From: Nicolai Stange <nstange@suse.de>
To: "Stephan Müller" <smueller@chronox.de>,
"Herbert Xu" <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>
Cc: Torsten Duwe <duwe@suse.de>,
linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
Nicolai Stange <nstange@suse.de>
Subject: [PATCH 0/6] crypto: DRBG - improve 'nopr' reseeding
Date: Mon, 25 Oct 2021 11:25:19 +0200 [thread overview]
Message-ID: <20211025092525.12805-1-nstange@suse.de> (raw)
Hi all,
this patchset aims at (hopefully) improving the DRBG code related to
reseeding from get_random_bytes() a bit:
- Replace the asynchronous random_ready_callback based DRBG reseeding
logic with a synchronous solution leveraging rng_is_initialized(). This
move simplifies the code IMO and, as a side-effect, would enable DRBG
users to rely on wait_for_random_bytes() to sync properly with
drbg_generate(), if desired. Implemented by patches 1-5/6.
- Make the 'nopr' DRBGs to reseed themselves every 5min from
get_random_bytes(). This achieves at least kind of a partial prediction
resistance over the time domain at almost no extra cost. Implemented
by patch 6/6, the preceding patches in this series are a prerequisite
for this.
Tested with and without fips_enabled in a x86_64 VM, both with
random.trust_cpu=on and off. As confirmed with a couple of debugging
printks() (added for testing only, not included in this series), DRBGs
have been instantiated with and without rng_is_initialized() evaluating
to true each during my tests and the patched DRBG reseeding code worked as
intended in either case.
Applies to current herbert/cryptodev-2.6.git master.
Many thanks for your comments and remarks!
Nicolai
Nicolai Stange (6):
crypto: DRBG - prepare for more fine-grained tracking of seeding state
crypto: DRBG - track whether DRBG was seeded with
!rng_is_initialized()
crypto: DRBG - move dynamic ->reseed_threshold adjustments to
__drbg_seed()
crypto: DRBG - make reseeding from get_random_bytes() synchronous
crypto: DRBG - make drbg_prepare_hrng() handle jent instantiation
errors
crypto: DRBG - reseed 'nopr' drbgs periodically from
get_random_bytes()
crypto/drbg.c | 145 +++++++++++++++++++++---------------------
include/crypto/drbg.h | 11 +++-
2 files changed, 82 insertions(+), 74 deletions(-)
--
2.26.2
next reply other threads:[~2021-10-25 9:25 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-25 9:25 Nicolai Stange [this message]
2021-10-25 9:25 ` [PATCH 1/6] crypto: DRBG - prepare for more fine-grained tracking of seeding state Nicolai Stange
2021-10-26 8:37 ` Stephan Müller
2021-10-25 9:25 ` [PATCH 2/6] crypto: DRBG - track whether DRBG was seeded with !rng_is_initialized() Nicolai Stange
2021-10-26 8:41 ` Stephan Müller
2021-10-25 9:25 ` [PATCH 3/6] crypto: DRBG - move dynamic ->reseed_threshold adjustments to __drbg_seed() Nicolai Stange
2021-10-26 9:05 ` Stephan Müller
2021-10-25 9:25 ` [PATCH 4/6] crypto: DRBG - make reseeding from get_random_bytes() synchronous Nicolai Stange
2021-10-26 9:19 ` Stephan Müller
2021-10-27 9:19 ` Nicolai Stange
2021-10-27 18:44 ` Stephan Müller
2021-10-25 9:25 ` [PATCH 5/6] crypto: DRBG - make drbg_prepare_hrng() handle jent instantiation errors Nicolai Stange
2021-10-26 9:19 ` Stephan Müller
2021-10-25 9:25 ` [PATCH 6/6] crypto: DRBG - reseed 'nopr' drbgs periodically from get_random_bytes() Nicolai Stange
2021-10-26 9:33 ` Stephan Müller
2021-10-26 8:33 ` [PATCH 0/6] crypto: DRBG - improve 'nopr' reseeding Stephan Müller
2021-10-27 8:40 ` Nicolai Stange
2021-10-27 18:43 ` Stephan Müller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211025092525.12805-1-nstange@suse.de \
--to=nstange@suse.de \
--cc=davem@davemloft.net \
--cc=duwe@suse.de \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=smueller@chronox.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.