Open gavv opened 5 months ago
Hello, @Yannise-A and I are students at Paris 8 University. We're taking an Open source development course this semester, and would like to work on this, to begin with.
@lovvik @Yannise-A you're both welcome, thank you :)
Quote from chat with clarifications:
you need to create two target directories in roc_core (not in tests, but in module itself):
- target_openssl
- target_nocsprng
in target_openssl, place secure_random.cpp with implementation that uses RAND_bytes in target_nocsprng, place secure_random.cpp with fallback implementation that uses fast_random
in SConstruct, enable either target_openssl or target_nocsprng target depending on --disable-openssl flag then scons will automatically use proper cpp file
since secure_random() is always available, and test is likely not specific to openssl, I think there is no need for target directories in tests so you can just add test_secure_random.cpp which has a test that works with any implementation
There are a few RTP/RTCP fields that are required to be populated using cryptographically secure PRNG. Currently we fill them using regular PRNG (core::fast_random), which will become a security issue when we add encryption.
We need to implement a new function
core::secure_random
:We already have OpenSSL support, so we can implement
secure_random()
using RAND module from OpenSSL.Since OpenSSL can be disabled at build time via
--disable-openssl
scons option, we should actually add two implementations:roc_core/target_openssl
- main implementation, using OpenSSLroc_core/target_nocsprng
- alternative fallback implementation that uses fast_random()Scons will automatically use target_openssl when OpenSSL is enabled, and target_nocsprng when it's disabled (this feature is already implemented in SConstruct). See here about target directories.
Then we should switch the following classes/functions from fast_random() to secure_random():
(Each one has a few calls to fast_random()).
We also should add simple tests for secure_random() similar to fast_random().