summaryrefslogtreecommitdiff
path: root/frontend/delta
authorGiulio Cesare Solaroli <giulio.cesare@clipperz.com>2014-06-19 10:32:07 (UTC)
committer Giulio Cesare Solaroli <giulio.cesare@clipperz.com>2014-06-19 10:51:21 (UTC)
commita6852c93138f3c4596fb4df8bce5b7d19ef50478 (patch) (side-by-side diff)
tree6a8cfda52d54ae8990a0c51447980d06408ac6cc /frontend/delta
parent0422224521f62da210d1ae6ee15ecdf09f47f1f8 (diff)
downloadclipperz-a6852c93138f3c4596fb4df8bce5b7d19ef50478.zip
clipperz-a6852c93138f3c4596fb4df8bce5b7d19ef50478.tar.gz
clipperz-a6852c93138f3c4596fb4df8bce5b7d19ef50478.tar.bz2
Mitigation for vulnerability CLP-01-018
Diffstat (limited to 'frontend/delta') (more/less context) (show whitespace changes)
-rw-r--r--frontend/delta/js/Clipperz/Crypto/PRNG.js124
1 files changed, 44 insertions, 80 deletions
diff --git a/frontend/delta/js/Clipperz/Crypto/PRNG.js b/frontend/delta/js/Clipperz/Crypto/PRNG.js
index c539f06..7885429 100644
--- a/frontend/delta/js/Clipperz/Crypto/PRNG.js
+++ b/frontend/delta/js/Clipperz/Crypto/PRNG.js
@@ -21,6 +21,8 @@ refer to http://www.clipperz.com.
*/
+"use strict";
+
try { if (typeof(Clipperz.ByteArray) == 'undefined') { throw ""; }} catch (e) {
throw "Clipperz.Crypto.PRNG depends on Clipperz.ByteArray!";
}
@@ -197,12 +199,6 @@ Clipperz.Crypto.PRNG.TimeRandomnessSource.prototype = MochiKit.Base.update(new C
},
//-------------------------------------------------------------------------
-
- 'pollingFrequency': function() {
- return 10;
- },
-
- //-------------------------------------------------------------------------
__syntaxFix__: "syntax fix"
});
@@ -245,12 +241,12 @@ Clipperz.Crypto.PRNG.MouseRandomnessSource.prototype = MochiKit.Base.update(new
var numberOfRandomBitsCollected;
numberOfRandomBitsCollected = this.numberOfRandomBitsCollected();
- collectetBits = this.randomBitsCollector() | (aValue << numberOfRandomBitsCollected);
- this.setRandomBitsCollector(collectetBits);
+ collectedBits = this.randomBitsCollector() | (aValue << numberOfRandomBitsCollected);
+ this.setRandomBitsCollector(collectedBits);
numberOfRandomBitsCollected += this.numberOfBitsToCollectAtEachEvent();
if (numberOfRandomBitsCollected == 8) {
- this.updateGeneratorWithValue(collectetBits);
+ this.updateGeneratorWithValue(collectedBits);
numberOfRandomBitsCollected = 0;
this.setRandomBitsCollector(0);
}
@@ -289,93 +285,51 @@ Clipperz.Crypto.PRNG.MouseRandomnessSource.prototype = MochiKit.Base.update(new
},
//-------------------------------------------------------------------------
-
- 'pollingFrequency': function() {
- return 10;
- },
-
- //-------------------------------------------------------------------------
__syntaxFix__: "syntax fix"
});
//*****************************************************************************
-Clipperz.Crypto.PRNG.KeyboardRandomnessSource = function(args) {
+Clipperz.Crypto.PRNG.CryptoRandomRandomnessSource = function(args) {
args = args || {};
- Clipperz.Crypto.PRNG.RandomnessSource.call(this, args);
- this._randomBitsCollector = 0;
- this._numberOfRandomBitsCollected = 0;
+ this._intervalTime = args.intervalTime || 1000;
+ this._browserCrypto = args.browserCrypto;
- MochiKit.Signal.connect(document, 'onkeypress', this, 'collectEntropy');
+ Clipperz.Crypto.PRNG.RandomnessSource.call(this, args);
+ this.collectEntropy();
return this;
}
-Clipperz.Crypto.PRNG.KeyboardRandomnessSource.prototype = MochiKit.Base.update(new Clipperz.Crypto.PRNG.RandomnessSource, {
-
- //-------------------------------------------------------------------------
-
- 'randomBitsCollector': function() {
- return this._randomBitsCollector;
- },
-
- 'setRandomBitsCollector': function(aValue) {
- this._randomBitsCollector = aValue;
- },
-
- 'appendRandomBitToRandomBitsCollector': function(aValue) {
- var collectedBits;
- var numberOfRandomBitsCollected;
-
- numberOfRandomBitsCollected = this.numberOfRandomBitsCollected();
- collectetBits = this.randomBitsCollector() | (aValue << numberOfRandomBitsCollected);
- this.setRandomBitsCollector(collectetBits);
- numberOfRandomBitsCollected ++;
-
- if (numberOfRandomBitsCollected == 8) {
- this.updateGeneratorWithValue(collectetBits);
- numberOfRandomBitsCollected = 0;
- this.setRandomBitsCollector(0);
- }
-
- this.setNumberOfRandomBitsCollected(numberOfRandomBitsCollected)
- },
+Clipperz.Crypto.PRNG.CryptoRandomRandomnessSource.prototype = MochiKit.Base.update(new Clipperz.Crypto.PRNG.RandomnessSource, {
- //-------------------------------------------------------------------------
-
- 'numberOfRandomBitsCollected': function() {
- return this._numberOfRandomBitsCollected;
+ 'intervalTime': function() {
+ return this._intervalTime;
},
- 'setNumberOfRandomBitsCollected': function(aValue) {
- this._numberOfRandomBitsCollected = aValue;
+ 'browserCrypto': function () {
+ return this._browserCrypto;
},
//-------------------------------------------------------------------------
- 'collectEntropy': function(anEvent) {
-/*
- var mouseLocation;
- var randomBit;
-
- mouseLocation = anEvent.mouse().client;
-
- randomBit = ((mouseLocation.x ^ mouseLocation.y) & 0x1);
- this.appendRandomBitToRandomBitsCollector(randomBit);
-*/
- },
-
- //-------------------------------------------------------------------------
+ 'collectEntropy': function() {
+ var bytesToCollect;
- 'numberOfRandomBits': function() {
- return 1;
- },
+ if (this.boostMode() == true) {
+ bytesToCollect = 8;
+ } else {
+ bytesToCollect = 32;
+ }
- //-------------------------------------------------------------------------
+ var randomValuesArray = new Uint8Array(bytesToCollect);
+ this.browserCrypto().getRandomValues(randomValuesArray);
+ for (var i = 0; i < randomValuesArray.length; i++) {
+ this.updateGeneratorWithValue(randomValuesArray[i]);
+ }
- 'pollingFrequency': function() {
- return 10;
+ setTimeout(this.collectEntropy, this.intervalTime());
},
//-------------------------------------------------------------------------
@@ -635,7 +589,7 @@ Clipperz.logWarning("Fortuna generator has not enough entropy, yet!");
},
//-------------------------------------------------------------------------
-
+/*
'dump': function(appendToDoc) {
var tbl;
var i,c;
@@ -741,7 +695,7 @@ Clipperz.logWarning("Fortuna generator has not enough entropy, yet!");
return tbl;
},
-
+*/
//-----------------------------------------------------------------------------
__syntaxFix__: "syntax fix"
});
@@ -784,7 +738,7 @@ Clipperz.Crypto.PRNG.Random.prototype = MochiKit.Base.update(null, {
//#############################################################################
-_clipperz_crypt_prng_defaultPRNG = null;
+var _clipperz_crypt_prng_defaultPRNG = null;
Clipperz.Crypto.PRNG.defaultRandomGenerator = function() {
if (_clipperz_crypt_prng_defaultPRNG == null) {
@@ -816,16 +770,26 @@ Clipperz.Crypto.PRNG.defaultRandomGenerator = function() {
//.............................................................
//
- // KeyboardRandomnessSource
+ // CryptoRandomRandomnessSource
//
//.............................................................
{
var newRandomnessSource;
+ var browserCrypto;
- newRandomnessSource = new Clipperz.Crypto.PRNG.KeyboardRandomnessSource();
- _clipperz_crypt_prng_defaultPRNG.addRandomnessSource(newRandomnessSource);
+ if (window.crypto && window.crypto.getRandomValues) {
+ browserCrypto = window.crypto;
+ } else if (window.msCrypto && window.msCrypto.getRandomValues) {
+ browserCrypto = window.msCrypto;
+ } else {
+ browserCrypto = null;
}
+ if (browserCrypto != null) {
+ newRandomnessSource = new Clipperz.Crypto.PRNG.CryptoRandomRandomnessSource({'browserCrypto':browserCrypto});
+ _clipperz_crypt_prng_defaultPRNG.addRandomnessSource(newRandomnessSource);
+ }
+ }
}
return _clipperz_crypt_prng_defaultPRNG;