3 files changed, 28 insertions, 109 deletions
diff --git a/crypto/secp256k1/secp256.go b/crypto/secp256k1/secp256.go
index c01598b84..4864e8d09 100644
--- a/crypto/secp256k1/secp256.go
+++ b/crypto/secp256k1/secp256.go
@@ -16,6 +16,8 @@ import (
 	"bytes"
 	"errors"
 	"unsafe"
+
+	"github.com/ethereum/go-ethereum/crypto/randentropy"
 )
 
 //#define USE_FIELD_5X64
@@ -68,7 +70,7 @@ func GenerateKeyPair() ([]byte, []byte) {
 	const seckey_len = 32
 
 	var pubkey []byte = make([]byte, pubkey_len)
-	var seckey []byte = RandByte(seckey_len)
+	var seckey []byte = randentropy.GetEntropyMixed(seckey_len)
 
 	var pubkey_ptr *C.uchar = (*C.uchar)(unsafe.Pointer(&pubkey[0]))
 	var seckey_ptr *C.uchar = (*C.uchar)(unsafe.Pointer(&seckey[0]))
@@ -84,6 +86,10 @@ func GenerateKeyPair() ([]byte, []byte) {
 }
 
 func GeneratePubKey(seckey []byte) ([]byte, error) {
+	if err := VerifySeckeyValidity(seckey); err != nil {
+		return nil, err
+	}
+
 	pubkey_len := C.int(65)
 	const seckey_len = 32
 
@@ -124,7 +130,7 @@ int secp256k1_ecdsa_sign_compact(const unsigned char *msg, int msglen,
 */
 
 func Sign(msg []byte, seckey []byte) ([]byte, error) {
-	nonce := RandByte(32)
+	nonce := randentropy.GetEntropyMixed(32)
 
 	var sig []byte = make([]byte, 65)
 	var recid C.int
diff --git a/crypto/secp256k1/secp256_rand.go b/crypto/secp256k1/secp256_rand.go
deleted file mode 100644
index bb10025fc..000000000
--- a/crypto/secp256k1/secp256_rand.go
+++ /dev/null
@@ -1,97 +0,0 @@
-package secp256k1
-
-import (
-	crand "crypto/rand"
-	"io"
-	mrand "math/rand"
-	"os"
-	"strings"
-	"time"
-)
-
-/*
-Note:
-
-- On windows cryto/rand uses CrytoGenRandom which uses RC4 which is insecure
-- Android random number generator is known to be insecure.
-- Linux uses /dev/urandom , which is thought to be secure and uses entropy pool
-
-Therefore the output is salted.
-*/
-
-//finalizer from MurmerHash3
-func mmh3f(key uint64) uint64 {
-	key ^= key >> 33
-	key *= 0xff51afd7ed558ccd
-	key ^= key >> 33
-	key *= 0xc4ceb9fe1a85ec53
-	key ^= key >> 33
-	return key
-}
-
-//knuth hash
-func knuth_hash(in []byte) uint64 {
-	var acc uint64 = 3074457345618258791
-	for i := 0; i < len(in); i++ {
-		acc += uint64(in[i])
-		acc *= 3074457345618258799
-	}
-	return acc
-}
-
-var _rand *mrand.Rand
-
-func init() {
-	var seed1 uint64 = mmh3f(uint64(time.Now().UnixNano()))
-	var seed2 uint64 = knuth_hash([]byte(strings.Join(os.Environ(), "")))
-	var seed3 uint64 = mmh3f(uint64(os.Getpid()))
-
-	_rand = mrand.New(mrand.NewSource(int64(seed1 ^ seed2 ^ seed3)))
-}
-
-func saltByte(n int) []byte {
-	buff := make([]byte, n)
-	for i := 0; i < len(buff); i++ {
-		var v uint64 = uint64(_rand.Int63())
-		var b byte
-		for j := 0; j < 8; j++ {
-			b ^= byte(v & 0xff)
-			v = v >> 8
-		}
-		buff[i] = b
-	}
-	return buff
-}
-
-//On Unix-like systems, Reader reads from /dev/urandom.
-//On Windows systems, Reader uses the CryptGenRandom API.
-
-//use entropy pool etc and cryptographic random number generator
-//mix in time
-//mix in mix in cpu cycle count
-func RandByte(n int) []byte {
-	buff := make([]byte, n)
-	ret, err := io.ReadFull(crand.Reader, buff)
-	if len(buff) != ret || err != nil {
-		return nil
-	}
-
-	buff2 := saltByte(n)
-	for i := 0; i < n; i++ {
-		buff[i] ^= buff2[2]
-	}
-	return buff
-}
-
-/*
-	On Unix-like systems, Reader reads from /dev/urandom.
-	On Windows systems, Reader uses the CryptGenRandom API.
-*/
-func RandByteWeakCrypto(n int) []byte {
-	buff := make([]byte, n)
-	ret, err := io.ReadFull(crand.Reader, buff)
-	if len(buff) != ret || err != nil {
-		return nil
-	}
-	return buff
-}
diff --git a/crypto/secp256k1/secp256_test.go b/crypto/secp256k1/secp256_test.go
index 468c50db9..3599fde38 100644
--- a/crypto/secp256k1/secp256_test.go
+++ b/crypto/secp256k1/secp256_test.go
@@ -5,6 +5,8 @@ import (
 	"fmt"
 	"log"
 	"testing"
+
+	"github.com/ethereum/go-ethereum/crypto/randentropy"
 )
 
 const TESTS = 10000 // how many tests
@@ -12,7 +14,7 @@ const SigSize = 65  //64+1
 
 func Test_Secp256_00(t *testing.T) {
 
-	var nonce []byte = RandByte(32) //going to get bitcoins stolen!
+	var nonce []byte = randentropy.GetEntropyMixed(32) //going to get bitcoins stolen!
 
 	if len(nonce) != 32 {
 		t.Fatal()
@@ -50,7 +52,7 @@ func Test_Secp256_01(t *testing.T) {
 //test size of messages
 func Test_Secp256_02s(t *testing.T) {
 	pubkey, seckey := GenerateKeyPair()
-	msg := RandByte(32)
+	msg := randentropy.GetEntropyMixed(32)
 	sig, _ := Sign(msg, seckey)
 	CompactSigTest(sig)
 	if sig == nil {
@@ -73,7 +75,7 @@ func Test_Secp256_02s(t *testing.T) {
 //test signing message
 func Test_Secp256_02(t *testing.T) {
 	pubkey1, seckey := GenerateKeyPair()
-	msg := RandByte(32)
+	msg := randentropy.GetEntropyMixed(32)
 	sig, _ := Sign(msg, seckey)
 	if sig == nil {
 		t.Fatal("Signature nil")
@@ -96,7 +98,7 @@ func Test_Secp256_02(t *testing.T) {
 //test pubkey recovery
 func Test_Secp256_02a(t *testing.T) {
 	pubkey1, seckey1 := GenerateKeyPair()
-	msg := RandByte(32)
+	msg := randentropy.GetEntropyMixed(32)
 	sig, _ := Sign(msg, seckey1)
 
 	if sig == nil {
@@ -125,7 +127,7 @@ func Test_Secp256_02a(t *testing.T) {
 func Test_Secp256_03(t *testing.T) {
 	_, seckey := GenerateKeyPair()
 	for i := 0; i < TESTS; i++ {
-		msg := RandByte(32)
+		msg := randentropy.GetEntropyMixed(32)
 		sig, _ := Sign(msg, seckey)
 		CompactSigTest(sig)
 
@@ -141,7 +143,7 @@ func Test_Secp256_03(t *testing.T) {
 func Test_Secp256_04(t *testing.T) {
 	for i := 0; i < TESTS; i++ {
 		pubkey1, seckey := GenerateKeyPair()
-		msg := RandByte(32)
+		msg := randentropy.GetEntropyMixed(32)
 		sig, _ := Sign(msg, seckey)
 		CompactSigTest(sig)
 
@@ -164,7 +166,7 @@ func Test_Secp256_04(t *testing.T) {
 //	-SIPA look at this
 
 func randSig() []byte {
-	sig := RandByte(65)
+	sig := randentropy.GetEntropyMixed(65)
 	sig[32] &= 0x70
 	sig[64] %= 4
 	return sig
@@ -172,7 +174,7 @@ func randSig() []byte {
 
 func Test_Secp256_06a_alt0(t *testing.T) {
 	pubkey1, seckey := GenerateKeyPair()
-	msg := RandByte(32)
+	msg := randentropy.GetEntropyMixed(32)
 	sig, _ := Sign(msg, seckey)
 
 	if sig == nil {
@@ -203,12 +205,12 @@ func Test_Secp256_06a_alt0(t *testing.T) {
 
 func Test_Secp256_06b(t *testing.T) {
 	pubkey1, seckey := GenerateKeyPair()
-	msg := RandByte(32)
+	msg := randentropy.GetEntropyMixed(32)
 	sig, _ := Sign(msg, seckey)
 
 	fail_count := 0
 	for i := 0; i < TESTS; i++ {
-		msg = RandByte(32)
+		msg = randentropy.GetEntropyMixed(32)
 		pubkey2, _ := RecoverPubkey(msg, sig)
 		if bytes.Equal(pubkey1, pubkey2) == true {
 			t.Fail()
@@ -226,3 +228,11 @@ func Test_Secp256_06b(t *testing.T) {
 		fmt.Printf("ERROR: Accepted signature for %v of %v random messages\n", fail_count, TESTS)
 	}
 }
+
+func TestInvalidKey(t *testing.T) {
+	p1 := make([]byte, 32)
+	err := VerifySeckeyValidity(p1)
+	if err == nil {
+		t.Errorf("pvk %x varify sec key should have returned error", p1)
+	}
+}