crypto/rand for Windows R=rsc, brainman CC=golang-dev https://golang.org/cl/1773041

commit: ccd28e8eb6f81f21093deb730ea70982cb381514 [log] [tgz]
author: Peter Mundy <go.peter.90@gmail.com> Mon Jul 12 16:37:53 2010 -0700
committer: Russ Cox <rsc@golang.org> Mon Jul 12 16:37:53 2010 -0700
tree: 0daf2655cffae43528c07f5b87401cf32f3678fb
parent: c9f83372d87fca87873116aba2efaabb3137375b [diff]
diff --git a/src/pkg/crypto/rand/Makefile b/src/pkg/crypto/rand/Makefile
index 0e7a553..2181259 100644
--- a/src/pkg/crypto/rand/Makefile
+++ b/src/pkg/crypto/rand/Makefile

@@ -9,4 +9,21 @@
 GOFILES=\
 	rand.go\
 
+GOFILES_freebsd=\
+	rand_unix.go\
+
+GOFILES_darwin=\
+	rand_unix.go\
+
+GOFILES_linux=\
+	rand_unix.go\
+
+GOFILES_nacl=\
+	rand_unix.go\
+
+GOFILES_windows=\
+	rand_windows.go\
+
+GOFILES+=$(GOFILES_$(GOOS))
+
 include ../../../Make.pkg

diff --git a/src/pkg/crypto/rand/rand.go b/src/pkg/crypto/rand/rand.go
index 01c3031..42d9da0 100644
--- a/src/pkg/crypto/rand/rand.go
+++ b/src/pkg/crypto/rand/rand.go

@@ -7,124 +7,15 @@
 package rand
 
 import (
-	"crypto/aes"
 	"io"
 	"os"
-	"sync"
-	"time"
 )
 
 // Reader is a global, shared instance of a cryptographically
 // strong pseudo-random generator.
+// On Unix-like systems, Reader reads from /dev/urandom.
+// On Windows systems, Reader uses the CryptGenRandom API.
 var Reader io.Reader
 
 // Read is a helper function that calls Reader.Read.
 func Read(b []byte) (n int, err os.Error) { return Reader.Read(b) }
-
-// Easy implementation: read from /dev/urandom.
-// This is sufficient on Linux, OS X, and FreeBSD.
-
-func init() { Reader = &devReader{name: "/dev/urandom"} }
-
-// A devReader satisfies reads by reading the file named name.
-type devReader struct {
-	name string
-	f    *os.File
-	mu   sync.Mutex
-}
-
-func (r *devReader) Read(b []byte) (n int, err os.Error) {
-	r.mu.Lock()
-	if r.f == nil {
-		f, err := os.Open(r.name, os.O_RDONLY, 0)
-		if f == nil {
-			return 0, err
-		}
-		r.f = f
-	}
-	r.mu.Unlock()
-	return r.f.Read(b)
-}
-
-// Alternate pseudo-random implementation for use on
-// systems without a reliable /dev/urandom.  So far we
-// haven't needed it.
-
-// newReader returns a new pseudorandom generator that
-// seeds itself by reading from entropy.  If entropy == nil,
-// the generator seeds itself by reading from the system's
-// random number generator, typically /dev/random.
-// The Read method on the returned reader always returns
-// the full amount asked for, or else it returns an error.
-//
-// The generator uses the X9.31 algorithm with AES-128,
-// reseeding after every 1 MB of generated data.
-func newReader(entropy io.Reader) io.Reader {
-	if entropy == nil {
-		entropy = &devReader{name: "/dev/random"}
-	}
-	return &reader{entropy: entropy}
-}
-
-type reader struct {
-	mu                   sync.Mutex
-	budget               int // number of bytes that can be generated
-	cipher               *aes.Cipher
-	entropy              io.Reader
-	time, seed, dst, key [aes.BlockSize]byte
-}
-
-func (r *reader) Read(b []byte) (n int, err os.Error) {
-	r.mu.Lock()
-	defer r.mu.Unlock()
-	n = len(b)
-
-	for len(b) > 0 {
-		if r.budget == 0 {
-			_, err := io.ReadFull(r.entropy, r.seed[0:])
-			if err != nil {
-				return n - len(b), err
-			}
-			_, err = io.ReadFull(r.entropy, r.key[0:])
-			if err != nil {
-				return n - len(b), err
-			}
-			r.cipher, err = aes.NewCipher(r.key[0:])
-			if err != nil {
-				return n - len(b), err
-			}
-			r.budget = 1 << 20 // reseed after generating 1MB
-		}
-		r.budget -= aes.BlockSize
-
-		// ANSI X9.31 (== X9.17) algorithm, but using AES in place of 3DES.
-		//
-		// single block:
-		// t = encrypt(time)
-		// dst = encrypt(t^seed)
-		// seed = encrypt(t^dst)
-		ns := time.Nanoseconds()
-		r.time[0] = byte(ns >> 56)
-		r.time[1] = byte(ns >> 48)
-		r.time[2] = byte(ns >> 40)
-		r.time[3] = byte(ns >> 32)
-		r.time[4] = byte(ns >> 24)
-		r.time[5] = byte(ns >> 16)
-		r.time[6] = byte(ns >> 8)
-		r.time[7] = byte(ns)
-		r.cipher.Encrypt(r.time[0:], r.time[0:])
-		for i := 0; i < aes.BlockSize; i++ {
-			r.dst[i] = r.time[i] ^ r.seed[i]
-		}
-		r.cipher.Encrypt(r.dst[0:], r.dst[0:])
-		for i := 0; i < aes.BlockSize; i++ {
-			r.seed[i] = r.time[i] ^ r.dst[i]
-		}
-		r.cipher.Encrypt(r.seed[0:], r.seed[0:])
-
-		m := copy(b, r.dst[0:])
-		b = b[m:]
-	}
-
-	return n, nil
-}

diff --git a/src/pkg/crypto/rand/rand_unix.go b/src/pkg/crypto/rand/rand_unix.go
new file mode 100644
index 0000000..d8db6f2
--- /dev/null
+++ b/src/pkg/crypto/rand/rand_unix.go

@@ -0,0 +1,124 @@
+// Copyright 2010 The Go Authors.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Unix cryptographically secure pseudorandom number
+// generator.
+
+package rand
+
+import (
+	"crypto/aes"
+	"io"
+	"os"
+	"sync"
+	"time"
+)
+
+// Easy implementation: read from /dev/urandom.
+// This is sufficient on Linux, OS X, and FreeBSD.
+
+func init() { Reader = &devReader{name: "/dev/urandom"} }
+
+// A devReader satisfies reads by reading the file named name.
+type devReader struct {
+	name string
+	f    *os.File
+	mu   sync.Mutex
+}
+
+func (r *devReader) Read(b []byte) (n int, err os.Error) {
+	r.mu.Lock()
+	if r.f == nil {
+		f, err := os.Open(r.name, os.O_RDONLY, 0)
+		if f == nil {
+			return 0, err
+		}
+		r.f = f
+	}
+	r.mu.Unlock()
+	return r.f.Read(b)
+}
+
+// Alternate pseudo-random implementation for use on
+// systems without a reliable /dev/urandom.  So far we
+// haven't needed it.
+
+// newReader returns a new pseudorandom generator that
+// seeds itself by reading from entropy.  If entropy == nil,
+// the generator seeds itself by reading from the system's
+// random number generator, typically /dev/random.
+// The Read method on the returned reader always returns
+// the full amount asked for, or else it returns an error.
+//
+// The generator uses the X9.31 algorithm with AES-128,
+// reseeding after every 1 MB of generated data.
+func newReader(entropy io.Reader) io.Reader {
+	if entropy == nil {
+		entropy = &devReader{name: "/dev/random"}
+	}
+	return &reader{entropy: entropy}
+}
+
+type reader struct {
+	mu                   sync.Mutex
+	budget               int // number of bytes that can be generated
+	cipher               *aes.Cipher
+	entropy              io.Reader
+	time, seed, dst, key [aes.BlockSize]byte
+}
+
+func (r *reader) Read(b []byte) (n int, err os.Error) {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+	n = len(b)
+
+	for len(b) > 0 {
+		if r.budget == 0 {
+			_, err := io.ReadFull(r.entropy, r.seed[0:])
+			if err != nil {
+				return n - len(b), err
+			}
+			_, err = io.ReadFull(r.entropy, r.key[0:])
+			if err != nil {
+				return n - len(b), err
+			}
+			r.cipher, err = aes.NewCipher(r.key[0:])
+			if err != nil {
+				return n - len(b), err
+			}
+			r.budget = 1 << 20 // reseed after generating 1MB
+		}
+		r.budget -= aes.BlockSize
+
+		// ANSI X9.31 (== X9.17) algorithm, but using AES in place of 3DES.
+		//
+		// single block:
+		// t = encrypt(time)
+		// dst = encrypt(t^seed)
+		// seed = encrypt(t^dst)
+		ns := time.Nanoseconds()
+		r.time[0] = byte(ns >> 56)
+		r.time[1] = byte(ns >> 48)
+		r.time[2] = byte(ns >> 40)
+		r.time[3] = byte(ns >> 32)
+		r.time[4] = byte(ns >> 24)
+		r.time[5] = byte(ns >> 16)
+		r.time[6] = byte(ns >> 8)
+		r.time[7] = byte(ns)
+		r.cipher.Encrypt(r.time[0:], r.time[0:])
+		for i := 0; i < aes.BlockSize; i++ {
+			r.dst[i] = r.time[i] ^ r.seed[i]
+		}
+		r.cipher.Encrypt(r.dst[0:], r.dst[0:])
+		for i := 0; i < aes.BlockSize; i++ {
+			r.seed[i] = r.time[i] ^ r.dst[i]
+		}
+		r.cipher.Encrypt(r.seed[0:], r.seed[0:])
+
+		m := copy(b, r.dst[0:])
+		b = b[m:]
+	}
+
+	return n, nil
+}

diff --git a/src/pkg/crypto/rand/rand_windows.go b/src/pkg/crypto/rand/rand_windows.go
new file mode 100755
index 0000000..9bab2cb
--- /dev/null
+++ b/src/pkg/crypto/rand/rand_windows.go

@@ -0,0 +1,42 @@
+// Copyright 2010 The Go Authors.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Windows cryptographically secure pseudorandom number
+// generator.
+
+package rand
+
+import (
+	"os"
+	"sync"
+	"syscall"
+)
+
+// Implemented by using Windows CryptoAPI 2.0.
+
+func init() { Reader = &rngReader{} }
+
+// A rngReader satisfies reads by reading from the Windows CryptGenRandom API.
+type rngReader struct {
+	prov uint32
+	mu   sync.Mutex
+}
+
+func (r *rngReader) Read(b []byte) (n int, err os.Error) {
+	r.mu.Lock()
+	if r.prov == 0 {
+		const provType = syscall.PROV_RSA_FULL
+		const flags = syscall.CRYPT_VERIFYCONTEXT | syscall.CRYPT_SILENT
+		ok, errno := syscall.CryptAcquireContext(&r.prov, nil, nil, provType, flags)
+		if !ok {
+			return 0, os.NewSyscallError("CryptAcquireContext", errno)
+		}
+	}
+	r.mu.Unlock()
+	ok, errno := syscall.CryptGenRandom(r.prov, uint32(len(b)), &b[0])
+	if !ok {
+		return 0, os.NewSyscallError("CryptGenRandom", errno)
+	}
+	return len(b), nil
+}
commit	ccd28e8eb6f81f21093deb730ea70982cb381514	[log] [tgz]
author	Peter Mundy <go.peter.90@gmail.com>	Mon Jul 12 16:37:53 2010 -0700
committer	Russ Cox <rsc@golang.org>	Mon Jul 12 16:37:53 2010 -0700
tree	0daf2655cffae43528c07f5b87401cf32f3678fb
parent	c9f83372d87fca87873116aba2efaabb3137375b [diff]