From 787055c2605f83a12c126f31861036fc08e8b027 Mon Sep 17 00:00:00 2001 From: Tony Arcieri Date: Tue, 23 Jul 2019 17:40:56 -0700 Subject: [PATCH] yubihsm setup: Collect 256-bits entropy from both RNGs Previously it collected 128-bits entropy from each RNG for a total of 256-bits. This commit expands it to collect 256-bits entropy from each RNG for a total of 512-bits of input key material. This ensures that the desired amount of 256-bits is collected even in the event that one of the two RNGs fails silently. --- src/commands/yubihsm/setup.rs | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/src/commands/yubihsm/setup.rs b/src/commands/yubihsm/setup.rs index 29b5c4a..dc4796b 100644 --- a/src/commands/yubihsm/setup.rs +++ b/src/commands/yubihsm/setup.rs @@ -248,14 +248,16 @@ fn get_hsm_client(hsm_connector: &Connector) -> yubihsm::Client { fn generate_mnemonic_from_hsm_and_os_csprngs(hsm_connector: &Connector) -> Mnemonic { let hsm_client = get_hsm_client(hsm_connector); - // Obtain half of the IKM from the YubiHSM + // Obtain half of the IKM from the YubiHSM (256-bits) let mut ikm = hsm_client - .get_pseudo_random(KEY_SIZE / 2) + .get_pseudo_random(KEY_SIZE) .unwrap_or_else(|e| hsm_error(&e)); - // Obtain another half of the IKM from the host OS - ikm.extend_from_slice(&[0u8; KEY_SIZE / 2]); - OsRng::new().unwrap().fill_bytes(&mut ikm[(KEY_SIZE / 2)..]); + // Obtain another half of the IKM from the host OS (256-bits) + // for a total of 512-bits IKM. This ensures we still get 256-bits + // of good IKM even in the event one of the RNGs fails. + ikm.extend_from_slice(&[0u8; KEY_SIZE]); + OsRng::new().unwrap().fill_bytes(&mut ikm[KEY_SIZE..]); let kdf = Hkdf::::extract(None, &ikm);