1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
|
// Copyright 2010 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
// Package rand implements a cryptographically secure
// pseudorandom number generator.
package rand
import (
"crypto/aes"
"io"
"os"
"sync"
"time"
)
// Reader is a global, shared instance of a cryptographically
// strong pseudo-random generator.
var Reader io.Reader
// Read is a helper function that calls Reader.Read.
func Read(b []byte) (n int, err os.Error) { return Reader.Read(b) }
// Easy implementation: read from /dev/urandom.
// This is sufficient on Linux, OS X, and FreeBSD.
func init() { Reader = &devReader{name: "/dev/urandom"} }
// A devReader satisfies reads by reading the file named name.
type devReader struct {
name string
f *os.File
mu sync.Mutex
}
func (r *devReader) Read(b []byte) (n int, err os.Error) {
r.mu.Lock()
if r.f == nil {
f, err := os.Open(r.name, os.O_RDONLY, 0)
if f == nil {
return 0, err
}
r.f = f
}
r.mu.Unlock()
return r.f.Read(b)
}
// Alternate pseudo-random implementation for use on
// systems without a reliable /dev/urandom. So far we
// haven't needed it.
// newReader returns a new pseudorandom generator that
// seeds itself by reading from entropy. If entropy == nil,
// the generator seeds itself by reading from the system's
// random number generator, typically /dev/random.
// The Read method on the returned reader always returns
// the full amount asked for, or else it returns an error.
//
// The generator uses the X9.31 algorithm with AES-128,
// reseeding after every 1 MB of generated data.
func newReader(entropy io.Reader) io.Reader {
if entropy == nil {
entropy = &devReader{name: "/dev/random"}
}
return &reader{entropy: entropy}
}
type reader struct {
mu sync.Mutex
budget int // number of bytes that can be generated
cipher *aes.Cipher
entropy io.Reader
time, seed, dst, key [aes.BlockSize]byte
}
func (r *reader) Read(b []byte) (n int, err os.Error) {
r.mu.Lock()
defer r.mu.Unlock()
n = len(b)
for len(b) > 0 {
if r.budget == 0 {
_, err := io.ReadFull(r.entropy, r.seed[0:])
if err != nil {
return n - len(b), err
}
_, err = io.ReadFull(r.entropy, r.key[0:])
if err != nil {
return n - len(b), err
}
r.cipher, err = aes.NewCipher(r.key[0:])
if err != nil {
return n - len(b), err
}
r.budget = 1 << 20 // reseed after generating 1MB
}
r.budget -= aes.BlockSize
// ANSI X9.31 (== X9.17) algorithm, but using AES in place of 3DES.
//
// single block:
// t = encrypt(time)
// dst = encrypt(t^seed)
// seed = encrypt(t^dst)
ns := time.Nanoseconds()
r.time[0] = byte(ns >> 56)
r.time[1] = byte(ns >> 48)
r.time[2] = byte(ns >> 40)
r.time[3] = byte(ns >> 32)
r.time[4] = byte(ns >> 24)
r.time[5] = byte(ns >> 16)
r.time[6] = byte(ns >> 8)
r.time[7] = byte(ns)
r.cipher.Encrypt(r.time[0:], r.time[0:])
for i := 0; i < aes.BlockSize; i++ {
r.dst[i] = r.time[i] ^ r.seed[i]
}
r.cipher.Encrypt(r.dst[0:], r.dst[0:])
for i := 0; i < aes.BlockSize; i++ {
r.seed[i] = r.time[i] ^ r.dst[i]
}
r.cipher.Encrypt(r.seed[0:], r.seed[0:])
m := copy(b, r.dst[0:])
b = b[m:]
}
return n, nil
}
|
