Re: [PATCH 0/6] crypto: DRBG - improve 'nopr' reseeding

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Nicolai Stange <nstange@suse.de>
To: "Stephan Müller" <smueller@chronox.de>
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
	"David S. Miller" <davem@davemloft.net>,
	Nicolai Stange <nstange@suse.de>, Torsten Duwe <duwe@suse.de>,
	linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 0/6] crypto: DRBG - improve 'nopr' reseeding
Date: Wed, 27 Oct 2021 10:40:12 +0200	[thread overview]
Message-ID: <87zgqurhcj.fsf@suse.de> (raw)
In-Reply-To: <2120606.3HGXcN3vsr@positron.chronox.de> ("Stephan \=\?utf-8\?Q\?M\=C3\=BCller\=22's\?\= message of "Tue, 26 Oct 2021 10:33:05 +0200")

Hi Stephan,

first of all, many thanks for your prompt review!

Stephan Müller <smueller@chronox.de> writes:

> Am Montag, 25. Oktober 2021, 11:25:19 CEST schrieb Nicolai Stange:
>
>
>> - Replace the asynchronous random_ready_callback based DRBG reseeding
>>   logic with a synchronous solution leveraging rng_is_initialized().
>
> Could you please help me why replacing an async method with a sync method is 
> helpful? Which problems do you see with the async method that are alleviated 
> with the swtich to the sync method? In general, an async method is more 
> powerful, though it requires a bit more code.

There is no problem with the async method (*), I just don't see any
advantage over the less complex approach of doing all reseeding
work synchronously from drbg_generate().

Before the change, there had been two sites taking care of reseeding:
the drbg_async_seed() work handler scheduled from the
random_ready_callback and drbg_generate().

After the change, all reseeding is handled at a single place only, namely
drbg_generate(), which, in my opinion, makes it easier to reason about.
In particular, in preparation for patch 6/6 from this series introducing
yet another condition for triggering a reseed...

Thanks,

Nicolai

(*) Except for that a wait_for_random_bytes() issued by DRBG users won't
    give any guarantees with respect to a subsequent drbg_generate()
    operation, c.f. my other mail in reply to your review on 3/6 I'm
    about to write in a second. As of now, there aren't any DRBG users
    invoking wait_for_random_bytes(), but one might perhaps consider
    changing that in the future.

>>   This
>>   move simplifies the code IMO and, as a side-effect, would enable DRBG
>>   users to rely on wait_for_random_bytes() to sync properly with
>>   drbg_generate(), if desired. Implemented by patches 1-5/6.
>> - Make the 'nopr' DRBGs to reseed themselves every 5min from
>>   get_random_bytes(). This achieves at least kind of a partial prediction
>>   resistance over the time domain at almost no extra cost. Implemented
>>   by patch 6/6, the preceding patches in this series are a prerequisite
>>   for this.

-- 
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
(HRB 36809, AG Nürnberg), GF: Felix Imendörffer

next prev parent reply	other threads:[~2021-10-27  8:40 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-10-25  9:25 [PATCH 0/6] crypto: DRBG - improve 'nopr' reseeding Nicolai Stange
2021-10-25  9:25 ` [PATCH 1/6] crypto: DRBG - prepare for more fine-grained tracking of seeding state Nicolai Stange
2021-10-26  8:37   ` Stephan Müller
2021-10-25  9:25 ` [PATCH 2/6] crypto: DRBG - track whether DRBG was seeded with !rng_is_initialized() Nicolai Stange
2021-10-26  8:41   ` Stephan Müller
2021-10-25  9:25 ` [PATCH 3/6] crypto: DRBG - move dynamic ->reseed_threshold adjustments to __drbg_seed() Nicolai Stange
2021-10-26  9:05   ` Stephan Müller
2021-10-25  9:25 ` [PATCH 4/6] crypto: DRBG - make reseeding from get_random_bytes() synchronous Nicolai Stange
2021-10-26  9:19   ` Stephan Müller
2021-10-27  9:19     ` Nicolai Stange
2021-10-27 18:44       ` Stephan Müller
2021-10-25  9:25 ` [PATCH 5/6] crypto: DRBG - make drbg_prepare_hrng() handle jent instantiation errors Nicolai Stange
2021-10-26  9:19   ` Stephan Müller
2021-10-25  9:25 ` [PATCH 6/6] crypto: DRBG - reseed 'nopr' drbgs periodically from get_random_bytes() Nicolai Stange
2021-10-26  9:33   ` Stephan Müller
2021-10-26  8:33 ` [PATCH 0/6] crypto: DRBG - improve 'nopr' reseeding Stephan Müller
2021-10-27  8:40   ` Nicolai Stange [this message]
2021-10-27 18:43     ` Stephan Müller

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87zgqurhcj.fsf@suse.de \
    --to=nstange@suse.de \
    --cc=davem@davemloft.net \
    --cc=duwe@suse.de \
    --cc=herbert@gondor.apana.org.au \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=smueller@chronox.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox