Re: [PATCH v2 0/6] crypto: DRBG - improve 'nopr' reseeding

From: Herbert Xu
Date: Fri Nov 26 2021 - 00:33:17 EST


On Mon, Nov 15, 2021 at 03:18:03PM +0100, Nicolai Stange wrote:
> Hi all,
>
> v1 can be found here:
>
> https://lore.kernel.org/r/20211025092525.12805-1-nstange@xxxxxxx
>
> The changes between v1 and v2 are summarized below.
>
>
> Cover letter reproduced 1:1 from v1:
>
> This patchset aims at (hopefully) improving the DRBG code related to
> reseeding from get_random_bytes() a bit:
> - Replace the asynchronous random_ready_callback based DRBG reseeding
> logic with a synchronous solution leveraging rng_is_initialized(). This
> move simplifies the code IMO and, as a side-effect, would enable DRBG
> users to rely on wait_for_random_bytes() to sync properly with
> drbg_generate(), if desired. Implemented by patches 1-5/6.
> - Make the 'nopr' DRBGs to reseed themselves every 5min from
> get_random_bytes(). This achieves at least kind of a partial prediction
> resistance over the time domain at almost no extra cost. Implemented
> by patch 6/6, the preceding patches in this series are a prerequisite
> for this.
>
> Tested with and without fips_enabled in a x86_64 VM, both with
> random.trust_cpu=on and off. As confirmed with a couple of debugging
> printks() (added for testing only, not included in this series), DRBGs
> have been instantiated with and without rng_is_initialized() evaluating
> to true each during my tests and the patched DRBG reseeding code worked as
> intended in either case.
>
> Applies to current herbert/cryptodev-2.6.git master.
>
>
> Changes between v1 and v2:
> - 4/6: remove redundant goto statement, spotted by Stephan.
>
> For the unmodified rest, I added Stephan's Reviewed-bys he granted in
> reply to v1.
>
> Many thanks for your comments and remarks!
>
> Nicolai
>
> Nicolai Stange (6):
> crypto: DRBG - prepare for more fine-grained tracking of seeding state
> crypto: DRBG - track whether DRBG was seeded with
> !rng_is_initialized()
> crypto: DRBG - move dynamic ->reseed_threshold adjustments to
> __drbg_seed()
> crypto: DRBG - make reseeding from get_random_bytes() synchronous
> crypto: DRBG - make drbg_prepare_hrng() handle jent instantiation
> errors
> crypto: DRBG - reseed 'nopr' drbgs periodically from
> get_random_bytes()
>
> crypto/drbg.c | 143 +++++++++++++++++++++---------------------
> include/crypto/drbg.h | 11 +++-
> 2 files changed, 80 insertions(+), 74 deletions(-)

All applied. Thanks.
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt