cluster-bootstrap: make randBytes() be in constant-time

The function generates bytes in the x={0-252} range and then
applies an y=(x mod 36) to obtain allowed token characters
from validBootstrapTokenChars[y].

Instead of using crypto/rand.Reader, use crypto/rand.Int()
that operates in the val={0-len(validBootstrapTokenChars))}.

Once a random index is generated, use simple operations
to obtain a random character in the a-z,0-9 character range.
This makes the character generation in constant-time.
This commit is contained in:
Lubomir I. Ivanov
2023-09-04 12:44:48 +03:00
parent cd04f47e8b
commit 5c80007ecc

View File

@@ -17,9 +17,9 @@ limitations under the License.
package util
import (
"bufio"
"crypto/rand"
"fmt"
"math/big"
"regexp"
"strings"
@@ -59,29 +59,21 @@ func GenerateBootstrapToken() (string, error) {
// randBytes returns a random string consisting of the characters in
// validBootstrapTokenChars, with the length customized by the parameter
func randBytes(length int) (string, error) {
// len("0123456789abcdefghijklmnopqrstuvwxyz") = 36 which doesn't evenly divide
// the possible values of a byte: 256 mod 36 = 4. Discard any random bytes we
// read that are >= 252 so the bytes we evenly divide the character set.
const maxByteValue = 252
var (
b byte
err error
token = make([]byte, length)
max = new(big.Int).SetUint64(uint64(len(validBootstrapTokenChars)))
)
reader := bufio.NewReaderSize(rand.Reader, length*2)
for i := range token {
for {
if b, err = reader.ReadByte(); err != nil {
return "", err
}
if b < maxByteValue {
break
}
val, err := rand.Int(rand.Reader, max)
if err != nil {
return "", fmt.Errorf("could not generate random integer: %w", err)
}
token[i] = validBootstrapTokenChars[int(b)%len(validBootstrapTokenChars)]
// Use simple operations in constant-time to obtain a byte in the a-z,0-9
// character range
x := val.Uint64()
res := x + 48 + (39 & ((9 - x) >> 8))
token[i] = byte(res)
}
return string(token), nil