* Question - seeding the hw pseudo random number generator @ 2017-03-18 9:25 ` Krzysztof Kozlowski 0 siblings, 0 replies; 24+ messages in thread From: Krzysztof Kozlowski @ 2017-03-18 9:25 UTC (permalink / raw) To: Matt Mackall, Herbert Xu, linux-crypto; +Cc: linux-arm-kernel Hi, I looked at Exynos Pseudo Random Nubmer Generator driver (drivers/char/hw_random/exynos-rng.c) and noticed that it always seeds the device with jiffies. Then I looked at few other drivers and found that they do not seed themself (or at least I couldn't find this). I think the hw_random API does not provide generic infrastructure for seeding. What is the preferred approach for seeding a PRNG device? Use jiffies or a fixed value? Or maybe the interface should be abandoned in favor of crypto API? Best regards, Krzysztof ^ permalink raw reply [flat|nested] 24+ messages in thread
* Question - seeding the hw pseudo random number generator @ 2017-03-18 9:25 ` Krzysztof Kozlowski 0 siblings, 0 replies; 24+ messages in thread From: Krzysztof Kozlowski @ 2017-03-18 9:25 UTC (permalink / raw) To: linux-arm-kernel Hi, I looked at Exynos Pseudo Random Nubmer Generator driver (drivers/char/hw_random/exynos-rng.c) and noticed that it always seeds the device with jiffies. Then I looked at few other drivers and found that they do not seed themself (or at least I couldn't find this). I think the hw_random API does not provide generic infrastructure for seeding. What is the preferred approach for seeding a PRNG device? Use jiffies or a fixed value? Or maybe the interface should be abandoned in favor of crypto API? Best regards, Krzysztof ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: Question - seeding the hw pseudo random number generator 2017-03-18 9:25 ` Krzysztof Kozlowski @ 2017-03-20 6:49 ` PrasannaKumar Muralidharan -1 siblings, 0 replies; 24+ messages in thread From: PrasannaKumar Muralidharan @ 2017-03-20 6:49 UTC (permalink / raw) To: Krzysztof Kozlowski Cc: Matt Mackall, Herbert Xu, linux-crypto, linux-arm-kernel > I looked at Exynos Pseudo Random Nubmer Generator driver > (drivers/char/hw_random/exynos-rng.c) and noticed that it always seeds > the device with jiffies. Then I looked at few other drivers and found > that they do not seed themself (or at least I couldn't find this). HW random interface is meant for true RNG, not pseudo RNG. Actually PRNGs should use AF_ALG interface. I think exynos-rng.c should follow the same. > I think the hw_random API does not provide generic infrastructure for > seeding. > > What is the preferred approach for seeding a PRNG device? Use jiffies or > a fixed value? > > Or maybe the interface should be abandoned in favor of crypto API? AF_ALG interface for rng does have seeding support. I think hw_random does not provide seeding support intentionally as I understand that True RNG need not require seeding (please correct me if I am wrong). Regards, PrasannaKumar ^ permalink raw reply [flat|nested] 24+ messages in thread
* Question - seeding the hw pseudo random number generator @ 2017-03-20 6:49 ` PrasannaKumar Muralidharan 0 siblings, 0 replies; 24+ messages in thread From: PrasannaKumar Muralidharan @ 2017-03-20 6:49 UTC (permalink / raw) To: linux-arm-kernel > I looked at Exynos Pseudo Random Nubmer Generator driver > (drivers/char/hw_random/exynos-rng.c) and noticed that it always seeds > the device with jiffies. Then I looked at few other drivers and found > that they do not seed themself (or at least I couldn't find this). HW random interface is meant for true RNG, not pseudo RNG. Actually PRNGs should use AF_ALG interface. I think exynos-rng.c should follow the same. > I think the hw_random API does not provide generic infrastructure for > seeding. > > What is the preferred approach for seeding a PRNG device? Use jiffies or > a fixed value? > > Or maybe the interface should be abandoned in favor of crypto API? AF_ALG interface for rng does have seeding support. I think hw_random does not provide seeding support intentionally as I understand that True RNG need not require seeding (please correct me if I am wrong). Regards, PrasannaKumar ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: Question - seeding the hw pseudo random number generator 2017-03-20 6:49 ` PrasannaKumar Muralidharan @ 2017-03-20 13:28 ` Herbert Xu -1 siblings, 0 replies; 24+ messages in thread From: Herbert Xu @ 2017-03-20 13:28 UTC (permalink / raw) To: PrasannaKumar Muralidharan Cc: linux-arm-kernel, linux-crypto, Krzysztof Kozlowski, Matt Mackall On Mon, Mar 20, 2017 at 12:19:32PM +0530, PrasannaKumar Muralidharan wrote: > > AF_ALG interface for rng does have seeding support. I think hw_random > does not provide seeding support intentionally as I understand that > True RNG need not require seeding (please correct me if I am wrong). Yes. We should be converting PRNGs in hwrng over to algif_rng. Thanks, -- Email: Herbert Xu <herbert@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt ^ permalink raw reply [flat|nested] 24+ messages in thread
* Question - seeding the hw pseudo random number generator @ 2017-03-20 13:28 ` Herbert Xu 0 siblings, 0 replies; 24+ messages in thread From: Herbert Xu @ 2017-03-20 13:28 UTC (permalink / raw) To: linux-arm-kernel On Mon, Mar 20, 2017 at 12:19:32PM +0530, PrasannaKumar Muralidharan wrote: > > AF_ALG interface for rng does have seeding support. I think hw_random > does not provide seeding support intentionally as I understand that > True RNG need not require seeding (please correct me if I am wrong). Yes. We should be converting PRNGs in hwrng over to algif_rng. Thanks, -- Email: Herbert Xu <herbert@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: Question - seeding the hw pseudo random number generator 2017-03-20 13:28 ` Herbert Xu @ 2017-03-20 13:39 ` Stephan Müller -1 siblings, 0 replies; 24+ messages in thread From: Stephan Müller @ 2017-03-20 13:39 UTC (permalink / raw) To: Herbert Xu Cc: PrasannaKumar Muralidharan, Krzysztof Kozlowski, Matt Mackall, linux-crypto, linux-arm-kernel, Jan Glauber, Harald Freudenberger Am Montag, 20. März 2017, 14:28:58 CET schrieb Herbert Xu: Hi Herbert, > On Mon, Mar 20, 2017 at 12:19:32PM +0530, PrasannaKumar Muralidharan wrote: > > AF_ALG interface for rng does have seeding support. I think hw_random > > does not provide seeding support intentionally as I understand that > > True RNG need not require seeding (please correct me if I am wrong). > > Yes. We should be converting PRNGs in hwrng over to algif_rng. IMHO this not only applies to the PRNGs in drivers/crypto (which should simply register with crypto_register_rngs) but also to ~/hacking/sources/linux/arch/ s390/crypto/prng.c which exports a /dev/prandom file. For the seeding, it may make sense to follow the example given with crypto/ drbg.c using the add_random_ready_callback function. Ciao Stephan ^ permalink raw reply [flat|nested] 24+ messages in thread
* Question - seeding the hw pseudo random number generator @ 2017-03-20 13:39 ` Stephan Müller 0 siblings, 0 replies; 24+ messages in thread From: Stephan Müller @ 2017-03-20 13:39 UTC (permalink / raw) To: linux-arm-kernel Am Montag, 20. M?rz 2017, 14:28:58 CET schrieb Herbert Xu: Hi Herbert, > On Mon, Mar 20, 2017 at 12:19:32PM +0530, PrasannaKumar Muralidharan wrote: > > AF_ALG interface for rng does have seeding support. I think hw_random > > does not provide seeding support intentionally as I understand that > > True RNG need not require seeding (please correct me if I am wrong). > > Yes. We should be converting PRNGs in hwrng over to algif_rng. IMHO this not only applies to the PRNGs in drivers/crypto (which should simply register with crypto_register_rngs) but also to ~/hacking/sources/linux/arch/ s390/crypto/prng.c which exports a /dev/prandom file. For the seeding, it may make sense to follow the example given with crypto/ drbg.c using the add_random_ready_callback function. Ciao Stephan ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: Question - seeding the hw pseudo random number generator 2017-03-20 13:39 ` Stephan Müller @ 2017-03-23 8:03 ` Harald Freudenberger -1 siblings, 0 replies; 24+ messages in thread From: Harald Freudenberger @ 2017-03-23 8:03 UTC (permalink / raw) To: Stephan Müller, Herbert Xu Cc: PrasannaKumar Muralidharan, Krzysztof Kozlowski, Matt Mackall, linux-crypto, linux-arm-kernel, Jan Glauber, Harald Freudenberger On 03/20/2017 02:39 PM, Stephan Müller wrote: > Am Montag, 20. März 2017, 14:28:58 CET schrieb Herbert Xu: > > Hi Herbert, > >> On Mon, Mar 20, 2017 at 12:19:32PM +0530, PrasannaKumar Muralidharan wrote: >>> AF_ALG interface for rng does have seeding support. I think hw_random >>> does not provide seeding support intentionally as I understand that >>> True RNG need not require seeding (please correct me if I am wrong). >> Yes. We should be converting PRNGs in hwrng over to algif_rng. > IMHO this not only applies to the PRNGs in drivers/crypto (which should simply > register with crypto_register_rngs) but also to ~/hacking/sources/linux/arch/ > s390/crypto/prng.c which exports a /dev/prandom file. > > For the seeding, it may make sense to follow the example given with crypto/ > drbg.c using the add_random_ready_callback function. > > Ciao > Stephan > I'll have a look on it. Currently the s390/crypto/prng seeds itself with an algorithm based on the jitter of the very fine granular hardware clock of a s390 machine. There were some thoughts and measurements by an mathematician which let to this algorithm. However, long-term the s390 platform will provide some kind of true hardware random number generator and the idea is to use this for seeding the prng. regards Harald Freudenberger ^ permalink raw reply [flat|nested] 24+ messages in thread
* Question - seeding the hw pseudo random number generator @ 2017-03-23 8:03 ` Harald Freudenberger 0 siblings, 0 replies; 24+ messages in thread From: Harald Freudenberger @ 2017-03-23 8:03 UTC (permalink / raw) To: linux-arm-kernel On 03/20/2017 02:39 PM, Stephan M?ller wrote: > Am Montag, 20. M?rz 2017, 14:28:58 CET schrieb Herbert Xu: > > Hi Herbert, > >> On Mon, Mar 20, 2017 at 12:19:32PM +0530, PrasannaKumar Muralidharan wrote: >>> AF_ALG interface for rng does have seeding support. I think hw_random >>> does not provide seeding support intentionally as I understand that >>> True RNG need not require seeding (please correct me if I am wrong). >> Yes. We should be converting PRNGs in hwrng over to algif_rng. > IMHO this not only applies to the PRNGs in drivers/crypto (which should simply > register with crypto_register_rngs) but also to ~/hacking/sources/linux/arch/ > s390/crypto/prng.c which exports a /dev/prandom file. > > For the seeding, it may make sense to follow the example given with crypto/ > drbg.c using the add_random_ready_callback function. > > Ciao > Stephan > I'll have a look on it. Currently the s390/crypto/prng seeds itself with an algorithm based on the jitter of the very fine granular hardware clock of a s390 machine. There were some thoughts and measurements by an mathematician which let to this algorithm. However, long-term the s390 platform will provide some kind of true hardware random number generator and the idea is to use this for seeding the prng. regards Harald Freudenberger ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: Question - seeding the hw pseudo random number generator 2017-03-23 8:03 ` Harald Freudenberger @ 2017-03-23 11:35 ` Stephan Müller -1 siblings, 0 replies; 24+ messages in thread From: Stephan Müller @ 2017-03-23 11:35 UTC (permalink / raw) To: Harald Freudenberger Cc: Herbert Xu, PrasannaKumar Muralidharan, Krzysztof Kozlowski, Matt Mackall, linux-crypto, linux-arm-kernel, Jan Glauber, Harald Freudenberger Am Donnerstag, 23. März 2017, 09:03:23 CET schrieb Harald Freudenberger: Hi Harald, > I'll have a look on it. Currently the s390/crypto/prng seeds itself with > an algorithm based on the jitter of the very fine granular hardware > clock of a s390 machine. There were some thoughts and measurements > by an mathematician which let to this algorithm. It takes a page and simply writes 512 times the high-res time stamp using get_tod_clock_fast into it. Effectively it uses the same fundamental noise source as the jitterentropy. (A couple of months ago I had to perform an SP800-90B assessment on exactly that code path. :-) ) > However, long-term > the s390 platform will provide some kind of true hardware random number > generator and the idea is to use this for seeding the prng. The question is just that it provides a device file nobody else provides. And the question is whether to consolidate it. If it is a DRNG, the discussion is about consolidating it behind AF_ALG. If it is an RNG with its own noise source (i.e. it provides entropic data by itself), it should rather be placed into drivers/char/hw_random and use the hw-random framework. This framework will also ensure that it may seed the /dev/random device kernel-internally. Ciao Stephan ^ permalink raw reply [flat|nested] 24+ messages in thread
* Question - seeding the hw pseudo random number generator @ 2017-03-23 11:35 ` Stephan Müller 0 siblings, 0 replies; 24+ messages in thread From: Stephan Müller @ 2017-03-23 11:35 UTC (permalink / raw) To: linux-arm-kernel Am Donnerstag, 23. M?rz 2017, 09:03:23 CET schrieb Harald Freudenberger: Hi Harald, > I'll have a look on it. Currently the s390/crypto/prng seeds itself with > an algorithm based on the jitter of the very fine granular hardware > clock of a s390 machine. There were some thoughts and measurements > by an mathematician which let to this algorithm. It takes a page and simply writes 512 times the high-res time stamp using get_tod_clock_fast into it. Effectively it uses the same fundamental noise source as the jitterentropy. (A couple of months ago I had to perform an SP800-90B assessment on exactly that code path. :-) ) > However, long-term > the s390 platform will provide some kind of true hardware random number > generator and the idea is to use this for seeding the prng. The question is just that it provides a device file nobody else provides. And the question is whether to consolidate it. If it is a DRNG, the discussion is about consolidating it behind AF_ALG. If it is an RNG with its own noise source (i.e. it provides entropic data by itself), it should rather be placed into drivers/char/hw_random and use the hw-random framework. This framework will also ensure that it may seed the /dev/random device kernel-internally. Ciao Stephan ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: Question - seeding the hw pseudo random number generator 2017-03-20 13:28 ` Herbert Xu @ 2017-03-20 18:24 ` Krzysztof Kozlowski -1 siblings, 0 replies; 24+ messages in thread From: Krzysztof Kozlowski @ 2017-03-20 18:24 UTC (permalink / raw) To: Herbert Xu Cc: PrasannaKumar Muralidharan, Matt Mackall, linux-crypto, linux-arm-kernel, Stephan Müller On Mon, Mar 20, 2017 at 09:28:58PM +0800, Herbert Xu wrote: > On Mon, Mar 20, 2017 at 12:19:32PM +0530, PrasannaKumar Muralidharan wrote: > > > > AF_ALG interface for rng does have seeding support. I think hw_random > > does not provide seeding support intentionally as I understand that > > True RNG need not require seeding (please correct me if I am wrong). > > Yes. We should be converting PRNGs in hwrng over to algif_rng. The actual hardware block can be seeded from true RNG (taking data from thermal noise) so the solutions (if I understand correctly) for exynos-rng might be: 1. Seed from internal TRNG making it a proper hwrandom device, 2. Convert to AF_ALG and seed with data from user-space through that interface. Thanks for explanation, I'll queue it to my tasks list. Best regards, Krzysztof ^ permalink raw reply [flat|nested] 24+ messages in thread
* Question - seeding the hw pseudo random number generator @ 2017-03-20 18:24 ` Krzysztof Kozlowski 0 siblings, 0 replies; 24+ messages in thread From: Krzysztof Kozlowski @ 2017-03-20 18:24 UTC (permalink / raw) To: linux-arm-kernel On Mon, Mar 20, 2017 at 09:28:58PM +0800, Herbert Xu wrote: > On Mon, Mar 20, 2017 at 12:19:32PM +0530, PrasannaKumar Muralidharan wrote: > > > > AF_ALG interface for rng does have seeding support. I think hw_random > > does not provide seeding support intentionally as I understand that > > True RNG need not require seeding (please correct me if I am wrong). > > Yes. We should be converting PRNGs in hwrng over to algif_rng. The actual hardware block can be seeded from true RNG (taking data from thermal noise) so the solutions (if I understand correctly) for exynos-rng might be: 1. Seed from internal TRNG making it a proper hwrandom device, 2. Convert to AF_ALG and seed with data from user-space through that interface. Thanks for explanation, I'll queue it to my tasks list. Best regards, Krzysztof ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: Question - seeding the hw pseudo random number generator 2017-03-20 13:28 ` Herbert Xu @ 2017-03-23 8:23 ` Corentin Labbe -1 siblings, 0 replies; 24+ messages in thread From: Corentin Labbe @ 2017-03-23 8:23 UTC (permalink / raw) To: Herbert Xu Cc: PrasannaKumar Muralidharan, linux-arm-kernel, linux-crypto, Krzysztof Kozlowski, Matt Mackall On Mon, Mar 20, 2017 at 09:28:58PM +0800, Herbert Xu wrote: > On Mon, Mar 20, 2017 at 12:19:32PM +0530, PrasannaKumar Muralidharan wrote: > > > > AF_ALG interface for rng does have seeding support. I think hw_random > > does not provide seeding support intentionally as I understand that > > True RNG need not require seeding (please correct me if I am wrong). > > Yes. We should be converting PRNGs in hwrng over to algif_rng. > Problem with this conversion, a huge regression for user space. Using hwrng is simple as cat /dev/hwrng. Using algif_rng via AF_ALG is ... unusable for the moment. Perhaps creating an user space tool (prng-tool which provide a cat /dev/hwrng replacement) is mandatory before any convertion. Regards ^ permalink raw reply [flat|nested] 24+ messages in thread
* Question - seeding the hw pseudo random number generator @ 2017-03-23 8:23 ` Corentin Labbe 0 siblings, 0 replies; 24+ messages in thread From: Corentin Labbe @ 2017-03-23 8:23 UTC (permalink / raw) To: linux-arm-kernel On Mon, Mar 20, 2017 at 09:28:58PM +0800, Herbert Xu wrote: > On Mon, Mar 20, 2017 at 12:19:32PM +0530, PrasannaKumar Muralidharan wrote: > > > > AF_ALG interface for rng does have seeding support. I think hw_random > > does not provide seeding support intentionally as I understand that > > True RNG need not require seeding (please correct me if I am wrong). > > Yes. We should be converting PRNGs in hwrng over to algif_rng. > Problem with this conversion, a huge regression for user space. Using hwrng is simple as cat /dev/hwrng. Using algif_rng via AF_ALG is ... unusable for the moment. Perhaps creating an user space tool (prng-tool which provide a cat /dev/hwrng replacement) is mandatory before any convertion. Regards ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: Question - seeding the hw pseudo random number generator 2017-03-23 8:23 ` Corentin Labbe @ 2017-03-23 9:44 ` Herbert Xu -1 siblings, 0 replies; 24+ messages in thread From: Herbert Xu @ 2017-03-23 9:44 UTC (permalink / raw) To: Corentin Labbe Cc: Stephan Müller, PrasannaKumar Muralidharan, Krzysztof Kozlowski, linux-crypto, Matt Mackall, linux-arm-kernel On Thu, Mar 23, 2017 at 09:23:07AM +0100, Corentin Labbe wrote: > > Problem with this conversion, a huge regression for user space. > Using hwrng is simple as cat /dev/hwrng. > Using algif_rng via AF_ALG is ... unusable for the moment. > Perhaps creating an user space tool (prng-tool which provide a cat /dev/hwrng replacement) is mandatory before any convertion. Stephan may have a tool to do this. Stephan? Thanks, -- Email: Herbert Xu <herbert@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt ^ permalink raw reply [flat|nested] 24+ messages in thread
* Question - seeding the hw pseudo random number generator @ 2017-03-23 9:44 ` Herbert Xu 0 siblings, 0 replies; 24+ messages in thread From: Herbert Xu @ 2017-03-23 9:44 UTC (permalink / raw) To: linux-arm-kernel On Thu, Mar 23, 2017 at 09:23:07AM +0100, Corentin Labbe wrote: > > Problem with this conversion, a huge regression for user space. > Using hwrng is simple as cat /dev/hwrng. > Using algif_rng via AF_ALG is ... unusable for the moment. > Perhaps creating an user space tool (prng-tool which provide a cat /dev/hwrng replacement) is mandatory before any convertion. Stephan may have a tool to do this. Stephan? Thanks, -- Email: Herbert Xu <herbert@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: Question - seeding the hw pseudo random number generator 2017-03-23 9:44 ` Herbert Xu @ 2017-03-23 11:44 ` Stephan Müller -1 siblings, 0 replies; 24+ messages in thread From: Stephan Müller @ 2017-03-23 11:44 UTC (permalink / raw) To: Herbert Xu Cc: Corentin Labbe, PrasannaKumar Muralidharan, linux-arm-kernel, linux-crypto, Krzysztof Kozlowski, Matt Mackall Am Donnerstag, 23. März 2017, 10:44:06 CET schrieb Herbert Xu: Hi Herbert, > On Thu, Mar 23, 2017 at 09:23:07AM +0100, Corentin Labbe wrote: > > Problem with this conversion, a huge regression for user space. > > Using hwrng is simple as cat /dev/hwrng. > > Using algif_rng via AF_ALG is ... unusable for the moment. > > Perhaps creating an user space tool (prng-tool which provide a cat > > /dev/hwrng replacement) is mandatory before any convertion. > Stephan may have a tool to do this. Stephan? Creating such tool is more or less trivial. It simply requires the invocation of kcapi_rng_init, kcapi_rng_seed, kcapi_rng_generate and eventually kcapi_rng_destroy from [1]. I can write such a tool if requested. I see one change we need to add to algif_rng.c: currently the caller must provide the specific name of the DRNG to be used. With such a tool, the caller does not care about the type of DRNG. Thus, rng_bind should be changed such that if name is NULL, it should use crypto_get_default_rng(). This would alleviate the caller from selecting "the right" DRNG. [1] http://www.chronox.de/libkcapi.html Ciao Stephan ^ permalink raw reply [flat|nested] 24+ messages in thread
* Question - seeding the hw pseudo random number generator @ 2017-03-23 11:44 ` Stephan Müller 0 siblings, 0 replies; 24+ messages in thread From: Stephan Müller @ 2017-03-23 11:44 UTC (permalink / raw) To: linux-arm-kernel Am Donnerstag, 23. M?rz 2017, 10:44:06 CET schrieb Herbert Xu: Hi Herbert, > On Thu, Mar 23, 2017 at 09:23:07AM +0100, Corentin Labbe wrote: > > Problem with this conversion, a huge regression for user space. > > Using hwrng is simple as cat /dev/hwrng. > > Using algif_rng via AF_ALG is ... unusable for the moment. > > Perhaps creating an user space tool (prng-tool which provide a cat > > /dev/hwrng replacement) is mandatory before any convertion. > Stephan may have a tool to do this. Stephan? Creating such tool is more or less trivial. It simply requires the invocation of kcapi_rng_init, kcapi_rng_seed, kcapi_rng_generate and eventually kcapi_rng_destroy from [1]. I can write such a tool if requested. I see one change we need to add to algif_rng.c: currently the caller must provide the specific name of the DRNG to be used. With such a tool, the caller does not care about the type of DRNG. Thus, rng_bind should be changed such that if name is NULL, it should use crypto_get_default_rng(). This would alleviate the caller from selecting "the right" DRNG. [1] http://www.chronox.de/libkcapi.html Ciao Stephan ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: Question - seeding the hw pseudo random number generator 2017-03-23 9:44 ` Herbert Xu @ 2017-03-23 13:06 ` Stephan Müller -1 siblings, 0 replies; 24+ messages in thread From: Stephan Müller @ 2017-03-23 13:06 UTC (permalink / raw) To: Herbert Xu Cc: Corentin Labbe, PrasannaKumar Muralidharan, linux-arm-kernel, linux-crypto, Krzysztof Kozlowski, Matt Mackall [-- Attachment #1: Type: text/plain, Size: 671 bytes --] Am Donnerstag, 23. März 2017, 10:44:06 CET schrieb Herbert Xu: Hi Herbert, > On Thu, Mar 23, 2017 at 09:23:07AM +0100, Corentin Labbe wrote: > > Problem with this conversion, a huge regression for user space. > > Using hwrng is simple as cat /dev/hwrng. > > Using algif_rng via AF_ALG is ... unusable for the moment. > > Perhaps creating an user space tool (prng-tool which provide a cat > > /dev/hwrng replacement) is mandatory before any convertion. > Stephan may have a tool to do this. Stephan? Here is a suggestion for such a tool that I could add to libkcapi. Naturally, this code is only a demonstrator which lacks some features. Ciao Stephan [-- Attachment #2: kcapi-rng.c --] [-- Type: text/x-csrc, Size: 3542 bytes --] /* * Copyright (C) 2017, Stephan Mueller <smueller@chronox.de> * * License: see COPYING file in root directory * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ALL OF * WHICH ARE HEREBY DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE * USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH * DAMAGE. */ #include <unistd.h> #include <errno.h> #include <limits.h> #include <stdint.h> #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <linux/random.h> #ifdef HAVE_GETRANDOM #include <sys/random.h> #endif #include <kcapi.h> struct kcapi_handle *rng = NULL; static int read_complete(int fd, uint8_t *buf, uint32_t buflen) { ssize_t ret; do { ret = read(fd, buf, buflen); if (0 < ret) { buflen -= ret; buf += ret; } } while ((0 < ret || EINTR == errno || ERESTART == errno) && buflen > 0); if (buflen == 0) return 0; return 1; } static int read_random(uint8_t *buf, uint32_t buflen) { int fd; int ret = 0; fd = open("/dev/urandom", O_RDONLY|O_CLOEXEC); if (0 > fd) return fd; ret = read_complete(fd, buf, buflen); close(fd); return ret; } static int get_random(uint8_t *buf, uint32_t buflen) { if (buflen > INT_MAX) return 1; #ifdef HAVE_GETRANDOM return getrandom(buf, buflen, 0); #else # ifdef __NR_getrandom do { int ret = syscall(__NR_getrandom, buf, buflen, 0); if (0 < ret) { buflen -= ret; buf += ret; } } while ((0 < ret || EINTR == errno || ERESTART == errno) && buflen > 0); if (buflen == 0) return 0; return 1; # else return read_random(buf, buflen); # endif #endif } static void usage(void) { char version[30]; uint32_t ver = kcapi_version(); memset(version, 0, sizeof(version)); kcapi_versionstring(version, sizeof(version)); fprintf(stderr, "\nKernel Crypto API Random Number Gatherer\n"); fprintf(stderr, "\nKernel Crypto API interface library version: %s\n", version); fprintf(stderr, "Reported numeric version number %u\n\n", ver); fprintf(stderr, "Usage:\n"); fprintf(stderr, "\t<NUM>\tNumber of bytes to generate\n"); } int main(int argc, char *argv[]) { int ret; uint8_t buf[64]; unsigned long outlen; if (argc != 2) { usage(); return -EINVAL; } outlen = strtoul(argv[1], NULL, 10); if (outlen == ULONG_MAX) { usage(); return -EINVAL; } ret = kcapi_rng_init(&rng, "drbg_nopr_hmac_sha256", 0); if (ret) return ret; ret = get_random(buf, sizeof(buf)); if (ret) goto out; ret = kcapi_rng_seed(rng, buf, sizeof(buf)); kcapi_memset_secure(buf, 0, sizeof(buf)); if (ret) goto out; while (outlen) { uint32_t todo = (outlen < sizeof(buf)) ? outlen : sizeof(buf); ret = kcapi_rng_generate(rng, buf, todo); if (ret < 0) goto out; if ((uint32_t)ret != todo) { ret = -EFAULT; goto out; } fwrite(&buf, todo, 1, stdout); outlen -= todo; } out: if (rng) kcapi_rng_destroy(rng); kcapi_memset_secure(buf, 0, sizeof(buf)); return ret; } ^ permalink raw reply [flat|nested] 24+ messages in thread
* Question - seeding the hw pseudo random number generator @ 2017-03-23 13:06 ` Stephan Müller 0 siblings, 0 replies; 24+ messages in thread From: Stephan Müller @ 2017-03-23 13:06 UTC (permalink / raw) To: linux-arm-kernel Am Donnerstag, 23. M?rz 2017, 10:44:06 CET schrieb Herbert Xu: Hi Herbert, > On Thu, Mar 23, 2017 at 09:23:07AM +0100, Corentin Labbe wrote: > > Problem with this conversion, a huge regression for user space. > > Using hwrng is simple as cat /dev/hwrng. > > Using algif_rng via AF_ALG is ... unusable for the moment. > > Perhaps creating an user space tool (prng-tool which provide a cat > > /dev/hwrng replacement) is mandatory before any convertion. > Stephan may have a tool to do this. Stephan? Here is a suggestion for such a tool that I could add to libkcapi. Naturally, this code is only a demonstrator which lacks some features. Ciao Stephan -------------- next part -------------- A non-text attachment was scrubbed... Name: kcapi-rng.c Type: text/x-csrc Size: 3542 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/linux-arm-kernel/attachments/20170323/c0d8f632/attachment.bin> ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: Question - seeding the hw pseudo random number generator 2017-03-23 9:44 ` Herbert Xu @ 2017-03-26 4:10 ` Stephan Müller -1 siblings, 0 replies; 24+ messages in thread From: Stephan Müller @ 2017-03-26 4:10 UTC (permalink / raw) To: Herbert Xu Cc: Corentin Labbe, PrasannaKumar Muralidharan, linux-arm-kernel, linux-crypto, Krzysztof Kozlowski, Matt Mackall Am Donnerstag, 23. März 2017, 10:44:06 CEST schrieb Herbert Xu: Hi Herbert, > On Thu, Mar 23, 2017 at 09:23:07AM +0100, Corentin Labbe wrote: > > Problem with this conversion, a huge regression for user space. > > Using hwrng is simple as cat /dev/hwrng. > > Using algif_rng via AF_ALG is ... unusable for the moment. > > Perhaps creating an user space tool (prng-tool which provide a cat > > /dev/hwrng replacement) is mandatory before any convertion. > Stephan may have a tool to do this. Stephan? I added the application kcapi-rng to HEAD of [1]. Create the application with the --enable-kcapi-rngapp configure option. $ kcapi-rng Kernel Crypto API Random Number Gatherer Kernel Crypto API interface library version: libkcapi pre-release 0.13.1 Reported numeric version number 130080 Usage: -b --bytes <BYTES> Number of bytes to generate (required option) -h --help This help information --version Print version -v --verbose Verbose logging, multiple options increase verbosity Data provided at stdin is used to seed the DRNG [1] https://github.com/smuellerDD/libkcapi/ Ciao Stephan ^ permalink raw reply [flat|nested] 24+ messages in thread
* Question - seeding the hw pseudo random number generator @ 2017-03-26 4:10 ` Stephan Müller 0 siblings, 0 replies; 24+ messages in thread From: Stephan Müller @ 2017-03-26 4:10 UTC (permalink / raw) To: linux-arm-kernel Am Donnerstag, 23. M?rz 2017, 10:44:06 CEST schrieb Herbert Xu: Hi Herbert, > On Thu, Mar 23, 2017 at 09:23:07AM +0100, Corentin Labbe wrote: > > Problem with this conversion, a huge regression for user space. > > Using hwrng is simple as cat /dev/hwrng. > > Using algif_rng via AF_ALG is ... unusable for the moment. > > Perhaps creating an user space tool (prng-tool which provide a cat > > /dev/hwrng replacement) is mandatory before any convertion. > Stephan may have a tool to do this. Stephan? I added the application kcapi-rng to HEAD of [1]. Create the application with the --enable-kcapi-rngapp configure option. $ kcapi-rng Kernel Crypto API Random Number Gatherer Kernel Crypto API interface library version: libkcapi pre-release 0.13.1 Reported numeric version number 130080 Usage: -b --bytes <BYTES> Number of bytes to generate (required option) -h --help This help information --version Print version -v --verbose Verbose logging, multiple options increase verbosity Data provided at stdin is used to seed the DRNG [1] https://github.com/smuellerDD/libkcapi/ Ciao Stephan ^ permalink raw reply [flat|nested] 24+ messages in thread
end of thread, other threads:[~2017-03-26 4:10 UTC | newest] Thread overview: 24+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2017-03-18 9:25 Question - seeding the hw pseudo random number generator Krzysztof Kozlowski 2017-03-18 9:25 ` Krzysztof Kozlowski 2017-03-20 6:49 ` PrasannaKumar Muralidharan 2017-03-20 6:49 ` PrasannaKumar Muralidharan 2017-03-20 13:28 ` Herbert Xu 2017-03-20 13:28 ` Herbert Xu 2017-03-20 13:39 ` Stephan Müller 2017-03-20 13:39 ` Stephan Müller 2017-03-23 8:03 ` Harald Freudenberger 2017-03-23 8:03 ` Harald Freudenberger 2017-03-23 11:35 ` Stephan Müller 2017-03-23 11:35 ` Stephan Müller 2017-03-20 18:24 ` Krzysztof Kozlowski 2017-03-20 18:24 ` Krzysztof Kozlowski 2017-03-23 8:23 ` Corentin Labbe 2017-03-23 8:23 ` Corentin Labbe 2017-03-23 9:44 ` Herbert Xu 2017-03-23 9:44 ` Herbert Xu 2017-03-23 11:44 ` Stephan Müller 2017-03-23 11:44 ` Stephan Müller 2017-03-23 13:06 ` Stephan Müller 2017-03-23 13:06 ` Stephan Müller 2017-03-26 4:10 ` Stephan Müller 2017-03-26 4:10 ` Stephan Müller
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.