| // Copyright (c) 2016 Ryan Prichard | |
| // | |
| // Permission is hereby granted, free of charge, to any person obtaining a copy | |
| // of this software and associated documentation files (the "Software"), to | |
| // deal in the Software without restriction, including without limitation the | |
| // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or | |
| // sell copies of the Software, and to permit persons to whom the Software is | |
| // furnished to do so, subject to the following conditions: | |
| // | |
| // The above copyright notice and this permission notice shall be included in | |
| // all copies or substantial portions of the Software. | |
| // | |
| // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | |
| // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
| // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | |
| // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | |
| // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING | |
| // FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS | |
| // IN THE SOFTWARE. | |
| static volatile LONG g_pipeCounter; | |
| GenRandom::GenRandom() : m_advapi32(L"advapi32.dll") { | |
| // First try to use the pseudo-documented RtlGenRandom function from | |
| // advapi32.dll. Creating a CryptoAPI context is slow, and RtlGenRandom | |
| // avoids the overhead. It's documented in this blog post[1] and on | |
| // MSDN[2] with a disclaimer about future breakage. This technique is | |
| // apparently built-in into the MSVC CRT, though, for the rand_s function, | |
| // so perhaps it is stable enough. | |
| // | |
| // [1] http://blogs.msdn.com/b/michael_howard/archive/2005/01/14/353379.aspx | |
| // [2] https://msdn.microsoft.com/en-us/library/windows/desktop/aa387694(v=vs.85).aspx | |
| // | |
| // Both RtlGenRandom and the Crypto API functions exist in XP and up. | |
| m_rtlGenRandom = reinterpret_cast<RtlGenRandom_t*>( | |
| m_advapi32.proc("SystemFunction036")); | |
| // The OsModule class logs an error message if the proc is nullptr. | |
| if (m_rtlGenRandom != nullptr) { | |
| return; | |
| } | |
| // Fall back to the crypto API. | |
| m_cryptProvIsValid = | |
| CryptAcquireContext(&m_cryptProv, nullptr, nullptr, | |
| PROV_RSA_FULL, CRYPT_VERIFYCONTEXT) != 0; | |
| if (!m_cryptProvIsValid) { | |
| trace("GenRandom: CryptAcquireContext failed: %u", | |
| static_cast<unsigned>(GetLastError())); | |
| } | |
| } | |
| GenRandom::~GenRandom() { | |
| if (m_cryptProvIsValid) { | |
| CryptReleaseContext(m_cryptProv, 0); | |
| } | |
| } | |
| // Returns false if the context is invalid or the generation fails. | |
| bool GenRandom::fillBuffer(void *buffer, size_t size) { | |
| memset(buffer, 0, size); | |
| bool success = false; | |
| if (m_rtlGenRandom != nullptr) { | |
| success = m_rtlGenRandom(buffer, size) != 0; | |
| if (!success) { | |
| trace("GenRandom: RtlGenRandom/SystemFunction036 failed: %u", | |
| static_cast<unsigned>(GetLastError())); | |
| } | |
| } else if (m_cryptProvIsValid) { | |
| success = | |
| CryptGenRandom(m_cryptProv, size, | |
| reinterpret_cast<BYTE*>(buffer)) != 0; | |
| if (!success) { | |
| trace("GenRandom: CryptGenRandom failed, size=%d, lasterror=%u", | |
| static_cast<int>(size), | |
| static_cast<unsigned>(GetLastError())); | |
| } | |
| } | |
| return success; | |
| } | |
| // Returns an empty string if either of CryptAcquireContext or CryptGenRandom | |
| // fail. | |
| std::string GenRandom::randomBytes(size_t numBytes) { | |
| std::string ret(numBytes, '\0'); | |
| if (!fillBuffer(&ret[0], numBytes)) { | |
| return std::string(); | |
| } | |
| return ret; | |
| } | |
| std::wstring GenRandom::randomHexString(size_t numBytes) { | |
| const std::string bytes = randomBytes(numBytes); | |
| std::wstring ret(bytes.size() * 2, L'\0'); | |
| for (size_t i = 0; i < bytes.size(); ++i) { | |
| static const wchar_t hex[] = L"0123456789abcdef"; | |
| ret[i * 2] = hex[static_cast<uint8_t>(bytes[i]) >> 4]; | |
| ret[i * 2 + 1] = hex[static_cast<uint8_t>(bytes[i]) & 0xF]; | |
| } | |
| return ret; | |
| } | |
| // Returns a 64-bit value representing the number of 100-nanosecond intervals | |
| // since January 1, 1601. | |
| static uint64_t systemTimeAsUInt64() { | |
| FILETIME monotonicTime = {}; | |
| GetSystemTimeAsFileTime(&monotonicTime); | |
| return (static_cast<uint64_t>(monotonicTime.dwHighDateTime) << 32) | | |
| static_cast<uint64_t>(monotonicTime.dwLowDateTime); | |
| } | |
| // Generates a unique and hard-to-guess case-insensitive string suitable for | |
| // use in a pipe filename or a Windows object name. | |
| std::wstring GenRandom::uniqueName() { | |
| // First include enough information to avoid collisions assuming | |
| // cooperative software. This code assumes that a process won't die and | |
| // be replaced with a recycled PID within a single GetSystemTimeAsFileTime | |
| // interval. | |
| WStringBuilder sb(64); | |
| sb << GetCurrentProcessId() | |
| << L'-' << InterlockedIncrement(&g_pipeCounter) | |
| << L'-' << whexOfInt(systemTimeAsUInt64()); | |
| // It isn't clear to me how the crypto APIs would fail. It *probably* | |
| // doesn't matter that much anyway? In principle, a predictable pipe name | |
| // is subject to a local denial-of-service attack. | |
| auto random = randomHexString(16); | |
| if (!random.empty()) { | |
| sb << L'-' << random; | |
| } | |
| return sb.str_moved(); | |
| } | |