Re: [PATCH 5/7] random: replace non-blocking pool with a Chacha20-based CRNG

On Sun, Jun 26, 2016 at 08:47:43PM +0200, Pavel Machek wrote: > Ok, so lets say I'm writing some TLS server, and I know that traffic > is currently heavy because it was heavy in last 5 minutes. Would it > make sense for me to request 128M of randomness from /dev/urandom, and > then use that

Re: [PATCH 5/7] random: replace non-blocking pool with a Chacha20-based CRNG

On Sun, Jun 26, 2016 at 08:47:43PM +0200, Pavel Machek wrote: > Ok, so lets say I'm writing some TLS server, and I know that traffic > is currently heavy because it was heavy in last 5 minutes. Would it > make sense for me to request 128M of randomness from /dev/urandom, and > then use that

Re: [PATCH 5/7] random: replace non-blocking pool with a Chacha20-based CRNG

Am Sonntag, 26. Juni 2016, 20:47:43 schrieb Pavel Machek: Hi Pavel, > Hi! > > > Yes, I understand the argument that the networking stack is now > > requiring the crypto layer --- but not all IOT devices may necessarily > > require the IP stack (they might be using some alternate wireless > >

Re: [PATCH 5/7] random: replace non-blocking pool with a Chacha20-based CRNG

Am Sonntag, 26. Juni 2016, 20:47:43 schrieb Pavel Machek: Hi Pavel, > Hi! > > > Yes, I understand the argument that the networking stack is now > > requiring the crypto layer --- but not all IOT devices may necessarily > > require the IP stack (they might be using some alternate wireless > >

Re: [PATCH 5/7] random: replace non-blocking pool with a Chacha20-based CRNG

Hi! > Yes, I understand the argument that the networking stack is now > requiring the crypto layer --- but not all IOT devices may necessarily > require the IP stack (they might be using some alternate wireless > communications stack) and I'd much rather not make things worse. > > > The final

Re: [PATCH 5/7] random: replace non-blocking pool with a Chacha20-based CRNG

Hi! > Yes, I understand the argument that the networking stack is now > requiring the crypto layer --- but not all IOT devices may necessarily > require the IP stack (they might be using some alternate wireless > communications stack) and I'd much rather not make things worse. > > > The final

Re: [PATCH 5/7] random: replace non-blocking pool with a Chacha20-based CRNG

On Mon, Jun 20, 2016 at 05:49:17PM +0200, Stephan Mueller wrote: > > Is speed everything we should care about? What about: > > - offloading of crypto operation from the CPU In practice CPU offland is not helpful, and in fact, in most cases is harmful, when one is only encrypting a tiny amount

Re: [PATCH 5/7] random: replace non-blocking pool with a Chacha20-based CRNG

On Mon, Jun 20, 2016 at 05:49:17PM +0200, Stephan Mueller wrote: > > Is speed everything we should care about? What about: > > - offloading of crypto operation from the CPU In practice CPU offland is not helpful, and in fact, in most cases is harmful, when one is only encrypting a tiny amount

Re: [PATCH 5/7] random: replace non-blocking pool with a Chacha20-based CRNG

On 06/20/16 08:49, Stephan Mueller wrote: > Am Montag, 20. Juni 2016, 11:01:47 schrieb Theodore Ts'o: > > Hi Theodore, > >> >> So simply doing chacha20 encryption in a tight loop in the kernel >> might not be a good proxy for what would actually happen in real life >> when someone calls

Re: [PATCH 5/7] random: replace non-blocking pool with a Chacha20-based CRNG

On 06/20/16 08:49, Stephan Mueller wrote: > Am Montag, 20. Juni 2016, 11:01:47 schrieb Theodore Ts'o: > > Hi Theodore, > >> >> So simply doing chacha20 encryption in a tight loop in the kernel >> might not be a good proxy for what would actually happen in real life >> when someone calls

Re: [PATCH 5/7] random: replace non-blocking pool with a Chacha20-based CRNG

Am Montag, 20. Juni 2016, 11:01:47 schrieb Theodore Ts'o: Hi Theodore, > > So simply doing chacha20 encryption in a tight loop in the kernel > might not be a good proxy for what would actually happen in real life > when someone calls getrandom(2). (Another good question to ask is > when

Re: [PATCH 5/7] random: replace non-blocking pool with a Chacha20-based CRNG

Am Montag, 20. Juni 2016, 11:01:47 schrieb Theodore Ts'o: Hi Theodore, > > So simply doing chacha20 encryption in a tight loop in the kernel > might not be a good proxy for what would actually happen in real life > when someone calls getrandom(2). (Another good question to ask is > when

Re: [PATCH 5/7] random: replace non-blocking pool with a Chacha20-based CRNG

On Mon, Jun 20, 2016 at 01:19:17PM +0800, Herbert Xu wrote: > On Mon, Jun 20, 2016 at 01:02:03AM -0400, Theodore Ts'o wrote: > > > > It's work that I'm not convinced is worth the gain? Perhaps I > > shouldn't have buried the lede, but repeating a paragraph from later > > in the message: > > > >

Re: [PATCH 5/7] random: replace non-blocking pool with a Chacha20-based CRNG

On Mon, Jun 20, 2016 at 01:19:17PM +0800, Herbert Xu wrote: > On Mon, Jun 20, 2016 at 01:02:03AM -0400, Theodore Ts'o wrote: > > > > It's work that I'm not convinced is worth the gain? Perhaps I > > shouldn't have buried the lede, but repeating a paragraph from later > > in the message: > > > >

Re: [PATCH 5/7] random: replace non-blocking pool with a Chacha20-based CRNG

On Mon, Jun 20, 2016 at 01:02:03AM -0400, Theodore Ts'o wrote: > > It's work that I'm not convinced is worth the gain? Perhaps I > shouldn't have buried the lede, but repeating a paragraph from later > in the message: > >So even if the AVX optimized is 100% faster than the generic version,

Re: [PATCH 5/7] random: replace non-blocking pool with a Chacha20-based CRNG

On Mon, Jun 20, 2016 at 01:02:03AM -0400, Theodore Ts'o wrote: > > It's work that I'm not convinced is worth the gain? Perhaps I > shouldn't have buried the lede, but repeating a paragraph from later > in the message: > >So even if the AVX optimized is 100% faster than the generic version,

Re: [PATCH 5/7] random: replace non-blocking pool with a Chacha20-based CRNG

On Mon, Jun 20, 2016 at 09:25:28AM +0800, Herbert Xu wrote: > > Yes, I understand the argument that the networking stack is now > > requiring the crypto layer --- but not all IOT devices may necessarily > > require the IP stack (they might be using some alternate wireless > > communications stack)

Re: [PATCH 5/7] random: replace non-blocking pool with a Chacha20-based CRNG

On Mon, Jun 20, 2016 at 09:25:28AM +0800, Herbert Xu wrote: > > Yes, I understand the argument that the networking stack is now > > requiring the crypto layer --- but not all IOT devices may necessarily > > require the IP stack (they might be using some alternate wireless > > communications stack)

Re: [PATCH 5/7] random: replace non-blocking pool with a Chacha20-based CRNG

On Sun, Jun 19, 2016 at 07:18:28PM -0400, Theodore Ts'o wrote: > > C) Simply compiling in the Crypto layer and the ChaCha20 generic > handling (all of which is doing extra work which we would then be > undoing in the random layer --- and I haven't included the extra code > in the random driver

Re: [PATCH 5/7] random: replace non-blocking pool with a Chacha20-based CRNG

On Sun, Jun 19, 2016 at 07:18:28PM -0400, Theodore Ts'o wrote: > > C) Simply compiling in the Crypto layer and the ChaCha20 generic > handling (all of which is doing extra work which we would then be > undoing in the random layer --- and I haven't included the extra code > in the random driver

Re: [PATCH 5/7] random: replace non-blocking pool with a Chacha20-based CRNG

On Wed, Jun 15, 2016 at 10:59:08PM +0800, Herbert Xu wrote: > I think you should be accessing this through the crypto API rather > than going direct. We already have at least one accelerated > implementation of chacha20 and there may well be more of them > in future. Going through the crypto API

Re: [PATCH 5/7] random: replace non-blocking pool with a Chacha20-based CRNG

On Wed, Jun 15, 2016 at 10:59:08PM +0800, Herbert Xu wrote: > I think you should be accessing this through the crypto API rather > than going direct. We already have at least one accelerated > implementation of chacha20 and there may well be more of them > in future. Going through the crypto API

Re: [PATCH 5/7] random: replace non-blocking pool with a Chacha20-based CRNG

On Mon, Jun 13, 2016 at 11:48:37AM -0400, Theodore Ts'o wrote: > The CRNG is faster, and we don't pretend to track entropy usage in the > CRNG any more. > > Signed-off-by: Theodore Ts'o > --- > crypto/chacha20_generic.c | 61 > drivers/char/random.c | 374 >

Re: [PATCH 5/7] random: replace non-blocking pool with a Chacha20-based CRNG

On Mon, Jun 13, 2016 at 11:48:37AM -0400, Theodore Ts'o wrote: > The CRNG is faster, and we don't pretend to track entropy usage in the > CRNG any more. > > Signed-off-by: Theodore Ts'o > --- > crypto/chacha20_generic.c | 61 > drivers/char/random.c | 374 >

Re: [PATCH 5/7] random: replace non-blocking pool with a Chacha20-based CRNG

On Mon, Jun 13, 2016 at 08:00:33PM +0200, Stephan Mueller wrote: > > 1. The ChaCha20 is seeded with 256 bits (let us assume it is full entropy) > > 2. The ChaCha20 block operation shuffles the 256 bits of entropy over the 512 > bit state -- already here we see that after shuffling, the entropy

Re: [PATCH 5/7] random: replace non-blocking pool with a Chacha20-based CRNG

On Mon, Jun 13, 2016 at 08:00:33PM +0200, Stephan Mueller wrote: > > 1. The ChaCha20 is seeded with 256 bits (let us assume it is full entropy) > > 2. The ChaCha20 block operation shuffles the 256 bits of entropy over the 512 > bit state -- already here we see that after shuffling, the entropy

Re: [PATCH 5/7] random: replace non-blocking pool with a Chacha20-based CRNG

Am Montag, 13. Juni 2016, 11:48:37 schrieb Theodore Ts'o: Hi Theodore, > /* > @@ -1254,15 +1423,26 @@ static ssize_t extract_entropy_user(struct > entropy_store *r, void __user *buf, */ > void get_random_bytes(void *buf, int nbytes) > { > + __u8 tmp[CHACHA20_BLOCK_SIZE]; > + > #if

Re: [PATCH 5/7] random: replace non-blocking pool with a Chacha20-based CRNG

Am Montag, 13. Juni 2016, 11:48:37 schrieb Theodore Ts'o: Hi Theodore, > /* > @@ -1254,15 +1423,26 @@ static ssize_t extract_entropy_user(struct > entropy_store *r, void __user *buf, */ > void get_random_bytes(void *buf, int nbytes) > { > + __u8 tmp[CHACHA20_BLOCK_SIZE]; > + > #if

[PATCH 5/7] random: replace non-blocking pool with a Chacha20-based CRNG

The CRNG is faster, and we don't pretend to track entropy usage in the CRNG any more. Signed-off-by: Theodore Ts'o --- crypto/chacha20_generic.c | 61 drivers/char/random.c | 374 +- include/crypto/chacha20.h | 1 +

[PATCH 5/7] random: replace non-blocking pool with a Chacha20-based CRNG

The CRNG is faster, and we don't pretend to track entropy usage in the CRNG any more. Signed-off-by: Theodore Ts'o --- crypto/chacha20_generic.c | 61 drivers/char/random.c | 374 +- include/crypto/chacha20.h | 1 + lib/Makefile