| // Copyright 2023 The Go Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style |
| // license that can be found in the LICENSE file. |
| |
| package rand |
| |
| import ( |
| "errors" |
| "internal/byteorder" |
| "internal/chacha8rand" |
| ) |
| |
| // A ChaCha8 is a ChaCha8-based cryptographically strong |
| // random number generator. |
| type ChaCha8 struct { |
| state chacha8rand.State |
| |
| // The last readLen bytes of readBuf are still to be consumed by Read. |
| readBuf [8]byte |
| readLen int // 0 <= readLen <= 8 |
| } |
| |
| // NewChaCha8 returns a new ChaCha8 seeded with the given seed. |
| func NewChaCha8(seed [32]byte) *ChaCha8 { |
| c := new(ChaCha8) |
| c.state.Init(seed) |
| return c |
| } |
| |
| // Seed resets the ChaCha8 to behave the same way as NewChaCha8(seed). |
| func (c *ChaCha8) Seed(seed [32]byte) { |
| c.state.Init(seed) |
| c.readLen = 0 |
| c.readBuf = [8]byte{} |
| } |
| |
| // Uint64 returns a uniformly distributed random uint64 value. |
| func (c *ChaCha8) Uint64() uint64 { |
| for { |
| x, ok := c.state.Next() |
| if ok { |
| return x |
| } |
| c.state.Refill() |
| } |
| } |
| |
| // Read reads exactly len(p) bytes into p. |
| // It always returns len(p) and a nil error. |
| // |
| // If calls to Read and Uint64 are interleaved, the order in which bits are |
| // returned by the two is undefined, and Read may return bits generated before |
| // the last call to Uint64. |
| func (c *ChaCha8) Read(p []byte) (n int, err error) { |
| if c.readLen > 0 { |
| n = copy(p, c.readBuf[len(c.readBuf)-c.readLen:]) |
| c.readLen -= n |
| p = p[n:] |
| } |
| for len(p) >= 8 { |
| byteorder.LePutUint64(p, c.Uint64()) |
| p = p[8:] |
| n += 8 |
| } |
| if len(p) > 0 { |
| byteorder.LePutUint64(c.readBuf[:], c.Uint64()) |
| n += copy(p, c.readBuf[:]) |
| c.readLen = 8 - len(p) |
| } |
| return |
| } |
| |
| // UnmarshalBinary implements the encoding.BinaryUnmarshaler interface. |
| func (c *ChaCha8) UnmarshalBinary(data []byte) error { |
| data, ok := cutPrefix(data, []byte("readbuf:")) |
| if ok { |
| var buf []byte |
| buf, data, ok = readUint8LengthPrefixed(data) |
| if !ok { |
| return errors.New("invalid ChaCha8 Read buffer encoding") |
| } |
| c.readLen = copy(c.readBuf[len(c.readBuf)-len(buf):], buf) |
| } |
| return chacha8rand.Unmarshal(&c.state, data) |
| } |
| |
| func cutPrefix(s, prefix []byte) (after []byte, found bool) { |
| if len(s) < len(prefix) || string(s[:len(prefix)]) != string(prefix) { |
| return s, false |
| } |
| return s[len(prefix):], true |
| } |
| |
| func readUint8LengthPrefixed(b []byte) (buf, rest []byte, ok bool) { |
| if len(b) == 0 || len(b) < int(1+b[0]) { |
| return nil, nil, false |
| } |
| return b[1 : 1+b[0]], b[1+b[0]:], true |
| } |
| |
| // MarshalBinary implements the encoding.BinaryMarshaler interface. |
| func (c *ChaCha8) MarshalBinary() ([]byte, error) { |
| if c.readLen > 0 { |
| out := []byte("readbuf:") |
| out = append(out, uint8(c.readLen)) |
| out = append(out, c.readBuf[len(c.readBuf)-c.readLen:]...) |
| return append(out, chacha8rand.Marshal(&c.state)...), nil |
| } |
| return chacha8rand.Marshal(&c.state), nil |
| } |