tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: kaslr: better rng

Following a conversation with Taylor, I ended up with the following
implementation for the prekern [1] [2]. It uses a set of seeds that are
hashed together in rounds, and it doesn't use an additional file.

It is based on the SHAKE256 hash function, which can produce a variable
sized output. We use an area of 32 bytes, and regenerate it as many times
as needed.

The first time, it is generated with:

	area = SHAKE256(entropy-file, rdseed, rdtsc)

When all of the bytes in the area have been consumed, it is regenerated
this way:

	area = SHAKE256(area, rdseed, rdtsc)

The SHAKE/Keccak code is from Taylor, I just added prng_* wrappers.

rdseed and rdtsc each give a 8byte seed, and entropy-file gives a 512byte
one. We don't checksum the latter, because we would need SHA1, which I am
not implementing here.

Feel free to tell me if there's something obviously wrong in all of this;
I won't hide that PRNGs are not things I work on every day.


Home | Main Index | Thread Index | Old Index