add JSON and crypto APIs with sandbox protection (milestone 6 complete)

2026-01-18 14:44:51 +01:00
parent a4ecb0f132
commit be663282d7
8 changed files with 1469 additions and 2 deletions
--- a/src/main/cpp/sandbox/crypto_api.h
+++ b/src/main/cpp/sandbox/crypto_api.h
@@ -0,0 +1,52 @@
+#pragma once
+
+#include <string>
+#include <cstdint>
+#include <random>
+#include <mutex>
+
+struct lua_State;
+
+namespace mosis {
+
+// Per-app cryptographically secure RNG
+class SecureRandom {
+public:
+    SecureRandom();
+
+    // Get random bytes as binary string
+    std::string GetBytes(size_t count);
+
+    // Get random integer in range [min, max]
+    int64_t GetInt(int64_t min, int64_t max);
+
+    // Get random double in range [0.0, 1.0)
+    double GetDouble();
+
+private:
+    std::random_device m_rd;
+    std::mt19937_64 m_gen;
+    std::mutex m_mutex;
+};
+
+// Hash algorithms supported
+enum class HashAlgorithm {
+    SHA256,
+    SHA512,
+    SHA1,
+    MD5
+};
+
+// Compute hash of data
+std::string ComputeHash(HashAlgorithm algo, const std::string& data);
+
+// Compute HMAC of data with key
+std::string ComputeHMAC(HashAlgorithm algo, const std::string& key, const std::string& data);
+
+// Register crypto.* APIs as globals
+void RegisterCryptoAPI(lua_State* L);
+
+// Register secure math.random replacement (removes math.randomseed)
+void RegisterSecureMathRandom(lua_State* L, SecureRandom* rng);
+
+} // namespace mosis