Re: DRBG parallel requests - Stephan Mueller

public inbox for linux-crypto@vger.kernel.org
 help / color / mirror / Atom feed

From: Stephan Mueller <smueller@chronox.de>
To: Herbert Xu <herbert@gondor.apana.org.au>,
	Rafael Aquini <aquini@redhat.com>
Cc: Linux Crypto Mailing List <linux-crypto@vger.kernel.org>
Subject: Re: DRBG parallel requests
Date: Thu, 16 Apr 2015 17:13:50 +0200	[thread overview]
Message-ID: <1683076.LPItN49aSW@tauon> (raw)
In-Reply-To: <20150416144455.GA17293@gondor.apana.org.au>

Am Donnerstag, 16. April 2015, 22:44:55 schrieb Herbert Xu:

Hi Herbert, Rafael,

>Hi Stephan:
>
>Currently you can have two users of DRBG issuing requests in
>parallel and end up using the same internal state.  The only
>difference between them is the cycle counter that you inject
>into the DRBG.
>
>I can't see how this is safe as the cycle counter contains minimal
>entropy.  The whole DRBG scheme depends on the fact that states
>are not reused so surely this is a very bad thing?
>
>I think we should just stick with locking the entire generation
>function.

Ok, I can certainly add such a lock. That would simply the code significantly 
as the entire business with the shadow copy goes away.

However, before I aired the DRBG, Rafael reviewed the DRBG. Initially I had 
such a "global" lock during the operation of the DRBG. Rafael's strongest 
comment was to remove the lock in favor of the shadow approach considering 
that this approach scales much better.

Surely, the shadow approach scales better than a global lock. But its drawback 
is the (almost) identical state.

Rafael: do you have any better idea here other than remove the shadow copy 
approach and use a global lock?
>
>The only users of RNG in the crypto API do so in process context
>so we can make it a rule that all users RNG must be in process
>context.

Herbert, which type of lock am I allowed to use? Is a spin lock sufficient or 
shall I use a mutex. I am not fully sure whether the used shash or cipher type 
can sleep.
>
>Cheers,


Ciao
Stephan

next prev parent reply	other threads:[~2015-04-16 15:17 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-04-16 14:44 DRBG parallel requests Herbert Xu
2015-04-16 15:13 ` Stephan Mueller [this message]
2015-04-16 15:30   ` Herbert Xu
2015-04-16 15:36     ` Stephan Mueller

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1683076.LPItN49aSW@tauon \
    --to=smueller@chronox.de \
    --cc=aquini@redhat.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=linux-crypto@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox