search

roc-streaming / roc-toolkit

Real-time audio streaming over the network.
https://roc-streaming.org
Mozilla Public License 2.0
1.02k stars 203 forks source link

Implement secure_random() function using OpenSSL #683

Open gavv opened 5 months ago

gavv commented 5 months ago

There are a few RTP/RTCP fields that are required to be populated using cryptographically secure PRNG. Currently we fill them using regular PRNG (core::fast_random), which will become a security issue when we add encryption.

We need to implement a new function core::secure_random:

ROC_ATTR_NODISCARD bool secure_random(void* buf, size_t bufsz);

We already have OpenSSL support, so we can implement secure_random() using RAND module from OpenSSL.

Since OpenSSL can be disabled at build time via --disable-openssl scons option, we should actually add two implementations:

Scons will automatically use target_openssl when OpenSSL is enabled, and target_nocsprng when it's disabled (this feature is already implemented in SConstruct). See here about target directories.

Then we should switch the following classes/functions from fast_random() to secure_random():

(Each one has a few calls to fast_random()).

We also should add simple tests for secure_random() similar to fast_random().

lovvik commented 4 months ago

Hello, @Yannise-A and I are students at Paris 8 University. We're taking an Open source development course this semester, and would like to work on this, to begin with.

gavv commented 4 months ago

@lovvik @Yannise-A you're both welcome, thank you :)

gavv commented 4 weeks ago

Quote from chat with clarifications:

you need to create two target directories in roc_core (not in tests, but in module itself):

  • target_openssl
  • target_nocsprng

in target_openssl, place secure_random.cpp with implementation that uses RAND_bytes in target_nocsprng, place secure_random.cpp with fallback implementation that uses fast_random

in SConstruct, enable either target_openssl or target_nocsprng target depending on --disable-openssl flag then scons will automatically use proper cpp file

since secure_random() is always available, and test is likely not specific to openssl, I think there is no need for target directories in tests so you can just add test_secure_random.cpp which has a test that works with any implementation