From 9918b6c84e2547f3d24a6cfeb97cfcbd6cb4dc98 Mon Sep 17 00:00:00 2001
From: Gustav Simonsson <gustav.simonsson@gmail.com>
Date: Thu, 2 Apr 2015 17:02:56 +0200
Subject: [PATCH] Remove the awesome, ever misunderstood entropy mixing
---
crypto/key_store_passphrase.go | 4 +--
crypto/randentropy/rand_entropy.go | 51 +-----------------------------
crypto/secp256k1/secp256.go | 4 +--
crypto/secp256k1/secp256_test.go | 20 ++++++------
4 files changed, 15 insertions(+), 64 deletions(-)
diff --git a/crypto/key_store_passphrase.go b/crypto/key_store_passphrase.go
index 9d36d7b03..ee383584c 100644
--- a/crypto/key_store_passphrase.go
+++ b/crypto/key_store_passphrase.go
@@ -118,7 +118,7 @@ func (ks keyStorePassphrase) GetKeyAddresses() (addresses [][]byte, err error) {
func (ks keyStorePassphrase) StoreKey(key *Key, auth string) (err error) {
authArray := []byte(auth)
- salt := randentropy.GetEntropyMixed(32)
+ salt := randentropy.GetEntropyCSPRNG(32)
derivedKey, err := scrypt.Key(authArray, salt, scryptN, scryptr, scryptp, scryptdkLen)
if err != nil {
return err
@@ -133,7 +133,7 @@ func (ks keyStorePassphrase) StoreKey(key *Key, auth string) (err error) {
return err
}
- iv := randentropy.GetEntropyMixed(aes.BlockSize) // 16
+ iv := randentropy.GetEntropyCSPRNG(aes.BlockSize) // 16
AES256CBCEncrypter := cipher.NewCBCEncrypter(AES256Block, iv)
cipherText := make([]byte, len(toEncrypt))
AES256CBCEncrypter.CryptBlocks(cipherText, toEncrypt)
diff --git a/crypto/randentropy/rand_entropy.go b/crypto/randentropy/rand_entropy.go
index b87fa564e..68bb8808b 100644
--- a/crypto/randentropy/rand_entropy.go
+++ b/crypto/randentropy/rand_entropy.go
@@ -2,12 +2,8 @@ package randentropy
import (
crand "crypto/rand"
- "encoding/binary"
"github.com/ethereum/go-ethereum/crypto/sha3"
"io"
- "os"
- "strings"
- "time"
)
var Reader io.Reader = &randEntropy{}
@@ -16,7 +12,7 @@ type randEntropy struct {
}
func (*randEntropy) Read(bytes []byte) (n int, err error) {
- readBytes := GetEntropyMixed(len(bytes))
+ readBytes := GetEntropyCSPRNG(len(bytes))
copy(bytes, readBytes)
return len(bytes), nil
}
@@ -29,40 +25,6 @@ func Sha3(data []byte) []byte {
return d.Sum(nil)
}
-// TODO: verify. this needs to be audited
-// we start with crypt/rand, then XOR in additional entropy from OS
-func GetEntropyMixed(n int) []byte {
- startTime := time.Now().UnixNano()
- // for each source, we take SHA3 of the source and use it as seed to math/rand
- // then read bytes from it and XOR them onto the bytes read from crypto/rand
- mainBuff := GetEntropyCSPRNG(n)
- // 1. OS entropy sources
- startTimeBytes := make([]byte, 32)
- binary.PutVarint(startTimeBytes, startTime)
- startTimeHash := Sha3(startTimeBytes)
- mixBytes(mainBuff, startTimeHash)
-
- pid := os.Getpid()
- pidBytes := make([]byte, 32)
- binary.PutUvarint(pidBytes, uint64(pid))
- pidHash := Sha3(pidBytes)
- mixBytes(mainBuff, pidHash)
-
- osEnv := os.Environ()
- osEnvBytes := []byte(strings.Join(osEnv, ""))
- osEnvHash := Sha3(osEnvBytes)
- mixBytes(mainBuff, osEnvHash)
-
- // not all OS have hostname in env variables
- osHostName, err := os.Hostname()
- if err != nil {
- osHostNameBytes := []byte(osHostName)
- osHostNameHash := Sha3(osHostNameBytes)
- mixBytes(mainBuff, osHostNameHash)
- }
- return mainBuff
-}
-
func GetEntropyCSPRNG(n int) []byte {
mainBuff := make([]byte, n)
_, err := io.ReadFull(crand.Reader, mainBuff)
@@ -71,14 +33,3 @@ func GetEntropyCSPRNG(n int) []byte {
}
return mainBuff
}
-
-func mixBytes(buff []byte, mixBuff []byte) []byte {
- bytesToMix := len(buff)
- if bytesToMix > 32 {
- bytesToMix = 32
- }
- for i := 0; i < bytesToMix; i++ {
- buff[i] ^= mixBuff[i]
- }
- return buff
-}
diff --git a/crypto/secp256k1/secp256.go b/crypto/secp256k1/secp256.go
index f8cc60e82..8ed81a1ed 100644
--- a/crypto/secp256k1/secp256.go
+++ b/crypto/secp256k1/secp256.go
@@ -59,7 +59,7 @@ func GenerateKeyPair() ([]byte, []byte) {
const seckey_len = 32
var pubkey []byte = make([]byte, pubkey_len)
- var seckey []byte = randentropy.GetEntropyMixed(seckey_len)
+ var seckey []byte = randentropy.GetEntropyCSPRNG(seckey_len)
var pubkey_ptr *C.uchar = (*C.uchar)(unsafe.Pointer(&pubkey[0]))
var seckey_ptr *C.uchar = (*C.uchar)(unsafe.Pointer(&seckey[0]))
@@ -99,7 +99,7 @@ func GeneratePubKey(seckey []byte) ([]byte, error) {
}
func Sign(msg []byte, seckey []byte) ([]byte, error) {
- nonce := randentropy.GetEntropyMixed(32)
+ nonce := randentropy.GetEntropyCSPRNG(32)
var sig []byte = make([]byte, 65)
var recid C.int
diff --git a/crypto/secp256k1/secp256_test.go b/crypto/secp256k1/secp256_test.go
index 3599fde38..14d260beb 100644
--- a/crypto/secp256k1/secp256_test.go
+++ b/crypto/secp256k1/secp256_test.go
@@ -14,7 +14,7 @@ const SigSize = 65 //64+1
func Test_Secp256_00(t *testing.T) {
- var nonce []byte = randentropy.GetEntropyMixed(32) //going to get bitcoins stolen!
+ var nonce []byte = randentropy.GetEntropyCSPRNG(32) //going to get bitcoins stolen!
if len(nonce) != 32 {
t.Fatal()
@@ -52,7 +52,7 @@ func Test_Secp256_01(t *testing.T) {
//test size of messages
func Test_Secp256_02s(t *testing.T) {
pubkey, seckey := GenerateKeyPair()
- msg := randentropy.GetEntropyMixed(32)
+ msg := randentropy.GetEntropyCSPRNG(32)
sig, _ := Sign(msg, seckey)
CompactSigTest(sig)
if sig == nil {
@@ -75,7 +75,7 @@ func Test_Secp256_02s(t *testing.T) {
//test signing message
func Test_Secp256_02(t *testing.T) {
pubkey1, seckey := GenerateKeyPair()
- msg := randentropy.GetEntropyMixed(32)
+ msg := randentropy.GetEntropyCSPRNG(32)
sig, _ := Sign(msg, seckey)
if sig == nil {
t.Fatal("Signature nil")
@@ -98,7 +98,7 @@ func Test_Secp256_02(t *testing.T) {
//test pubkey recovery
func Test_Secp256_02a(t *testing.T) {
pubkey1, seckey1 := GenerateKeyPair()
- msg := randentropy.GetEntropyMixed(32)
+ msg := randentropy.GetEntropyCSPRNG(32)
sig, _ := Sign(msg, seckey1)
if sig == nil {
@@ -127,7 +127,7 @@ func Test_Secp256_02a(t *testing.T) {
func Test_Secp256_03(t *testing.T) {
_, seckey := GenerateKeyPair()
for i := 0; i < TESTS; i++ {
- msg := randentropy.GetEntropyMixed(32)
+ msg := randentropy.GetEntropyCSPRNG(32)
sig, _ := Sign(msg, seckey)
CompactSigTest(sig)
@@ -143,7 +143,7 @@ func Test_Secp256_03(t *testing.T) {
func Test_Secp256_04(t *testing.T) {
for i := 0; i < TESTS; i++ {
pubkey1, seckey := GenerateKeyPair()
- msg := randentropy.GetEntropyMixed(32)
+ msg := randentropy.GetEntropyCSPRNG(32)
sig, _ := Sign(msg, seckey)
CompactSigTest(sig)
@@ -166,7 +166,7 @@ func Test_Secp256_04(t *testing.T) {
// -SIPA look at this
func randSig() []byte {
- sig := randentropy.GetEntropyMixed(65)
+ sig := randentropy.GetEntropyCSPRNG(65)
sig[32] &= 0x70
sig[64] %= 4
return sig
@@ -174,7 +174,7 @@ func randSig() []byte {
func Test_Secp256_06a_alt0(t *testing.T) {
pubkey1, seckey := GenerateKeyPair()
- msg := randentropy.GetEntropyMixed(32)
+ msg := randentropy.GetEntropyCSPRNG(32)
sig, _ := Sign(msg, seckey)
if sig == nil {
@@ -205,12 +205,12 @@ func Test_Secp256_06a_alt0(t *testing.T) {
func Test_Secp256_06b(t *testing.T) {
pubkey1, seckey := GenerateKeyPair()
- msg := randentropy.GetEntropyMixed(32)
+ msg := randentropy.GetEntropyCSPRNG(32)
sig, _ := Sign(msg, seckey)
fail_count := 0
for i := 0; i < TESTS; i++ {
- msg = randentropy.GetEntropyMixed(32)
+ msg = randentropy.GetEntropyCSPRNG(32)
pubkey2, _ := RecoverPubkey(msg, sig)
if bytes.Equal(pubkey1, pubkey2) == true {
t.Fail()
--
GitLab