From 4ad146871a4c8269e626ab342fdcefb364af3a00 Mon Sep 17 00:00:00 2001 From: Ben Adida <ben@adida.net> Date: Sat, 3 Dec 2011 15:14:31 -0800 Subject: [PATCH] added random seeding from the server, in addition to whatever the client can do --- helios/election_urls.py | 3 +++ helios/views.py | 12 +++++++++++- heliosbooth/vote.html | 13 +++++++++++-- 3 files changed, 25 insertions(+), 3 deletions(-) diff --git a/helios/election_urls.py b/helios/election_urls.py index 31760a5..323c2b0 100644 --- a/helios/election_urls.py +++ b/helios/election_urls.py @@ -42,6 +42,9 @@ urlpatterns = patterns('', # (r'^/bboard$', one_election_bboard), (r'^/audited-ballots/$', one_election_audited_ballots), + # get randomness + (r'^/get-randomness$', get_randomness), + # server-side encryption (r'^/encrypt-ballot$', encrypt_ballot), diff --git a/helios/views.py b/helios/views.py index 3269137..166517d 100644 --- a/helios/views.py +++ b/helios/views.py @@ -13,7 +13,7 @@ from django.db import transaction from mimetypes import guess_type -import csv, urllib +import csv, urllib, os, base64 from crypto import algs, electionalgs, elgamal from crypto import utils as cryptoutils @@ -507,6 +507,16 @@ def trustee_upload_pk(request, election, trustee): ## Ballot Management ## +@json +@election_view(frozen=True) +def get_randomness(request, election): + """ + get some randomness to sprinkle into the sjcl entropy pool + """ + return { + "randomness" : base64.b64encode(os.urandom(32)) + } + @json @election_view(frozen=True) def encrypt_ballot(request, election): diff --git a/heliosbooth/vote.html b/heliosbooth/vote.html index 1273b2d..44b9674 100644 --- a/heliosbooth/vote.html +++ b/heliosbooth/vote.html @@ -321,7 +321,15 @@ BOOTH.load_and_setup_election = function(election_url) { BOOTH.setup_election(raw_json); BOOTH.show_election(); BOOTH.election_url = election_url; - }); + }); + + + if (USE_SJCL) { + // get more randomness from server + $.getJSON(election_url + "/get-randomness", {}, function(result) { + sjcl.random.addEntropy(result.randomness); + }); + } }; BOOTH.hide_progress = function() { @@ -370,8 +378,9 @@ BOOTH.nojava = function() { BOOTH.ready_p = false; $(document).ready(function() { - if (USE_SJCL) + if (USE_SJCL) { sjcl.random.startCollectors(); + } // we're asynchronous if we have SJCL and Worker BOOTH.synchronous = !(USE_SJCL && window.Worker); -- GitLab