Re: [PATCH RFC v5 3/4] crypto: rsa: add a new rsa generic implementation

Am Montag, 15. Juni 2015, 18:49:15 schrieb Tadeusz Struk: Hi Tadeusz, > On 06/15/2015 04:23 PM, Stephan Mueller wrote: > >> + /* In FIPS mode only allow key size minimum 2K */ > >> > >> > +if (fips_enabled && (mpi_get_size(key->n) <

Re: [PATCH RFC v5 3/4] crypto: rsa: add a new rsa generic implementation

Am Montag, 15. Juni 2015, 13:18:47 schrieb Tadeusz Struk: Hi Tadeusz, > Add a new rsa generic SW implementation. > This implements only cryptographic primitives. Thank you, that seems to address the issues around the FIPS side including the self test code. Though, I have one question: > + >

Re: [PATCH RFC v5 3/4] crypto: rsa: add a new rsa generic implementation

Am Montag, 15. Juni 2015, 18:49:15 schrieb Tadeusz Struk: Hi Tadeusz, On 06/15/2015 04:23 PM, Stephan Mueller wrote: + /* In FIPS mode only allow key size minimum 2K */ +if (fips_enabled (mpi_get_size(key-n) 256)) { Considering my previous email, shouldn't that check

Re: [PATCH RFC v5 3/4] crypto: rsa: add a new rsa generic implementation

Am Montag, 15. Juni 2015, 13:18:47 schrieb Tadeusz Struk: Hi Tadeusz, Add a new rsa generic SW implementation. This implements only cryptographic primitives. Thank you, that seems to address the issues around the FIPS side including the self test code. Though, I have one question: + +int

Re: [PATCH RFC v4 1/4] MPILIB: add mpi_read_buf(), mpi_copy() and mpi_get_size() helpers

Am Donnerstag, 11. Juni 2015, 12:05:38 schrieb Tadeusz Struk: Hi Tadeusz, >+ */ >+void *mpi_get_buffer(MPI a, unsigned *nbytes, int *sign) >+{ >+ uint8_t *buf, *p; >+ int n, ret; >+ >+ if (!nbytes) >+ return NULL; >+ >+ n = mpi_get_size(a); Shouldn't n be

Re: [PATCH RFC v4 1/4] MPILIB: add mpi_read_buf(), mpi_copy() and mpi_get_size() helpers

Am Donnerstag, 11. Juni 2015, 12:05:38 schrieb Tadeusz Struk: Hi Tadeusz, + */ +void *mpi_get_buffer(MPI a, unsigned *nbytes, int *sign) +{ + uint8_t *buf, *p; + int n, ret; + + if (!nbytes) + return NULL; + + n = mpi_get_size(a); Shouldn't n be unsigned

Re: [PATCH RFC v4 2/4] crypto: add PKE API

Am Thursday 11 June 2015, 12:05:44 schrieb Tadeusz Struk: Hi Tadeusz, >+ >+static int akcipher_clone_key(struct crypto_akcipher *tfm, >+const struct public_key *pkey) >+{ >+ int i, ret = 0; >+ >+ tfm->pkey = kzalloc(sizeof(*tfm->pkey), GFP_KERNEL); >+ >+

Re: [PATCH v13 1/2] crypto: AF_ALG: add AEAD support

Am Thursday 11 June 2015, 15:59:29 schrieb Tadeusz Struk: Hi Tadeusz, >Hi Stephan, > >On 02/28/2015 11:50 AM, Stephan Mueller wrote: >> +err = af_alg_wait_for_completion(ctx->enc ? >> + crypt

Re: [PATCH] trivial: report backend_cra_name when allocation fails

Am Thursday 11 June 2015, 20:09:29 schrieb Sergey Senozhatsky: Hi Sergey, >Thanks. > >FWIW, here is my .config (Stephan has requested) Thank you very much. But I think Herbert already found the issue: SHA needs to be selected too (which I erroneously thought is implicitly selected with HMAC).

Re: [PATCH] trivial: report backend_cra_name when allocation fails

Am Thursday 11 June 2015, 20:09:29 schrieb Sergey Senozhatsky: Hi Sergey, Thanks. FWIW, here is my .config (Stephan has requested) Thank you very much. But I think Herbert already found the issue: SHA needs to be selected too (which I erroneously thought is implicitly selected with HMAC).

Re: [PATCH v13 1/2] crypto: AF_ALG: add AEAD support

Am Thursday 11 June 2015, 15:59:29 schrieb Tadeusz Struk: Hi Tadeusz, Hi Stephan, On 02/28/2015 11:50 AM, Stephan Mueller wrote: +err = af_alg_wait_for_completion(ctx-enc ? + crypto_aead_encrypt(ctx-aead_req

Re: [PATCH RFC v4 2/4] crypto: add PKE API

Am Thursday 11 June 2015, 12:05:44 schrieb Tadeusz Struk: Hi Tadeusz, + +static int akcipher_clone_key(struct crypto_akcipher *tfm, +const struct public_key *pkey) +{ + int i, ret = 0; + + tfm-pkey = kzalloc(sizeof(*tfm-pkey), GFP_KERNEL); + + if

Re: [PATCH] crypto/drbg: report backend_cra_name when allocation fails

Am Wednesday 10 June 2015, 22:27:48 schrieb Sergey Senozhatsky: Hi Sergey, >Be more verbose and also report ->backend_cra_name when >crypto_alloc_shash() or crypto_alloc_cipher() fail in >drbg_init_hash_kernel() or drbg_init_sym_kernel() >correspondingly. > >Example > DRBG: could not allocate

Re: [PATCH] crypto/drbg: report backend_cra_name when allocation fails

Am Wednesday 10 June 2015, 22:27:48 schrieb Sergey Senozhatsky: Hi Sergey, Be more verbose and also report -backend_cra_name when crypto_alloc_shash() or crypto_alloc_cipher() fail in drbg_init_hash_kernel() or drbg_init_sym_kernel() correspondingly. Example DRBG: could not allocate digest TFM

[PATCH v2] crypto: drbg - reseed often if seedsource is degraded

old is set to the value required by SP800-90A. Signed-off-by: Stephan Mueller --- crypto/drbg.c | 12 +++- include/crypto/drbg.h | 1 + 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/crypto/drbg.c b/crypto/drbg.c index c6cbf13..5fad297 100644 --- a/crypto/drbg.c ++

Re: [PATCH RFC] crypto: drbg - lower reseed threshold if seed source is degraded

Am Dienstag, 9. Juni 2015, 23:26:05 schrieb Herbert Xu: Hi Herbert, > On Tue, Jun 09, 2015 at 05:22:32PM +0200, Stephan Mueller wrote: > > Am Dienstag, 9. Juni 2015, 22:25:25 schrieb Herbert Xu: > > > > Hi Herbert, > > > > > Anyway, I'm happy to apply th

Re: [PATCH RFC] crypto: drbg - lower reseed threshold if seed source is degraded

Am Dienstag, 9. Juni 2015, 22:25:25 schrieb Herbert Xu: Hi Herbert, > > Anyway, I'm happy to apply this. However, the patch is corrupted > so please resend it without the white-space damage/line wrapping. As this patch would clash with the async seeding patch, shall I develop this patch on

Re: [PATCH 2/3] crypto: drbg - Use callback API for random readiness

Am Dienstag, 9. Juni 2015, 18:19:41 schrieb Herbert Xu: Hi Herbert, first of all, thanks a lot for your help. I have tested the patch set. ... > /* > * DRBG instantiation function as required by SP800-90A - this function > * sets up the DRBG handle, performs the initial seeding and all

Re: [PATCH RFC] crypto: drbg - lower reseed threshold if seed source is degraded

Am Dienstag, 9. Juni 2015, 22:25:25 schrieb Herbert Xu: Hi Herbert, Anyway, I'm happy to apply this. However, the patch is corrupted so please resend it without the white-space damage/line wrapping. As this patch would clash with the async seeding patch, shall I develop this patch on top

Re: [PATCH RFC] crypto: drbg - lower reseed threshold if seed source is degraded

Am Dienstag, 9. Juni 2015, 23:26:05 schrieb Herbert Xu: Hi Herbert, On Tue, Jun 09, 2015 at 05:22:32PM +0200, Stephan Mueller wrote: Am Dienstag, 9. Juni 2015, 22:25:25 schrieb Herbert Xu: Hi Herbert, Anyway, I'm happy to apply this. However, the patch is corrupted so please

Re: [PATCH 2/3] crypto: drbg - Use callback API for random readiness

Am Dienstag, 9. Juni 2015, 18:19:41 schrieb Herbert Xu: Hi Herbert, first of all, thanks a lot for your help. I have tested the patch set. ... /* * DRBG instantiation function as required by SP800-90A - this function * sets up the DRBG handle, performs the initial seeding and all

[PATCH v2] crypto: drbg - reseed often if seedsource is degraded

to the value required by SP800-90A. Signed-off-by: Stephan Mueller smuel...@chronox.de --- crypto/drbg.c | 12 +++- include/crypto/drbg.h | 1 + 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/crypto/drbg.c b/crypto/drbg.c index c6cbf13..5fad297 100644 --- a/crypto

[PATCH] crypto: drbg - use pragmas for disabling optimization

rom the Makefile with GCC pragmas to mark only the functions required to be compiled without optimizations. This patch also adds a comment describing the rationale for the functions chosen to be compiled without optimizations. Signed-off-by: Stephan Mueller --- crypto/Makefile| 1 - cry

Re: randconfig build error with next-20150529, in crypto/jitterentropy.c

Am Monday 08 June 2015, 16:51:24 schrieb Guenter Roeck: Hi Guenter, > >Yes, that fixes the problem (after I also removed the associated #error from >jitterentropy.c). Thank you for the confirmation. The patch will come tonight on this issue as I tested the cryptographic impact already. Thanks

Re: randconfig build error with next-20150529, in crypto/jitterentropy.c

Am Monday 08 June 2015, 16:30:09 schrieb Guenter Roeck: Hi Guenter, > >get_cycles is implemented as static inline which executes mfspr(SPR_TTCR). >SPR_TTCR is a constant. Normally that information seems to be passed on, >but not when get_cycles() is compiled through jitterentropy. > >Any idea

Re: randconfig build error with next-20150529, in crypto/jitterentropy.c

Am Monday 08 June 2015, 12:54:12 schrieb Guenter Roeck: Hi Guenter, Thanks for the note. ... > >--- > >openrisc:defconfig: > >In file included from ./arch/openrisc/include/asm/timex.h:23:0, > ... > from crypto/jitterentropy.c:52: >./arch/openrisc/include/asm/spr.h: In function

Re: randconfig build error with next-20150529, in crypto/jitterentropy.c

Am Monday 08 June 2015, 14:36:30 schrieb Peter Zijlstra: Hi Peter, > >Would something like > >#pragma GCC push_options >#pragma GCC optimize ("-O0") >static __u64 jent_fold_time(struct rand_data *ec, __u64 time, > __u64 *folded, __u64 loop_cnt) >{ > ... >} >#pragma

Re: randconfig build error with next-20150529, in crypto/jitterentropy.c

Am Montag, 8. Juni 2015, 14:36:30 schrieb Peter Zijlstra: Hi Peter, > Adding Stephan to Cc. > > On Mon, 2015-06-08 at 20:25 +0800, Herbert Xu wrote: > > On Mon, Jun 08, 2015 at 03:21:09PM +0300, Andy Shevchenko wrote: > > > On Fri, May 29, 2015 at 10:14 PM, Jim Davis wrote: > > > > Building

Re: randconfig build error with next-20150529, in crypto/jitterentropy.c

Am Monday 08 June 2015, 12:54:12 schrieb Guenter Roeck: Hi Guenter, Thanks for the note. ... --- openrisc:defconfig: In file included from ./arch/openrisc/include/asm/timex.h:23:0, ... from crypto/jitterentropy.c:52: ./arch/openrisc/include/asm/spr.h: In function

Re: randconfig build error with next-20150529, in crypto/jitterentropy.c

Am Monday 08 June 2015, 16:30:09 schrieb Guenter Roeck: Hi Guenter, get_cycles is implemented as static inline which executes mfspr(SPR_TTCR). SPR_TTCR is a constant. Normally that information seems to be passed on, but not when get_cycles() is compiled through jitterentropy. Any idea what

Re: randconfig build error with next-20150529, in crypto/jitterentropy.c

Am Monday 08 June 2015, 16:51:24 schrieb Guenter Roeck: Hi Guenter, Yes, that fixes the problem (after I also removed the associated #error from jitterentropy.c). Thank you for the confirmation. The patch will come tonight on this issue as I tested the cryptographic impact already. Thanks a

[PATCH] crypto: drbg - use pragmas for disabling optimization

the Makefile with GCC pragmas to mark only the functions required to be compiled without optimizations. This patch also adds a comment describing the rationale for the functions chosen to be compiled without optimizations. Signed-off-by: Stephan Mueller smuel...@chronox.de --- crypto/Makefile| 1

Re: randconfig build error with next-20150529, in crypto/jitterentropy.c

Am Montag, 8. Juni 2015, 14:36:30 schrieb Peter Zijlstra: Hi Peter, Adding Stephan to Cc. On Mon, 2015-06-08 at 20:25 +0800, Herbert Xu wrote: On Mon, Jun 08, 2015 at 03:21:09PM +0300, Andy Shevchenko wrote: On Fri, May 29, 2015 at 10:14 PM, Jim Davis jim.ep...@gmail.com wrote:

Re: randconfig build error with next-20150529, in crypto/jitterentropy.c

Am Monday 08 June 2015, 14:36:30 schrieb Peter Zijlstra: Hi Peter, Would something like #pragma GCC push_options #pragma GCC optimize (-O0) static __u64 jent_fold_time(struct rand_data *ec, __u64 time, __u64 *folded, __u64 loop_cnt) { ... } #pragma GCC

[PATCH RFC] crypto: drbg - lower reseed threshold if seed source is degraded

90A. Signed-off-by: Stephan Mueller --- crypto/drbg.c | 35 ++- include/crypto/drbg.h | 1 + 2 files changed, 27 insertions(+), 9 deletions(-) diff --git a/crypto/drbg.c b/crypto/drbg.c index 3fed67e..0ea4d3c 100644 --- a/crypto/drbg.c +++ b/crypto/drb

[PATCH RFC] crypto: drbg - lower reseed threshold if seed source is degraded

. Signed-off-by: Stephan Mueller smuel...@chronox.de --- crypto/drbg.c | 35 ++- include/crypto/drbg.h | 1 + 2 files changed, 27 insertions(+), 9 deletions(-) diff --git a/crypto/drbg.c b/crypto/drbg.c index 3fed67e..0ea4d3c 100644 --- a/crypto/drbg.c

[PATCH] crypto: use list to stage async seeding requests

: Theodore Ts'o CC: Sandy Harris Signed-off-by: Stephan Mueller --- crypto/drbg.c | 112 - drivers/char/random.c | 99 +++ include/crypto/drbg.h | 4 -- include/linux/random.h | 4 +- 4 files

Re: [PATCH v6 1/5] random: Blocking API for accessing nonblocking_pool

Am Freitag, 5. Juni 2015, 13:28:06 schrieb Herbert Xu: Hi Herbert, > > Steffen, I think we need to revisit the idea of having a list > of callbacks. Ok, I will reactivate my patch with the list. > > Cheers, -- Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe

Re: [PATCH v6 1/5] random: Blocking API for accessing nonblocking_pool

Am Freitag, 5. Juni 2015, 13:28:06 schrieb Herbert Xu: Hi Herbert, Steffen, I think we need to revisit the idea of having a list of callbacks. Ok, I will reactivate my patch with the list. Cheers, -- Ciao Stephan -- To unsubscribe from this list: send the line unsubscribe linux-kernel

[PATCH] crypto: use list to stage async seeding requests

andreas.stef...@strongswan.org CC: Theodore Ts'o ty...@mit.edu CC: Sandy Harris sandyinch...@gmail.com Signed-off-by: Stephan Mueller smuel...@chronox.de --- crypto/drbg.c | 112 - drivers/char/random.c | 99

Re: [PATCH RFC v3 3/3] crypto: add tests vectors for RSA

Am Mittwoch, 3. Juni 2015, 15:44:24 schrieb Tadeusz Struk: Hi Tadeusz, > New test vectors for RSA algorithm. > > Signed-off-by: Tadeusz Struk > --- > crypto/testmgr.c | 151 > ++ crypto/testmgr.h | > 86 +++ > 2

Re: [PATCH 1/2] Doc:crypto: Fix typo in crypto-API.tmpl

Am Donnerstag, 4. Juni 2015, 00:01:20 schrieb Masanari Iida: Hi Masanari, > This patch fix some spelling typo found in crypto-API.tmpl > > Signed-off-by: Masanari Iida Acked-by: Stephan Mueller -- Ciao Stephan -- To unsubscribe from this list: send the line "unsubscrib

Re: [PATCH 2/2] Doc:crypto: Fix typo in crypto-API.xml

Am Donnerstag, 4. Juni 2015, 00:01:21 schrieb Masanari Iida: Hi Masanari, > This patch fix some typos found in crypto-API.xml. > It is because the file is generated from comments in sources, > so I had to fix typo in sources. > > Signed-off-by: Masanari Iida Acked-by:

Re: [PATCH 1/2] Doc:crypto: Fix typo in crypto-API.tmpl

Am Donnerstag, 4. Juni 2015, 00:01:20 schrieb Masanari Iida: Hi Masanari, This patch fix some spelling typo found in crypto-API.tmpl Signed-off-by: Masanari Iida standby2...@gmail.com Acked-by: Stephan Mueller smuel...@chronox.de -- Ciao Stephan -- To unsubscribe from this list: send

Re: [PATCH 2/2] Doc:crypto: Fix typo in crypto-API.xml

Am Donnerstag, 4. Juni 2015, 00:01:21 schrieb Masanari Iida: Hi Masanari, This patch fix some typos found in crypto-API.xml. It is because the file is generated from comments in sources, so I had to fix typo in sources. Signed-off-by: Masanari Iida standby2...@gmail.com Acked-by: Stephan

Re: [PATCH RFC v3 3/3] crypto: add tests vectors for RSA

Am Mittwoch, 3. Juni 2015, 15:44:24 schrieb Tadeusz Struk: Hi Tadeusz, New test vectors for RSA algorithm. Signed-off-by: Tadeusz Struk tadeusz.st...@intel.com --- crypto/testmgr.c | 151 ++ crypto/testmgr.h | 86

Re: linux-next: build failure after merge of the crypto tree

Am Donnerstag, 28. Mai 2015, 21:40:49 schrieb Stephen Rothwell: Hi Stephen, >Hi Herbert, > >After merging the crypto tree, today's linux-next build (powerpc >allyesconfig) failed like this: > >crypto/jitterentropy.c: In function 'jent_get_nstime': >crypto/jitterentropy.c:135:5: error: implicit

Re: linux-next: build failure after merge of the crypto tree

Am Donnerstag, 28. Mai 2015, 21:40:49 schrieb Stephen Rothwell: Hi Stephen, Hi Herbert, After merging the crypto tree, today's linux-next build (powerpc allyesconfig) failed like this: crypto/jitterentropy.c: In function 'jent_get_nstime': crypto/jitterentropy.c:135:5: error: implicit

[PATCH v10 1/5] random: Blocking API for accessing nonblocking_pool

The added API calls provide a synchronous function call get_blocking_random_bytes where the caller is blocked until the nonblocking_pool is initialized. CC: Andreas Steffen CC: Theodore Ts'o CC: Sandy Harris Signed-off-by: Stephan Mueller --- drivers/char/random.c | 12 include

[PATCH v10 5/5] crypto: add jitterentropy RNG

in the kernel. The RNG only needs a high-resolution time stamp. Further design details, the cryptographic assessment and large array of test results are documented at http://www.chronox.de/jent.html. CC: Andreas Steffen CC: Theodore Ts'o CC: Sandy Harris Signed-off-by: Stephan Mueller --- crypto/Kconfig

[PATCH v10 0/5] Seeding DRBG with more entropy

ble for the Jitter RNG (e.g. has a too coarse timer). [1] http://www.mail-archive.com/linux-crypto@vger.kernel.org/msg13891.html [2] http://www.chronox.de/jent.html Stephan Mueller (5): random: Blocking API for accessing nonblocking_pool crypto: drbg - prepare for async seeding crypto: drbg -

[PATCH v10 4/5] crypto: drbg - use Jitter RNG to obtain seed

-by: Stephan Mueller --- crypto/drbg.c | 52 --- include/crypto/drbg.h | 1 + 2 files changed, 46 insertions(+), 7 deletions(-) diff --git a/crypto/drbg.c b/crypto/drbg.c index aca8684..9284348 100644 --- a/crypto/drbg.c +++ b/crypto/drbg.c

[PATCH v10 3/5] crypto: drbg - add async seeding operation

the actual seeding of the DRBG. CC: Andreas Steffen CC: Theodore Ts'o CC: Sandy Harris Signed-off-by: Stephan Mueller --- crypto/drbg.c | 24 include/crypto/drbg.h | 2 ++ 2 files changed, 26 insertions(+) diff --git a/crypto/drbg.c b/crypto/drbg.c index 36dfece

[PATCH v10 2/5] crypto: drbg - prepare for async seeding

for the initial seeding operation as well as by the asynchronous seeding call. The memory must be zeroized every time the DRBG seeding call succeeds to avoid entropy data lingering in memory. CC: Andreas Steffen CC: Theodore Ts'o CC: Sandy Harris Signed-off-by: Stephan Mueller --- crypto/drbg.c

[PATCH v10 2/5] crypto: drbg - prepare for async seeding

...@gmail.com Signed-off-by: Stephan Mueller smuel...@chronox.de --- crypto/drbg.c | 81 ++- include/crypto/drbg.h | 2 ++ 2 files changed, 56 insertions(+), 27 deletions(-) diff --git a/crypto/drbg.c b/crypto/drbg.c index 23d444e..36dfece

[PATCH v10 1/5] random: Blocking API for accessing nonblocking_pool

-by: Stephan Mueller smuel...@chronox.de --- drivers/char/random.c | 12 include/linux/random.h | 1 + 2 files changed, 13 insertions(+) diff --git a/drivers/char/random.c b/drivers/char/random.c index 9cd6968..0bb7cb2 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -1245,6

[PATCH v10 5/5] crypto: add jitterentropy RNG

...@gmail.com Signed-off-by: Stephan Mueller smuel...@chronox.de --- crypto/Kconfig | 10 + crypto/Makefile| 2 + crypto/jitterentropy.c | 909 + crypto/testmgr.c | 4 + 4 files changed, 925 insertions(+) create mode 100644

[PATCH v10 0/5] Seeding DRBG with more entropy

is not suitable for the Jitter RNG (e.g. has a too coarse timer). [1] http://www.mail-archive.com/linux-crypto@vger.kernel.org/msg13891.html [2] http://www.chronox.de/jent.html Stephan Mueller (5): random: Blocking API for accessing nonblocking_pool crypto: drbg - prepare for async seeding

[PATCH v10 4/5] crypto: drbg - use Jitter RNG to obtain seed

ty...@mit.edu CC: Sandy Harris sandyinch...@gmail.com Signed-off-by: Stephan Mueller smuel...@chronox.de --- crypto/drbg.c | 52 --- include/crypto/drbg.h | 1 + 2 files changed, 46 insertions(+), 7 deletions(-) diff --git a/crypto/drbg.c b

[PATCH v10 3/5] crypto: drbg - add async seeding operation

the actual seeding of the DRBG. CC: Andreas Steffen andreas.stef...@strongswan.org CC: Theodore Ts'o ty...@mit.edu CC: Sandy Harris sandyinch...@gmail.com Signed-off-by: Stephan Mueller smuel...@chronox.de --- crypto/drbg.c | 24 include/crypto/drbg.h | 2 ++ 2 files

Re: random: Wake up all getrandom(2) callers when pool is ready

Am Donnerstag, 21. Mai 2015, 16:19:54 schrieb Herbert Xu: Hi Herbert, >On Thu, May 21, 2015 at 09:55:17AM +0200, Stephan Mueller wrote: >> So, I will create a 2nd wait queue in random.c for uninterruptible waits, >> change the get_blocking_random_bytes back to void and use wait_e

Re: [PATCH v9 3/5] crypto: drbg - add async seeding operation

Am Donnerstag, 21. Mai 2015, 05:44:08 schrieb Herbert Xu: Hi Herbert, > On Wed, May 20, 2015 at 10:03:45PM +0200, Stephan Mueller wrote: > >> @@ -1487,6 +1514,7 @@ unlock: > > */ > > > > static int drbg_uninstantiate(struct drbg_state *drbg) > > { >

Re: [PATCH v9 3/5] crypto: drbg - add async seeding operation

Am Donnerstag, 21. Mai 2015, 14:36:18 schrieb Herbert Xu: Hi Herbert, >On Thu, May 21, 2015 at 08:10:13AM +0200, Stephan Mueller wrote: >> The cancel operation is needed as otherwise my drbg context handle will be >> removed by the crypto API during the sleep. That is the w

Re: [PATCH v9 3/5] crypto: drbg - add async seeding operation

Am Donnerstag, 21. Mai 2015, 05:44:08 schrieb Herbert Xu: Hi Herbert, > On Wed, May 20, 2015 at 10:03:45PM +0200, Stephan Mueller wrote: > >> @@ -1487,6 +1514,7 @@ unlock: > > */ > > > > static int drbg_uninstantiate(struct drbg_state *drbg) > > { >

Re: [PATCH v9 3/5] crypto: drbg - add async seeding operation

Am Donnerstag, 21. Mai 2015, 05:44:08 schrieb Herbert Xu: Hi Herbert, On Wed, May 20, 2015 at 10:03:45PM +0200, Stephan Mueller wrote: @@ -1487,6 +1514,7 @@ unlock: */ static int drbg_uninstantiate(struct drbg_state *drbg) { + cancel_work_sync(drbg-seed_work

Re: random: Wake up all getrandom(2) callers when pool is ready

Am Donnerstag, 21. Mai 2015, 16:19:54 schrieb Herbert Xu: Hi Herbert, On Thu, May 21, 2015 at 09:55:17AM +0200, Stephan Mueller wrote: So, I will create a 2nd wait queue in random.c for uninterruptible waits, change the get_blocking_random_bytes back to void and use wait_event to wait

Re: [PATCH v9 3/5] crypto: drbg - add async seeding operation

Am Donnerstag, 21. Mai 2015, 05:44:08 schrieb Herbert Xu: Hi Herbert, On Wed, May 20, 2015 at 10:03:45PM +0200, Stephan Mueller wrote: @@ -1487,6 +1514,7 @@ unlock: */ static int drbg_uninstantiate(struct drbg_state *drbg) { + cancel_work_sync(drbg-seed_work

Re: [PATCH v9 3/5] crypto: drbg - add async seeding operation

Am Donnerstag, 21. Mai 2015, 14:36:18 schrieb Herbert Xu: Hi Herbert, On Thu, May 21, 2015 at 08:10:13AM +0200, Stephan Mueller wrote: The cancel operation is needed as otherwise my drbg context handle will be removed by the crypto API during the sleep. That is the whole reason why

[PATCH v9 5/5] crypto: add jitterentropy RNG

in the kernel. The RNG only needs a high-resolution time stamp. Further design details, the cryptographic assessment and large array of test results are documented at http://www.chronox.de/jent.html. CC: Andreas Steffen CC: Theodore Ts'o CC: Sandy Harris Signed-off-by: Stephan Mueller --- crypto/Kconfig

[PATCH v9 1/5] random: Blocking API for accessing nonblocking_pool

The added API calls provide a synchronous function call get_blocking_random_bytes where the caller is blocked until the nonblocking_pool is initialized. CC: Andreas Steffen CC: Theodore Ts'o CC: Sandy Harris Signed-off-by: Stephan Mueller --- drivers/char/random.c | 20

[PATCH v9 3/5] crypto: drbg - add async seeding operation

the actual seeding of the DRBG. CC: Andreas Steffen CC: Theodore Ts'o CC: Sandy Harris Signed-off-by: Stephan Mueller --- crypto/drbg.c | 28 include/crypto/drbg.h | 2 ++ 2 files changed, 30 insertions(+) diff --git a/crypto/drbg.c b/crypto/drbg.c index

[PATCH v9 0/5] Seeding DRBG with more entropy

ing init time of the Jitter RNG, the performed testing shows that the underlying hardware is not suitable for the Jitter RNG (e.g. has a too coarse timer). [1] http://www.mail-archive.com/linux-crypto@vger.kernel.org/msg13891.html [2] http://www.chronox.de/jent.html Stephan Mueller (5): ran

[PATCH v9 2/5] crypto: drbg - prepare for async seeding

for the initial seeding operation as well as by the asynchronous seeding call. The memory must be zeroized every time the DRBG seeding call succeeds to avoid entropy data lingering in memory. CC: Andreas Steffen CC: Theodore Ts'o CC: Sandy Harris Signed-off-by: Stephan Mueller --- crypto/drbg.c

[PATCH v9 4/5] crypto: drbg - use Jitter RNG to obtain seed

-by: Stephan Mueller --- crypto/drbg.c | 51 --- include/crypto/drbg.h | 1 + 2 files changed, 45 insertions(+), 7 deletions(-) diff --git a/crypto/drbg.c b/crypto/drbg.c index 563e5e9..e9fd60d 100644 --- a/crypto/drbg.c +++ b/crypto/drbg.c

Re: [PATCH v8 1/5] random: Blocking API for accessing nonblocking_pool

Am Mittwoch, 20. Mai 2015, 21:44:46 schrieb Stephan Mueller: Hi, > +int get_blocking_random_bytes(void *buf, int nbytes) > +{ > + int rc; Sorry, I should be more carefully here: the rc should be initialized to 0 :-( -- Ciao Stephan -- To unsubscribe from this list: send

[PATCH v8 5/5] crypto: add jitterentropy RNG

in the kernel. The RNG only needs a high-resolution time stamp. Further design details, the cryptographic assessment and large array of test results are documented at http://www.chronox.de/jent.html. CC: Andreas Steffen CC: Theodore Ts'o CC: Sandy Harris Signed-off-by: Stephan Mueller --- crypto/Kconfig

[PATCH v8 4/5] crypto: drbg - use Jitter RNG to obtain seed

-by: Stephan Mueller --- crypto/drbg.c | 51 --- include/crypto/drbg.h | 1 + 2 files changed, 45 insertions(+), 7 deletions(-) diff --git a/crypto/drbg.c b/crypto/drbg.c index 4e54973..21d93ce 100644 --- a/crypto/drbg.c +++ b/crypto/drbg.c

[PATCH v8 0/5] Seeding DRBG with more entropy

med testing shows that the underlying hardware is not suitable for the Jitter RNG (e.g. has a too coarse timer). [1] http://www.mail-archive.com/linux-crypto@vger.kernel.org/msg13891.html [2] http://www.chronox.de/jent.html Stephan Mueller (5): random: Blocking API for accessing nonblocking_p

[PATCH v8 3/5] crypto: drbg - add async seeding operation

the actual seeding of the DRBG. CC: Andreas Steffen CC: Theodore Ts'o CC: Sandy Harris Signed-off-by: Stephan Mueller --- crypto/drbg.c | 28 include/crypto/drbg.h | 2 ++ 2 files changed, 30 insertions(+) diff --git a/crypto/drbg.c b/crypto/drbg.c index

[PATCH v8 1/5] random: Blocking API for accessing nonblocking_pool

The added API calls provide a synchronous function call get_blocking_random_bytes where the caller is blocked until the nonblocking_pool is initialized. CC: Andreas Steffen CC: Theodore Ts'o CC: Sandy Harris Signed-off-by: Stephan Mueller --- drivers/char/random.c | 20

[PATCH v8 2/5] crypto: drbg - prepare for async seeding

for the initial seeding operation as well as by the asynchronous seeding call. The memory must be zeroized every time the DRBG seeding call succeeds to avoid entropy data lingering in memory. CC: Andreas Steffen CC: Theodore Ts'o CC: Sandy Harris Signed-off-by: Stephan Mueller --- crypto/drbg.c

Re: [PATCH v7 1/5] random: Blocking API for accessing nonblocking_pool

Am Mittwoch, 20. Mai 2015, 20:49:45 schrieb Stephan Mueller: Hi Herbert, > > This is just a convoluted way of doing an uninterruptible sleep. > > Either make it uninterruptible or allow the function to return > > an error. > > Sorry, I overlooked the availability of w

Re: [PATCH v7 1/5] random: Blocking API for accessing nonblocking_pool

Am Donnerstag, 21. Mai 2015, 02:45:35 schrieb Herbert Xu: Hi Herbert, > On Wed, May 20, 2015 at 07:44:39PM +0200, Stephan Mueller wrote: > > + if (unlikely(nonblocking_pool.initialized == 0)) { > > + do { > > + rc = wait_event_interrupti

[PATCH v7 2/5] crypto: drbg - prepare for async seeding

for the initial seeding operation as well as by the asynchronous seeding call. The memory must be zeroized every time the DRBG seeding call succeeds to avoid entropy data lingering in memory. CC: Andreas Steffen CC: Theodore Ts'o CC: Sandy Harris Signed-off-by: Stephan Mueller --- crypto/drbg.c

[PATCH v7 1/5] random: Blocking API for accessing nonblocking_pool

The added API calls provide a synchronous function call get_blocking_random_bytes where the caller is blocked until the nonblocking_pool is initialized. CC: Andreas Steffen CC: Theodore Ts'o CC: Sandy Harris Signed-off-by: Stephan Mueller --- drivers/char/random.c | 18

[PATCH v7 4/5] crypto: drbg - use Jitter RNG to obtain seed

-by: Stephan Mueller --- crypto/drbg.c | 52 --- include/crypto/drbg.h | 1 + 2 files changed, 46 insertions(+), 7 deletions(-) diff --git a/crypto/drbg.c b/crypto/drbg.c index aca8684..9284348 100644 --- a/crypto/drbg.c +++ b/crypto/drbg.c

[PATCH v7 0/5] Seeding DRBG with more entropy

Hi, as of now, the DRBG is only seeded from get_random_bytes. In various circumstances, the nonblocking_pool behind get_random_bytes may not be fully seeded from hardware events at the time the DRBG requires to be seeded. Based on the discussion in [1], the DRBG seeding is updated such that it

[PATCH v7 5/5] crypto: add jitterentropy RNG

in the kernel. The RNG only needs a high-resolution time stamp. Further design details, the cryptographic assessment and large array of test results are documented at http://www.chronox.de/jent.html. CC: Andreas Steffen CC: Theodore Ts'o CC: Sandy Harris Signed-off-by: Stephan Mueller --- crypto/Kconfig

[PATCH v7 3/5] crypto: drbg - add async seeding operation

the actual seeding of the DRBG. CC: Andreas Steffen CC: Theodore Ts'o CC: Sandy Harris Signed-off-by: Stephan Mueller --- crypto/drbg.c | 24 include/crypto/drbg.h | 2 ++ 2 files changed, 26 insertions(+) diff --git a/crypto/drbg.c b/crypto/drbg.c index 36dfece

Re: [PATCH] random: add random_initialized command line param

Am Mittwoch, 20. Mai 2015, 11:06:42 schrieb Theodore Ts'o: Hi Theodore, As a side note to this discussion, may I ask why entropy_total is used for checking against the threshold value and not entropy_count? The reason for my question is the following: until a DRNG (in the worst case,

Re: [PATCH] random: add random_initialized command line param

Am Dienstag, 19. Mai 2015, 18:40:20 schrieb Sandy Harris: Hi Sandy, > >When we do do it, I see no reason to support anything other than 128 >and 256, and I am not sure about retaining 128. Nor do I see any >reason this should be a command-line option rather than just a >compile-time constant. I

Re: [PATCH v6 1/5] random: Blocking API for accessing nonblocking_pool

Am Mittwoch, 20. Mai 2015, 06:55:33 schrieb Herbert Xu: Hi Herbert, > >You still need to handle the case where wait_event_interruptible >returns an error. Otherwise this looks fine. Thank you. I would suggest to add a while loop around the call that sets up the wait if it terminated with

Re: [PATCH v6 1/5] random: Blocking API for accessing nonblocking_pool

Am Mittwoch, 20. Mai 2015, 06:55:33 schrieb Herbert Xu: Hi Herbert, You still need to handle the case where wait_event_interruptible returns an error. Otherwise this looks fine. Thank you. I would suggest to add a while loop around the call that sets up the wait if it terminated with

Re: [PATCH] random: add random_initialized command line param

Am Dienstag, 19. Mai 2015, 18:40:20 schrieb Sandy Harris: Hi Sandy, When we do do it, I see no reason to support anything other than 128 and 256, and I am not sure about retaining 128. Nor do I see any reason this should be a command-line option rather than just a compile-time constant. I would

Re: [PATCH] random: add random_initialized command line param

Am Mittwoch, 20. Mai 2015, 11:06:42 schrieb Theodore Ts'o: Hi Theodore, As a side note to this discussion, may I ask why entropy_total is used for checking against the threshold value and not entropy_count? The reason for my question is the following: until a DRNG (in the worst case,

[PATCH v9 3/5] crypto: drbg - add async seeding operation

the actual seeding of the DRBG. CC: Andreas Steffen andreas.stef...@strongswan.org CC: Theodore Ts'o ty...@mit.edu CC: Sandy Harris sandyinch...@gmail.com Signed-off-by: Stephan Mueller smuel...@chronox.de --- crypto/drbg.c | 28 include/crypto/drbg.h | 2 ++ 2

[PATCH v9 0/5] Seeding DRBG with more entropy

/in vmlinuz or during init time of the Jitter RNG, the performed testing shows that the underlying hardware is not suitable for the Jitter RNG (e.g. has a too coarse timer). [1] http://www.mail-archive.com/linux-crypto@vger.kernel.org/msg13891.html [2] http://www.chronox.de/jent.html Stephan

[PATCH v9 5/5] crypto: add jitterentropy RNG

...@gmail.com Signed-off-by: Stephan Mueller smuel...@chronox.de --- crypto/Kconfig | 10 + crypto/Makefile| 2 + crypto/jitterentropy.c | 909 + crypto/testmgr.c | 4 + 4 files changed, 925 insertions(+) create mode 100644

[PATCH v9 1/5] random: Blocking API for accessing nonblocking_pool

-by: Stephan Mueller smuel...@chronox.de --- drivers/char/random.c | 20 include/linux/random.h | 1 + 2 files changed, 21 insertions(+) diff --git a/drivers/char/random.c b/drivers/char/random.c index 9cd6968..9815a26 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c

[PATCH v9 4/5] crypto: drbg - use Jitter RNG to obtain seed

ty...@mit.edu CC: Sandy Harris sandyinch...@gmail.com Signed-off-by: Stephan Mueller smuel...@chronox.de --- crypto/drbg.c | 51 --- include/crypto/drbg.h | 1 + 2 files changed, 45 insertions(+), 7 deletions(-) diff --git a/crypto/drbg.c b

<    2   3   4   5   6   7   8   9   10   11   >