Received: by 2002:a25:d7c1:0:0:0:0:0 with SMTP id o184csp892949ybg; Fri, 18 Oct 2019 08:54:42 -0700 (PDT) X-Google-Smtp-Source: APXvYqzYBqU9zoxq/jcZjZUfaqdKZqWrRlGrGYN/q4c19XcHX8i4OiJIs7ZhHmLo6Ic76dR1epwv X-Received: by 2002:a17:906:3949:: with SMTP id g9mr7309641eje.171.1571414082653; Fri, 18 Oct 2019 08:54:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1571414082; cv=none; d=google.com; s=arc-20160816; b=0bewY4fNq4LNhyU77MyavuZ17djD1I5Ap/EVTCftFoN1ZbOxWT9d5zWvPAYPXsfqH8 wCG93zpuGXidbSXrGyJzLPbDkc+B/JQ4cfQwu81POEy2FPeFCQ1vpMAje8JKTj6O8eX0 lf7YpI4Ls1XMGXgguurScJoyrTaXZQs9IsA/fr3OecgeX1FpiDs0vQm3Zt6MSwJp6Yrj zxe6MmpcsQaLen23HfsgtieUmeFPM3qqBUW/q8Yq4PHW67ptHb8vrfHa9fW8gZ7RHSxk xp+c0+zTaw72hrfjGMWxgAj/kR70abZEfULTzmdM48IUcjsH4m67jpI2ZQVPDz6V/lJT kY0A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=QrLNGivHk+MX8xmqPNs4VJfLnymqhdD216JwoEaih2o=; b=QyBR9KEvoFt5IclbIsbaZQ3onzA97ihZGMiXcOt3azd2iquaF4YXS2ndOclk1n573w z1hhhp+Zsdq6HbVGVmxGZs/rF9Ad+MuGGvZEcwV350YQJiDcCoAjhQZMjvPQ0ywvoMFw lSnVTfQkn6XAPvmzQlRGeqKGN7l4FJJscsG0Cf6UD4+DkmqC8SQLZJ4colXb+U2Umx4q ppng7DAiFgSURwsdIA9fbvELrbQuW8ofzdVd18jRjKJ+HO2wCna2c2tdgBomQob8c0n1 ux2DrdNQ05bOUzrQDNNlOdgsTv+jCLLbJgG2B7keS3qWy5Uv88SKaIBBPGUnKmBBitgN 45pA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=pxijlpnJ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id ym1si3600498ejb.263.2019.10.18.08.54.20; Fri, 18 Oct 2019 08:54:42 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=pxijlpnJ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2390560AbfJQMwa (ORCPT + 99 others); Thu, 17 Oct 2019 08:52:30 -0400 Received: from mail-lj1-f194.google.com ([209.85.208.194]:35746 "EHLO mail-lj1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732434AbfJQMwa (ORCPT ); Thu, 17 Oct 2019 08:52:30 -0400 Received: by mail-lj1-f194.google.com with SMTP id m7so2447136lji.2 for ; Thu, 17 Oct 2019 05:52:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=QrLNGivHk+MX8xmqPNs4VJfLnymqhdD216JwoEaih2o=; b=pxijlpnJvH+0Meiyj9IJb82BApkYa5Amf8UD++PDk2Vmv6edkmCzoFFXCRLntxyrC1 mLkWZCG6OSWH+5i+vHjTerMGjh9sWPTJes3VNAUhsCvYuQnTCdR4Tg7ba2ic4lRik6KE JG2/FQ276AuTq9GpU+msGysKBTdy0rzz/xr4IuUdwM/l5r5qC8kKsIfyn2meaOzRInGT o5ksIUdYOzr8rmUJLsCOb/VBis8RXjC35uW1/4glW/GT3AVSC4oswPriEz6NnvJNAVm/ zsW1cnRSp0R4crrk2JCd+r+mabjMCA2aBmK670MduETPO6SboZEEuq/rHegWThVf6NzS nS6Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=QrLNGivHk+MX8xmqPNs4VJfLnymqhdD216JwoEaih2o=; b=F3KEeuJJJd+2CyW1GcXu86aglEanKmDrckjBErrlfZzvP563OCsmyy2xJoVyR+l13O Pwu/mudiFtyh6hZ6vjxz59ZgMYXK3GHigJVvfebu8w8B3bpzwe7H4WtcxODRq5neMOz6 K2JLfJspDqztCX+WsRSUjmDqxBaeUbxC8dy4LcbIPI1jOL6U/Iu28pDdc9eO5XFyEzgX CIfmeMvLz58BON7KUcFLqI/Z/atDqJlXuHy4zdOmmylcpRsOzjdxaMsFPHVsFzsxGRQ3 lxeBAUk6bD2nLXSz1YJox0VYk6ygrSW4MK6Sn9K0X6AqJyq3fLY/46e2zep5wQQcDkDH nTVg== X-Gm-Message-State: APjAAAUwtVnUJbMmMfppCol1mg1XjuAE6KZscEJm3IdacOjSdeAwDpJY NtYmQHnRwpluJFx1ZT+tVm1dm6MFpIPWjdg5EF5o+L+7shU= X-Received: by 2002:a2e:1214:: with SMTP id t20mr2401231lje.191.1571316748450; Thu, 17 Oct 2019 05:52:28 -0700 (PDT) MIME-Version: 1.0 References: <20191007000520.GA17116@linux.intel.com> <59b88042-9c56-c891-f75e-7c0719eb5ff9@linux.ibm.com> <20191008234935.GA13926@linux.intel.com> <20191008235339.GB13926@linux.intel.com> <20191014190033.GA15552@linux.intel.com> <1571081397.3728.9.camel@HansenPartnership.com> <20191016110031.GE10184@linux.intel.com> <1571229252.3477.7.camel@HansenPartnership.com> <20191016162543.GB6279@linux.intel.com> <1571253029.17520.5.camel@HansenPartnership.com> In-Reply-To: <1571253029.17520.5.camel@HansenPartnership.com> From: Sumit Garg Date: Thu, 17 Oct 2019 18:22:17 +0530 Message-ID: Subject: Re: [PATCH] KEYS: asym_tpm: Switch to get_random_bytes() To: James Bottomley Cc: Jarkko Sakkinen , "Safford, David (GE Global Research, US)" , Ken Goldman , Mimi Zohar , "linux-integrity@vger.kernel.org" , "stable@vger.kernel.org" , "open list:ASYMMETRIC KEYS" , "open list:CRYPTO API" , open list Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 17 Oct 2019 at 00:40, James Bottomley wrote: > > On Wed, 2019-10-16 at 19:25 +0300, Jarkko Sakkinen wrote: > > On Wed, Oct 16, 2019 at 08:34:12AM -0400, James Bottomley wrote: > > > reversible ciphers are generally frowned upon in random number > > > generation, that's why the krng uses chacha20. In general I think > > > we shouldn't try to code our own mixing and instead should get the > > > krng to do it for us using whatever the algorithm du jour that the > > > crypto guys have blessed is. That's why I proposed adding the TPM > > > output to the krng as entropy input and then taking the output of > > > the krng. > > > > It is already registered as hwrng. What else? > > It only contributes entropy once at start of OS. > Why not just configure quality parameter of TPM hwrng as follows? It would automatically initiate a kthread during hwrng_init() to feed entropy from TPM to kernel random numbers pool (see: drivers/char/hw_random/core.c +142). diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c index 3d6d394..fcc3817 100644 --- a/drivers/char/tpm/tpm-chip.c +++ b/drivers/char/tpm/tpm-chip.c @@ -548,6 +548,7 @@ static int tpm_add_hwrng(struct tpm_chip *chip) "tpm-rng-%d", chip->dev_num); chip->hwrng.name = chip->hwrng_name; chip->hwrng.read = tpm_hwrng_read; + chip->hwrng.quality = 1024; /* Here we assume TPM provides full entropy */ return hwrng_register(&chip->hwrng); } > > Was the issue that it is only used as seed when the rng is init'd > > first? I haven't at this point gone to the internals of krng. > > Basically it was similar to your xor patch except I got the kernel rng > to do the mixing, so it would use the chacha20 cipher at the moment > until they decide that's unsafe and change it to something else: > > https://lore.kernel.org/linux-crypto/1570227068.17537.4.camel@HansenPartnership.com/ > > It uses add_hwgenerator_randomness() to do the mixing. It also has an > unmixed source so that read of the TPM hwrng device works as expected. Above suggestion is something similar to yours but utilizing the framework already provided via hwrng core. -Sumit > > James > > > > >