All of lore.kernel.org
 help / color / mirror / Atom feed
* [XEN PATCH v1] libxl/arm: provide guests with random seed
@ 2021-05-24  8:00 Sergiy Kibrik
  2021-05-24 13:03 ` Julien Grall
  0 siblings, 1 reply; 5+ messages in thread
From: Sergiy Kibrik @ 2021-05-24  8:00 UTC (permalink / raw)
  To: xen-devel; +Cc: Ian Jackson, Wei Liu, Sergiy Kibrik

Pass random seed via FDT, so that guests' CRNGs are better seeded early at boot.
Depending on its configuration Linux can use the seed as device randomness
or to just quickly initialize CRNG.
In either case this will provide extra randomness to further harden CRNG.

Signed-off-by: Sergiy Kibrik <Sergiy_Kibrik@epam.com>
---
 tools/libxl/libxl_arm.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/tools/libxl/libxl_arm.c b/tools/libxl/libxl_arm.c
index 34f8a29056..05c58a428c 100644
--- a/tools/libxl/libxl_arm.c
+++ b/tools/libxl/libxl_arm.c
@@ -342,6 +342,12 @@ static int make_chosen_node(libxl__gc *gc, void *fdt, bool ramdisk,
         if (res) return res;
     }
 
+    uint8_t seed[128];
+    res = libxl__random_bytes(gc, seed, sizeof(seed));
+    if (res) return res;
+    res = fdt_property(fdt, "rng-seed", seed, sizeof(seed));
+    if (res) return res;
+
     res = fdt_end_node(fdt);
     if (res) return res;
 
-- 
2.25.1



^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: [XEN PATCH v1] libxl/arm: provide guests with random seed
  2021-05-24  8:00 [XEN PATCH v1] libxl/arm: provide guests with random seed Sergiy Kibrik
@ 2021-05-24 13:03 ` Julien Grall
  2021-05-26  9:28   ` Sergiy Kibrik
  0 siblings, 1 reply; 5+ messages in thread
From: Julien Grall @ 2021-05-24 13:03 UTC (permalink / raw)
  To: Sergiy Kibrik, xen-devel; +Cc: Ian Jackson, Wei Liu

Hi,

On 24/05/2021 09:00, Sergiy Kibrik wrote:
> Pass random seed via FDT, so that guests' CRNGs are better seeded early at boot.
> Depending on its configuration Linux can use the seed as device randomness
> or to just quickly initialize CRNG.
> In either case this will provide extra randomness to further harden CRNG.
> 
> Signed-off-by: Sergiy Kibrik <Sergiy_Kibrik@epam.com>
> ---
>   tools/libxl/libxl_arm.c | 6 ++++++
>   1 file changed, 6 insertions(+)
> 
> diff --git a/tools/libxl/libxl_arm.c b/tools/libxl/libxl_arm.c
> index 34f8a29056..05c58a428c 100644
> --- a/tools/libxl/libxl_arm.c
> +++ b/tools/libxl/libxl_arm.c
> @@ -342,6 +342,12 @@ static int make_chosen_node(libxl__gc *gc, void *fdt, bool ramdisk,
>           if (res) return res;
>       }
>   
> +    uint8_t seed[128];

I couldn't find any documentation for the property (although, I have 
found code in Linux). Can you explain where the 128 come from?

Also, local variables should be defined at the beginning of the function.

> +    res = libxl__random_bytes(gc, seed, sizeof(seed)); > +    if (res) return res;
> +    res = fdt_property(fdt, "rng-seed", seed, sizeof(seed));
> +    if (res) return res;
> +
>       res = fdt_end_node(fdt);
>       if (res) return res;

Cheers,

-- 
Julien Grall


^ permalink raw reply	[flat|nested] 5+ messages in thread
* RE: [XEN PATCH v1] libxl/arm: provide guests with random seed
  2021-05-24 13:03 ` Julien Grall
@ 2021-05-26  9:28   ` Sergiy Kibrik
  2021-05-26 16:18     ` Julien Grall
  0 siblings, 1 reply; 5+ messages in thread
From: Sergiy Kibrik @ 2021-05-26  9:28 UTC (permalink / raw)
  To: Julien Grall, xen-devel; +Cc: Ian Jackson, Wei Liu

Hi Julien,

> > diff --git a/tools/libxl/libxl_arm.c b/tools/libxl/libxl_arm.c index
> > 34f8a29056..05c58a428c 100644
> > --- a/tools/libxl/libxl_arm.c
> > +++ b/tools/libxl/libxl_arm.c
> > @@ -342,6 +342,12 @@ static int make_chosen_node(libxl__gc *gc, void
> *fdt, bool ramdisk,
> >           if (res) return res;
> >       }
> >
> > +    uint8_t seed[128];
> 
> I couldn't find any documentation for the property (although, I have found
> code in Linux). Can you explain where the 128 come from?
 
I didn't find documentation either, probably that part is un-documented yet.
This is kind of tradeoff between ChaCha20 key size of 32 (which is used in guest Linux CRNG), and data size that host is expected to provide w/o being blocked or delayed
(which is 256 according to getrandom() man page). In case of 128-bytes seed each byte of CRNG state will be mixed 4 times using bytes from this seed.

> Also, local variables should be defined at the beginning of the function.
> 

Will fix that.

Thank you for review,
  Sergiy

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [XEN PATCH v1] libxl/arm: provide guests with random seed
  2021-05-26  9:28   ` Sergiy Kibrik
@ 2021-05-26 16:18     ` Julien Grall
  2021-05-26 18:36       ` Sergiy Kibrik
  0 siblings, 1 reply; 5+ messages in thread
From: Julien Grall @ 2021-05-26 16:18 UTC (permalink / raw)
  To: Sergiy Kibrik, xen-devel; +Cc: Ian Jackson, Wei Liu



On 26/05/2021 10:28, Sergiy Kibrik wrote:
> Hi Julien,

Hi Sergiy,

>>> diff --git a/tools/libxl/libxl_arm.c b/tools/libxl/libxl_arm.c index
>>> 34f8a29056..05c58a428c 100644
>>> --- a/tools/libxl/libxl_arm.c
>>> +++ b/tools/libxl/libxl_arm.c
>>> @@ -342,6 +342,12 @@ static int make_chosen_node(libxl__gc *gc, void
>> *fdt, bool ramdisk,
>>>            if (res) return res;
>>>        }
>>>
>>> +    uint8_t seed[128];
>>
>> I couldn't find any documentation for the property (although, I have found
>> code in Linux). Can you explain where the 128 come from?
>   
> I didn't find documentation either, probably that part is un-documented yet.
> This is kind of tradeoff between ChaCha20 key size of 32 (which is used in guest Linux CRNG), and data size that host is expected to provide w/o being blocked or delayed
> (which is 256 according to getrandom() man page). In case of 128-bytes seed each byte of CRNG state will be mixed 4 times using bytes from this seed.

Ok. Can the reasoning be documented in the commit message (with a short 
summary in the code)? This would be helpful if in the future one decide 
to change the size of the seed.

Cheers,

-- 
Julien Grall


^ permalink raw reply	[flat|nested] 5+ messages in thread
* RE: [XEN PATCH v1] libxl/arm: provide guests with random seed
  2021-05-26 16:18     ` Julien Grall
@ 2021-05-26 18:36       ` Sergiy Kibrik
  0 siblings, 0 replies; 5+ messages in thread
From: Sergiy Kibrik @ 2021-05-26 18:36 UTC (permalink / raw)
  To: Julien Grall, xen-devel; +Cc: Ian Jackson, Wei Liu

 > Ok. Can the reasoning be documented in the commit message (with a short
> summary in the code)? This would be helpful if in the future one decide to
> change the size of the seed.
> 

Sure, I'll do that.

   -Sergiy

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-05-26 18:37 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-24  8:00 [XEN PATCH v1] libxl/arm: provide guests with random seed Sergiy Kibrik
2021-05-24 13:03 ` Julien Grall
2021-05-26  9:28   ` Sergiy Kibrik
2021-05-26 16:18     ` Julien Grall
2021-05-26 18:36       ` Sergiy Kibrik

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.