mirror of
https://github.com/ethereum/go-ethereum.git
synced 2026-07-19 19:30:44 +00:00
Use crypto/rand for both key generation and ECDSA nonce
This commit is contained in:
parent
57c6caf146
commit
72651172d3
4 changed files with 26 additions and 121 deletions
|
|
@ -68,10 +68,10 @@ import (
|
|||
"code.google.com/p/go.crypto/scrypt"
|
||||
"crypto/aes"
|
||||
"crypto/cipher"
|
||||
crand "crypto/rand"
|
||||
"encoding/hex"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"github.com/ethereum/go-ethereum/crypto/secp256k1"
|
||||
"io"
|
||||
"os"
|
||||
"path"
|
||||
|
|
@ -116,7 +116,7 @@ func (ks keyStorePassphrase) GetKeyAddresses() (addresses [][]byte, err error) {
|
|||
|
||||
func (ks keyStorePassphrase) StoreKey(key *Key, auth string) (err error) {
|
||||
authArray := []byte(auth)
|
||||
salt := GetEntropyCSPRNG(32)
|
||||
salt := secp256k1.GetEntropyCSPRNG(32)
|
||||
derivedKey, err := scrypt.Key(authArray, salt, scryptN, scryptr, scryptp, scryptdkLen)
|
||||
if err != nil {
|
||||
return err
|
||||
|
|
@ -131,7 +131,7 @@ func (ks keyStorePassphrase) StoreKey(key *Key, auth string) (err error) {
|
|||
return err
|
||||
}
|
||||
|
||||
iv := GetEntropyCSPRNG(aes.BlockSize) // 16
|
||||
iv := secp256k1.GetEntropyCSPRNG(aes.BlockSize) // 16
|
||||
AES256CBCEncrypter := cipher.NewCBCEncrypter(AES256Block, iv)
|
||||
cipherText := make([]byte, len(toEncrypt))
|
||||
AES256CBCEncrypter.CryptBlocks(cipherText, toEncrypt)
|
||||
|
|
@ -196,12 +196,3 @@ func DecryptKey(ks keyStorePassphrase, keyAddr []byte, auth string) (keyBytes []
|
|||
}
|
||||
return keyBytes, keyId, err
|
||||
}
|
||||
|
||||
func GetEntropyCSPRNG(n int) []byte {
|
||||
mainBuff := make([]byte, n)
|
||||
_, err := io.ReadFull(crand.Reader, mainBuff)
|
||||
if err != nil {
|
||||
panic("key generation: reading from crypto/rand failed: " + err.Error())
|
||||
}
|
||||
return mainBuff
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,7 +14,9 @@ import "C"
|
|||
|
||||
import (
|
||||
"bytes"
|
||||
crand "crypto/rand"
|
||||
"errors"
|
||||
"io"
|
||||
"unsafe"
|
||||
)
|
||||
|
||||
|
|
@ -68,7 +70,7 @@ func GenerateKeyPair() ([]byte, []byte) {
|
|||
const seckey_len = 32
|
||||
|
||||
var pubkey []byte = make([]byte, pubkey_len)
|
||||
var seckey []byte = RandByte(seckey_len)
|
||||
var seckey []byte = GetEntropyCSPRNG(seckey_len)
|
||||
|
||||
var pubkey_ptr *C.uchar = (*C.uchar)(unsafe.Pointer(&pubkey[0]))
|
||||
var seckey_ptr *C.uchar = (*C.uchar)(unsafe.Pointer(&seckey[0]))
|
||||
|
|
@ -124,7 +126,7 @@ int secp256k1_ecdsa_sign_compact(const unsigned char *msg, int msglen,
|
|||
*/
|
||||
|
||||
func Sign(msg []byte, seckey []byte) ([]byte, error) {
|
||||
nonce := RandByte(32)
|
||||
nonce := GetEntropyCSPRNG(32)
|
||||
|
||||
var sig []byte = make([]byte, 65)
|
||||
var recid C.int
|
||||
|
|
@ -298,3 +300,12 @@ func RecoverPubkey(msg []byte, sig []byte) ([]byte, error) {
|
|||
}
|
||||
return nil, errors.New("Impossible Error: func RecoverPubkey has reached an unreachable state")
|
||||
}
|
||||
|
||||
func GetEntropyCSPRNG(n int) []byte {
|
||||
mainBuff := make([]byte, n)
|
||||
_, err := io.ReadFull(crand.Reader, mainBuff)
|
||||
if err != nil {
|
||||
panic("reading from crypto/rand failed: " + err.Error())
|
||||
}
|
||||
return mainBuff
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,97 +0,0 @@
|
|||
package secp256k1
|
||||
|
||||
import (
|
||||
crand "crypto/rand"
|
||||
"io"
|
||||
mrand "math/rand"
|
||||
"os"
|
||||
"strings"
|
||||
"time"
|
||||
)
|
||||
|
||||
/*
|
||||
Note:
|
||||
|
||||
- On windows cryto/rand uses CrytoGenRandom which uses RC4 which is insecure
|
||||
- Android random number generator is known to be insecure.
|
||||
- Linux uses /dev/urandom , which is thought to be secure and uses entropy pool
|
||||
|
||||
Therefore the output is salted.
|
||||
*/
|
||||
|
||||
//finalizer from MurmerHash3
|
||||
func mmh3f(key uint64) uint64 {
|
||||
key ^= key >> 33
|
||||
key *= 0xff51afd7ed558ccd
|
||||
key ^= key >> 33
|
||||
key *= 0xc4ceb9fe1a85ec53
|
||||
key ^= key >> 33
|
||||
return key
|
||||
}
|
||||
|
||||
//knuth hash
|
||||
func knuth_hash(in []byte) uint64 {
|
||||
var acc uint64 = 3074457345618258791
|
||||
for i := 0; i < len(in); i++ {
|
||||
acc += uint64(in[i])
|
||||
acc *= 3074457345618258799
|
||||
}
|
||||
return acc
|
||||
}
|
||||
|
||||
var _rand *mrand.Rand
|
||||
|
||||
func init() {
|
||||
var seed1 uint64 = mmh3f(uint64(time.Now().UnixNano()))
|
||||
var seed2 uint64 = knuth_hash([]byte(strings.Join(os.Environ(), "")))
|
||||
var seed3 uint64 = mmh3f(uint64(os.Getpid()))
|
||||
|
||||
_rand = mrand.New(mrand.NewSource(int64(seed1 ^ seed2 ^ seed3)))
|
||||
}
|
||||
|
||||
func saltByte(n int) []byte {
|
||||
buff := make([]byte, n)
|
||||
for i := 0; i < len(buff); i++ {
|
||||
var v uint64 = uint64(_rand.Int63())
|
||||
var b byte
|
||||
for j := 0; j < 8; j++ {
|
||||
b ^= byte(v & 0xff)
|
||||
v = v >> 8
|
||||
}
|
||||
buff[i] = b
|
||||
}
|
||||
return buff
|
||||
}
|
||||
|
||||
//On Unix-like systems, Reader reads from /dev/urandom.
|
||||
//On Windows systems, Reader uses the CryptGenRandom API.
|
||||
|
||||
//use entropy pool etc and cryptographic random number generator
|
||||
//mix in time
|
||||
//mix in mix in cpu cycle count
|
||||
func RandByte(n int) []byte {
|
||||
buff := make([]byte, n)
|
||||
ret, err := io.ReadFull(crand.Reader, buff)
|
||||
if len(buff) != ret || err != nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
buff2 := saltByte(n)
|
||||
for i := 0; i < n; i++ {
|
||||
buff[i] ^= buff2[2]
|
||||
}
|
||||
return buff
|
||||
}
|
||||
|
||||
/*
|
||||
On Unix-like systems, Reader reads from /dev/urandom.
|
||||
On Windows systems, Reader uses the CryptGenRandom API.
|
||||
*/
|
||||
func RandByteWeakCrypto(n int) []byte {
|
||||
buff := make([]byte, n)
|
||||
ret, err := io.ReadFull(crand.Reader, buff)
|
||||
if len(buff) != ret || err != nil {
|
||||
return nil
|
||||
}
|
||||
return buff
|
||||
}
|
||||
|
|
@ -12,7 +12,7 @@ const SigSize = 65 //64+1
|
|||
|
||||
func Test_Secp256_00(t *testing.T) {
|
||||
|
||||
var nonce []byte = RandByte(32) //going to get bitcoins stolen!
|
||||
var nonce []byte = GetEntropyCSPRNG(32) //going to get bitcoins stolen!
|
||||
|
||||
if len(nonce) != 32 {
|
||||
t.Fatal()
|
||||
|
|
@ -50,7 +50,7 @@ func Test_Secp256_01(t *testing.T) {
|
|||
//test size of messages
|
||||
func Test_Secp256_02s(t *testing.T) {
|
||||
pubkey, seckey := GenerateKeyPair()
|
||||
msg := RandByte(32)
|
||||
msg := GetEntropyCSPRNG(32)
|
||||
sig, _ := Sign(msg, seckey)
|
||||
CompactSigTest(sig)
|
||||
if sig == nil {
|
||||
|
|
@ -73,7 +73,7 @@ func Test_Secp256_02s(t *testing.T) {
|
|||
//test signing message
|
||||
func Test_Secp256_02(t *testing.T) {
|
||||
pubkey1, seckey := GenerateKeyPair()
|
||||
msg := RandByte(32)
|
||||
msg := GetEntropyCSPRNG(32)
|
||||
sig, _ := Sign(msg, seckey)
|
||||
if sig == nil {
|
||||
t.Fatal("Signature nil")
|
||||
|
|
@ -96,7 +96,7 @@ func Test_Secp256_02(t *testing.T) {
|
|||
//test pubkey recovery
|
||||
func Test_Secp256_02a(t *testing.T) {
|
||||
pubkey1, seckey1 := GenerateKeyPair()
|
||||
msg := RandByte(32)
|
||||
msg := GetEntropyCSPRNG(32)
|
||||
sig, _ := Sign(msg, seckey1)
|
||||
|
||||
if sig == nil {
|
||||
|
|
@ -125,7 +125,7 @@ func Test_Secp256_02a(t *testing.T) {
|
|||
func Test_Secp256_03(t *testing.T) {
|
||||
_, seckey := GenerateKeyPair()
|
||||
for i := 0; i < TESTS; i++ {
|
||||
msg := RandByte(32)
|
||||
msg := GetEntropyCSPRNG(32)
|
||||
sig, _ := Sign(msg, seckey)
|
||||
CompactSigTest(sig)
|
||||
|
||||
|
|
@ -141,7 +141,7 @@ func Test_Secp256_03(t *testing.T) {
|
|||
func Test_Secp256_04(t *testing.T) {
|
||||
for i := 0; i < TESTS; i++ {
|
||||
pubkey1, seckey := GenerateKeyPair()
|
||||
msg := RandByte(32)
|
||||
msg := GetEntropyCSPRNG(32)
|
||||
sig, _ := Sign(msg, seckey)
|
||||
CompactSigTest(sig)
|
||||
|
||||
|
|
@ -164,7 +164,7 @@ func Test_Secp256_04(t *testing.T) {
|
|||
// -SIPA look at this
|
||||
|
||||
func randSig() []byte {
|
||||
sig := RandByte(65)
|
||||
sig := GetEntropyCSPRNG(65)
|
||||
sig[32] &= 0x70
|
||||
sig[64] %= 4
|
||||
return sig
|
||||
|
|
@ -172,7 +172,7 @@ func randSig() []byte {
|
|||
|
||||
func Test_Secp256_06a_alt0(t *testing.T) {
|
||||
pubkey1, seckey := GenerateKeyPair()
|
||||
msg := RandByte(32)
|
||||
msg := GetEntropyCSPRNG(32)
|
||||
sig, _ := Sign(msg, seckey)
|
||||
|
||||
if sig == nil {
|
||||
|
|
@ -203,12 +203,12 @@ func Test_Secp256_06a_alt0(t *testing.T) {
|
|||
|
||||
func Test_Secp256_06b(t *testing.T) {
|
||||
pubkey1, seckey := GenerateKeyPair()
|
||||
msg := RandByte(32)
|
||||
msg := GetEntropyCSPRNG(32)
|
||||
sig, _ := Sign(msg, seckey)
|
||||
|
||||
fail_count := 0
|
||||
for i := 0; i < TESTS; i++ {
|
||||
msg = RandByte(32)
|
||||
msg = GetEntropyCSPRNG(32)
|
||||
pubkey2, _ := RecoverPubkey(msg, sig)
|
||||
if bytes.Equal(pubkey1, pubkey2) == true {
|
||||
t.Fail()
|
||||
|
|
|
|||
Loading…
Reference in a new issue