From: "Theodore Ts'o" <tytso@mit.edu>
To: Sandy Harris <sandyinchina@gmail.com>
Cc: Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
"Jason A. Donenfeld" <Jason@zx2c4.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Subject: Re: [PATCH 3/4] random: get_source_long() function
Date: Thu, 10 Feb 2022 10:42:46 -0500 [thread overview]
Message-ID: <YgUydpc+ftvl7Y6+@mit.edu> (raw)
In-Reply-To: <CACXcFm=whnpd3v5gJAoTJ-pL27NOOkMKvD3W_RQXy1kj2B6p=g@mail.gmail.com>
On Thu, Feb 10, 2022 at 10:41:53PM +0800, Sandy Harris wrote:
> +/**************************************************************************
> + * Load a 64-bit word with data from whatever source we have
> + *
> + * arch_get_random_long()
> + * hardware RNG
> + * emulated HWRNG in a VM
> + *
> + * When there are two sources, alternate.
> + * If you have no better source, or if one fails,
> + * fall back to get_xtea_long()
This isn't quite right. First of all arch_get_random is as much a
hardware RNG as a arch_get_random_seed. So trying to distinguish the
two here is confusing and blurs what is going on.
Secondly, arch_get_random_seed, on those platforms that have it, is
strictly better than arch_get_random. It takes more CPU cycles, and
has different security properties[1], but there's no good reason to
add complexity to alternate between the two.
[1] "RDSEED is intended for seeding a software PRNG of arbitrary
width. RDRAND is intended for applications that merely require
high-quality random numbers." --- Intel documentation
Finally, arch_get_random_seed and arch_get_random work in VM's, so
talking about "emulating HWRNG in a VM" doesn't make any sense. And
as I've mentioned in my comment on the previous patch, using a CRNG to
help seed a CRNG doesn't make any sense, and isn't worth the extra
complexity.
Also, note that as the code is currently situated there isn't any
extra "work" if CONFIG_ARCH_RANDOM is disabled. That's because
config_get_random_seed and friends are inline functions, and if it is
disabled, it will return false unconditionally, and the compiler will
optimize away the call. Also, note that on CPU architectures which
have CPU instructions ala RDREAD and RDSEED, it's rarely disabled
since it's on by default and to disable it you need to be in
CONFIG_EXPERT mode.
Cheers,
- Ted
prev parent reply other threads:[~2022-02-10 15:42 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-10 14:41 [PATCH 3/4] random: get_source_long() function Sandy Harris
2022-02-10 14:55 ` Greg Kroah-Hartman
2022-02-10 15:42 ` Theodore Ts'o [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YgUydpc+ftvl7Y6+@mit.edu \
--to=tytso@mit.edu \
--cc=Jason@zx2c4.com \
--cc=gregkh@linuxfoundation.org \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=sandyinchina@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).