From 6b5634b96aa90ab2db7357b353fc8f96ad4878c5 Mon Sep 17 00:00:00 2001 From: Fabio Alessandrelli Date: Mon, 7 Feb 2022 17:33:55 +0100 Subject: [PATCH 1/4] [OS/Crypto] Add get_entropy to OS. Implemented via `BCryptGenRandom` on Windows. Implemented via `getentropy` syscall when available. Implemented via `/dev/urandom` device as a fallback. The `/dev/urandom` fallback can be disabled via the `NO_URANDOM` build flag. Note: The HTML5 version relies on emscripten file system urandom device which itself uses the Crypto API when available or the plain old not crypto-safe `Math.random()` otherwise. Restore get_entropy. --- core/os/os.h | 2 ++ drivers/unix/os_unix.cpp | 40 +++++++++++++++++++++++++++++++++ drivers/unix/os_unix.h | 11 +-------- platform/windows/os_windows.cpp | 7 ++++++ platform/windows/os_windows.h | 2 ++ 5 files changed, 52 insertions(+), 10 deletions(-) diff --git a/core/os/os.h b/core/os/os.h index d3d2a868fa6..188900a0705 100644 --- a/core/os/os.h +++ b/core/os/os.h @@ -132,6 +132,8 @@ public: virtual String get_stdin_string(bool p_block = true) = 0; + virtual Error get_entropy(uint8_t *r_buffer, int p_bytes) = 0; // Should return cryptographically-safe random bytes. + virtual PackedStringArray get_connected_midi_inputs(); virtual void open_midi_inputs(); virtual void close_midi_inputs(); diff --git a/drivers/unix/os_unix.cpp b/drivers/unix/os_unix.cpp index 00f84eba8ce..7d579267575 100644 --- a/drivers/unix/os_unix.cpp +++ b/drivers/unix/os_unix.cpp @@ -65,6 +65,21 @@ #include #include +#if defined(OSX_ENABLED) || (defined(__ANDROID_API__) && __ANDROID_API__ >= 28) +// Random location for getentropy. Fitting. +#include +#define UNIX_GET_ENTROPY +#elif defined(__FreeBSD__) || defined(__OpenBSD__) || (defined(__GLIBC_MINOR__) && (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 26)) +// In . +// One day... (defined(_XOPEN_SOURCE) && _XOPEN_SOURCE >= 700) +// https://publications.opengroup.org/standards/unix/c211 +#define UNIX_GET_ENTROPY +#endif + +#if !defined(UNIX_GET_ENTROPY) && !defined(NO_URANDOM) +#include +#endif + /// Clock Setup function (used by get_ticks_usec) static uint64_t _clock_start = 0; #if defined(__APPLE__) @@ -150,6 +165,31 @@ String OS_Unix::get_stdin_string(bool p_block) { return ""; } +Error OS_Unix::get_entropy(uint8_t *r_buffer, int p_bytes) { +#if defined(UNIX_GET_ENTROPY) + int left = p_bytes; + int ofs = 0; + do { + int chunk = MIN(left, 256); + ERR_FAIL_COND_V(getentropy(r_buffer + ofs, chunk), FAILED); + left -= chunk; + ofs += chunk; + } while (left > 0); +#elif !defined(NO_URANDOM) + int r = open("/dev/urandom", O_RDONLY); + ERR_FAIL_COND_V(r < 0, FAILED); + int left = p_bytes; + do { + ssize_t ret = read(r, r_buffer, p_bytes); + ERR_FAIL_COND_V(ret <= 0, FAILED); + left -= ret; + } while (left > 0); +#else + return ERR_UNAVAILABLE; +#endif + return OK; +} + String OS_Unix::get_name() const { return "Unix"; } diff --git a/drivers/unix/os_unix.h b/drivers/unix/os_unix.h index 3f0e8a171c3..460ba4b9e10 100644 --- a/drivers/unix/os_unix.h +++ b/drivers/unix/os_unix.h @@ -43,7 +43,6 @@ protected: virtual void initialize_core(); virtual int unix_initialize_audio(int p_audio_driver); - //virtual Error initialize(int p_video_driver,int p_audio_driver); virtual void finalize_core() override; @@ -54,15 +53,7 @@ public: virtual String get_stdin_string(bool p_block) override; - //virtual void set_mouse_show(bool p_show); - //virtual void set_mouse_grab(bool p_grab); - //virtual bool is_mouse_grab_enabled() const = 0; - //virtual void get_mouse_position(int &x, int &y) const; - //virtual void set_window_title(const String& p_title); - - //virtual void set_video_mode(const VideoMode& p_video_mode); - //virtual VideoMode get_video_mode() const; - //virtual void get_fullscreen_mode_list(List *p_list) const; + virtual Error get_entropy(uint8_t *r_buffer, int p_bytes) override; // Should return cryptographycally-safe random bytes. virtual Error open_dynamic_library(const String p_path, void *&p_library_handle, bool p_also_set_library_path = false) override; virtual Error close_dynamic_library(void *p_library_handle) override; diff --git a/platform/windows/os_windows.cpp b/platform/windows/os_windows.cpp index d8445310710..59f55b5dd2e 100644 --- a/platform/windows/os_windows.cpp +++ b/platform/windows/os_windows.cpp @@ -46,6 +46,7 @@ #include "windows_terminal_logger.h" #include +#include #include #include #include @@ -192,6 +193,12 @@ void OS_Windows::finalize_core() { NetSocketPosix::cleanup(); } +Error OS_Windows::get_entropy(uint8_t *r_buffer, int p_bytes) { + NTSTATUS status = BCryptGenRandom(nullptr, r_buffer, p_bytes, BCRYPT_USE_SYSTEM_PREFERRED_RNG); + ERR_FAIL_COND_V(status, FAILED); + return OK; +} + Error OS_Windows::open_dynamic_library(const String p_path, void *&p_library_handle, bool p_also_set_library_path) { String path = p_path.replace("/", "\\"); diff --git a/platform/windows/os_windows.h b/platform/windows/os_windows.h index 0a11416b1be..bde663a27be 100644 --- a/platform/windows/os_windows.h +++ b/platform/windows/os_windows.h @@ -106,6 +106,8 @@ protected: public: virtual void alert(const String &p_alert, const String &p_title = "ALERT!") override; + virtual Error get_entropy(uint8_t *r_buffer, int p_bytes) override; + virtual Error open_dynamic_library(const String p_path, void *&p_library_handle, bool p_also_set_library_path = false) override; virtual Error close_dynamic_library(void *p_library_handle) override; virtual Error get_dynamic_library_symbol_handle(void *p_library_handle, const String p_name, void *&p_symbol_handle, bool p_optional = false) override; From ee7b67e13538bf67a1613650986d4520281808df Mon Sep 17 00:00:00 2001 From: Fabio Alessandrelli Date: Tue, 8 Feb 2022 10:34:43 +0100 Subject: [PATCH 2/4] [Crypto] Implement CryptoCore::RandomGenerator. As a cryptographically secure random generator. Internally it uses mbedTLS CTR-DRBG implementation which gets re-seeded with entropy from OS::get_entropy when needed. CryptoCore now additionally depends on `ctr_drbg.c` and `entropy.c` thirdparty mbedtls files. --- core/crypto/SCsub | 2 + core/crypto/crypto_core.cpp | 43 +++++++++++++++++++ core/crypto/crypto_core.h | 23 ++++++++-- .../include/godot_core_mbedtls_config.h | 5 +++ 4 files changed, 69 insertions(+), 4 deletions(-) diff --git a/core/crypto/SCsub b/core/crypto/SCsub index 1fe2fa5b238..9b7953fdc5f 100644 --- a/core/crypto/SCsub +++ b/core/crypto/SCsub @@ -31,6 +31,8 @@ if not has_module: "aes.c", "base64.c", "constant_time.c", + "ctr_drbg.c", + "entropy.c", "md5.c", "sha1.c", "sha256.c", diff --git a/core/crypto/crypto_core.cpp b/core/crypto/crypto_core.cpp index 9f000c5aebd..3cf7b6c3109 100644 --- a/core/crypto/crypto_core.cpp +++ b/core/crypto/crypto_core.cpp @@ -30,12 +30,55 @@ #include "crypto_core.h" +#include "core/os/os.h" + #include #include +#include +#include #include #include #include +// RandomGenerator +CryptoCore::RandomGenerator::RandomGenerator() { + entropy = memalloc(sizeof(mbedtls_entropy_context)); + mbedtls_entropy_init((mbedtls_entropy_context *)entropy); + mbedtls_entropy_add_source((mbedtls_entropy_context *)entropy, &CryptoCore::RandomGenerator::_entropy_poll, nullptr, 256, MBEDTLS_ENTROPY_SOURCE_STRONG); + ctx = memalloc(sizeof(mbedtls_ctr_drbg_context)); + mbedtls_ctr_drbg_init((mbedtls_ctr_drbg_context *)ctx); +} + +CryptoCore::RandomGenerator::~RandomGenerator() { + mbedtls_ctr_drbg_free((mbedtls_ctr_drbg_context *)ctx); + memfree(ctx); + mbedtls_entropy_free((mbedtls_entropy_context *)entropy); + memfree(entropy); +} + +int CryptoCore::RandomGenerator::_entropy_poll(void *p_data, unsigned char *r_buffer, size_t p_len, size_t *r_len) { + *r_len = 0; + Error err = OS::get_singleton()->get_entropy(r_buffer, p_len); + ERR_FAIL_COND_V(err, MBEDTLS_ERR_ENTROPY_SOURCE_FAILED); + *r_len = p_len; + return 0; +} + +Error CryptoCore::RandomGenerator::init() { + int ret = mbedtls_ctr_drbg_seed((mbedtls_ctr_drbg_context *)ctx, mbedtls_entropy_func, (mbedtls_entropy_context *)entropy, nullptr, 0); + if (ret) { + ERR_FAIL_COND_V_MSG(ret, FAILED, " failed\n ! mbedtls_ctr_drbg_seed returned an error" + itos(ret)); + } + return OK; +} + +Error CryptoCore::RandomGenerator::get_random_bytes(uint8_t *r_buffer, size_t p_bytes) { + ERR_FAIL_COND_V(!ctx, ERR_UNCONFIGURED); + int ret = mbedtls_ctr_drbg_random((mbedtls_ctr_drbg_context *)ctx, r_buffer, p_bytes); + ERR_FAIL_COND_V_MSG(ret, FAILED, " failed\n ! mbedtls_ctr_drbg_seed returned an error" + itos(ret)); + return OK; +} + // MD5 CryptoCore::MD5Context::MD5Context() { ctx = memalloc(sizeof(mbedtls_md5_context)); diff --git a/core/crypto/crypto_core.h b/core/crypto/crypto_core.h index 355f4a2404b..eacef268cca 100644 --- a/core/crypto/crypto_core.h +++ b/core/crypto/crypto_core.h @@ -35,9 +35,24 @@ class CryptoCore { public: + class RandomGenerator { + private: + void *entropy = nullptr; + void *ctx = nullptr; + + static int _entropy_poll(void *p_data, unsigned char *r_buffer, size_t p_len, size_t *r_len); + + public: + RandomGenerator(); + ~RandomGenerator(); + + Error init(); + Error get_random_bytes(uint8_t *r_buffer, size_t p_bytes); + }; + class MD5Context { private: - void *ctx = nullptr; // To include, or not to include... + void *ctx = nullptr; public: MD5Context(); @@ -50,7 +65,7 @@ public: class SHA1Context { private: - void *ctx = nullptr; // To include, or not to include... + void *ctx = nullptr; public: SHA1Context(); @@ -63,7 +78,7 @@ public: class SHA256Context { private: - void *ctx = nullptr; // To include, or not to include... + void *ctx = nullptr; public: SHA256Context(); @@ -76,7 +91,7 @@ public: class AESContext { private: - void *ctx = nullptr; // To include, or not to include... + void *ctx = nullptr; public: AESContext(); diff --git a/thirdparty/mbedtls/include/godot_core_mbedtls_config.h b/thirdparty/mbedtls/include/godot_core_mbedtls_config.h index 0e90a988863..9e7b2742a7b 100644 --- a/thirdparty/mbedtls/include/godot_core_mbedtls_config.h +++ b/thirdparty/mbedtls/include/godot_core_mbedtls_config.h @@ -7,7 +7,12 @@ #define MBEDTLS_AES_C #define MBEDTLS_BASE64_C +#define MBEDTLS_CTR_DRBG_C +#define MBEDTLS_ENTROPY_C #define MBEDTLS_MD5_C #define MBEDTLS_SHA1_C #define MBEDTLS_SHA256_C #define MBEDTLS_PLATFORM_ZEROIZE_ALT +#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES + +#include From f72bd670685d00993d34d14f5818f5f8f05d7340 Mon Sep 17 00:00:00 2001 From: Fabio Alessandrelli Date: Mon, 7 Feb 2022 18:42:46 +0100 Subject: [PATCH 3/4] [ResourceUID] Use CryptoCore::RandomGenerator for IDs. --- core/io/resource_uid.cpp | 23 ++++++++++------------- core/io/resource_uid.h | 5 ++--- doc/classes/ResourceUID.xml | 2 +- 3 files changed, 13 insertions(+), 17 deletions(-) diff --git a/core/io/resource_uid.cpp b/core/io/resource_uid.cpp index 776756e64e5..d0335bed3ae 100644 --- a/core/io/resource_uid.cpp +++ b/core/io/resource_uid.cpp @@ -31,7 +31,7 @@ #include "resource_uid.h" #include "core/config/project_settings.h" -#include "core/crypto/crypto.h" +#include "core/crypto/crypto_core.h" #include "core/io/dir_access.h" #include "core/io/file_access.h" @@ -82,20 +82,14 @@ ResourceUID::ID ResourceUID::text_to_id(const String &p_text) const { return ID(uid & 0x7FFFFFFFFFFFFFFF); } -ResourceUID::ID ResourceUID::create_id() const { - mutex.lock(); - if (crypto.is_null()) { - crypto = Ref(Crypto::create()); - } - mutex.unlock(); +ResourceUID::ID ResourceUID::create_id() { while (true) { - PackedByteArray bytes = crypto->generate_random_bytes(8); - ERR_FAIL_COND_V(bytes.size() != 8, INVALID_ID); - const uint64_t *ptr64 = (const uint64_t *)bytes.ptr(); - ID id = int64_t((*ptr64) & 0x7FFFFFFFFFFFFFFF); - mutex.lock(); + ID id = INVALID_ID; + MutexLock lock(mutex); + Error err = ((CryptoCore::RandomGenerator *)crypto)->get_random_bytes((uint8_t *)&id, sizeof(id)); + ERR_FAIL_COND_V(err != OK, INVALID_ID); + id &= 0x7FFFFFFFFFFFFFFF; bool exists = unique_ids.has(id); - mutex.unlock(); if (!exists) { return id; } @@ -261,6 +255,9 @@ ResourceUID *ResourceUID::singleton = nullptr; ResourceUID::ResourceUID() { ERR_FAIL_COND(singleton != nullptr); singleton = this; + crypto = memnew(CryptoCore::RandomGenerator); + ((CryptoCore::RandomGenerator *)crypto)->init(); } ResourceUID::~ResourceUID() { + memdelete((CryptoCore::RandomGenerator *)crypto); } diff --git a/core/io/resource_uid.h b/core/io/resource_uid.h index 9f2ab5245b4..1ea44b9d06e 100644 --- a/core/io/resource_uid.h +++ b/core/io/resource_uid.h @@ -35,7 +35,6 @@ #include "core/string/string_name.h" #include "core/templates/ordered_hash_map.h" -class Crypto; class ResourceUID : public Object { GDCLASS(ResourceUID, Object) public: @@ -47,7 +46,7 @@ public: static String get_cache_file(); private: - mutable Ref crypto; + void *crypto; // CryptoCore::RandomGenerator (avoid including crypto_core.h) Mutex mutex; struct Cache { CharString cs; @@ -67,7 +66,7 @@ public: String id_to_text(ID p_id) const; ID text_to_id(const String &p_text) const; - ID create_id() const; + ID create_id(); bool has_id(ID p_id) const; void add_id(ID p_id, const String &p_path); void set_id(ID p_id, const String &p_path); diff --git a/doc/classes/ResourceUID.xml b/doc/classes/ResourceUID.xml index 9e3d647ccf5..a5ceae898fa 100644 --- a/doc/classes/ResourceUID.xml +++ b/doc/classes/ResourceUID.xml @@ -14,7 +14,7 @@ - + From f4a80f9ca7dd7241d418db341aa97613bebd6b8d Mon Sep 17 00:00:00 2001 From: Fabio Alessandrelli Date: Wed, 9 Feb 2022 22:58:05 +0100 Subject: [PATCH 4/4] [OSX] Codesign exporter now uses CryptoCore RNG. --- platform/osx/export/codesign.cpp | 9 ++++++--- platform/osx/export/codesign.h | 1 - 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/platform/osx/export/codesign.cpp b/platform/osx/export/codesign.cpp index 8ea6ff519d4..8d1d1471965 100644 --- a/platform/osx/export/codesign.cpp +++ b/platform/osx/export/codesign.cpp @@ -1359,9 +1359,12 @@ Error CodeSign::_codesign_file(bool p_use_hardened_runtime, bool p_force, const // Generate common signature structures. if (id.is_empty()) { - Ref crypto = Ref(Crypto::create()); - PackedByteArray uuid = crypto->generate_random_bytes(16); - id = (String("a-55554944") /*a-UUID*/ + String::hex_encode_buffer(uuid.ptr(), 16)); + CryptoCore::RandomGenerator rng; + ERR_FAIL_COND_V_MSG(rng.init(), FAILED, "Failed to initialize random number generator."); + uint8_t uuid[16]; + Error err = rng.get_random_bytes(uuid, 16); + ERR_FAIL_COND_V_MSG(err, err, "Failed to generate UUID."); + id = (String("a-55554944") /*a-UUID*/ + String::hex_encode_buffer(uuid, 16)); } CharString uuid_str = id.utf8(); print_verbose(vformat("CodeSign: Used bundle ID: %s", id)); diff --git a/platform/osx/export/codesign.h b/platform/osx/export/codesign.h index 927df79281f..e5e9be5c285 100644 --- a/platform/osx/export/codesign.h +++ b/platform/osx/export/codesign.h @@ -41,7 +41,6 @@ #ifndef CODESIGN_H #define CODESIGN_H -#include "core/crypto/crypto.h" #include "core/crypto/crypto_core.h" #include "core/io/dir_access.h" #include "core/io/file_access.h"