Re: [PATCH v25 10/12] LRNG - add TRNG support

From: Alexander E. Patrakov
Date: Wed Nov 20 2019 - 04:55:56 EST

Next message: Jiasen Lin: "Re: [PATCH] NTB: Fix an error in get link status"
Previous message: Luis Henriques: "Re: [RFC PATCH v3] ceph: add new obj copy OSD Op"
In reply to: Stephan Müller: "Re: [PATCH v25 10/12] LRNG - add TRNG support"
Next in thread: Greg Kroah-Hartman: "Re: [PATCH v25 10/12] LRNG - add TRNG support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

20.11.2019 13:58, Stephan MÃller ÐÐÑÐÑ:

Or another idea and apologies if I restart this conversation as there was
already a discussion around it: what about extending the getrandom(2) call
instead of adding a device file?

What about adding yet another flag to getrandom: GRND_TRUERANDOM and process
it as follows:

if (flags & ~(GRND_NONBLOCK|GRND_RANDOM|GRND_INSECURE|
GRND_TRUERANDOM))
return -EINVAL;

//From Andy's tree
/*
* Requesting insecure and blocking randomness at the same time makes
* no sense.
*/
if ((flags & (GRND_INSECURE|GRND_RANDOM)) == (GRND_INSECURE|
GRND_RANDOM))
return -EINVAL;

/* We only allow GRND_TRUERANDOM by itself or with NONBLOCK */
if (! ((flags & GRND_TRUERANDOM) &&
((flags == GRND_TRUERANDOM) ||
(flags == GRND_TRUERANDOM | GRND_NONBLOCK))))
return -EINVAL;

if (flags & GRND_TRUERANDOM) {
... do the TRNG processing ...
... may return -ENOPNOTSUPP if no TRNG available ...
}

This would totally miss the point of adding a device node: UNIX permissions that don't allow "others" to read and deplete "true" random numbers.

--
Alexander E. Patrakov

Next message: Jiasen Lin: "Re: [PATCH] NTB: Fix an error in get link status"
Previous message: Luis Henriques: "Re: [RFC PATCH v3] ceph: add new obj copy OSD Op"
In reply to: Stephan Müller: "Re: [PATCH v25 10/12] LRNG - add TRNG support"
Next in thread: Greg Kroah-Hartman: "Re: [PATCH v25 10/12] LRNG - add TRNG support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]