| author | Giulio Cesare Solaroli <giulio.cesare@clipperz.com> | 2014-06-19 10:32:07 (UTC) |
|---|---|---|
| committer | Giulio Cesare Solaroli <giulio.cesare@clipperz.com> | 2014-06-19 10:51:21 (UTC) |
| commit | a6852c93138f3c4596fb4df8bce5b7d19ef50478 (patch) (side-by-side diff) | |
| tree | 6a8cfda52d54ae8990a0c51447980d06408ac6cc | |
| parent | 0422224521f62da210d1ae6ee15ecdf09f47f1f8 (diff) | |
| download | clipperz-a6852c93138f3c4596fb4df8bce5b7d19ef50478.zip clipperz-a6852c93138f3c4596fb4df8bce5b7d19ef50478.tar.gz clipperz-a6852c93138f3c4596fb4df8bce5b7d19ef50478.tar.bz2 | |
Mitigation for vulnerability CLP-01-018
| -rw-r--r-- | frontend/beta/js/Clipperz/Crypto/PRNG.js | 130 | ||||
| -rw-r--r-- | frontend/delta/js/Clipperz/Crypto/PRNG.js | 128 | ||||
| -rw-r--r-- | frontend/gamma/js/Clipperz/Crypto/PRNG.js | 128 |
3 files changed, 135 insertions, 251 deletions
diff --git a/frontend/beta/js/Clipperz/Crypto/PRNG.js b/frontend/beta/js/Clipperz/Crypto/PRNG.js index b5c3f8a..92966d0 100644 --- a/frontend/beta/js/Clipperz/Crypto/PRNG.js +++ b/frontend/beta/js/Clipperz/Crypto/PRNG.js @@ -188,30 +188,24 @@ Clipperz.Crypto.PRNG.TimeRandomnessSource.prototype = MochiKit.Base.update(new C this.updateGeneratorWithValue(entropyByte); setTimeout(this.collectEntropy, intervalTime); }, //------------------------------------------------------------------------- 'numberOfRandomBits': function() { return 5; }, //------------------------------------------------------------------------- - - 'pollingFrequency': function() { - return 10; - }, - - //------------------------------------------------------------------------- __syntaxFix__: "syntax fix" }); //***************************************************************************** Clipperz.Crypto.PRNG.MouseRandomnessSource = function(args) { args = args || {}; Clipperz.Crypto.PRNG.RandomnessSource.call(this, args); this._numberOfBitsToCollectAtEachEvent = 4; this._randomBitsCollector = 0; @@ -236,30 +230,30 @@ Clipperz.Crypto.PRNG.MouseRandomnessSource.prototype = MochiKit.Base.update(new return this._randomBitsCollector; }, 'setRandomBitsCollector': function(aValue) { this._randomBitsCollector = aValue; }, 'appendRandomBitsToRandomBitsCollector': function(aValue) { var collectedBits; var numberOfRandomBitsCollected; numberOfRandomBitsCollected = this.numberOfRandomBitsCollected(); - collectetBits = this.randomBitsCollector() | (aValue << numberOfRandomBitsCollected); - this.setRandomBitsCollector(collectetBits); + collectedBits = this.randomBitsCollector() | (aValue << numberOfRandomBitsCollected); + this.setRandomBitsCollector(collectedBits); numberOfRandomBitsCollected += this.numberOfBitsToCollectAtEachEvent(); if (numberOfRandomBitsCollected == 8) { - this.updateGeneratorWithValue(collectetBits); + this.updateGeneratorWithValue(collectedBits); numberOfRandomBitsCollected = 0; this.setRandomBitsCollector(0); } this.setNumberOfRandomBitsCollected(numberOfRandomBitsCollected) }, //------------------------------------------------------------------------- 'numberOfRandomBitsCollected': function() { return this._numberOfRandomBitsCollected; }, @@ -280,114 +274,72 @@ Clipperz.Crypto.PRNG.MouseRandomnessSource.prototype = MochiKit.Base.update(new mouseLocation = anEvent.mouse().client; randomBit = ((mouseLocation.x ^ mouseLocation.y) & mask); this.appendRandomBitsToRandomBitsCollector(randomBit) }, //------------------------------------------------------------------------- 'numberOfRandomBits': function() { return 1; }, //------------------------------------------------------------------------- - - 'pollingFrequency': function() { - return 10; - }, - - //------------------------------------------------------------------------- __syntaxFix__: "syntax fix" }); //***************************************************************************** -Clipperz.Crypto.PRNG.KeyboardRandomnessSource = function(args) { +Clipperz.Crypto.PRNG.CryptoRandomRandomnessSource = function(args) { args = args || {}; - Clipperz.Crypto.PRNG.RandomnessSource.call(this, args); - this._randomBitsCollector = 0; - this._numberOfRandomBitsCollected = 0; + this._intervalTime = args.intervalTime || 1000; + this._browserCrypto = args.browserCrypto; - MochiKit.Signal.connect(document, 'onkeypress', this, 'collectEntropy'); + Clipperz.Crypto.PRNG.RandomnessSource.call(this, args); + this.collectEntropy(); return this; } -Clipperz.Crypto.PRNG.KeyboardRandomnessSource.prototype = MochiKit.Base.update(new Clipperz.Crypto.PRNG.RandomnessSource, { - - //------------------------------------------------------------------------- - - 'randomBitsCollector': function() { - return this._randomBitsCollector; - }, +Clipperz.Crypto.PRNG.CryptoRandomRandomnessSource.prototype = MochiKit.Base.update(new Clipperz.Crypto.PRNG.RandomnessSource, { - 'setRandomBitsCollector': function(aValue) { - this._randomBitsCollector = aValue; + 'intervalTime': function() { + return this._intervalTime; }, - - 'appendRandomBitToRandomBitsCollector': function(aValue) { - var collectedBits; - var numberOfRandomBitsCollected; - - numberOfRandomBitsCollected = this.numberOfRandomBitsCollected(); - collectetBits = this.randomBitsCollector() | (aValue << numberOfRandomBitsCollected); - this.setRandomBitsCollector(collectetBits); - numberOfRandomBitsCollected ++; - - if (numberOfRandomBitsCollected == 8) { - this.updateGeneratorWithValue(collectetBits); - numberOfRandomBitsCollected = 0; - this.setRandomBitsCollector(0); - } - - this.setNumberOfRandomBitsCollected(numberOfRandomBitsCollected) + + 'browserCrypto': function () { + return this._browserCrypto; }, //------------------------------------------------------------------------- - 'numberOfRandomBitsCollected': function() { - return this._numberOfRandomBitsCollected; - }, - - 'setNumberOfRandomBitsCollected': function(aValue) { - this._numberOfRandomBitsCollected = aValue; - }, + 'collectEntropy': function() { + var bytesToCollect; - //------------------------------------------------------------------------- + if (this.boostMode() == true) { + bytesToCollect = 8; + } else { + bytesToCollect = 32; + } - 'collectEntropy': function(anEvent) { -/* - var mouseLocation; - var randomBit; - - mouseLocation = anEvent.mouse().client; - - randomBit = ((mouseLocation.x ^ mouseLocation.y) & 0x1); - this.appendRandomBitToRandomBitsCollector(randomBit); -*/ - }, - - //------------------------------------------------------------------------- + var randomValuesArray = new Uint8Array(bytesToCollect); + this.browserCrypto().getRandomValues(randomValuesArray); + for (var i = 0; i < randomValuesArray.length; i++) { + this.updateGeneratorWithValue(randomValuesArray[i]); + } - 'numberOfRandomBits': function() { - return 1; + setTimeout(this.collectEntropy, this.intervalTime()); }, //------------------------------------------------------------------------- - - 'pollingFrequency': function() { - return 10; - }, - - //------------------------------------------------------------------------- __syntaxFix__: "syntax fix" }); //############################################################################# Clipperz.Crypto.PRNG.Fortuna = function(args) { var i,c; args = args || {}; this._key = args.seed || null; if (this._key == null) { @@ -598,61 +550,55 @@ MochiKit.Logging.logWarning("Fortuna generator has not enough entropy, yet!"); this.randomnessSources().push(aRandomnessSource); if (this.isReadyToGenerateRandomValues() == false) { aRandomnessSource.setBoostMode(true); } }, //------------------------------------------------------------------------- 'deferredEntropyCollection': function(aValue) { var result; -//MochiKit.Logging.logDebug(">>> PRNG.deferredEntropyCollection"); if (this.isReadyToGenerateRandomValues()) { -//MochiKit.Logging.logDebug("--- PRNG.deferredEntropyCollection - 1"); result = aValue; } else { -//MochiKit.Logging.logDebug("--- PRNG.deferredEntropyCollection - 2"); var deferredResult; Clipperz.NotificationCenter.notify(this, 'updatedProgressState', 'collectingEntropy', true); deferredResult = new MochiKit.Async.Deferred(); -// deferredResult.addBoth(function(res) {MochiKit.Logging.logDebug("1.2.1 - PRNG.deferredEntropyCollection - 1: " + res); return res;}); deferredResult.addCallback(MochiKit.Base.partial(MochiKit.Async.succeed, aValue)); -// deferredResult.addBoth(function(res) {MochiKit.Logging.logDebug("1.2.2 - PRNG.deferredEntropyCollection - 2: " + res); return res;}); MochiKit.Signal.connect(this, 'readyToGenerateRandomBytes', deferredResult, 'callback'); result = deferredResult; } -//MochiKit.Logging.logDebug("<<< PRNG.deferredEntropyCollection - result: " + result); return result; }, //------------------------------------------------------------------------- 'fastEntropyAccumulationForTestingPurpose': function() { while (! this.isReadyToGenerateRandomValues()) { this.addRandomByte(Math.floor(Math.random() * 32), Math.floor(Math.random() * 32), Math.floor(Math.random() * 256)); } }, //------------------------------------------------------------------------- - +/* 'dump': function(appendToDoc) { var tbl; var i,c; tbl = document.createElement("table"); tbl.border = 0; with (tbl.style) { border = "1px solid lightgrey"; fontFamily = 'Helvetica, Arial, sans-serif'; fontSize = '8pt'; //borderCollapse = "collapse"; } @@ -740,25 +686,25 @@ MochiKit.Logging.logWarning("Fortuna generator has not enough entropy, yet!"); padding = "10px"; } if (document.getElementById(ne.id)) { MochiKit.DOM.swapDOM(ne.id, ne); } else { document.body.appendChild(ne); } ne.appendChild(tbl); } return tbl; }, - +*/ //----------------------------------------------------------------------------- __syntaxFix__: "syntax fix" }); //############################################################################# Clipperz.Crypto.PRNG.Random = function(args) { args = args || {}; // MochiKit.Base.bindMethods(this); return this; } @@ -815,34 +761,44 @@ Clipperz.Crypto.PRNG.defaultRandomGenerator = function() { // MouseRandomnessSource // //............................................................. { var newRandomnessSource; newRandomnessSource = new Clipperz.Crypto.PRNG.MouseRandomnessSource(); _clipperz_crypt_prng_defaultPRNG.addRandomnessSource(newRandomnessSource); } //............................................................. // - // KeyboardRandomnessSource + // CryptoRandomRandomnessSource // //............................................................. { var newRandomnessSource; + var browserCrypto; - newRandomnessSource = new Clipperz.Crypto.PRNG.KeyboardRandomnessSource(); - _clipperz_crypt_prng_defaultPRNG.addRandomnessSource(newRandomnessSource); + if (window.crypto && window.crypto.getRandomValues) { + browserCrypto = window.crypto; + } else if (window.msCrypto && window.msCrypto.getRandomValues) { + browserCrypto = window.msCrypto; + } else { + browserCrypto = null; + } + + if (browserCrypto != null) { + newRandomnessSource = new Clipperz.Crypto.PRNG.CryptoRandomRandomnessSource({'browserCrypto':browserCrypto}); + _clipperz_crypt_prng_defaultPRNG.addRandomnessSource(newRandomnessSource); + } } - } return _clipperz_crypt_prng_defaultPRNG; }; //############################################################################# Clipperz.Crypto.PRNG.exception = { NotEnoughEntropy: new MochiKit.Base.NamedError("Clipperz.Crypto.PRNG.exception.NotEnoughEntropy") }; diff --git a/frontend/delta/js/Clipperz/Crypto/PRNG.js b/frontend/delta/js/Clipperz/Crypto/PRNG.js index c539f06..7885429 100644 --- a/frontend/delta/js/Clipperz/Crypto/PRNG.js +++ b/frontend/delta/js/Clipperz/Crypto/PRNG.js @@ -12,24 +12,26 @@ refer to http://www.clipperz.com. (at your option) any later version. * Clipperz is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. * You should have received a copy of the GNU Affero General Public License along with Clipperz. If not, see http://www.gnu.org/licenses/. */ +"use strict"; + try { if (typeof(Clipperz.ByteArray) == 'undefined') { throw ""; }} catch (e) { throw "Clipperz.Crypto.PRNG depends on Clipperz.ByteArray!"; } try { if (typeof(Clipperz.Crypto.SHA) == 'undefined') { throw ""; }} catch (e) { throw "Clipperz.Crypto.PRNG depends on Clipperz.Crypto.SHA!"; } try { if (typeof(Clipperz.Crypto.AES) == 'undefined') { throw ""; }} catch (e) { throw "Clipperz.Crypto.PRNG depends on Clipperz.Crypto.AES!"; } @@ -188,30 +190,24 @@ Clipperz.Crypto.PRNG.TimeRandomnessSource.prototype = MochiKit.Base.update(new C this.updateGeneratorWithValue(entropyByte); setTimeout(this.collectEntropy, intervalTime); }, //------------------------------------------------------------------------- 'numberOfRandomBits': function() { return 5; }, //------------------------------------------------------------------------- - - 'pollingFrequency': function() { - return 10; - }, - - //------------------------------------------------------------------------- __syntaxFix__: "syntax fix" }); //***************************************************************************** Clipperz.Crypto.PRNG.MouseRandomnessSource = function(args) { args = args || {}; Clipperz.Crypto.PRNG.RandomnessSource.call(this, args); this._numberOfBitsToCollectAtEachEvent = 4; this._randomBitsCollector = 0; @@ -236,30 +232,30 @@ Clipperz.Crypto.PRNG.MouseRandomnessSource.prototype = MochiKit.Base.update(new return this._randomBitsCollector; }, 'setRandomBitsCollector': function(aValue) { this._randomBitsCollector = aValue; }, 'appendRandomBitsToRandomBitsCollector': function(aValue) { var collectedBits; var numberOfRandomBitsCollected; numberOfRandomBitsCollected = this.numberOfRandomBitsCollected(); - collectetBits = this.randomBitsCollector() | (aValue << numberOfRandomBitsCollected); - this.setRandomBitsCollector(collectetBits); + collectedBits = this.randomBitsCollector() | (aValue << numberOfRandomBitsCollected); + this.setRandomBitsCollector(collectedBits); numberOfRandomBitsCollected += this.numberOfBitsToCollectAtEachEvent(); if (numberOfRandomBitsCollected == 8) { - this.updateGeneratorWithValue(collectetBits); + this.updateGeneratorWithValue(collectedBits); numberOfRandomBitsCollected = 0; this.setRandomBitsCollector(0); } this.setNumberOfRandomBitsCollected(numberOfRandomBitsCollected) }, //------------------------------------------------------------------------- 'numberOfRandomBitsCollected': function() { return this._numberOfRandomBitsCollected; }, @@ -280,114 +276,72 @@ Clipperz.Crypto.PRNG.MouseRandomnessSource.prototype = MochiKit.Base.update(new mouseLocation = anEvent.mouse().client; randomBit = ((mouseLocation.x ^ mouseLocation.y) & mask); this.appendRandomBitsToRandomBitsCollector(randomBit) }, //------------------------------------------------------------------------- 'numberOfRandomBits': function() { return 1; }, //------------------------------------------------------------------------- - - 'pollingFrequency': function() { - return 10; - }, - - //------------------------------------------------------------------------- __syntaxFix__: "syntax fix" }); //***************************************************************************** -Clipperz.Crypto.PRNG.KeyboardRandomnessSource = function(args) { +Clipperz.Crypto.PRNG.CryptoRandomRandomnessSource = function(args) { args = args || {}; - Clipperz.Crypto.PRNG.RandomnessSource.call(this, args); - this._randomBitsCollector = 0; - this._numberOfRandomBitsCollected = 0; + this._intervalTime = args.intervalTime || 1000; + this._browserCrypto = args.browserCrypto; - MochiKit.Signal.connect(document, 'onkeypress', this, 'collectEntropy'); + Clipperz.Crypto.PRNG.RandomnessSource.call(this, args); + this.collectEntropy(); return this; } -Clipperz.Crypto.PRNG.KeyboardRandomnessSource.prototype = MochiKit.Base.update(new Clipperz.Crypto.PRNG.RandomnessSource, { +Clipperz.Crypto.PRNG.CryptoRandomRandomnessSource.prototype = MochiKit.Base.update(new Clipperz.Crypto.PRNG.RandomnessSource, { - //------------------------------------------------------------------------- - - 'randomBitsCollector': function() { - return this._randomBitsCollector; - }, - - 'setRandomBitsCollector': function(aValue) { - this._randomBitsCollector = aValue; + 'intervalTime': function() { + return this._intervalTime; }, - - 'appendRandomBitToRandomBitsCollector': function(aValue) { - var collectedBits; - var numberOfRandomBitsCollected; - - numberOfRandomBitsCollected = this.numberOfRandomBitsCollected(); - collectetBits = this.randomBitsCollector() | (aValue << numberOfRandomBitsCollected); - this.setRandomBitsCollector(collectetBits); - numberOfRandomBitsCollected ++; - - if (numberOfRandomBitsCollected == 8) { - this.updateGeneratorWithValue(collectetBits); - numberOfRandomBitsCollected = 0; - this.setRandomBitsCollector(0); - } - - this.setNumberOfRandomBitsCollected(numberOfRandomBitsCollected) + + 'browserCrypto': function () { + return this._browserCrypto; }, //------------------------------------------------------------------------- - 'numberOfRandomBitsCollected': function() { - return this._numberOfRandomBitsCollected; - }, - - 'setNumberOfRandomBitsCollected': function(aValue) { - this._numberOfRandomBitsCollected = aValue; - }, + 'collectEntropy': function() { + var bytesToCollect; - //------------------------------------------------------------------------- + if (this.boostMode() == true) { + bytesToCollect = 8; + } else { + bytesToCollect = 32; + } - 'collectEntropy': function(anEvent) { -/* - var mouseLocation; - var randomBit; - - mouseLocation = anEvent.mouse().client; - - randomBit = ((mouseLocation.x ^ mouseLocation.y) & 0x1); - this.appendRandomBitToRandomBitsCollector(randomBit); -*/ - }, - - //------------------------------------------------------------------------- + var randomValuesArray = new Uint8Array(bytesToCollect); + this.browserCrypto().getRandomValues(randomValuesArray); + for (var i = 0; i < randomValuesArray.length; i++) { + this.updateGeneratorWithValue(randomValuesArray[i]); + } - 'numberOfRandomBits': function() { - return 1; + setTimeout(this.collectEntropy, this.intervalTime()); }, //------------------------------------------------------------------------- - - 'pollingFrequency': function() { - return 10; - }, - - //------------------------------------------------------------------------- __syntaxFix__: "syntax fix" }); //############################################################################# Clipperz.Crypto.PRNG.Fortuna = function(args) { var i,c; args = args || {}; this._key = args.seed || null; if (this._key == null) { @@ -626,25 +580,25 @@ Clipperz.logWarning("Fortuna generator has not enough entropy, yet!"); return result; }, //------------------------------------------------------------------------- 'fastEntropyAccumulationForTestingPurpose': function() { while (! this.isReadyToGenerateRandomValues()) { this.addRandomByte(Math.floor(Math.random() * 32), Math.floor(Math.random() * 32), Math.floor(Math.random() * 256)); } }, //------------------------------------------------------------------------- - +/* 'dump': function(appendToDoc) { var tbl; var i,c; tbl = document.createElement("table"); tbl.border = 0; with (tbl.style) { border = "1px solid lightgrey"; fontFamily = 'Helvetica, Arial, sans-serif'; fontSize = '8pt'; //borderCollapse = "collapse"; } @@ -732,25 +686,25 @@ Clipperz.logWarning("Fortuna generator has not enough entropy, yet!"); padding = "10px"; } if (document.getElementById(ne.id)) { MochiKit.DOM.swapDOM(ne.id, ne); } else { document.body.appendChild(ne); } ne.appendChild(tbl); } return tbl; }, - +*/ //----------------------------------------------------------------------------- __syntaxFix__: "syntax fix" }); //############################################################################# Clipperz.Crypto.PRNG.Random = function(args) { args = args || {}; // MochiKit.Base.bindMethods(this); return this; } @@ -775,25 +729,25 @@ Clipperz.Crypto.PRNG.Random.prototype = MochiKit.Base.update(null, { } //Clipperz.Profile.stop("Clipperz.Crypto.PRNG.Random.getRandomBytes"); return result; }, //------------------------------------------------------------------------- __syntaxFix__: "syntax fix" }); //############################################################################# -_clipperz_crypt_prng_defaultPRNG = null; +var _clipperz_crypt_prng_defaultPRNG = null; Clipperz.Crypto.PRNG.defaultRandomGenerator = function() { if (_clipperz_crypt_prng_defaultPRNG == null) { _clipperz_crypt_prng_defaultPRNG = new Clipperz.Crypto.PRNG.Fortuna(); //............................................................. // // TimeRandomnessSource // //............................................................. { var newRandomnessSource; @@ -807,34 +761,44 @@ Clipperz.Crypto.PRNG.defaultRandomGenerator = function() { // MouseRandomnessSource // //............................................................. { var newRandomnessSource; newRandomnessSource = new Clipperz.Crypto.PRNG.MouseRandomnessSource(); _clipperz_crypt_prng_defaultPRNG.addRandomnessSource(newRandomnessSource); } //............................................................. // - // KeyboardRandomnessSource + // CryptoRandomRandomnessSource // //............................................................. { var newRandomnessSource; + var browserCrypto; - newRandomnessSource = new Clipperz.Crypto.PRNG.KeyboardRandomnessSource(); - _clipperz_crypt_prng_defaultPRNG.addRandomnessSource(newRandomnessSource); + if (window.crypto && window.crypto.getRandomValues) { + browserCrypto = window.crypto; + } else if (window.msCrypto && window.msCrypto.getRandomValues) { + browserCrypto = window.msCrypto; + } else { + browserCrypto = null; + } + + if (browserCrypto != null) { + newRandomnessSource = new Clipperz.Crypto.PRNG.CryptoRandomRandomnessSource({'browserCrypto':browserCrypto}); + _clipperz_crypt_prng_defaultPRNG.addRandomnessSource(newRandomnessSource); + } } - } return _clipperz_crypt_prng_defaultPRNG; }; //############################################################################# Clipperz.Crypto.PRNG.exception = { NotEnoughEntropy: new MochiKit.Base.NamedError("Clipperz.Crypto.PRNG.exception.NotEnoughEntropy") }; diff --git a/frontend/gamma/js/Clipperz/Crypto/PRNG.js b/frontend/gamma/js/Clipperz/Crypto/PRNG.js index c539f06..7885429 100644 --- a/frontend/gamma/js/Clipperz/Crypto/PRNG.js +++ b/frontend/gamma/js/Clipperz/Crypto/PRNG.js @@ -12,24 +12,26 @@ refer to http://www.clipperz.com. (at your option) any later version. * Clipperz is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. * You should have received a copy of the GNU Affero General Public License along with Clipperz. If not, see http://www.gnu.org/licenses/. */ +"use strict"; + try { if (typeof(Clipperz.ByteArray) == 'undefined') { throw ""; }} catch (e) { throw "Clipperz.Crypto.PRNG depends on Clipperz.ByteArray!"; } try { if (typeof(Clipperz.Crypto.SHA) == 'undefined') { throw ""; }} catch (e) { throw "Clipperz.Crypto.PRNG depends on Clipperz.Crypto.SHA!"; } try { if (typeof(Clipperz.Crypto.AES) == 'undefined') { throw ""; }} catch (e) { throw "Clipperz.Crypto.PRNG depends on Clipperz.Crypto.AES!"; } @@ -188,30 +190,24 @@ Clipperz.Crypto.PRNG.TimeRandomnessSource.prototype = MochiKit.Base.update(new C this.updateGeneratorWithValue(entropyByte); setTimeout(this.collectEntropy, intervalTime); }, //------------------------------------------------------------------------- 'numberOfRandomBits': function() { return 5; }, //------------------------------------------------------------------------- - - 'pollingFrequency': function() { - return 10; - }, - - //------------------------------------------------------------------------- __syntaxFix__: "syntax fix" }); //***************************************************************************** Clipperz.Crypto.PRNG.MouseRandomnessSource = function(args) { args = args || {}; Clipperz.Crypto.PRNG.RandomnessSource.call(this, args); this._numberOfBitsToCollectAtEachEvent = 4; this._randomBitsCollector = 0; @@ -236,30 +232,30 @@ Clipperz.Crypto.PRNG.MouseRandomnessSource.prototype = MochiKit.Base.update(new return this._randomBitsCollector; }, 'setRandomBitsCollector': function(aValue) { this._randomBitsCollector = aValue; }, 'appendRandomBitsToRandomBitsCollector': function(aValue) { var collectedBits; var numberOfRandomBitsCollected; numberOfRandomBitsCollected = this.numberOfRandomBitsCollected(); - collectetBits = this.randomBitsCollector() | (aValue << numberOfRandomBitsCollected); - this.setRandomBitsCollector(collectetBits); + collectedBits = this.randomBitsCollector() | (aValue << numberOfRandomBitsCollected); + this.setRandomBitsCollector(collectedBits); numberOfRandomBitsCollected += this.numberOfBitsToCollectAtEachEvent(); if (numberOfRandomBitsCollected == 8) { - this.updateGeneratorWithValue(collectetBits); + this.updateGeneratorWithValue(collectedBits); numberOfRandomBitsCollected = 0; this.setRandomBitsCollector(0); } this.setNumberOfRandomBitsCollected(numberOfRandomBitsCollected) }, //------------------------------------------------------------------------- 'numberOfRandomBitsCollected': function() { return this._numberOfRandomBitsCollected; }, @@ -280,114 +276,72 @@ Clipperz.Crypto.PRNG.MouseRandomnessSource.prototype = MochiKit.Base.update(new mouseLocation = anEvent.mouse().client; randomBit = ((mouseLocation.x ^ mouseLocation.y) & mask); this.appendRandomBitsToRandomBitsCollector(randomBit) }, //------------------------------------------------------------------------- 'numberOfRandomBits': function() { return 1; }, //------------------------------------------------------------------------- - - 'pollingFrequency': function() { - return 10; - }, - - //------------------------------------------------------------------------- __syntaxFix__: "syntax fix" }); //***************************************************************************** -Clipperz.Crypto.PRNG.KeyboardRandomnessSource = function(args) { +Clipperz.Crypto.PRNG.CryptoRandomRandomnessSource = function(args) { args = args || {}; - Clipperz.Crypto.PRNG.RandomnessSource.call(this, args); - this._randomBitsCollector = 0; - this._numberOfRandomBitsCollected = 0; + this._intervalTime = args.intervalTime || 1000; + this._browserCrypto = args.browserCrypto; - MochiKit.Signal.connect(document, 'onkeypress', this, 'collectEntropy'); + Clipperz.Crypto.PRNG.RandomnessSource.call(this, args); + this.collectEntropy(); return this; } -Clipperz.Crypto.PRNG.KeyboardRandomnessSource.prototype = MochiKit.Base.update(new Clipperz.Crypto.PRNG.RandomnessSource, { +Clipperz.Crypto.PRNG.CryptoRandomRandomnessSource.prototype = MochiKit.Base.update(new Clipperz.Crypto.PRNG.RandomnessSource, { - //------------------------------------------------------------------------- - - 'randomBitsCollector': function() { - return this._randomBitsCollector; - }, - - 'setRandomBitsCollector': function(aValue) { - this._randomBitsCollector = aValue; + 'intervalTime': function() { + return this._intervalTime; }, - - 'appendRandomBitToRandomBitsCollector': function(aValue) { - var collectedBits; - var numberOfRandomBitsCollected; - - numberOfRandomBitsCollected = this.numberOfRandomBitsCollected(); - collectetBits = this.randomBitsCollector() | (aValue << numberOfRandomBitsCollected); - this.setRandomBitsCollector(collectetBits); - numberOfRandomBitsCollected ++; - - if (numberOfRandomBitsCollected == 8) { - this.updateGeneratorWithValue(collectetBits); - numberOfRandomBitsCollected = 0; - this.setRandomBitsCollector(0); - } - - this.setNumberOfRandomBitsCollected(numberOfRandomBitsCollected) + + 'browserCrypto': function () { + return this._browserCrypto; }, //------------------------------------------------------------------------- - 'numberOfRandomBitsCollected': function() { - return this._numberOfRandomBitsCollected; - }, - - 'setNumberOfRandomBitsCollected': function(aValue) { - this._numberOfRandomBitsCollected = aValue; - }, + 'collectEntropy': function() { + var bytesToCollect; - //------------------------------------------------------------------------- + if (this.boostMode() == true) { + bytesToCollect = 8; + } else { + bytesToCollect = 32; + } - 'collectEntropy': function(anEvent) { -/* - var mouseLocation; - var randomBit; - - mouseLocation = anEvent.mouse().client; - - randomBit = ((mouseLocation.x ^ mouseLocation.y) & 0x1); - this.appendRandomBitToRandomBitsCollector(randomBit); -*/ - }, - - //------------------------------------------------------------------------- + var randomValuesArray = new Uint8Array(bytesToCollect); + this.browserCrypto().getRandomValues(randomValuesArray); + for (var i = 0; i < randomValuesArray.length; i++) { + this.updateGeneratorWithValue(randomValuesArray[i]); + } - 'numberOfRandomBits': function() { - return 1; + setTimeout(this.collectEntropy, this.intervalTime()); }, //------------------------------------------------------------------------- - - 'pollingFrequency': function() { - return 10; - }, - - //------------------------------------------------------------------------- __syntaxFix__: "syntax fix" }); //############################################################################# Clipperz.Crypto.PRNG.Fortuna = function(args) { var i,c; args = args || {}; this._key = args.seed || null; if (this._key == null) { @@ -626,25 +580,25 @@ Clipperz.logWarning("Fortuna generator has not enough entropy, yet!"); return result; }, //------------------------------------------------------------------------- 'fastEntropyAccumulationForTestingPurpose': function() { while (! this.isReadyToGenerateRandomValues()) { this.addRandomByte(Math.floor(Math.random() * 32), Math.floor(Math.random() * 32), Math.floor(Math.random() * 256)); } }, //------------------------------------------------------------------------- - +/* 'dump': function(appendToDoc) { var tbl; var i,c; tbl = document.createElement("table"); tbl.border = 0; with (tbl.style) { border = "1px solid lightgrey"; fontFamily = 'Helvetica, Arial, sans-serif'; fontSize = '8pt'; //borderCollapse = "collapse"; } @@ -732,25 +686,25 @@ Clipperz.logWarning("Fortuna generator has not enough entropy, yet!"); padding = "10px"; } if (document.getElementById(ne.id)) { MochiKit.DOM.swapDOM(ne.id, ne); } else { document.body.appendChild(ne); } ne.appendChild(tbl); } return tbl; }, - +*/ //----------------------------------------------------------------------------- __syntaxFix__: "syntax fix" }); //############################################################################# Clipperz.Crypto.PRNG.Random = function(args) { args = args || {}; // MochiKit.Base.bindMethods(this); return this; } @@ -775,25 +729,25 @@ Clipperz.Crypto.PRNG.Random.prototype = MochiKit.Base.update(null, { } //Clipperz.Profile.stop("Clipperz.Crypto.PRNG.Random.getRandomBytes"); return result; }, //------------------------------------------------------------------------- __syntaxFix__: "syntax fix" }); //############################################################################# -_clipperz_crypt_prng_defaultPRNG = null; +var _clipperz_crypt_prng_defaultPRNG = null; Clipperz.Crypto.PRNG.defaultRandomGenerator = function() { if (_clipperz_crypt_prng_defaultPRNG == null) { _clipperz_crypt_prng_defaultPRNG = new Clipperz.Crypto.PRNG.Fortuna(); //............................................................. // // TimeRandomnessSource // //............................................................. { var newRandomnessSource; @@ -807,34 +761,44 @@ Clipperz.Crypto.PRNG.defaultRandomGenerator = function() { // MouseRandomnessSource // //............................................................. { var newRandomnessSource; newRandomnessSource = new Clipperz.Crypto.PRNG.MouseRandomnessSource(); _clipperz_crypt_prng_defaultPRNG.addRandomnessSource(newRandomnessSource); } //............................................................. // - // KeyboardRandomnessSource + // CryptoRandomRandomnessSource // //............................................................. { var newRandomnessSource; + var browserCrypto; - newRandomnessSource = new Clipperz.Crypto.PRNG.KeyboardRandomnessSource(); - _clipperz_crypt_prng_defaultPRNG.addRandomnessSource(newRandomnessSource); + if (window.crypto && window.crypto.getRandomValues) { + browserCrypto = window.crypto; + } else if (window.msCrypto && window.msCrypto.getRandomValues) { + browserCrypto = window.msCrypto; + } else { + browserCrypto = null; + } + + if (browserCrypto != null) { + newRandomnessSource = new Clipperz.Crypto.PRNG.CryptoRandomRandomnessSource({'browserCrypto':browserCrypto}); + _clipperz_crypt_prng_defaultPRNG.addRandomnessSource(newRandomnessSource); + } } - } return _clipperz_crypt_prng_defaultPRNG; }; //############################################################################# Clipperz.Crypto.PRNG.exception = { NotEnoughEntropy: new MochiKit.Base.NamedError("Clipperz.Crypto.PRNG.exception.NotEnoughEntropy") }; |