Set both key generation and ECDSA nonce to use mixed entropy

* Move random entropy functions to new package randentropy
* Add function to get n bytes entropy where up to first 32
  bytes are mixed with OS entropy sources
This commit is contained in:
Gustav Simonsson 2015-02-04 17:06:06 +01:00
parent e40c1c62ce
commit 8c056aebe1
4 changed files with 92 additions and 18 deletions

View File

@ -68,10 +68,10 @@ import (
"code.google.com/p/go.crypto/scrypt" "code.google.com/p/go.crypto/scrypt"
"crypto/aes" "crypto/aes"
"crypto/cipher" "crypto/cipher"
crand "crypto/rand"
"encoding/hex" "encoding/hex"
"encoding/json" "encoding/json"
"errors" "errors"
"github.com/ethereum/go-ethereum/crypto/randentropy"
"io" "io"
"os" "os"
"path" "path"
@ -116,7 +116,7 @@ func (ks keyStorePassphrase) GetKeyAddresses() (addresses [][]byte, err error) {
func (ks keyStorePassphrase) StoreKey(key *Key, auth string) (err error) { func (ks keyStorePassphrase) StoreKey(key *Key, auth string) (err error) {
authArray := []byte(auth) authArray := []byte(auth)
salt := GetEntropyCSPRNG(32) salt := randentropy.GetEntropyMixed(32)
derivedKey, err := scrypt.Key(authArray, salt, scryptN, scryptr, scryptp, scryptdkLen) derivedKey, err := scrypt.Key(authArray, salt, scryptN, scryptr, scryptp, scryptdkLen)
if err != nil { if err != nil {
return err return err
@ -131,7 +131,7 @@ func (ks keyStorePassphrase) StoreKey(key *Key, auth string) (err error) {
return err return err
} }
iv := GetEntropyCSPRNG(aes.BlockSize) // 16 iv := randentropy.GetEntropyMixed(aes.BlockSize) // 16
AES256CBCEncrypter := cipher.NewCBCEncrypter(AES256Block, iv) AES256CBCEncrypter := cipher.NewCBCEncrypter(AES256Block, iv)
cipherText := make([]byte, len(toEncrypt)) cipherText := make([]byte, len(toEncrypt))
AES256CBCEncrypter.CryptBlocks(cipherText, toEncrypt) AES256CBCEncrypter.CryptBlocks(cipherText, toEncrypt)
@ -196,12 +196,3 @@ func DecryptKey(ks keyStorePassphrase, keyAddr []byte, auth string) (keyBytes []
} }
return keyBytes, keyId, err return keyBytes, keyId, err
} }
func GetEntropyCSPRNG(n int) []byte {
mainBuff := make([]byte, n)
_, err := io.ReadFull(crand.Reader, mainBuff)
if err != nil {
panic("key generation: reading from crypto/rand failed: " + err.Error())
}
return mainBuff
}

View File

@ -1,7 +1,7 @@
package crypto package crypto
import ( import (
crand "crypto/rand" "github.com/ethereum/go-ethereum/crypto/randentropy"
"reflect" "reflect"
"testing" "testing"
) )
@ -9,7 +9,7 @@ import (
func TestKeyStorePlain(t *testing.T) { func TestKeyStorePlain(t *testing.T) {
ks := NewKeyStorePlain(DefaultDataDir()) ks := NewKeyStorePlain(DefaultDataDir())
pass := "" // not used but required by API pass := "" // not used but required by API
k1, err := ks.GenerateNewKey(crand.Reader, pass) k1, err := ks.GenerateNewKey(new(randentropy.RandEntropy), pass)
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
} }
@ -37,7 +37,7 @@ func TestKeyStorePlain(t *testing.T) {
func TestKeyStorePassphrase(t *testing.T) { func TestKeyStorePassphrase(t *testing.T) {
ks := NewKeyStorePassphrase(DefaultDataDir()) ks := NewKeyStorePassphrase(DefaultDataDir())
pass := "foo" pass := "foo"
k1, err := ks.GenerateNewKey(crand.Reader, pass) k1, err := ks.GenerateNewKey(new(randentropy.RandEntropy), pass)
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
} }
@ -63,7 +63,7 @@ func TestKeyStorePassphrase(t *testing.T) {
func TestKeyStorePassphraseDecryptionFail(t *testing.T) { func TestKeyStorePassphraseDecryptionFail(t *testing.T) {
ks := NewKeyStorePassphrase(DefaultDataDir()) ks := NewKeyStorePassphrase(DefaultDataDir())
pass := "foo" pass := "foo"
k1, err := ks.GenerateNewKey(crand.Reader, pass) k1, err := ks.GenerateNewKey(new(randentropy.RandEntropy), pass)
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
} }

View File

@ -0,0 +1,82 @@
package randentropy
import (
crand "crypto/rand"
"encoding/binary"
"github.com/ethereum/go-ethereum/crypto/sha3"
"io"
"os"
"strings"
"time"
)
type RandEntropy struct {
}
func (*RandEntropy) Read(bytes []byte) (n int, err error) {
readBytes := GetEntropyMixed(len(bytes))
copy(bytes, readBytes)
return len(bytes), nil
}
// TODO: copied from crypto.go , move to sha3 package?
func Sha3(data []byte) []byte {
d := sha3.NewKeccak256()
d.Write(data)
return d.Sum(nil)
}
// TODO: verify. this needs to be audited
// we start with crypt/rand, then XOR in additional entropy from OS
func GetEntropyMixed(n int) []byte {
startTime := time.Now().UnixNano()
// for each source, we take SHA3 of the source and use it as seed to math/rand
// then read bytes from it and XOR them onto the bytes read from crypto/rand
mainBuff := GetEntropyCSPRNG(n)
// 1. OS entropy sources
startTimeBytes := make([]byte, 32)
binary.PutVarint(startTimeBytes, startTime)
startTimeHash := Sha3(startTimeBytes)
mixBytes(mainBuff, startTimeHash)
pid := os.Getpid()
pidBytes := make([]byte, 32)
binary.PutUvarint(pidBytes, uint64(pid))
pidHash := Sha3(pidBytes)
mixBytes(mainBuff, pidHash)
osEnv := os.Environ()
osEnvBytes := []byte(strings.Join(osEnv, ""))
osEnvHash := Sha3(osEnvBytes)
mixBytes(mainBuff, osEnvHash)
// not all OS have hostname in env variables
osHostName, err := os.Hostname()
if err != nil {
osHostNameBytes := []byte(osHostName)
osHostNameHash := Sha3(osHostNameBytes)
mixBytes(mainBuff, osHostNameHash)
}
return mainBuff
}
func GetEntropyCSPRNG(n int) []byte {
mainBuff := make([]byte, n)
_, err := io.ReadFull(crand.Reader, mainBuff)
if err != nil {
panic("reading from crypto/rand failed: " + err.Error())
}
return mainBuff
}
func mixBytes(buff []byte, mixBuff []byte) []byte {
bytesToMix := len(buff)
if bytesToMix > 32 {
bytesToMix = 32
}
for i := 0; i < bytesToMix; i++ {
buff[i] ^= mixBuff[i]
}
return buff
}

View File

@ -15,6 +15,7 @@ import "C"
import ( import (
"bytes" "bytes"
"errors" "errors"
"github.com/ethereum/go-ethereum/crypto/randentropy"
"unsafe" "unsafe"
) )
@ -68,7 +69,7 @@ func GenerateKeyPair() ([]byte, []byte) {
const seckey_len = 32 const seckey_len = 32
var pubkey []byte = make([]byte, pubkey_len) var pubkey []byte = make([]byte, pubkey_len)
var seckey []byte = RandByte(seckey_len) var seckey []byte = randentropy.GetEntropyMixed(seckey_len)
var pubkey_ptr *C.uchar = (*C.uchar)(unsafe.Pointer(&pubkey[0])) var pubkey_ptr *C.uchar = (*C.uchar)(unsafe.Pointer(&pubkey[0]))
var seckey_ptr *C.uchar = (*C.uchar)(unsafe.Pointer(&seckey[0])) var seckey_ptr *C.uchar = (*C.uchar)(unsafe.Pointer(&seckey[0]))
@ -124,7 +125,7 @@ int secp256k1_ecdsa_sign_compact(const unsigned char *msg, int msglen,
*/ */
func Sign(msg []byte, seckey []byte) ([]byte, error) { func Sign(msg []byte, seckey []byte) ([]byte, error) {
nonce := RandByte(32) nonce := randentropy.GetEntropyMixed(32)
var sig []byte = make([]byte, 65) var sig []byte = make([]byte, 65)
var recid C.int var recid C.int