Merge pull request #25 from spark/feature/secure-random-seed

Secure random seed from Spark Cloud
particle-iot-archived · Sep 4, 2014 · 9bd5b56 · 9bd5b56
2 parents 6dd0504 + a69c03a
commit 9bd5b56
Show file tree

Hide file tree

Showing 5 changed files with 54 additions and 3 deletions.
diff --git a/Makefile b/Makefile
@@ -18,7 +18,8 @@ ssllib      = $(ssllibdir)/libtropicssl.a
 objects = src/handshake.o \
           src/coap.o \
           src/spark_protocol.o \
-          src/events.o
+          src/events.o \
+          src/functions.o
 
 testobjects = tests/ConstructorFixture.o \
               tests/TestHandshake.o \

diff --git a/src/build.mk b/src/build.mk
@@ -10,7 +10,7 @@ TARGET_SRC_PATH = src
 INCLUDE_DIRS += $(TARGET_SRC_PATH)
 
 # C source files included in this build.
-CSRC += 
+CSRC += $(TARGET_SRC_PATH)/functions.c
 
 # C++ source files included in this build.
 CPPSRC += $(TARGET_SRC_PATH)/coap.cpp

diff --git a/src/functions.c b/src/functions.c
@@ -0,0 +1,17 @@
+
+#include "functions.h"
+#include <stdlib.h>
+
+/**
+ * Handle the cryptographically secure random seed from the cloud by using
+ * it to seed the stdlib PRNG. 
+ * @param seed  A random value from a cryptographically secure random number generator.
+ * 
+ * This function has weak linkage, so that user code may re-define this function and
+ * handle the random number in some other way. For example, to combine with local
+ * entropy sources.
+ */
+__attribute__((weak)) void random_seed_from_cloud(unsigned int seed){
+    srand(seed);
+}
+
diff --git a/src/functions.h b/src/functions.h
@@ -0,0 +1,28 @@
+/* 
+ * File:   functions.h
+ * Author: mat
+ *
+ * Created on 04 September 2014, 00:10
+ */
+
+#ifndef FUNCTIONS_H
+#define	FUNCTIONS_H
+
+#ifdef	__cplusplus
+extern "C" {
+#endif
+
+/**
+ * Handle the cryptographically secure random seed from the cloud.
+ * @param seed  A random value. This is typically used to seed a pseudo-random generator. 
+ */
+extern void random_seed_from_cloud(unsigned int seed);
+
+
+
+#ifdef	__cplusplus
+}
+#endif
+
+#endif	/* FUNCTIONS_H */
+
diff --git a/src/spark_protocol.cpp b/src/spark_protocol.cpp
@@ -24,6 +24,7 @@
   */
 #include "spark_protocol.h"
 #include "handshake.h"
+#include "functions.h"
 #include <string.h>
 #include <stdlib.h>
 
@@ -1233,6 +1234,10 @@ int SparkProtocol::set_key(const unsigned char *signed_encrypted_credentials)
     _message_id = *(credentials + 32) << 8 | *(credentials + 33);
     _token = *(credentials + 34);
 
+    unsigned int seed;
+    memcpy(&seed, credentials + 35, 4);
+    random_seed_from_cloud(seed);
+
     return 0;
   }
   else return 2;
@@ -1265,6 +1270,6 @@ inline void SparkProtocol::coded_ack(unsigned char *buf,
   buf[4] = token;
 
   memset(buf + 5, 11, 11); // PKCS #7 padding
-
+  
   encrypt(buf, 16);
 }