| random.c (791332b3cbb080510954a4c152ce02af8832eac9) | random.c (e73aaae2fa9024832e1f42e30c787c7baf61d014) |
|---|---|
| 1// SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) 2/* 3 * Copyright (C) 2017-2022 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. 4 * Copyright Matt Mackall <mpm@selenic.com>, 2003, 2004, 2005 5 * Copyright Theodore Ts'o, 1994, 1995, 1996, 1997, 1998, 1999. All rights reserved. 6 * 7 * This driver produces cryptographically secure pseudorandom data. It is divided 8 * into roughly six sections, each with a section header: --- 38 unchanged lines hidden (view full) --- 47#include <linux/workqueue.h> 48#include <linux/irq.h> 49#include <linux/ratelimit.h> 50#include <linux/syscalls.h> 51#include <linux/completion.h> 52#include <linux/uuid.h> 53#include <linux/uaccess.h> 54#include <linux/suspend.h> | 1// SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) 2/* 3 * Copyright (C) 2017-2022 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. 4 * Copyright Matt Mackall <mpm@selenic.com>, 2003, 2004, 2005 5 * Copyright Theodore Ts'o, 1994, 1995, 1996, 1997, 1998, 1999. All rights reserved. 6 * 7 * This driver produces cryptographically secure pseudorandom data. It is divided 8 * into roughly six sections, each with a section header: --- 38 unchanged lines hidden (view full) --- 47#include <linux/workqueue.h> 48#include <linux/irq.h> 49#include <linux/ratelimit.h> 50#include <linux/syscalls.h> 51#include <linux/completion.h> 52#include <linux/uuid.h> 53#include <linux/uaccess.h> 54#include <linux/suspend.h> |
| 55#include <linux/siphash.h> |
|
| 55#include <crypto/chacha.h> 56#include <crypto/blake2s.h> 57#include <asm/processor.h> 58#include <asm/irq.h> 59#include <asm/irq_regs.h> 60#include <asm/io.h> 61 62/********************************************************************* --- 1018 unchanged lines hidden (view full) --- 1081 struct work_struct mix; 1082 unsigned long pool[4]; 1083 unsigned long last; 1084 unsigned int count; 1085}; 1086 1087static DEFINE_PER_CPU(struct fast_pool, irq_randomness) = { 1088#ifdef CONFIG_64BIT | 56#include <crypto/chacha.h> 57#include <crypto/blake2s.h> 58#include <asm/processor.h> 59#include <asm/irq.h> 60#include <asm/irq_regs.h> 61#include <asm/io.h> 62 63/********************************************************************* --- 1018 unchanged lines hidden (view full) --- 1082 struct work_struct mix; 1083 unsigned long pool[4]; 1084 unsigned long last; 1085 unsigned int count; 1086}; 1087 1088static DEFINE_PER_CPU(struct fast_pool, irq_randomness) = { 1089#ifdef CONFIG_64BIT |
| 1089 /* SipHash constants */ 1090 .pool = { 0x736f6d6570736575UL, 0x646f72616e646f6dUL, 1091 0x6c7967656e657261UL, 0x7465646279746573UL } | 1090#define FASTMIX_PERM SIPHASH_PERMUTATION 1091 .pool = { SIPHASH_CONST_0, SIPHASH_CONST_1, SIPHASH_CONST_2, SIPHASH_CONST_3 } |
| 1092#else | 1092#else |
| 1093 /* HalfSipHash constants */ 1094 .pool = { 0, 0, 0x6c796765U, 0x74656462U } | 1093#define FASTMIX_PERM HSIPHASH_PERMUTATION 1094 .pool = { HSIPHASH_CONST_0, HSIPHASH_CONST_1, HSIPHASH_CONST_2, HSIPHASH_CONST_3 } |
| 1095#endif 1096}; 1097 1098/* 1099 * This is [Half]SipHash-1-x, starting from an empty key. Because 1100 * the key is fixed, it assumes that its inputs are non-malicious, 1101 * and therefore this has no security on its own. s represents the 1102 * four-word SipHash state, while v represents a two-word input. 1103 */ 1104static void fast_mix(unsigned long s[4], unsigned long v1, unsigned long v2) 1105{ | 1095#endif 1096}; 1097 1098/* 1099 * This is [Half]SipHash-1-x, starting from an empty key. Because 1100 * the key is fixed, it assumes that its inputs are non-malicious, 1101 * and therefore this has no security on its own. s represents the 1102 * four-word SipHash state, while v represents a two-word input. 1103 */ 1104static void fast_mix(unsigned long s[4], unsigned long v1, unsigned long v2) 1105{ |
| 1106#ifdef CONFIG_64BIT 1107#define PERM() do { \ 1108 s[0] += s[1]; s[1] = rol64(s[1], 13); s[1] ^= s[0]; s[0] = rol64(s[0], 32); \ 1109 s[2] += s[3]; s[3] = rol64(s[3], 16); s[3] ^= s[2]; \ 1110 s[0] += s[3]; s[3] = rol64(s[3], 21); s[3] ^= s[0]; \ 1111 s[2] += s[1]; s[1] = rol64(s[1], 17); s[1] ^= s[2]; s[2] = rol64(s[2], 32); \ 1112} while (0) 1113#else 1114#define PERM() do { \ 1115 s[0] += s[1]; s[1] = rol32(s[1], 5); s[1] ^= s[0]; s[0] = rol32(s[0], 16); \ 1116 s[2] += s[3]; s[3] = rol32(s[3], 8); s[3] ^= s[2]; \ 1117 s[0] += s[3]; s[3] = rol32(s[3], 7); s[3] ^= s[0]; \ 1118 s[2] += s[1]; s[1] = rol32(s[1], 13); s[1] ^= s[2]; s[2] = rol32(s[2], 16); \ 1119} while (0) 1120#endif 1121 | |
| 1122 s[3] ^= v1; | 1106 s[3] ^= v1; |
| 1123 PERM(); | 1107 FASTMIX_PERM(s[0], s[1], s[2], s[3]); |
| 1124 s[0] ^= v1; 1125 s[3] ^= v2; | 1108 s[0] ^= v1; 1109 s[3] ^= v2; |
| 1126 PERM(); | 1110 FASTMIX_PERM(s[0], s[1], s[2], s[3]); |
| 1127 s[0] ^= v2; 1128} 1129 1130#ifdef CONFIG_SMP 1131/* 1132 * This function is called when the CPU has just come online, with 1133 * entry CPUHP_AP_RANDOM_ONLINE, just after CPUHP_AP_WORKQUEUE_ONLINE. 1134 */ --- 609 unchanged lines hidden --- | 1111 s[0] ^= v2; 1112} 1113 1114#ifdef CONFIG_SMP 1115/* 1116 * This function is called when the CPU has just come online, with 1117 * entry CPUHP_AP_RANDOM_ONLINE, just after CPUHP_AP_WORKQUEUE_ONLINE. 1118 */ --- 609 unchanged lines hidden --- |