mirrors/core-lightning
1
0
Fork 0
mirror of https://github.com/ElementsProject/lightning.git synced 2025-01-18 05:12:45 +01:00
Code Issues Projects Releases Wiki Activity

daemon/pseudorand: be more paranoid with isaac64 output.

Browse Source 
There's no reason to think that the seed isn't reproducable from the
output: we don't want to give away our siphash seed and allow hashbombing,
so seed isaac with the SHA of the seed.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This commit is contained in:
Rusty Russell 2017-03-02 22:51:49 +10:30
parent 293bebbe2d
commit 9387609c7b
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
daemon/pseudorand.c
View File

@ -1,5 +1,6 @@
#include "pseudorand.h"
#include <assert.h>
#include <ccan/crypto/sha256/sha256.h>
#include <ccan/crypto/siphash24/siphash24.h>
#include <ccan/err/err.h>
#include <ccan/isaac/isaac64.h>
@ -16,11 +17,14 @@ static void init_if_needed(void)
{
if (unlikely(!pseudorand_initted)) {
unsigned char seedbuf[16];
struct sha256 sha;
randombytes_buf(seedbuf, sizeof(seedbuf));
isaac64_init(&isaac64, seedbuf, sizeof(seedbuf));
memcpy(&siphashseed, seedbuf, sizeof(siphashseed));
/* In case isaac is reversible, don't leak seed. */
sha256(&sha, seedbuf, sizeof(seedbuf));
isaac64_init(&isaac64, sha.u.u8, sizeof(sha.u.u8));
pseudorand_initted = true;
}
}