Linux random numbers may not fill array completely

whyoleg / cryptography-kotlin

Kotlin Multiplatform cryptography / crypto library

https://whyoleg.github.io/cryptography-kotlin/

Apache License 2.0

344 stars 20 forks source link

Linux random numbers may not fill array completely #2

Closed 05nelsonm closed 1 year ago

05nelsonm commented 1 year ago

Current Linux implementation for PlatformRandom only checks for an error, but does not check if the number returned (the number of bytes retrieved from /dev/urandom) filled the ByteArray completely.

See fillCompletely

And fillCompletelyUsage

for pointers

whyoleg commented 1 year ago

Thanks!

Will fix it Do you have any idea on how to properly test it?

05nelsonm commented 1 year ago

Do you have any idea on how to properly test it?

I just tested the fillCompletely extension function HERE and of course the actual implementation to ensure the ByteArray was actually filled with non-empty values within a certain threshold (b/c some indices will still remain empty) HERE. AFAIK, there's no real good way to get the result to return a specific value that would make the reading of /dev/urandom testable.

whyoleg commented 1 year ago

fixed in https://github.com/whyoleg/cryptography-kotlin/commit/3e6e004ea0f9ab5c1f2f052e88dd4111ee5c5bd7

Real stress test was added in https://github.com/whyoleg/cryptography-kotlin/commit/6d596b5951bacbe80eb9bd7aa0a0fe830b5ac406

Thx for findings!