Get random bytes properly

cbeuw · Oct 13, 2018 · 83cc8c3 · 83cc8c3
1 parent 0abbe2f
commit 83cc8c3
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 30 deletions.
diff --git a/cmd/gq-client/gq-client.go b/cmd/gq-client/gq-client.go
@@ -3,6 +3,7 @@
 package main
 
 import (
+ "crypto/rand"
  "flag"
  "fmt"
  "io"
@@ -178,7 +179,9 @@ func main() {
  log.Printf("Starting standalone mode. Listening for ss on %v:%v\n", localHost, localPort)
  }
 
- opaque := gqclient.BtoInt(gqclient.CryptoRandBytes(32))
+ opaqueB := make([]byte, 32)
+ io.ReadFull(rand.Reader, opaqueB)
+ opaque := gqclient.BtoInt(opaqueB)
  sta := &gqclient.State{
  SS_LOCAL_HOST: localHost,
  SS_LOCAL_PORT: localPort,

diff --git a/gqclient/auth.go b/gqclient/auth.go
@@ -3,8 +3,10 @@ package gqclient
 import (
  "crypto/aes"
  "crypto/cipher"
+ "crypto/rand"
  "crypto/sha256"
  "fmt"
+ "io"
 )
 
 func encrypt(iv []byte, key []byte, plaintext []byte) []byte {
@@ -21,7 +23,8 @@ func MakeRandomField(sta *State) []byte {
  t := int(sta.Now().Unix()) / (12 * 60 * 60)
  h.Write([]byte(fmt.Sprintf("%v", t) + sta.Key))
  goal := h.Sum(nil)[0:16]
- iv := CryptoRandBytes(16)
+ iv := make([]byte, 16)
+ io.ReadFull(rand.Reader, iv)
  rest := encrypt(iv, sta.AESKey, goal)
  ret := make([]byte, 32)
  copy(ret, iv)

diff --git a/gqclient/util.go b/gqclient/util.go
@@ -1,10 +1,8 @@
 package gqclient
 
 import (
- "crypto/rand"
  "errors"
  "io"
- "math/big"
  prand "math/rand"
  "net"
  "time"
@@ -23,26 +21,11 @@ func BtoInt(b []byte) int {
  return int(sum)
 }
 
-// CryptoRandBytes generates a byte slice filled with cryptographically secure random bytes
-func CryptoRandBytes(length int) []byte {
- byteMax := big.NewInt(int64(256))
- ret := make([]byte, length)
- for i := 0; i < length; i++ {
- randInt, _ := rand.Int(rand.Reader, byteMax)
- randByte := byte(randInt.Int64())
- ret[i] = randByte
- }
- return ret
-}
-
 // PsudoRandBytes returns a byte slice filled with psudorandom bytes generated by the seed
 func PsudoRandBytes(length int, seed int64) []byte {
  prand.Seed(seed)
  ret := make([]byte, length)
- for i := 0; i < length; i++ {
- randByte := byte(prand.Intn(256))
- ret[i] = randByte
- }
+ prand.Read(ret)
  return ret
 }
 
@@ -64,7 +47,7 @@ func ReadTillDrain(conn net.Conn, buffer []byte) (n int, err error) {
  conn.SetReadDeadline(time.Now().Add(3 * time.Second))
  for left != 0 {
  if readPtr > len(buffer) || readPtr+left > len(buffer) {
- err = errors.New("Reading TLS message: actual size greater than header's specification")
+ err = errors.New("Reading TLS message: message size greater than buffer")
  return
  }
  // If left > buffer size (i.e. our message got segmented), the entire MTU is read
@@ -79,8 +62,6 @@ func ReadTillDrain(conn net.Conn, buffer []byte) (n int, err error) {
  readPtr += i
  }
  conn.SetReadDeadline(time.Time{})
-
  n = 5 + dataLength
- buffer = buffer[:n]
  return
 }
diff --git a/gqserver/util.go b/gqserver/util.go
@@ -25,10 +25,7 @@ func BtoInt(b []byte) int {
 func PsudoRandBytes(length int, seed int64) []byte {
  prand.Seed(seed)
  ret := make([]byte, length)
- for i := 0; i < length; i++ {
- randByte := byte(prand.Intn(256))
- ret[i] = randByte
- }
+ prand.Read(ret)
  return ret
 }
 
@@ -50,7 +47,7 @@ func ReadTillDrain(conn net.Conn, buffer []byte) (n int, err error) {
  conn.SetReadDeadline(time.Now().Add(3 * time.Second))
  for left != 0 {
  if readPtr > len(buffer) || readPtr+left > len(buffer) {
- err = errors.New("Reading TLS message: actual size greater than header's specification")
+ err = errors.New("Reading TLS message: message size greater than buffer")
  return
  }
  // If left > buffer size (i.e. our message got segmented), the entire MTU is read
@@ -65,8 +62,6 @@ func ReadTillDrain(conn net.Conn, buffer []byte) (n int, err error) {
  readPtr += i
  }
  conn.SetReadDeadline(time.Time{})
-
  n = 5 + dataLength
- buffer = buffer[:n]
  return
 }