Added crypto random-number generator

Added a cryptographic random-number generator to crypto/.
Modified sync to use this function instead.
May also be used by Cloud Print in the future.


Review URL: https://chromiumcodereview.appspot.com/10698177

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@149689 0039d316-1c4b-4281-b951-d872f2087c98

6 files changed, 78 insertions, 7 deletions

diff --git a/crypto/crypto.gyp b/crypto/crypto.gyp
index 287b53c..e124423 100644
--- a/crypto/crypto.gyp
+++ b/crypto/crypto.gyp
@@ -197,6 +197,8 @@
         'openssl_util.h',
         'p224.cc',
         'p224.h',
+        'random.h',
+        'random.cc',
         'rsa_private_key.cc',
         'rsa_private_key.h',
         'rsa_private_key_mac.cc',
@@ -242,6 +244,7 @@
         'nss_util_unittest.cc',
         'p224_unittest.cc',
         'p224_spake_unittest.cc',
+        'random_unittest.cc',
         'rsa_private_key_unittest.cc',
         'rsa_private_key_nss_unittest.cc',
         'secure_hash_unittest.cc',
diff --git a/crypto/openpgp_symmetric_encryption.cc b/crypto/openpgp_symmetric_encryption.cc
index 3f37d4c..7eb6737 100644
--- a/crypto/openpgp_symmetric_encryption.cc
+++ b/crypto/openpgp_symmetric_encryption.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -12,7 +12,7 @@
 #include <vector>
 
 #include "base/logging.h"
-#include "base/rand_util.h"
+#include "crypto/random.h"
 #include "crypto/scoped_nss_types.h"
 #include "crypto/nss_util.h"
 
@@ -680,7 +680,8 @@ class Encrypter {
     ske.push_back(3);  // iterated and salted S2K
     ske.push_back(2);  // SHA-1
 
-    uint64 salt64 = base::RandUint64();
+    uint64 salt64;
+    crypto::RandBytes(&salt64, sizeof(salt64));
     ByteString salt(sizeof(salt64), 0);
 
     // It's a random value, so endianness doesn't matter.
@@ -710,7 +711,7 @@ class Encrypter {
     static const unsigned kBlockSize = 16;  // AES block size
 
     uint8 prefix[kBlockSize + 2], fre[kBlockSize], iv[kBlockSize];
-    base::RandBytes(iv, kBlockSize);
+    crypto::RandBytes(iv, kBlockSize);
     memset(fre, 0, sizeof(fre));
 
     ScopedPK11Context aes_context;
diff --git a/crypto/p224_spake.cc b/crypto/p224_spake.cc
index af3c2b8..31109a4 100644
--- a/crypto/p224_spake.cc
+++ b/crypto/p224_spake.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -8,8 +8,8 @@
 #include <crypto/p224_spake.h>
 
 #include <base/logging.h>
-#include <base/rand_util.h>
 #include <crypto/p224.h>
+#include <crypto/random.h>
 #include <crypto/secure_util.h>
 
 namespace {
@@ -103,7 +103,7 @@ P224EncryptedKeyExchange::P224EncryptedKeyExchange(
   memset(&expected_authenticator_, 0, sizeof(expected_authenticator_));
 
   // x_ is a random scalar.
-  base::RandBytes(x_, sizeof(x_));
+  RandBytes(x_, sizeof(x_));
 
   // X = g**x_
   p224::Point X;
diff --git a/crypto/random.cc b/crypto/random.cc
new file mode 100644
index 0000000..a19bb1a
--- /dev/null
+++ b/crypto/random.cc
@@ -0,0 +1,19 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "crypto/random.h"
+
+#include "base/rand_util.h"
+
+namespace crypto {
+
+void RandBytes(void *bytes, size_t length) {
+  // It's OK to call base::RandBytes(), because it's already strongly random.
+  // But _other_ code should go through this function to ensure that code which
+  // needs secure randomness is easily discoverable.
+  base::RandBytes(bytes, length);
+}
+
+}  // namespace crypto
+
diff --git a/crypto/random.h b/crypto/random.h
new file mode 100644
index 0000000..cdbe8a9
--- /dev/null
+++ b/crypto/random.h
@@ -0,0 +1,21 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CRYPTO_RANDOM_H_
+#define CRYPTO_RANDOM_H_
+
+#include <stdlib.h>
+
+#include "crypto/crypto_export.h"
+
+namespace crypto {
+
+// Fills the given buffer with |length| random bytes of cryptographically
+// secure random numbers.
+// |length| must be positive.
+CRYPTO_EXPORT void RandBytes(void *bytes, size_t length);
+
+}
+
+#endif
diff --git a/crypto/random_unittest.cc b/crypto/random_unittest.cc
new file mode 100644
index 0000000..297f3cc
--- /dev/null
+++ b/crypto/random_unittest.cc
@@ -0,0 +1,27 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "crypto/random.h"
+
+#include "base/string_util.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+// Basic functionality tests. Does NOT test the security of the random data.
+
+// Ensures we don't have all trivial data, i.e. that the data is indeed random.
+// Currently, that means the bytes cannot be all the same (e.g. all zeros).
+bool IsTrivial(const std::string& bytes) {
+  for (size_t i = 0; i < bytes.size(); i++) {
+    if (bytes[i] != bytes[0]) {
+      return false;
+    }
+  }
+  return true;
+}
+
+TEST(RandBytes, RandBytes) {
+  std::string bytes(16, '\0');
+  crypto::RandBytes(WriteInto(&bytes, bytes.size()), bytes.size());
+  EXPECT_TRUE(!IsTrivial(bytes));
+}