Re: [PATCH 1/6] crypto: DRBG - prepare for more fine-grained tracking of seeding state

From: Stephan Müller
Date: Tue Oct 26 2021 - 04:37:40 EST

Next message: Dmitry Osipenko: "Re: linux-next: Tree for Oct 25"
Previous message: Stephan Müller: "Re: [PATCH 0/6] crypto: DRBG - improve 'nopr' reseeding"
In reply to: Nicolai Stange: "[PATCH 1/6] crypto: DRBG - prepare for more fine-grained tracking of seeding state"
Next in thread: Nicolai Stange: "[PATCH 2/6] crypto: DRBG - track whether DRBG was seeded with !rng_is_initialized()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Am Montag, 25. Oktober 2021, 11:25:20 CEST schrieb Nicolai Stange:

Hi Nicolai,

> There are two different randomness sources the DRBGs are getting seeded
> from, namely the jitterentropy source (if enabled) and get_random_bytes().
> At initial DRBG seeding time during boot, the latter might not have
> collected sufficient entropy for seeding itself yet and thus, the DRBG
> implementation schedules a reseed work from a random_ready_callback once
> that has happened. This is particularly important for the !->pr DRBG
> instances, for which (almost) no further reseeds are getting triggered
> during their lifetime.
>
> Because collecting data from the jitterentropy source is a rather expensive
> operation, the aforementioned asynchronously scheduled reseed work
> restricts itself to get_random_bytes() only. That is, it in some sense
> amends the initial DRBG seed derived from jitterentropy output at full
> (estimated) entropy with fresh randomness obtained from get_random_bytes()
> once that has been seeded with sufficient entropy itself.
>
> With the advent of rng_is_initialized(), there is no real need for doing
> the reseed operation from an asynchronously scheduled work anymore and a
> subsequent patch will make it synchronous by moving it next to related
> logic already present in drbg_generate().
>
> However, for tracking whether a full reseed including the jitterentropy
> source is required or a "partial" reseed involving only get_random_bytes()
> would be sufficient already, the boolean struct drbg_state's ->seeded
> member must become a tristate value.
>
> Prepare for this by introducing the new enum drbg_seed_state and change
> struct drbg_state's ->seeded member's type from bool to that type.
>
> For facilitating review, enum drbg_seed_state is made to only contain
> two members corresponding to the former ->seeded values of false and true
> resp. at this point: DRBG_SEED_STATE_UNSEEDED and DRBG_SEED_STATE_FULL. A
> third one for tracking the intermediate state of "seeded from jitterentropy
> only" will be introduced with a subsequent patch.
>
> There is no change in behaviour at this point.
>
> Signed-off-by: Nicolai Stange <nstange@xxxxxxx>

Reviewed-by: Stephan Müller <smueller@xxxxxxxxxx>

Ciao
Stephan

Next message: Dmitry Osipenko: "Re: linux-next: Tree for Oct 25"
Previous message: Stephan Müller: "Re: [PATCH 0/6] crypto: DRBG - improve 'nopr' reseeding"
In reply to: Nicolai Stange: "[PATCH 1/6] crypto: DRBG - prepare for more fine-grained tracking of seeding state"
Next in thread: Nicolai Stange: "[PATCH 2/6] crypto: DRBG - track whether DRBG was seeded with !rng_is_initialized()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]