From: "Stephan Müller" <smueller@chronox.de>
To: Harald Freudenberger <freude@linux.vnet.ibm.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
PrasannaKumar Muralidharan <prasannatsmkumar@gmail.com>,
Krzysztof Kozlowski <krzk@kernel.org>,
Matt Mackall <mpm@selenic.com>,
linux-crypto@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
Jan Glauber <jan.glauber@de.ibm.com>,
Harald Freudenberger <freude@de.ibm.com>
Subject: Re: Question - seeding the hw pseudo random number generator
Date: Thu, 23 Mar 2017 12:35:56 +0100 [thread overview]
Message-ID: <32410262.FWdrND2fdY@positron.chronox.de> (raw)
In-Reply-To: <602a68ef-c57a-0092-ebe0-161ec602fad6@linux.vnet.ibm.com>
Am Donnerstag, 23. März 2017, 09:03:23 CET schrieb Harald Freudenberger:
Hi Harald,
> I'll have a look on it. Currently the s390/crypto/prng seeds itself with
> an algorithm based on the jitter of the very fine granular hardware
> clock of a s390 machine. There were some thoughts and measurements
> by an mathematician which let to this algorithm.
It takes a page and simply writes 512 times the high-res time stamp using
get_tod_clock_fast into it. Effectively it uses the same fundamental noise
source as the jitterentropy. (A couple of months ago I had to perform an
SP800-90B assessment on exactly that code path. :-) )
> However, long-term
> the s390 platform will provide some kind of true hardware random number
> generator and the idea is to use this for seeding the prng.
The question is just that it provides a device file nobody else provides. And
the question is whether to consolidate it. If it is a DRNG, the discussion is
about consolidating it behind AF_ALG. If it is an RNG with its own noise
source (i.e. it provides entropic data by itself), it should rather be placed
into drivers/char/hw_random and use the hw-random framework. This framework
will also ensure that it may seed the /dev/random device kernel-internally.
Ciao
Stephan
WARNING: multiple messages have this Message-ID (diff)
From: smueller@chronox.de (Stephan Müller)
To: linux-arm-kernel@lists.infradead.org
Subject: Question - seeding the hw pseudo random number generator
Date: Thu, 23 Mar 2017 12:35:56 +0100 [thread overview]
Message-ID: <32410262.FWdrND2fdY@positron.chronox.de> (raw)
In-Reply-To: <602a68ef-c57a-0092-ebe0-161ec602fad6@linux.vnet.ibm.com>
Am Donnerstag, 23. M?rz 2017, 09:03:23 CET schrieb Harald Freudenberger:
Hi Harald,
> I'll have a look on it. Currently the s390/crypto/prng seeds itself with
> an algorithm based on the jitter of the very fine granular hardware
> clock of a s390 machine. There were some thoughts and measurements
> by an mathematician which let to this algorithm.
It takes a page and simply writes 512 times the high-res time stamp using
get_tod_clock_fast into it. Effectively it uses the same fundamental noise
source as the jitterentropy. (A couple of months ago I had to perform an
SP800-90B assessment on exactly that code path. :-) )
> However, long-term
> the s390 platform will provide some kind of true hardware random number
> generator and the idea is to use this for seeding the prng.
The question is just that it provides a device file nobody else provides. And
the question is whether to consolidate it. If it is a DRNG, the discussion is
about consolidating it behind AF_ALG. If it is an RNG with its own noise
source (i.e. it provides entropic data by itself), it should rather be placed
into drivers/char/hw_random and use the hw-random framework. This framework
will also ensure that it may seed the /dev/random device kernel-internally.
Ciao
Stephan
next prev parent reply other threads:[~2017-03-23 11:36 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-18 9:25 Question - seeding the hw pseudo random number generator Krzysztof Kozlowski
2017-03-18 9:25 ` Krzysztof Kozlowski
2017-03-20 6:49 ` PrasannaKumar Muralidharan
2017-03-20 6:49 ` PrasannaKumar Muralidharan
2017-03-20 13:28 ` Herbert Xu
2017-03-20 13:28 ` Herbert Xu
2017-03-20 13:39 ` Stephan Müller
2017-03-20 13:39 ` Stephan Müller
2017-03-23 8:03 ` Harald Freudenberger
2017-03-23 8:03 ` Harald Freudenberger
2017-03-23 11:35 ` Stephan Müller [this message]
2017-03-23 11:35 ` Stephan Müller
2017-03-20 18:24 ` Krzysztof Kozlowski
2017-03-20 18:24 ` Krzysztof Kozlowski
2017-03-23 8:23 ` Corentin Labbe
2017-03-23 8:23 ` Corentin Labbe
2017-03-23 9:44 ` Herbert Xu
2017-03-23 9:44 ` Herbert Xu
2017-03-23 11:44 ` Stephan Müller
2017-03-23 11:44 ` Stephan Müller
2017-03-23 13:06 ` Stephan Müller
2017-03-23 13:06 ` Stephan Müller
2017-03-26 4:10 ` Stephan Müller
2017-03-26 4:10 ` Stephan Müller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=32410262.FWdrND2fdY@positron.chronox.de \
--to=smueller@chronox.de \
--cc=freude@de.ibm.com \
--cc=freude@linux.vnet.ibm.com \
--cc=herbert@gondor.apana.org.au \
--cc=jan.glauber@de.ibm.com \
--cc=krzk@kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=mpm@selenic.com \
--cc=prasannatsmkumar@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.