lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 05 Dec 2017 13:35:58 +0100 From: Łukasz Stelmach <l.stelmach@...sung.com> To: Krzysztof Kozlowski <krzk@...nel.org>, robh+dt@...nel.org, Stephan Mueller <smueller@...onox.de>, Herbert Xu <herbert@...dor.apana.org.au>, "David S. Miller" <davem@...emloft.net>, Kukjin Kim <kgene@...nel.org>, linux-crypto@...r.kernel.org, linux-samsung-soc@...r.kernel.org, linux-kernel@...r.kernel.org Cc: Łukasz Stelmach <l.stelmach@...sung.com>, m.szyprowski@...sung.com, b.zolnierkie@...sung.com Subject: [PATCH 3/3] crypto: exynos - Reseed PRNG after generating 2^16 random bytes Reseed PRNG after reading 65 kB of randomness. Although this may reduce performance, in most casese the loss is not noticable. Signed-off-by: Łukasz Stelmach <l.stelmach@...sung.com> --- drivers/crypto/exynos-rng.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/drivers/crypto/exynos-rng.c b/drivers/crypto/exynos-rng.c index 002e9d2a83cc..0bf07a655813 100644 --- a/drivers/crypto/exynos-rng.c +++ b/drivers/crypto/exynos-rng.c @@ -54,12 +54,15 @@ enum exynos_prng_type { }; /* - * Driver re-seeds itself with generated random numbers to increase - * the randomness. + * Driver re-seeds itself with generated random numbers to hinder + * backtracking of the original seed. * * Time for next re-seed in ms. */ -#define EXYNOS_RNG_RESEED_TIME 100 +#define EXYNOS_RNG_RESEED_TIME 1000 +#define EXYNOS_RNG_RESEED_BYTES 65536 + + /* * In polling mode, do not wait infinitely for the engine to finish the work. */ @@ -81,6 +84,8 @@ struct exynos_rng_dev { unsigned int seed_save_len; /* Time of last seeding in jiffies */ unsigned long last_seeding; + /* Bytes generated since last seeding */ + unsigned long bytes_seeding; }; static struct exynos_rng_dev *exynos_rng_dev; @@ -125,6 +130,7 @@ static int exynos_rng_set_seed(struct exynos_rng_dev *rng, } rng->last_seeding = jiffies; + rng->bytes_seeding = 0; return 0; } @@ -166,6 +172,8 @@ static int exynos_rng_get_random(struct exynos_rng_dev *rng, memcpy_fromio(dst, rng->mem + EXYNOS_RNG_OUT_BASE, *read); return 0; + + } /* Re-seed itself from time to time */ @@ -177,7 +185,8 @@ static void exynos_rng_reseed(struct exynos_rng_dev *rng) unsigned int read = 0; u8 seed[EXYNOS_RNG_SEED_SIZE]; - if (time_before(now, next_seeding)) + if (time_before(now, next_seeding) && + rng->bytes_seeding < EXYNOS_RNG_RESEED_BYTES) return; if (exynos_rng_get_random(rng, seed, sizeof(seed), &read)) @@ -206,6 +215,7 @@ static int exynos_rng_generate(struct crypto_rng *tfm, dlen -= read; dst += read; + rng->bytes_seeding += read; exynos_rng_reseed(rng); } while (dlen > 0); -- 2.11.0
Powered by blists - more mailing lists