Message ID | 6341883.UacF4FzDma@positron.chronox.de (mailing list archive) |
---|---|
State | Not Applicable |
Delegated to: | Herbert Xu |
Headers | show |
Series | /dev/random - a new approach with full SP800-90B | expand |
Hi, On 1/9/20 12:34 AM, Stephan Müller wrote: > --- > drivers/char/lrng/Kconfig | 11 +++++ > drivers/char/lrng/Makefile | 1 + > drivers/char/lrng/lrng_jent.c | 87 +++++++++++++++++++++++++++++++++++ > 3 files changed, 99 insertions(+) > create mode 100644 drivers/char/lrng/lrng_jent.c > > diff --git a/drivers/char/lrng/lrng_jent.c b/drivers/char/lrng/lrng_jent.c > new file mode 100644 > index 000000000000..97c0d192e9c8 > --- /dev/null > +++ b/drivers/char/lrng/lrng_jent.c > @@ -0,0 +1,87 @@ > +// SPDX-License-Identifier: GPL-2.0 OR BSD-2-Clause > +/* > + * LRNG Fast Noise Source: Jitter RNG > + * > + * Copyright (C) 2016 - 2020, Stephan Mueller <smueller@chronox.de> > + */ > + > +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt > + > +#include <linux/types.h> > +#include <crypto/internal/jitterentropy.h> > + > +#include "lrng_internal.h" > + > +/* > + * Estimated entropy of data is a 16th of LRNG_DRNG_SECURITY_STRENGTH_BITS. > + * Albeit a full entropy assessment is provided for the noise source indicating > + * that it provides high entropy rates and considering that it deactivates > + * when it detects insufficient hardware, the chosen under estimation of > + * entropy is considered to be acceptable to all reviewers. > + */ > +static u32 jitterrng = LRNG_DRNG_SECURITY_STRENGTH_BITS>>4; > +module_param(jitterrng, uint, 0644); > +MODULE_PARM_DESC(jitterrng, "Entropy in bits of 256 data bits from Jitter " > + "RNG noise source"); > + > +/** > + * Get Jitter RNG entropy > + * > + * @outbuf buffer to store entropy > + * @outbuflen length of buffer > + * @return > 0 on success where value provides the added entropy in bits > + * 0 if no fast source was available > + */ Don't begin the comment block with /** or convert it to Linux kernel-doc notation format. > +static struct rand_data *lrng_jent_state; > + > +u32 lrng_get_jent(u8 *outbuf, unsigned int outbuflen) > +{ > + int ret; > + u32 ent_bits = jitterrng; > + unsigned long flags; > + static DEFINE_SPINLOCK(lrng_jent_lock); > + static int lrng_jent_initialized = 0; > + > + spin_lock_irqsave(&lrng_jent_lock, flags); > + > + if (!ent_bits || (lrng_jent_initialized == -1)) { > + spin_unlock_irqrestore(&lrng_jent_lock, flags); > + return 0; > + } > + > + if (!lrng_jent_initialized) { > + lrng_jent_state = jent_lrng_entropy_collector(); > + if (!lrng_jent_state) { > + jitterrng = 0; > + lrng_jent_initialized = -1; > + spin_unlock_irqrestore(&lrng_jent_lock, flags); > + pr_info("Jitter RNG unusable on current system\n"); > + return 0; > + } > + lrng_jent_initialized = 1; > + pr_debug("Jitter RNG working on current system\n"); > + } > + ret = jent_read_entropy(lrng_jent_state, outbuf, outbuflen); > + spin_unlock_irqrestore(&lrng_jent_lock, flags); > + > + if (ret) { > + pr_debug("Jitter RNG failed with %d\n", ret); > + return 0; > + } > + > + /* Obtain entropy statement */ > + if (outbuflen != LRNG_DRNG_SECURITY_STRENGTH_BYTES) > + ent_bits = (ent_bits * outbuflen<<3) / > + LRNG_DRNG_SECURITY_STRENGTH_BITS; > + /* Cap entropy to buffer size in bits */ > + ent_bits = min_t(u32, ent_bits, outbuflen<<3); > + pr_debug("obtained %u bits of entropy from Jitter RNG noise source\n", > + ent_bits); > + > + return ent_bits; > +} > + > +u32 lrng_jent_entropylevel(void) > +{ > + return min_t(u32, jitterrng, LRNG_DRNG_SECURITY_STRENGTH_BITS); > +} > thanks.
Am Freitag, 10. Januar 2020, 01:24:47 CET schrieb Randy Dunlap: Hi Randy, > Hi, > > On 1/9/20 12:34 AM, Stephan Müller wrote: > > --- > > > > drivers/char/lrng/Kconfig | 11 +++++ > > drivers/char/lrng/Makefile | 1 + > > drivers/char/lrng/lrng_jent.c | 87 +++++++++++++++++++++++++++++++++++ > > 3 files changed, 99 insertions(+) > > create mode 100644 drivers/char/lrng/lrng_jent.c > > > > diff --git a/drivers/char/lrng/lrng_jent.c b/drivers/char/lrng/lrng_jent.c > > new file mode 100644 > > index 000000000000..97c0d192e9c8 > > --- /dev/null > > +++ b/drivers/char/lrng/lrng_jent.c > > @@ -0,0 +1,87 @@ > > +// SPDX-License-Identifier: GPL-2.0 OR BSD-2-Clause > > +/* > > + * LRNG Fast Noise Source: Jitter RNG > > + * > > + * Copyright (C) 2016 - 2020, Stephan Mueller <smueller@chronox.de> > > + */ > > + > > +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt > > + > > +#include <linux/types.h> > > +#include <crypto/internal/jitterentropy.h> > > + > > +#include "lrng_internal.h" > > + > > +/* > > + * Estimated entropy of data is a 16th of > > LRNG_DRNG_SECURITY_STRENGTH_BITS. + * Albeit a full entropy assessment is > > provided for the noise source indicating + * that it provides high > > entropy rates and considering that it deactivates + * when it detects > > insufficient hardware, the chosen under estimation of + * entropy is > > considered to be acceptable to all reviewers. > > + */ > > +static u32 jitterrng = LRNG_DRNG_SECURITY_STRENGTH_BITS>>4; > > +module_param(jitterrng, uint, 0644); > > +MODULE_PARM_DESC(jitterrng, "Entropy in bits of 256 data bits from Jitter > > " + "RNG noise source"); > > + > > +/** > > + * Get Jitter RNG entropy > > + * > > + * @outbuf buffer to store entropy > > + * @outbuflen length of buffer > > + * @return > 0 on success where value provides the added entropy in bits > > + * 0 if no fast source was available > > + */ > > Don't begin the comment block with /** > or convert it to Linux kernel-doc notation format. Yes, the colons are missing and there is no @return. It will be fixed with the next patch set. Thank you. > > > +static struct rand_data *lrng_jent_state; > > + > > +u32 lrng_get_jent(u8 *outbuf, unsigned int outbuflen) > > +{ > > + int ret; > > + u32 ent_bits = jitterrng; > > + unsigned long flags; > > + static DEFINE_SPINLOCK(lrng_jent_lock); > > + static int lrng_jent_initialized = 0; > > + > > + spin_lock_irqsave(&lrng_jent_lock, flags); > > + > > + if (!ent_bits || (lrng_jent_initialized == -1)) { > > + spin_unlock_irqrestore(&lrng_jent_lock, flags); > > + return 0; > > + } > > + > > + if (!lrng_jent_initialized) { > > + lrng_jent_state = jent_lrng_entropy_collector(); > > + if (!lrng_jent_state) { > > + jitterrng = 0; > > + lrng_jent_initialized = -1; > > + spin_unlock_irqrestore(&lrng_jent_lock, flags); > > + pr_info("Jitter RNG unusable on current system\n"); > > + return 0; > > + } > > + lrng_jent_initialized = 1; > > + pr_debug("Jitter RNG working on current system\n"); > > + } > > + ret = jent_read_entropy(lrng_jent_state, outbuf, outbuflen); > > + spin_unlock_irqrestore(&lrng_jent_lock, flags); > > + > > + if (ret) { > > + pr_debug("Jitter RNG failed with %d\n", ret); > > + return 0; > > + } > > + > > + /* Obtain entropy statement */ > > + if (outbuflen != LRNG_DRNG_SECURITY_STRENGTH_BYTES) > > + ent_bits = (ent_bits * outbuflen<<3) / > > + LRNG_DRNG_SECURITY_STRENGTH_BITS; > > + /* Cap entropy to buffer size in bits */ > > + ent_bits = min_t(u32, ent_bits, outbuflen<<3); > > + pr_debug("obtained %u bits of entropy from Jitter RNG noise source\n", > > + ent_bits); > > + > > + return ent_bits; > > +} > > + > > +u32 lrng_jent_entropylevel(void) > > +{ > > + return min_t(u32, jitterrng, LRNG_DRNG_SECURITY_STRENGTH_BITS); > > +} > > thanks. Ciao Stephan
diff --git a/drivers/char/lrng/Kconfig b/drivers/char/lrng/Kconfig index 0d070a3897dd..10b7cbdb8c8e 100644 --- a/drivers/char/lrng/Kconfig +++ b/drivers/char/lrng/Kconfig @@ -92,4 +92,15 @@ config LRNG_KCAPI provided by the selected kernel crypto API RNG. endif # LRNG_DRNG_SWITCH +config LRNG_JENT + bool "Enable Jitter RNG as LRNG Seed Source" + select CRYPTO_JITTERENTROPY + help + The Linux RNG may use the Jitter RNG as noise source. Enabling + this option enables the use of the Jitter RNG. Its default + entropy level is 16 bits of entropy per 256 data bits delivered + by the Jitter RNG. This entropy level can be changed at boot + time or at runtime with the lrng_base.jitterrng configuration + variable. + endif # LRNG diff --git a/drivers/char/lrng/Makefile b/drivers/char/lrng/Makefile index 94b2dfb2dfdb..4f5b6f38f0c4 100644 --- a/drivers/char/lrng/Makefile +++ b/drivers/char/lrng/Makefile @@ -13,3 +13,4 @@ obj-$(CONFIG_SYSCTL) += lrng_proc.o obj-$(CONFIG_LRNG_DRNG_SWITCH) += lrng_switch.o obj-$(CONFIG_LRNG_DRBG) += lrng_drbg.o obj-$(CONFIG_LRNG_KCAPI) += lrng_kcapi.o +obj-$(CONFIG_LRNG_JENT) += lrng_jent.o diff --git a/drivers/char/lrng/lrng_jent.c b/drivers/char/lrng/lrng_jent.c new file mode 100644 index 000000000000..97c0d192e9c8 --- /dev/null +++ b/drivers/char/lrng/lrng_jent.c @@ -0,0 +1,87 @@ +// SPDX-License-Identifier: GPL-2.0 OR BSD-2-Clause +/* + * LRNG Fast Noise Source: Jitter RNG + * + * Copyright (C) 2016 - 2020, Stephan Mueller <smueller@chronox.de> + */ + +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt + +#include <linux/types.h> +#include <crypto/internal/jitterentropy.h> + +#include "lrng_internal.h" + +/* + * Estimated entropy of data is a 16th of LRNG_DRNG_SECURITY_STRENGTH_BITS. + * Albeit a full entropy assessment is provided for the noise source indicating + * that it provides high entropy rates and considering that it deactivates + * when it detects insufficient hardware, the chosen under estimation of + * entropy is considered to be acceptable to all reviewers. + */ +static u32 jitterrng = LRNG_DRNG_SECURITY_STRENGTH_BITS>>4; +module_param(jitterrng, uint, 0644); +MODULE_PARM_DESC(jitterrng, "Entropy in bits of 256 data bits from Jitter " + "RNG noise source"); + +/** + * Get Jitter RNG entropy + * + * @outbuf buffer to store entropy + * @outbuflen length of buffer + * @return > 0 on success where value provides the added entropy in bits + * 0 if no fast source was available + */ +static struct rand_data *lrng_jent_state; + +u32 lrng_get_jent(u8 *outbuf, unsigned int outbuflen) +{ + int ret; + u32 ent_bits = jitterrng; + unsigned long flags; + static DEFINE_SPINLOCK(lrng_jent_lock); + static int lrng_jent_initialized = 0; + + spin_lock_irqsave(&lrng_jent_lock, flags); + + if (!ent_bits || (lrng_jent_initialized == -1)) { + spin_unlock_irqrestore(&lrng_jent_lock, flags); + return 0; + } + + if (!lrng_jent_initialized) { + lrng_jent_state = jent_lrng_entropy_collector(); + if (!lrng_jent_state) { + jitterrng = 0; + lrng_jent_initialized = -1; + spin_unlock_irqrestore(&lrng_jent_lock, flags); + pr_info("Jitter RNG unusable on current system\n"); + return 0; + } + lrng_jent_initialized = 1; + pr_debug("Jitter RNG working on current system\n"); + } + ret = jent_read_entropy(lrng_jent_state, outbuf, outbuflen); + spin_unlock_irqrestore(&lrng_jent_lock, flags); + + if (ret) { + pr_debug("Jitter RNG failed with %d\n", ret); + return 0; + } + + /* Obtain entropy statement */ + if (outbuflen != LRNG_DRNG_SECURITY_STRENGTH_BYTES) + ent_bits = (ent_bits * outbuflen<<3) / + LRNG_DRNG_SECURITY_STRENGTH_BITS; + /* Cap entropy to buffer size in bits */ + ent_bits = min_t(u32, ent_bits, outbuflen<<3); + pr_debug("obtained %u bits of entropy from Jitter RNG noise source\n", + ent_bits); + + return ent_bits; +} + +u32 lrng_jent_entropylevel(void) +{ + return min_t(u32, jitterrng, LRNG_DRNG_SECURITY_STRENGTH_BITS); +}