CryptRandom


Contents


Introduction

CryptRandom is a module for generating cryptographically useful random bytes under RISC OS. It can use a number of sources to provide this information to clients needing secure, or high quality random data.


Overview

Computers are, by their nature, deterministic - so applying the same sequence of inputs to any program is likely to produce the same result. This is a bad thing when it comes to cryptography, as if you use a known sequence to encrypt a data stream, next time you turn on your machine you'll use the same known sequence, making the code possible to break. Thus we need a random sequence so that no pattern can be spotted in it. Basic provides a pseudo-random sequence, but this is the same every time the machine is turned on, so is not very good. It is also just a sequence, which will eventually repeat. True randomness is only possible on a computer by attaching it to other devices such as a radioactive source - not very practical.

CryptRandom applies another method, which will produce different values showing to no known pattern, which are different each time you switch the machine on. This is much less secure than using a true random source, but better than using a predictable random number generator like that Basic uses.

The CryptRandom module provides SWI calls which allow access to random data retrieved from a variety of sources.

Installation

CryptRandom is supplied in an archive containing a !System directory. It can be installed by decompressing this archive, then using a !System merge tool - such as that accessible by running !Boot, or !SysMerge for RISC OS 3.1 machines.

CryptRandom provides a service to clients that require it. Such applications should load it in the following way:

RMEnsure CryptRandom a.bc RMLoad System:Modules.CryptRand
RMEnsure CryptRandom a.bc Error CryptRandom version a.bc is required

where a.bc is the oldest version supporting the features the application requires (see the history file). Note that this version should be at least that of the latest security advisory (if any).

Lineage

CryptRandom is based on code from PuTTY, the Windows SSH client by Simon Tatham (see http://www.chiark.greenend.org.uk/~sgtatham/putty/). It consists of a 'pool' of random data, which is 'stirred' every time a byte is requested, using a complex hashing function to ensure there is no discernible pattern. The pool is supplied by 'entropy' from various sources, designed so that they are different every time they are called. The numerous sources include:


Technical details

  • On initialisation of CryptRandom:

    • Unique machine ID
    • Current WIMP tasks
    • Current dynamic areas
    • Disc free space
    • Disc directory listings
    • Previous saved CryptRandom seed

  • Every time a byte is requested:

    • Real time clock
    • System interval timer
    • Battery manager data (voltages/temperatures etc)

  • Every mouse and key press:

    • Press data
    • Mouse position
    • System timer

Sources are ignored if they don't work (eg a Risc PC doesn't have a battery manager).

Interrupts are disabled on SWIs as mentioned above - this is to allow multiple users to access the pool from interrupt routines (events/callbacks etc) - this may be subject to change in future versions.

The seed is saved over sessions to preserve the entropy - it'll first look for CryptRandom$SeedFile, and if this is set use this as the seed location, otherwise try Choices:Crypto.CryptRand.Seed or if Choices$Path is unset use <Wimp$ScrapDir>.Seed.

I don't claim to prove the security of the hashing process, so I can't guarantee the randomness of the output, but it appears to be white noise - if in doubt, do your own tests. The hash is based on SHA-1, which is believed by the computing community to be secure. Any comments in this respect would be welcomed.

contact

Newer versions (if any) of this software may be found at http://www.markettos.org.uk/ or else by contacting the author at: email theo@markettos.org.uk

Theo Markettos
5 Willow Close
Liphook
Hants
GU30 7HX
UK

I'd also welcome any bug reports or fixes, or any other comments.

Sources

Sources can be obtained from http://www.markettos.org.uk/

To build them you'll need:

  • Acorn C v4 or v5 (the Makefiles are designed for Castle's 32bit C compiler, so may need modification otherwise)
  • SDLS if have Acorn C v4 http://www.excessus.demon.co.uk/acorn/ssr/
  • Syslog (optional) http://www.drobe.co.uk/archives/freenet.barnet.ac.uk/Acorn/freenet/j.ribbens/syslog-0.17.spk (note that Syslog 0.19 appears to have bugs in it which may cause problems)
  • Makatic (optional) http://www.mirror.ac.uk/collections/hensa-micros/local/riscos/projects/makatic.zip
  • OSLib http://ro-oslib.sourceforge.net/


SWIs


CryptRandom_Byte
(SWI &51980)

Reads a byte from the random pool
On entry
None
On exit
R0=Random byte value (0-255)
Interrupts
Interrupts are disabled
Fast interrupts are undefined
Processor mode
Processor is in SVC mode
Re-entrancy
SWI is not re-entrant
Use

This SWI reads a byte from the pool, and subsequently stirs it.

Related SWIs
CryptRandom_Block, CryptRandom_Word

CryptRandom_Stir
(SWI &51981)

Stirs the random pool
On entry
None
On exit
None
Interrupts
Interrupts are disabled
Fast interrupts are undefined
Processor mode
Processor is in SVC mode
Re-entrancy
SWI is not re-entrant
Use

This SWI stirs the random pool - this should not be necessary in normal use

Related SWIs
CryptRandom_AddNoise

CryptRandom_AddNoise
(SWI &51982)

Introduce data to the random pool
On entry
R0=Pointer to block of noise data to add
R1=Size of data in the block
On exit
None
Interrupts
Interrupts are disabled
Fast interrupts are undefined
Processor mode
Processor is in SVC mode
Re-entrancy
SWI is not re-entrant
Use

Adds a block of noise to the random pool - shouldn't be necessary in normal use.

Related SWIs
CryptRandom_Stir

CryptRandom_Block
(SWI &51983)

Reads multiple bytes from the random pool
On entry
R0=Pointer to block to fill with random bytes
R1=Number of bytes to fill into the buffer
On exit
None
Interrupts
Interrupts are disabled
Fast interrupts are undefined
Processor mode
Processor is in SVC mode
Re-entrancy
SWI is not re-entrant
Use

Generates a block of random data. Note this is called with interrupts off, so large blocks may cause your machine to hang while they are generated. Note also the entropy generated by this call is likely to be less than multiple CryptRandom_Byte calls (since times/battery status etc are likely to be the same during this call, but not if _Byte calls are spread at different points in your program), so randomness may suffer as a result.

Related SWIs
CryptRandom_Byte, CryptRandom_Word

CryptRandom_Word
(SWI &51984)

Reads a 32-bit word from the random pool
On entry
None
On exit
R0=Random 32-bit word from the pool
Interrupts
Interrupts are disabled
Fast interrupts are undefined
Processor mode
Processor is in SVC mode
Re-entrancy
SWI is not re-entrant
Use

This reads a 4 bytes from the pool, and assembles them into a 32-bit word.

Related SWIs
CryptRandom_Byte, CryptRandom_Block

Document information

Maintainer(s):
Theo Markettos <theo@markettos.org.>
History:
RevisionDateAuthorChanges
0.13Theo MarkettosText documentation
  • Original documentation for the CryptRandom module.
0.13aGerphPRM-in-XML documentation
  • Documentation re-written as PRM-in-XML.
Disclaimer:

Copyright 2000-1 Theo Markettos.
Portions copyright Simon Tatham, Gary S. Brown and Eric Young

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL SIMON TATHAM OR THEO MARKETTOS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.