.
:return: Cryptographically secure 256-bit random key
"""
# Fallback to urandom on Travis' Python3.6 that currently lacks os.getrandom call.
if "TRAVIS" in os.environ and os.environ["TRAVIS"] == "true":
return hash_chain(os.urandom(32))
else:
return hash_chain(os.getrandom(32, flags=0))
async def _on_client_connected(self, reader: StreamReader,
writer: StreamWriter):
timestamp = int(datetime.now().timestamp())
iv = getrandom(128)
crypter = get_crypter_by_method(method=self.encryption_method,
iv=iv,
password=self.password,
rng=getrandom)
init_packet = InitPacket.pack(iv, timestamp)
writer.write(init_packet)
await writer.drain()
for packet_num in count(1):
try:
report_packet = crypter.decrypt(await reader.readexactly(
ReportPacket.SIZE))
logger.debug(
f"Received report #{packet_num} for on socket {writer.get_extra_info('socket', '???')}"
)
report = ReportPacket.unpack(report_packet)
self._received_reports.put_nowait(report)
except IncompleteReadError as e:
if len(e.partial) != 0:
logger.warning(
f"IncompleteReadError for packet #{packet_num}: {e}")
break
except PacketDecodeError:
logger.exception(
f"Failed to decode packet ({report_packet!r})")
break
def gencase(*, LC, LE):
assert (LC < 0x10000)
assert (LE <= 0x10000)
data = os.getrandom(LC)
hexstr = "00112233"
if LC > 0:
if LC > 0xFF:
hexstr += "00%04X" % LC
else:
hexstr += "%02X" % LC
hexstr += pysatl.Utils.hexstr(data, separator="")
if LE > 0:
if LE == 0x10000:
hexstr += "000000"
elif LE > 0x100:
hexstr += "00%04X" % LE
elif LE == 0x100:
hexstr += "00"
else:
hexstr += "%02X" % LE
expected = hexstr
capdu = CAPDU(CLA=0x00, INS=0x11, P1=0x22, P2=0x33, DATA=data, LE=LE)
hexstr = capdu.to_hexstr()
if hexstr != expected:
raise Exception("Mismatch for LC=%d, LE=%d" % (LC, LE) +
"\nActual: " + hexstr + "\nExpected: " +
expected)
b = capdu.to_bytes()
assert (type(b) is bytes)
return (hexstr, capdu)
def cbd_pick_files_and_fragments_random(file_set, frag_sizes, runs):
"""Generate a structure random data with injected fragments to be compared
Return: [[(f1, f2), (f1, f2), ...],
[(f1, f2), (f1, f2), ...], ... ]
"""
file_set_sorted = [(f, os.path.getsize(f)) for f in file_set]
# print(f"file_set_sorted: {file_set_sorted}")
res = []
for _ in range(runs):
# pick src file randomly
f_src = random.choice(file_set_sorted)
file_set_sorted.remove(f_src)
# select random fragments
fragments = get_fragment_indices(f_src[0], frag_sizes, random_pos=True)
with open(f_src[0], "rb") as f:
fdata = f.read()
# generate random data for sinks
data_sinks = [os.getrandom(f_src[1]) for _ in range(2)]
run = []
p0 = random.randint(0, len(data_sinks[0]))
p1 = random.randint(0, len(data_sinks[1]))
for (s, e) in fragments:
run.append((data_sinks[0][0:p0] + fdata[s:e] + data_sinks[0][p0:],
data_sinks[1][0:p1] + fdata[s:e] + data_sinks[1][p1:]))
res.append(run)
return res
def oauth_callback(provider):
print("callback", provider)
if not current_user.is_anonymous():
return redirect(url_for('main.home'))
oauth = OAuthSignIn.get_provider(provider)
name, username, email, picture = oauth.callback()
if email is None:
# I need a valid email address for my user identification
flash('Authentication failed.')
return redirect(url_for('main.home'))
# Look if the user already exists
que = User.query.filter(User.email == email).first()
email = str(email)
if (que is None):
user = User(name=name,
username=username,
email=email,
email_verified=True,
phone_no="",
phone_verified=False,
password=os.getrandom(10, os.GRND_NONBLOCK),
role="student",
score=0,
picture=picture)
user.email_verified_on = datetime.datetime.now()
db.session.add(user)
db.session.commit()
else:
user = que
login_user(user)
return redirect(url_for('main.home'))
def connect(url=None, *, create=False):
"""Connect to the database using an environment variable.
"""
logger.info("Connecting to SQL database")
if url is None:
url = 'postgresql://{user}:{password}@{host}/{database}'.format(
user=os.environ['POSTGRES_USER'],
password=os.environ['POSTGRES_PASSWORD'],
host=os.environ['POSTGRES_HOST'],
database=os.environ['POSTGRES_DB'],
)
engine = create_engine(url, connect_args={'connect_timeout': 10})
else:
engine = create_engine(url)
start = time.perf_counter()
while True:
try:
conn = engine.connect()
except OperationalError as e:
# Retry for 2 minutes
if time.perf_counter() < start + 120:
logger.info("Could not connect to database, retrying; %s", e)
time.sleep(5)
else:
raise
else:
break
tables_exist = engine.dialect.has_table(conn, 'experiments')
if not tables_exist:
if create:
logger.warning("The tables don't seem to exist; creating")
Base.metadata.create_all(bind=engine)
else:
logger.warning("The tables don't seem to exist; exiting!")
sys.exit(1)
DBSession = sessionmaker(bind=engine)
db = DBSession()
if not tables_exist:
shortids_salt = os.getrandom(64)
db.add(
Setting(
name='shortids_salt',
value=b64encode(shortids_salt).decode('ascii'),
))
db.commit()
else:
shortids_salt = db.query(Setting).get('shortids_salt')
if shortids_salt is None:
raise RuntimeError("Database exists but no shortids_salt set")
shortids_salt = b64decode(shortids_salt.value.encode('ascii'))
global run_short_ids, upload_short_ids
run_short_ids = ShortIDs(b'run' + shortids_salt)
upload_short_ids = ShortIDs(b'upload' + shortids_salt)
return DBSession
def random_gen(fs):
b = 4 * 1024 * 1024
fsize = fs
while fsize:
tw = min(fsize, b)
fsize -= tw
print(fsize)
yield os.getrandom(tw)
def collect_urandom(info_add):
import os
if hasattr(os, 'getrandom'):
# PEP 524: Check if system urandom is initialized
try:
try:
os.getrandom(1, os.GRND_NONBLOCK)
state = 'ready (initialized)'
except BlockingIOError as exc:
state = 'not seeded yet (%s)' % exc
info_add('os.getrandom', state)
except OSError as exc:
# Python was compiled on a more recent Linux version
# than the current Linux kernel: ignore OSError(ENOSYS)
if exc.errno != errno.ENOSYS:
raise
def getRandomNumber():
"""
gets random data from os.getrandom
:return:
"""
bytes = os.getrandom((int)(ACCURACY / 8))
integer = int.from_bytes(bytes, byteorder='big')
return integer
def PKCS1_Pad(self: object, message: bytes) -> bytes:
"""
Pads the given binary data conforming to the PKCS 1.5 format.
"""
(e, n) = self.pub
byte_length = (n.bit_length() + 7) // 8
padding_string = os.getrandom(byte_length - 3 - len(message))
return b"\x00\x02" + padding_string + b'\x00' + message
def generate_data(self, file_size: int):
"""Generates random bytes into each file."""
for directory, _, files in walk(self.root_directory):
for file_name in files:
current_file = Path(directory) / file_name
self.logger.debug(f"writing to file:\n{current_file}")
for _ in progressbar(range(file_size)):
with open(current_file, mode="ab") as write_file:
write_file.write(getrandom(size=MEGABYTE))
def check(idx, config):
test_id = generate_id()
test_name = f"{test_id}_{idx}"
dump_dir = OUTPUT_DIR.joinpath(f"dmp_{test_name}")
util.check_dir(dump_dir)
log_file = dump_dir.joinpath(f"{test_name}.log")
p4_file = dump_dir.joinpath(f"{test_name}.p4")
seed = int.from_bytes(os.getrandom(8), "big")
log.info("Testing P4 program: %s - Seed: %s", p4_file.name, seed)
# generate a random program
result, p4_file = generate_p4_prog(P4RANDOM_BIN, p4_file, config, seed)
if result.returncode != util.EXIT_SUCCESS:
log.error("Failed generate P4 code!")
dump_result(result, GENERATOR_BUG_DIR, p4_file)
# reset the dump directory
util.del_dir(dump_dir)
return result.returncode
# check compilation
result = compile_p4_prog(config["compiler_bin"], p4_file, dump_dir)
if result.returncode != util.EXIT_SUCCESS:
if not is_known_bug(result):
log.error("Failed to compile the P4 code!")
log.error("Found a new bug!")
dump_result(result, CRASH_BUG_DIR, p4_file)
dump_file(CRASH_BUG_DIR, p4_file)
if config["do_prune"]:
info_file = CRASH_BUG_DIR.joinpath(f"{p4_file.stem}_info.json")
info = validation.INFO
# customize the main info with the new information
info["compiler"] = str(config["compiler_bin"])
info["exit_code"] = result.returncode
info["p4z3_bin"] = str(P4Z3_BIN)
info["out_dir"] = str(CRASH_BUG_DIR)
info["input_file"] = str(p4_file)
info["allow_undef"] = False
info["err_string"] = result.stderr.decode("utf-8")
log.error("Dumping configuration to %s.", info_file)
with open(info_file, 'w') as json_file:
json.dump(info, json_file, indent=2, sort_keys=True)
p4_cmd = f"{PRUNER_BIN} "
p4_cmd += f"--config {info_file} "
p4_cmd += f" {CRASH_BUG_DIR.joinpath(f'{p4_file.stem}.p4')} "
log.error("Pruning P4 file with command %s ", p4_cmd)
util.start_process(p4_cmd)
# reset the dump directory
util.del_dir(dump_dir)
return result
# check validation
if config["do_validate"]:
result = validate(dump_dir, p4_file, log_file, config)
elif config["use_blackbox"]:
result = run_p4_test(dump_dir, p4_file, log_file, config)
# reset the dump directory
util.del_dir(dump_dir)
return result
def main(args):
if args.randomize_input:
seed = int.from_bytes(os.getrandom(8), "big")
z3.set_param(
"smt.phase_selection",
5,
"smt.random_seed",
seed,
"smt.arith.random_initial_value",
True,
"sat.phase",
"random",
)
config = {}
config["arch"] = args.arch
if config["arch"] == "tna":
config["pipe_name"] = "pipe0_ingress"
config["ingress_var"] = "ingress"
elif config["arch"] == "v1model":
config["pipe_name"] = "ig"
config["ingress_var"] = "ig"
elif config["arch"] == "psa":
config["pipe_name"] = "ingress_ig"
config["ingress_var"] = "ig"
else:
raise RuntimeError("Unsupported test arch \"%s\"!" % config["arch"])
if args.p4_input:
p4_input = Path(args.p4_input)
out_base_dir = Path(args.out_dir)
else:
out_base_dir = Path(args.out_dir).joinpath("rnd_test")
util.check_dir(out_base_dir)
p4_input = out_base_dir.joinpath("rnd_test.p4")
# generate a random program from scratch
generate_p4_prog(P4RANDOM_BIN, p4_input, config)
if os.path.isfile(p4_input):
out_dir = out_base_dir.joinpath(p4_input.stem)
util.del_dir(out_dir)
config["out_dir"] = out_dir
config["p4_input"] = p4_input
result = perform_blackbox_test(config)
else:
util.check_dir(out_base_dir)
for p4_file in list(p4_input.glob("**/*.p4")):
out_dir = out_base_dir.joinpath(p4_file.stem)
util.del_dir(out_dir)
config["out_dir"] = out_dir
config["p4_input"] = p4_file
result = perform_blackbox_test(config)
sys.exit(result)
def service_request():
form = ServiceRequestForm()
try:
form.phone.data = current_user.phone
form.email.data = current_user.email
form.first_name.data = current_user.first_name
form.last_name.data = current_user.last_name
except Exception:
pass
if form.validate_on_submit():
service_request = ServiceRequest(service=form.service.data,
add_info=form.add_info.data,
first_name=form.first_name.data,
last_name=form.last_name.data,
email=form.email.data,
phone=form.phone.data)
db.session.add(service_request)
if not User.query.filter_by(email=form.email.data):
rand_id = int.from_bytes(os.getrandom(8), 'big')
rand_pass = int.from_bytes(os.getrandom(16), 'big')
hashed_pass = bcrypt.generate_password_hash(rand_pass).decode(
'utf-8')
user = User(id=rand_id,
first_name=form.first_name.data,
last_name=form.last_name.data,
email=form.email.data,
phone=form.phone.data,
password=hashed_pass,
picture='')
db.session.add(user)
db.session.commit()
flash(
'Request created! Let our pros a bit of time to respond with a quote.',
'success')
return redirect(url_for('index'))
return render_template('service-request.html',
title='Find Pros',
form=form,
beta=beta)
def setUp(self) -> None:
self.total = sum(
(10**5, sum(range(10**2, 10**3)), 10**5, sum(range(10**2, 10**3)),
os.path.getsize(PATH_IMAGE)))
self.binary = os.getrandom(10**5)
self.bufsize = 8192
self.iter = BufferedConcatIterator(self.binary,
test_generator(),
self.binary,
test_generator(),
BufferedFileIterator(PATH_IMAGE),
bufsize=self.bufsize)
def EncryptZippedOutput(pubKeyObj):
try:
input = open(zippedOutputPath, 'rb')
output = open('/iexec_out/result.zip.aes', 'wb+')
#generate initalization vector for AES and prepend it to output
iv = os.getrandom(16)
output.write(iv)
WriteInitializationVector(iv)
#generate AES key and encrypt it/write it on disk
key = os.getrandom(32)
WriteEncryptedKey(key, pubKeyObj)
aes = AES.new(key, AES.MODE_CBC, iv)
buffer_size = 8192
#chunks = iter(lambda: input.read(buffer_size), '')
result = input.read()
#for chunk in chunks:
output.write(aes.encrypt(result))
except Exception as ex:
traceback.print_exc()
def twofactorauth():
if request.method == 'POST' and request.form['submit_button'] == 'update':
random_str = os.getrandom(32, os.GRND_NONBLOCK)
otp_secret = base64.b32encode(random_str).decode('utf-8')
sql = ("UPDATE users " "SET otp_secret = %s " "WHERE username = %s")
db.engine.execute(sql, otp_secret, current_user.username)
s = u'OTP secret been updated. Capture new QRCode with camera.'
flash(s, 'success')
return render_template('twofactorauth.html'), 200, {
'Cache-Control': 'no-cache, no-store, must-revalidate',
'Pragma': 'no-cache',
'Expires': '0'
}
def set_vnc_password():
default_password = binascii.hexlify(os.getrandom(16)).decode()
os.environ.setdefault('VNC_PASSWORD', default_password)
os.makedirs(os.path.expanduser('~/.vnc'), exist_ok=True)
with open(os.path.expanduser('~/.vnc/passwd'), 'w') as fp:
proc = subprocess.Popen(
args=['vncpasswd', '-f'],
stdout=fp,
stdin=subprocess.PIPE,
)
proc.communicate(input=os.environ['VNC_PASSWORD'].encode())
proc.wait()
assert proc.returncode == 0
subprocess.check_call(['chmod', '-R', 'go=', os.path.expanduser('~/.vnc')])
print('VNC password is:', os.environ['VNC_PASSWORD'])
def make_bigdata() -> None:
if not os.path.isfile(PATH_BIGDATA_1KB):
with open(PATH_BIGDATA_1KB, "wb") as f_1k:
f_1k.write(os.getrandom(10**3))
if not os.path.isfile(PATH_BIGDATA_1MB):
with open(PATH_BIGDATA_1MB, "wb") as f_1m:
with open(PATH_BIGDATA_1KB, "rb") as f_1k:
data_1k = f_1k.read()
for _ in range(10**3):
f_1m.write(data_1k)
if not os.path.isfile(PATH_BIGDATA_1GB):
with open(PATH_BIGDATA_1GB, "wb") as f_1g:
with open(PATH_BIGDATA_1MB, "rb") as f_1m:
data_1m = f_1m.read()
for _ in range(10**3):
f_1g.write(data_1m)
def new_part_account(self):
"create a key pair and send a bunch of algos to the addr so it can participate"
privkey_b64, addr_b32 = algosdk.account.generate_account()
with open(addr_b32 + '.json', 'wt') as fout:
json.dump({'a': addr_b32, 'p': privkey_b64}, fout)
pubw, maxpubaddr = self.get_pub_wallet()
algod, kmd = self.connect()
params = algod.suggested_params()
destAmount = int(self.maxaddramount / 30)
txn = algosdk.transaction.PaymentTxn(sender=maxpubaddr,
fee=params.min_fee,
first=params.first,
last=params.last,
gh=params.gh,
gen=params.gen,
receiver=addr_b32,
amt=destAmount,
note=os.getrandom(8),
flat_fee=True)
logger.debug('%s -> %s %d', maxpubaddr, addr_b32, destAmount)
logger.debug('%s', json.dumps(db64(txn.dictify())))
tries = 3
stxn = None
while True:
try:
pubw = kmd.init_wallet_handle(self.pubwid, '')
stxn = kmd.sign_transaction(pubw, '', txn)
break
except Exception as e:
# kmd might have just timed out
tries -= 1
if tries <= 0:
raise
logger.warning('kmd sign fail, retrying... (%s)', e)
kmd, pubw = self.re_kmd()
txid = algod.send_transaction(stxn)
logger.info('fund %d %s -> %s', destAmount, maxpubaddr, addr_b32)
self.maxaddramount -= destAmount
return privkey_b64, addr_b32
def signup():
form = SignupForm()
if form.validate_on_submit():
hashed_pass = bcrypt.generate_password_hash(
form.password.data).decode('utf-8')
rand_id = int.from_bytes(os.getrandom(8), 'big')
user = User(id=rand_id,
first_name=form.first_name.data,
last_name=form.last_name.data,
email=form.email.data,
phone=form.phone.data,
password=hashed_pass,
picture='')
db.session.add(user)
db.session.commit()
flash('Sign up step is finished!', 'success')
return redirect(url_for('login'))
return render_template('signup.html',
title='Sign Up',
form=form,
beta=beta)
def connect(url=None):
"""Connect to the database using an environment variable.
"""
logging.info("Connecting to SQL database")
if url is None:
url = 'postgresql://{user}:{password}@{host}/{database}'.format(
user=os.environ['POSTGRES_USER'],
password=os.environ['POSTGRES_PASSWORD'],
host=os.environ['POSTGRES_HOST'],
database=os.environ['POSTGRES_DB'],
)
engine = create_engine(url, echo=False)
tables_exist = engine.dialect.has_table(engine.connect(), 'experiments')
if not tables_exist:
logging.warning("The tables don't seem to exist; creating")
Base.metadata.create_all(bind=engine)
DBSession = sessionmaker(bind=engine)
db = DBSession()
if not tables_exist:
shortids_salt = os.getrandom(64)
db.add(
Setting(
name='shortids_salt',
value=shortids_salt.decode('iso-8859-15'),
))
db.commit()
else:
shortids_salt = db.query(Setting).get('shortids_salt')
if shortids_salt is None:
raise RuntimeError("Database exists but no shortids_salt set")
shortids_salt = shortids_salt.value.encode('iso-8859-15')
global run_short_ids, upload_short_ids
run_short_ids = ShortIDs(b'run' + shortids_salt)
upload_short_ids = ShortIDs(b'upload' + shortids_salt)
return DBSession
def random_phrase(self, key=None):
'''Return random phrase from key list'''
random.seed(os.getrandom(10))
# If no key is given, choose randomly from all found in database
if key is None:
_key = random.choice(self.keys)
else:
_key = key
if _key not in self.keys:
return {
'key': _key,
'phrase': 'Error: key {} not found in database'.format(_key),
'prefix': None
}
return {
'key': _key,
'phrase': random.choice(self.phrases[_key]),
'prefix': self.PREFIXES.get(_key)
}
def csprng() -> bytes:
"""Generate a cryptographically secure, 256-bit random key.
Key is generated with kernel CSPRNG, the output of which is further
compressed with hash_chain. This increases preimage resistance that
protects the internal state of the entropy pool. Additional hashing
is done as per the recommendation of djb:
https://media.ccc.de/v/32c3-7210-pqchacks#video&t=1116
Since Python3.6.0, os.urandom is a wrapper for best available
CSPRNG. The 3.17 and earlier versions of Linux kernel do not support
the GETRANDOM call, and Python3.6's os.urandom will in those cases
fallback to non-blocking /dev/urandom that is not secure on live
distros as they have low entropy at the start of the session.
TFC uses os.getrandom(32, flags=0) explicitly. This forces use of
recent enough Python interpreter (3.6 or later) and limits Linux
kernel version to 3.17 or later.* The flag 0 will block urandom if
internal state of CSPRNG has less than 128 bits of entropy.
* Since kernel 4.8, ChaCha20 has replaced SHA-1 as the compressor
for /dev/urandom. As a good practice, TFC runs the
check_kernel_version to ensure minimum version is actually 4.8,
not 3.17.
:return: Cryptographically secure 256-bit random key
"""
# As Travis CI lacks GETRANDOM syscall, fallback to urandom.
if 'TRAVIS' in os.environ and os.environ['TRAVIS'] == 'true':
entropy = os.urandom(KEY_LENGTH)
else:
entropy = os.getrandom(KEY_LENGTH, flags=0)
assert len(entropy) == KEY_LENGTH
return hash_chain(entropy)
def collect_os(info_add):
import os
def format_attr(attr, value):
if attr in ('supports_follow_symlinks', 'supports_fd',
'supports_effective_ids'):
return str(sorted(func.__name__ for func in value))
else:
return value
attributes = (
'name',
'supports_bytes_environ',
'supports_effective_ids',
'supports_fd',
'supports_follow_symlinks',
)
copy_attributes(info_add, os, 'os.%s', attributes, formatter=format_attr)
call_func(info_add, 'os.cwd', os, 'getcwd')
call_func(info_add, 'os.uid', os, 'getuid')
call_func(info_add, 'os.gid', os, 'getgid')
call_func(info_add, 'os.uname', os, 'uname')
def format_groups(groups):
return ', '.join(map(str, groups))
call_func(info_add, 'os.groups', os, 'getgroups', formatter=format_groups)
if hasattr(os, 'getlogin'):
try:
login = os.getlogin()
except OSError:
# getlogin() fails with "OSError: [Errno 25] Inappropriate ioctl
# for device" on Travis CI
pass
else:
info_add("os.login", login)
call_func(info_add, 'os.cpu_count', os, 'cpu_count')
call_func(info_add, 'os.loadavg', os, 'getloadavg')
# Get environment variables: filter to list
# to not leak sensitive information
ENV_VARS = (
"CC",
"COMSPEC",
"DISPLAY",
"DISTUTILS_USE_SDK",
"DYLD_LIBRARY_PATH",
"HOME",
"HOMEDRIVE",
"HOMEPATH",
"LANG",
"LD_LIBRARY_PATH",
"MACOSX_DEPLOYMENT_TARGET",
"MAKEFLAGS",
"MSSDK",
"PATH",
"SDK_TOOLS_BIN",
"SHELL",
"TEMP",
"TERM",
"TMP",
"TMPDIR",
"USERPROFILE",
"WAYLAND_DISPLAY",
)
for name, value in os.environ.items():
uname = name.upper()
if (uname in ENV_VARS
# Copy PYTHON* and LC_* variables
or uname.startswith(("PYTHON", "LC_"))
# Visual Studio: VS140COMNTOOLS
or (uname.startswith("VS") and uname.endswith("COMNTOOLS"))):
info_add('os.environ[%s]' % name, value)
if hasattr(os, 'umask'):
mask = os.umask(0)
os.umask(mask)
info_add("os.umask", '%03o' % mask)
if hasattr(os, 'getrandom'):
# PEP 524: Check if system urandom is initialized
try:
try:
os.getrandom(1, os.GRND_NONBLOCK)
state = 'ready (initialized)'
except BlockingIOError as exc:
state = 'not seeded yet (%s)' % exc
info_add('os.getrandom', state)
except OSError as exc:
# Python was compiled on a more recent Linux version
# than the current Linux kernel: ignore OSError(ENOSYS)
if exc.errno != errno.ENOSYS:
raise
def collect_os(info_add):
import os
def format_attr(attr, value):
if attr in ('supports_follow_symlinks', 'supports_fd',
'supports_effective_ids'):
return str(sorted(func.__name__ for func in value))
else:
return value
attributes = (
'name',
'supports_bytes_environ',
'supports_effective_ids',
'supports_fd',
'supports_follow_symlinks',
)
copy_attributes(info_add, os, 'os.%s', attributes, formatter=format_attr)
call_func(info_add, 'os.cwd', os, 'getcwd')
call_func(info_add, 'os.uid', os, 'getuid')
call_func(info_add, 'os.gid', os, 'getgid')
call_func(info_add, 'os.uname', os, 'uname')
def format_groups(groups):
return ', '.join(map(str, groups))
call_func(info_add, 'os.groups', os, 'getgroups', formatter=format_groups)
if hasattr(os, 'getlogin'):
try:
login = os.getlogin()
except OSError:
# getlogin() fails with "OSError: [Errno 25] Inappropriate ioctl
# for device" on Travis CI
pass
else:
info_add("os.login", login)
call_func(info_add, 'os.cpu_count', os, 'cpu_count')
call_func(info_add, 'os.loadavg', os, 'getloadavg')
# Get environment variables: filter to list
# to not leak sensitive information
ENV_VARS = (
"CC",
"COMSPEC",
"DISPLAY",
"DISTUTILS_USE_SDK",
"DYLD_LIBRARY_PATH",
"HOME",
"HOMEDRIVE",
"HOMEPATH",
"LANG",
"LD_LIBRARY_PATH",
"MACOSX_DEPLOYMENT_TARGET",
"MAKEFLAGS",
"MSSDK",
"PATH",
"SDK_TOOLS_BIN",
"SHELL",
"TEMP",
"TERM",
"TMP",
"TMPDIR",
"USERPROFILE",
"WAYLAND_DISPLAY",
)
for name, value in os.environ.items():
uname = name.upper()
if (uname in ENV_VARS
# Copy PYTHON* and LC_* variables
or uname.startswith(("PYTHON", "LC_"))
# Visual Studio: VS140COMNTOOLS
or (uname.startswith("VS") and uname.endswith("COMNTOOLS"))):
info_add('os.environ[%s]' % name, value)
if hasattr(os, 'umask'):
mask = os.umask(0)
os.umask(mask)
info_add("os.umask", '%03o' % mask)
if hasattr(os, 'getrandom'):
# PEP 524: Check if system urandom is initialized
try:
try:
os.getrandom(1, os.GRND_NONBLOCK)
state = 'ready (initialized)'
except BlockingIOError as exc:
state = 'not seeded yet (%s)' % exc
info_add('os.getrandom', state)
except OSError as exc:
# Python was compiled on a more recent Linux version
# than the current Linux kernel: ignore OSError(ENOSYS)
if exc.errno != errno.ENOSYS:
raise
def collect_os(info_add):
import os
def format_attr(attr, value):
if attr in ('supports_follow_symlinks', 'supports_fd',
'supports_effective_ids'):
return str(sorted(func.__name__ for func in value))
else:
return value
attributes = (
'name',
'supports_bytes_environ',
'supports_effective_ids',
'supports_fd',
'supports_follow_symlinks',
)
copy_attributes(info_add, os, 'os.%s', attributes, formatter=format_attr)
call_func(info_add, 'os.cwd', os, 'getcwd')
call_func(info_add, 'os.uid', os, 'getuid')
call_func(info_add, 'os.gid', os, 'getgid')
call_func(info_add, 'os.uname', os, 'uname')
def format_groups(groups):
return ', '.join(map(str, groups))
call_func(info_add, 'os.groups', os, 'getgroups', formatter=format_groups)
if hasattr(os, 'getlogin'):
try:
login = os.getlogin()
except OSError:
# getlogin() fails with "OSError: [Errno 25] Inappropriate ioctl
# for device" on Travis CI
pass
else:
info_add("os.login", login)
call_func(info_add, 'os.cpu_count', os, 'cpu_count')
call_func(info_add, 'os.loadavg', os, 'getloadavg')
# Environment variables used by the stdlib and tests. Don't log the full
# environment: filter to list to not leak sensitive information.
#
# HTTP_PROXY is not logged because it can contain a password.
ENV_VARS = frozenset((
"APPDATA",
"AR",
"ARCHFLAGS",
"ARFLAGS",
"AUDIODEV",
"CC",
"CFLAGS",
"COLUMNS",
"COMPUTERNAME",
"COMSPEC",
"CPP",
"CPPFLAGS",
"DISPLAY",
"DISTUTILS_DEBUG",
"DISTUTILS_USE_SDK",
"DYLD_LIBRARY_PATH",
"ENSUREPIP_OPTIONS",
"HISTORY_FILE",
"HOME",
"HOMEDRIVE",
"HOMEPATH",
"IDLESTARTUP",
"LANG",
"LDFLAGS",
"LDSHARED",
"LD_LIBRARY_PATH",
"LINES",
"MACOSX_DEPLOYMENT_TARGET",
"MAILCAPS",
"MAKEFLAGS",
"MIXERDEV",
"MSSDK",
"PATH",
"PATHEXT",
"PIP_CONFIG_FILE",
"PLAT",
"POSIXLY_CORRECT",
"PY_SAX_PARSER",
"ProgramFiles",
"ProgramFiles(x86)",
"RUNNING_ON_VALGRIND",
"SDK_TOOLS_BIN",
"SERVER_SOFTWARE",
"SHELL",
"SOURCE_DATE_EPOCH",
"SYSTEMROOT",
"TEMP",
"TERM",
"TILE_LIBRARY",
"TIX_LIBRARY",
"TMP",
"TMPDIR",
"TRAVIS",
"TZ",
"USERPROFILE",
"VIRTUAL_ENV",
"WAYLAND_DISPLAY",
"WINDIR",
"_PYTHON_HOST_PLATFORM",
"_PYTHON_PROJECT_BASE",
"_PYTHON_SYSCONFIGDATA_NAME",
"__PYVENV_LAUNCHER__",
))
for name, value in os.environ.items():
uname = name.upper()
if (uname in ENV_VARS
# Copy PYTHON* and LC_* variables
or uname.startswith(("PYTHON", "LC_"))
# Visual Studio: VS140COMNTOOLS
or (uname.startswith("VS") and uname.endswith("COMNTOOLS"))):
info_add('os.environ[%s]' % name, value)
if hasattr(os, 'umask'):
mask = os.umask(0)
os.umask(mask)
info_add("os.umask", '%03o' % mask)
if hasattr(os, 'getrandom'):
# PEP 524: Check if system urandom is initialized
try:
try:
os.getrandom(1, os.GRND_NONBLOCK)
state = 'ready (initialized)'
except BlockingIOError as exc:
state = 'not seeded yet (%s)' % exc
info_add('os.getrandom', state)
except OSError as exc:
# Python was compiled on a more recent Linux version
# than the current Linux kernel: ignore OSError(ENOSYS)
if exc.errno != errno.ENOSYS:
raise
if len(sys.argv) != 2:
print("Usage: ./encryption_test.py <path to whitebox binary>")
sys.exit(-1)
# This is a test bed for testing the correctness and performance
# of the white box AES cipher implementation
# In order to do this, a random AES key and IV is generated
# and then a chunk of data is encrypted and compared
AES_key = Random.new().read(AES.block_size)
AES_iv = Random.new().read(AES.block_size)
# Generate a random file as a testbed
out_file = tempfile.NamedTemporaryFile()
out_file_name = out_file.name
out_file.write(os.getrandom(1024 * 1024))
out_file.flush()
# Generate white box tables
whitebox_table_name_encryption = next(tempfile._get_candidate_names())
whitebox_table_name_decryption = next(tempfile._get_candidate_names())
subprocess.run([
sys.argv[1], "--create-encryption-tables", whitebox_table_name_encryption,
'--key',
AES_key.hex()
])
subprocess.run([
sys.argv[1], '--create-decryption-tables', whitebox_table_name_decryption,
'--key',
AES_key.hex()
])
def handler(context, events):
proc = subprocess.Popen(["cat /proc/sys/kernel/random/boot_id"],
stdout=subprocess.PIPE,
shell=True)
output = ""
(out, err) = proc.communicate()
output = output + "bootId: " + str(out) + "\n"
print("bootId: " + str(out))
proc = subprocess.Popen(["cat /proc/uptime"],
stdout=subprocess.PIPE,
shell=True)
(out, err) = proc.communicate()
output = output + "uptime: " + str(out) + "\n"
print("uptime: " + str(out))
proc = subprocess.Popen(["cat /proc/stat"],
stdout=subprocess.PIPE,
shell=True)
(out, err) = proc.communicate()
output = output + "stat: " + str(out) + "\n"
print("stat: " + str(out))
proc = subprocess.Popen(["cat /proc/softirqs"],
stdout=subprocess.PIPE,
shell=True)
(out, err) = proc.communicate()
output = output + "softirqs: " + str(out) + "\n"
print("softirqs: " + str(out))
proc = subprocess.Popen(["cat /proc/interrupts"],
stdout=subprocess.PIPE,
shell=True)
(out, err) = proc.communicate()
output = output + "interrupts: " + str(out) + "\n"
print("interrupts: " + str(out))
proc = subprocess.Popen(["cat /proc/zoneinfo"],
stdout=subprocess.PIPE,
shell=True)
(out, err) = proc.communicate()
output = output + "zoneinfo: " + str(out) + "\n"
print("zoneinfo: " + str(out))
proc = subprocess.Popen(["cat /proc/sys/fs/file-nr"],
stdout=subprocess.PIPE,
shell=True)
(out, err) = proc.communicate()
output = output + "file-nr: " + str(out) + "\n"
print("file-nr: " + str(out))
proc = subprocess.Popen(["cat /proc/meminfo"],
stdout=subprocess.PIPE,
shell=True)
(out, err) = proc.communicate()
output = output + "meminfo: " + str(out) + "\n"
print("meminfo: " + str(out))
mac = ':'.join([
'{:02x}'.format((uuid.getnode() >> ele) & 0xff)
for ele in range(0, 8 * 6, 8)
][::-1])
output = output + "mac: " + mac + "\n"
print("osname: " + str(os.uname()))
device = os.stat("/home").st_dev
# Print the raw device number
print("Raw device number:", device)
# Extract the device minor number
# from the above raw device number
output = output + "times: " + str(os.times()) + "\n"
print(os.getrandom(200, os.GRND_RANDOM))
print("times: " + str(os.times()))
return output