[PATCH v5 3/5] crypto: drbg - add async seeding operation

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Stephan Mueller <smueller@chronox.de>
To: herbert@gondor.apana.org.au
Cc: pebolle@tiscali.nl, andreas.steffen@strongswan.org,
	tytso@mit.edu, sandyinchina@gmail.com,
	linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org
Subject: [PATCH v5 3/5] crypto: drbg - add async seeding operation
Date: Fri, 08 May 2015 08:42:39 +0200	[thread overview]
Message-ID: <1460105.AAHe4NZh41@tachyon.chronox.de> (raw)
In-Reply-To: <1887272.cxqymnQQZn@tachyon.chronox.de>

The async seeding operation is triggered during initalization right
after the first non-blocking seeding is completed. As required by the
asynchronous operation of random.c, a callback function is provided that
is triggered by random.c once entropy is available. That callback
function performs the actual seeding of the DRBG.

CC: Andreas Steffen <andreas.steffen@strongswan.org>
CC: Theodore Ts'o <tytso@mit.edu>
CC: Sandy Harris <sandyinchina@gmail.com>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
 crypto/drbg.c         | 41 +++++++++++++++++++++++++++++++++++++++++
 include/crypto/drbg.h |  1 +
 2 files changed, 42 insertions(+)

diff --git a/crypto/drbg.c b/crypto/drbg.c
index 36dfece..693dac4 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
@@ -1056,6 +1056,40 @@ static inline int __drbg_seed(struct drbg_state *drbg, struct list_head *seed,
 	return ret;
 }
 
+/* DRBG callback for obtaining data from the async Linux RNG */
+static void drbg_async_seed_cb(void *buf, ssize_t buflen, void *private)
+{
+	struct drbg_string data;
+	LIST_HEAD(seedlist);
+	struct drbg_state *drbg = (struct drbg_state *)private;
+	int ret = 0;
+
+	if (buflen <= 0 || !buf)
+		return;
+
+	drbg_string_fill(&data, buf, buflen);
+	list_add_tail(&data.list, &seedlist);
+	/* sanity check to verify that there is still a DRBG instance */
+	if (!drbg)
+		return;
+	mutex_lock(&drbg->drbg_mutex);
+	/* sanity check to verify that the DRBG instance is valid */
+	if (!drbg->V) {
+		mutex_unlock(&drbg->drbg_mutex);
+		return;
+	}
+	ret = __drbg_seed(drbg, &seedlist, true);
+	memzero_explicit(buf, buflen);
+	mutex_unlock(&drbg->drbg_mutex);
+}
+
+/* Cancel any outstanding async operation and wait for their completion */
+static inline void drbg_async_work_cancel(struct random_work *work)
+{
+	get_blocking_random_bytes_cancel(work);
+	cancel_work_sync(&work->rw_work);
+}
+
 /*
  * Seeding or reseeding of the DRBG
  *
@@ -1125,6 +1159,12 @@ static int drbg_seed(struct drbg_state *drbg, struct drbg_string *pers,
 	if (!reseed)
 		drbg->seed_buf_len = drbg->seed_buf_len / 3 * 2;
 
+	/* Invoke asynchronous seeding unless DRBG is in test mode. */
+	if (!list_empty(&drbg->test_data.list))
+		get_blocking_random_bytes_cb(NULL, &drbg->seed_work,
+					     drbg->seed_buf, drbg->seed_buf_len,
+					     drbg, drbg_async_seed_cb);
+
 out:
 	return ret;
 }
@@ -1487,6 +1527,7 @@ unlock:
  */
 static int drbg_uninstantiate(struct drbg_state *drbg)
 {
+	drbg_async_work_cancel(&drbg->seed_work);
 	if (drbg->d_ops)
 		drbg->d_ops->crypto_fini(drbg);
 	drbg_dealloc_state(drbg);
diff --git a/include/crypto/drbg.h b/include/crypto/drbg.h
index b052698..e4980a1 100644
--- a/include/crypto/drbg.h
+++ b/include/crypto/drbg.h
@@ -119,6 +119,7 @@ struct drbg_state {
 	bool fips_primed;	/* Continuous test primed? */
 	unsigned char *prev;	/* FIPS 140-2 continuous test value */
 #endif
+	struct random_work seed_work;	/* asynchronous seeding support */
 	u8 *seed_buf;			/* buffer holding the seed */
 	size_t seed_buf_len;
 	const struct drbg_state_ops *d_ops;
-- 
2.1.0

next prev parent reply	other threads:[~2015-05-08  6:44 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-05-08  6:40 [PATCH v5 0/5] Seeding DRBG with more entropy Stephan Mueller
2015-05-08  6:41 ` [PATCH v5 1/5] random: Async and sync API for accessing nonblocking_pool Stephan Mueller
2015-05-11  6:57   ` Herbert Xu
2015-05-11  7:30     ` Stephan Mueller
2015-05-11  9:28       ` Herbert Xu
2015-05-08  6:42 ` [PATCH v5 2/5] crypto: drbg - prepare for async seeding Stephan Mueller
2015-05-08  6:42 ` Stephan Mueller [this message]
2015-05-08  6:43 ` [PATCH v5 4/5] crypto: drbg - use Jitter RNG to obtain seed Stephan Mueller
2015-05-08  6:44 ` [PATCH v5 5/5] crypto: add jitterentropy RNG Stephan Mueller

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:36dfece dfblob:693dac4 dfblob:b052698 dfblob:e4980a1 )
 OR (
bs:"[PATCH v5 3/5] crypto: drbg - add async seeding operation" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1460105.AAHe4NZh41@tachyon.chronox.de \
    --to=smueller@chronox.de \
    --cc=andreas.steffen@strongswan.org \
    --cc=herbert@gondor.apana.org.au \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=pebolle@tiscali.nl \
    --cc=sandyinchina@gmail.com \
    --cc=tytso@mit.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.