[v27,09/12] LRNG - add Jitter RNG fast noise source

Message ID	6341883.UacF4FzDma@positron.chronox.de (mailing list archive)
State	Not Applicable
Delegated to:	Herbert Xu
Headers	show Return-Path: <SRS0=LmLS=26=vger.kernel.org=linux-crypto-owner@kernel.org> From: Stephan =?iso-8859-1?q?M=FCller?= <smueller@chronox.de> To: Arnd Bergmann <arnd@arndb.de> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>, linux-crypto@vger.kernel.org, LKML <linux-kernel@vger.kernel.org>, linux-api@vger.kernel.org, "Eric W. Biederman" <ebiederm@xmission.com>, "Alexander E. Patrakov" <patrakov@gmail.com>, "Ahmed S. Darwish" <darwish.07@gmail.com>, "Theodore Y. Ts'o" <tytso@mit.edu>, Willy Tarreau <w@1wt.eu>, Matthew Garrett <mjg59@srcf.ucam.org>, Vito Caputo <vcaputo@pengaru.com>, Andreas Dilger <adilger.kernel@dilger.ca>, Jan Kara <jack@suse.cz>, Ray Strode <rstrode@redhat.com>, William Jon McCann <mccann@jhu.edu>, zhangjs <zachary@baishancloud.com>, Andy Lutomirski <luto@kernel.org>, Florian Weimer <fweimer@redhat.com>, Lennart Poettering <mzxreary@0pointer.de>, Nicolai Stange <nstange@suse.de>, "Peter, Matthias" <matthias.peter@bsi.bund.de>, Marcelo Henrique Cerri <marcelo.cerri@canonical.com>, Roman Drahtmueller <draht@schaltsekun.de>, Neil Horman <nhorman@redhat.com>, Randy Dunlap <rdunlap@infradead.org>, Julia Lawall <julia.lawall@inria.fr> Subject: [PATCH v27 09/12] LRNG - add Jitter RNG fast noise source Date: Thu, 09 Jan 2020 09:34:15 +0100 Message-ID: <6341883.UacF4FzDma@positron.chronox.de> In-Reply-To: <2641155.iNH938UiKq@positron.chronox.de> References: <6157374.ptSnyUpaCn@positron.chronox.de> <2722222.P16TYeLAVu@positron.chronox.de> <2641155.iNH938UiKq@positron.chronox.de> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="iso-8859-1" Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk
Series	/dev/random - a new approach with full SP800-90B \| expand [v27,00/12] /dev/random - a new approach with full SP800-90B [v27,01/12] Linux Random Number Generator [v27,02/12] LRNG - allocate one DRNG instance per NUMA node [v27,03/12] LRNG - sysctls and /proc interface [v27,04/12] LRNG - add switchable DRNG support [v27,05/12] crypto: DRBG - externalize DRBG functions for LRNG [v27,06/12] LRNG - add SP800-90A DRBG extension [v27,07/12] LRNG - add kernel crypto API PRNG extension [v27,08/12] crypto: provide access to a static Jitter RNG state [v27,09/12] LRNG - add Jitter RNG fast noise source [v27,10/12] LRNG - add SP800-90B compliant health tests [v27,11/12] LRNG - add interface for gathering of raw entropy [v27,12/12] LRNG - add power-on and runtime self-tests

Message ID

6341883.UacF4FzDma@positron.chronox.de (mailing list archive)

State

Not Applicable

Delegated to:

Herbert Xu

Headers

From: Stephan =?iso-8859-1?q?M=FCller?= <smueller@chronox.de>
To: Arnd Bergmann <arnd@arndb.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        linux-crypto@vger.kernel.org, LKML <linux-kernel@vger.kernel.org>,
        linux-api@vger.kernel.org,
        "Eric W. Biederman" <ebiederm@xmission.com>,
        "Alexander E. Patrakov" <patrakov@gmail.com>,
        "Ahmed S. Darwish" <darwish.07@gmail.com>,
        "Theodore Y. Ts'o" <tytso@mit.edu>, Willy Tarreau <w@1wt.eu>,
        Matthew Garrett <mjg59@srcf.ucam.org>,
        Vito Caputo <vcaputo@pengaru.com>,
        Andreas Dilger <adilger.kernel@dilger.ca>,
        Jan Kara <jack@suse.cz>, Ray Strode <rstrode@redhat.com>,
        William Jon McCann <mccann@jhu.edu>,
        zhangjs <zachary@baishancloud.com>,
        Andy Lutomirski <luto@kernel.org>,
        Florian Weimer <fweimer@redhat.com>,
        Lennart Poettering <mzxreary@0pointer.de>,
        Nicolai Stange <nstange@suse.de>,
        "Peter, Matthias" <matthias.peter@bsi.bund.de>,
        Marcelo Henrique Cerri <marcelo.cerri@canonical.com>,
        Roman Drahtmueller <draht@schaltsekun.de>,
        Neil Horman <nhorman@redhat.com>,
        Randy Dunlap <rdunlap@infradead.org>,
        Julia Lawall <julia.lawall@inria.fr>
Subject: [PATCH v27 09/12] LRNG - add Jitter RNG fast noise source
Date: Thu, 09 Jan 2020 09:34:15 +0100
Message-ID: <6341883.UacF4FzDma@positron.chronox.de>
In-Reply-To: <2641155.iNH938UiKq@positron.chronox.de>
References: <6157374.ptSnyUpaCn@positron.chronox.de>
 <2722222.P16TYeLAVu@positron.chronox.de>
 <2641155.iNH938UiKq@positron.chronox.de>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="iso-8859-1"
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk

Series

/dev/random - a new approach with full SP800-90B | expand

Commit Message

Stephan Mueller Jan. 9, 2020, 8:34 a.m. UTC

The Jitter RNG fast noise source implemented as part of the kernel
crypto API is queried for 256 bits of entropy at the time the seed
buffer managed by the LRNG is about to be filled.

CC: "Eric W. Biederman" <ebiederm@xmission.com>
CC: "Alexander E. Patrakov" <patrakov@gmail.com>
CC: "Ahmed S. Darwish" <darwish.07@gmail.com>
CC: "Theodore Y. Ts'o" <tytso@mit.edu>
CC: Willy Tarreau <w@1wt.eu>
CC: Matthew Garrett <mjg59@srcf.ucam.org>
CC: Vito Caputo <vcaputo@pengaru.com>
CC: Andreas Dilger <adilger.kernel@dilger.ca>
CC: Jan Kara <jack@suse.cz>
CC: Ray Strode <rstrode@redhat.com>
CC: William Jon McCann <mccann@jhu.edu>
CC: zhangjs <zachary@baishancloud.com>
CC: Andy Lutomirski <luto@kernel.org>
CC: Florian Weimer <fweimer@redhat.com>
CC: Lennart Poettering <mzxreary@0pointer.de>
CC: Nicolai Stange <nstange@suse.de>
Reviewed-by: Marcelo Henrique Cerri <marcelo.cerri@canonical.com>
Reviewed-by: Roman Drahtmueller <draht@schaltsekun.de>
Tested-by: Roman Drahtmüller <draht@schaltsekun.de>
Tested-by: Marcelo Henrique Cerri <marcelo.cerri@canonical.com>
Tested-by: Neil Horman <nhorman@redhat.com>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
 drivers/char/lrng/Kconfig     | 11 +++++
 drivers/char/lrng/Makefile    |  1 +
 drivers/char/lrng/lrng_jent.c | 87 +++++++++++++++++++++++++++++++++++
 3 files changed, 99 insertions(+)
 create mode 100644 drivers/char/lrng/lrng_jent.c

Comments

Randy Dunlap Jan. 10, 2020, 12:24 a.m. UTC | #1

Hi,

On 1/9/20 12:34 AM, Stephan Müller wrote:

> ---
>  drivers/char/lrng/Kconfig     | 11 +++++
>  drivers/char/lrng/Makefile    |  1 +
>  drivers/char/lrng/lrng_jent.c | 87 +++++++++++++++++++++++++++++++++++
>  3 files changed, 99 insertions(+)
>  create mode 100644 drivers/char/lrng/lrng_jent.c
> 

> diff --git a/drivers/char/lrng/lrng_jent.c b/drivers/char/lrng/lrng_jent.c
> new file mode 100644
> index 000000000000..97c0d192e9c8
> --- /dev/null
> +++ b/drivers/char/lrng/lrng_jent.c
> @@ -0,0 +1,87 @@
> +// SPDX-License-Identifier: GPL-2.0 OR BSD-2-Clause
> +/*
> + * LRNG Fast Noise Source: Jitter RNG
> + *
> + * Copyright (C) 2016 - 2020, Stephan Mueller <smueller@chronox.de>
> + */
> +
> +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> +
> +#include <linux/types.h>
> +#include <crypto/internal/jitterentropy.h>
> +
> +#include "lrng_internal.h"
> +
> +/*
> + * Estimated entropy of data is a 16th of LRNG_DRNG_SECURITY_STRENGTH_BITS.
> + * Albeit a full entropy assessment is provided for the noise source indicating
> + * that it provides high entropy rates and considering that it deactivates
> + * when it detects insufficient hardware, the chosen under estimation of
> + * entropy is considered to be acceptable to all reviewers.
> + */
> +static u32 jitterrng = LRNG_DRNG_SECURITY_STRENGTH_BITS>>4;
> +module_param(jitterrng, uint, 0644);
> +MODULE_PARM_DESC(jitterrng, "Entropy in bits of 256 data bits from Jitter "
> +			    "RNG noise source");
> +
> +/**
> + * Get Jitter RNG entropy
> + *
> + * @outbuf buffer to store entropy
> + * @outbuflen length of buffer
> + * @return > 0 on success where value provides the added entropy in bits
> + *	   0 if no fast source was available
> + */

Don't begin the comment block with /**
or convert it to Linux kernel-doc notation format.

> +static struct rand_data *lrng_jent_state;
> +
> +u32 lrng_get_jent(u8 *outbuf, unsigned int outbuflen)
> +{
> +	int ret;
> +	u32 ent_bits = jitterrng;
> +	unsigned long flags;
> +	static DEFINE_SPINLOCK(lrng_jent_lock);
> +	static int lrng_jent_initialized = 0;
> +
> +	spin_lock_irqsave(&lrng_jent_lock, flags);
> +
> +	if (!ent_bits || (lrng_jent_initialized == -1)) {
> +		spin_unlock_irqrestore(&lrng_jent_lock, flags);
> +		return 0;
> +	}
> +
> +	if (!lrng_jent_initialized) {
> +		lrng_jent_state = jent_lrng_entropy_collector();
> +		if (!lrng_jent_state) {
> +			jitterrng = 0;
> +			lrng_jent_initialized = -1;
> +			spin_unlock_irqrestore(&lrng_jent_lock, flags);
> +			pr_info("Jitter RNG unusable on current system\n");
> +			return 0;
> +		}
> +		lrng_jent_initialized = 1;
> +		pr_debug("Jitter RNG working on current system\n");
> +	}
> +	ret = jent_read_entropy(lrng_jent_state, outbuf, outbuflen);
> +	spin_unlock_irqrestore(&lrng_jent_lock, flags);
> +
> +	if (ret) {
> +		pr_debug("Jitter RNG failed with %d\n", ret);
> +		return 0;
> +	}
> +
> +	/* Obtain entropy statement */
> +	if (outbuflen != LRNG_DRNG_SECURITY_STRENGTH_BYTES)
> +		ent_bits = (ent_bits * outbuflen<<3) /
> +			   LRNG_DRNG_SECURITY_STRENGTH_BITS;
> +	/* Cap entropy to buffer size in bits */
> +	ent_bits = min_t(u32, ent_bits, outbuflen<<3);
> +	pr_debug("obtained %u bits of entropy from Jitter RNG noise source\n",
> +		 ent_bits);
> +
> +	return ent_bits;
> +}
> +
> +u32 lrng_jent_entropylevel(void)
> +{
> +	return min_t(u32, jitterrng, LRNG_DRNG_SECURITY_STRENGTH_BITS);
> +}
> 

thanks.

Stephan Mueller Jan. 10, 2020, 7:45 a.m. UTC | #2

Am Freitag, 10. Januar 2020, 01:24:47 CET schrieb Randy Dunlap:

Hi Randy,

> Hi,
> 
> On 1/9/20 12:34 AM, Stephan Müller wrote:
> > ---
> > 
> >  drivers/char/lrng/Kconfig     | 11 +++++
> >  drivers/char/lrng/Makefile    |  1 +
> >  drivers/char/lrng/lrng_jent.c | 87 +++++++++++++++++++++++++++++++++++
> >  3 files changed, 99 insertions(+)
> >  create mode 100644 drivers/char/lrng/lrng_jent.c
> > 
> > diff --git a/drivers/char/lrng/lrng_jent.c b/drivers/char/lrng/lrng_jent.c
> > new file mode 100644
> > index 000000000000..97c0d192e9c8
> > --- /dev/null
> > +++ b/drivers/char/lrng/lrng_jent.c
> > @@ -0,0 +1,87 @@
> > +// SPDX-License-Identifier: GPL-2.0 OR BSD-2-Clause
> > +/*
> > + * LRNG Fast Noise Source: Jitter RNG
> > + *
> > + * Copyright (C) 2016 - 2020, Stephan Mueller <smueller@chronox.de>
> > + */
> > +
> > +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> > +
> > +#include <linux/types.h>
> > +#include <crypto/internal/jitterentropy.h>
> > +
> > +#include "lrng_internal.h"
> > +
> > +/*
> > + * Estimated entropy of data is a 16th of
> > LRNG_DRNG_SECURITY_STRENGTH_BITS. + * Albeit a full entropy assessment is
> > provided for the noise source indicating + * that it provides high
> > entropy rates and considering that it deactivates + * when it detects
> > insufficient hardware, the chosen under estimation of + * entropy is
> > considered to be acceptable to all reviewers.
> > + */
> > +static u32 jitterrng = LRNG_DRNG_SECURITY_STRENGTH_BITS>>4;
> > +module_param(jitterrng, uint, 0644);
> > +MODULE_PARM_DESC(jitterrng, "Entropy in bits of 256 data bits from Jitter
> > " +			    "RNG noise source");
> > +
> > +/**
> > + * Get Jitter RNG entropy
> > + *
> > + * @outbuf buffer to store entropy
> > + * @outbuflen length of buffer
> > + * @return > 0 on success where value provides the added entropy in bits
> > + *	   0 if no fast source was available
> > + */
> 
> Don't begin the comment block with /**
> or convert it to Linux kernel-doc notation format.

Yes, the colons are missing and there is no @return. It will be fixed with the 
next patch set.

Thank you.
> 
> > +static struct rand_data *lrng_jent_state;
> > +
> > +u32 lrng_get_jent(u8 *outbuf, unsigned int outbuflen)
> > +{
> > +	int ret;
> > +	u32 ent_bits = jitterrng;
> > +	unsigned long flags;
> > +	static DEFINE_SPINLOCK(lrng_jent_lock);
> > +	static int lrng_jent_initialized = 0;
> > +
> > +	spin_lock_irqsave(&lrng_jent_lock, flags);
> > +
> > +	if (!ent_bits || (lrng_jent_initialized == -1)) {
> > +		spin_unlock_irqrestore(&lrng_jent_lock, flags);
> > +		return 0;
> > +	}
> > +
> > +	if (!lrng_jent_initialized) {
> > +		lrng_jent_state = jent_lrng_entropy_collector();
> > +		if (!lrng_jent_state) {
> > +			jitterrng = 0;
> > +			lrng_jent_initialized = -1;
> > +			spin_unlock_irqrestore(&lrng_jent_lock, flags);
> > +			pr_info("Jitter RNG unusable on current system\n");
> > +			return 0;
> > +		}
> > +		lrng_jent_initialized = 1;
> > +		pr_debug("Jitter RNG working on current system\n");
> > +	}
> > +	ret = jent_read_entropy(lrng_jent_state, outbuf, outbuflen);
> > +	spin_unlock_irqrestore(&lrng_jent_lock, flags);
> > +
> > +	if (ret) {
> > +		pr_debug("Jitter RNG failed with %d\n", ret);
> > +		return 0;
> > +	}
> > +
> > +	/* Obtain entropy statement */
> > +	if (outbuflen != LRNG_DRNG_SECURITY_STRENGTH_BYTES)
> > +		ent_bits = (ent_bits * outbuflen<<3) /
> > +			   LRNG_DRNG_SECURITY_STRENGTH_BITS;
> > +	/* Cap entropy to buffer size in bits */
> > +	ent_bits = min_t(u32, ent_bits, outbuflen<<3);
> > +	pr_debug("obtained %u bits of entropy from Jitter RNG noise source\n",
> > +		 ent_bits);
> > +
> > +	return ent_bits;
> > +}
> > +
> > +u32 lrng_jent_entropylevel(void)
> > +{
> > +	return min_t(u32, jitterrng, LRNG_DRNG_SECURITY_STRENGTH_BITS);
> > +}
> 
> thanks.



Ciao
Stephan

diff --git a/drivers/char/lrng/Kconfig b/drivers/char/lrng/Kconfig
index 0d070a3897dd..10b7cbdb8c8e 100644
--- a/drivers/char/lrng/Kconfig
+++ b/drivers/char/lrng/Kconfig
@@ -92,4 +92,15 @@  config LRNG_KCAPI
 	  provided by the selected kernel crypto API RNG.
 endif # LRNG_DRNG_SWITCH
 
+config LRNG_JENT
+	bool "Enable Jitter RNG as LRNG Seed Source"
+	select CRYPTO_JITTERENTROPY
+	help
+	  The Linux RNG may use the Jitter RNG as noise source. Enabling
+	  this option enables the use of the Jitter RNG. Its default
+	  entropy level is 16 bits of entropy per 256 data bits delivered
+	  by the Jitter RNG. This entropy level can be changed at boot
+	  time or at runtime with the lrng_base.jitterrng configuration
+	  variable.
+
 endif # LRNG
diff --git a/drivers/char/lrng/Makefile b/drivers/char/lrng/Makefile
index 94b2dfb2dfdb..4f5b6f38f0c4 100644
--- a/drivers/char/lrng/Makefile
+++ b/drivers/char/lrng/Makefile
@@ -13,3 +13,4 @@  obj-$(CONFIG_SYSCTL)		+= lrng_proc.o
 obj-$(CONFIG_LRNG_DRNG_SWITCH)	+= lrng_switch.o
 obj-$(CONFIG_LRNG_DRBG)		+= lrng_drbg.o
 obj-$(CONFIG_LRNG_KCAPI)	+= lrng_kcapi.o
+obj-$(CONFIG_LRNG_JENT)		+= lrng_jent.o
diff --git a/drivers/char/lrng/lrng_jent.c b/drivers/char/lrng/lrng_jent.c
new file mode 100644
index 000000000000..97c0d192e9c8
--- /dev/null
+++ b/drivers/char/lrng/lrng_jent.c
@@ -0,0 +1,87 @@ 
+// SPDX-License-Identifier: GPL-2.0 OR BSD-2-Clause
+/*
+ * LRNG Fast Noise Source: Jitter RNG
+ *
+ * Copyright (C) 2016 - 2020, Stephan Mueller <smueller@chronox.de>
+ */
+
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
+#include <linux/types.h>
+#include <crypto/internal/jitterentropy.h>
+
+#include "lrng_internal.h"
+
+/*
+ * Estimated entropy of data is a 16th of LRNG_DRNG_SECURITY_STRENGTH_BITS.
+ * Albeit a full entropy assessment is provided for the noise source indicating
+ * that it provides high entropy rates and considering that it deactivates
+ * when it detects insufficient hardware, the chosen under estimation of
+ * entropy is considered to be acceptable to all reviewers.
+ */
+static u32 jitterrng = LRNG_DRNG_SECURITY_STRENGTH_BITS>>4;
+module_param(jitterrng, uint, 0644);
+MODULE_PARM_DESC(jitterrng, "Entropy in bits of 256 data bits from Jitter "
+			    "RNG noise source");
+
+/**
+ * Get Jitter RNG entropy
+ *
+ * @outbuf buffer to store entropy
+ * @outbuflen length of buffer
+ * @return > 0 on success where value provides the added entropy in bits
+ *	   0 if no fast source was available
+ */
+static struct rand_data *lrng_jent_state;
+
+u32 lrng_get_jent(u8 *outbuf, unsigned int outbuflen)
+{
+	int ret;
+	u32 ent_bits = jitterrng;
+	unsigned long flags;
+	static DEFINE_SPINLOCK(lrng_jent_lock);
+	static int lrng_jent_initialized = 0;
+
+	spin_lock_irqsave(&lrng_jent_lock, flags);
+
+	if (!ent_bits || (lrng_jent_initialized == -1)) {
+		spin_unlock_irqrestore(&lrng_jent_lock, flags);
+		return 0;
+	}
+
+	if (!lrng_jent_initialized) {
+		lrng_jent_state = jent_lrng_entropy_collector();
+		if (!lrng_jent_state) {
+			jitterrng = 0;
+			lrng_jent_initialized = -1;
+			spin_unlock_irqrestore(&lrng_jent_lock, flags);
+			pr_info("Jitter RNG unusable on current system\n");
+			return 0;
+		}
+		lrng_jent_initialized = 1;
+		pr_debug("Jitter RNG working on current system\n");
+	}
+	ret = jent_read_entropy(lrng_jent_state, outbuf, outbuflen);
+	spin_unlock_irqrestore(&lrng_jent_lock, flags);
+
+	if (ret) {
+		pr_debug("Jitter RNG failed with %d\n", ret);
+		return 0;
+	}
+
+	/* Obtain entropy statement */
+	if (outbuflen != LRNG_DRNG_SECURITY_STRENGTH_BYTES)
+		ent_bits = (ent_bits * outbuflen<<3) /
+			   LRNG_DRNG_SECURITY_STRENGTH_BITS;
+	/* Cap entropy to buffer size in bits */
+	ent_bits = min_t(u32, ent_bits, outbuflen<<3);
+	pr_debug("obtained %u bits of entropy from Jitter RNG noise source\n",
+		 ent_bits);
+
+	return ent_bits;
+}
+
+u32 lrng_jent_entropylevel(void)
+{
+	return min_t(u32, jitterrng, LRNG_DRNG_SECURITY_STRENGTH_BITS);
+}

[v27,09/12] LRNG - add Jitter RNG fast noise source

Commit Message

Comments

Patch