Skip to content

[WIP] Easy User-land CSPRNG #1119

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
SammyK wants to merge 23 commits into from
Closed

[WIP] Easy User-land CSPRNG #1119

Changes from 1 commit
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
f8d7aec
Got initial API added
SammyK Feb 13, 2015
26e4ed2
Got mostly working. I think Hex is broken. Need to add int.
SammyK Feb 13, 2015
3c5fcac
Updated to use zend_string but getting memory leaks. Doh!
SammyK Feb 20, 2015
e96b077
Got random_bytes() working again.
SammyK Feb 20, 2015
aa0ca69
Fix random_int() checking size of wrong var.
SammyK Feb 20, 2015
b32e0d0
Got random_int() seemingly working thanks to @ircmaxell
SammyK Feb 20, 2015
2c659ed
Make maximum argument to random_int() optional with default to INT_MAX.
SammyK Feb 20, 2015
a1e6229
Remove random_hex(). *sadface*
SammyK Feb 20, 2015
bbc9198
Detect presence of /dev/arandom
lt Feb 21, 2015
7a99db6
Tidy up `php_random_bytes` and add /dev/arandom
lt Feb 21, 2015
3d413ad
Ensure random_int() uses a uniform distribution
lt Feb 22, 2015
513d5c9
Allow full integer range from random_int()
lt Feb 24, 2015
77f99cc
Use arc4random where present
lt Feb 24, 2015
7ef5754
Merge pull request #1 from lt/rand-bytes
SammyK Feb 24, 2015
766ce0c
Add tests
SammyK Feb 24, 2015
99e36d6
Fix wording in error message. Add check for max value.
SammyK Feb 24, 2015
c6fc391
Fix return types on error. Avoid a warning on BSD systems.
SammyK Feb 25, 2015
ab02b7b
Add fd caching
lt Mar 4, 2015
fd0570b
Merge remote-tracking branch 'leigh/rand-bytes' into rand-bytes
SammyK Mar 13, 2015
7ae4917
Fixes based on PR feedback
lt Mar 27, 2015
a67e42f
Changes based on feedback
lt Apr 9, 2015
f8a6d38
Normalized the return value for errors & updated tests.
SammyK Apr 10, 2015
2990341
Fix merge conflicts
SammyK Apr 10, 2015
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Got mostly working. I think Hex is broken. Need to add int.
  • Loading branch information
@SammyK
SammyK committed Feb 13, 2015
commit 26e4ed2a215afe8f5d218c6886351e7bb17785d5
159 changes: 95 additions & 64 deletions ext/standard/random.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,108 +19,134 @@
/* $Id$ */

#include <stdlib.h>
#include <sys/stat.h>
#include <fcntl.h>

#include "php.h"

#if PHP_WIN32
# include "win32/winutil.h"
#endif

// Copy/pasted from string.c
static char hexconvtab[] = "0123456789abcdef";

// Copy/pasted from string.c
static zend_string *php_bin_to_hex(const unsigned char *old, const size_t oldlen)
static void php_bin_to_hex(char *old, const zend_long old_len, char *hex)
{
zend_string *result;
size_t i, j;
zend_long i, j;

result = zend_string_safe_alloc(oldlen, 2 * sizeof(char), 0, 0);

for (i = j = 0; i < oldlen; i++) {
result->val[j++] = hexconvtab[old[i] >> 4];
result->val[j++] = hexconvtab[old[i] & 15];
// @todo I don't think this is doing it right
for (i = j = 0; i < old_len; i++) {
hex[j++] = hexconvtab[old[i] >> 4];
hex[j++] = hexconvtab[old[i] & 15];
}
result->val[j] = '\0';

return result;
hex[j] = '\0';
}

static int *php_random_bytes(zend_string *bytes, size_t length)
// Copy/pasted from mcrypt.c
static int php_random_bytes(char *bytes, zend_long size)
{
FILE *fp;
int n = 0;
Copy link
Member

@nikic nikic Feb 24, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Better would be ssize_t.

Copy link
Member

@nikic nikic Feb 24, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The declaration should also be moved into the while loop, otherwise this will likely generate a warning on BSD systems with arc4random.


#ifdef PHP_WIN32
// @todo Need to add Windows support
fp = NULL;
#if PHP_WIN32
/* random/urandom equivalent on Windows */
BYTE *win_bytes = (BYTE *) bytes;
if (php_win32_get_random_bytes(win_bytes, (size_t) size) == FAILURE){
php_error_docref(NULL, E_WARNING, "Could not gather sufficient random data");
return FAILURE;
}
n = (int)size;
#else
fp = fopen("/dev/urandom" , "rb");
#endif
int fd;
size_t read_bytes = 0;

if (fp == NULL) {
php_error_docref(NULL, E_WARNING, "Unable to open /dev/urandom");
fd = open("/dev/urandom", O_RDONLY);
if (fd < 0) {
php_error_docref(NULL, E_WARNING, "Cannot open source device");
return FAILURE;
}

// @todo I think this has to be char & int!
if (fgets(bytes, 10, fp) == NULL) {
fclose(fp);
php_error_docref(NULL, E_WARNING, "Unable to read from /dev/urandom");
while (read_bytes < size) {
n = read(fd, bytes + read_bytes, size - read_bytes);
if (n < 0) {
break;
}
read_bytes += n;
}
n = read_bytes;
close(fd);
if (n < size) {
php_error_docref(NULL, E_WARNING, "Could not gather sufficient random data");
return FAILURE;
}
fclose(fp);
#endif

return bytes;
return SUCCESS;
}

/* {{{ proto string random_bytes(int bytes)
Return an arbitrary length of pseudo-random bytes as binary string */
PHP_FUNCTION(random_bytes)
{
size_t length;
zend_string *bytes;
zend_long size;
char *bytes;

int argc = ZEND_NUM_ARGS();
if (zend_parse_parameters(ZEND_NUM_ARGS(), "l", &size) == FAILURE) {
return;
}

if (argc != 0) {
if (zend_parse_parameters(argc, "l", &length) == FAILURE) {
return;
} else if (length <= 0) {
php_error_docref(NULL, E_WARNING, "length(" ZEND_LONG_FMT ") must be greater than 0", length);
RETURN_FALSE;
}
if (size <= 0 || size >= INT_MAX) {
php_error_docref(NULL, E_WARNING, "Cannot genrate a random string with a size of less than 1 or greater than %d", INT_MAX);
RETURN_FALSE;
}

if (php_random_bytes(bytes, length) == FAILURE) {
bytes = ecalloc(size + 1, 1);

if (php_random_bytes(bytes, size) == FAILURE) {
efree(bytes);
return;
Copy link
Member

@nikic nikic Feb 24, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably that should be RETURN_FALSE as well? Same in random_int.

Copy link
Contributor Author

@SammyK SammyK Feb 24, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice catch! I'll fix.

}

RETURN_STR(bytes);
RETVAL_STRINGL(bytes, size);

efree(bytes);
}
/* }}} */

/* {{{ proto string random_hex(int bytes)
Return an arbitrary length of pseudo-random bytes as hexadecimal string */
PHP_FUNCTION(random_hex)
{
size_t length;
zend_string *bytes;
zend_string *hex;

int argc = ZEND_NUM_ARGS();

if (argc != 0) {
if (zend_parse_parameters(argc, "l", &length) == FAILURE) {
return;
} else if (length <= 0) {
php_error_docref(NULL, E_WARNING, "length(" ZEND_LONG_FMT ") must be greater than 0", length);
RETURN_FALSE;
}
zend_long size;
char *bytes;
char *hex;

if (zend_parse_parameters(ZEND_NUM_ARGS(), "l", &size) == FAILURE) {
return;
}

if (php_random_bytes(bytes, length) == FAILURE) {
if (size <= 0 || size >= INT_MAX) {
php_error_docref(NULL, E_WARNING, "Cannot genrate a random string with a size of less than 1 or greater than %d", INT_MAX);
RETURN_FALSE;
}

// @todo should we half the size for hex? How for odd num of chars?
bytes = ecalloc(size + 1, 1);

if (php_random_bytes(bytes, size) == FAILURE) {
efree(bytes);
return;
}

hex = php_bin_to_hex(bytes, length);
int hex_size = size * 2;
hex = ecalloc(hex_size + 1, 1);
php_bin_to_hex(bytes, hex_size, hex);

RETVAL_STRINGL(hex, hex_size);

RETURN_STR(hex);
efree(bytes);
efree(hex);
}
/* }}} */

Expand All @@ -131,18 +157,23 @@ PHP_FUNCTION(random_int)
zend_long min;
zend_long max;
zend_long number;
int argc = ZEND_NUM_ARGS();

if (argc != 0) {
if (zend_parse_parameters(argc, "ll", &min, &max) == FAILURE) {
return;
} else if (max < min) {
php_error_docref(NULL, E_WARNING, "max(" ZEND_LONG_FMT ") is smaller than min(" ZEND_LONG_FMT ")", max, min);
RETURN_FALSE;
}

if (zend_parse_parameters(ZEND_NUM_ARGS(), "ll", &min, &max) == FAILURE) {
return;
}

if (min >= INT_MAX || max >= INT_MAX) {
php_error_docref(NULL, E_WARNING, "Cannot use range greater than %d", INT_MAX);
RETURN_FALSE;
}

if (max < min) {
php_error_docref(NULL, E_WARNING, "Max value (%d) is less than min value (%d)", max, min);
RETURN_FALSE;
}

number = min + max;
// @todo Insert bin-to-int stuff here
number = min + max * 100;

RETURN_LONG(number);
}
Expand Down