summaryrefslogtreecommitdiff
path: root/drbg/hash_drbg.go
diff options
context:
space:
mode:
Diffstat (limited to 'drbg/hash_drbg.go')
-rw-r--r--drbg/hash_drbg.go145
1 files changed, 145 insertions, 0 deletions
diff --git a/drbg/hash_drbg.go b/drbg/hash_drbg.go
new file mode 100644
index 0000000..13cc188
--- /dev/null
+++ b/drbg/hash_drbg.go
@@ -0,0 +1,145 @@
+/*
+ * Copyright (c) 2014, Yawning Angel <yawning at torproject dot org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+// Package drbg implements a minimalistic DRBG based off SipHash-2-4 in OFB
+// mode.
+package drbg
+
+import (
+ "encoding/base64"
+ "encoding/binary"
+ "fmt"
+ "hash"
+
+ "github.com/dchest/siphash"
+
+ "github.com/yawning/obfs4/csrand"
+)
+
+// Size is the length of the HashDrbg output.
+const Size = siphash.Size
+
+// SeedLength is the length of the HashDrbg seed.
+const SeedLength = 32
+
+// Seed is the initial state for a HashDrbg. It consists of a SipHash-2-4
+// key, and 16 bytes of initial data.
+type Seed [SeedLength]byte
+
+// Bytes returns a pointer to the raw HashDrbg seed.
+func (seed *Seed) Bytes() *[SeedLength]byte {
+ return (*[SeedLength]byte)(seed)
+}
+
+// Base64 returns the Base64 representation of the seed.
+func (seed *Seed) Base64() string {
+ return base64.StdEncoding.EncodeToString(seed.Bytes()[:])
+}
+
+// NewSeed returns a Seed initialized with the runtime CSPRNG.
+func NewSeed() (seed *Seed, err error) {
+ seed = new(Seed)
+ err = csrand.Bytes(seed.Bytes()[:])
+ if err != nil {
+ return nil, err
+ }
+
+ return
+}
+
+// SeedFromBytes creates a Seed from the raw bytes.
+func SeedFromBytes(src []byte) (seed *Seed, err error) {
+ if len(src) != SeedLength {
+ return nil, InvalidSeedLengthError(len(src))
+ }
+
+ seed = new(Seed)
+ copy(seed.Bytes()[:], src)
+
+ return
+}
+
+// SeedFromBase64 creates a Seed from the Base64 representation.
+func SeedFromBase64(encoded string) (seed *Seed, err error) {
+ var raw []byte
+ raw, err = base64.StdEncoding.DecodeString(encoded)
+ if err != nil {
+ return nil, err
+ }
+
+ return SeedFromBytes(raw)
+}
+
+// InvalidSeedLengthError is the error returned when the seed provided to the
+// DRBG is an invalid length.
+type InvalidSeedLengthError int
+
+func (e InvalidSeedLengthError) Error() string {
+ return fmt.Sprintf("invalid seed length: %d", int(e))
+}
+
+// HashDrbg is a CSDRBG based off of SipHash-2-4 in OFB mode.
+type HashDrbg struct {
+ sip hash.Hash64
+ ofb [Size]byte
+}
+
+// NewHashDrbg makes a HashDrbg instance based off an optional seed. The seed
+// is truncated to SeedLength.
+func NewHashDrbg(seed *Seed) *HashDrbg {
+ drbg := new(HashDrbg)
+ drbg.sip = siphash.New(seed.Bytes()[:16])
+ copy(drbg.ofb[:], seed.Bytes()[16:])
+
+ return drbg
+}
+
+// Int63 returns a uniformly distributed random integer [0, 1 << 63).
+func (drbg *HashDrbg) Int63() int64 {
+ block := drbg.NextBlock()
+ ret := binary.BigEndian.Uint64(block)
+ ret &= (1<<63 - 1)
+
+ return int64(ret)
+}
+
+// Seed does nothing, call NewHashDrbg if you want to reseed.
+func (drbg *HashDrbg) Seed(seed int64) {
+ // No-op.
+}
+
+// NextBlock returns the next 8 byte DRBG block.
+func (drbg *HashDrbg) NextBlock() []byte {
+ drbg.sip.Write(drbg.ofb[:])
+ copy(drbg.ofb[:], drbg.sip.Sum(nil))
+
+ ret := make([]byte, Size)
+ copy(ret, drbg.ofb[:])
+ return ret
+}
+
+/* vim :set ts=4 sw=4 sts=4 noet : */