Use chacha in get_secure_random_bytes()

Author: danielgranhao

lightning/src/chain/keysinterface.rs

@@ -21,7 +21,6 @@ use bitcoin::util::sighash;
 
 use bitcoin::bech32::u5;
 use bitcoin::hashes::{Hash, HashEngine};
-use bitcoin::hashes::sha256::HashEngine as Sha256State;
 use bitcoin::hashes::sha256::Hash as Sha256;
 use bitcoin::hashes::sha256d::Hash as Sha256dHash;
 use bitcoin::hash_types::WPubkeyHash;
@@ -47,8 +46,10 @@ use crate::ln::script::ShutdownScript;
 use crate::prelude::*;
 use core::convert::TryInto;
 use core::sync::atomic::{AtomicUsize, Ordering};
+use std::sync::Mutex;
 use crate::io::{self, Error};
 use crate::ln::msgs::{DecodeError, MAX_VALUE_MSAT};
+use crate::util::chacha20::ChaCha20;
 use crate::util::invoice::construct_invoice_preimage;
 
 /// Used as initial key material, to be expanded into multiple secret keys (but not to be used
@@ -967,9 +968,7 @@ pub struct KeysManager {
 	channel_master_key: ExtendedPrivKey,
 	channel_child_index: AtomicUsize,
 
-	rand_bytes_master_key: ExtendedPrivKey,
-	rand_bytes_child_index: AtomicUsize,
-	rand_bytes_unique_start: Sha256State,
+	chacha: Mutex<ChaCha20>,
 
 	seed: [u8; 32],
 	starting_time_secs: u64,
@@ -1015,15 +1014,14 @@ impl KeysManager {
 					Err(_) => panic!("Your RNG is busted"),
 				};
 				let channel_master_key = master_key.ckd_priv(&secp_ctx, ChildNumber::from_hardened_idx(3).unwrap()).expect("Your RNG is busted");
-				let rand_bytes_master_key = master_key.ckd_priv(&secp_ctx, ChildNumber::from_hardened_idx(4).unwrap()).expect("Your RNG is busted");
 				let inbound_payment_key: SecretKey = master_key.ckd_priv(&secp_ctx, ChildNumber::from_hardened_idx(5).unwrap()).expect("Your RNG is busted").private_key;
 				let mut inbound_pmt_key_bytes = [0; 32];
 				inbound_pmt_key_bytes.copy_from_slice(&inbound_payment_key[..]);
 
-				let mut rand_bytes_unique_start = Sha256::engine();
-				rand_bytes_unique_start.input(&starting_time_secs.to_be_bytes());
-				rand_bytes_unique_start.input(&starting_time_nanos.to_be_bytes());
-				rand_bytes_unique_start.input(seed);
+				let mut nonce = Vec::new();
+				nonce.append(&mut starting_time_secs.to_be_bytes().to_vec());
+				nonce.append(&mut starting_time_nanos.to_be_bytes().to_vec());
+				let chacha = Mutex::new(ChaCha20::new(seed, &nonce));
 
 				let mut res = KeysManager {
 					secp_ctx,
@@ -1037,9 +1035,7 @@ impl KeysManager {
 					channel_master_key,
 					channel_child_index: AtomicUsize::new(0),
 
-					rand_bytes_master_key,
-					rand_bytes_child_index: AtomicUsize::new(0),
-					rand_bytes_unique_start,
+					chacha,
 
 					seed: *seed,
 					starting_time_secs,
@@ -1236,14 +1232,11 @@ impl KeysManager {
 
 impl EntropySource for KeysManager {
 	fn get_secure_random_bytes(&self) -> [u8; 32] {
-		let mut sha = self.rand_bytes_unique_start.clone();
+		let mut chacha = self.chacha.lock().unwrap();
 
-		let child_ix = self.rand_bytes_child_index.fetch_add(1, Ordering::AcqRel);
-		let child_privkey = self.rand_bytes_master_key.ckd_priv(&self.secp_ctx, ChildNumber::from_hardened_idx(child_ix as u32).expect("key space exhausted")).expect("Your RNG is busted");
-		sha.input(&child_privkey.private_key[..]);
-
-		sha.input(b"Unique Secure Random Bytes Salt");
-		Sha256::from_engine(sha).into_inner()
+		let mut random_bytes = [0; 32];
+		chacha.process_in_place(&mut random_bytes);
+		random_bytes
 	}
 }