1 // Copyright (c) 2016 Ryan Prichard
3 // Permission is hereby granted, free of charge, to any person obtaining a copy
4 // of this software and associated documentation files (the "Software"), to
5 // deal in the Software without restriction, including without limitation the
6 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
7 // sell copies of the Software, and to permit persons to whom the Software is
8 // furnished to do so, subject to the following conditions:
10 // The above copyright notice and this permission notice shall be included in
11 // all copies or substantial portions of the Software.
13 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
14 // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
16 // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
17 // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
18 // FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
21 #include "GenRandom.h"
26 #include "DebugClient.h"
27 #include "StringBuilder.h"
29 static volatile LONG g_pipeCounter;
31 GenRandom::GenRandom() : m_advapi32(L"advapi32.dll") {
32 // First try to use the pseudo-documented RtlGenRandom function from
33 // advapi32.dll. Creating a CryptoAPI context is slow, and RtlGenRandom
34 // avoids the overhead. It's documented in this blog post[1] and on
35 // MSDN[2] with a disclaimer about future breakage. This technique is
36 // apparently built-in into the MSVC CRT, though, for the rand_s function,
37 // so perhaps it is stable enough.
39 // [1] http://blogs.msdn.com/b/michael_howard/archive/2005/01/14/353379.aspx
40 // [2] https://msdn.microsoft.com/en-us/library/windows/desktop/aa387694(v=vs.85).aspx
42 // Both RtlGenRandom and the Crypto API functions exist in XP and up.
43 m_rtlGenRandom = reinterpret_cast<RtlGenRandom_t*>(
44 m_advapi32.proc("SystemFunction036"));
45 // The OsModule class logs an error message if the proc is nullptr.
46 if (m_rtlGenRandom != nullptr) {
50 // Fall back to the crypto API.
52 CryptAcquireContext(&m_cryptProv, nullptr, nullptr,
53 PROV_RSA_FULL, CRYPT_VERIFYCONTEXT) != 0;
54 if (!m_cryptProvIsValid) {
55 trace("GenRandom: CryptAcquireContext failed: %u",
56 static_cast<unsigned>(GetLastError()));
60 GenRandom::~GenRandom() {
61 if (m_cryptProvIsValid) {
62 CryptReleaseContext(m_cryptProv, 0);
66 // Returns false if the context is invalid or the generation fails.
67 bool GenRandom::fillBuffer(void *buffer, size_t size) {
68 memset(buffer, 0, size);
70 if (m_rtlGenRandom != nullptr) {
71 success = m_rtlGenRandom(buffer, size) != 0;
73 trace("GenRandom: RtlGenRandom/SystemFunction036 failed: %u",
74 static_cast<unsigned>(GetLastError()));
76 } else if (m_cryptProvIsValid) {
78 CryptGenRandom(m_cryptProv, size,
79 reinterpret_cast<BYTE*>(buffer)) != 0;
81 trace("GenRandom: CryptGenRandom failed, size=%d, lasterror=%u",
82 static_cast<int>(size),
83 static_cast<unsigned>(GetLastError()));
89 // Returns an empty string if either of CryptAcquireContext or CryptGenRandom
91 std::string GenRandom::randomBytes(size_t numBytes) {
92 std::string ret(numBytes, '\0');
93 if (!fillBuffer(&ret[0], numBytes)) {
99 std::wstring GenRandom::randomHexString(size_t numBytes) {
100 const std::string bytes = randomBytes(numBytes);
101 std::wstring ret(bytes.size() * 2, L'\0');
102 for (size_t i = 0; i < bytes.size(); ++i) {
103 static const wchar_t hex[] = L"0123456789abcdef";
104 ret[i * 2] = hex[static_cast<uint8_t>(bytes[i]) >> 4];
105 ret[i * 2 + 1] = hex[static_cast<uint8_t>(bytes[i]) & 0xF];
110 // Returns a 64-bit value representing the number of 100-nanosecond intervals
111 // since January 1, 1601.
112 static uint64_t systemTimeAsUInt64() {
113 FILETIME monotonicTime = {};
114 GetSystemTimeAsFileTime(&monotonicTime);
115 return (static_cast<uint64_t>(monotonicTime.dwHighDateTime) << 32) |
116 static_cast<uint64_t>(monotonicTime.dwLowDateTime);
119 // Generates a unique and hard-to-guess case-insensitive string suitable for
120 // use in a pipe filename or a Windows object name.
121 std::wstring GenRandom::uniqueName() {
122 // First include enough information to avoid collisions assuming
123 // cooperative software. This code assumes that a process won't die and
124 // be replaced with a recycled PID within a single GetSystemTimeAsFileTime
126 WStringBuilder sb(64);
127 sb << GetCurrentProcessId()
128 << L'-' << InterlockedIncrement(&g_pipeCounter)
129 << L'-' << whexOfInt(systemTimeAsUInt64());
130 // It isn't clear to me how the crypto APIs would fail. It *probably*
131 // doesn't matter that much anyway? In principle, a predictable pipe name
132 // is subject to a local denial-of-service attack.
133 auto random = randomHexString(16);
134 if (!random.empty()) {
135 sb << L'-' << random;
137 return sb.str_moved();