From 0eb2386ef0e94bee0a240a767a816be67d9f5c83 Mon Sep 17 00:00:00 2001
From: Luke Parker <lukeparker5132@gmail.com>
Date: Sun, 22 May 2022 15:56:12 -0400
Subject: [PATCH] Have the C++ RNG apply a DST

---
 coins/monero/c/wrapper.cpp | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/coins/monero/c/wrapper.cpp b/coins/monero/c/wrapper.cpp
index 69b534a0..8040e5e2 100644
--- a/coins/monero/c/wrapper.cpp
+++ b/coins/monero/c/wrapper.cpp
@@ -5,11 +5,15 @@
 #include "ringct/bulletproofs.h"
 #include "ringct/rctSigs.h"
 
+typedef std::lock_guard<std::mutex> lock;
 std::mutex rng_mutex;
-char rng_entropy[64];
+
+uint8_t rng_entropy[64];
 void rng(uint8_t* seed) {
+  // Set the first half to the seed
   memcpy(rng_entropy, seed, 32);
-  memset(&rng_entropy[32], 0, 32);
+  // Set the second half to the hash of a DST to ensure a lack of collisions
+  crypto::cn_fast_hash("RNG_entropy_seed", 16, (char*) &rng_entropy[32]);
 }
 
 extern "C" {
@@ -41,7 +45,7 @@ extern "C" {
   }
 
   uint8_t* c_generate_bp(uint8_t* seed, uint8_t len, uint64_t* a, uint8_t* m) {
-    std::lock_guard<std::mutex> guard(rng_mutex);
+    lock guard(rng_mutex);
     rng(seed);
 
     rct::keyV masks;
@@ -70,7 +74,7 @@ extern "C" {
     // That's why this must also have control over RNG, to prevent interrupting multisig signing
     // while not using known seeds. Considering this doesn't actually define a batch,
     // and it's only verifying a single BP, it'd probably be fine, but...
-    std::lock_guard<std::mutex> guard(rng_mutex);
+    lock guard(rng_mutex);
     rng(seed);
 
     rct::Bulletproof bp;