Remove the awesome, ever misunderstood entropy mixing

9918b6c8 · Gustav Simonsson · 58d6ec68 · 9918b6c8 · 9918b6c8 · 9918b6c8
Commit 9918b6c8 authored 10 years ago by Gustav Simonsson
4 changed files
--- a/crypto/key_store_passphrase.go
+++ b/crypto/key_store_passphrase.go
@@ -118,7 +118,7 @@ func (ks keyStorePassphrase) GetKeyAddresses() (addresses [][]byte, err error) {

 func (ks keyStorePassphrase) StoreKey(key *Key, auth string) (err error) {
 	authArray := []byte(auth)
-	salt := randentropy.GetEntropyMixed(32)
+	salt := randentropy.GetEntropyCSPRNG(32)
 	derivedKey, err := scrypt.Key(authArray, salt, scryptN, scryptr, scryptp, scryptdkLen)
 	if err != nil {
 		return err
@@ -133,7 +133,7 @@ func (ks keyStorePassphrase) StoreKey(key *Key, auth string) (err error) {
 		return err
 	}

-	iv := randentropy.GetEntropyMixed(aes.BlockSize) // 16
+	iv := randentropy.GetEntropyCSPRNG(aes.BlockSize) // 16
 	AES256CBCEncrypter := cipher.NewCBCEncrypter(AES256Block, iv)
 	cipherText := make([]byte, len(toEncrypt))
 	AES256CBCEncrypter.CryptBlocks(cipherText, toEncrypt)

--- a/crypto/randentropy/rand_entropy.go
+++ b/crypto/randentropy/rand_entropy.go
@@ -2,12 +2,8 @@ package randentropy

 import (
 	crand "crypto/rand"
-	"encoding/binary"
 	"github.com/ethereum/go-ethereum/crypto/sha3"
 	"io"
-	"os"
-	"strings"
-	"time"
 )

 var Reader io.Reader = &randEntropy{}
@@ -16,7 +12,7 @@ type randEntropy struct {
 }

 func (*randEntropy) Read(bytes []byte) (n int, err error) {
-	readBytes := GetEntropyMixed(len(bytes))
+	readBytes := GetEntropyCSPRNG(len(bytes))
 	copy(bytes, readBytes)
 	return len(bytes), nil
 }
@@ -29,40 +25,6 @@ func Sha3(data []byte) []byte {
 	return d.Sum(nil)
 }

-// TODO: verify. this needs to be audited
-// we start with crypt/rand, then XOR in additional entropy from OS
-func GetEntropyMixed(n int) []byte {
-	startTime := time.Now().UnixNano()
-	// for each source, we take SHA3 of the source and use it as seed to math/rand
-	// then read bytes from it and XOR them onto the bytes read from crypto/rand
-	mainBuff := GetEntropyCSPRNG(n)
-	// 1. OS entropy sources
-	startTimeBytes := make([]byte, 32)
-	binary.PutVarint(startTimeBytes, startTime)
-	startTimeHash := Sha3(startTimeBytes)
-	mixBytes(mainBuff, startTimeHash)
-
-	pid := os.Getpid()
-	pidBytes := make([]byte, 32)
-	binary.PutUvarint(pidBytes, uint64(pid))
-	pidHash := Sha3(pidBytes)
-	mixBytes(mainBuff, pidHash)
-
-	osEnv := os.Environ()
-	osEnvBytes := []byte(strings.Join(osEnv, ""))
-	osEnvHash := Sha3(osEnvBytes)
-	mixBytes(mainBuff, osEnvHash)
-
-	// not all OS have hostname in env variables
-	osHostName, err := os.Hostname()
-	if err != nil {
-		osHostNameBytes := []byte(osHostName)
-		osHostNameHash := Sha3(osHostNameBytes)
-		mixBytes(mainBuff, osHostNameHash)
-	}
-	return mainBuff
-}
-
 func GetEntropyCSPRNG(n int) []byte {
 	mainBuff := make([]byte, n)
 	_, err := io.ReadFull(crand.Reader, mainBuff)
@@ -71,14 +33,3 @@ func GetEntropyCSPRNG(n int) []byte {
 	}
 	return mainBuff
 }
-
-func mixBytes(buff []byte, mixBuff []byte) []byte {
-	bytesToMix := len(buff)
-	if bytesToMix > 32 {
-		bytesToMix = 32
-	}
-	for i := 0; i < bytesToMix; i++ {
-		buff[i] ^= mixBuff[i]
-	}
-	return buff
-}
--- a/crypto/secp256k1/secp256.go
+++ b/crypto/secp256k1/secp256.go
@@ -59,7 +59,7 @@ func GenerateKeyPair() ([]byte, []byte) {
 	const seckey_len = 32

 	var pubkey []byte = make([]byte, pubkey_len)
-	var seckey []byte = randentropy.GetEntropyMixed(seckey_len)
+	var seckey []byte = randentropy.GetEntropyCSPRNG(seckey_len)

 	var pubkey_ptr *C.uchar = (*C.uchar)(unsafe.Pointer(&pubkey[0]))
 	var seckey_ptr *C.uchar = (*C.uchar)(unsafe.Pointer(&seckey[0]))
@@ -99,7 +99,7 @@ func GeneratePubKey(seckey []byte) ([]byte, error) {
 }

 func Sign(msg []byte, seckey []byte) ([]byte, error) {
-	nonce := randentropy.GetEntropyMixed(32)
+	nonce := randentropy.GetEntropyCSPRNG(32)

 	var sig []byte = make([]byte, 65)
 	var recid C.int

--- a/crypto/secp256k1/secp256_test.go
+++ b/crypto/secp256k1/secp256_test.go
@@ -14,7 +14,7 @@ const SigSize = 65  //64+1

 func Test_Secp256_00(t *testing.T) {

-	var nonce []byte = randentropy.GetEntropyMixed(32) //going to get bitcoins stolen!
+	var nonce []byte = randentropy.GetEntropyCSPRNG(32) //going to get bitcoins stolen!

 	if len(nonce) != 32 {
 		t.Fatal()
@@ -52,7 +52,7 @@ func Test_Secp256_01(t *testing.T) {
 //test size of messages
 func Test_Secp256_02s(t *testing.T) {
 	pubkey, seckey := GenerateKeyPair()
-	msg := randentropy.GetEntropyMixed(32)
+	msg := randentropy.GetEntropyCSPRNG(32)
 	sig, _ := Sign(msg, seckey)
 	CompactSigTest(sig)
 	if sig == nil {
@@ -75,7 +75,7 @@ func Test_Secp256_02s(t *testing.T) {
 //test signing message
 func Test_Secp256_02(t *testing.T) {
 	pubkey1, seckey := GenerateKeyPair()
-	msg := randentropy.GetEntropyMixed(32)
+	msg := randentropy.GetEntropyCSPRNG(32)
 	sig, _ := Sign(msg, seckey)
 	if sig == nil {
 		t.Fatal("Signature nil")
@@ -98,7 +98,7 @@ func Test_Secp256_02(t *testing.T) {
 //test pubkey recovery
 func Test_Secp256_02a(t *testing.T) {
 	pubkey1, seckey1 := GenerateKeyPair()
-	msg := randentropy.GetEntropyMixed(32)
+	msg := randentropy.GetEntropyCSPRNG(32)
 	sig, _ := Sign(msg, seckey1)

 	if sig == nil {
@@ -127,7 +127,7 @@ func Test_Secp256_02a(t *testing.T) {
 func Test_Secp256_03(t *testing.T) {
 	_, seckey := GenerateKeyPair()
 	for i := 0; i < TESTS; i++ {
-		msg := randentropy.GetEntropyMixed(32)
+		msg := randentropy.GetEntropyCSPRNG(32)
 		sig, _ := Sign(msg, seckey)
 		CompactSigTest(sig)

@@ -143,7 +143,7 @@ func Test_Secp256_03(t *testing.T) {
 func Test_Secp256_04(t *testing.T) {
 	for i := 0; i < TESTS; i++ {
 		pubkey1, seckey := GenerateKeyPair()
-		msg := randentropy.GetEntropyMixed(32)
+		msg := randentropy.GetEntropyCSPRNG(32)
 		sig, _ := Sign(msg, seckey)
 		CompactSigTest(sig)

@@ -166,7 +166,7 @@ func Test_Secp256_04(t *testing.T) {
 //	-SIPA look at this

 func randSig() []byte {
-	sig := randentropy.GetEntropyMixed(65)
+	sig := randentropy.GetEntropyCSPRNG(65)
 	sig[32] &= 0x70
 	sig[64] %= 4
 	return sig
@@ -174,7 +174,7 @@ func randSig() []byte {

 func Test_Secp256_06a_alt0(t *testing.T) {
 	pubkey1, seckey := GenerateKeyPair()
-	msg := randentropy.GetEntropyMixed(32)
+	msg := randentropy.GetEntropyCSPRNG(32)
 	sig, _ := Sign(msg, seckey)

 	if sig == nil {
@@ -205,12 +205,12 @@ func Test_Secp256_06a_alt0(t *testing.T) {

 func Test_Secp256_06b(t *testing.T) {
 	pubkey1, seckey := GenerateKeyPair()
-	msg := randentropy.GetEntropyMixed(32)
+	msg := randentropy.GetEntropyCSPRNG(32)
 	sig, _ := Sign(msg, seckey)

 	fail_count := 0
 	for i := 0; i < TESTS; i++ {
-		msg = randentropy.GetEntropyMixed(32)
+		msg = randentropy.GetEntropyCSPRNG(32)
 		pubkey2, _ := RecoverPubkey(msg, sig)
 		if bytes.Equal(pubkey1, pubkey2) == true {
 			t.Fail()