kernel: rekey chacha state on each randomread() invocation
we can encrypt the 256 bit chacha key on each invocation making it hard to reconstruct previous outputs of the generator given the current state (backtracking resiatance).front
parent
36c9a2489d
commit
c0a9c3b551
|
@ -96,9 +96,10 @@ randomread(void *p, ulong n)
|
|||
if(hwrandbuf != nil)
|
||||
(*hwrandbuf)(p, n);
|
||||
|
||||
/* copy chacha state and increment iv */
|
||||
/* copy chacha state, rekey and increment iv */
|
||||
qlock(rs);
|
||||
c = *rs;
|
||||
chacha_encrypt((uchar*)&rs->input[4], 32, &c);
|
||||
if(++rs->input[13] == 0)
|
||||
if(++rs->input[14] == 0)
|
||||
++rs->input[15];
|
||||
|
|
Loading…
Reference in New Issue