Make SecureRandom private

t-bast · t-bast · commit e89eba53eb03 · 2021-09-23T17:48:28.000+02:00
We want to ensure the application doesn't access it directly and instead
uses our utility functions that will mix in additional randomness.
diff --git a/src/commonMain/kotlin/fr/acinq/lightning/crypto/LocalKeyManager.kt b/src/commonMain/kotlin/fr/acinq/lightning/crypto/LocalKeyManager.kt
@@ -3,9 +3,9 @@ package fr.acinq.lightning.crypto
 import fr.acinq.bitcoin.*
 import fr.acinq.bitcoin.DeterministicWallet.derivePrivateKey
 import fr.acinq.bitcoin.DeterministicWallet.hardened
-import fr.acinq.lightning.Lightning.secureRandom
 import fr.acinq.lightning.channel.ChannelKeys
 import fr.acinq.lightning.channel.RecoveredChannelKeys
+import fr.acinq.lightning.Lightning.randomLong
 import fr.acinq.lightning.transactions.Transactions
 
 data class LocalKeyManager(val seed: ByteVector, val chainHash: ByteVector32) : KeyManager {
@@ -58,7 +58,7 @@ data class LocalKeyManager(val seed: ByteVector, val chainHash: ByteVector32) :
 
     override fun newFundingKeyPath(isFunder: Boolean): KeyPath {
         val last = hardened(if (isFunder) 1 else 0)
-        fun next() = secureRandom.nextInt().toLong() and 0xFFFFFFFF
+        fun next() = randomLong() and 0xFFFFFFFF
         return KeyPath(listOf(next(), next(), next(), next(), next(), next(), next(), next(), last))
     }
 
diff --git a/src/commonMain/kotlin/fr/acinq/lightning/eclair.kt b/src/commonMain/kotlin/fr/acinq/lightning/eclair.kt
@@ -10,7 +10,7 @@ import kotlin.random.Random
 
 object Lightning {
 
-    val secureRandom = Random.secure()
+    private val secureRandom = Random.secure()
 
     fun randomBytes(length: Int): ByteArray {
         val buffer = ByteArray(length)
@@ -24,10 +24,14 @@ object Lightning {
 
     fun randomKeyPath(length: Int): KeyPath {
         val path = mutableListOf<Long>()
-        repeat(length) { path.add(secureRandom.nextLong()) }
+        repeat(length) { path.add(randomLong()) }
         return KeyPath(path)
     }
 
+    fun randomLong(): Long {
+        return secureRandom.nextLong()
+    }
+
     fun toLongId(fundingTxHash: ByteVector32, fundingOutputIndex: Int): ByteVector32 {
         require(fundingOutputIndex < 65536) { "fundingOutputIndex must not be greater than FFFF" }
         val x1 = fundingTxHash[30] xor (fundingOutputIndex.shr(8)).toByte()
