* Question - seeding the hw pseudo random number generator
@ 2017-03-18 9:25 ` Krzysztof Kozlowski
0 siblings, 0 replies; 24+ messages in thread
From: Krzysztof Kozlowski @ 2017-03-18 9:25 UTC (permalink / raw)
To: Matt Mackall, Herbert Xu, linux-crypto; +Cc: linux-arm-kernel
Hi,
I looked at Exynos Pseudo Random Nubmer Generator driver
(drivers/char/hw_random/exynos-rng.c) and noticed that it always seeds
the device with jiffies. Then I looked at few other drivers and found
that they do not seed themself (or at least I couldn't find this).
I think the hw_random API does not provide generic infrastructure for
seeding.
What is the preferred approach for seeding a PRNG device? Use jiffies or
a fixed value?
Or maybe the interface should be abandoned in favor of crypto API?
Best regards,
Krzysztof
^ permalink raw reply [flat|nested] 24+ messages in thread
* Question - seeding the hw pseudo random number generator
@ 2017-03-18 9:25 ` Krzysztof Kozlowski
0 siblings, 0 replies; 24+ messages in thread
From: Krzysztof Kozlowski @ 2017-03-18 9:25 UTC (permalink / raw)
To: linux-arm-kernel
Hi,
I looked at Exynos Pseudo Random Nubmer Generator driver
(drivers/char/hw_random/exynos-rng.c) and noticed that it always seeds
the device with jiffies. Then I looked at few other drivers and found
that they do not seed themself (or at least I couldn't find this).
I think the hw_random API does not provide generic infrastructure for
seeding.
What is the preferred approach for seeding a PRNG device? Use jiffies or
a fixed value?
Or maybe the interface should be abandoned in favor of crypto API?
Best regards,
Krzysztof
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: Question - seeding the hw pseudo random number generator
2017-03-18 9:25 ` Krzysztof Kozlowski
@ 2017-03-20 6:49 ` PrasannaKumar Muralidharan
-1 siblings, 0 replies; 24+ messages in thread
From: PrasannaKumar Muralidharan @ 2017-03-20 6:49 UTC (permalink / raw)
To: Krzysztof Kozlowski
Cc: Matt Mackall, Herbert Xu, linux-crypto, linux-arm-kernel
> I looked at Exynos Pseudo Random Nubmer Generator driver
> (drivers/char/hw_random/exynos-rng.c) and noticed that it always seeds
> the device with jiffies. Then I looked at few other drivers and found
> that they do not seed themself (or at least I couldn't find this).
HW random interface is meant for true RNG, not pseudo RNG. Actually
PRNGs should use AF_ALG interface. I think exynos-rng.c should follow
the same.
> I think the hw_random API does not provide generic infrastructure for
> seeding.
>
> What is the preferred approach for seeding a PRNG device? Use jiffies or
> a fixed value?
>
> Or maybe the interface should be abandoned in favor of crypto API?
AF_ALG interface for rng does have seeding support. I think hw_random
does not provide seeding support intentionally as I understand that
True RNG need not require seeding (please correct me if I am wrong).
Regards,
PrasannaKumar
^ permalink raw reply [flat|nested] 24+ messages in thread
* Question - seeding the hw pseudo random number generator
@ 2017-03-20 6:49 ` PrasannaKumar Muralidharan
0 siblings, 0 replies; 24+ messages in thread
From: PrasannaKumar Muralidharan @ 2017-03-20 6:49 UTC (permalink / raw)
To: linux-arm-kernel
> I looked at Exynos Pseudo Random Nubmer Generator driver
> (drivers/char/hw_random/exynos-rng.c) and noticed that it always seeds
> the device with jiffies. Then I looked at few other drivers and found
> that they do not seed themself (or at least I couldn't find this).
HW random interface is meant for true RNG, not pseudo RNG. Actually
PRNGs should use AF_ALG interface. I think exynos-rng.c should follow
the same.
> I think the hw_random API does not provide generic infrastructure for
> seeding.
>
> What is the preferred approach for seeding a PRNG device? Use jiffies or
> a fixed value?
>
> Or maybe the interface should be abandoned in favor of crypto API?
AF_ALG interface for rng does have seeding support. I think hw_random
does not provide seeding support intentionally as I understand that
True RNG need not require seeding (please correct me if I am wrong).
Regards,
PrasannaKumar
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: Question - seeding the hw pseudo random number generator
2017-03-20 6:49 ` PrasannaKumar Muralidharan
@ 2017-03-20 13:28 ` Herbert Xu
-1 siblings, 0 replies; 24+ messages in thread
From: Herbert Xu @ 2017-03-20 13:28 UTC (permalink / raw)
To: PrasannaKumar Muralidharan
Cc: linux-arm-kernel, linux-crypto, Krzysztof Kozlowski, Matt Mackall
On Mon, Mar 20, 2017 at 12:19:32PM +0530, PrasannaKumar Muralidharan wrote:
>
> AF_ALG interface for rng does have seeding support. I think hw_random
> does not provide seeding support intentionally as I understand that
> True RNG need not require seeding (please correct me if I am wrong).
Yes. We should be converting PRNGs in hwrng over to algif_rng.
Thanks,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply [flat|nested] 24+ messages in thread
* Question - seeding the hw pseudo random number generator
@ 2017-03-20 13:28 ` Herbert Xu
0 siblings, 0 replies; 24+ messages in thread
From: Herbert Xu @ 2017-03-20 13:28 UTC (permalink / raw)
To: linux-arm-kernel
On Mon, Mar 20, 2017 at 12:19:32PM +0530, PrasannaKumar Muralidharan wrote:
>
> AF_ALG interface for rng does have seeding support. I think hw_random
> does not provide seeding support intentionally as I understand that
> True RNG need not require seeding (please correct me if I am wrong).
Yes. We should be converting PRNGs in hwrng over to algif_rng.
Thanks,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: Question - seeding the hw pseudo random number generator
2017-03-20 13:28 ` Herbert Xu
@ 2017-03-20 13:39 ` Stephan Müller
-1 siblings, 0 replies; 24+ messages in thread
From: Stephan Müller @ 2017-03-20 13:39 UTC (permalink / raw)
To: Herbert Xu
Cc: PrasannaKumar Muralidharan, Krzysztof Kozlowski, Matt Mackall,
linux-crypto, linux-arm-kernel, Jan Glauber,
Harald Freudenberger
Am Montag, 20. März 2017, 14:28:58 CET schrieb Herbert Xu:
Hi Herbert,
> On Mon, Mar 20, 2017 at 12:19:32PM +0530, PrasannaKumar Muralidharan wrote:
> > AF_ALG interface for rng does have seeding support. I think hw_random
> > does not provide seeding support intentionally as I understand that
> > True RNG need not require seeding (please correct me if I am wrong).
>
> Yes. We should be converting PRNGs in hwrng over to algif_rng.
IMHO this not only applies to the PRNGs in drivers/crypto (which should simply
register with crypto_register_rngs) but also to ~/hacking/sources/linux/arch/
s390/crypto/prng.c which exports a /dev/prandom file.
For the seeding, it may make sense to follow the example given with crypto/
drbg.c using the add_random_ready_callback function.
Ciao
Stephan
^ permalink raw reply [flat|nested] 24+ messages in thread
* Question - seeding the hw pseudo random number generator
@ 2017-03-20 13:39 ` Stephan Müller
0 siblings, 0 replies; 24+ messages in thread
From: Stephan Müller @ 2017-03-20 13:39 UTC (permalink / raw)
To: linux-arm-kernel
Am Montag, 20. M?rz 2017, 14:28:58 CET schrieb Herbert Xu:
Hi Herbert,
> On Mon, Mar 20, 2017 at 12:19:32PM +0530, PrasannaKumar Muralidharan wrote:
> > AF_ALG interface for rng does have seeding support. I think hw_random
> > does not provide seeding support intentionally as I understand that
> > True RNG need not require seeding (please correct me if I am wrong).
>
> Yes. We should be converting PRNGs in hwrng over to algif_rng.
IMHO this not only applies to the PRNGs in drivers/crypto (which should simply
register with crypto_register_rngs) but also to ~/hacking/sources/linux/arch/
s390/crypto/prng.c which exports a /dev/prandom file.
For the seeding, it may make sense to follow the example given with crypto/
drbg.c using the add_random_ready_callback function.
Ciao
Stephan
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: Question - seeding the hw pseudo random number generator
2017-03-20 13:28 ` Herbert Xu
@ 2017-03-20 18:24 ` Krzysztof Kozlowski
-1 siblings, 0 replies; 24+ messages in thread
From: Krzysztof Kozlowski @ 2017-03-20 18:24 UTC (permalink / raw)
To: Herbert Xu
Cc: PrasannaKumar Muralidharan, Matt Mackall, linux-crypto,
linux-arm-kernel, Stephan Müller
On Mon, Mar 20, 2017 at 09:28:58PM +0800, Herbert Xu wrote:
> On Mon, Mar 20, 2017 at 12:19:32PM +0530, PrasannaKumar Muralidharan wrote:
> >
> > AF_ALG interface for rng does have seeding support. I think hw_random
> > does not provide seeding support intentionally as I understand that
> > True RNG need not require seeding (please correct me if I am wrong).
>
> Yes. We should be converting PRNGs in hwrng over to algif_rng.
The actual hardware block can be seeded from true RNG (taking data
from thermal noise) so the solutions (if I understand correctly) for
exynos-rng might be:
1. Seed from internal TRNG making it a proper hwrandom device,
2. Convert to AF_ALG and seed with data from user-space through that
interface.
Thanks for explanation, I'll queue it to my tasks list.
Best regards,
Krzysztof
^ permalink raw reply [flat|nested] 24+ messages in thread
* Question - seeding the hw pseudo random number generator
@ 2017-03-20 18:24 ` Krzysztof Kozlowski
0 siblings, 0 replies; 24+ messages in thread
From: Krzysztof Kozlowski @ 2017-03-20 18:24 UTC (permalink / raw)
To: linux-arm-kernel
On Mon, Mar 20, 2017 at 09:28:58PM +0800, Herbert Xu wrote:
> On Mon, Mar 20, 2017 at 12:19:32PM +0530, PrasannaKumar Muralidharan wrote:
> >
> > AF_ALG interface for rng does have seeding support. I think hw_random
> > does not provide seeding support intentionally as I understand that
> > True RNG need not require seeding (please correct me if I am wrong).
>
> Yes. We should be converting PRNGs in hwrng over to algif_rng.
The actual hardware block can be seeded from true RNG (taking data
from thermal noise) so the solutions (if I understand correctly) for
exynos-rng might be:
1. Seed from internal TRNG making it a proper hwrandom device,
2. Convert to AF_ALG and seed with data from user-space through that
interface.
Thanks for explanation, I'll queue it to my tasks list.
Best regards,
Krzysztof
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: Question - seeding the hw pseudo random number generator
2017-03-20 13:39 ` Stephan Müller
@ 2017-03-23 8:03 ` Harald Freudenberger
-1 siblings, 0 replies; 24+ messages in thread
From: Harald Freudenberger @ 2017-03-23 8:03 UTC (permalink / raw)
To: Stephan Müller, Herbert Xu
Cc: PrasannaKumar Muralidharan, Krzysztof Kozlowski, Matt Mackall,
linux-crypto, linux-arm-kernel, Jan Glauber,
Harald Freudenberger
On 03/20/2017 02:39 PM, Stephan Müller wrote:
> Am Montag, 20. März 2017, 14:28:58 CET schrieb Herbert Xu:
>
> Hi Herbert,
>
>> On Mon, Mar 20, 2017 at 12:19:32PM +0530, PrasannaKumar Muralidharan wrote:
>>> AF_ALG interface for rng does have seeding support. I think hw_random
>>> does not provide seeding support intentionally as I understand that
>>> True RNG need not require seeding (please correct me if I am wrong).
>> Yes. We should be converting PRNGs in hwrng over to algif_rng.
> IMHO this not only applies to the PRNGs in drivers/crypto (which should simply
> register with crypto_register_rngs) but also to ~/hacking/sources/linux/arch/
> s390/crypto/prng.c which exports a /dev/prandom file.
>
> For the seeding, it may make sense to follow the example given with crypto/
> drbg.c using the add_random_ready_callback function.
>
> Ciao
> Stephan
>
I'll have a look on it. Currently the s390/crypto/prng seeds itself with
an algorithm based on the jitter of the very fine granular hardware
clock of a s390 machine. There were some thoughts and measurements
by an mathematician which let to this algorithm. However, long-term
the s390 platform will provide some kind of true hardware random number
generator and the idea is to use this for seeding the prng.
regards
Harald Freudenberger
^ permalink raw reply [flat|nested] 24+ messages in thread
* Question - seeding the hw pseudo random number generator
@ 2017-03-23 8:03 ` Harald Freudenberger
0 siblings, 0 replies; 24+ messages in thread
From: Harald Freudenberger @ 2017-03-23 8:03 UTC (permalink / raw)
To: linux-arm-kernel
On 03/20/2017 02:39 PM, Stephan M?ller wrote:
> Am Montag, 20. M?rz 2017, 14:28:58 CET schrieb Herbert Xu:
>
> Hi Herbert,
>
>> On Mon, Mar 20, 2017 at 12:19:32PM +0530, PrasannaKumar Muralidharan wrote:
>>> AF_ALG interface for rng does have seeding support. I think hw_random
>>> does not provide seeding support intentionally as I understand that
>>> True RNG need not require seeding (please correct me if I am wrong).
>> Yes. We should be converting PRNGs in hwrng over to algif_rng.
> IMHO this not only applies to the PRNGs in drivers/crypto (which should simply
> register with crypto_register_rngs) but also to ~/hacking/sources/linux/arch/
> s390/crypto/prng.c which exports a /dev/prandom file.
>
> For the seeding, it may make sense to follow the example given with crypto/
> drbg.c using the add_random_ready_callback function.
>
> Ciao
> Stephan
>
I'll have a look on it. Currently the s390/crypto/prng seeds itself with
an algorithm based on the jitter of the very fine granular hardware
clock of a s390 machine. There were some thoughts and measurements
by an mathematician which let to this algorithm. However, long-term
the s390 platform will provide some kind of true hardware random number
generator and the idea is to use this for seeding the prng.
regards
Harald Freudenberger
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: Question - seeding the hw pseudo random number generator
2017-03-20 13:28 ` Herbert Xu
@ 2017-03-23 8:23 ` Corentin Labbe
-1 siblings, 0 replies; 24+ messages in thread
From: Corentin Labbe @ 2017-03-23 8:23 UTC (permalink / raw)
To: Herbert Xu
Cc: PrasannaKumar Muralidharan, linux-arm-kernel, linux-crypto,
Krzysztof Kozlowski, Matt Mackall
On Mon, Mar 20, 2017 at 09:28:58PM +0800, Herbert Xu wrote:
> On Mon, Mar 20, 2017 at 12:19:32PM +0530, PrasannaKumar Muralidharan wrote:
> >
> > AF_ALG interface for rng does have seeding support. I think hw_random
> > does not provide seeding support intentionally as I understand that
> > True RNG need not require seeding (please correct me if I am wrong).
>
> Yes. We should be converting PRNGs in hwrng over to algif_rng.
>
Problem with this conversion, a huge regression for user space.
Using hwrng is simple as cat /dev/hwrng.
Using algif_rng via AF_ALG is ... unusable for the moment.
Perhaps creating an user space tool (prng-tool which provide a cat /dev/hwrng replacement) is mandatory before any convertion.
Regards
^ permalink raw reply [flat|nested] 24+ messages in thread
* Question - seeding the hw pseudo random number generator
@ 2017-03-23 8:23 ` Corentin Labbe
0 siblings, 0 replies; 24+ messages in thread
From: Corentin Labbe @ 2017-03-23 8:23 UTC (permalink / raw)
To: linux-arm-kernel
On Mon, Mar 20, 2017 at 09:28:58PM +0800, Herbert Xu wrote:
> On Mon, Mar 20, 2017 at 12:19:32PM +0530, PrasannaKumar Muralidharan wrote:
> >
> > AF_ALG interface for rng does have seeding support. I think hw_random
> > does not provide seeding support intentionally as I understand that
> > True RNG need not require seeding (please correct me if I am wrong).
>
> Yes. We should be converting PRNGs in hwrng over to algif_rng.
>
Problem with this conversion, a huge regression for user space.
Using hwrng is simple as cat /dev/hwrng.
Using algif_rng via AF_ALG is ... unusable for the moment.
Perhaps creating an user space tool (prng-tool which provide a cat /dev/hwrng replacement) is mandatory before any convertion.
Regards
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: Question - seeding the hw pseudo random number generator
2017-03-23 8:23 ` Corentin Labbe
@ 2017-03-23 9:44 ` Herbert Xu
-1 siblings, 0 replies; 24+ messages in thread
From: Herbert Xu @ 2017-03-23 9:44 UTC (permalink / raw)
To: Corentin Labbe
Cc: Stephan Müller, PrasannaKumar Muralidharan,
Krzysztof Kozlowski, linux-crypto, Matt Mackall,
linux-arm-kernel
On Thu, Mar 23, 2017 at 09:23:07AM +0100, Corentin Labbe wrote:
>
> Problem with this conversion, a huge regression for user space.
> Using hwrng is simple as cat /dev/hwrng.
> Using algif_rng via AF_ALG is ... unusable for the moment.
> Perhaps creating an user space tool (prng-tool which provide a cat /dev/hwrng replacement) is mandatory before any convertion.
Stephan may have a tool to do this. Stephan?
Thanks,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply [flat|nested] 24+ messages in thread
* Question - seeding the hw pseudo random number generator
@ 2017-03-23 9:44 ` Herbert Xu
0 siblings, 0 replies; 24+ messages in thread
From: Herbert Xu @ 2017-03-23 9:44 UTC (permalink / raw)
To: linux-arm-kernel
On Thu, Mar 23, 2017 at 09:23:07AM +0100, Corentin Labbe wrote:
>
> Problem with this conversion, a huge regression for user space.
> Using hwrng is simple as cat /dev/hwrng.
> Using algif_rng via AF_ALG is ... unusable for the moment.
> Perhaps creating an user space tool (prng-tool which provide a cat /dev/hwrng replacement) is mandatory before any convertion.
Stephan may have a tool to do this. Stephan?
Thanks,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: Question - seeding the hw pseudo random number generator
2017-03-23 8:03 ` Harald Freudenberger
@ 2017-03-23 11:35 ` Stephan Müller
-1 siblings, 0 replies; 24+ messages in thread
From: Stephan Müller @ 2017-03-23 11:35 UTC (permalink / raw)
To: Harald Freudenberger
Cc: Herbert Xu, PrasannaKumar Muralidharan, Krzysztof Kozlowski,
Matt Mackall, linux-crypto, linux-arm-kernel, Jan Glauber,
Harald Freudenberger
Am Donnerstag, 23. März 2017, 09:03:23 CET schrieb Harald Freudenberger:
Hi Harald,
> I'll have a look on it. Currently the s390/crypto/prng seeds itself with
> an algorithm based on the jitter of the very fine granular hardware
> clock of a s390 machine. There were some thoughts and measurements
> by an mathematician which let to this algorithm.
It takes a page and simply writes 512 times the high-res time stamp using
get_tod_clock_fast into it. Effectively it uses the same fundamental noise
source as the jitterentropy. (A couple of months ago I had to perform an
SP800-90B assessment on exactly that code path. :-) )
> However, long-term
> the s390 platform will provide some kind of true hardware random number
> generator and the idea is to use this for seeding the prng.
The question is just that it provides a device file nobody else provides. And
the question is whether to consolidate it. If it is a DRNG, the discussion is
about consolidating it behind AF_ALG. If it is an RNG with its own noise
source (i.e. it provides entropic data by itself), it should rather be placed
into drivers/char/hw_random and use the hw-random framework. This framework
will also ensure that it may seed the /dev/random device kernel-internally.
Ciao
Stephan
^ permalink raw reply [flat|nested] 24+ messages in thread
* Question - seeding the hw pseudo random number generator
@ 2017-03-23 11:35 ` Stephan Müller
0 siblings, 0 replies; 24+ messages in thread
From: Stephan Müller @ 2017-03-23 11:35 UTC (permalink / raw)
To: linux-arm-kernel
Am Donnerstag, 23. M?rz 2017, 09:03:23 CET schrieb Harald Freudenberger:
Hi Harald,
> I'll have a look on it. Currently the s390/crypto/prng seeds itself with
> an algorithm based on the jitter of the very fine granular hardware
> clock of a s390 machine. There were some thoughts and measurements
> by an mathematician which let to this algorithm.
It takes a page and simply writes 512 times the high-res time stamp using
get_tod_clock_fast into it. Effectively it uses the same fundamental noise
source as the jitterentropy. (A couple of months ago I had to perform an
SP800-90B assessment on exactly that code path. :-) )
> However, long-term
> the s390 platform will provide some kind of true hardware random number
> generator and the idea is to use this for seeding the prng.
The question is just that it provides a device file nobody else provides. And
the question is whether to consolidate it. If it is a DRNG, the discussion is
about consolidating it behind AF_ALG. If it is an RNG with its own noise
source (i.e. it provides entropic data by itself), it should rather be placed
into drivers/char/hw_random and use the hw-random framework. This framework
will also ensure that it may seed the /dev/random device kernel-internally.
Ciao
Stephan
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: Question - seeding the hw pseudo random number generator
2017-03-23 9:44 ` Herbert Xu
@ 2017-03-23 11:44 ` Stephan Müller
-1 siblings, 0 replies; 24+ messages in thread
From: Stephan Müller @ 2017-03-23 11:44 UTC (permalink / raw)
To: Herbert Xu
Cc: Corentin Labbe, PrasannaKumar Muralidharan, linux-arm-kernel,
linux-crypto, Krzysztof Kozlowski, Matt Mackall
Am Donnerstag, 23. März 2017, 10:44:06 CET schrieb Herbert Xu:
Hi Herbert,
> On Thu, Mar 23, 2017 at 09:23:07AM +0100, Corentin Labbe wrote:
> > Problem with this conversion, a huge regression for user space.
> > Using hwrng is simple as cat /dev/hwrng.
> > Using algif_rng via AF_ALG is ... unusable for the moment.
> > Perhaps creating an user space tool (prng-tool which provide a cat
> > /dev/hwrng replacement) is mandatory before any convertion.
> Stephan may have a tool to do this. Stephan?
Creating such tool is more or less trivial. It simply requires the invocation
of kcapi_rng_init, kcapi_rng_seed, kcapi_rng_generate and eventually
kcapi_rng_destroy from [1]. I can write such a tool if requested.
I see one change we need to add to algif_rng.c: currently the caller must
provide the specific name of the DRNG to be used. With such a tool, the caller
does not care about the type of DRNG. Thus, rng_bind should be changed such
that if name is NULL, it should use crypto_get_default_rng(). This would
alleviate the caller from selecting "the right" DRNG.
[1] http://www.chronox.de/libkcapi.html
Ciao
Stephan
^ permalink raw reply [flat|nested] 24+ messages in thread
* Question - seeding the hw pseudo random number generator
@ 2017-03-23 11:44 ` Stephan Müller
0 siblings, 0 replies; 24+ messages in thread
From: Stephan Müller @ 2017-03-23 11:44 UTC (permalink / raw)
To: linux-arm-kernel
Am Donnerstag, 23. M?rz 2017, 10:44:06 CET schrieb Herbert Xu:
Hi Herbert,
> On Thu, Mar 23, 2017 at 09:23:07AM +0100, Corentin Labbe wrote:
> > Problem with this conversion, a huge regression for user space.
> > Using hwrng is simple as cat /dev/hwrng.
> > Using algif_rng via AF_ALG is ... unusable for the moment.
> > Perhaps creating an user space tool (prng-tool which provide a cat
> > /dev/hwrng replacement) is mandatory before any convertion.
> Stephan may have a tool to do this. Stephan?
Creating such tool is more or less trivial. It simply requires the invocation
of kcapi_rng_init, kcapi_rng_seed, kcapi_rng_generate and eventually
kcapi_rng_destroy from [1]. I can write such a tool if requested.
I see one change we need to add to algif_rng.c: currently the caller must
provide the specific name of the DRNG to be used. With such a tool, the caller
does not care about the type of DRNG. Thus, rng_bind should be changed such
that if name is NULL, it should use crypto_get_default_rng(). This would
alleviate the caller from selecting "the right" DRNG.
[1] http://www.chronox.de/libkcapi.html
Ciao
Stephan
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: Question - seeding the hw pseudo random number generator
2017-03-23 9:44 ` Herbert Xu
@ 2017-03-23 13:06 ` Stephan Müller
-1 siblings, 0 replies; 24+ messages in thread
From: Stephan Müller @ 2017-03-23 13:06 UTC (permalink / raw)
To: Herbert Xu
Cc: Corentin Labbe, PrasannaKumar Muralidharan, linux-arm-kernel,
linux-crypto, Krzysztof Kozlowski, Matt Mackall
[-- Attachment #1: Type: text/plain, Size: 671 bytes --]
Am Donnerstag, 23. März 2017, 10:44:06 CET schrieb Herbert Xu:
Hi Herbert,
> On Thu, Mar 23, 2017 at 09:23:07AM +0100, Corentin Labbe wrote:
> > Problem with this conversion, a huge regression for user space.
> > Using hwrng is simple as cat /dev/hwrng.
> > Using algif_rng via AF_ALG is ... unusable for the moment.
> > Perhaps creating an user space tool (prng-tool which provide a cat
> > /dev/hwrng replacement) is mandatory before any convertion.
> Stephan may have a tool to do this. Stephan?
Here is a suggestion for such a tool that I could add to libkcapi. Naturally,
this code is only a demonstrator which lacks some features.
Ciao
Stephan
[-- Attachment #2: kcapi-rng.c --]
[-- Type: text/x-csrc, Size: 3542 bytes --]
/*
* Copyright (C) 2017, Stephan Mueller <smueller@chronox.de>
*
* License: see COPYING file in root directory
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ALL OF
* WHICH ARE HEREBY DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
* OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
* USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH
* DAMAGE.
*/
#include <unistd.h>
#include <errno.h>
#include <limits.h>
#include <stdint.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <linux/random.h>
#ifdef HAVE_GETRANDOM
#include <sys/random.h>
#endif
#include <kcapi.h>
struct kcapi_handle *rng = NULL;
static int read_complete(int fd, uint8_t *buf, uint32_t buflen)
{
ssize_t ret;
do {
ret = read(fd, buf, buflen);
if (0 < ret) {
buflen -= ret;
buf += ret;
}
} while ((0 < ret || EINTR == errno || ERESTART == errno)
&& buflen > 0);
if (buflen == 0)
return 0;
return 1;
}
static int read_random(uint8_t *buf, uint32_t buflen)
{
int fd;
int ret = 0;
fd = open("/dev/urandom", O_RDONLY|O_CLOEXEC);
if (0 > fd)
return fd;
ret = read_complete(fd, buf, buflen);
close(fd);
return ret;
}
static int get_random(uint8_t *buf, uint32_t buflen)
{
if (buflen > INT_MAX)
return 1;
#ifdef HAVE_GETRANDOM
return getrandom(buf, buflen, 0);
#else
# ifdef __NR_getrandom
do {
int ret = syscall(__NR_getrandom, buf, buflen, 0);
if (0 < ret) {
buflen -= ret;
buf += ret;
}
} while ((0 < ret || EINTR == errno || ERESTART == errno)
&& buflen > 0);
if (buflen == 0)
return 0;
return 1;
# else
return read_random(buf, buflen);
# endif
#endif
}
static void usage(void)
{
char version[30];
uint32_t ver = kcapi_version();
memset(version, 0, sizeof(version));
kcapi_versionstring(version, sizeof(version));
fprintf(stderr, "\nKernel Crypto API Random Number Gatherer\n");
fprintf(stderr, "\nKernel Crypto API interface library version: %s\n", version);
fprintf(stderr, "Reported numeric version number %u\n\n", ver);
fprintf(stderr, "Usage:\n");
fprintf(stderr, "\t<NUM>\tNumber of bytes to generate\n");
}
int main(int argc, char *argv[])
{
int ret;
uint8_t buf[64];
unsigned long outlen;
if (argc != 2) {
usage();
return -EINVAL;
}
outlen = strtoul(argv[1], NULL, 10);
if (outlen == ULONG_MAX) {
usage();
return -EINVAL;
}
ret = kcapi_rng_init(&rng, "drbg_nopr_hmac_sha256", 0);
if (ret)
return ret;
ret = get_random(buf, sizeof(buf));
if (ret)
goto out;
ret = kcapi_rng_seed(rng, buf, sizeof(buf));
kcapi_memset_secure(buf, 0, sizeof(buf));
if (ret)
goto out;
while (outlen) {
uint32_t todo = (outlen < sizeof(buf)) ? outlen : sizeof(buf);
ret = kcapi_rng_generate(rng, buf, todo);
if (ret < 0)
goto out;
if ((uint32_t)ret != todo) {
ret = -EFAULT;
goto out;
}
fwrite(&buf, todo, 1, stdout);
outlen -= todo;
}
out:
if (rng)
kcapi_rng_destroy(rng);
kcapi_memset_secure(buf, 0, sizeof(buf));
return ret;
}
^ permalink raw reply [flat|nested] 24+ messages in thread
* Question - seeding the hw pseudo random number generator
@ 2017-03-23 13:06 ` Stephan Müller
0 siblings, 0 replies; 24+ messages in thread
From: Stephan Müller @ 2017-03-23 13:06 UTC (permalink / raw)
To: linux-arm-kernel
Am Donnerstag, 23. M?rz 2017, 10:44:06 CET schrieb Herbert Xu:
Hi Herbert,
> On Thu, Mar 23, 2017 at 09:23:07AM +0100, Corentin Labbe wrote:
> > Problem with this conversion, a huge regression for user space.
> > Using hwrng is simple as cat /dev/hwrng.
> > Using algif_rng via AF_ALG is ... unusable for the moment.
> > Perhaps creating an user space tool (prng-tool which provide a cat
> > /dev/hwrng replacement) is mandatory before any convertion.
> Stephan may have a tool to do this. Stephan?
Here is a suggestion for such a tool that I could add to libkcapi. Naturally,
this code is only a demonstrator which lacks some features.
Ciao
Stephan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: kcapi-rng.c
Type: text/x-csrc
Size: 3542 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/linux-arm-kernel/attachments/20170323/c0d8f632/attachment.bin>
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: Question - seeding the hw pseudo random number generator
2017-03-23 9:44 ` Herbert Xu
@ 2017-03-26 4:10 ` Stephan Müller
-1 siblings, 0 replies; 24+ messages in thread
From: Stephan Müller @ 2017-03-26 4:10 UTC (permalink / raw)
To: Herbert Xu
Cc: Corentin Labbe, PrasannaKumar Muralidharan, linux-arm-kernel,
linux-crypto, Krzysztof Kozlowski, Matt Mackall
Am Donnerstag, 23. März 2017, 10:44:06 CEST schrieb Herbert Xu:
Hi Herbert,
> On Thu, Mar 23, 2017 at 09:23:07AM +0100, Corentin Labbe wrote:
> > Problem with this conversion, a huge regression for user space.
> > Using hwrng is simple as cat /dev/hwrng.
> > Using algif_rng via AF_ALG is ... unusable for the moment.
> > Perhaps creating an user space tool (prng-tool which provide a cat
> > /dev/hwrng replacement) is mandatory before any convertion.
> Stephan may have a tool to do this. Stephan?
I added the application kcapi-rng to HEAD of [1]. Create the application with
the --enable-kcapi-rngapp configure option.
$ kcapi-rng
Kernel Crypto API Random Number Gatherer
Kernel Crypto API interface library version: libkcapi pre-release 0.13.1
Reported numeric version number 130080
Usage:
-b --bytes <BYTES> Number of bytes to generate (required option)
-h --help This help information
--version Print version
-v --verbose Verbose logging, multiple options increase verbosity
Data provided at stdin is used to seed the DRNG
[1] https://github.com/smuellerDD/libkcapi/
Ciao
Stephan
^ permalink raw reply [flat|nested] 24+ messages in thread
* Question - seeding the hw pseudo random number generator
@ 2017-03-26 4:10 ` Stephan Müller
0 siblings, 0 replies; 24+ messages in thread
From: Stephan Müller @ 2017-03-26 4:10 UTC (permalink / raw)
To: linux-arm-kernel
Am Donnerstag, 23. M?rz 2017, 10:44:06 CEST schrieb Herbert Xu:
Hi Herbert,
> On Thu, Mar 23, 2017 at 09:23:07AM +0100, Corentin Labbe wrote:
> > Problem with this conversion, a huge regression for user space.
> > Using hwrng is simple as cat /dev/hwrng.
> > Using algif_rng via AF_ALG is ... unusable for the moment.
> > Perhaps creating an user space tool (prng-tool which provide a cat
> > /dev/hwrng replacement) is mandatory before any convertion.
> Stephan may have a tool to do this. Stephan?
I added the application kcapi-rng to HEAD of [1]. Create the application with
the --enable-kcapi-rngapp configure option.
$ kcapi-rng
Kernel Crypto API Random Number Gatherer
Kernel Crypto API interface library version: libkcapi pre-release 0.13.1
Reported numeric version number 130080
Usage:
-b --bytes <BYTES> Number of bytes to generate (required option)
-h --help This help information
--version Print version
-v --verbose Verbose logging, multiple options increase verbosity
Data provided at stdin is used to seed the DRNG
[1] https://github.com/smuellerDD/libkcapi/
Ciao
Stephan
^ permalink raw reply [flat|nested] 24+ messages in thread
end of thread, other threads:[~2017-03-26 4:10 UTC | newest]
Thread overview: 24+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-03-18 9:25 Question - seeding the hw pseudo random number generator Krzysztof Kozlowski
2017-03-18 9:25 ` Krzysztof Kozlowski
2017-03-20 6:49 ` PrasannaKumar Muralidharan
2017-03-20 6:49 ` PrasannaKumar Muralidharan
2017-03-20 13:28 ` Herbert Xu
2017-03-20 13:28 ` Herbert Xu
2017-03-20 13:39 ` Stephan Müller
2017-03-20 13:39 ` Stephan Müller
2017-03-23 8:03 ` Harald Freudenberger
2017-03-23 8:03 ` Harald Freudenberger
2017-03-23 11:35 ` Stephan Müller
2017-03-23 11:35 ` Stephan Müller
2017-03-20 18:24 ` Krzysztof Kozlowski
2017-03-20 18:24 ` Krzysztof Kozlowski
2017-03-23 8:23 ` Corentin Labbe
2017-03-23 8:23 ` Corentin Labbe
2017-03-23 9:44 ` Herbert Xu
2017-03-23 9:44 ` Herbert Xu
2017-03-23 11:44 ` Stephan Müller
2017-03-23 11:44 ` Stephan Müller
2017-03-23 13:06 ` Stephan Müller
2017-03-23 13:06 ` Stephan Müller
2017-03-26 4:10 ` Stephan Müller
2017-03-26 4:10 ` Stephan Müller
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.