diff options
author | Gustav Simonsson <gustav.simonsson@gmail.com> | 2015-04-02 23:02:56 +0800 |
---|---|---|
committer | Gustav Simonsson <gustav.simonsson@gmail.com> | 2015-05-12 23:18:30 +0800 |
commit | 9918b6c84e2547f3d24a6cfeb97cfcbd6cb4dc98 (patch) | |
tree | 0da6e8cf6523c1d8667f0a68be648b875039806a /crypto | |
parent | 58d6ec689ff44232cd5d6a7cbbaad2d7a2cb44bd (diff) | |
download | dexon-9918b6c84e2547f3d24a6cfeb97cfcbd6cb4dc98.tar dexon-9918b6c84e2547f3d24a6cfeb97cfcbd6cb4dc98.tar.gz dexon-9918b6c84e2547f3d24a6cfeb97cfcbd6cb4dc98.tar.bz2 dexon-9918b6c84e2547f3d24a6cfeb97cfcbd6cb4dc98.tar.lz dexon-9918b6c84e2547f3d24a6cfeb97cfcbd6cb4dc98.tar.xz dexon-9918b6c84e2547f3d24a6cfeb97cfcbd6cb4dc98.tar.zst dexon-9918b6c84e2547f3d24a6cfeb97cfcbd6cb4dc98.zip |
Remove the awesome, ever misunderstood entropy mixing
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/key_store_passphrase.go | 4 | ||||
-rw-r--r-- | crypto/randentropy/rand_entropy.go | 51 | ||||
-rw-r--r-- | crypto/secp256k1/secp256.go | 4 | ||||
-rw-r--r-- | crypto/secp256k1/secp256_test.go | 20 |
4 files changed, 15 insertions, 64 deletions
diff --git a/crypto/key_store_passphrase.go b/crypto/key_store_passphrase.go index 9d36d7b03..ee383584c 100644 --- a/crypto/key_store_passphrase.go +++ b/crypto/key_store_passphrase.go @@ -118,7 +118,7 @@ func (ks keyStorePassphrase) GetKeyAddresses() (addresses [][]byte, err error) { func (ks keyStorePassphrase) StoreKey(key *Key, auth string) (err error) { authArray := []byte(auth) - salt := randentropy.GetEntropyMixed(32) + salt := randentropy.GetEntropyCSPRNG(32) derivedKey, err := scrypt.Key(authArray, salt, scryptN, scryptr, scryptp, scryptdkLen) if err != nil { return err @@ -133,7 +133,7 @@ func (ks keyStorePassphrase) StoreKey(key *Key, auth string) (err error) { return err } - iv := randentropy.GetEntropyMixed(aes.BlockSize) // 16 + iv := randentropy.GetEntropyCSPRNG(aes.BlockSize) // 16 AES256CBCEncrypter := cipher.NewCBCEncrypter(AES256Block, iv) cipherText := make([]byte, len(toEncrypt)) AES256CBCEncrypter.CryptBlocks(cipherText, toEncrypt) diff --git a/crypto/randentropy/rand_entropy.go b/crypto/randentropy/rand_entropy.go index b87fa564e..68bb8808b 100644 --- a/crypto/randentropy/rand_entropy.go +++ b/crypto/randentropy/rand_entropy.go @@ -2,12 +2,8 @@ package randentropy import ( crand "crypto/rand" - "encoding/binary" "github.com/ethereum/go-ethereum/crypto/sha3" "io" - "os" - "strings" - "time" ) var Reader io.Reader = &randEntropy{} @@ -16,7 +12,7 @@ type randEntropy struct { } func (*randEntropy) Read(bytes []byte) (n int, err error) { - readBytes := GetEntropyMixed(len(bytes)) + readBytes := GetEntropyCSPRNG(len(bytes)) copy(bytes, readBytes) return len(bytes), nil } @@ -29,40 +25,6 @@ func Sha3(data []byte) []byte { return d.Sum(nil) } -// TODO: verify. this needs to be audited -// we start with crypt/rand, then XOR in additional entropy from OS -func GetEntropyMixed(n int) []byte { - startTime := time.Now().UnixNano() - // for each source, we take SHA3 of the source and use it as seed to math/rand - // then read bytes from it and XOR them onto the bytes read from crypto/rand - mainBuff := GetEntropyCSPRNG(n) - // 1. OS entropy sources - startTimeBytes := make([]byte, 32) - binary.PutVarint(startTimeBytes, startTime) - startTimeHash := Sha3(startTimeBytes) - mixBytes(mainBuff, startTimeHash) - - pid := os.Getpid() - pidBytes := make([]byte, 32) - binary.PutUvarint(pidBytes, uint64(pid)) - pidHash := Sha3(pidBytes) - mixBytes(mainBuff, pidHash) - - osEnv := os.Environ() - osEnvBytes := []byte(strings.Join(osEnv, "")) - osEnvHash := Sha3(osEnvBytes) - mixBytes(mainBuff, osEnvHash) - - // not all OS have hostname in env variables - osHostName, err := os.Hostname() - if err != nil { - osHostNameBytes := []byte(osHostName) - osHostNameHash := Sha3(osHostNameBytes) - mixBytes(mainBuff, osHostNameHash) - } - return mainBuff -} - func GetEntropyCSPRNG(n int) []byte { mainBuff := make([]byte, n) _, err := io.ReadFull(crand.Reader, mainBuff) @@ -71,14 +33,3 @@ func GetEntropyCSPRNG(n int) []byte { } return mainBuff } - -func mixBytes(buff []byte, mixBuff []byte) []byte { - bytesToMix := len(buff) - if bytesToMix > 32 { - bytesToMix = 32 - } - for i := 0; i < bytesToMix; i++ { - buff[i] ^= mixBuff[i] - } - return buff -} diff --git a/crypto/secp256k1/secp256.go b/crypto/secp256k1/secp256.go index f8cc60e82..8ed81a1ed 100644 --- a/crypto/secp256k1/secp256.go +++ b/crypto/secp256k1/secp256.go @@ -59,7 +59,7 @@ func GenerateKeyPair() ([]byte, []byte) { const seckey_len = 32 var pubkey []byte = make([]byte, pubkey_len) - var seckey []byte = randentropy.GetEntropyMixed(seckey_len) + var seckey []byte = randentropy.GetEntropyCSPRNG(seckey_len) var pubkey_ptr *C.uchar = (*C.uchar)(unsafe.Pointer(&pubkey[0])) var seckey_ptr *C.uchar = (*C.uchar)(unsafe.Pointer(&seckey[0])) @@ -99,7 +99,7 @@ func GeneratePubKey(seckey []byte) ([]byte, error) { } func Sign(msg []byte, seckey []byte) ([]byte, error) { - nonce := randentropy.GetEntropyMixed(32) + nonce := randentropy.GetEntropyCSPRNG(32) var sig []byte = make([]byte, 65) var recid C.int diff --git a/crypto/secp256k1/secp256_test.go b/crypto/secp256k1/secp256_test.go index 3599fde38..14d260beb 100644 --- a/crypto/secp256k1/secp256_test.go +++ b/crypto/secp256k1/secp256_test.go @@ -14,7 +14,7 @@ const SigSize = 65 //64+1 func Test_Secp256_00(t *testing.T) { - var nonce []byte = randentropy.GetEntropyMixed(32) //going to get bitcoins stolen! + var nonce []byte = randentropy.GetEntropyCSPRNG(32) //going to get bitcoins stolen! if len(nonce) != 32 { t.Fatal() @@ -52,7 +52,7 @@ func Test_Secp256_01(t *testing.T) { //test size of messages func Test_Secp256_02s(t *testing.T) { pubkey, seckey := GenerateKeyPair() - msg := randentropy.GetEntropyMixed(32) + msg := randentropy.GetEntropyCSPRNG(32) sig, _ := Sign(msg, seckey) CompactSigTest(sig) if sig == nil { @@ -75,7 +75,7 @@ func Test_Secp256_02s(t *testing.T) { //test signing message func Test_Secp256_02(t *testing.T) { pubkey1, seckey := GenerateKeyPair() - msg := randentropy.GetEntropyMixed(32) + msg := randentropy.GetEntropyCSPRNG(32) sig, _ := Sign(msg, seckey) if sig == nil { t.Fatal("Signature nil") @@ -98,7 +98,7 @@ func Test_Secp256_02(t *testing.T) { //test pubkey recovery func Test_Secp256_02a(t *testing.T) { pubkey1, seckey1 := GenerateKeyPair() - msg := randentropy.GetEntropyMixed(32) + msg := randentropy.GetEntropyCSPRNG(32) sig, _ := Sign(msg, seckey1) if sig == nil { @@ -127,7 +127,7 @@ func Test_Secp256_02a(t *testing.T) { func Test_Secp256_03(t *testing.T) { _, seckey := GenerateKeyPair() for i := 0; i < TESTS; i++ { - msg := randentropy.GetEntropyMixed(32) + msg := randentropy.GetEntropyCSPRNG(32) sig, _ := Sign(msg, seckey) CompactSigTest(sig) @@ -143,7 +143,7 @@ func Test_Secp256_03(t *testing.T) { func Test_Secp256_04(t *testing.T) { for i := 0; i < TESTS; i++ { pubkey1, seckey := GenerateKeyPair() - msg := randentropy.GetEntropyMixed(32) + msg := randentropy.GetEntropyCSPRNG(32) sig, _ := Sign(msg, seckey) CompactSigTest(sig) @@ -166,7 +166,7 @@ func Test_Secp256_04(t *testing.T) { // -SIPA look at this func randSig() []byte { - sig := randentropy.GetEntropyMixed(65) + sig := randentropy.GetEntropyCSPRNG(65) sig[32] &= 0x70 sig[64] %= 4 return sig @@ -174,7 +174,7 @@ func randSig() []byte { func Test_Secp256_06a_alt0(t *testing.T) { pubkey1, seckey := GenerateKeyPair() - msg := randentropy.GetEntropyMixed(32) + msg := randentropy.GetEntropyCSPRNG(32) sig, _ := Sign(msg, seckey) if sig == nil { @@ -205,12 +205,12 @@ func Test_Secp256_06a_alt0(t *testing.T) { func Test_Secp256_06b(t *testing.T) { pubkey1, seckey := GenerateKeyPair() - msg := randentropy.GetEntropyMixed(32) + msg := randentropy.GetEntropyCSPRNG(32) sig, _ := Sign(msg, seckey) fail_count := 0 for i := 0; i < TESTS; i++ { - msg = randentropy.GetEntropyMixed(32) + msg = randentropy.GetEntropyCSPRNG(32) pubkey2, _ := RecoverPubkey(msg, sig) if bytes.Equal(pubkey1, pubkey2) == true { t.Fail() |