| Message ID | 20171205123558.31087-4-l.stelmach@samsung.com (mailing list archive) |
|---|---|
| State | Superseded |
| Delegated to: | Herbert Xu |
| Headers | show |
Am Dienstag, 5. Dezember 2017, 13:35:58 CET schrieb Łukasz Stelmach: Hi Łukasz, > Reseed PRNG after reading 65 kB of randomness. Although this may reduce > performance, in most casese the loss is not noticable. Please add to the log that you also increase the timer-based reseed to 1 second?! Another suggestion: maybe you want to add a comment to the reseed function to indicate it is for enhanced backtracking resistance. Otherwise a lot of folks would scratch their head why such code exists in the first place. :-) Other than that: Reviewed-by: Stephan Mueller <smueller@chronox.de> Ciao Stephan
On Tue, Dec 5, 2017 at 1:35 PM, Łukasz Stelmach <l.stelmach@samsung.com> wrote: > Reseed PRNG after reading 65 kB of randomness. Although this may reduce > performance, in most casese the loss is not noticable. s/casese/cases/ s/noticable/noticeable/ Please explain why you want to reseed after 65 kB (as opposite to current implementation). Mention also why you are changing the time of reseed. > > Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com> > --- > drivers/crypto/exynos-rng.c | 18 ++++++++++++++---- > 1 file changed, 14 insertions(+), 4 deletions(-) > > diff --git a/drivers/crypto/exynos-rng.c b/drivers/crypto/exynos-rng.c > index 002e9d2a83cc..0bf07a655813 100644 > --- a/drivers/crypto/exynos-rng.c > +++ b/drivers/crypto/exynos-rng.c > @@ -54,12 +54,15 @@ enum exynos_prng_type { > }; > > /* > - * Driver re-seeds itself with generated random numbers to increase > - * the randomness. > + * Driver re-seeds itself with generated random numbers to hinder > + * backtracking of the original seed. > * > * Time for next re-seed in ms. > */ > -#define EXYNOS_RNG_RESEED_TIME 100 > +#define EXYNOS_RNG_RESEED_TIME 1000 > +#define EXYNOS_RNG_RESEED_BYTES 65536 > + > + Just one empty line. > /* > * In polling mode, do not wait infinitely for the engine to finish the work. > */ > @@ -81,6 +84,8 @@ struct exynos_rng_dev { > unsigned int seed_save_len; > /* Time of last seeding in jiffies */ > unsigned long last_seeding; > + /* Bytes generated since last seeding */ > + unsigned long bytes_seeding; > }; > > static struct exynos_rng_dev *exynos_rng_dev; > @@ -125,6 +130,7 @@ static int exynos_rng_set_seed(struct exynos_rng_dev *rng, > } > > rng->last_seeding = jiffies; > + rng->bytes_seeding = 0; > > return 0; > } > @@ -166,6 +172,8 @@ static int exynos_rng_get_random(struct exynos_rng_dev *rng, > memcpy_fromio(dst, rng->mem + EXYNOS_RNG_OUT_BASE, *read); > > return 0; > + > + No need for these lines. Best regards, Krzysztof
diff --git a/drivers/crypto/exynos-rng.c b/drivers/crypto/exynos-rng.c index 002e9d2a83cc..0bf07a655813 100644 --- a/drivers/crypto/exynos-rng.c +++ b/drivers/crypto/exynos-rng.c @@ -54,12 +54,15 @@ enum exynos_prng_type { }; /* - * Driver re-seeds itself with generated random numbers to increase - * the randomness. + * Driver re-seeds itself with generated random numbers to hinder + * backtracking of the original seed. * * Time for next re-seed in ms. */ -#define EXYNOS_RNG_RESEED_TIME 100 +#define EXYNOS_RNG_RESEED_TIME 1000 +#define EXYNOS_RNG_RESEED_BYTES 65536 + + /* * In polling mode, do not wait infinitely for the engine to finish the work. */ @@ -81,6 +84,8 @@ struct exynos_rng_dev { unsigned int seed_save_len; /* Time of last seeding in jiffies */ unsigned long last_seeding; + /* Bytes generated since last seeding */ + unsigned long bytes_seeding; }; static struct exynos_rng_dev *exynos_rng_dev; @@ -125,6 +130,7 @@ static int exynos_rng_set_seed(struct exynos_rng_dev *rng, } rng->last_seeding = jiffies; + rng->bytes_seeding = 0; return 0; } @@ -166,6 +172,8 @@ static int exynos_rng_get_random(struct exynos_rng_dev *rng, memcpy_fromio(dst, rng->mem + EXYNOS_RNG_OUT_BASE, *read); return 0; + + } /* Re-seed itself from time to time */ @@ -177,7 +185,8 @@ static void exynos_rng_reseed(struct exynos_rng_dev *rng) unsigned int read = 0; u8 seed[EXYNOS_RNG_SEED_SIZE]; - if (time_before(now, next_seeding)) + if (time_before(now, next_seeding) && + rng->bytes_seeding < EXYNOS_RNG_RESEED_BYTES) return; if (exynos_rng_get_random(rng, seed, sizeof(seed), &read)) @@ -206,6 +215,7 @@ static int exynos_rng_generate(struct crypto_rng *tfm, dlen -= read; dst += read; + rng->bytes_seeding += read; exynos_rng_reseed(rng); } while (dlen > 0);
Reseed PRNG after reading 65 kB of randomness. Although this may reduce performance, in most casese the loss is not noticable. Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com> --- drivers/crypto/exynos-rng.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-)