scottk/OpenCellular
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/OpenCellular.git synced 2026-01-10 17:41:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

mount-encrypted: add error reporting to RNG failures

Browse Source 
In the case of the TPM getting into a permanent failure mode
(e.g. crosbug.com/p/15785), the entropy system was not trying harder to
get entropy (i.e. falling back to system RNG), and was just using
whatever happened to be on the stack.

This adds the system RNG to the fallback list:
- try TPM RNG
- try system RNG
- use uninitialized stack contents

The reason for the last one being used is so we can make sure we're
getting a system up. It is extremely unlikely for both the TPM and
the system RNGs to be broken and if they are, it's likely a relatively
permanent failure condition. If we abort in this state, we'll cause an
infinite repair loop which is a very bad user experience. Instead, get
the system up using terrible entropy so the conditions can be examined.

BUG=chrome-os-partner:15960
TEST=daisy build with instrumented kernel tpm driver to always fail
BRANCH=none

Change-Id: I92c454925a78bb0d94262cdb3914c1b72010450e
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/38751
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
This commit is contained in:
Kees Cook
2012-11-27 10:01:12 -08:00
committed by Gerrit
parent 8a42c2718f
commit ca44b077a8
1 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
utility/mount-encrypted.c
View File

@@ -453,10 +453,14 @@ static int get_random_bytes_tpm(unsigned char *buffer, int wanted)
/* Returns 1 on success, 0 on failure. */
static int get_random_bytes(unsigned char *buffer, int wanted)
{
if (has_tpm)
return get_random_bytes_tpm(buffer, wanted);
else
return RAND_bytes(buffer, wanted);
if (has_tpm && get_random_bytes_tpm(buffer, wanted))
return 1;
if (RAND_bytes(buffer, wanted))
return 1;
SSL_ERROR("RAND_bytes");
return 0;
}
static char *choose_encryption_key(void)
@@ -464,7 +468,8 @@ static char *choose_encryption_key(void)
unsigned char rand_bytes[DIGEST_LENGTH];
unsigned char digest[DIGEST_LENGTH];
get_random_bytes(rand_bytes, sizeof(rand_bytes));
if (!get_random_bytes(rand_bytes, sizeof(rand_bytes)))
ERROR("No entropy source found -- using uninitialized stack");
SHA256(rand_bytes, DIGEST_LENGTH, digest);
debug_dump_hex("encryption key", digest, DIGEST_LENGTH);