diff --git a/README.rst b/README.rst index 50c541b3..47e89647 100644 --- a/README.rst +++ b/README.rst @@ -480,13 +480,12 @@ Here is a brief set of guidelines: * When grabbing random entropy that is to be used for cryptographic purposes (i.e. for keys, tokens, etc.), - always ensure that the RNG is crypto-grade by calling - :code:`assert_crypto()` on the RNG. This will throw - an exception if the RNG is not crypto-grade: + always ensure that the RNG is crypto-grade by using + :code:`class StrongRandomAPI` as the RNG type: :: - void set_rng(RandomAPI::Ptr rng_arg) { - rng_arg->assert_crypto(); + StrongRandomAPI::Ptr rng; + void set_rng(StrongRandomAPI::Ptr rng_arg) { rng = std::move(rng_arg); } diff --git a/openvpn/applecrypto/ssl/sslctx.hpp b/openvpn/applecrypto/ssl/sslctx.hpp index 7eadc8ec..d718d29b 100644 --- a/openvpn/applecrypto/ssl/sslctx.hpp +++ b/openvpn/applecrypto/ssl/sslctx.hpp @@ -205,7 +205,7 @@ class AppleSSLContext : public SSLFactoryAPI return not_implemented("set_enable_renegotiation"); } - virtual void set_rng(const RandomAPI::Ptr &rng_arg) + virtual void set_rng(const StrongRandomAPI::Ptr &rng_arg) { return not_implemented("set_rng"); } diff --git a/openvpn/applecrypto/util/rand.hpp b/openvpn/applecrypto/util/rand.hpp index 7e0ef8ed..f8160060 100644 --- a/openvpn/applecrypto/util/rand.hpp +++ b/openvpn/applecrypto/util/rand.hpp @@ -31,7 +31,7 @@ #include namespace openvpn { -class AppleRandom : public RandomAPI +class AppleRandom : public StrongRandomAPI { public: OPENVPN_EXCEPTION(rand_error_apple); @@ -47,12 +47,6 @@ class AppleRandom : public RandomAPI return "AppleRandom"; } - // Return true if algorithm is crypto-strength - virtual bool is_crypto() const - { - return true; - } - // Fill buffer with random bytes virtual void rand_bytes(unsigned char *buf, size_t size) { diff --git a/openvpn/aws/awshttp.hpp b/openvpn/aws/awshttp.hpp index ff36ea3e..6a08e990 100644 --- a/openvpn/aws/awshttp.hpp +++ b/openvpn/aws/awshttp.hpp @@ -38,7 +38,7 @@ namespace AWS { class HTTPContext { public: - HTTPContext(RandomAPI::Ptr rng, + HTTPContext(StrongRandomAPI::Ptr rng, const int debug_level) : frame_(frame_init_simple(2048)), digest_factory_(new CryptoDigestFactory()), @@ -49,7 +49,7 @@ class HTTPContext } #ifdef VPN_BINDING_PROFILES - HTTPContext(RandomAPI::Ptr rng, + HTTPContext(StrongRandomAPI::Ptr rng, const int debug_level, const OptionList &opt) // for VPN binding profile : HTTPContext(rng, debug_level) @@ -84,7 +84,7 @@ class HTTPContext return *digest_factory_; } - RandomAPI *rng() const + StrongRandomAPI *rng() const { return rng_.get(); } @@ -120,7 +120,7 @@ class HTTPContext Frame::Ptr frame_; DigestFactory::Ptr digest_factory_; - RandomAPI::Ptr rng_; + StrongRandomAPI::Ptr rng_; WS::Client::Config::Ptr http_config_; #ifdef VPN_BINDING_PROFILES WS::ViaVPN::Ptr via_vpn_; diff --git a/openvpn/aws/awspc.hpp b/openvpn/aws/awspc.hpp index 572d0daa..9d650ff7 100644 --- a/openvpn/aws/awspc.hpp +++ b/openvpn/aws/awspc.hpp @@ -516,7 +516,6 @@ class PCQuery : public RC std::string nonce() const { unsigned char data[16]; - rng->assert_crypto(); rng->rand_fill(data); return render_hex(data, sizeof(data)); } @@ -598,7 +597,7 @@ class PCQuery : public RC } WS::ClientSet::Ptr cs; - RandomAPI::Ptr rng; + StrongRandomAPI::Ptr rng; Frame::Ptr frame; const bool lookup_product_code; const int debug_level; diff --git a/openvpn/client/cliopt.hpp b/openvpn/client/cliopt.hpp index fa9a8b70..7aef6a1c 100644 --- a/openvpn/client/cliopt.hpp +++ b/openvpn/client/cliopt.hpp @@ -1255,7 +1255,7 @@ class ClientOptions : public RC Client::ProtoConfig::Ptr cp(new Client::ProtoConfig()); cp->ssl_factory = cc->new_factory(); cp->relay_mode = relay_mode; - cp->dc.set_factory(new CryptoDCSelect(cp->ssl_factory->libctx(), frame, cli_stats, prng)); + cp->dc.set_factory(new CryptoDCSelect(cp->ssl_factory->libctx(), frame, cli_stats, rng)); cp->dc_deferred = true; // defer data channel setup until after options pull cp->tls_auth_factory.reset(new CryptoOvpnHMACFactory()); cp->tls_crypt_factory.reset(new CryptoTLSCryptFactory()); @@ -1388,7 +1388,7 @@ class ClientOptions : public RC ClientConfigParsed clientconf; Time now_; // current time - RandomAPI::Ptr rng; + StrongRandomAPI::Ptr rng; RandomAPI::Ptr prng; Frame::Ptr frame; Layer layer; diff --git a/openvpn/common/sess_id.hpp b/openvpn/common/sess_id.hpp index cdf0cc3d..b296ee79 100644 --- a/openvpn/common/sess_id.hpp +++ b/openvpn/common/sess_id.hpp @@ -55,10 +55,8 @@ class SessionIDType } // Create a random Session ID. - explicit SessionIDType(RandomAPI &rng, const bool allow_noncrypto_rng = false) + explicit SessionIDType(RandomAPI &rng) { - if (!allow_noncrypto_rng) - rng.assert_crypto(); rng.rand_bytes(u.data, sizeof(u.data)); } diff --git a/openvpn/crypto/crypto_chm.hpp b/openvpn/crypto/crypto_chm.hpp index e241d3f8..70ef0165 100644 --- a/openvpn/crypto/crypto_chm.hpp +++ b/openvpn/crypto/crypto_chm.hpp @@ -44,17 +44,17 @@ class CryptoCHM : public CryptoDCInstance const CryptoAlgs::Type digest_arg, const Frame::Ptr &frame_arg, const SessionStats::Ptr &stats_arg, - const RandomAPI::Ptr &prng_arg) + const StrongRandomAPI::Ptr &rng_arg) : cipher(cipher_arg), digest(digest_arg), frame(frame_arg), stats(stats_arg), - prng(prng_arg), + rng(rng_arg), libctx(libctx_arg) { encrypt_.frame = frame; decrypt_.frame = frame; - encrypt_.set_prng(prng); + encrypt_.set_rng(rng); } // Encrypt/Decrypt @@ -126,7 +126,7 @@ class CryptoCHM : public CryptoDCInstance CryptoAlgs::Type digest; Frame::Ptr frame; SessionStats::Ptr stats; - RandomAPI::Ptr prng; + StrongRandomAPI::Ptr rng; SSLLib::Ctx libctx; EncryptCHM encrypt_; @@ -146,13 +146,13 @@ class CryptoContextCHM : public CryptoDCContext const CryptoAlgs::KeyDerivation key_method, const Frame::Ptr &frame_arg, const SessionStats::Ptr &stats_arg, - const RandomAPI::Ptr &prng_arg) + const StrongRandomAPI::Ptr &rng_arg) : CryptoDCContext(key_method), cipher(CryptoAlgs::dc_cbc_cipher(cipher_arg)), digest(CryptoAlgs::dc_cbc_hash(digest_arg)), frame(frame_arg), stats(stats_arg), - prng(prng_arg), + rng(rng_arg), libctx(libctx_arg) { } @@ -167,7 +167,7 @@ class CryptoContextCHM : public CryptoDCContext CryptoAlgs::legal_dc_digest(digest), frame, stats, - prng); + rng); } // cipher/HMAC/key info @@ -194,7 +194,7 @@ class CryptoContextCHM : public CryptoDCContext CryptoAlgs::Type digest; Frame::Ptr frame; SessionStats::Ptr stats; - RandomAPI::Ptr prng; + StrongRandomAPI::Ptr rng; SSLLib::Ctx libctx; }; } // namespace openvpn diff --git a/openvpn/crypto/cryptodcsel.hpp b/openvpn/crypto/cryptodcsel.hpp index 1a7e3bbc..dc2d77ff 100644 --- a/openvpn/crypto/cryptodcsel.hpp +++ b/openvpn/crypto/cryptodcsel.hpp @@ -43,10 +43,10 @@ class CryptoDCSelect : public CryptoDCFactory CryptoDCSelect(SSLLib::Ctx libctx_arg, const Frame::Ptr &frame_arg, const SessionStats::Ptr &stats_arg, - const RandomAPI::Ptr &prng_arg) + const StrongRandomAPI::Ptr &rng_arg) : frame(frame_arg), stats(stats_arg), - prng(prng_arg), + rng(rng_arg), libctx(libctx_arg) { } @@ -57,7 +57,7 @@ class CryptoDCSelect : public CryptoDCFactory { const CryptoAlgs::Alg &alg = CryptoAlgs::get(cipher); if (alg.flags() & CryptoAlgs::CBC_HMAC) - return new CryptoContextCHM(libctx, cipher, digest, method, frame, stats, prng); + return new CryptoContextCHM(libctx, cipher, digest, method, frame, stats, rng); else if (alg.flags() & CryptoAlgs::AEAD) return new AEAD::CryptoContext(libctx, cipher, method, frame, stats); else @@ -67,7 +67,7 @@ class CryptoDCSelect : public CryptoDCFactory private: Frame::Ptr frame; SessionStats::Ptr stats; - RandomAPI::Ptr prng; + StrongRandomAPI::Ptr rng; SSLLib::Ctx libctx; }; diff --git a/openvpn/crypto/encrypt_chm.hpp b/openvpn/crypto/encrypt_chm.hpp index 7e5620db..3bb9677f 100644 --- a/openvpn/crypto/encrypt_chm.hpp +++ b/openvpn/crypto/encrypt_chm.hpp @@ -61,7 +61,7 @@ class EncryptCHM if (cipher_mode == CRYPTO_API::CipherContext::CIPH_CBC_MODE) { // in CBC mode, use an explicit, random IV - prng->rand_bytes(iv_buf, iv_length); + rng->rand_bytes(iv_buf, iv_length); // generate fresh outgoing packet ID and prepend to cleartext buffer pid_send.write_next(buf, true, now); @@ -102,10 +102,9 @@ class EncryptCHM } } - void set_prng(RandomAPI::Ptr prng_arg) + void set_rng(StrongRandomAPI::Ptr rng_arg) { - prng_arg->assert_crypto(); - prng = std::move(prng_arg); + rng = std::move(rng_arg); } Frame::Ptr frame; @@ -129,7 +128,7 @@ class EncryptCHM } BufferAllocated work; - RandomAPI::Ptr prng; + StrongRandomAPI::Ptr rng; }; } // namespace openvpn diff --git a/openvpn/crypto/static_key.hpp b/openvpn/crypto/static_key.hpp index 93a246b9..b8e995c9 100644 --- a/openvpn/crypto/static_key.hpp +++ b/openvpn/crypto/static_key.hpp @@ -80,9 +80,8 @@ class StaticKey return base64->encode(key_data_); } - void init_from_rng(RandomAPI &rng, const size_t key_size) + void init_from_rng(StrongRandomAPI &rng, const size_t key_size) { - rng.assert_crypto(); key_data_.init(key_size, key_t::DESTRUCT_ZERO); rng.rand_bytes(key_data_.data(), key_size); key_data_.set_size(key_size); diff --git a/openvpn/mbedtls/ssl/sslctx.hpp b/openvpn/mbedtls/ssl/sslctx.hpp index 275e484d..5b6cc324 100644 --- a/openvpn/mbedtls/ssl/sslctx.hpp +++ b/openvpn/mbedtls/ssl/sslctx.hpp @@ -445,9 +445,8 @@ class MbedTLSContext : public SSLFactoryAPI x509_track_config = std::move(x509_track_config_arg); } - virtual void set_rng(const RandomAPI::Ptr &rng_arg) + virtual void set_rng(const StrongRandomAPI::Ptr &rng_arg) { - rng_arg->assert_crypto(); rng = rng_arg; } @@ -643,7 +642,7 @@ class MbedTLSContext : public SSLFactoryAPI std::string tls_groups; X509Track::ConfigSet x509_track_config; bool local_cert_enabled; - RandomAPI::Ptr rng; // random data source + StrongRandomAPI::Ptr rng; // random data source }; // Represents an actual SSL session. diff --git a/openvpn/mbedtls/util/rand.hpp b/openvpn/mbedtls/util/rand.hpp index 77ec0756..b87a51b8 100644 --- a/openvpn/mbedtls/util/rand.hpp +++ b/openvpn/mbedtls/util/rand.hpp @@ -35,14 +35,14 @@ namespace openvpn { -class MbedTLSRandom : public RandomAPI +class MbedTLSRandom : public StrongRandomAPI { public: OPENVPN_EXCEPTION(rand_error_mbedtls); typedef RCPtr Ptr; - MbedTLSRandom(const bool prng, RandomAPI::Ptr entropy_source) + MbedTLSRandom(const bool prng, StrongRandomAPI::Ptr entropy_source) : entropy(std::move(entropy_source)) { // Init RNG context @@ -60,7 +60,7 @@ class MbedTLSRandom : public RandomAPI } MbedTLSRandom(const bool prng) - : MbedTLSRandom(prng, RandomAPI::Ptr()) + : MbedTLSRandom(prng, StrongRandomAPI::Ptr()) { } @@ -80,12 +80,6 @@ class MbedTLSRandom : public RandomAPI return n; } - // Return true if algorithm is crypto-strength - virtual bool is_crypto() const - { - return true; - } - // Fill buffer with random bytes virtual void rand_bytes(unsigned char *buf, size_t size) { diff --git a/openvpn/openssl/ssl/sslctx.hpp b/openvpn/openssl/ssl/sslctx.hpp index 256fb58a..37fc7c9a 100644 --- a/openvpn/openssl/ssl/sslctx.hpp +++ b/openvpn/openssl/ssl/sslctx.hpp @@ -346,11 +346,9 @@ class OpenSSLContext : public SSLFactoryAPI x509_track_config = std::move(x509_track_config_arg); } - void set_rng(const RandomAPI::Ptr &rng_arg) override + void set_rng(const StrongRandomAPI::Ptr &rng_arg) override { - // Not implemented (other than assert_crypto check) - // because OpenSSL is hardcoded to use its own RNG. - rng_arg->assert_crypto(); + // Not implemented because OpenSSL is hardcoded to use its own RNG. } std::string validate_cert(const std::string &cert_txt) const override diff --git a/openvpn/openssl/util/rand.hpp b/openvpn/openssl/util/rand.hpp index 481abd57..8c5bbdd6 100644 --- a/openvpn/openssl/util/rand.hpp +++ b/openvpn/openssl/util/rand.hpp @@ -32,7 +32,7 @@ #include namespace openvpn { -class OpenSSLRandom : public RandomAPI +class OpenSSLRandom : public StrongRandomAPI { public: OPENVPN_EXCEPTION(rand_error_openssl); @@ -48,12 +48,6 @@ class OpenSSLRandom : public RandomAPI return "OpenSSLRandom"; } - // Return true if algorithm is crypto-strength - virtual bool is_crypto() const - { - return true; - } - // Fill buffer with random bytes virtual void rand_bytes(unsigned char *buf, size_t size) { diff --git a/openvpn/openssl/util/tokenencrypt.hpp b/openvpn/openssl/util/tokenencrypt.hpp index f48dd4a8..4ea2d8ed 100644 --- a/openvpn/openssl/util/tokenencrypt.hpp +++ b/openvpn/openssl/util/tokenencrypt.hpp @@ -46,9 +46,8 @@ class TokenEncrypt public: static constexpr size_t SIZE = 16; - Key(RandomAPI &rng) + Key(StrongRandomAPI &rng) { - rng.assert_crypto(); rng.rand_bytes(data, sizeof(data)); } diff --git a/openvpn/proxy/ntlm.hpp b/openvpn/proxy/ntlm.hpp index 45d58595..f6c95b7a 100644 --- a/openvpn/proxy/ntlm.hpp +++ b/openvpn/proxy/ntlm.hpp @@ -61,7 +61,7 @@ class NTLM const std::string &phase_2_response, const std::string &dom_username, const std::string &password, - RandomAPI &rng) + StrongRandomAPI &rng) { // sanity checks if (dom_username.empty()) @@ -72,9 +72,6 @@ class NTLM if (phase_2_response.size() < 32) throw Exception("phase2 response from server too short (" + std::to_string(phase_2_response.size()) + ")"); - // ensure that RNG is crypto-strength - rng.assert_crypto(); - // split domain\username std::string domain; std::string username; diff --git a/openvpn/random/devurand.hpp b/openvpn/random/devurand.hpp index 6d6d840f..5cca458d 100644 --- a/openvpn/random/devurand.hpp +++ b/openvpn/random/devurand.hpp @@ -33,7 +33,7 @@ namespace openvpn { -class DevURand : public RandomAPI +class DevURand : public StrongRandomAPI { public: OPENVPN_EXCEPTION(dev_urand_error); @@ -53,12 +53,6 @@ class DevURand : public RandomAPI return "DevURand"; } - // Return true if algorithm is crypto-strength - virtual bool is_crypto() const - { - return true; - } - // Fill buffer with random bytes virtual void rand_bytes(unsigned char *buf, size_t size) { diff --git a/openvpn/random/mtrandapi.hpp b/openvpn/random/mtrandapi.hpp index ab65ebc7..725bbd29 100644 --- a/openvpn/random/mtrandapi.hpp +++ b/openvpn/random/mtrandapi.hpp @@ -32,7 +32,7 @@ namespace openvpn { -class MTRand : public RandomAPI +class MTRand : public WeakRandomAPI { public: OPENVPN_EXCEPTION(mtrand_error); @@ -61,12 +61,6 @@ class MTRand : public RandomAPI return "MTRand"; } - // Return true if algorithm is crypto-strength - virtual bool is_crypto() const - { - return false; - } - // Fill buffer with random bytes virtual void rand_bytes(unsigned char *buf, size_t size) { diff --git a/openvpn/random/rand2.hpp b/openvpn/random/rand2.hpp index 67025063..0eb183a6 100644 --- a/openvpn/random/rand2.hpp +++ b/openvpn/random/rand2.hpp @@ -27,24 +27,21 @@ namespace openvpn { -// By convention, rng is crypto-strength while prng is -// not. Be sure to always call RandomAPI::assert_crypto() -// before using an rng for crypto purposes, to verify that -// it is crypto-capable. +// By convention, rng is crypto-strength while prng is not. struct Rand2 { Rand2() { } - Rand2(RandomAPI::Ptr rng_arg, + Rand2(StrongRandomAPI::Ptr rng_arg, RandomAPI::Ptr prng_arg) : rng(std::move(rng_arg)), prng(std::move(prng_arg)) { } - Rand2(RandomAPI::Ptr rng_arg) + Rand2(StrongRandomAPI::Ptr rng_arg) : rng(rng_arg), prng(rng_arg) { @@ -55,7 +52,7 @@ struct Rand2 return rng && prng; } - RandomAPI::Ptr rng; + StrongRandomAPI::Ptr rng; RandomAPI::Ptr prng; }; diff --git a/openvpn/random/randapi.hpp b/openvpn/random/randapi.hpp index ebe97a58..e111dcf4 100644 --- a/openvpn/random/randapi.hpp +++ b/openvpn/random/randapi.hpp @@ -136,15 +136,6 @@ class RandomAPI : public RC return bool(randbyte() & 1); } - // Throw an exception if algorithm is not crypto-strength. - // Be sure to always call this method before using an rng - // for crypto purposes. - void assert_crypto() const - { - if (!is_crypto()) - throw Exception("RandomAPI: " + name() + " algorithm is not crypto-strength"); - } - // UniformRandomBitGenerator for std::shuffle typedef unsigned int result_type; static constexpr result_type min() @@ -159,6 +150,33 @@ class RandomAPI : public RC { return rand_get(); } + + private: + friend class StrongRandomAPI; + friend class WeakRandomAPI; + RandomAPI() = default; +}; + +class StrongRandomAPI : public RandomAPI +{ + bool is_crypto() const final override + { + return true; + } + + public: + typedef RCPtr Ptr; +}; + +class WeakRandomAPI : public RandomAPI +{ + bool is_crypto() const final override + { + return false; + } + + public: + typedef RCPtr Ptr; }; } // namespace openvpn diff --git a/openvpn/ssl/proto.hpp b/openvpn/ssl/proto.hpp index a71f5997..22d0f08e 100644 --- a/openvpn/ssl/proto.hpp +++ b/openvpn/ssl/proto.hpp @@ -307,7 +307,7 @@ class ProtoContext // Random number generator. // Use-cases demand highest cryptographic strength // such as key generation. - RandomAPI::Ptr rng; + StrongRandomAPI::Ptr rng; // Pseudo-random number generator. // Use-cases demand cryptographic strength @@ -3768,7 +3768,7 @@ class ProtoContext if (cookie_psid.defined()) psid_self = cookie_psid; else - psid_self.randomize(*c.prng); + psid_self.randomize(*c.rng); psid_peer.reset(); // initialize key contexts diff --git a/openvpn/ssl/psid.hpp b/openvpn/ssl/psid.hpp index 678f37c6..7df949f9 100644 --- a/openvpn/ssl/psid.hpp +++ b/openvpn/ssl/psid.hpp @@ -59,11 +59,9 @@ class ProtoSessionID defined_ = true; } - template - void randomize(PRNG_TYPE &prng) + void randomize(StrongRandomAPI &rng) { - prng.assert_crypto(); - prng.rand_bytes(id_, SIZE); + rng.rand_bytes(id_, SIZE); defined_ = true; } diff --git a/openvpn/ssl/psid_cookie_impl.hpp b/openvpn/ssl/psid_cookie_impl.hpp index 9a3fb990..99496978 100644 --- a/openvpn/ssl/psid_cookie_impl.hpp +++ b/openvpn/ssl/psid_cookie_impl.hpp @@ -264,7 +264,7 @@ class PsidCookieImpl : public PsidCookie // key must be common to all threads static StaticKey create_key() { - RandomAPI::Ptr rng(new SSLLib::RandomAPI(false)); + StrongRandomAPI::Ptr rng(new SSLLib::RandomAPI(false)); const CryptoAlgs::Alg &alg = CryptoAlgs::get(digest_); // guarantee that the key is large enough diff --git a/openvpn/ssl/sess_ticket.hpp b/openvpn/ssl/sess_ticket.hpp index 8a995d99..f2c7502d 100644 --- a/openvpn/ssl/sess_ticket.hpp +++ b/openvpn/ssl/sess_ticket.hpp @@ -130,9 +130,8 @@ class TLSSessionTicketBase static constexpr size_t CIPHER_KEY_SIZE = 32; static constexpr size_t HMAC_KEY_SIZE = 16; - explicit Key(RandomAPI &rng) + explicit Key(StrongRandomAPI &rng) { - rng.assert_crypto(); rng.rand_bytes(cipher_value_, CIPHER_KEY_SIZE); rng.rand_bytes(hmac_value_, HMAC_KEY_SIZE); } diff --git a/openvpn/ssl/sslapi.hpp b/openvpn/ssl/sslapi.hpp index 3cc151a0..4ee86fc0 100644 --- a/openvpn/ssl/sslapi.hpp +++ b/openvpn/ssl/sslapi.hpp @@ -180,7 +180,7 @@ class SSLConfigAPI : public RC virtual void set_tls_cert_profile_override(const std::string &override) = 0; virtual void set_local_cert_enabled(const bool v) = 0; virtual void set_x509_track(X509Track::ConfigSet x509_track_config_arg) = 0; - virtual void set_rng(const RandomAPI::Ptr &rng_arg) = 0; + virtual void set_rng(const StrongRandomAPI::Ptr &rng_arg) = 0; virtual void load(const OptionList &opt, const unsigned int lflags) = 0; #ifdef OPENVPN_JSON_INTERNAL diff --git a/openvpn/ssl/tlsprf.hpp b/openvpn/ssl/tlsprf.hpp index 368e2e7c..4cb39fdb 100644 --- a/openvpn/ssl/tlsprf.hpp +++ b/openvpn/ssl/tlsprf.hpp @@ -55,9 +55,8 @@ class TLSPRF { } - void randomize(RandomAPI &rng) + void randomize(StrongRandomAPI &rng) { - rng.assert_crypto(); if (!server_) rng.rand_bytes(pre_master, sizeof(pre_master)); rng.rand_bytes(random1, sizeof(random1)); @@ -234,7 +233,7 @@ class TLSPRFInstance : public RC public: typedef RCPtr Ptr; - virtual void self_randomize(RandomAPI &rng) = 0; + virtual void self_randomize(StrongRandomAPI &rng) = 0; virtual void self_write(Buffer &buf) = 0; virtual void peer_read(Buffer &buf) = 0; virtual bool peer_read_complete(BufferComplete &bc) = 0; @@ -267,7 +266,7 @@ class CryptoTLSPRFInstance : public TLSPRFInstance { } - virtual void self_randomize(RandomAPI &rng) + virtual void self_randomize(StrongRandomAPI &rng) { self.randomize(rng); } diff --git a/openvpn/transport/altproxy.hpp b/openvpn/transport/altproxy.hpp index 638ebb6a..a7a27f3c 100644 --- a/openvpn/transport/altproxy.hpp +++ b/openvpn/transport/altproxy.hpp @@ -46,7 +46,7 @@ struct AltProxy : public RC Frame::Ptr frame; SessionStats::Ptr stats; - RandomAPI::Ptr rng; + StrongRandomAPI::Ptr rng; DigestFactory::Ptr digest_factory; SocketProtect *socket_protect; diff --git a/openvpn/transport/client/httpcli.hpp b/openvpn/transport/client/httpcli.hpp index ccd04850..3ab11454 100644 --- a/openvpn/transport/client/httpcli.hpp +++ b/openvpn/transport/client/httpcli.hpp @@ -219,7 +219,7 @@ class ClientConfig : public TransportClientFactory Options::Ptr http_proxy_options; - RandomAPI::Ptr rng; // random data source + StrongRandomAPI::Ptr rng; // random data source DigestFactory::Ptr digest_factory; // needed by proxy auth methods @@ -733,7 +733,6 @@ class Client : public TransportClient, AsyncResolvableTCP // generate a client nonce unsigned char cnonce_raw[8]; - config->rng->assert_crypto(); config->rng->rand_bytes(cnonce_raw, sizeof(cnonce_raw)); const std::string cnonce = render_hex(cnonce_raw, sizeof(cnonce_raw)); diff --git a/openvpn/ws/websocket.hpp b/openvpn/ws/websocket.hpp index 17f20834..2b716e7c 100644 --- a/openvpn/ws/websocket.hpp +++ b/openvpn/ws/websocket.hpp @@ -197,11 +197,9 @@ class Status class Sender { public: - Sender(RandomAPI::Ptr cli_rng_arg) // only provide rng on client side + Sender(StrongRandomAPI::Ptr cli_rng_arg) // only provide rng on client side : cli_rng(std::move(cli_rng_arg)) { - if (cli_rng) - cli_rng->assert_crypto(); } void frame(Buffer &buf, const Status &s) const @@ -254,7 +252,7 @@ class Sender buf.prepend(&len8, sizeof(len8)); } - RandomAPI::Ptr cli_rng; + StrongRandomAPI::Ptr cli_rng; }; class Receiver @@ -434,7 +432,7 @@ struct Config : public RC std::string origin; std::string protocol; - RandomAPI::Ptr rng; + StrongRandomAPI::Ptr rng; DigestFactory::Ptr digest_factory; // compression @@ -483,7 +481,6 @@ class PerRequest : public RC { if (!conf) throw websocket_error("no config"); - conf->rng->assert_crypto(); if (!conf->digest_factory) throw websocket_error("no digest factory in config"); return conf; @@ -521,7 +518,7 @@ class PerRequest : public RC PerRequest(Config::Ptr conf_arg) : conf(validate_conf(std::move(conf_arg))), - sender(RandomAPI::Ptr()), + sender(StrongRandomAPI::Ptr()), receiver(false) { } diff --git a/test/ovpncli/cli.cpp b/test/ovpncli/cli.cpp index 148a177d..3fc182a9 100644 --- a/test/ovpncli/cli.cpp +++ b/test/ovpncli/cli.cpp @@ -658,7 +658,6 @@ class Client : public ClientBase if (!self->rng) { self->rng.reset(new SSLLib::RandomAPI(false)); - self->rng->assert_crypto(); } return self->rng->rand_bytes_noexcept(data, len) ? 0 : -1; // using -1 as a general-purpose mbed TLS error code } @@ -708,7 +707,7 @@ class Client : public ClientBase std::mutex log_mutex; std::string dc_cookie; - RandomAPI::Ptr rng; // random data source for epki + StrongRandomAPI::Ptr rng; // random data source for epki volatile ClockTickAction clock_tick_action = CT_UNDEF; #ifdef OPENVPN_REMOTE_OVERRIDE diff --git a/test/unittests/test_helper.hpp b/test/unittests/test_helper.hpp index c70bba8c..92c0a0e0 100644 --- a/test/unittests/test_helper.hpp +++ b/test/unittests/test_helper.hpp @@ -339,7 +339,7 @@ class FakeAsyncResolvable : public RESOLVABLE * its maximum range is [0x03020100, 0xfffefdfc]. Especially the lower * bound makes the std::shuffle implementation in libc++ loop endlessly. */ -class FakeSecureRand : public openvpn::RandomAPI +class FakeSecureRand : public openvpn::StrongRandomAPI { public: FakeSecureRand(const unsigned char initial = 0) @@ -352,11 +352,6 @@ class FakeSecureRand : public openvpn::RandomAPI return "FakeRNG"; } - virtual bool is_crypto() const override - { - return true; - } - virtual void rand_bytes(unsigned char *buf, size_t size) override { rand_bytes_(buf, size); diff --git a/test/unittests/test_psid_cookie.cpp b/test/unittests/test_psid_cookie.cpp index 3b908b94..0384b420 100644 --- a/test/unittests/test_psid_cookie.cpp +++ b/test/unittests/test_psid_cookie.cpp @@ -85,6 +85,7 @@ class PsidCookieTest : public testing::Test pcfg->now = &now; pcfg->handshake_window = Time::Duration::seconds(60); pcfg->key_direction = 0; + pcfg->rng.reset(new SSLLib::RandomAPI(false)); pcfg->prng.reset(new SSLLib::RandomAPI(true)); spf.reset(new ServerProto::Factory(dummy_io_context, *pcfg)); @@ -141,7 +142,7 @@ TEST_F(PsidCookieTest, valid_time) uint64_t interval = (pci_dut.pcfg_.handshake_window.raw() + 1) / 2; bool hmac_ok; - cli_psid.randomize(*pci_dut.pcfg_.prng); + cli_psid.randomize(*pci_dut.pcfg_.rng); set_clock(Time::now()); srv_psid = pci_dut.calculate_session_id_hmac(cli_psid, cli_addr, 0); diff --git a/test/unittests/test_randapi.cpp b/test/unittests/test_randapi.cpp index 4ff8a2d6..ea37d096 100644 --- a/test/unittests/test_randapi.cpp +++ b/test/unittests/test_randapi.cpp @@ -6,7 +6,7 @@ using namespace openvpn; template -class IntegralMin : public RandomAPI +class IntegralMin : public WeakRandomAPI { public: OPENVPN_EXCEPTION(s_min_error); @@ -19,12 +19,6 @@ class IntegralMin : public RandomAPI return "IntegralMin"; } - // Return true if algorithm is crypto-strength - bool is_crypto() const override - { - return false; - } - // Fill buffer with minimum value void rand_bytes(unsigned char *buf, size_t size) override { diff --git a/test/unittests/test_session_id.cpp b/test/unittests/test_session_id.cpp index ede909ee..62a41523 100644 --- a/test/unittests/test_session_id.cpp +++ b/test/unittests/test_session_id.cpp @@ -118,7 +118,7 @@ struct SessionID : public SessionID128 } SessionID(RandomAPI &rng) - : SessionID128(rng, true) + : SessionID128(rng) { // dump("rng"); } @@ -184,7 +184,7 @@ static void tryit(RandomAPI &rng, TokenEncryptDecrypt &encdec) TEST(sessid, tokenEncrypt) { - RandomAPI::Ptr rng(new SSLLib::RandomAPI(false)); + StrongRandomAPI::Ptr rng(new SSLLib::RandomAPI(false)); const TokenEncrypt::Key key(*rng); TokenEncryptDecrypt encdec(key); diff --git a/test/unittests/test_ssl.cpp b/test/unittests/test_ssl.cpp index 4a8eeffc..cf2a83f4 100644 --- a/test/unittests/test_ssl.cpp +++ b/test/unittests/test_ssl.cpp @@ -50,7 +50,7 @@ TEST(ssl, sslciphersuites) TEST(ssl, sslciphers) { - RandomAPI::Ptr rng(new FakeSecureRand); + StrongRandomAPI::Ptr rng(new FakeSecureRand); bool previousLogOutput = testLog->isStdoutEnabled(); testLog->setPrintOutput(false); @@ -71,7 +71,7 @@ TEST(ssl, sslciphers) TEST(ssl, tls_groups) { - RandomAPI::Ptr rng(new FakeSecureRand); + StrongRandomAPI::Ptr rng(new FakeSecureRand); SSLFactoryAPI::Ptr sslfact; @@ -116,7 +116,7 @@ TEST(ssl, translate_ciphers_openssl) #if defined(USE_OPENSSL) && OPENSSL_VERSION_NUMBER >= 0x30000000L TEST(ssl, enablelegacyProvider) { - RandomAPI::Ptr rng(new FakeSecureRand); + StrongRandomAPI::Ptr rng(new FakeSecureRand); SSLLib::SSLAPI::Config::Ptr sslcfg(new SSLLib::SSLAPI::Config); sslcfg->set_local_cert_enabled(false); diff --git a/test/unittests/test_statickey.cpp b/test/unittests/test_statickey.cpp index 80ded348..437b468c 100644 --- a/test/unittests/test_statickey.cpp +++ b/test/unittests/test_statickey.cpp @@ -37,7 +37,7 @@ TEST(statickey, key1) TEST(statickey, key2) { - RandomAPI::Ptr rng(new SSLLib::RandomAPI(false)); + StrongRandomAPI::Ptr rng(new SSLLib::RandomAPI(false)); const size_t key_len = 16; StaticKey sk1; sk1.init_from_rng(*rng, key_len);