Age | Commit message (Collapse) | Author |
|
Otherwise timing information might leak information about prior index
entries. We also switch back to an explicit uint64_t because siphash
needs something at least that size.
(This partially reverts 1550e9ba597946c88e3e7e3e8dcf33c13dd76e5b.
Willy's suggestion was wrong.)
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
The C standard states:
A declaration of a parameter as ``array of type'' shall be adjusted to ``qualified pointer to
type'', where the type qualifiers (if any) are those specified within the [ and ] of the
array type derivation. If the keyword static also appears within the [ and ] of the
array type derivation, then for each call to the function, the value of the corresponding
actual argument shall provide access to the first element of an array with at least as many
elements as specified by the size expression.
By changing void func(int array[4]) to void func(int array[static 4]),
we automatically get the compiler checking argument sizes for us, which
is quite nice.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
If /dev/urandom is a NOBUS RNG backdoor, like the infamous Dual_EC_DRBG,
then sending 4 bytes of raw RNG output over the wire directly might not
be such a great idea. This mitigates that vulnerability by, at some
point before the indices are generated, creating a random secret. Then,
for each session index, we simply run SipHash24 on an incrementing
counter.
This is probably overkill because /dev/urandom is probably not a
backdoored RNG, and itself already uses several rounds of SHA-1 for
mixing. If the kernel RNG is backdoored, there may very well be
bigger problems at play. Four bytes is also not so many bytes.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|