From: Pavel Machek <pavel@ucw.cz>
To: Theodore Ts'o <tytso@mit.edu>
Cc: Linux Kernel Developers List <linux-kernel@vger.kernel.org>,
linux-crypto@vger.kernel.org, smueller@chronox.de,
herbert@gondor.apana.org.au, andi@firstfloor.org,
sandyinchina@gmail.com, jsd@av8n.com, hpa@zytor.com
Subject: Re: [PATCH 7/7] random: add backtracking protection to the CRNG
Date: Sun, 26 Jun 2016 20:47:53 +0200 [thread overview]
Message-ID: <20160626184753.GB11162@amd> (raw)
In-Reply-To: <1465832919-11316-8-git-send-email-tytso@mit.edu>
On Mon 2016-06-13 11:48:39, Theodore Ts'o wrote:
> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
> ---
> drivers/char/random.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++-----
> 1 file changed, 49 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/char/random.c b/drivers/char/random.c
> index d640865..963a6a9 100644
> --- a/drivers/char/random.c
> +++ b/drivers/char/random.c
> @@ -436,7 +436,8 @@ static int crng_init = 0;
> #define crng_ready() (likely(crng_init > 0))
> static void _extract_crng(struct crng_state *crng,
> __u8 out[CHACHA20_BLOCK_SIZE]);
> -static void extract_crng(__u8 out[CHACHA20_BLOCK_SIZE]);
> +static void _crng_backtrack_protect(struct crng_state *crng,
> + __u8 tmp[CHACHA20_BLOCK_SIZE], int used);
> static void process_random_ready_list(void);
You can do u8 and u32 in the code, we know we are in kernel.
> +/*
> + * Use the leftover bytes from the CRNG block output (if there is
> + * enough) to mutate the CRNG key to provide backtracking protection.
> + */
> +static void _crng_backtrack_protect(struct crng_state *crng,
> + __u8 tmp[CHACHA20_BLOCK_SIZE], int used)
> +{
> + unsigned long flags;
> + __u32 *s, *d;
> + int i;
> +
> + used = round_up(used, sizeof(__u32));
> + if (used + CHACHA20_KEY_SIZE > CHACHA20_BLOCK_SIZE) {
> + extract_crng(tmp);
> + used = 0;
> + }
> + spin_lock_irqsave(&crng->lock, flags);
> + s = (__u32 *) &tmp[used];
> + d = &crng->state[4];
> + for (i=0; i < 8; i++)
> + *d++ ^= *s++;
> + spin_unlock_irqrestore(&crng->lock, flags);
> +}
You are basically trying to turn CRNG into one way hash function here,
right? Do you have any explanation that it has the required
properties?
Thanks,
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
next prev parent reply other threads:[~2016-06-26 18:47 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-13 15:48 [PATCH-v4 0/7] random: replace urandom pool with a CRNG Theodore Ts'o
2016-06-13 15:48 ` [PATCH 1/7] random: initialize the non-blocking pool via add_hwgenerator_randomness() Theodore Ts'o
2016-06-13 15:48 ` [PATCH 2/7] random: print a warning for the first ten uninitialized random users Theodore Ts'o
2016-06-13 15:48 ` [PATCH 3/7] random: add interrupt callback to VMBus IRQ handler Theodore Ts'o
2016-06-13 15:48 ` [PATCH 4/7] random: properly align get_random_int_hash Theodore Ts'o
2016-06-13 15:48 ` [PATCH 5/7] random: replace non-blocking pool with a Chacha20-based CRNG Theodore Ts'o
2016-06-13 18:00 ` Stephan Mueller
2016-06-13 19:03 ` Theodore Ts'o
2016-06-15 14:59 ` Herbert Xu
2016-06-19 23:18 ` Theodore Ts'o
2016-06-20 1:25 ` Herbert Xu
2016-06-20 5:02 ` Theodore Ts'o
2016-06-20 5:19 ` Herbert Xu
2016-06-20 15:01 ` Theodore Ts'o
2016-06-20 15:49 ` Stephan Mueller
2016-06-20 18:52 ` H. Peter Anvin
2016-06-20 23:48 ` Theodore Ts'o
2016-06-26 18:47 ` Pavel Machek
2016-06-26 19:10 ` Stephan Mueller
2016-06-26 22:51 ` Theodore Ts'o
2016-06-13 15:48 ` [PATCH 6/7] random: make /dev/urandom scalable for silly userspace programs Theodore Ts'o
2016-08-21 9:53 ` Jan Varho
2016-08-21 11:36 ` Theodore Ts'o
2016-06-13 15:48 ` [PATCH 7/7] random: add backtracking protection to the CRNG Theodore Ts'o
2016-06-26 18:47 ` Pavel Machek [this message]
2016-06-26 23:05 ` Theodore Ts'o
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160626184753.GB11162@amd \
--to=pavel@ucw.cz \
--cc=andi@firstfloor.org \
--cc=herbert@gondor.apana.org.au \
--cc=hpa@zytor.com \
--cc=jsd@av8n.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sandyinchina@gmail.com \
--cc=smueller@chronox.de \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.