SecureRandom.cs
7.93 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
using System;
using System.Threading;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Digests;
using Org.BouncyCastle.Crypto.Prng;
using Org.BouncyCastle.Utilities;
namespace Org.BouncyCastle.Security
{
public class SecureRandom
: Random
{
private static long counter = Times.NanoTime();
#if NETCF_1_0 || PORTABLE
private static object counterLock = new object();
private static long NextCounterValue()
{
lock (counterLock)
{
return ++counter;
}
}
private static readonly SecureRandom[] master = { null };
private static SecureRandom Master
{
get
{
lock (master)
{
if (master[0] == null)
{
SecureRandom sr = master[0] = GetInstance("SHA256PRNG", false);
// Even though Ticks has at most 8 or 14 bits of entropy, there's no harm in adding it.
sr.SetSeed(DateTime.Now.Ticks);
// 32 will be enough when ThreadedSeedGenerator is fixed. Until then, ThreadedSeedGenerator returns low
// entropy, and this is not sufficient to be secure. http://www.bouncycastle.org/csharpdevmailarchive/msg00814.html
sr.SetSeed(new ThreadedSeedGenerator().GenerateSeed(32, true));
}
return master[0];
}
}
}
#else
private static long NextCounterValue()
{
return Interlocked.Increment(ref counter);
}
private static readonly SecureRandom master = new SecureRandom(new CryptoApiRandomGenerator());
private static SecureRandom Master
{
get { return master; }
}
#endif
private static DigestRandomGenerator CreatePrng(string digestName, bool autoSeed)
{
IDigest digest = DigestUtilities.GetDigest(digestName);
if (digest == null)
return null;
DigestRandomGenerator prng = new DigestRandomGenerator(digest);
if (autoSeed)
{
prng.AddSeedMaterial(NextCounterValue());
prng.AddSeedMaterial(GetNextBytes(Master, digest.GetDigestSize()));
}
return prng;
}
public static byte[] GetNextBytes(SecureRandom secureRandom, int length)
{
byte[] result = new byte[length];
secureRandom.NextBytes(result);
return result;
}
/// <summary>
/// Create and auto-seed an instance based on the given algorithm.
/// </summary>
/// <remarks>Equivalent to GetInstance(algorithm, true)</remarks>
/// <param name="algorithm">e.g. "SHA256PRNG"</param>
public static SecureRandom GetInstance(string algorithm)
{
return GetInstance(algorithm, true);
}
/// <summary>
/// Create an instance based on the given algorithm, with optional auto-seeding
/// </summary>
/// <param name="algorithm">e.g. "SHA256PRNG"</param>
/// <param name="autoSeed">If true, the instance will be auto-seeded.</param>
public static SecureRandom GetInstance(string algorithm, bool autoSeed)
{
string upper = Platform.ToUpperInvariant(algorithm);
if (Platform.EndsWith(upper, "PRNG"))
{
string digestName = upper.Substring(0, upper.Length - "PRNG".Length);
DigestRandomGenerator prng = CreatePrng(digestName, autoSeed);
if (prng != null)
{
return new SecureRandom(prng);
}
}
throw new ArgumentException("Unrecognised PRNG algorithm: " + algorithm, "algorithm");
}
[Obsolete("Call GenerateSeed() on a SecureRandom instance instead")]
public static byte[] GetSeed(int length)
{
return GetNextBytes(Master, length);
}
protected readonly IRandomGenerator generator;
public SecureRandom()
: this(CreatePrng("SHA256", true))
{
}
/// <remarks>
/// To replicate existing predictable output, replace with GetInstance("SHA1PRNG", false), followed by SetSeed(seed)
/// </remarks>
[Obsolete("Use GetInstance/SetSeed instead")]
public SecureRandom(byte[] seed)
: this(CreatePrng("SHA1", false))
{
SetSeed(seed);
}
/// <summary>Use the specified instance of IRandomGenerator as random source.</summary>
/// <remarks>
/// This constructor performs no seeding of either the <c>IRandomGenerator</c> or the
/// constructed <c>SecureRandom</c>. It is the responsibility of the client to provide
/// proper seed material as necessary/appropriate for the given <c>IRandomGenerator</c>
/// implementation.
/// </remarks>
/// <param name="generator">The source to generate all random bytes from.</param>
public SecureRandom(IRandomGenerator generator)
: base(0)
{
this.generator = generator;
}
public virtual byte[] GenerateSeed(int length)
{
return GetNextBytes(Master, length);
}
public virtual void SetSeed(byte[] seed)
{
generator.AddSeedMaterial(seed);
}
public virtual void SetSeed(long seed)
{
generator.AddSeedMaterial(seed);
}
public override int Next()
{
return NextInt() & int.MaxValue;
}
public override int Next(int maxValue)
{
if (maxValue < 2)
{
if (maxValue < 0)
throw new ArgumentOutOfRangeException("maxValue", "cannot be negative");
return 0;
}
// Test whether maxValue is a power of 2
if ((maxValue & (maxValue - 1)) == 0)
{
return NextInt() & (maxValue - 1);
}
int bits, result;
do
{
bits = NextInt() & int.MaxValue;
result = bits % maxValue;
}
while (bits - result + (maxValue - 1) < 0); // Ignore results near overflow
return result;
}
public override int Next(int minValue, int maxValue)
{
if (maxValue <= minValue)
{
if (maxValue == minValue)
return minValue;
throw new ArgumentException("maxValue cannot be less than minValue");
}
int diff = maxValue - minValue;
if (diff > 0)
return minValue + Next(diff);
for (;;)
{
int i = NextInt();
if (i >= minValue && i < maxValue)
return i;
}
}
public override void NextBytes(byte[] buf)
{
generator.NextBytes(buf);
}
public virtual void NextBytes(byte[] buf, int off, int len)
{
generator.NextBytes(buf, off, len);
}
private static readonly double DoubleScale = System.Math.Pow(2.0, 64.0);
public override double NextDouble()
{
return Convert.ToDouble((ulong) NextLong()) / DoubleScale;
}
public virtual int NextInt()
{
byte[] bytes = new byte[4];
NextBytes(bytes);
uint result = bytes[0];
result <<= 8;
result |= bytes[1];
result <<= 8;
result |= bytes[2];
result <<= 8;
result |= bytes[3];
return (int)result;
}
public virtual long NextLong()
{
return ((long)(uint) NextInt() << 32) | (long)(uint) NextInt();
}
}
}