mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-10 09:58:01 +00:00
Windows PuTTYgen: switch to CryptGenRandom.
We now only use the mouse-movement based entropy collection system if the system CPRNG fails to provide us with as much entropy as we want.
This commit is contained in:
parent
025599ec99
commit
6142013abc
@ -19,6 +19,29 @@ DECL_WINDOWS_FUNCTION(static, BOOL, CryptReleaseContext,
|
|||||||
(HCRYPTPROV, DWORD));
|
(HCRYPTPROV, DWORD));
|
||||||
static HMODULE wincrypt_module = NULL;
|
static HMODULE wincrypt_module = NULL;
|
||||||
|
|
||||||
|
int win_read_random(void *buf, unsigned wanted)
|
||||||
|
{
|
||||||
|
int toret = FALSE;
|
||||||
|
HCRYPTPROV crypt_provider;
|
||||||
|
|
||||||
|
if (!wincrypt_module) {
|
||||||
|
wincrypt_module = load_system32_dll("advapi32.dll");
|
||||||
|
GET_WINDOWS_FUNCTION(wincrypt_module, CryptAcquireContextA);
|
||||||
|
GET_WINDOWS_FUNCTION(wincrypt_module, CryptGenRandom);
|
||||||
|
GET_WINDOWS_FUNCTION(wincrypt_module, CryptReleaseContext);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (wincrypt_module && p_CryptAcquireContextA &&
|
||||||
|
p_CryptGenRandom && p_CryptReleaseContext &&
|
||||||
|
p_CryptAcquireContextA(&crypt_provider, NULL, NULL, PROV_RSA_FULL,
|
||||||
|
CRYPT_VERIFYCONTEXT)) {
|
||||||
|
toret = p_CryptGenRandom(crypt_provider, wanted, buf);
|
||||||
|
p_CryptReleaseContext(crypt_provider, 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
return toret;
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* This function is called once, at PuTTY startup.
|
* This function is called once, at PuTTY startup.
|
||||||
*/
|
*/
|
||||||
@ -28,8 +51,8 @@ void noise_get_heavy(void (*func) (void *, int))
|
|||||||
HANDLE srch;
|
HANDLE srch;
|
||||||
WIN32_FIND_DATA finddata;
|
WIN32_FIND_DATA finddata;
|
||||||
DWORD pid;
|
DWORD pid;
|
||||||
HCRYPTPROV crypt_provider;
|
|
||||||
char winpath[MAX_PATH + 3];
|
char winpath[MAX_PATH + 3];
|
||||||
|
BYTE buf[32];
|
||||||
|
|
||||||
GetWindowsDirectory(winpath, sizeof(winpath));
|
GetWindowsDirectory(winpath, sizeof(winpath));
|
||||||
strcat(winpath, "\\*");
|
strcat(winpath, "\\*");
|
||||||
@ -44,22 +67,9 @@ void noise_get_heavy(void (*func) (void *, int))
|
|||||||
pid = GetCurrentProcessId();
|
pid = GetCurrentProcessId();
|
||||||
func(&pid, sizeof(pid));
|
func(&pid, sizeof(pid));
|
||||||
|
|
||||||
if (!wincrypt_module) {
|
if (win_read_random(buf, sizeof(buf))) {
|
||||||
wincrypt_module = load_system32_dll("advapi32.dll");
|
|
||||||
GET_WINDOWS_FUNCTION(wincrypt_module, CryptAcquireContextA);
|
|
||||||
GET_WINDOWS_FUNCTION(wincrypt_module, CryptGenRandom);
|
|
||||||
GET_WINDOWS_FUNCTION(wincrypt_module, CryptReleaseContext);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (wincrypt_module && p_CryptAcquireContextA &&
|
|
||||||
p_CryptGenRandom && p_CryptReleaseContext &&
|
|
||||||
p_CryptAcquireContextA(&crypt_provider, NULL, NULL, PROV_RSA_FULL,
|
|
||||||
CRYPT_VERIFYCONTEXT)) {
|
|
||||||
BYTE buf[32];
|
|
||||||
if (p_CryptGenRandom(crypt_provider, 32, buf)) {
|
|
||||||
func(buf, sizeof(buf));
|
func(buf, sizeof(buf));
|
||||||
}
|
smemclr(buf, sizeof(buf));
|
||||||
p_CryptReleaseContext(crypt_provider, 0);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
read_random_seed(func);
|
read_random_seed(func);
|
||||||
|
@ -809,14 +809,45 @@ void load_key_file(HWND hwnd, struct MainDlgState *state,
|
|||||||
burnstr(passphrase);
|
burnstr(passphrase);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void start_generating_key(HWND hwnd, struct MainDlgState *state)
|
||||||
|
{
|
||||||
|
static const char generating_msg[] =
|
||||||
|
"Please wait while a key is generated...";
|
||||||
|
|
||||||
|
struct rsa_key_thread_params *params;
|
||||||
|
DWORD threadid;
|
||||||
|
|
||||||
|
SetDlgItemText(hwnd, IDC_GENERATING, generating_msg);
|
||||||
|
SendDlgItemMessage(hwnd, IDC_PROGRESS, PBM_SETRANGE, 0,
|
||||||
|
MAKELPARAM(0, PROGRESSRANGE));
|
||||||
|
SendDlgItemMessage(hwnd, IDC_PROGRESS, PBM_SETPOS, 0, 0);
|
||||||
|
|
||||||
|
params = snew(struct rsa_key_thread_params);
|
||||||
|
params->progressbar = GetDlgItem(hwnd, IDC_PROGRESS);
|
||||||
|
params->dialog = hwnd;
|
||||||
|
params->key_bits = state->key_bits;
|
||||||
|
params->curve_bits = state->curve_bits;
|
||||||
|
params->keytype = state->keytype;
|
||||||
|
params->key = &state->key;
|
||||||
|
params->dsskey = &state->dsskey;
|
||||||
|
|
||||||
|
if (!CreateThread(NULL, 0, generate_key_thread,
|
||||||
|
params, 0, &threadid)) {
|
||||||
|
MessageBox(hwnd, "Out of thread resources",
|
||||||
|
"Key generation error",
|
||||||
|
MB_OK | MB_ICONERROR);
|
||||||
|
sfree(params);
|
||||||
|
} else {
|
||||||
|
state->generation_thread_exists = TRUE;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Dialog-box function for the main PuTTYgen dialog box.
|
* Dialog-box function for the main PuTTYgen dialog box.
|
||||||
*/
|
*/
|
||||||
static INT_PTR CALLBACK MainDlgProc(HWND hwnd, UINT msg,
|
static INT_PTR CALLBACK MainDlgProc(HWND hwnd, UINT msg,
|
||||||
WPARAM wParam, LPARAM lParam)
|
WPARAM wParam, LPARAM lParam)
|
||||||
{
|
{
|
||||||
static const char generating_msg[] =
|
|
||||||
"Please wait while a key is generated...";
|
|
||||||
static const char entropy_msg[] =
|
static const char entropy_msg[] =
|
||||||
"Please generate some randomness by moving the mouse over the blank area.";
|
"Please generate some randomness by moving the mouse over the blank area.";
|
||||||
struct MainDlgState *state;
|
struct MainDlgState *state;
|
||||||
@ -1009,9 +1040,6 @@ static INT_PTR CALLBACK MainDlgProc(HWND hwnd, UINT msg,
|
|||||||
SendDlgItemMessage(hwnd, IDC_PROGRESS, PBM_SETPOS,
|
SendDlgItemMessage(hwnd, IDC_PROGRESS, PBM_SETPOS,
|
||||||
state->entropy_got, 0);
|
state->entropy_got, 0);
|
||||||
if (state->entropy_got >= state->entropy_required) {
|
if (state->entropy_got >= state->entropy_required) {
|
||||||
struct rsa_key_thread_params *params;
|
|
||||||
DWORD threadid;
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Seed the entropy pool
|
* Seed the entropy pool
|
||||||
*/
|
*/
|
||||||
@ -1020,29 +1048,7 @@ static INT_PTR CALLBACK MainDlgProc(HWND hwnd, UINT msg,
|
|||||||
sfree(state->entropy);
|
sfree(state->entropy);
|
||||||
state->collecting_entropy = FALSE;
|
state->collecting_entropy = FALSE;
|
||||||
|
|
||||||
SetDlgItemText(hwnd, IDC_GENERATING, generating_msg);
|
start_generating_key(hwnd, state);
|
||||||
SendDlgItemMessage(hwnd, IDC_PROGRESS, PBM_SETRANGE, 0,
|
|
||||||
MAKELPARAM(0, PROGRESSRANGE));
|
|
||||||
SendDlgItemMessage(hwnd, IDC_PROGRESS, PBM_SETPOS, 0, 0);
|
|
||||||
|
|
||||||
params = snew(struct rsa_key_thread_params);
|
|
||||||
params->progressbar = GetDlgItem(hwnd, IDC_PROGRESS);
|
|
||||||
params->dialog = hwnd;
|
|
||||||
params->key_bits = state->key_bits;
|
|
||||||
params->curve_bits = state->curve_bits;
|
|
||||||
params->keytype = state->keytype;
|
|
||||||
params->key = &state->key;
|
|
||||||
params->dsskey = &state->dsskey;
|
|
||||||
|
|
||||||
if (!CreateThread(NULL, 0, generate_key_thread,
|
|
||||||
params, 0, &threadid)) {
|
|
||||||
MessageBox(hwnd, "Out of thread resources",
|
|
||||||
"Key generation error",
|
|
||||||
MB_OK | MB_ICONERROR);
|
|
||||||
sfree(params);
|
|
||||||
} else {
|
|
||||||
state->generation_thread_exists = TRUE;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
@ -1102,6 +1108,8 @@ static INT_PTR CALLBACK MainDlgProc(HWND hwnd, UINT msg,
|
|||||||
state =
|
state =
|
||||||
(struct MainDlgState *) GetWindowLongPtr(hwnd, GWLP_USERDATA);
|
(struct MainDlgState *) GetWindowLongPtr(hwnd, GWLP_USERDATA);
|
||||||
if (!state->generation_thread_exists) {
|
if (!state->generation_thread_exists) {
|
||||||
|
unsigned raw_entropy_required;
|
||||||
|
unsigned char *raw_entropy_buf;
|
||||||
BOOL ok;
|
BOOL ok;
|
||||||
state->key_bits = GetDlgItemInt(hwnd, IDC_BITS, &ok, FALSE);
|
state->key_bits = GetDlgItemInt(hwnd, IDC_BITS, &ok, FALSE);
|
||||||
if (!ok)
|
if (!ok)
|
||||||
@ -1149,30 +1157,49 @@ static INT_PTR CALLBACK MainDlgProc(HWND hwnd, UINT msg,
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
ui_set_state(hwnd, state, 1);
|
if (state->keytype == RSA || state->keytype == DSA)
|
||||||
SetDlgItemText(hwnd, IDC_GENERATING, entropy_msg);
|
raw_entropy_required = (state->key_bits / 2) * 2;
|
||||||
state->key_exists = FALSE;
|
else if (state->keytype == ECDSA)
|
||||||
state->collecting_entropy = TRUE;
|
raw_entropy_required = (state->curve_bits / 2) * 2;
|
||||||
|
else
|
||||||
|
raw_entropy_required = 256;
|
||||||
|
|
||||||
|
raw_entropy_buf = snewn(raw_entropy_required, unsigned char);
|
||||||
|
if (win_read_random(raw_entropy_buf, raw_entropy_required)) {
|
||||||
/*
|
/*
|
||||||
|
* If we can get the entropy we need from
|
||||||
|
* CryptGenRandom, just do that, and go straight
|
||||||
|
* to the key-generation phase.
|
||||||
|
*/
|
||||||
|
random_add_heavynoise(raw_entropy_buf,
|
||||||
|
raw_entropy_required);
|
||||||
|
start_generating_key(hwnd, state);
|
||||||
|
} else {
|
||||||
|
/*
|
||||||
|
* Manual entropy input, by making the user wave
|
||||||
|
* the mouse over the window a lot.
|
||||||
|
*
|
||||||
* My brief statistical tests on mouse movements
|
* My brief statistical tests on mouse movements
|
||||||
* suggest that there are about 2.5 bits of
|
* suggest that there are about 2.5 bits of
|
||||||
* randomness in the x position, 2.5 in the y
|
* randomness in the x position, 2.5 in the y
|
||||||
* position, and 1.7 in the message time, making
|
* position, and 1.7 in the message time, making
|
||||||
* 5.7 bits of unpredictability per mouse movement.
|
* 5.7 bits of unpredictability per mouse
|
||||||
* However, other people have told me it's far less
|
* movement. However, other people have told me
|
||||||
* than that, so I'm going to be stupidly cautious
|
* it's far less than that, so I'm going to be
|
||||||
* and knock that down to a nice round 2. With this
|
* stupidly cautious and knock that down to a nice
|
||||||
* method, we require two words per mouse movement,
|
* round 2. With this method, we require two words
|
||||||
* so with 2 bits per mouse movement we expect 2
|
* per mouse movement, so with 2 bits per mouse
|
||||||
* bits every 2 words.
|
* movement we expect 2 bits every 2 words, i.e.
|
||||||
|
* the number of _words_ of mouse data we want to
|
||||||
|
* collect is just the same as the number of
|
||||||
|
* _bits_ of entropy we want.
|
||||||
*/
|
*/
|
||||||
if (state->keytype == RSA || state->keytype == DSA)
|
state->entropy_required = raw_entropy_required;
|
||||||
state->entropy_required = (state->key_bits / 2) * 2;
|
|
||||||
else if (state->keytype == ECDSA)
|
ui_set_state(hwnd, state, 1);
|
||||||
state->entropy_required = (state->curve_bits / 2) * 2;
|
SetDlgItemText(hwnd, IDC_GENERATING, entropy_msg);
|
||||||
else
|
state->key_exists = FALSE;
|
||||||
state->entropy_required = 256;
|
state->collecting_entropy = TRUE;
|
||||||
|
|
||||||
state->entropy_got = 0;
|
state->entropy_got = 0;
|
||||||
state->entropy_size = (state->entropy_required *
|
state->entropy_size = (state->entropy_required *
|
||||||
@ -1183,6 +1210,10 @@ static INT_PTR CALLBACK MainDlgProc(HWND hwnd, UINT msg,
|
|||||||
MAKELPARAM(0, state->entropy_required));
|
MAKELPARAM(0, state->entropy_required));
|
||||||
SendDlgItemMessage(hwnd, IDC_PROGRESS, PBM_SETPOS, 0, 0);
|
SendDlgItemMessage(hwnd, IDC_PROGRESS, PBM_SETPOS, 0, 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
smemclr(raw_entropy_buf, raw_entropy_required);
|
||||||
|
sfree(raw_entropy_buf);
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
case IDC_SAVE:
|
case IDC_SAVE:
|
||||||
case IDC_EXPORT_OPENSSH_AUTO:
|
case IDC_EXPORT_OPENSSH_AUTO:
|
||||||
|
@ -607,6 +607,11 @@ void remove_session_from_jumplist(const char * const sessionname);
|
|||||||
void clear_jumplist(void);
|
void clear_jumplist(void);
|
||||||
BOOL set_explicit_app_user_model_id();
|
BOOL set_explicit_app_user_model_id();
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Exports from winnoise.c.
|
||||||
|
*/
|
||||||
|
int win_read_random(void *buf, unsigned wanted); /* returns TRUE on success */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Extra functions in winstore.c over and above the interface in
|
* Extra functions in winstore.c over and above the interface in
|
||||||
* storage.h.
|
* storage.h.
|
||||||
|
Loading…
Reference in New Issue
Block a user