Replacing math/rand by crypto/rand.

cloudflare · Jul 3, 2021 · 92a0ed0 · 92a0ed0
1 parent 9bbb98f
commit 92a0ed0
Show file tree

Hide file tree

Showing 7 changed files with 79 additions and 35 deletions.
diff --git a/pke/kyber/internal/common/field_test.go b/pke/kyber/internal/common/field_test.go
@@ -1,8 +1,9 @@
 package common
 
 import (
+	"crypto/rand"
+	"encoding/binary"
 	"flag"
-	mathRand "math/rand"
 	"testing"
 )
 
@@ -35,9 +36,29 @@ func TestBarrettReduceFull(t *testing.T) {
 	}
 }
 
+func randSliceUint32(N uint) []uint32 {
+	bytes := make([]uint8, 4*N)
+	n, err := rand.Read(bytes)
+	if err != nil {
+		panic(err)
+	} else if n < len(bytes) {
+		panic("short read from RNG")
+	}
+	x := make([]uint32, N)
+	for i := range x {
+		x[i] = binary.LittleEndian.Uint32(bytes[4*i:])
+	}
+	return x
+}
+
 func TestMontReduce(t *testing.T) {
-	for i := 0; i < 1000; i++ {
-		x := mathRand.Int31n(int32(Q)*(1<<16)) - int32(Q)*(1<<15)
+	N := 1000
+	r := randSliceUint32(uint(N))
+	max := uint32(Q) * (1 << 16)
+	mid := int32(Q) * (1 << 15)
+
+	for i := 0; i < N; i++ {
+		x := int32(r[i]%max) - mid
 		y := montReduce(x)
 		if modQ32(x) != modQ32(int32(y)*(1<<16)) {
 			t.Fatalf("%d", x)

diff --git a/pke/kyber/internal/common/ntt_test.go b/pke/kyber/internal/common/ntt_test.go
@@ -1,9 +1,6 @@
 package common
 
-import (
-	mathRand "math/rand"
-	"testing"
-)
+import "testing"
 
 func BenchmarkNTT(b *testing.B) {
 	var a Poly
@@ -34,14 +31,18 @@ func BenchmarkInvNTTGeneric(b *testing.B) {
 }
 
 func (p *Poly) Rand() {
+	r := randSliceUint32(uint(N))
+	max := uint32(Q)
 	for i := 0; i < N; i++ {
-		p[i] = int16(mathRand.Intn(int(Q)))
+		p[i] = int16(r[i] % max)
 	}
 }
 
 func (p *Poly) RandAbsLeQ() {
+	r := randSliceUint32(uint(N))
+	max := 2 * uint32(Q)
 	for i := 0; i < N; i++ {
-		p[i] = int16(mathRand.Intn(int(2*Q))) - Q
+		p[i] = int16(int32(r[i]%max) - int32(Q))
 	}
 }
 

diff --git a/pke/kyber/internal/common/poly_test.go b/pke/kyber/internal/common/poly_test.go
@@ -1,15 +1,16 @@
 package common
 
 import (
-	cryptoRand "crypto/rand"
+	"crypto/rand"
 	"fmt"
-	mathRand "math/rand"
 	"testing"
 )
 
 func (p *Poly) RandAbsLe9Q() {
+	r := randSliceUint32(uint(N))
+	max := 9 * uint32(Q)
 	for i := 0; i < N; i++ {
-		p[i] = int16(mathRand.Intn(18*int(Q) - 9*int(Q)))
+		p[i] = int16(int32(r[i] % max))
 	}
 }
 
@@ -26,7 +27,11 @@ func TestDecompressMessage(t *testing.T) {
 	var m, m2 [PlaintextSize]byte
 	var p Poly
 	for i := 0; i < 1000; i++ {
-		_, _ = cryptoRand.Read(m[:])
+		_, err := rand.Read(m[:])
+		if err != nil {
+			t.Error(err)
+		}
+
 		p.DecompressMessage(m[:])
 		p.CompressMessageTo(m2[:])
 		if m != m2 {

diff --git a/sign/dilithium/internal/common/field_test.go b/sign/dilithium/internal/common/field_test.go
@@ -1,16 +1,34 @@
 package common
 
 import (
+	"crypto/rand"
+	"encoding/binary"
 	"flag"
-	"math/rand"
 	"testing"
 )
 
 var runVeryLongTest = flag.Bool("very-long", false, "runs very long tests")
 
+func randSliceUint32(N uint) []uint32 {
+	bytes := make([]uint8, 4*N)
+	n, err := rand.Read(bytes)
+	if err != nil {
+		panic(err)
+	} else if n < len(bytes) {
+		panic("short read from RNG")
+	}
+	x := make([]uint32, N)
+	for i := range x {
+		x[i] = binary.LittleEndian.Uint32(bytes[4*i:])
+	}
+	return x
+}
+
 func TestModQ(t *testing.T) {
-	for i := 0; i < 1000; i++ {
-		x := rand.Uint32()
+	const testTimes = 1000
+	r := randSliceUint32(testTimes)
+	for i := 0; i < testTimes; i++ {
+		x := r[i]
 		y := modQ(x)
 		if y > Q {
 			t.Fatalf("modQ(%d) > Q", x)
@@ -22,8 +40,10 @@ func TestModQ(t *testing.T) {
 }
 
 func TestReduceLe2Q(t *testing.T) {
-	for i := 0; i < 1000; i++ {
-		x := rand.Uint32()
+	const testTimes = 1000
+	r := randSliceUint32(testTimes)
+	for i := 0; i < testTimes; i++ {
+		x := r[i]
 		y := reduceLe2Q(x)
 		if y > 2*Q {
 			t.Fatalf("reduce_le2q(%d) > 2Q", x)

diff --git a/sign/dilithium/internal/common/ntt_test.go b/sign/dilithium/internal/common/ntt_test.go
@@ -1,13 +1,12 @@
 package common
 
-import (
-	"math/rand"
-	"testing"
-)
+import "testing"
 
 func (p *Poly) RandLe2Q() {
+	r := randSliceUint32(N)
+	max := 2 * uint32(Q)
 	for i := uint(0); i < N; i++ {
-		p[i] = uint32(rand.Intn(int(2 * Q)))
+		p[i] = r[i] % max
 	}
 }
 

diff --git a/sign/dilithium/internal/common/pack_test.go b/sign/dilithium/internal/common/pack_test.go
@@ -1,16 +1,19 @@
 package common
 
 import (
-	"math/rand"
+	"crypto/rand"
 	"testing"
 )
 
 func TestPackLe16AgainstGeneric(t *testing.T) {
 	var p Poly
 	var buf1, buf2 [PolyLe16Size]byte
+	pp := make([]uint8, 256)
+
 	for j := 0; j < 1000; j++ {
+		_, _ = rand.Read(pp)
 		for i := 0; i < 256; i++ {
-			p[i] = uint32(rand.Intn(16))
+			p[i] = uint32(pp[i] & 0xF)
 		}
 		p.PackLe16(buf1[:])
 		p.packLe16Generic(buf2[:])

diff --git a/sign/dilithium/internal/common/poly_test.go b/sign/dilithium/internal/common/poly_test.go
@@ -1,9 +1,6 @@
 package common
 
-import (
-	"math/rand"
-	"testing"
-)
+import "testing"
 
 func TestExceeds(t *testing.T) {
 	for i := 0; i < N; i++ {
@@ -116,9 +113,8 @@ func TestMulHatAgainstGeneric(t *testing.T) {
 func TestReduceLe2QAgainstGeneric(t *testing.T) {
 	for k := 0; k < 1000; k++ {
 		var a Poly
-		for j := 0; j < N; j++ {
-			a[j] = rand.Uint32()
-		}
+		r := randSliceUint32(N)
+		copy(a[:], r)
 		p1 := a
 		p2 := a
 		p1.reduceLe2QGeneric()
@@ -132,9 +128,8 @@ func TestReduceLe2QAgainstGeneric(t *testing.T) {
 func TestNormalizeAgainstGeneric(t *testing.T) {
 	for k := 0; k < 1000; k++ {
 		var a Poly
-		for j := 0; j < N; j++ {
-			a[j] = rand.Uint32()
-		}
+		r := randSliceUint32(N)
+		copy(a[:], r)
 		p1 := a
 		p2 := a
 		p1.normalizeGeneric()