Browse Source

remove MixEntropy (#3278)

* remove MixEntropy

* changelog
release/v0.29.2 v0.29.2-rc2
Ethan Buchman 6 years ago
committed by GitHub
parent
commit
af6e6cd350
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 4 additions and 109 deletions
  1. +3
    -0
      CHANGELOG.md
  2. +1
    -0
      README.md
  3. +0
    -104
      crypto/random.go
  4. +0
    -1
      crypto/xsalsa20symmetric/symmetric.go
  5. +0
    -4
      crypto/xsalsa20symmetric/symmetric_test.go

+ 3
- 0
CHANGELOG.md View File

@ -17,10 +17,13 @@ Special thanks to external contributors on this release:
native secp256k1 signing. Note we still modify the signature encoding to native secp256k1 signing. Note we still modify the signature encoding to
prevent malleability. prevent malleability.
- Support the libsecp256k1 library via CGo through the `go-ethereum/crypto/secp256k1` package. - Support the libsecp256k1 library via CGo through the `go-ethereum/crypto/secp256k1` package.
- Eliminate MixEntropy functions
### BREAKING CHANGES: ### BREAKING CHANGES:
* Go API * Go API
- [crypto] [\#3278](https://github.com/tendermint/tendermint/issues/3278) Remove
MixEntropy functions
- [types] [\#3245](https://github.com/tendermint/tendermint/issues/3245) Commit uses `type CommitSig Vote` instead of `Vote` directly. - [types] [\#3245](https://github.com/tendermint/tendermint/issues/3245) Commit uses `type CommitSig Vote` instead of `Vote` directly.
In preparation for removing redundant fields from the commit [\#1648](https://github.com/tendermint/tendermint/issues/1648) In preparation for removing redundant fields from the commit [\#1648](https://github.com/tendermint/tendermint/issues/1648)


+ 1
- 0
README.md View File

@ -96,6 +96,7 @@ include the in-process Go APIs.
That said, breaking changes in the following packages will be documented in the That said, breaking changes in the following packages will be documented in the
CHANGELOG even if they don't lead to MINOR version bumps: CHANGELOG even if they don't lead to MINOR version bumps:
- crypto
- types - types
- rpc/client - rpc/client
- config - config


+ 0
- 104
crypto/random.go View File

@ -1,42 +1,11 @@
package crypto package crypto
import ( import (
"crypto/cipher"
crand "crypto/rand" crand "crypto/rand"
"crypto/sha256"
"encoding/hex" "encoding/hex"
"io" "io"
"sync"
"golang.org/x/crypto/chacha20poly1305"
) )
// NOTE: This is ignored for now until we have time
// to properly review the MixEntropy function - https://github.com/tendermint/tendermint/issues/2099.
//
// The randomness here is derived from xoring a chacha20 keystream with
// output from crypto/rand's OS Entropy Reader. (Due to fears of the OS'
// entropy being backdoored)
//
// For forward secrecy of produced randomness, the internal chacha key is hashed
// and thereby rotated after each call.
var gRandInfo *randInfo
func init() {
gRandInfo = &randInfo{}
// TODO: uncomment after reviewing MixEntropy -
// https://github.com/tendermint/tendermint/issues/2099
// gRandInfo.MixEntropy(randBytes(32)) // Init
}
// WARNING: This function needs review - https://github.com/tendermint/tendermint/issues/2099.
// Mix additional bytes of randomness, e.g. from hardware, user-input, etc.
// It is OK to call it multiple times. It does not diminish security.
func MixEntropy(seedBytes []byte) {
gRandInfo.MixEntropy(seedBytes)
}
// This only uses the OS's randomness // This only uses the OS's randomness
func randBytes(numBytes int) []byte { func randBytes(numBytes int) []byte {
b := make([]byte, numBytes) b := make([]byte, numBytes)
@ -52,19 +21,6 @@ func CRandBytes(numBytes int) []byte {
return randBytes(numBytes) return randBytes(numBytes)
} }
/* TODO: uncomment after reviewing MixEntropy - https://github.com/tendermint/tendermint/issues/2099
// This uses the OS and the Seed(s).
func CRandBytes(numBytes int) []byte {
return randBytes(numBytes)
b := make([]byte, numBytes)
_, err := gRandInfo.Read(b)
if err != nil {
panic(err)
}
return b
}
*/
// CRandHex returns a hex encoded string that's floor(numDigits/2) * 2 long. // CRandHex returns a hex encoded string that's floor(numDigits/2) * 2 long.
// //
// Note: CRandHex(24) gives 96 bits of randomness that // Note: CRandHex(24) gives 96 bits of randomness that
@ -77,63 +33,3 @@ func CRandHex(numDigits int) string {
func CReader() io.Reader { func CReader() io.Reader {
return crand.Reader return crand.Reader
} }
/* TODO: uncomment after reviewing MixEntropy - https://github.com/tendermint/tendermint/issues/2099
// Returns a crand.Reader mixed with user-supplied entropy
func CReader() io.Reader {
return gRandInfo
}
*/
//--------------------------------------------------------------------------------
type randInfo struct {
mtx sync.Mutex
seedBytes [chacha20poly1305.KeySize]byte
chacha cipher.AEAD
reader io.Reader
}
// You can call this as many times as you'd like.
// XXX/TODO: review - https://github.com/tendermint/tendermint/issues/2099
func (ri *randInfo) MixEntropy(seedBytes []byte) {
ri.mtx.Lock()
defer ri.mtx.Unlock()
// Make new ri.seedBytes using passed seedBytes and current ri.seedBytes:
// ri.seedBytes = sha256( seedBytes || ri.seedBytes )
h := sha256.New()
h.Write(seedBytes)
h.Write(ri.seedBytes[:])
hashBytes := h.Sum(nil)
copy(ri.seedBytes[:], hashBytes)
chacha, err := chacha20poly1305.New(ri.seedBytes[:])
if err != nil {
panic("Initializing chacha20 failed")
}
ri.chacha = chacha
// Create new reader
ri.reader = &cipher.StreamReader{S: ri, R: crand.Reader}
}
func (ri *randInfo) XORKeyStream(dst, src []byte) {
// nonce being 0 is safe due to never re-using a key.
emptyNonce := make([]byte, 12)
tmpDst := ri.chacha.Seal([]byte{}, emptyNonce, src, []byte{0})
// this removes the poly1305 tag as well, since chacha is a stream cipher
// and we truncate at input length.
copy(dst, tmpDst[:len(src)])
// hash seedBytes for forward secrecy, and initialize new chacha instance
newSeed := sha256.Sum256(ri.seedBytes[:])
chacha, err := chacha20poly1305.New(newSeed[:])
if err != nil {
panic("Initializing chacha20 failed")
}
ri.chacha = chacha
}
func (ri *randInfo) Read(b []byte) (n int, err error) {
ri.mtx.Lock()
n, err = ri.reader.Read(b)
ri.mtx.Unlock()
return
}

+ 0
- 1
crypto/xsalsa20symmetric/symmetric.go View File

@ -17,7 +17,6 @@ const secretLen = 32
// secret must be 32 bytes long. Use something like Sha256(Bcrypt(passphrase)) // secret must be 32 bytes long. Use something like Sha256(Bcrypt(passphrase))
// The ciphertext is (secretbox.Overhead + 24) bytes longer than the plaintext. // The ciphertext is (secretbox.Overhead + 24) bytes longer than the plaintext.
// NOTE: call crypto.MixEntropy() first.
func EncryptSymmetric(plaintext []byte, secret []byte) (ciphertext []byte) { func EncryptSymmetric(plaintext []byte, secret []byte) (ciphertext []byte) {
if len(secret) != secretLen { if len(secret) != secretLen {
cmn.PanicSanity(fmt.Sprintf("Secret must be 32 bytes long, got len %v", len(secret))) cmn.PanicSanity(fmt.Sprintf("Secret must be 32 bytes long, got len %v", len(secret)))


+ 0
- 4
crypto/xsalsa20symmetric/symmetric_test.go View File

@ -13,8 +13,6 @@ import (
func TestSimple(t *testing.T) { func TestSimple(t *testing.T) {
crypto.MixEntropy([]byte("someentropy"))
plaintext := []byte("sometext") plaintext := []byte("sometext")
secret := []byte("somesecretoflengththirtytwo===32") secret := []byte("somesecretoflengththirtytwo===32")
ciphertext := EncryptSymmetric(plaintext, secret) ciphertext := EncryptSymmetric(plaintext, secret)
@ -26,8 +24,6 @@ func TestSimple(t *testing.T) {
func TestSimpleWithKDF(t *testing.T) { func TestSimpleWithKDF(t *testing.T) {
crypto.MixEntropy([]byte("someentropy"))
plaintext := []byte("sometext") plaintext := []byte("sometext")
secretPass := []byte("somesecret") secretPass := []byte("somesecret")
secret, err := bcrypt.GenerateFromPassword(secretPass, 12) secret, err := bcrypt.GenerateFromPassword(secretPass, 12)


Loading…
Cancel
Save