Am Montag, 15. Juni 2015, 18:49:15 schrieb Tadeusz Struk:
Hi Tadeusz,
> On 06/15/2015 04:23 PM, Stephan Mueller wrote:
> >> + /* In FIPS mode only allow key size minimum 2K */
> >>
> >> > +if (fips_enabled && (mpi_get_size(key->n) <
Am Montag, 15. Juni 2015, 13:18:47 schrieb Tadeusz Struk:
Hi Tadeusz,
> Add a new rsa generic SW implementation.
> This implements only cryptographic primitives.
Thank you, that seems to address the issues around the FIPS side including the
self test code.
Though, I have one question:
> +
>
Am Montag, 15. Juni 2015, 18:49:15 schrieb Tadeusz Struk:
Hi Tadeusz,
On 06/15/2015 04:23 PM, Stephan Mueller wrote:
+ /* In FIPS mode only allow key size minimum 2K */
+if (fips_enabled (mpi_get_size(key-n) 256)) {
Considering my previous email, shouldn't that check
Am Montag, 15. Juni 2015, 13:18:47 schrieb Tadeusz Struk:
Hi Tadeusz,
Add a new rsa generic SW implementation.
This implements only cryptographic primitives.
Thank you, that seems to address the issues around the FIPS side including the
self test code.
Though, I have one question:
+
+int
Am Donnerstag, 11. Juni 2015, 12:05:38 schrieb Tadeusz Struk:
Hi Tadeusz,
>+ */
>+void *mpi_get_buffer(MPI a, unsigned *nbytes, int *sign)
>+{
>+ uint8_t *buf, *p;
>+ int n, ret;
>+
>+ if (!nbytes)
>+ return NULL;
>+
>+ n = mpi_get_size(a);
Shouldn't n be
Am Donnerstag, 11. Juni 2015, 12:05:38 schrieb Tadeusz Struk:
Hi Tadeusz,
+ */
+void *mpi_get_buffer(MPI a, unsigned *nbytes, int *sign)
+{
+ uint8_t *buf, *p;
+ int n, ret;
+
+ if (!nbytes)
+ return NULL;
+
+ n = mpi_get_size(a);
Shouldn't n be unsigned
Am Thursday 11 June 2015, 12:05:44 schrieb Tadeusz Struk:
Hi Tadeusz,
>+
>+static int akcipher_clone_key(struct crypto_akcipher *tfm,
>+const struct public_key *pkey)
>+{
>+ int i, ret = 0;
>+
>+ tfm->pkey = kzalloc(sizeof(*tfm->pkey), GFP_KERNEL);
>+
>+
Am Thursday 11 June 2015, 15:59:29 schrieb Tadeusz Struk:
Hi Tadeusz,
>Hi Stephan,
>
>On 02/28/2015 11:50 AM, Stephan Mueller wrote:
>> +err = af_alg_wait_for_completion(ctx->enc ?
>> + crypt
Am Thursday 11 June 2015, 20:09:29 schrieb Sergey Senozhatsky:
Hi Sergey,
>Thanks.
>
>FWIW, here is my .config (Stephan has requested)
Thank you very much. But I think Herbert already found the issue: SHA needs to
be selected too (which I erroneously thought is implicitly selected with
HMAC).
Am Thursday 11 June 2015, 20:09:29 schrieb Sergey Senozhatsky:
Hi Sergey,
Thanks.
FWIW, here is my .config (Stephan has requested)
Thank you very much. But I think Herbert already found the issue: SHA needs to
be selected too (which I erroneously thought is implicitly selected with
HMAC).
Am Thursday 11 June 2015, 15:59:29 schrieb Tadeusz Struk:
Hi Tadeusz,
Hi Stephan,
On 02/28/2015 11:50 AM, Stephan Mueller wrote:
+err = af_alg_wait_for_completion(ctx-enc ?
+ crypto_aead_encrypt(ctx-aead_req
Am Thursday 11 June 2015, 12:05:44 schrieb Tadeusz Struk:
Hi Tadeusz,
+
+static int akcipher_clone_key(struct crypto_akcipher *tfm,
+const struct public_key *pkey)
+{
+ int i, ret = 0;
+
+ tfm-pkey = kzalloc(sizeof(*tfm-pkey), GFP_KERNEL);
+
+ if
Am Wednesday 10 June 2015, 22:27:48 schrieb Sergey Senozhatsky:
Hi Sergey,
>Be more verbose and also report ->backend_cra_name when
>crypto_alloc_shash() or crypto_alloc_cipher() fail in
>drbg_init_hash_kernel() or drbg_init_sym_kernel()
>correspondingly.
>
>Example
> DRBG: could not allocate
Am Wednesday 10 June 2015, 22:27:48 schrieb Sergey Senozhatsky:
Hi Sergey,
Be more verbose and also report -backend_cra_name when
crypto_alloc_shash() or crypto_alloc_cipher() fail in
drbg_init_hash_kernel() or drbg_init_sym_kernel()
correspondingly.
Example
DRBG: could not allocate digest TFM
old is set to the value
required by SP800-90A.
Signed-off-by: Stephan Mueller
---
crypto/drbg.c | 12 +++-
include/crypto/drbg.h | 1 +
2 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/crypto/drbg.c b/crypto/drbg.c
index c6cbf13..5fad297 100644
--- a/crypto/drbg.c
++
Am Dienstag, 9. Juni 2015, 23:26:05 schrieb Herbert Xu:
Hi Herbert,
> On Tue, Jun 09, 2015 at 05:22:32PM +0200, Stephan Mueller wrote:
> > Am Dienstag, 9. Juni 2015, 22:25:25 schrieb Herbert Xu:
> >
> > Hi Herbert,
> >
> > > Anyway, I'm happy to apply th
Am Dienstag, 9. Juni 2015, 22:25:25 schrieb Herbert Xu:
Hi Herbert,
>
> Anyway, I'm happy to apply this. However, the patch is corrupted
> so please resend it without the white-space damage/line wrapping.
As this patch would clash with the async seeding patch, shall I develop this
patch on
Am Dienstag, 9. Juni 2015, 18:19:41 schrieb Herbert Xu:
Hi Herbert,
first of all, thanks a lot for your help. I have tested the patch set.
...
> /*
> * DRBG instantiation function as required by SP800-90A - this function
> * sets up the DRBG handle, performs the initial seeding and all
Am Dienstag, 9. Juni 2015, 22:25:25 schrieb Herbert Xu:
Hi Herbert,
Anyway, I'm happy to apply this. However, the patch is corrupted
so please resend it without the white-space damage/line wrapping.
As this patch would clash with the async seeding patch, shall I develop this
patch on top
Am Dienstag, 9. Juni 2015, 23:26:05 schrieb Herbert Xu:
Hi Herbert,
On Tue, Jun 09, 2015 at 05:22:32PM +0200, Stephan Mueller wrote:
Am Dienstag, 9. Juni 2015, 22:25:25 schrieb Herbert Xu:
Hi Herbert,
Anyway, I'm happy to apply this. However, the patch is corrupted
so please
Am Dienstag, 9. Juni 2015, 18:19:41 schrieb Herbert Xu:
Hi Herbert,
first of all, thanks a lot for your help. I have tested the patch set.
...
/*
* DRBG instantiation function as required by SP800-90A - this function
* sets up the DRBG handle, performs the initial seeding and all
to the value
required by SP800-90A.
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
crypto/drbg.c | 12 +++-
include/crypto/drbg.h | 1 +
2 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/crypto/drbg.c b/crypto/drbg.c
index c6cbf13..5fad297 100644
--- a/crypto
rom the Makefile with GCC
pragmas to mark only the functions required to be compiled without
optimizations.
This patch also adds a comment describing the rationale for the
functions chosen to be compiled without optimizations.
Signed-off-by: Stephan Mueller
---
crypto/Makefile| 1 -
cry
Am Monday 08 June 2015, 16:51:24 schrieb Guenter Roeck:
Hi Guenter,
>
>Yes, that fixes the problem (after I also removed the associated #error from
>jitterentropy.c).
Thank you for the confirmation. The patch will come tonight on this issue as I
tested the cryptographic impact already.
Thanks
Am Monday 08 June 2015, 16:30:09 schrieb Guenter Roeck:
Hi Guenter,
>
>get_cycles is implemented as static inline which executes mfspr(SPR_TTCR).
>SPR_TTCR is a constant. Normally that information seems to be passed on,
>but not when get_cycles() is compiled through jitterentropy.
>
>Any idea
Am Monday 08 June 2015, 12:54:12 schrieb Guenter Roeck:
Hi Guenter,
Thanks for the note.
...
>
>---
>
>openrisc:defconfig:
>
>In file included from ./arch/openrisc/include/asm/timex.h:23:0,
> ...
> from crypto/jitterentropy.c:52:
>./arch/openrisc/include/asm/spr.h: In function
Am Monday 08 June 2015, 14:36:30 schrieb Peter Zijlstra:
Hi Peter,
>
>Would something like
>
>#pragma GCC push_options
>#pragma GCC optimize ("-O0")
>static __u64 jent_fold_time(struct rand_data *ec, __u64 time,
> __u64 *folded, __u64 loop_cnt)
>{
> ...
>}
>#pragma
Am Montag, 8. Juni 2015, 14:36:30 schrieb Peter Zijlstra:
Hi Peter,
> Adding Stephan to Cc.
>
> On Mon, 2015-06-08 at 20:25 +0800, Herbert Xu wrote:
> > On Mon, Jun 08, 2015 at 03:21:09PM +0300, Andy Shevchenko wrote:
> > > On Fri, May 29, 2015 at 10:14 PM, Jim Davis wrote:
> > > > Building
Am Monday 08 June 2015, 12:54:12 schrieb Guenter Roeck:
Hi Guenter,
Thanks for the note.
...
---
openrisc:defconfig:
In file included from ./arch/openrisc/include/asm/timex.h:23:0,
...
from crypto/jitterentropy.c:52:
./arch/openrisc/include/asm/spr.h: In function
Am Monday 08 June 2015, 16:30:09 schrieb Guenter Roeck:
Hi Guenter,
get_cycles is implemented as static inline which executes mfspr(SPR_TTCR).
SPR_TTCR is a constant. Normally that information seems to be passed on,
but not when get_cycles() is compiled through jitterentropy.
Any idea what
Am Monday 08 June 2015, 16:51:24 schrieb Guenter Roeck:
Hi Guenter,
Yes, that fixes the problem (after I also removed the associated #error from
jitterentropy.c).
Thank you for the confirmation. The patch will come tonight on this issue as I
tested the cryptographic impact already.
Thanks a
the Makefile with GCC
pragmas to mark only the functions required to be compiled without
optimizations.
This patch also adds a comment describing the rationale for the
functions chosen to be compiled without optimizations.
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
crypto/Makefile| 1
Am Montag, 8. Juni 2015, 14:36:30 schrieb Peter Zijlstra:
Hi Peter,
Adding Stephan to Cc.
On Mon, 2015-06-08 at 20:25 +0800, Herbert Xu wrote:
On Mon, Jun 08, 2015 at 03:21:09PM +0300, Andy Shevchenko wrote:
On Fri, May 29, 2015 at 10:14 PM, Jim Davis jim.ep...@gmail.com wrote:
Am Monday 08 June 2015, 14:36:30 schrieb Peter Zijlstra:
Hi Peter,
Would something like
#pragma GCC push_options
#pragma GCC optimize (-O0)
static __u64 jent_fold_time(struct rand_data *ec, __u64 time,
__u64 *folded, __u64 loop_cnt)
{
...
}
#pragma GCC
90A.
Signed-off-by: Stephan Mueller
---
crypto/drbg.c | 35 ++-
include/crypto/drbg.h | 1 +
2 files changed, 27 insertions(+), 9 deletions(-)
diff --git a/crypto/drbg.c b/crypto/drbg.c
index 3fed67e..0ea4d3c 100644
--- a/crypto/drbg.c
+++ b/crypto/drb
.
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
crypto/drbg.c | 35 ++-
include/crypto/drbg.h | 1 +
2 files changed, 27 insertions(+), 9 deletions(-)
diff --git a/crypto/drbg.c b/crypto/drbg.c
index 3fed67e..0ea4d3c 100644
--- a/crypto/drbg.c
: Theodore Ts'o
CC: Sandy Harris
Signed-off-by: Stephan Mueller
---
crypto/drbg.c | 112 -
drivers/char/random.c | 99 +++
include/crypto/drbg.h | 4 --
include/linux/random.h | 4 +-
4 files
Am Freitag, 5. Juni 2015, 13:28:06 schrieb Herbert Xu:
Hi Herbert,
>
> Steffen, I think we need to revisit the idea of having a list
> of callbacks.
Ok, I will reactivate my patch with the list.
>
> Cheers,
--
Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe
Am Freitag, 5. Juni 2015, 13:28:06 schrieb Herbert Xu:
Hi Herbert,
Steffen, I think we need to revisit the idea of having a list
of callbacks.
Ok, I will reactivate my patch with the list.
Cheers,
--
Ciao
Stephan
--
To unsubscribe from this list: send the line unsubscribe linux-kernel
andreas.stef...@strongswan.org
CC: Theodore Ts'o ty...@mit.edu
CC: Sandy Harris sandyinch...@gmail.com
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
crypto/drbg.c | 112 -
drivers/char/random.c | 99
Am Mittwoch, 3. Juni 2015, 15:44:24 schrieb Tadeusz Struk:
Hi Tadeusz,
> New test vectors for RSA algorithm.
>
> Signed-off-by: Tadeusz Struk
> ---
> crypto/testmgr.c | 151
> ++ crypto/testmgr.h |
> 86 +++
> 2
Am Donnerstag, 4. Juni 2015, 00:01:20 schrieb Masanari Iida:
Hi Masanari,
> This patch fix some spelling typo found in crypto-API.tmpl
>
> Signed-off-by: Masanari Iida
Acked-by: Stephan Mueller
--
Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscrib
Am Donnerstag, 4. Juni 2015, 00:01:21 schrieb Masanari Iida:
Hi Masanari,
> This patch fix some typos found in crypto-API.xml.
> It is because the file is generated from comments in sources,
> so I had to fix typo in sources.
>
> Signed-off-by: Masanari Iida
Acked-by:
Am Donnerstag, 4. Juni 2015, 00:01:20 schrieb Masanari Iida:
Hi Masanari,
This patch fix some spelling typo found in crypto-API.tmpl
Signed-off-by: Masanari Iida standby2...@gmail.com
Acked-by: Stephan Mueller smuel...@chronox.de
--
Ciao
Stephan
--
To unsubscribe from this list: send
Am Donnerstag, 4. Juni 2015, 00:01:21 schrieb Masanari Iida:
Hi Masanari,
This patch fix some typos found in crypto-API.xml.
It is because the file is generated from comments in sources,
so I had to fix typo in sources.
Signed-off-by: Masanari Iida standby2...@gmail.com
Acked-by: Stephan
Am Mittwoch, 3. Juni 2015, 15:44:24 schrieb Tadeusz Struk:
Hi Tadeusz,
New test vectors for RSA algorithm.
Signed-off-by: Tadeusz Struk tadeusz.st...@intel.com
---
crypto/testmgr.c | 151
++ crypto/testmgr.h |
86
Am Donnerstag, 28. Mai 2015, 21:40:49 schrieb Stephen Rothwell:
Hi Stephen,
>Hi Herbert,
>
>After merging the crypto tree, today's linux-next build (powerpc
>allyesconfig) failed like this:
>
>crypto/jitterentropy.c: In function 'jent_get_nstime':
>crypto/jitterentropy.c:135:5: error: implicit
Am Donnerstag, 28. Mai 2015, 21:40:49 schrieb Stephen Rothwell:
Hi Stephen,
Hi Herbert,
After merging the crypto tree, today's linux-next build (powerpc
allyesconfig) failed like this:
crypto/jitterentropy.c: In function 'jent_get_nstime':
crypto/jitterentropy.c:135:5: error: implicit
The added API calls provide a synchronous function call
get_blocking_random_bytes where the caller is blocked until
the nonblocking_pool is initialized.
CC: Andreas Steffen
CC: Theodore Ts'o
CC: Sandy Harris
Signed-off-by: Stephan Mueller
---
drivers/char/random.c | 12
include
in the kernel. The RNG only needs a high-resolution time
stamp.
Further design details, the cryptographic assessment and
large array of test results are documented at
http://www.chronox.de/jent.html.
CC: Andreas Steffen
CC: Theodore Ts'o
CC: Sandy Harris
Signed-off-by: Stephan Mueller
---
crypto/Kconfig
ble for the Jitter RNG (e.g. has a too coarse
timer).
[1] http://www.mail-archive.com/linux-crypto@vger.kernel.org/msg13891.html
[2] http://www.chronox.de/jent.html
Stephan Mueller (5):
random: Blocking API for accessing nonblocking_pool
crypto: drbg - prepare for async seeding
crypto: drbg -
-by: Stephan Mueller
---
crypto/drbg.c | 52 ---
include/crypto/drbg.h | 1 +
2 files changed, 46 insertions(+), 7 deletions(-)
diff --git a/crypto/drbg.c b/crypto/drbg.c
index aca8684..9284348 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
the actual seeding of the DRBG.
CC: Andreas Steffen
CC: Theodore Ts'o
CC: Sandy Harris
Signed-off-by: Stephan Mueller
---
crypto/drbg.c | 24
include/crypto/drbg.h | 2 ++
2 files changed, 26 insertions(+)
diff --git a/crypto/drbg.c b/crypto/drbg.c
index 36dfece
for the initial seeding operation as well as by the
asynchronous seeding call. The memory must be zeroized every time the
DRBG seeding call succeeds to avoid entropy data lingering in memory.
CC: Andreas Steffen
CC: Theodore Ts'o
CC: Sandy Harris
Signed-off-by: Stephan Mueller
---
crypto/drbg.c
...@gmail.com
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
crypto/drbg.c | 81 ++-
include/crypto/drbg.h | 2 ++
2 files changed, 56 insertions(+), 27 deletions(-)
diff --git a/crypto/drbg.c b/crypto/drbg.c
index 23d444e..36dfece
-by: Stephan Mueller smuel...@chronox.de
---
drivers/char/random.c | 12
include/linux/random.h | 1 +
2 files changed, 13 insertions(+)
diff --git a/drivers/char/random.c b/drivers/char/random.c
index 9cd6968..0bb7cb2 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -1245,6
...@gmail.com
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
crypto/Kconfig | 10 +
crypto/Makefile| 2 +
crypto/jitterentropy.c | 909 +
crypto/testmgr.c | 4 +
4 files changed, 925 insertions(+)
create mode 100644
is not suitable for the Jitter RNG (e.g. has a too coarse
timer).
[1] http://www.mail-archive.com/linux-crypto@vger.kernel.org/msg13891.html
[2] http://www.chronox.de/jent.html
Stephan Mueller (5):
random: Blocking API for accessing nonblocking_pool
crypto: drbg - prepare for async seeding
ty...@mit.edu
CC: Sandy Harris sandyinch...@gmail.com
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
crypto/drbg.c | 52 ---
include/crypto/drbg.h | 1 +
2 files changed, 46 insertions(+), 7 deletions(-)
diff --git a/crypto/drbg.c b
the actual seeding of the DRBG.
CC: Andreas Steffen andreas.stef...@strongswan.org
CC: Theodore Ts'o ty...@mit.edu
CC: Sandy Harris sandyinch...@gmail.com
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
crypto/drbg.c | 24
include/crypto/drbg.h | 2 ++
2 files
Am Donnerstag, 21. Mai 2015, 16:19:54 schrieb Herbert Xu:
Hi Herbert,
>On Thu, May 21, 2015 at 09:55:17AM +0200, Stephan Mueller wrote:
>> So, I will create a 2nd wait queue in random.c for uninterruptible waits,
>> change the get_blocking_random_bytes back to void and use wait_e
Am Donnerstag, 21. Mai 2015, 05:44:08 schrieb Herbert Xu:
Hi Herbert,
> On Wed, May 20, 2015 at 10:03:45PM +0200, Stephan Mueller wrote:
> >> @@ -1487,6 +1514,7 @@ unlock:
> > */
> >
> > static int drbg_uninstantiate(struct drbg_state *drbg)
> > {
>
Am Donnerstag, 21. Mai 2015, 14:36:18 schrieb Herbert Xu:
Hi Herbert,
>On Thu, May 21, 2015 at 08:10:13AM +0200, Stephan Mueller wrote:
>> The cancel operation is needed as otherwise my drbg context handle will be
>> removed by the crypto API during the sleep. That is the w
Am Donnerstag, 21. Mai 2015, 05:44:08 schrieb Herbert Xu:
Hi Herbert,
> On Wed, May 20, 2015 at 10:03:45PM +0200, Stephan Mueller wrote:
> >> @@ -1487,6 +1514,7 @@ unlock:
> > */
> >
> > static int drbg_uninstantiate(struct drbg_state *drbg)
> > {
>
Am Donnerstag, 21. Mai 2015, 05:44:08 schrieb Herbert Xu:
Hi Herbert,
On Wed, May 20, 2015 at 10:03:45PM +0200, Stephan Mueller wrote:
@@ -1487,6 +1514,7 @@ unlock:
*/
static int drbg_uninstantiate(struct drbg_state *drbg)
{
+ cancel_work_sync(drbg-seed_work
Am Donnerstag, 21. Mai 2015, 16:19:54 schrieb Herbert Xu:
Hi Herbert,
On Thu, May 21, 2015 at 09:55:17AM +0200, Stephan Mueller wrote:
So, I will create a 2nd wait queue in random.c for uninterruptible waits,
change the get_blocking_random_bytes back to void and use wait_event to
wait
Am Donnerstag, 21. Mai 2015, 05:44:08 schrieb Herbert Xu:
Hi Herbert,
On Wed, May 20, 2015 at 10:03:45PM +0200, Stephan Mueller wrote:
@@ -1487,6 +1514,7 @@ unlock:
*/
static int drbg_uninstantiate(struct drbg_state *drbg)
{
+ cancel_work_sync(drbg-seed_work
Am Donnerstag, 21. Mai 2015, 14:36:18 schrieb Herbert Xu:
Hi Herbert,
On Thu, May 21, 2015 at 08:10:13AM +0200, Stephan Mueller wrote:
The cancel operation is needed as otherwise my drbg context handle will be
removed by the crypto API during the sleep. That is the whole reason why
in the kernel. The RNG only needs a high-resolution time
stamp.
Further design details, the cryptographic assessment and
large array of test results are documented at
http://www.chronox.de/jent.html.
CC: Andreas Steffen
CC: Theodore Ts'o
CC: Sandy Harris
Signed-off-by: Stephan Mueller
---
crypto/Kconfig
The added API calls provide a synchronous function call
get_blocking_random_bytes where the caller is blocked until
the nonblocking_pool is initialized.
CC: Andreas Steffen
CC: Theodore Ts'o
CC: Sandy Harris
Signed-off-by: Stephan Mueller
---
drivers/char/random.c | 20
the actual seeding of the DRBG.
CC: Andreas Steffen
CC: Theodore Ts'o
CC: Sandy Harris
Signed-off-by: Stephan Mueller
---
crypto/drbg.c | 28
include/crypto/drbg.h | 2 ++
2 files changed, 30 insertions(+)
diff --git a/crypto/drbg.c b/crypto/drbg.c
index
ing init time of the Jitter RNG, the performed testing shows that the
underlying hardware is not suitable for the Jitter RNG (e.g. has a too coarse
timer).
[1] http://www.mail-archive.com/linux-crypto@vger.kernel.org/msg13891.html
[2] http://www.chronox.de/jent.html
Stephan Mueller (5):
ran
for the initial seeding operation as well as by the
asynchronous seeding call. The memory must be zeroized every time the
DRBG seeding call succeeds to avoid entropy data lingering in memory.
CC: Andreas Steffen
CC: Theodore Ts'o
CC: Sandy Harris
Signed-off-by: Stephan Mueller
---
crypto/drbg.c
-by: Stephan Mueller
---
crypto/drbg.c | 51 ---
include/crypto/drbg.h | 1 +
2 files changed, 45 insertions(+), 7 deletions(-)
diff --git a/crypto/drbg.c b/crypto/drbg.c
index 563e5e9..e9fd60d 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
Am Mittwoch, 20. Mai 2015, 21:44:46 schrieb Stephan Mueller:
Hi,
> +int get_blocking_random_bytes(void *buf, int nbytes)
> +{
> + int rc;
Sorry, I should be more carefully here: the rc should be initialized to 0 :-(
--
Ciao
Stephan
--
To unsubscribe from this list: send
in the kernel. The RNG only needs a high-resolution time
stamp.
Further design details, the cryptographic assessment and
large array of test results are documented at
http://www.chronox.de/jent.html.
CC: Andreas Steffen
CC: Theodore Ts'o
CC: Sandy Harris
Signed-off-by: Stephan Mueller
---
crypto/Kconfig
-by: Stephan Mueller
---
crypto/drbg.c | 51 ---
include/crypto/drbg.h | 1 +
2 files changed, 45 insertions(+), 7 deletions(-)
diff --git a/crypto/drbg.c b/crypto/drbg.c
index 4e54973..21d93ce 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
med testing shows that the
underlying hardware is not suitable for the Jitter RNG (e.g. has a too coarse
timer).
[1] http://www.mail-archive.com/linux-crypto@vger.kernel.org/msg13891.html
[2] http://www.chronox.de/jent.html
Stephan Mueller (5):
random: Blocking API for accessing nonblocking_p
the actual seeding of the DRBG.
CC: Andreas Steffen
CC: Theodore Ts'o
CC: Sandy Harris
Signed-off-by: Stephan Mueller
---
crypto/drbg.c | 28
include/crypto/drbg.h | 2 ++
2 files changed, 30 insertions(+)
diff --git a/crypto/drbg.c b/crypto/drbg.c
index
The added API calls provide a synchronous function call
get_blocking_random_bytes where the caller is blocked until
the nonblocking_pool is initialized.
CC: Andreas Steffen
CC: Theodore Ts'o
CC: Sandy Harris
Signed-off-by: Stephan Mueller
---
drivers/char/random.c | 20
for the initial seeding operation as well as by the
asynchronous seeding call. The memory must be zeroized every time the
DRBG seeding call succeeds to avoid entropy data lingering in memory.
CC: Andreas Steffen
CC: Theodore Ts'o
CC: Sandy Harris
Signed-off-by: Stephan Mueller
---
crypto/drbg.c
Am Mittwoch, 20. Mai 2015, 20:49:45 schrieb Stephan Mueller:
Hi Herbert,
> > This is just a convoluted way of doing an uninterruptible sleep.
> > Either make it uninterruptible or allow the function to return
> > an error.
>
> Sorry, I overlooked the availability of w
Am Donnerstag, 21. Mai 2015, 02:45:35 schrieb Herbert Xu:
Hi Herbert,
> On Wed, May 20, 2015 at 07:44:39PM +0200, Stephan Mueller wrote:
> > + if (unlikely(nonblocking_pool.initialized == 0)) {
> > + do {
> > + rc = wait_event_interrupti
for the initial seeding operation as well as by the
asynchronous seeding call. The memory must be zeroized every time the
DRBG seeding call succeeds to avoid entropy data lingering in memory.
CC: Andreas Steffen
CC: Theodore Ts'o
CC: Sandy Harris
Signed-off-by: Stephan Mueller
---
crypto/drbg.c
The added API calls provide a synchronous function call
get_blocking_random_bytes where the caller is blocked until
the nonblocking_pool is initialized.
CC: Andreas Steffen
CC: Theodore Ts'o
CC: Sandy Harris
Signed-off-by: Stephan Mueller
---
drivers/char/random.c | 18
-by: Stephan Mueller
---
crypto/drbg.c | 52 ---
include/crypto/drbg.h | 1 +
2 files changed, 46 insertions(+), 7 deletions(-)
diff --git a/crypto/drbg.c b/crypto/drbg.c
index aca8684..9284348 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
Hi,
as of now, the DRBG is only seeded from get_random_bytes. In various
circumstances, the nonblocking_pool behind get_random_bytes may not be fully
seeded from hardware events at the time the DRBG requires to be seeded.
Based on the discussion in [1], the DRBG seeding is updated such that it
in the kernel. The RNG only needs a high-resolution time
stamp.
Further design details, the cryptographic assessment and
large array of test results are documented at
http://www.chronox.de/jent.html.
CC: Andreas Steffen
CC: Theodore Ts'o
CC: Sandy Harris
Signed-off-by: Stephan Mueller
---
crypto/Kconfig
the actual seeding of the DRBG.
CC: Andreas Steffen
CC: Theodore Ts'o
CC: Sandy Harris
Signed-off-by: Stephan Mueller
---
crypto/drbg.c | 24
include/crypto/drbg.h | 2 ++
2 files changed, 26 insertions(+)
diff --git a/crypto/drbg.c b/crypto/drbg.c
index 36dfece
Am Mittwoch, 20. Mai 2015, 11:06:42 schrieb Theodore Ts'o:
Hi Theodore,
As a side note to this discussion, may I ask why entropy_total is used for
checking against the threshold value and not entropy_count?
The reason for my question is the following: until a DRNG (in the worst case,
Am Dienstag, 19. Mai 2015, 18:40:20 schrieb Sandy Harris:
Hi Sandy,
>
>When we do do it, I see no reason to support anything other than 128
>and 256, and I am not sure about retaining 128. Nor do I see any
>reason this should be a command-line option rather than just a
>compile-time constant.
I
Am Mittwoch, 20. Mai 2015, 06:55:33 schrieb Herbert Xu:
Hi Herbert,
>
>You still need to handle the case where wait_event_interruptible
>returns an error. Otherwise this looks fine.
Thank you. I would suggest to add a while loop around the call that sets up
the wait if it terminated with
Am Mittwoch, 20. Mai 2015, 06:55:33 schrieb Herbert Xu:
Hi Herbert,
You still need to handle the case where wait_event_interruptible
returns an error. Otherwise this looks fine.
Thank you. I would suggest to add a while loop around the call that sets up
the wait if it terminated with
Am Dienstag, 19. Mai 2015, 18:40:20 schrieb Sandy Harris:
Hi Sandy,
When we do do it, I see no reason to support anything other than 128
and 256, and I am not sure about retaining 128. Nor do I see any
reason this should be a command-line option rather than just a
compile-time constant.
I would
Am Mittwoch, 20. Mai 2015, 11:06:42 schrieb Theodore Ts'o:
Hi Theodore,
As a side note to this discussion, may I ask why entropy_total is used for
checking against the threshold value and not entropy_count?
The reason for my question is the following: until a DRNG (in the worst case,
the actual seeding of the DRBG.
CC: Andreas Steffen andreas.stef...@strongswan.org
CC: Theodore Ts'o ty...@mit.edu
CC: Sandy Harris sandyinch...@gmail.com
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
crypto/drbg.c | 28
include/crypto/drbg.h | 2 ++
2
/in vmlinuz
or during init time of the Jitter RNG, the performed testing shows that the
underlying hardware is not suitable for the Jitter RNG (e.g. has a too coarse
timer).
[1] http://www.mail-archive.com/linux-crypto@vger.kernel.org/msg13891.html
[2] http://www.chronox.de/jent.html
Stephan
...@gmail.com
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
crypto/Kconfig | 10 +
crypto/Makefile| 2 +
crypto/jitterentropy.c | 909 +
crypto/testmgr.c | 4 +
4 files changed, 925 insertions(+)
create mode 100644
-by: Stephan Mueller smuel...@chronox.de
---
drivers/char/random.c | 20
include/linux/random.h | 1 +
2 files changed, 21 insertions(+)
diff --git a/drivers/char/random.c b/drivers/char/random.c
index 9cd6968..9815a26 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
ty...@mit.edu
CC: Sandy Harris sandyinch...@gmail.com
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
crypto/drbg.c | 51 ---
include/crypto/drbg.h | 1 +
2 files changed, 45 insertions(+), 7 deletions(-)
diff --git a/crypto/drbg.c b
601 - 700 of 1820 matches
Mail list logo