[v2,0/2] crypto: Jitter RNG SP800-90B compliance

Message ID	9339058.MEWKF1lRGI@positron.chronox.de (mailing list archive)
Headers	show Return-Path: <SRS0=6qCq=6B=vger.kernel.org=linux-crypto-owner@kernel.org> From: Stephan =?iso-8859-1?q?M=FCller?= <smueller@chronox.de> To: herbert@gondor.apana.org.au Cc: linux-crypto@vger.kernel.org Subject: [PATCH v2 0/2] crypto: Jitter RNG SP800-90B compliance Date: Fri, 17 Apr 2020 21:32:53 +0200 Message-ID: <9339058.MEWKF1lRGI@positron.chronox.de> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk
Series	crypto: Jitter RNG SP800-90B compliance \| expand [v2,0/2] crypto: Jitter RNG SP800-90B compliance [v2,1/2] crypto: Jitter RNG SP800-90B compliance [v2,2/2] crypto: DRBG always seeded with SP800-90B compliant noise source

Message ID

9339058.MEWKF1lRGI@positron.chronox.de (mailing list archive)

Headers

From: Stephan =?iso-8859-1?q?M=FCller?= <smueller@chronox.de>
To: herbert@gondor.apana.org.au
Cc: linux-crypto@vger.kernel.org
Subject: [PATCH v2 0/2] crypto: Jitter RNG SP800-90B compliance
Date: Fri, 17 Apr 2020 21:32:53 +0200
Message-ID: <9339058.MEWKF1lRGI@positron.chronox.de>
MIME-Version: 1.0
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk

Series

crypto: Jitter RNG SP800-90B compliance | expand

Message

Stephan Mueller April 17, 2020, 7:32 p.m. UTC

Hi,

This patch set adds SP800-90B compliance to the Jitter RNG. The
SP800-90B patch is tested for more than half a year in user space
with the Jitter RNG version 2.2.0.

The full SP800-90B assessment of the Jitter RNG is provided at [1].

In addition, the DRBG implementation is updated to always be
reseeded from the Jitter RNG. To ensure the DRBG is reseeded within
an appropriate amount of time, the reseed threshold is lowered.

Changes v2:
* Instead of free/alloc of the Jitter RNG instance in case of a health
  test error, re-initialize the RNG instance by performing the
  power-up test and after a success, clear the health test status and
  error.

[1] http://www.chronox.de/jent/doc/CPU-Jitter-NPTRNG.pdf

Stephan Mueller (2):
  crypto: Jitter RNG SP800-90B compliance
  crypto: DRBG always seeded with SP800-90B compliant noise source

 crypto/drbg.c                |  26 ++-
 crypto/jitterentropy-kcapi.c |  27 +++
 crypto/jitterentropy.c       | 417 ++++++++++++++++++++++++++---------
 include/crypto/drbg.h        |   6 +-
 4 files changed, 363 insertions(+), 113 deletions(-)

Comments

Herbert Xu April 24, 2020, 7:47 a.m. UTC | #1

On Fri, Apr 17, 2020 at 09:32:53PM +0200, Stephan Müller wrote:
> Hi,
> 
> This patch set adds SP800-90B compliance to the Jitter RNG. The
> SP800-90B patch is tested for more than half a year in user space
> with the Jitter RNG version 2.2.0.
> 
> The full SP800-90B assessment of the Jitter RNG is provided at [1].
> 
> In addition, the DRBG implementation is updated to always be
> reseeded from the Jitter RNG. To ensure the DRBG is reseeded within
> an appropriate amount of time, the reseed threshold is lowered.
> 
> Changes v2:
> * Instead of free/alloc of the Jitter RNG instance in case of a health
>   test error, re-initialize the RNG instance by performing the
>   power-up test and after a success, clear the health test status and
>   error.
> 
> [1] http://www.chronox.de/jent/doc/CPU-Jitter-NPTRNG.pdf
> 
> Stephan Mueller (2):
>   crypto: Jitter RNG SP800-90B compliance
>   crypto: DRBG always seeded with SP800-90B compliant noise source
> 
>  crypto/drbg.c                |  26 ++-
>  crypto/jitterentropy-kcapi.c |  27 +++
>  crypto/jitterentropy.c       | 417 ++++++++++++++++++++++++++---------
>  include/crypto/drbg.h        |   6 +-
>  4 files changed, 363 insertions(+), 113 deletions(-)

All applied.  Thanks.