From patchwork Tue Jul 31 19:11:00 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Jason A. Donenfeld" X-Patchwork-Id: 143216 Delivered-To: patch@linaro.org Received: by 2002:a2e:9754:0:0:0:0:0 with SMTP id f20-v6csp5697571ljj; Tue, 31 Jul 2018 12:11:35 -0700 (PDT) X-Google-Smtp-Source: AAOMgpfCfhELnq5ORanO5UstX6mT+9+s/VXG6n3XVUm3C/8WJzAzIdhp6XaxmYUh8A8EXs0VJdVH X-Received: by 2002:a65:40cd:: with SMTP id u13-v6mr22044842pgp.334.1533064295605; Tue, 31 Jul 2018 12:11:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1533064295; cv=none; d=google.com; s=arc-20160816; b=Z1uazGtj9k9qR2wTLDxxREM8lnlgdj5GzKEhX39LakTfAV2DxDWKtV5UYKhS6UU4Lm XvakX8FnI8fyGfoGzl29kgROMSEK46ssj88iEW3zwiO0q5qSGgHbyBL/HMO6poCCabYl 0g6j+MFfij2PfKmKvkV45LQ49TP4X/4/9m2YGD3P79Mn+I9si42fHnCeSxX89sAzgMxy FtUTpp8Obj5i8uVjUWvzTsQprg+JrJsaAR/EuR/NdwKxmSSgrbaC91oTRQt3TQOh4wBP HmZaZF0XhzI0SGNbw+lNOH83gxp32nPYI+CTPCxzgjSNuuZmHkWvgsiMmbOqe8niGUpG QqxQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=M0F5RFyeAsxHumkL7K4nAnS+QQyKu+/be5T+45EP0DU=; b=Fj4GdEFFiAuRJkET1JejksnN+mu3EomwkbChcAAJlTu7/A8DlGZbNf9ZDDd/VRy7Kv Wr9ThGrb/k556rBm3/xuhymbORJBkoetvP/fwdPkZZMJp+gcOaG31V9ah8bMikUgKxw5 nGHZlVtGLA14XOt+YYTgDwoQDjpBYEc4RAreWUZuypNYiSjoZqKLP25Pwn6v1WqRrJmT FXVqu1ntzAcVgFJ79UW70EfOIIm1Gu/ZpZ7HCwoP3IdzliwT4SXTb8X2gt3ysTkmefHW VrQfs66+Xr87m3vb7w0jHSxbSMgOvKdSHeGhDJ6Z296/hNDJX2kgwOWwDRnNMurs8AG2 7eIg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@zx2c4.com header.s=mail header.b=CAX6BdT5; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zx2c4.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m3-v6si5946772plb.68.2018.07.31.12.11.35; Tue, 31 Jul 2018 12:11:35 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@zx2c4.com header.s=mail header.b=CAX6BdT5; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zx2c4.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732248AbeGaUxP (ORCPT + 31 others); Tue, 31 Jul 2018 16:53:15 -0400 Received: from frisell.zx2c4.com ([192.95.5.64]:39843 "EHLO frisell.zx2c4.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729777AbeGaUxP (ORCPT ); Tue, 31 Jul 2018 16:53:15 -0400 Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 18863abe; Tue, 31 Jul 2018 19:00:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=zx2c4.com; h=from:to:cc :subject:date:message-id:in-reply-to:references; s=mail; bh=SHfW xi4JCMLxJIuWAqkhOaQmLC4=; b=CAX6BdT5VKg/tFKDjjyOZ5KThdaBOjL+P0Hj JrjAXPGJXQAUdEjOKgr/WP8uX5CYSP7JqMGYwqJQ541swdzEUQCeAOaWY+vvX676 CU8oEXrA8uXaxRgutGUvCoJJw3oVp0djtzqr+6cnLLXMjNgo1tXc++QfwurwdxdQ DfKaVgE9drOjBal6iQxF2nFAOid/mh/1zC67GfALeSD8cAT5jtmsYJjMYcxuUK5L xjGLnjySK/NQKMhLEace51x1z3QXvVehp36UNgZiBNZLGk21mWUoSls+wmrbT4hU J06/SDThvXyeEqdzFiVRYrU/5F+w5+Bum1K9Eh9fo0PgeZ4MwA== Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 12e032ba (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); Tue, 31 Jul 2018 19:00:10 +0000 (UTC) From: "Jason A. Donenfeld" To: linux-kernel@vger.kernel.org, netdev@vger.kernel.org, davem@davemloft.net Cc: "Jason A. Donenfeld" , Theodore Ts'o Subject: [PATCH v1 1/3] random: Make crng state queryable Date: Tue, 31 Jul 2018 21:11:00 +0200 Message-Id: <20180731191102.2434-2-Jason@zx2c4.com> In-Reply-To: <20180731191102.2434-1-Jason@zx2c4.com> References: <20180731191102.2434-1-Jason@zx2c4.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org It is very useful to be able to know whether or not get_random_bytes_wait / wait_for_random_bytes is going to block or not, or whether plain get_random_bytes is going to return good randomness or bad randomness. The particular use case is for mitigating certain attacks in WireGuard. A handshake packet arrives and is queued up. Elsewhere a worker thread takes items from the queue and processes them. In replying to these items, it needs to use some random data, and it has to be good random data. If we simply block until we can have good randomness, then it's possible for an attacker to fill the queue up with packets waiting to be processed. Upon realizing the queue is full, WireGuard will detect that it's under a denial of service attack, and behave accordingly. A better approach is just to drop incoming handshake packets if the crng is not yet initialized. This patch, therefore, makes that information directly accessible. Signed-off-by: Jason A. Donenfeld Signed-off-by: Theodore Ts'o --- drivers/char/random.c | 15 +++++++++++++++ include/linux/random.h | 1 + 2 files changed, 16 insertions(+) -- 2.18.0 diff --git a/drivers/char/random.c b/drivers/char/random.c index cd888d4ee605..4efd16f6e0e1 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -1658,6 +1658,21 @@ int wait_for_random_bytes(void) } EXPORT_SYMBOL(wait_for_random_bytes); +/* + * Returns whether or not the urandom pool has been seeded and thus guaranteed + * to supply cryptographically secure random numbers. This applies to: the + * /dev/urandom device, the get_random_bytes function, and the get_random_{u32, + * ,u64,int,long} family of functions. + * + * Returns: true if the urandom pool has been seeded. + * false if the urandom pool has not been seeded. + */ +bool rng_is_initialized(void) +{ + return crng_ready(); +} +EXPORT_SYMBOL(rng_is_initialized); + /* * Add a callback function that will be invoked when the nonblocking * pool is initialised. diff --git a/include/linux/random.h b/include/linux/random.h index 2ddf13b4281e..c8208e0ff227 100644 --- a/include/linux/random.h +++ b/include/linux/random.h @@ -36,6 +36,7 @@ extern void add_interrupt_randomness(int irq, int irq_flags) __latent_entropy; extern void get_random_bytes(void *buf, int nbytes); extern int wait_for_random_bytes(void); +extern bool rng_is_initialized(void); extern int add_random_ready_callback(struct random_ready_callback *rdy); extern void del_random_ready_callback(struct random_ready_callback *rdy); extern void get_random_bytes_arch(void *buf, int nbytes);