Merge pull request #141 from letsencrypt/randfail
Check for RNG failures
This commit is contained in:
James 'J.C.' Jones
commit
bef94d74f3
10
core/util.go
10
core/util.go
|
|
@ -18,7 +18,9 @@ import (
|
|||
"encoding/base64"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
blog "github.com/letsencrypt/boulder/log"
|
||||
"hash"
|
||||
"io"
|
||||
"math/big"
|
||||
"net/url"
|
||||
"strings"
|
||||
|
|
@ -68,9 +70,15 @@ func B64dec(x string) ([]byte, error) {
|
|||
|
||||
// Random stuff
|
||||
|
||||
// RandomString returns a randomly generated string of the requested length.
|
||||
func RandomString(byteLength int) string {
|
||||
b := make([]byte, byteLength)
|
||||
_, _ = rand.Read(b) // NOTE: Ignoring errors
|
||||
_, err := io.ReadFull(rand.Reader, b)
|
||||
if err != nil {
|
||||
ohdear := "RandomString entropy failure? " + err.Error()
|
||||
logger := blog.GetAuditLogger()
|
||||
logger.EmergencyExit(ohdear)
|
||||
}
|
||||
return B64enc(b)
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -5,4 +5,32 @@
|
|||
|
||||
package core
|
||||
|
||||
import (
|
||||
"testing"
|
||||
"fmt"
|
||||
"github.com/letsencrypt/boulder/test"
|
||||
"math"
|
||||
)
|
||||
|
||||
// challenges.go
|
||||
func TestNewToken(t *testing.T) {
|
||||
token := NewToken()
|
||||
fmt.Println(token)
|
||||
tokenLength := int(math.Ceil(32 * 8 / 6.0)) // 32 bytes, b64 encoded
|
||||
test.AssertIntEquals(t,len(token),tokenLength)
|
||||
collider := map[string]bool{}
|
||||
// Test for very blatant RNG failures:
|
||||
// Try 2^20 birthdays in a 2^72 search space...
|
||||
// our naive collision probability here is 2^-32...
|
||||
for i:=0; i < 1000000; i++ {
|
||||
token = NewToken()[:12] // just sample a portion
|
||||
test.Assert(t,!collider[token],"Token collision!")
|
||||
collider[token] = true
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
func TestRandString(t *testing.T) {
|
||||
// This is covered by NewToken
|
||||
return
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ import (
|
|||
"errors"
|
||||
"fmt"
|
||||
"log/syslog"
|
||||
"os"
|
||||
"sync"
|
||||
|
||||
"github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/cactus/go-statsd-client/statsd"
|
||||
|
|
@ -171,3 +172,14 @@ func (log *AuditLogger) Notice(msg string) (err error) {
|
|||
log.Stats.Inc("Logging.Notice", 1, 1.0)
|
||||
return log.Writer.Notice(msg)
|
||||
}
|
||||
|
||||
const EMERGENCY_RETVAL = 13
|
||||
|
||||
func (log *AuditLogger) EmergencyExit(msg string) {
|
||||
// Some errors may be serious enough to trigger an immediate Boulder
|
||||
// shutdown. This function will provide the necessary housekeeping.
|
||||
// Currently, make an emergency log entry and exit; the Activity Monitor
|
||||
// should notice the Emerg level event and shut down all components.
|
||||
log.Emerg(msg)
|
||||
os.Exit(EMERGENCY_RETVAL)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -67,6 +67,13 @@ func AssertByteEquals(t *testing.T, one []byte, two []byte) {
|
|||
base64.StdEncoding.EncodeToString(two))
|
||||
}
|
||||
}
|
||||
|
||||
func AssertIntEquals(t *testing.T, one int, two int) {
|
||||
if one != two {
|
||||
t.Errorf("%s Int [%d] != [%d]", caller(), one, two)
|
||||
}
|
||||
}
|
||||
|
||||
func AssertContains(t *testing.T, haystack string, needle string) {
|
||||
if !strings.Contains(haystack, needle) {
|
||||
t.Errorf("%s String [%s] does not contain [%s]", caller(), haystack, needle)
|
||||
|
|
|
|||
Loading…
Reference in New Issue