kernel: rekey chacha state on each randomread() invocation

we can encrypt the 256 bit chacha key on each invocation making it hard to reconstruct previous outputs of the generator given the current state (backtracking resiatance).
2016-09-11 19:07:17 +02:00 · 2016-09-11 19:07:17 +02:00 · c0a9c3b551
parent 36c9a2489d
commit c0a9c3b551
1 changed files with 2 additions and 1 deletions
--- a/sys/src/9/port/random.c
+++ b/sys/src/9/port/random.c
@ -96,9 +96,10 @@ randomread(void *p, ulong n)
 	if(hwrandbuf != nil)
 		(*hwrandbuf)(p, n);

-	/* copy chacha state and increment iv */
+	/* copy chacha state, rekey and increment iv */
 	qlock(rs);
 	c = *rs;
+	chacha_encrypt((uchar*)&rs->input[4], 32, &c);
 	if(++rs->input[13] == 0)
 		if(++rs->input[14] == 0)
 			++rs->input[15];