Adds Prediction Resistance to the DRBG and RDRAND if supported #248
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* After initial seeding, pivot to RDRAND if available and not overridden */ | ||
| if (drbg->entropy_generator == NULL && s2n_cpu_supports_rdrand()) { | ||
| drbg->entropy_generator = s2n_get_rdrand_data; | ||
| } |
There was a problem hiding this comment.
If s2n_cpu_supports_rdrand() isn't true, we'll end up having no PR but also no reseeding at all, even past the usage limit. Should we plug in get urandom in that case? It'll be slow but safe.
There was a problem hiding this comment.
Even with no RDRAND we will still have PR. Check out lines 94-99. If the entropy generator is not set in the s2n_drbg object, then it falls back to urandom.
https://github.com/awslabs/s2n/pull/248/files#diff-c03ac19053399e59511956db1159e2e8R98
There was a problem hiding this comment.
Ahh, that makes sense. I missed that.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds prediction resistance to the DRBG used by S2N (as defined in the appropriate NIST standard). Additionally, RDRAND (the Intel hardware based RNG) is used for reseeding if the processor supports it. The assembly to access RDRAND requires a 64-bit system, however I do not believe that there are any 32 bit systems which support RDRAND. Finally, as commented, the raw op-codes for RDRAND are used rather than the mnemonic due to an unfortunate need to support some older assemblers which do not (yet) recognize this instruction.
This code has not yet undergone code-review by someone other than myself.