Re: [PATCH 1/6] crypto: DRBG - prepare for more fine-grained tracking of seeding state

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Stephan Müller" <smueller@chronox.de>
To: Herbert Xu <herbert@gondor.apana.org.au>,
	"David S. Miller" <davem@davemloft.net>,
	Nicolai Stange <nstange@suse.de>
Cc: Torsten Duwe <duwe@suse.de>,
	linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
	Nicolai Stange <nstange@suse.de>
Subject: Re: [PATCH 1/6] crypto: DRBG - prepare for more fine-grained tracking of seeding state
Date: Tue, 26 Oct 2021 10:37:21 +0200	[thread overview]
Message-ID: <2351272.LuTyyo00Js@positron.chronox.de> (raw)
In-Reply-To: <20211025092525.12805-2-nstange@suse.de>

Am Montag, 25. Oktober 2021, 11:25:20 CEST schrieb Nicolai Stange:

Hi Nicolai,

> There are two different randomness sources the DRBGs are getting seeded
> from, namely the jitterentropy source (if enabled) and get_random_bytes().
> At initial DRBG seeding time during boot, the latter might not have
> collected sufficient entropy for seeding itself yet and thus, the DRBG
> implementation schedules a reseed work from a random_ready_callback once
> that has happened. This is particularly important for the !->pr DRBG
> instances, for which (almost) no further reseeds are getting triggered
> during their lifetime.
> 
> Because collecting data from the jitterentropy source is a rather expensive
> operation, the aforementioned asynchronously scheduled reseed work
> restricts itself to get_random_bytes() only. That is, it in some sense
> amends the initial DRBG seed derived from jitterentropy output at full
> (estimated) entropy with fresh randomness obtained from get_random_bytes()
> once that has been seeded with sufficient entropy itself.
> 
> With the advent of rng_is_initialized(), there is no real need for doing
> the reseed operation from an asynchronously scheduled work anymore and a
> subsequent patch will make it synchronous by moving it next to related
> logic already present in drbg_generate().
> 
> However, for tracking whether a full reseed including the jitterentropy
> source is required or a "partial" reseed involving only get_random_bytes()
> would be sufficient already, the boolean struct drbg_state's ->seeded
> member must become a tristate value.
> 
> Prepare for this by introducing the new enum drbg_seed_state and change
> struct drbg_state's ->seeded member's type from bool to that type.
> 
> For facilitating review, enum drbg_seed_state is made to only contain
> two members corresponding to the former ->seeded values of false and true
> resp. at this point: DRBG_SEED_STATE_UNSEEDED and DRBG_SEED_STATE_FULL. A
> third one for tracking the intermediate state of "seeded from jitterentropy
> only" will be introduced with a subsequent patch.
> 
> There is no change in behaviour at this point.
> 
> Signed-off-by: Nicolai Stange <nstange@suse.de>

Reviewed-by: Stephan Müller <smueller@chronox.de>

Ciao
Stephan

next prev parent reply	other threads:[~2021-10-26  8:37 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-10-25  9:25 [PATCH 0/6] crypto: DRBG - improve 'nopr' reseeding Nicolai Stange
2021-10-25  9:25 ` [PATCH 1/6] crypto: DRBG - prepare for more fine-grained tracking of seeding state Nicolai Stange
2021-10-26  8:37   ` Stephan Müller [this message]
2021-10-25  9:25 ` [PATCH 2/6] crypto: DRBG - track whether DRBG was seeded with !rng_is_initialized() Nicolai Stange
2021-10-26  8:41   ` Stephan Müller
2021-10-25  9:25 ` [PATCH 3/6] crypto: DRBG - move dynamic ->reseed_threshold adjustments to __drbg_seed() Nicolai Stange
2021-10-26  9:05   ` Stephan Müller
2021-10-25  9:25 ` [PATCH 4/6] crypto: DRBG - make reseeding from get_random_bytes() synchronous Nicolai Stange
2021-10-26  9:19   ` Stephan Müller
2021-10-27  9:19     ` Nicolai Stange
2021-10-27 18:44       ` Stephan Müller
2021-10-25  9:25 ` [PATCH 5/6] crypto: DRBG - make drbg_prepare_hrng() handle jent instantiation errors Nicolai Stange
2021-10-26  9:19   ` Stephan Müller
2021-10-25  9:25 ` [PATCH 6/6] crypto: DRBG - reseed 'nopr' drbgs periodically from get_random_bytes() Nicolai Stange
2021-10-26  9:33   ` Stephan Müller
2021-10-26  8:33 ` [PATCH 0/6] crypto: DRBG - improve 'nopr' reseeding Stephan Müller
2021-10-27  8:40   ` Nicolai Stange
2021-10-27 18:43     ` Stephan Müller

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2351272.LuTyyo00Js@positron.chronox.de \
    --to=smueller@chronox.de \
    --cc=davem@davemloft.net \
    --cc=duwe@suse.de \
    --cc=herbert@gondor.apana.org.au \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=nstange@suse.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.