| Message ID | 20211115141809.11420-1-nstange@suse.de (mailing list archive) |
|---|---|
| Headers | show |
| Series | crypto: DRBG - improve 'nopr' reseeding | expand |
On Mon, Nov 15, 2021 at 03:18:03PM +0100, Nicolai Stange wrote: > Hi all, > > v1 can be found here: > > https://lore.kernel.org/r/20211025092525.12805-1-nstange@suse.de > > The changes between v1 and v2 are summarized below. > > > Cover letter reproduced 1:1 from v1: > > This patchset aims at (hopefully) improving the DRBG code related to > reseeding from get_random_bytes() a bit: > - Replace the asynchronous random_ready_callback based DRBG reseeding > logic with a synchronous solution leveraging rng_is_initialized(). This > move simplifies the code IMO and, as a side-effect, would enable DRBG > users to rely on wait_for_random_bytes() to sync properly with > drbg_generate(), if desired. Implemented by patches 1-5/6. > - Make the 'nopr' DRBGs to reseed themselves every 5min from > get_random_bytes(). This achieves at least kind of a partial prediction > resistance over the time domain at almost no extra cost. Implemented > by patch 6/6, the preceding patches in this series are a prerequisite > for this. > > Tested with and without fips_enabled in a x86_64 VM, both with > random.trust_cpu=on and off. As confirmed with a couple of debugging > printks() (added for testing only, not included in this series), DRBGs > have been instantiated with and without rng_is_initialized() evaluating > to true each during my tests and the patched DRBG reseeding code worked as > intended in either case. > > Applies to current herbert/cryptodev-2.6.git master. > > > Changes between v1 and v2: > - 4/6: remove redundant goto statement, spotted by Stephan. > > For the unmodified rest, I added Stephan's Reviewed-bys he granted in > reply to v1. > > Many thanks for your comments and remarks! > > Nicolai > > Nicolai Stange (6): > crypto: DRBG - prepare for more fine-grained tracking of seeding state > crypto: DRBG - track whether DRBG was seeded with > !rng_is_initialized() > crypto: DRBG - move dynamic ->reseed_threshold adjustments to > __drbg_seed() > crypto: DRBG - make reseeding from get_random_bytes() synchronous > crypto: DRBG - make drbg_prepare_hrng() handle jent instantiation > errors > crypto: DRBG - reseed 'nopr' drbgs periodically from > get_random_bytes() > > crypto/drbg.c | 143 +++++++++++++++++++++--------------------- > include/crypto/drbg.h | 11 +++- > 2 files changed, 80 insertions(+), 74 deletions(-) All applied. Thanks.
Hi all, v1 can be found here: https://lore.kernel.org/r/20211025092525.12805-1-nstange@suse.de The changes between v1 and v2 are summarized below. Cover letter reproduced 1:1 from v1: This patchset aims at (hopefully) improving the DRBG code related to reseeding from get_random_bytes() a bit: - Replace the asynchronous random_ready_callback based DRBG reseeding logic with a synchronous solution leveraging rng_is_initialized(). This move simplifies the code IMO and, as a side-effect, would enable DRBG users to rely on wait_for_random_bytes() to sync properly with drbg_generate(), if desired. Implemented by patches 1-5/6. - Make the 'nopr' DRBGs to reseed themselves every 5min from get_random_bytes(). This achieves at least kind of a partial prediction resistance over the time domain at almost no extra cost. Implemented by patch 6/6, the preceding patches in this series are a prerequisite for this. Tested with and without fips_enabled in a x86_64 VM, both with random.trust_cpu=on and off. As confirmed with a couple of debugging printks() (added for testing only, not included in this series), DRBGs have been instantiated with and without rng_is_initialized() evaluating to true each during my tests and the patched DRBG reseeding code worked as intended in either case. Applies to current herbert/cryptodev-2.6.git master. Changes between v1 and v2: - 4/6: remove redundant goto statement, spotted by Stephan. For the unmodified rest, I added Stephan's Reviewed-bys he granted in reply to v1. Many thanks for your comments and remarks! Nicolai Nicolai Stange (6): crypto: DRBG - prepare for more fine-grained tracking of seeding state crypto: DRBG - track whether DRBG was seeded with !rng_is_initialized() crypto: DRBG - move dynamic ->reseed_threshold adjustments to __drbg_seed() crypto: DRBG - make reseeding from get_random_bytes() synchronous crypto: DRBG - make drbg_prepare_hrng() handle jent instantiation errors crypto: DRBG - reseed 'nopr' drbgs periodically from get_random_bytes() crypto/drbg.c | 143 +++++++++++++++++++++--------------------- include/crypto/drbg.h | 11 +++- 2 files changed, 80 insertions(+), 74 deletions(-)