diff options
| author | cinap_lenrek <cinap_lenrek@felloff.net> | 2016-09-11 19:07:17 +0200 |
|---|---|---|
| committer | cinap_lenrek <cinap_lenrek@felloff.net> | 2016-09-11 19:07:17 +0200 |
| commit | c0a9c3b551ed5d9b3a9d8389e36a3eb059662702 (patch) | |
| tree | 22ecd57e6a175d671b914536baa68a77d320eac6 /sys | |
| parent | 36c9a2489d1f0e3d4e6a890bb86edde64d719acb (diff) | |
kernel: rekey chacha state on each randomread() invocation
we can encrypt the 256 bit chacha key on each invocation
making it hard to reconstruct previous outputs of the
generator given the current state (backtracking resiatance).
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/src/9/port/random.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/sys/src/9/port/random.c b/sys/src/9/port/random.c index c6dd838f4..b27e5720d 100644 --- a/sys/src/9/port/random.c +++ b/sys/src/9/port/random.c @@ -96,9 +96,10 @@ randomread(void *p, ulong n) if(hwrandbuf != nil) (*hwrandbuf)(p, n); - /* copy chacha state and increment iv */ + /* copy chacha state, rekey and increment iv */ qlock(rs); c = *rs; + chacha_encrypt((uchar*)&rs->input[4], 32, &c); if(++rs->input[13] == 0) if(++rs->input[14] == 0) ++rs->input[15]; |