diff options
| author | obscuren <geffobscura@gmail.com> | 2015-02-13 22:05:56 +0800 |
|---|---|---|
| committer | obscuren <geffobscura@gmail.com> | 2015-02-13 22:05:56 +0800 |
| commit | a5ea21cd85530eee6eb1bb83c37c20d009f11f74 (patch) | |
| tree | e5be5bd595139ff7dfbe6261e1e659d8e7dd6f9c /crypto/secp256k1/secp256_rand.go | |
| parent | db24fb792cf0dab91bc85e79aecf6758349002a4 (diff) | |
| parent | 38faf2c51a1e4a86cda5dfa1b4f7fdae4fd7f58d (diff) | |
| download | go-tangerine-a5ea21cd85530eee6eb1bb83c37c20d009f11f74.tar go-tangerine-a5ea21cd85530eee6eb1bb83c37c20d009f11f74.tar.gz go-tangerine-a5ea21cd85530eee6eb1bb83c37c20d009f11f74.tar.bz2 go-tangerine-a5ea21cd85530eee6eb1bb83c37c20d009f11f74.tar.lz go-tangerine-a5ea21cd85530eee6eb1bb83c37c20d009f11f74.tar.xz go-tangerine-a5ea21cd85530eee6eb1bb83c37c20d009f11f74.tar.zst go-tangerine-a5ea21cd85530eee6eb1bb83c37c20d009f11f74.zip | |
merge
Diffstat (limited to 'crypto/secp256k1/secp256_rand.go')
| -rw-r--r-- | crypto/secp256k1/secp256_rand.go | 97 |
1 files changed, 97 insertions, 0 deletions
diff --git a/crypto/secp256k1/secp256_rand.go b/crypto/secp256k1/secp256_rand.go new file mode 100644 index 000000000..bb10025fc --- /dev/null +++ b/crypto/secp256k1/secp256_rand.go @@ -0,0 +1,97 @@ +package secp256k1 + +import ( + crand "crypto/rand" + "io" + mrand "math/rand" + "os" + "strings" + "time" +) + +/* +Note: + +- On windows cryto/rand uses CrytoGenRandom which uses RC4 which is insecure +- Android random number generator is known to be insecure. +- Linux uses /dev/urandom , which is thought to be secure and uses entropy pool + +Therefore the output is salted. +*/ + +//finalizer from MurmerHash3 +func mmh3f(key uint64) uint64 { + key ^= key >> 33 + key *= 0xff51afd7ed558ccd + key ^= key >> 33 + key *= 0xc4ceb9fe1a85ec53 + key ^= key >> 33 + return key +} + +//knuth hash +func knuth_hash(in []byte) uint64 { + var acc uint64 = 3074457345618258791 + for i := 0; i < len(in); i++ { + acc += uint64(in[i]) + acc *= 3074457345618258799 + } + return acc +} + +var _rand *mrand.Rand + +func init() { + var seed1 uint64 = mmh3f(uint64(time.Now().UnixNano())) + var seed2 uint64 = knuth_hash([]byte(strings.Join(os.Environ(), ""))) + var seed3 uint64 = mmh3f(uint64(os.Getpid())) + + _rand = mrand.New(mrand.NewSource(int64(seed1 ^ seed2 ^ seed3))) +} + +func saltByte(n int) []byte { + buff := make([]byte, n) + for i := 0; i < len(buff); i++ { + var v uint64 = uint64(_rand.Int63()) + var b byte + for j := 0; j < 8; j++ { + b ^= byte(v & 0xff) + v = v >> 8 + } + buff[i] = b + } + return buff +} + +//On Unix-like systems, Reader reads from /dev/urandom. +//On Windows systems, Reader uses the CryptGenRandom API. + +//use entropy pool etc and cryptographic random number generator +//mix in time +//mix in mix in cpu cycle count +func RandByte(n int) []byte { + buff := make([]byte, n) + ret, err := io.ReadFull(crand.Reader, buff) + if len(buff) != ret || err != nil { + return nil + } + + buff2 := saltByte(n) + for i := 0; i < n; i++ { + buff[i] ^= buff2[2] + } + return buff +} + +/* + On Unix-like systems, Reader reads from /dev/urandom. + On Windows systems, Reader uses the CryptGenRandom API. +*/ +func RandByteWeakCrypto(n int) []byte { + buff := make([]byte, n) + ret, err := io.ReadFull(crand.Reader, buff) + if len(buff) != ret || err != nil { + return nil + } + return buff +} |