* [PATCH 0/2] Use RNG to get random behaviour
@ 2020-12-16 10:41 matthias.bgg at kernel.org
2020-12-16 10:41 ` [PATCH 1/2] lib: uuid: use RNG device if present matthias.bgg at kernel.org
` (2 more replies)
0 siblings, 3 replies; 8+ messages in thread
From: matthias.bgg at kernel.org @ 2020-12-16 10:41 UTC (permalink / raw)
To: u-boot
From: Matthias Brugger <mbrugger@suse.com>
For now bootp and uuid code use a weak seed for generating random data.
U-Boot as support for RNG devices now, so we should change to code to
use them if they are present. This will help mitigate issues like seen
in CVE-2019-11690.
Matthias Brugger (2):
lib: uuid: use RNG device if present
net: Use NDRNG device in srand_mac()
lib/uuid.c | 20 +++++++++++++++++---
net/net_rand.h | 18 +++++++++++++++++-
2 files changed, 34 insertions(+), 4 deletions(-)
--
2.29.2
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 1/2] lib: uuid: use RNG device if present
2020-12-16 10:41 [PATCH 0/2] Use RNG to get random behaviour matthias.bgg at kernel.org
@ 2020-12-16 10:41 ` matthias.bgg at kernel.org
2020-12-16 13:22 ` Torsten Duwe
2020-12-16 10:41 ` [PATCH 2/2] net: Use NDRNG device in srand_mac() matthias.bgg at kernel.org
2020-12-16 13:17 ` [PATCH 0/2] Use RNG to get random behaviour Torsten Duwe
2 siblings, 1 reply; 8+ messages in thread
From: matthias.bgg at kernel.org @ 2020-12-16 10:41 UTC (permalink / raw)
To: u-boot
From: Matthias Brugger <mbrugger@suse.com>
When calculating a random UUID we use a weak seed.
Use a RNG device if present to increase entropy.
Signed-off-by: Matthias Brugger <mbrugger@suse.com>
---
lib/uuid.c | 20 +++++++++++++++++---
1 file changed, 17 insertions(+), 3 deletions(-)
diff --git a/lib/uuid.c b/lib/uuid.c
index e62d5ca264..219d4b7767 100644
--- a/lib/uuid.c
+++ b/lib/uuid.c
@@ -15,6 +15,7 @@
#include <asm/io.h>
#include <part_efi.h>
#include <malloc.h>
+#include <rng.h>
/*
* UUID - Universally Unique IDentifier - 128 bits unique number.
@@ -249,9 +250,22 @@ void gen_rand_uuid(unsigned char *uuid_bin)
{
u32 ptr[4];
struct uuid *uuid = (struct uuid *)ptr;
- int i;
-
- srand(get_ticks() + rand());
+ int i, ret;
+ struct udevice *devp;
+ u8 randv = 0;
+
+#if defined(CONFIG_DM_RNG)
+ ret = uclass_get_device(UCLASS_RNG, 0, &devp);
+ if (ret) {
+ ret = dm_rng_read(dev, randv, sizeof(randv));
+ if (ret < 0)
+ randv = 0;
+ }
+ if (randv)
+ srand(randv);
+ else
+#endif
+ srand(get_ticks() + rand());
/* Set all fields randomly */
for (i = 0; i < 4; i++)
--
2.29.2
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 2/2] net: Use NDRNG device in srand_mac()
2020-12-16 10:41 [PATCH 0/2] Use RNG to get random behaviour matthias.bgg at kernel.org
2020-12-16 10:41 ` [PATCH 1/2] lib: uuid: use RNG device if present matthias.bgg at kernel.org
@ 2020-12-16 10:41 ` matthias.bgg at kernel.org
2020-12-16 13:20 ` Torsten Duwe
2020-12-16 13:17 ` [PATCH 0/2] Use RNG to get random behaviour Torsten Duwe
2 siblings, 1 reply; 8+ messages in thread
From: matthias.bgg at kernel.org @ 2020-12-16 10:41 UTC (permalink / raw)
To: u-boot
From: Matthias Brugger <mbrugger@suse.com>
When calling srand_mac we use a weak seed dependent on the
mac address. If present, use a RNG device instead to incerase entropy.
Signed-off-by: Matthias Brugger <mbrugger@suse.com>
---
net/net_rand.h | 18 +++++++++++++++++-
1 file changed, 17 insertions(+), 1 deletion(-)
diff --git a/net/net_rand.h b/net/net_rand.h
index 4bf9bd817e..600c3d825e 100644
--- a/net/net_rand.h
+++ b/net/net_rand.h
@@ -10,6 +10,7 @@
#define __NET_RAND_H__
#include <common.h>
+#include <rng.h>
/*
* Return a seed for the PRNG derived from the eth0 MAC address.
@@ -37,7 +38,22 @@ static inline unsigned int seed_mac(void)
*/
static inline void srand_mac(void)
{
- srand(seed_mac());
+#if defined(CONFIG_DM_RNG)
+ int ret;
+ struct udevice *devp;
+ u32 randv = 0;
+
+ ret = uclass_get_device(UCLASS_RNG, 0, &devp);
+ if (ret) {
+ ret = dm_rng_read(dev, randv, sizeof(randv));
+ if (ret < 0)
+ randv = 0;
+ }
+ if (randv)
+ srand(randv);
+ else
+#endif
+ srand(seed_mac());
}
#endif /* __NET_RAND_H__ */
--
2.29.2
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 0/2] Use RNG to get random behaviour
2020-12-16 10:41 [PATCH 0/2] Use RNG to get random behaviour matthias.bgg at kernel.org
2020-12-16 10:41 ` [PATCH 1/2] lib: uuid: use RNG device if present matthias.bgg at kernel.org
2020-12-16 10:41 ` [PATCH 2/2] net: Use NDRNG device in srand_mac() matthias.bgg at kernel.org
@ 2020-12-16 13:17 ` Torsten Duwe
2020-12-16 13:42 ` Peter Robinson
2 siblings, 1 reply; 8+ messages in thread
From: Torsten Duwe @ 2020-12-16 13:17 UTC (permalink / raw)
To: u-boot
On Wed, 16 Dec 2020 11:41:15 +0100
matthias.bgg at kernel.org wrote:
> From: Matthias Brugger <mbrugger@suse.com>
>
>
> For now bootp and uuid code use a weak seed for generating random
> data. U-Boot as support for RNG devices now, so we should change to
> code to use them if they are present. This will help mitigate issues
> like seen in CVE-2019-11690.
First of all: thanks for bringing this up. These patches are a big
improvement over the current state.
But: thinking about this further, it could be possible to give U-Boot a
lightweight version of a complete entropy keeper, with /dev/random and
/dev/urandom functionality. Linux, for example, will happily randomise
the kernel address layout, if it's configured and the boot loader
provides enough entropy...
But for now this should be good enough.
Torsten
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 2/2] net: Use NDRNG device in srand_mac()
2020-12-16 10:41 ` [PATCH 2/2] net: Use NDRNG device in srand_mac() matthias.bgg at kernel.org
@ 2020-12-16 13:20 ` Torsten Duwe
2020-12-16 15:56 ` Matthias Brugger
0 siblings, 1 reply; 8+ messages in thread
From: Torsten Duwe @ 2020-12-16 13:20 UTC (permalink / raw)
To: u-boot
On Wed, 16 Dec 2020 11:41:17 +0100
matthias.bgg at kernel.org wrote:
> From: Matthias Brugger <mbrugger@suse.com>
>
> When calling srand_mac we use a weak seed dependent on the
> mac address. If present, use a RNG device instead to incerase entropy.
>
> Signed-off-by: Matthias Brugger <mbrugger@suse.com>
>
> ---
>
> net/net_rand.h | 18 +++++++++++++++++-
> 1 file changed, 17 insertions(+), 1 deletion(-)
>
> diff --git a/net/net_rand.h b/net/net_rand.h
> index 4bf9bd817e..600c3d825e 100644
> --- a/net/net_rand.h
> +++ b/net/net_rand.h
> @@ -10,6 +10,7 @@
> #define __NET_RAND_H__
>
> #include <common.h>
> +#include <rng.h>
>
> /*
> * Return a seed for the PRNG derived from the eth0 MAC address.
> @@ -37,7 +38,22 @@ static inline unsigned int seed_mac(void)
> */
> static inline void srand_mac(void)
> {
> - srand(seed_mac());
> +#if defined(CONFIG_DM_RNG)
> + int ret;
> + struct udevice *devp;
> + u32 randv = 0;
> +
> + ret = uclass_get_device(UCLASS_RNG, 0, &devp);
> + if (ret) {
> + ret = dm_rng_read(dev, randv, sizeof(randv));
Haven't tested this (yet), but shouldn't this be
ret = dm_rng_read(devp, &randv, sizeof(randv));
^ ^ ?
> + if (ret < 0)
> + randv = 0;
> + }
> + if (randv)
> + srand(randv);
> + else
> +#endif
> + srand(seed_mac());
> }
>
> #endif /* __NET_RAND_H__ */
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 1/2] lib: uuid: use RNG device if present
2020-12-16 10:41 ` [PATCH 1/2] lib: uuid: use RNG device if present matthias.bgg at kernel.org
@ 2020-12-16 13:22 ` Torsten Duwe
0 siblings, 0 replies; 8+ messages in thread
From: Torsten Duwe @ 2020-12-16 13:22 UTC (permalink / raw)
To: u-boot
On Wed, 16 Dec 2020 11:41:16 +0100
matthias.bgg at kernel.org wrote:
> @@ -249,9 +250,22 @@ void gen_rand_uuid(unsigned char *uuid_bin)
> {
> u32 ptr[4];
> struct uuid *uuid = (struct uuid *)ptr;
> - int i;
> -
> - srand(get_ticks() + rand());
> + int i, ret;
> + struct udevice *devp;
> + u8 randv = 0;
> +
> +#if defined(CONFIG_DM_RNG)
> + ret = uclass_get_device(UCLASS_RNG, 0, &devp);
> + if (ret) {
> + ret = dm_rng_read(dev, randv, sizeof(randv));
^ ^
same as patch 2/2
> + if (ret < 0)
> + randv = 0;
> + }
> + if (randv)
> + srand(randv);
> + else
> +#endif
> + srand(get_ticks() + rand());
>
> /* Set all fields randomly */
> for (i = 0; i < 4; i++)
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 0/2] Use RNG to get random behaviour
2020-12-16 13:17 ` [PATCH 0/2] Use RNG to get random behaviour Torsten Duwe
@ 2020-12-16 13:42 ` Peter Robinson
0 siblings, 0 replies; 8+ messages in thread
From: Peter Robinson @ 2020-12-16 13:42 UTC (permalink / raw)
To: u-boot
On Wed, Dec 16, 2020 at 1:17 PM Torsten Duwe <duwe@lst.de> wrote:
>
> On Wed, 16 Dec 2020 11:41:15 +0100
> matthias.bgg at kernel.org wrote:
>
> > From: Matthias Brugger <mbrugger@suse.com>
> >
> >
> > For now bootp and uuid code use a weak seed for generating random
> > data. U-Boot as support for RNG devices now, so we should change to
> > code to use them if they are present. This will help mitigate issues
> > like seen in CVE-2019-11690.
>
> First of all: thanks for bringing this up. These patches are a big
> improvement over the current state.
>
> But: thinking about this further, it could be possible to give U-Boot a
> lightweight version of a complete entropy keeper, with /dev/random and
> /dev/urandom functionality. Linux, for example, will happily randomise
> the kernel address layout, if it's configured and the boot loader
> provides enough entropy...
That functionality is already available with U-Boot via the UEFI
random seed functionality if you're booting Linux using U-Boot's UEFI
support.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 2/2] net: Use NDRNG device in srand_mac()
2020-12-16 13:20 ` Torsten Duwe
@ 2020-12-16 15:56 ` Matthias Brugger
0 siblings, 0 replies; 8+ messages in thread
From: Matthias Brugger @ 2020-12-16 15:56 UTC (permalink / raw)
To: u-boot
On 16/12/2020 14:20, Torsten Duwe wrote:
> On Wed, 16 Dec 2020 11:41:17 +0100
> matthias.bgg at kernel.org wrote:
>
>> From: Matthias Brugger <mbrugger@suse.com>
>>
>> When calling srand_mac we use a weak seed dependent on the
>> mac address. If present, use a RNG device instead to incerase entropy.
>>
>> Signed-off-by: Matthias Brugger <mbrugger@suse.com>
>>
>> ---
>>
>> net/net_rand.h | 18 +++++++++++++++++-
>> 1 file changed, 17 insertions(+), 1 deletion(-)
>>
>> diff --git a/net/net_rand.h b/net/net_rand.h
>> index 4bf9bd817e..600c3d825e 100644
>> --- a/net/net_rand.h
>> +++ b/net/net_rand.h
>> @@ -10,6 +10,7 @@
>> #define __NET_RAND_H__
>>
>> #include <common.h>
>> +#include <rng.h>
>>
>> /*
>> * Return a seed for the PRNG derived from the eth0 MAC address.
>> @@ -37,7 +38,22 @@ static inline unsigned int seed_mac(void)
>> */
>> static inline void srand_mac(void)
>> {
>> - srand(seed_mac());
>> +#if defined(CONFIG_DM_RNG)
>> + int ret;
>> + struct udevice *devp;
>> + u32 randv = 0;
>> +
>> + ret = uclass_get_device(UCLASS_RNG, 0, &devp);
>> + if (ret) {
>> + ret = dm_rng_read(dev, randv, sizeof(randv));
> Haven't tested this (yet), but shouldn't this be
> ret = dm_rng_read(devp, &randv, sizeof(randv));
> ^ ^ ?
Ups, yes you are right. I'll send a v2.
Regards,
Matthias
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2020-12-16 15:56 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-12-16 10:41 [PATCH 0/2] Use RNG to get random behaviour matthias.bgg at kernel.org
2020-12-16 10:41 ` [PATCH 1/2] lib: uuid: use RNG device if present matthias.bgg at kernel.org
2020-12-16 13:22 ` Torsten Duwe
2020-12-16 10:41 ` [PATCH 2/2] net: Use NDRNG device in srand_mac() matthias.bgg at kernel.org
2020-12-16 13:20 ` Torsten Duwe
2020-12-16 15:56 ` Matthias Brugger
2020-12-16 13:17 ` [PATCH 0/2] Use RNG to get random behaviour Torsten Duwe
2020-12-16 13:42 ` Peter Robinson
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox