Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
L
linux
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
linux
Commits
c92e040d
Commit
c92e040d
authored
May 04, 2016
by
Theodore Ts'o
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
random: add backtracking protection to the CRNG
Signed-off-by:
Theodore Ts'o
<
tytso@mit.edu
>
parent
1e7f583a
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
49 additions
and
5 deletions
+49
-5
drivers/char/random.c
drivers/char/random.c
+49
-5
No files found.
drivers/char/random.c
View file @
c92e040d
...
...
@@ -438,7 +438,8 @@ static int crng_init_cnt = 0;
#define CRNG_INIT_CNT_THRESH (2*CHACHA20_KEY_SIZE)
static
void
_extract_crng
(
struct
crng_state
*
crng
,
__u8
out
[
CHACHA20_BLOCK_SIZE
]);
static
void
extract_crng
(
__u8
out
[
CHACHA20_BLOCK_SIZE
]);
static
void
_crng_backtrack_protect
(
struct
crng_state
*
crng
,
__u8
tmp
[
CHACHA20_BLOCK_SIZE
],
int
used
);
static
void
process_random_ready_list
(
void
);
/**********************************************************************
...
...
@@ -826,8 +827,11 @@ static void crng_reseed(struct crng_state *crng, struct entropy_store *r)
num
=
extract_entropy
(
r
,
&
buf
,
32
,
16
,
0
);
if
(
num
==
0
)
return
;
}
else
}
else
{
_extract_crng
(
&
primary_crng
,
buf
.
block
);
_crng_backtrack_protect
(
&
primary_crng
,
buf
.
block
,
CHACHA20_KEY_SIZE
);
}
spin_lock_irqsave
(
&
primary_crng
.
lock
,
flags
);
for
(
i
=
0
;
i
<
8
;
i
++
)
{
unsigned
long
rv
;
...
...
@@ -889,9 +893,46 @@ static void extract_crng(__u8 out[CHACHA20_BLOCK_SIZE])
_extract_crng
(
crng
,
out
);
}
/*
* Use the leftover bytes from the CRNG block output (if there is
* enough) to mutate the CRNG key to provide backtracking protection.
*/
static
void
_crng_backtrack_protect
(
struct
crng_state
*
crng
,
__u8
tmp
[
CHACHA20_BLOCK_SIZE
],
int
used
)
{
unsigned
long
flags
;
__u32
*
s
,
*
d
;
int
i
;
used
=
round_up
(
used
,
sizeof
(
__u32
));
if
(
used
+
CHACHA20_KEY_SIZE
>
CHACHA20_BLOCK_SIZE
)
{
extract_crng
(
tmp
);
used
=
0
;
}
spin_lock_irqsave
(
&
crng
->
lock
,
flags
);
s
=
(
__u32
*
)
&
tmp
[
used
];
d
=
&
crng
->
state
[
4
];
for
(
i
=
0
;
i
<
8
;
i
++
)
*
d
++
^=
*
s
++
;
spin_unlock_irqrestore
(
&
crng
->
lock
,
flags
);
}
static
void
crng_backtrack_protect
(
__u8
tmp
[
CHACHA20_BLOCK_SIZE
],
int
used
)
{
struct
crng_state
*
crng
=
NULL
;
#ifdef CONFIG_NUMA
if
(
crng_node_pool
)
crng
=
crng_node_pool
[
numa_node_id
()];
if
(
crng
==
NULL
)
#endif
crng
=
&
primary_crng
;
_crng_backtrack_protect
(
crng
,
tmp
,
used
);
}
static
ssize_t
extract_crng_user
(
void
__user
*
buf
,
size_t
nbytes
)
{
ssize_t
ret
=
0
,
i
;
ssize_t
ret
=
0
,
i
=
CHACHA20_BLOCK_SIZE
;
__u8
tmp
[
CHACHA20_BLOCK_SIZE
];
int
large_request
=
(
nbytes
>
256
);
...
...
@@ -916,6 +957,7 @@ static ssize_t extract_crng_user(void __user *buf, size_t nbytes)
buf
+=
i
;
ret
+=
i
;
}
crng_backtrack_protect
(
tmp
,
i
);
/* Wipe data just written to memory */
memzero_explicit
(
tmp
,
sizeof
(
tmp
));
...
...
@@ -1473,8 +1515,10 @@ void get_random_bytes(void *buf, int nbytes)
if
(
nbytes
>
0
)
{
extract_crng
(
tmp
);
memcpy
(
buf
,
tmp
,
nbytes
);
memzero_explicit
(
tmp
,
nbytes
);
}
crng_backtrack_protect
(
tmp
,
nbytes
);
}
else
crng_backtrack_protect
(
tmp
,
CHACHA20_BLOCK_SIZE
);
memzero_explicit
(
tmp
,
sizeof
(
tmp
));
}
EXPORT_SYMBOL
(
get_random_bytes
);
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment