| blob | 0de118cb44d4f1e418caaf853f2cb594c605739b |
1 # = Secure random number generator interface.
2 #
3 # This library is an interface for secure random number generator which is
4 # suitable for generating session key in HTTP cookies, etc.
5 #
6 # It supports following secure random number generators.
7 #
8 # * openssl
9 # * /dev/urandom
10 # * Win32
11 #
12 # == Example
13 #
14 # # random hexadecimal string.
15 # p SecureRandom.hex(10) #=> "52750b30ffbc7de3b362"
16 # p SecureRandom.hex(10) #=> "92b15d6c8dc4beb5f559"
17 # p SecureRandom.hex(11) #=> "6aca1b5c58e4863e6b81b8"
18 # p SecureRandom.hex(12) #=> "94b2fff3e7fd9b9c391a2306"
19 # p SecureRandom.hex(13) #=> "39b290146bea6ce975c37cfc23"
20 # ...
21 #
22 # # random base64 string.
23 # p SecureRandom.base64(10) #=> "EcmTPZwWRAozdA=="
24 # p SecureRandom.base64(10) #=> "9b0nsevdwNuM/w=="
25 # p SecureRandom.base64(10) #=> "KO1nIU+p9DKxGg=="
26 # p SecureRandom.base64(11) #=> "l7XEiFja+8EKEtY="
27 # p SecureRandom.base64(12) #=> "7kJSM/MzBJI+75j8"
28 # p SecureRandom.base64(13) #=> "vKLJ0tXBHqQOuIcSIg=="
29 # ...
30 #
31 # # random binary string.
32 # p SecureRandom.random_bytes(10) #=> "\016\t{\370g\310pbr\301"
33 # p SecureRandom.random_bytes(10) #=> "\323U\030TO\234\357\020\a\337"
34 # ...
36 begin
37 require 'openssl'
38 rescue LoadError
39 end
41 module SecureRandom
42 # SecureRandom.random_bytes generates a random binary string.
43 #
44 # The argument n specifies the length of the result string.
45 #
46 # If n is not specified, 16 is assumed.
47 # It may be larger in future.
48 #
49 # If secure random number generator is not available,
50 # NotImplementedError is raised.
51 def self.random_bytes(n=nil)
52 n ||= 16
54 if defined? OpenSSL::Random
55 return OpenSSL::Random.random_bytes(n)
56 end
58 if !defined?(@has_urandom) || @has_urandom
59 flags = File::RDONLY
60 flags |= File::NONBLOCK if defined? File::NONBLOCK
61 flags |= File::NOCTTY if defined? File::NOCTTY
62 flags |= File::NOFOLLOW if defined? File::NOFOLLOW
63 begin
64 File.open("/dev/urandom", flags) {|f|
65 unless f.stat.chardev?
66 raise Errno::ENOENT
67 end
68 @has_urandom = true
69 ret = f.readpartial(n)
70 if ret.length != n
71 raise NotImplementedError, "Unexpected partial read from random device"
72 end
73 return ret
74 }
75 rescue Errno::ENOENT
76 @has_urandom = false
77 end
78 end
80 if !defined?(@has_win32)
81 begin
82 require 'Win32API'
84 crypt_acquire_context = Win32API.new("advapi32", "CryptAcquireContext", 'PPPII', 'L')
85 @crypt_gen_random = Win32API.new("advapi32", "CryptGenRandom", 'LIP', 'L')
87 hProvStr = " " * 4
88 prov_rsa_full = 1
89 crypt_verifycontext = 0xF0000000
91 if crypt_acquire_context.call(hProvStr, nil, nil, prov_rsa_full, crypt_verifycontext) == 0
92 raise SystemCallError, "CryptAcquireContext failed: #{lastWin32ErrorMessage}"
93 end
94 @hProv, = hProvStr.unpack('L')
96 @has_win32 = true
97 rescue LoadError
98 @has_win32 = false
99 end
100 end
101 if @has_win32
102 bytes = " " * n
103 if @crypt_gen_random.call(@hProv, bytes.size, bytes) == 0
104 raise SystemCallError, "CryptGenRandom failed: #{lastWin32ErrorMessage}"
105 end
106 return bytes
107 end
109 raise NotImplementedError, "No random device"
110 end
112 # SecureRandom.hex generates a random hex string.
113 #
114 # The argument n specifies the length of the random length.
115 # The length of the result string is twice of n.
116 #
117 # If n is not specified, 16 is assumed.
118 # It may be larger in future.
119 #
120 # If secure random number generator is not available,
121 # NotImplementedError is raised.
122 def self.hex(n=nil)
123 random_bytes(n).unpack("H*")[0]
124 end
126 # SecureRandom.base64 generates a random base64 string.
127 #
128 # The argument n specifies the length of the random length.
129 # The length of the result string is about 4/3 of n.
130 #
131 # If n is not specified, 16 is assumed.
132 # It may be larger in future.
133 #
134 # If secure random number generator is not available,
135 # NotImplementedError is raised.
136 def self.base64(n=nil)
137 [random_bytes(n)].pack("m*").delete("\n")
138 end
140 # SecureRandom.random_number generates a random number.
141 #
142 # If an positive integer is given as n,
143 # SecureRandom.random_number returns an integer:
144 # 0 <= SecureRandom.random_number(n) < n.
145 #
146 # If 0 is given or an argument is not given,
147 # SecureRandom.random_number returns an float:
148 # 0.0 <= SecureRandom.random_number() < 1.0.
149 def self.random_number(n=0)
150 if 0 < n
151 hex = n.to_s(16)
152 hex = '0' + hex if (hex.length & 1) == 1
153 bin = [hex].pack("H*")
154 mask = bin[0].ord
155 mask |= mask >> 1
156 mask |= mask >> 2
157 mask |= mask >> 4
158 begin
159 rnd = SecureRandom.random_bytes(bin.length)
160 rnd[0] = (rnd[0].ord & mask).chr
161 end until rnd < bin
162 rnd.unpack("H*")[0].hex
163 else
164 # assumption: Float::MANT_DIG <= 64
165 i64 = SecureRandom.random_bytes(8).unpack("Q")[0]
166 Math.ldexp(i64 >> (64-Float::MANT_DIG), -Float::MANT_DIG)
167 end
168 end
170 # Following code is based on David Garamond's GUID library for Ruby.
171 def self.lastWin32ErrorMessage # :nodoc:
172 get_last_error = Win32API.new("kernel32", "GetLastError", '', 'L')
173 format_message = Win32API.new("kernel32", "FormatMessageA", 'LPLLPLPPPPPPPP', 'L')
174 format_message_ignore_inserts = 0x00000200
175 format_message_from_system = 0x00001000
177 code = get_last_error.call
178 msg = "\0" * 1024
179 len = format_message.call(format_message_ignore_inserts + format_message_from_system, 0, code, 0, msg, 1024, nil, nil, nil, nil, nil, nil, nil, nil)
180 msg[0, len].tr("\r", '').chomp
181 end
182 end