From: Andrey Smirnov <andrew.smirnov@gmail.com>
To: Horia Geanta <horia.geanta@nxp.com>
Cc: "linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>,
Chris Healy <cphealy@gmail.com>,
Lucas Stach <l.stach@pengutronix.de>,
Herbert Xu <herbert@gondor.apana.org.au>,
Iuliana Prodan <iuliana.prodan@nxp.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
dl-linux-imx <linux-imx@nxp.com>
Subject: Re: [PATCH v6 7/7] crypto: caam - limit single JD RNG output to maximum of 16 bytes
Date: Mon, 27 Jan 2020 05:42:28 -0800 [thread overview]
Message-ID: <CAHQ1cqEohhpY62dqKpi=-hzWDKJMDB1jr1+wM+6KYDBQr8wV=w@mail.gmail.com> (raw)
In-Reply-To: <VI1PR0402MB3485E327703191780AC68BFE98350@VI1PR0402MB3485.eurprd04.prod.outlook.com>
On Mon, Jan 13, 2020 at 6:10 AM Horia Geanta <horia.geanta@nxp.com> wrote:
>
> On 1/8/2020 5:42 PM, Andrey Smirnov wrote:
> > In order to follow recommendation in SP800-90C (section "9.4 The
> > Oversampling-NRBG Construction") limit the output of "generate" JD
> > submitted to CAAM. See
> > https://lore.kernel.org/linux-crypto/VI1PR0402MB3485EF10976A4A69F90E5B0F98580@VI1PR0402MB3485.eurprd04.prod.outlook.com/
> > for more details.
> >
> > This change should make CAAM's hwrng driver good enough to have 999
> > quality rating.
> >
> [...]
> > @@ -241,6 +241,7 @@ int caam_rng_init(struct device *ctrldev)
> > ctx->rng.init = caam_init;
> > ctx->rng.cleanup = caam_cleanup;
> > ctx->rng.read = caam_read;
> > + ctx->rng.quality = 999;
> >
> AFAICS the maximum value of hwrng.quality is 1024.
>
> Any reason why it's configured to be lower, now that CAAM RNG-based DRBG
> is configured to reseed as requested by FIPS spec to behave as a TRNG?
>
Only my reading of the old version of corresponding documentation
which listed this field as being per mil. Will fix in v7.
Thanks,
Andrey Smirnov
next prev parent reply other threads:[~2020-01-27 13:42 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-08 15:40 [PATCH v6 0/7] enable CAAM's HWRNG as default Andrey Smirnov
2020-01-08 15:40 ` [PATCH v6 1/7] crypto: caam - use struct hwrng's .init for initialization Andrey Smirnov
2020-01-08 15:40 ` [PATCH v6 2/7] crypto: caam - drop global context pointer and init_done Andrey Smirnov
2020-01-13 9:41 ` Horia Geanta
2020-01-27 13:44 ` Andrey Smirnov
2020-01-08 15:40 ` [PATCH v6 3/7] crypto: caam - simplify RNG implementation Andrey Smirnov
2020-01-08 15:40 ` [PATCH v6 4/7] crypto: caam - check if RNG job failed Andrey Smirnov
2020-01-08 15:40 ` [PATCH v6 5/7] crypto: caam - invalidate entropy register during RNG initialization Andrey Smirnov
2020-01-08 15:40 ` [PATCH v6 6/7] crypto: caam - enable prediction resistance in HRWNG Andrey Smirnov
2020-01-20 16:38 ` Horia Geanta
2020-01-21 6:20 ` Horia Geanta
2020-01-21 16:38 ` Horia Geanta
2020-01-22 13:37 ` Horia Geanta
2020-01-27 13:45 ` Andrey Smirnov
2020-01-08 15:40 ` [PATCH v6 7/7] crypto: caam - limit single JD RNG output to maximum of 16 bytes Andrey Smirnov
2020-01-13 14:10 ` Horia Geanta
2020-01-27 13:42 ` Andrey Smirnov [this message]
2020-01-22 15:11 ` [PATCH v6 0/7] enable CAAM's HWRNG as default Horia Geanta
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHQ1cqEohhpY62dqKpi=-hzWDKJMDB1jr1+wM+6KYDBQr8wV=w@mail.gmail.com' \
--to=andrew.smirnov@gmail.com \
--cc=cphealy@gmail.com \
--cc=herbert@gondor.apana.org.au \
--cc=horia.geanta@nxp.com \
--cc=iuliana.prodan@nxp.com \
--cc=l.stach@pengutronix.de \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-imx@nxp.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).