Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 818e607b authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'random_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random 

Pull random driver updates from Ted Ts'o:
 "A number of improvements for the /dev/random driver; the most
  important is the use of a ChaCha20-based CRNG for /dev/urandom, which
  is faster, more efficient, and easier to make scalable for
  silly/abusive userspace programs that want to read from /dev/urandom
  in a tight loop on NUMA systems.

  This set of patches also improves entropy gathering on VM's running on
  Microsoft Azure, and will take advantage of a hw random number
  generator (if present) to initialize the /dev/urandom pool"

(It turns out that the random tree hadn't been in linux-next this time
around, because it had been dropped earlier as being too quiet.  Oh
well).

* tag 'random_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random:
  random: strengthen input validation for RNDADDTOENTCNT
  random: add backtracking protection to the CRNG
  random: make /dev/urandom scalable for silly userspace programs
  random: replace non-blocking pool with a Chacha20-based CRNG
  random: properly align get_random_int_hash
  random: add interrupt callback to VMBus IRQ handler
  random: print a warning for the first ten uninitialized random users
  random: initialize the non-blocking pool via add_hwgenerator_randomness()
parents ff9a082f 86a574de

crypto/chacha20_generic.c

+0 −61
Original line number Diff line number Diff line
@@ -15,72 +15,11 @@ 
#include <linux/module.h>

#include <crypto/chacha20.h>



static inline u32 rotl32(u32 v, u8 n)

{

	return (v << n) | (v >> (sizeof(v) * 8 - n));

}



static inline u32 le32_to_cpuvp(const void *p)

{

	return le32_to_cpup(p);

}



static void chacha20_block(u32 *state, void *stream)

{

	u32 x[16], *out = stream;

	int i;



	for (i = 0; i < ARRAY_SIZE(x); i++)

		x[i] = state[i];



	for (i = 0; i < 20; i += 2) {

		x[0]  += x[4];    x[12] = rotl32(x[12] ^ x[0],  16);

		x[1]  += x[5];    x[13] = rotl32(x[13] ^ x[1],  16);

		x[2]  += x[6];    x[14] = rotl32(x[14] ^ x[2],  16);

		x[3]  += x[7];    x[15] = rotl32(x[15] ^ x[3],  16);



		x[8]  += x[12];   x[4]  = rotl32(x[4]  ^ x[8],  12);

		x[9]  += x[13];   x[5]  = rotl32(x[5]  ^ x[9],  12);

		x[10] += x[14];   x[6]  = rotl32(x[6]  ^ x[10], 12);

		x[11] += x[15];   x[7]  = rotl32(x[7]  ^ x[11], 12);



		x[0]  += x[4];    x[12] = rotl32(x[12] ^ x[0],   8);

		x[1]  += x[5];    x[13] = rotl32(x[13] ^ x[1],   8);

		x[2]  += x[6];    x[14] = rotl32(x[14] ^ x[2],   8);

		x[3]  += x[7];    x[15] = rotl32(x[15] ^ x[3],   8);



		x[8]  += x[12];   x[4]  = rotl32(x[4]  ^ x[8],   7);

		x[9]  += x[13];   x[5]  = rotl32(x[5]  ^ x[9],   7);

		x[10] += x[14];   x[6]  = rotl32(x[6]  ^ x[10],  7);

		x[11] += x[15];   x[7]  = rotl32(x[7]  ^ x[11],  7);



		x[0]  += x[5];    x[15] = rotl32(x[15] ^ x[0],  16);

		x[1]  += x[6];    x[12] = rotl32(x[12] ^ x[1],  16);

		x[2]  += x[7];    x[13] = rotl32(x[13] ^ x[2],  16);

		x[3]  += x[4];    x[14] = rotl32(x[14] ^ x[3],  16);



		x[10] += x[15];   x[5]  = rotl32(x[5]  ^ x[10], 12);

		x[11] += x[12];   x[6]  = rotl32(x[6]  ^ x[11], 12);

		x[8]  += x[13];   x[7]  = rotl32(x[7]  ^ x[8],  12);

		x[9]  += x[14];   x[4]  = rotl32(x[4]  ^ x[9],  12);



		x[0]  += x[5];    x[15] = rotl32(x[15] ^ x[0],   8);

		x[1]  += x[6];    x[12] = rotl32(x[12] ^ x[1],   8);

		x[2]  += x[7];    x[13] = rotl32(x[13] ^ x[2],   8);

		x[3]  += x[4];    x[14] = rotl32(x[14] ^ x[3],   8);



		x[10] += x[15];   x[5]  = rotl32(x[5]  ^ x[10],  7);

		x[11] += x[12];   x[6]  = rotl32(x[6]  ^ x[11],  7);

		x[8]  += x[13];   x[7]  = rotl32(x[7]  ^ x[8],   7);

		x[9]  += x[14];   x[4]  = rotl32(x[4]  ^ x[9],   7);

	}



	for (i = 0; i < ARRAY_SIZE(x); i++)

		out[i] = cpu_to_le32(x[i] + state[i]);



	state[12]++;

}



static void chacha20_docrypt(u32 *state, u8 *dst, const u8 *src,

			     unsigned int bytes)

{

drivers/char/random.c

+384 −98

File changed.

Preview size limit exceeded, changes collapsed.

drivers/hv/vmbus_drv.c

+3 −0
Original line number Diff line number Diff line
@@ -42,6 +42,7 @@ 
#include <linux/screen_info.h>

#include <linux/kdebug.h>

#include <linux/efi.h>

#include <linux/random.h>

#include "hyperv_vmbus.h"



static struct acpi_device  *hv_acpi_dev;
@@ -806,6 +807,8 @@ static void vmbus_isr(void) 
		else

			tasklet_schedule(hv_context.msg_dpc[cpu]);

	}



	add_interrupt_randomness(HYPERVISOR_CALLBACK_VECTOR, 0);

}

include/crypto/chacha20.h

+1 −0
Original line number Diff line number Diff line
@@ -16,6 +16,7 @@ struct chacha20_ctx { 
	u32 key[8];

};



void chacha20_block(u32 *state, void *stream);

void crypto_chacha20_init(u32 *state, struct chacha20_ctx *ctx, u8 *iv);

int crypto_chacha20_setkey(struct crypto_tfm *tfm, const u8 *key,

			   unsigned int keysize);

lib/Makefile

+1 −1
Original line number Diff line number Diff line
@@ -19,7 +19,7 @@ KCOV_INSTRUMENT_dynamic_debug.o := n 
lib-y := ctype.o string.o vsprintf.o cmdline.o \

	 rbtree.o radix-tree.o dump_stack.o timerqueue.o\

	 idr.o int_sqrt.o extable.o \

	 sha1.o md5.o irq_regs.o argv_split.o \

	 sha1.o chacha20.o md5.o irq_regs.o argv_split.o \

	 flex_proportions.o ratelimit.o show_mem.o \

	 is_single_threaded.o plist.o decompress.o kobject_uevent.o \

	 earlycpio.o seq_buf.o nmi_backtrace.o nodemask.o