certusone
/
tendermint
mirror of https://github.com/certusone/tendermint.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

crypto: use stdlib crypto/rand. ref #2099 (#2669) 

* crypto: use stdlib crypto/rand. ref #2099

* comment
This commit is contained in:
Ethan Buchman 2018-10-19 14:29:45 -04:00 committed by GitHub
parent 30519e8361
commit 9d62bd0ad3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 31 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
crypto/random.go
View File

@ -9,10 +9,11 @@ import (
"sync" "sync"
"golang.org/x/crypto/chacha20poly1305" "golang.org/x/crypto/chacha20poly1305"
. "github.com/tendermint/tendermint/libs/common"
) )
// NOTE: This is ignored for now until we have time
// to properly review the MixEntropy function - https://github.com/tendermint/tendermint/issues/2099.
//
// The randomness here is derived from xoring a chacha20 keystream with // The randomness here is derived from xoring a chacha20 keystream with
// output from crypto/rand's OS Entropy Reader. (Due to fears of the OS' // output from crypto/rand's OS Entropy Reader. (Due to fears of the OS'
// entropy being backdoored) // entropy being backdoored)
@ -23,9 +24,13 @@ var gRandInfo *randInfo
func init() { func init() {
gRandInfo = &randInfo{} gRandInfo = &randInfo{}
gRandInfo.MixEntropy(randBytes(32)) // Init
// TODO: uncomment after reviewing MixEntropy -
// https://github.com/tendermint/tendermint/issues/2099
// gRandInfo.MixEntropy(randBytes(32)) // Init
} }
// WARNING: This function needs review - https://github.com/tendermint/tendermint/issues/2099.
// Mix additional bytes of randomness, e.g. from hardware, user-input, etc. // Mix additional bytes of randomness, e.g. from hardware, user-input, etc.
// It is OK to call it multiple times. It does not diminish security. // It is OK to call it multiple times. It does not diminish security.
func MixEntropy(seedBytes []byte) { func MixEntropy(seedBytes []byte) {
@ -37,20 +42,28 @@ func randBytes(numBytes int) []byte {
b := make([]byte, numBytes) b := make([]byte, numBytes)
_, err := crand.Read(b) _, err := crand.Read(b)
if err != nil { if err != nil {
PanicCrisis(err) panic(err)
} }
return b return b
} }
// This only uses the OS's randomness
func CRandBytes(numBytes int) []byte {
return randBytes(numBytes)
}
/* TODO: uncomment after reviewing MixEntropy - https://github.com/tendermint/tendermint/issues/2099
// This uses the OS and the Seed(s). // This uses the OS and the Seed(s).
func CRandBytes(numBytes int) []byte { func CRandBytes(numBytes int) []byte {
b := make([]byte, numBytes) return randBytes(numBytes)
_, err := gRandInfo.Read(b) b := make([]byte, numBytes)
if err != nil { _, err := gRandInfo.Read(b)
PanicCrisis(err) if err != nil {
} panic(err)
return b }
return b
} }
*/
// CRandHex returns a hex encoded string that's floor(numDigits/2) * 2 long. // CRandHex returns a hex encoded string that's floor(numDigits/2) * 2 long.
// //
@ -60,10 +73,17 @@ func CRandHex(numDigits int) string {
return hex.EncodeToString(CRandBytes(numDigits / 2)) return hex.EncodeToString(CRandBytes(numDigits / 2))
} }
// Returns a crand.Reader.
func CReader() io.Reader {
return crand.Reader
}
/* TODO: uncomment after reviewing MixEntropy - https://github.com/tendermint/tendermint/issues/2099
// Returns a crand.Reader mixed with user-supplied entropy // Returns a crand.Reader mixed with user-supplied entropy
func CReader() io.Reader { func CReader() io.Reader {
return gRandInfo return gRandInfo
} }
*/
//-------------------------------------------------------------------------------- //--------------------------------------------------------------------------------
@ -75,7 +95,7 @@ type randInfo struct {
} }
// You can call this as many times as you'd like. // You can call this as many times as you'd like.
// XXX TODO review // XXX/TODO: review - https://github.com/tendermint/tendermint/issues/2099
func (ri *randInfo) MixEntropy(seedBytes []byte) { func (ri *randInfo) MixEntropy(seedBytes []byte) {
ri.mtx.Lock() ri.mtx.Lock()
defer ri.mtx.Unlock() defer ri.mtx.Unlock()