1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
// Copyright 2010 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
// Plan9 cryptographically secure pseudorandom number
// generator.
package rand
import (
"crypto/aes"
"encoding/binary"
"io"
"os"
"sync"
"time"
)
const randomDevice = "/dev/random"
func init() {
Reader = &reader{}
}
// reader is a new pseudorandom generator that seeds itself by
// reading from /dev/random. The Read method on the returned
// reader always returns the full amount asked for, or else it
// returns an error. The generator is a fast key erasure RNG.
type reader struct {
mu sync.Mutex
seeded sync.Once
seedErr error
key [32]byte
}
func (r *reader) Read(b []byte) (n int, err error) {
r.seeded.Do(func() {
t := time.AfterFunc(time.Minute, func() {
println("crypto/rand: blocked for 60 seconds waiting to read random data from the kernel")
})
defer t.Stop()
entropy, err := os.Open(randomDevice)
if err != nil {
r.seedErr = err
return
}
_, r.seedErr = io.ReadFull(entropy, r.key[:])
})
if r.seedErr != nil {
return 0, r.seedErr
}
r.mu.Lock()
blockCipher, err := aes.NewCipher(r.key[:])
if err != nil {
r.mu.Unlock()
return 0, err
}
var (
counter uint64
block [aes.BlockSize]byte
)
inc := func() {
counter++
if counter == 0 {
panic("crypto/rand counter wrapped")
}
binary.LittleEndian.PutUint64(block[:], counter)
}
blockCipher.Encrypt(r.key[:aes.BlockSize], block[:])
inc()
blockCipher.Encrypt(r.key[aes.BlockSize:], block[:])
inc()
r.mu.Unlock()
n = len(b)
for len(b) >= aes.BlockSize {
blockCipher.Encrypt(b[:aes.BlockSize], block[:])
inc()
b = b[aes.BlockSize:]
}
if len(b) > 0 {
blockCipher.Encrypt(block[:], block[:])
copy(b, block[:])
}
return n, nil
}
|
