Accueil Explorer Aide
S'inscrire Connexion
PSG
/
IOT2000_BuildRoot
5
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Aborescence: cfc8dfc42f
Branches Tags
IOT2000_Buil...
/
board
/
PSG
/
iot2000
/
linux-4.4-patches
/
0021-random-add-backtracking-protection-to-the-CRNG.patch

0021-random-add-backtracking-protection-to-the-CRNG.patch 3.2 KB
Historique Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109 
  1. From a6d1adf3fed33218b5059d41128ab2b8b429d08c Mon Sep 17 00:00:00 2001
    2. 

  2. From: Theodore Ts'o <tytso@mit.edu>
    3. 

  3. Date: Wed, 4 May 2016 13:29:18 -0400
    4. 

  4. Subject: [PATCH 21/32] random: add backtracking protection to the CRNG
    5. 

  5. 

  6. Signed-off-by: Theodore Ts'o <tytso@mit.edu>
    7. 

  7. ---
    8. 

  8.  drivers/char/random.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++-----
    9. 

  9.  1 file changed, 49 insertions(+), 5 deletions(-)
    10. 

  10. 

  11. diff --git a/drivers/char/random.c b/drivers/char/random.c
    12. 

  12. index 79b049e644f3..a1214c0fbaf3 100644
    13. 

  13. --- a/drivers/char/random.c
    14. 

  14. +++ b/drivers/char/random.c
    15. 

  15. @@ -437,7 +437,8 @@ static int crng_init_cnt = 0;
    16. 

  16.  #define CRNG_INIT_CNT_THRESH (2*CHACHA20_KEY_SIZE)
    17. 

  17.  static void _extract_crng(struct crng_state *crng,
    18. 

  18.  			  __u8 out[CHACHA20_BLOCK_SIZE]);
    19. 

  19. -static void extract_crng(__u8 out[CHACHA20_BLOCK_SIZE]);
    20. 

  20. +static void _crng_backtrack_protect(struct crng_state *crng,
    21. 

  21. +				    __u8 tmp[CHACHA20_BLOCK_SIZE], int used);
    22. 

  22.  static void process_random_ready_list(void);
    23. 

  23.  
    24. 

  24.  /**********************************************************************
    25. 

  25. @@ -828,8 +829,11 @@ static void crng_reseed(struct crng_state *crng, struct entropy_store *r)
    26. 

  26.  		num = extract_entropy(r, &buf, 32, 16, 0);
    27. 

  27.  		if (num == 0)
    28. 

  28.  			return;
    29. 

  29. -	} else
    30. 

  30. +	} else {
    31. 

  31.  		_extract_crng(&primary_crng, buf.block);
    32. 

  32. +		_crng_backtrack_protect(&primary_crng, buf.block,
    33. 

  33. +					CHACHA20_KEY_SIZE);
    34. 

  34. +	}
    35. 

  35.  	spin_lock_irqsave(&primary_crng.lock, flags);
    36. 

  36.  	for (i = 0; i < 8; i++) {
    37. 

  37.  		unsigned long	rv;
    38. 

  38. @@ -891,9 +895,46 @@ static void extract_crng(__u8 out[CHACHA20_BLOCK_SIZE])
    39. 

  39.  	_extract_crng(crng, out);
    40. 

  40.  }
    41. 

  41.  
    42. 

  42. +/*
    43. 

  43. + * Use the leftover bytes from the CRNG block output (if there is
    44. 

  44. + * enough) to mutate the CRNG key to provide backtracking protection.
    45. 

  45. + */
    46. 

  46. +static void _crng_backtrack_protect(struct crng_state *crng,
    47. 

  47. +				    __u8 tmp[CHACHA20_BLOCK_SIZE], int used)
    48. 

  48. +{
    49. 

  49. +	unsigned long	flags;
    50. 

  50. +	__u32		*s, *d;
    51. 

  51. +	int		i;
    52. 

  52. +
    53. 

  53. +	used = round_up(used, sizeof(__u32));
    54. 

  54. +	if (used + CHACHA20_KEY_SIZE > CHACHA20_BLOCK_SIZE) {
    55. 

  55. +		extract_crng(tmp);
    56. 

  56. +		used = 0;
    57. 

  57. +	}
    58. 

  58. +	spin_lock_irqsave(&crng->lock, flags);
    59. 

  59. +	s = (__u32 *) &tmp[used];
    60. 

  60. +	d = &crng->state[4];
    61. 

  61. +	for (i=0; i < 8; i++)
    62. 

  62. +		*d++ ^= *s++;
    63. 

  63. +	spin_unlock_irqrestore(&crng->lock, flags);
    64. 

  64. +}
    65. 

  65. +
    66. 

  66. +static void crng_backtrack_protect(__u8 tmp[CHACHA20_BLOCK_SIZE], int used)
    67. 

  67. +{
    68. 

  68. +	struct crng_state *crng = NULL;
    69. 

  69. +
    70. 

  70. +#ifdef CONFIG_NUMA
    71. 

  71. +	if (crng_node_pool)
    72. 

  72. +		crng = crng_node_pool[numa_node_id()];
    73. 

  73. +	if (crng == NULL)
    74. 

  74. +#endif
    75. 

  75. +		crng = &primary_crng;
    76. 

  76. +	_crng_backtrack_protect(crng, tmp, used);
    77. 

  77. +}
    78. 

  78. +
    79. 

  79.  static ssize_t extract_crng_user(void __user *buf, size_t nbytes)
    80. 

  80.  {
    81. 

  81. -	ssize_t ret = 0, i;
    82. 

  82. +	ssize_t ret = 0, i = CHACHA20_BLOCK_SIZE;
    83. 

  83.  	__u8 tmp[CHACHA20_BLOCK_SIZE];
    84. 

  84.  	int large_request = (nbytes > 256);
    85. 

  85.  
    86. 

  86. @@ -918,6 +959,7 @@ static ssize_t extract_crng_user(void __user *buf, size_t nbytes)
    87. 

  87.  		buf += i;
    88. 

  88.  		ret += i;
    89. 

  89.  	}
    90. 

  90. +	crng_backtrack_protect(tmp, i);
    91. 

  91.  
    92. 

  92.  	/* Wipe data just written to memory */
    93. 

  93.  	memzero_explicit(tmp, sizeof(tmp));
    94. 

  94. @@ -1479,8 +1521,10 @@ void get_random_bytes(void *buf, int nbytes)
    95. 

  95.  	if (nbytes > 0) {
    96. 

  96.  		extract_crng(tmp);
    97. 

  97.  		memcpy(buf, tmp, nbytes);
    98. 

  98. -		memzero_explicit(tmp, nbytes);
    99. 

  99. -	}
    100. 

  100. +		crng_backtrack_protect(tmp, nbytes);
    101. 

  101. +	} else
    102. 

  102. +		crng_backtrack_protect(tmp, CHACHA20_BLOCK_SIZE);
    103. 

  103. +	memzero_explicit(tmp, sizeof(tmp));
    104. 

  104.  }
    105. 

  105.  EXPORT_SYMBOL(get_random_bytes);
    106. 

  106.  
    107. 

  107. -- 
    108. 

  108. 2.16.4
    109. 

  109.