Replace libsodium's randombytes_buf with rand_core::OsRng::fill_bytes

This commit is contained in:
Jack Grigg 2020-07-14 17:34:03 +12:00
parent d292376176
commit 9514e4018e
8 changed files with 35 additions and 29 deletions

View File

@ -19,7 +19,7 @@
#include <sys/time.h> #include <sys/time.h>
#endif #endif
#include "sodium.h" #include <librustzcash.h>
static inline int64_t GetPerformanceCounter() static inline int64_t GetPerformanceCounter()
{ {
@ -36,7 +36,7 @@ static inline int64_t GetPerformanceCounter()
void GetRandBytes(unsigned char* buf, size_t num) void GetRandBytes(unsigned char* buf, size_t num)
{ {
randombytes_buf(buf, num); librustzcash_getrandom(buf, num);
} }
uint64_t GetRand(uint64_t nMax) uint64_t GetRand(uint64_t nMax)

View File

@ -12,7 +12,7 @@
#include <stdint.h> #include <stdint.h>
/** /**
* Functions to gather random data via the libsodium CSPRNG * Functions to gather random data via the rand_core OsRng
*/ */
void GetRandBytes(unsigned char* buf, size_t num); void GetRandBytes(unsigned char* buf, size_t num);
uint64_t GetRand(uint64_t nMax); uint64_t GetRand(uint64_t nMax);

View File

@ -352,6 +352,12 @@ extern "C" {
unsigned char *h_ret unsigned char *h_ret
); );
/// Fills the provided buffer with random bytes.
void librustzcash_getrandom(
unsigned char *buf,
size_t buf_len
);
int librustzcash_zebra_crypto_sign_verify_detached( int librustzcash_zebra_crypto_sign_verify_detached(
const unsigned char *sig, const unsigned char *sig,
const unsigned char *m, const unsigned char *m,

View File

@ -1341,6 +1341,12 @@ pub extern "system" fn librustzcash_mmr_hash_node(
0 0
} }
#[no_mangle]
pub extern "C" fn librustzcash_getrandom(buf: *mut u8, buf_len: usize) {
let buf = unsafe { slice::from_raw_parts_mut(buf, buf_len) };
OsRng.fill_bytes(buf);
}
// The `librustzcash_zebra_crypto_sign_verify_detached` API attempts to // The `librustzcash_zebra_crypto_sign_verify_detached` API attempts to
// mimic the `crypto_sign_verify_detached` API in libsodium, but uses // mimic the `crypto_sign_verify_detached` API in libsodium, but uses
// the ed25519-zebra crate internally instead. // the ed25519-zebra crate internally instead.

View File

@ -153,7 +153,7 @@ void static RandomTransaction(CMutableTransaction &tx, bool fSingle, uint32_t co
sdesc.anchor = GetRandHash(); sdesc.anchor = GetRandHash();
sdesc.nullifier = GetRandHash(); sdesc.nullifier = GetRandHash();
sdesc.rk = GetRandHash(); sdesc.rk = GetRandHash();
randombytes_buf(sdesc.zkproof.begin(), sdesc.zkproof.size()); GetRandBytes(sdesc.zkproof.begin(), sdesc.zkproof.size());
tx.vShieldedSpend.push_back(sdesc); tx.vShieldedSpend.push_back(sdesc);
} }
for (int out = 0; out < shielded_outs; out++) { for (int out = 0; out < shielded_outs; out++) {
@ -161,9 +161,9 @@ void static RandomTransaction(CMutableTransaction &tx, bool fSingle, uint32_t co
odesc.cv = GetRandHash(); odesc.cv = GetRandHash();
odesc.cmu = GetRandHash(); odesc.cmu = GetRandHash();
odesc.ephemeralKey = GetRandHash(); odesc.ephemeralKey = GetRandHash();
randombytes_buf(odesc.encCiphertext.begin(), odesc.encCiphertext.size()); GetRandBytes(odesc.encCiphertext.begin(), odesc.encCiphertext.size());
randombytes_buf(odesc.outCiphertext.begin(), odesc.outCiphertext.size()); GetRandBytes(odesc.outCiphertext.begin(), odesc.outCiphertext.size());
randombytes_buf(odesc.zkproof.begin(), odesc.zkproof.size()); GetRandBytes(odesc.zkproof.begin(), odesc.zkproof.size());
tx.vShieldedOutput.push_back(odesc); tx.vShieldedOutput.push_back(odesc);
} }
} }
@ -182,11 +182,11 @@ void static RandomTransaction(CMutableTransaction &tx, bool fSingle, uint32_t co
jsdesc.nullifiers[1] = GetRandHash(); jsdesc.nullifiers[1] = GetRandHash();
jsdesc.ephemeralKey = GetRandHash(); jsdesc.ephemeralKey = GetRandHash();
jsdesc.randomSeed = GetRandHash(); jsdesc.randomSeed = GetRandHash();
randombytes_buf(jsdesc.ciphertexts[0].begin(), jsdesc.ciphertexts[0].size()); GetRandBytes(jsdesc.ciphertexts[0].begin(), jsdesc.ciphertexts[0].size());
randombytes_buf(jsdesc.ciphertexts[1].begin(), jsdesc.ciphertexts[1].size()); GetRandBytes(jsdesc.ciphertexts[1].begin(), jsdesc.ciphertexts[1].size());
{ {
libzcash::GrothProof zkproof; libzcash::GrothProof zkproof;
randombytes_buf(zkproof.begin(), zkproof.size()); GetRandBytes(zkproof.begin(), zkproof.size());
jsdesc.proof = zkproof; jsdesc.proof = zkproof;
} }
jsdesc.macs[0] = GetRandHash(); jsdesc.macs[0] = GetRandHash();

View File

@ -1,6 +1,7 @@
#include <gtest/gtest.h> #include <gtest/gtest.h>
#include "main.h" #include "main.h"
#include "random.h"
#include "utilmoneystr.h" #include "utilmoneystr.h"
#include "chainparams.h" #include "chainparams.h"
#include "utilstrencodings.h" #include "utilstrencodings.h"
@ -43,13 +44,6 @@ using namespace std;
static boost::uuids::random_generator uuidgen; static boost::uuids::random_generator uuidgen;
static uint256 random_uint256()
{
uint256 ret;
randombytes_buf(ret.begin(), 32);
return ret;
}
// Subclass of PaymentDisclosureDB to add debugging methods // Subclass of PaymentDisclosureDB to add debugging methods
class PaymentDisclosureDBTest : public PaymentDisclosureDB { class PaymentDisclosureDBTest : public PaymentDisclosureDB {
public: public:
@ -113,11 +107,11 @@ TEST(paymentdisclosure, mainnet) {
uint256 joinSplitPrivKey = uint256(vch); uint256 joinSplitPrivKey = uint256(vch);
// Create payment disclosure key and info data to store in test database // Create payment disclosure key and info data to store in test database
size_t js = random_uint256().GetCheapHash() % std::numeric_limits<size_t>::max(); size_t js = GetRandHash().GetCheapHash() % std::numeric_limits<size_t>::max();
uint8_t n = random_uint256().GetCheapHash() % std::numeric_limits<uint8_t>::max(); uint8_t n = GetRandHash().GetCheapHash() % std::numeric_limits<uint8_t>::max();
PaymentDisclosureKey key { random_uint256(), js, n}; PaymentDisclosureKey key { GetRandHash(), js, n};
PaymentDisclosureInfo info; PaymentDisclosureInfo info;
info.esk = random_uint256(); info.esk = GetRandHash();
info.joinSplitPrivKey = joinSplitPrivKey; info.joinSplitPrivKey = joinSplitPrivKey;
info.zaddr = libzcash::SproutSpendingKey::random().address(); info.zaddr = libzcash::SproutSpendingKey::random().address();
ASSERT_TRUE(mydb.Put(key, info)); ASSERT_TRUE(mydb.Put(key, info));
@ -128,8 +122,8 @@ TEST(paymentdisclosure, mainnet) {
ASSERT_EQ(info, info2); ASSERT_EQ(info, info2);
// Modify this local variable and confirm it no longer matches // Modify this local variable and confirm it no longer matches
info2.esk = random_uint256(); info2.esk = GetRandHash();
info2.joinSplitPrivKey = random_uint256(); info2.joinSplitPrivKey = GetRandHash();
info2.zaddr = libzcash::SproutSpendingKey::random().address(); info2.zaddr = libzcash::SproutSpendingKey::random().address();
ASSERT_NE(info, info2); ASSERT_NE(info, info2);

View File

@ -1,4 +1,7 @@
#include "NoteEncryption.hpp" #include "NoteEncryption.hpp"
#include "random.h"
#include <stdexcept> #include <stdexcept>
#include "sodium.h" #include "sodium.h"
#include <boost/static_assert.hpp> #include <boost/static_assert.hpp>
@ -444,10 +447,7 @@ uint256 NoteEncryption<MLEN>::generate_pubkey(const uint256 &sk_enc)
uint256 random_uint256() uint256 random_uint256()
{ {
uint256 ret; return GetRandHash();
randombytes_buf(ret.begin(), 32);
return ret;
} }
uint252 random_uint252() uint252 random_uint252()

View File

@ -19,6 +19,7 @@
#include "miner.h" #include "miner.h"
#include "policy/policy.h" #include "policy/policy.h"
#include "pow.h" #include "pow.h"
#include "random.h"
#include "rpc/server.h" #include "rpc/server.h"
#include "script/sign.h" #include "script/sign.h"
#include "sodium.h" #include "sodium.h"
@ -161,8 +162,7 @@ double benchmark_solve_equihash()
EhInitialiseState(n, k, eh_state); EhInitialiseState(n, k, eh_state);
crypto_generichash_blake2b_update(&eh_state, (unsigned char*)&ss[0], ss.size()); crypto_generichash_blake2b_update(&eh_state, (unsigned char*)&ss[0], ss.size());
uint256 nonce; uint256 nonce = GetRandHash();
randombytes_buf(nonce.begin(), 32);
crypto_generichash_blake2b_update(&eh_state, crypto_generichash_blake2b_update(&eh_state,
nonce.begin(), nonce.begin(),
nonce.size()); nonce.size());