Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add an insecure interface. #29

Merged
merged 1 commit into from
May 10, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 39 additions & 2 deletions example-world.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,8 @@
<li>Imports:
<ul>
<li>interface <a href="#random"><code>random</code></a></li>
<li>interface <a href="#insecure"><code>insecure</code></a></li>
<li>interface <a href="#insecure_seed"><code>insecure-seed</code></a></li>
</ul>
</li>
</ul>
Expand Down Expand Up @@ -37,7 +39,42 @@ deterministic data.</p>
<ul>
<li><a name="get_random_u64.0"></a> <code>u64</code></li>
</ul>
<h4><a name="insecure_random"><code>insecure-random: func</code></a></h4>
<h2><a name="insecure">Import interface insecure</a></h2>
<p>The insecure interface for insecure pseudo-random numbers.</p>
<p>It is intended to be portable at least between Unix-family platforms and
Windows.</p>
<hr />
<h3>Functions</h3>
<h4><a name="get_insecure_random_bytes"><code>get-insecure-random-bytes: func</code></a></h4>
<p>Return <code>len</code> insecure pseudo-random bytes.</p>
<p>This function is not cryptographically secure. Do not use it for
anything related to security.</p>
<p>There are no requirements on the values of the returned bytes, however
implementations are encouraged to return evenly distributed values with
a long period.</p>
<h5>Params</h5>
<ul>
<li><a name="get_insecure_random_bytes.len"><code>len</code></a>: <code>u64</code></li>
</ul>
<h5>Return values</h5>
<ul>
<li><a name="get_insecure_random_bytes.0"></a> list&lt;<code>u8</code>&gt;</li>
</ul>
<h4><a name="get_insecure_random_u64"><code>get-insecure-random-u64: func</code></a></h4>
<p>Return an insecure pseudo-random <code>u64</code> value.</p>
<p>This function returns the same type of pseudo-random data as
<a href="#get_insecure_random_bytes"><code>get-insecure-random-bytes</code></a>, represented as a <code>u64</code>.</p>
<h5>Return values</h5>
<ul>
<li><a name="get_insecure_random_u64.0"></a> <code>u64</code></li>
</ul>
<h2><a name="insecure_seed">Import interface insecure-seed</a></h2>
<p>The insecure-seed interface for seeding hash-map DoS resistance.</p>
<p>It is intended to be portable at least between Unix-family platforms and
Windows.</p>
<hr />
<h3>Functions</h3>
<h4><a name="insecure_seed"><code>insecure-seed: func</code></a></h4>
<p>Return a 128-bit value that may contain a pseudo-random value.</p>
<p>The returned value is not required to be computed from a CSPRNG, and may
even be entirely deterministic. Host implementations are encouraged to
Expand All @@ -53,5 +90,5 @@ called multiple times and potentially used for purposes other than DoS
protection.</p>
<h5>Return values</h5>
<ul>
<li><a name="insecure_random.0"></a> (<code>u64</code>, <code>u64</code>)</li>
<li><a name="insecure_seed.0"></a> (<code>u64</code>, <code>u64</code>)</li>
</ul>
24 changes: 24 additions & 0 deletions wit/insecure-seed.wit
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
/// The insecure-seed interface for seeding hash-map DoS resistance.
///
/// It is intended to be portable at least between Unix-family platforms and
/// Windows.
default interface insecure-seed {
/// Return a 128-bit value that may contain a pseudo-random value.
///
/// The returned value is not required to be computed from a CSPRNG, and may
/// even be entirely deterministic. Host implementations are encouraged to
/// provide pseudo-random values to any program exposed to
/// attacker-controlled content, to enable DoS protection built into many
/// languages' hash-map implementations.
///
/// This function is intended to only be called once, by a source language
/// to initialize Denial Of Service (DoS) protection in its hash-map
/// implementation.
///
/// # Expected future evolution
///
/// This will likely be changed to a value import, to prevent it from being
/// called multiple times and potentially used for purposes other than DoS
/// protection.
insecure-seed: func() -> tuple<u64, u64>
}
21 changes: 21 additions & 0 deletions wit/insecure.wit
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
/// The insecure interface for insecure pseudo-random numbers.
///
/// It is intended to be portable at least between Unix-family platforms and
/// Windows.
default interface insecure {
/// Return `len` insecure pseudo-random bytes.
///
/// This function is not cryptographically secure. Do not use it for
/// anything related to security.
///
/// There are no requirements on the values of the returned bytes, however
/// implementations are encouraged to return evenly distributed values with
/// a long period.
get-insecure-random-bytes: func(len: u64) -> list<u8>

/// Return an insecure pseudo-random `u64` value.
///
/// This function returns the same type of pseudo-random data as
/// `get-insecure-random-bytes`, represented as a `u64`.
get-insecure-random-u64: func() -> u64
}
19 changes: 0 additions & 19 deletions wit/random.wit
Original file line number Diff line number Diff line change
Expand Up @@ -20,23 +20,4 @@ default interface random {
/// This function returns the same type of pseudo-random data as
/// `get-random-bytes`, represented as a `u64`.
get-random-u64: func() -> u64

/// Return a 128-bit value that may contain a pseudo-random value.
///
/// The returned value is not required to be computed from a CSPRNG, and may
/// even be entirely deterministic. Host implementations are encouraged to
/// provide pseudo-random values to any program exposed to
/// attacker-controlled content, to enable DoS protection built into many
/// languages' hash-map implementations.
///
/// This function is intended to only be called once, by a source language
/// to initialize Denial Of Service (DoS) protection in its hash-map
/// implementation.
///
/// # Expected future evolution
///
/// This will likely be changed to a value import, to prevent it from being
/// called multiple times and potentially used for purposes other than DoS
/// protection.
insecure-random: func() -> tuple<u64, u64>
}
2 changes: 2 additions & 0 deletions wit/world.wit
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
default world example-world {
import random: pkg.random
import insecure: pkg.insecure
import insecure-seed: pkg.insecure-seed
}