From 4ad146871a4c8269e626ab342fdcefb364af3a00 Mon Sep 17 00:00:00 2001
From: Ben Adida <ben@adida.net>
Date: Sat, 3 Dec 2011 15:14:31 -0800
Subject: [PATCH] added random seeding from the server, in addition to whatever
 the client can do

---
 helios/election_urls.py |  3 +++
 helios/views.py         | 12 +++++++++++-
 heliosbooth/vote.html   | 13 +++++++++++--
 3 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/helios/election_urls.py b/helios/election_urls.py
index 31760a5..323c2b0 100644
--- a/helios/election_urls.py
+++ b/helios/election_urls.py
@@ -42,6 +42,9 @@ urlpatterns = patterns('',
     # (r'^/bboard$', one_election_bboard),
     (r'^/audited-ballots/$', one_election_audited_ballots),
 
+    # get randomness
+    (r'^/get-randomness$', get_randomness),
+
     # server-side encryption
     (r'^/encrypt-ballot$', encrypt_ballot),
 
diff --git a/helios/views.py b/helios/views.py
index 3269137..166517d 100644
--- a/helios/views.py
+++ b/helios/views.py
@@ -13,7 +13,7 @@ from django.db import transaction
 
 from mimetypes import guess_type
 
-import csv, urllib
+import csv, urllib, os, base64
 
 from crypto import algs, electionalgs, elgamal
 from crypto import utils as cryptoutils
@@ -507,6 +507,16 @@ def trustee_upload_pk(request, election, trustee):
 ## Ballot Management
 ##
 
+@json
+@election_view(frozen=True)
+def get_randomness(request, election):
+  """
+  get some randomness to sprinkle into the sjcl entropy pool
+  """
+  return {
+    "randomness" : base64.b64encode(os.urandom(32))
+    }
+
 @json
 @election_view(frozen=True)
 def encrypt_ballot(request, election):
diff --git a/heliosbooth/vote.html b/heliosbooth/vote.html
index 1273b2d..44b9674 100644
--- a/heliosbooth/vote.html
+++ b/heliosbooth/vote.html
@@ -321,7 +321,15 @@ BOOTH.load_and_setup_election = function(election_url) {
         BOOTH.setup_election(raw_json);
         BOOTH.show_election();
         BOOTH.election_url = election_url;
-    });    
+    });
+
+    
+    if (USE_SJCL) {
+      // get more randomness from server
+      $.getJSON(election_url + "/get-randomness", {}, function(result) {
+        sjcl.random.addEntropy(result.randomness);
+      });
+    }
 };
 
 BOOTH.hide_progress = function() {
@@ -370,8 +378,9 @@ BOOTH.nojava = function() {
 BOOTH.ready_p = false;
 
 $(document).ready(function() {
-    if (USE_SJCL)
+    if (USE_SJCL) {
       sjcl.random.startCollectors();
+    }
 
     // we're asynchronous if we have SJCL and Worker
     BOOTH.synchronous = !(USE_SJCL && window.Worker);
-- 
GitLab