Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp1951147pxb;
        Sat, 27 Feb 2021 05:47:33 -0800 (PST)
X-Google-Smtp-Source: ABdhPJyqJrJ4x0voNGC/PVgPJd4sPyVf86apHDAeZifU6T45NOJmWeKH2AccXpawqns9NYlYkBNw
X-Received: by 2002:a17:906:1956:: with SMTP id b22mr8322168eje.114.1614433653060;
        Sat, 27 Feb 2021 05:47:33 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1614433653; cv=pass;
        d=google.com; s=arc-20160816;
        b=qBA5GVkdlz9rsLleJ4JTA773tPV5wz7Q+/oov2ZsApjR7MjrwJDSzA0HMFNyL2DyTB
         GNxKaLBw2gZkxnE1N14mJuR0LeM081SDkVaSKEhdcmQhh5gwib/bhacEop/SVelVZAdo
         zXE8rBYsWYipe814GajxDFcVWqqanYY1SQXcEYNXsvmcmLTO0VHrFWUZ61cLCIhq9YOI
         CFy4SK93NuIyjfV74lQZoFwbGWK5ZvEgu3kgKhjO+kkGWHxVG/EjEuB/nfof/fMjjjjF
         DVwfiI//UCVhuUWkG3xYP24KPuqr3wroJG18nffPtQcTOiYeADjoeu/adtXiBgh0x8WY
         qvzg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=b8sfDBqSnkZHoiufSw43chO/nt5WUqIX0MZ3P9r+dbQ=;
        b=TY/B+Z7Ah2P1+9iLjMgiUdI41+fIl8moV6uN27fTJ7cKtWS29W1iM8e2L89ks4llqe
         AQ8QsDUv0Byej/trmVDReagnIb14E7BwwsAPOeFs7w7MzjQANOEZURTlS0/H+MwkOVgT
         xvzXmq1tssXmju4Ep7Vz3NTH3p00SzJ4kT5AF79Pg97/zTKk6c24gcfAlB4WnatHenBa
         sySLVzqevmxCq0qgmQ+pIOEtwwqfStqQwXAEUt9coxWHeg6HNKiiMTbwqvav7XFiibyH
         L+ronT/6ZARtpE4dAsBuj8M1fUT+TNCS0AXAVLhX7A0kZ/mzgZxGv7GTOFXWi7iLzBDi
         7xWw==
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@chronox.de header.s=strato-dkim-0002 header.b=TvvOTvKj;
       arc=pass (i=1);
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id r20si7749158ejd.746.2021.02.27.05.47.10;
        Sat, 27 Feb 2021 05:47:33 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@chronox.de header.s=strato-dkim-0002 header.b=TvvOTvKj;
       arc=pass (i=1);
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230142AbhB0Npe (ORCPT <rfc822;luigi.mantellini.ml@gmail.com>
        + 99 others); Sat, 27 Feb 2021 08:45:34 -0500
Received: from mo4-p03-ob.smtp.rzone.de ([85.215.255.104]:11186 "EHLO
        mo4-p03-ob.smtp.rzone.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230084AbhB0Npa (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 27 Feb 2021 08:45:30 -0500
ARC-Seal: i=1; a=rsa-sha256; t=1614433248; cv=none;
    d=strato.com; s=strato-dkim-0002;
    b=odp551fBs8CLRdBFi9fIp7+rSPAdM6ATyq2cIQniTzgu+ACAmvR1hXwpEAQIpaxV03
    IVPax2KkAs4DaofP0lRjgwPdxkEvpITG86BVidgBjLrupw/R0ojBCgU4Ta7QwVhSSW4F
    dGZTB6mvwYW01/2SEU4OfEJFI/VTA9ko2p5XDrDeNq2rv/WSpUzc3B3j0KQn6yMt8KTy
    fYoOCaKRdJADKQT9c1SvfG62Ae0ysp7r6ta6N6JbPfI9ciZkgLK2rdsK9/I1X5VrNuWs
    Par3gfGj1jr6TYNAVZJJqEsTt89qM8YltKJuAZ7VxdXiHmmEtDPBfSZQCE3vV8KOrQwK
    P4Vw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; t=1614433248;
    s=strato-dkim-0002; d=strato.com;
    h=References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Cc:Date:
    From:Subject:Sender;
    bh=b8sfDBqSnkZHoiufSw43chO/nt5WUqIX0MZ3P9r+dbQ=;
    b=LGUsnHzeKjQjt20oFLRXeEX3RNkVD6aNGZXmVwZ5YrxB+xfOQMmUQ0F5WvQ6iPJu+k
    YW487gwoG7xvwSz5c1xNIsAINqTfyF0jEl9kUHqeUDcBq7rH8/n9J2sdcrgdXybOJ7xa
    JKoiMcvzsvV3TnlO6UHfJXdQjineh3Vt1Y03qE0DvYgt1SeoIR+yQo0WG/gzcTpZ/G2h
    FPVR0JnQgZ8iKsCywZiCD1iSaJFFoxXIP40t7CKMYiLx6UqDcwX+Z0t5988Ip33XM36K
    mlXW2n5CYCB8sQczZKXg/RoYDHTcYqhIeBGM6UUW6R/8nQr9kfOJQenXi39eQzarfzJZ
    Izgw==
ARC-Authentication-Results: i=1; strato.com;
    dkim=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1614433248;
    s=strato-dkim-0002; d=chronox.de;
    h=References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Cc:Date:
    From:Subject:Sender;
    bh=b8sfDBqSnkZHoiufSw43chO/nt5WUqIX0MZ3P9r+dbQ=;
    b=TvvOTvKjtsMkpIRraFKMNvusBU6CPNko70AU5tcDjU8Ag11cDwHo7o+ClnUM7S7iCJ
    xcYydVHc48xFvSlEg4gRQ+DY6ZFrPc5LU/rDl5jo3fHH3/PolHZ5UajnOPxyfdSvgZpe
    Ptq45mJPijWqpJo8XnlxIjBGKpHGg+r2oeaSLzd3AUYdFZNOGla9tlmCCx/kK5EEN7CT
    Go+oKB19iF/DhejNox7uk/Xnm3HV84XLdgP/37WASVsdVVz2yXPC+5MPFXAWyypnQGvd
    zjQ6vywmNCU7BnzRLd4wxJQYb/0LCx04aMnGJ5SDU21pG+C7iRTLGwjkg6xiVhCoBt8C
    wnyw==
Authentication-Results: strato.com;
    dkim=none
X-RZG-AUTH: ":P2ERcEykfu11Y98lp/T7+hdri+uKZK8TKWEqNyiHySGSa9k9xmwdNnzGHXPZIfSc8k+7"
X-RZG-CLASS-ID: mo00
Received: from positron.chronox.de
    by smtp.strato.de (RZmta 47.19.0 DYNA|AUTH)
    with ESMTPSA id 608030x1RDelUDA
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits))
        (Client did not present a certificate);
    Sat, 27 Feb 2021 14:40:47 +0100 (CET)
From:   Stephan =?ISO-8859-1?Q?M=FCller?= <smueller@chronox.de>
To:     Tso Ted <tytso@mit.edu>, linux-crypto@vger.kernel.org
Cc:     Willy Tarreau <w@1wt.eu>, Nicolai Stange <nstange@suse.de>,
        LKML <linux-kernel@vger.kernel.org>,
        Arnd Bergmann <arnd@arndb.de>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        "Eric W. Biederman" <ebiederm@xmission.com>,
        "Alexander E. Patrakov" <patrakov@gmail.com>,
        "Ahmed S. Darwish" <darwish.07@gmail.com>,
        Matthew Garrett <mjg59@srcf.ucam.org>,
        Vito Caputo <vcaputo@pengaru.com>,
        Andreas Dilger <adilger.kernel@dilger.ca>,
        Jan Kara <jack@suse.cz>, Ray Strode <rstrode@redhat.com>,
        William Jon McCann <mccann@jhu.edu>,
        zhangjs <zachary@baishancloud.com>,
        Andy Lutomirski <luto@kernel.org>,
        Florian Weimer <fweimer@redhat.com>,
        Lennart Poettering <mzxreary@0pointer.de>,
        Peter Matthias <matthias.peter@bsi.bund.de>,
        Marcelo Henrique Cerri <marcelo.cerri@canonical.com>,
        Neil Horman <nhorman@redhat.com>,
        Randy Dunlap <rdunlap@infradead.org>,
        Julia Lawall <julia.lawall@inria.fr>,
        Dan Carpenter <dan.carpenter@oracle.com>,
        Andy Lavr <andy.lavr@gmail.com>,
        Eric Biggers <ebiggers@kernel.org>,
        "Jason A. Donenfeld" <Jason@zx2c4.com>,
        Petr Tesarik <ptesarik@suse.cz>,
        John Haxby <john.haxby@oracle.com>
Subject: [PATCH v38 10/13] LRNG - add Jitter RNG fast noise source
Date:   Sat, 27 Feb 2021 14:38:42 +0100
Message-ID: <2640811.BEx9A2HvPv@positron.chronox.de>
In-Reply-To: <3277560.QJadu78ljV@positron.chronox.de>
References: <3277560.QJadu78ljV@positron.chronox.de>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="iso-8859-1"
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

The Jitter RNG fast noise source implemented as part of the kernel
crypto API is queried for 256 bits of entropy at the time the seed
buffer managed by the LRNG is about to be filled.

CC: Torsten Duwe <duwe@lst.de>
CC: "Eric W. Biederman" <ebiederm@xmission.com>
CC: "Alexander E. Patrakov" <patrakov@gmail.com>
CC: "Ahmed S. Darwish" <darwish.07@gmail.com>
CC: "Theodore Y. Ts'o" <tytso@mit.edu>
CC: Willy Tarreau <w@1wt.eu>
CC: Matthew Garrett <mjg59@srcf.ucam.org>
CC: Vito Caputo <vcaputo@pengaru.com>
CC: Andreas Dilger <adilger.kernel@dilger.ca>
CC: Jan Kara <jack@suse.cz>
CC: Ray Strode <rstrode@redhat.com>
CC: William Jon McCann <mccann@jhu.edu>
CC: zhangjs <zachary@baishancloud.com>
CC: Andy Lutomirski <luto@kernel.org>
CC: Florian Weimer <fweimer@redhat.com>
CC: Lennart Poettering <mzxreary@0pointer.de>
CC: Nicolai Stange <nstange@suse.de>
Reviewed-by: Marcelo Henrique Cerri <marcelo.cerri@canonical.com>
Reviewed-by: Roman Drahtmueller <draht@schaltsekun.de>
Tested-by: Roman Drahtm=FCller <draht@schaltsekun.de>
Tested-by: Marcelo Henrique Cerri <marcelo.cerri@canonical.com>
Tested-by: Neil Horman <nhorman@redhat.com>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
=2D--
 drivers/char/lrng/Kconfig     | 12 +++++
 drivers/char/lrng/Makefile    |  1 +
 drivers/char/lrng/lrng_jent.c | 88 +++++++++++++++++++++++++++++++++++
 3 files changed, 101 insertions(+)
 create mode 100644 drivers/char/lrng/lrng_jent.c

diff --git a/drivers/char/lrng/Kconfig b/drivers/char/lrng/Kconfig
index f16bd237ab9e..01185b985af4 100644
=2D-- a/drivers/char/lrng/Kconfig
+++ b/drivers/char/lrng/Kconfig
@@ -156,4 +156,16 @@ config LRNG_KCAPI
 	  provided by the selected kernel crypto API RNG.
 endif # LRNG_DRNG_SWITCH
=20
+config LRNG_JENT
+	bool "Enable Jitter RNG as LRNG Seed Source"
+	depends on CRYPTO
+	select CRYPTO_JITTERENTROPY
+	help
+	  The Linux RNG may use the Jitter RNG as noise source. Enabling
+	  this option enables the use of the Jitter RNG. Its default
+	  entropy level is 16 bits of entropy per 256 data bits delivered
+	  by the Jitter RNG. This entropy level can be changed at boot
+	  time or at runtime with the lrng_base.jitterrng configuration
+	  variable.
+
 endif # LRNG
diff --git a/drivers/char/lrng/Makefile b/drivers/char/lrng/Makefile
index 97d2b13d3227..6be88156010a 100644
=2D-- a/drivers/char/lrng/Makefile
+++ b/drivers/char/lrng/Makefile
@@ -14,3 +14,4 @@ obj-$(CONFIG_LRNG_DRNG_SWITCH)	+=3D lrng_switch.o
 obj-$(CONFIG_LRNG_KCAPI_HASH)	+=3D lrng_kcapi_hash.o
 obj-$(CONFIG_LRNG_DRBG)		+=3D lrng_drbg.o
 obj-$(CONFIG_LRNG_KCAPI)	+=3D lrng_kcapi.o
+obj-$(CONFIG_LRNG_JENT)		+=3D lrng_jent.o
diff --git a/drivers/char/lrng/lrng_jent.c b/drivers/char/lrng/lrng_jent.c
new file mode 100644
index 000000000000..9cae59678c1e
=2D-- /dev/null
+++ b/drivers/char/lrng/lrng_jent.c
@@ -0,0 +1,88 @@
+// SPDX-License-Identifier: GPL-2.0 OR BSD-2-Clause
+/*
+ * LRNG Fast Noise Source: Jitter RNG
+ *
+ * Copyright (C) 2016 - 2021, Stephan Mueller <smueller@chronox.de>
+ */
+
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
+#include <linux/types.h>
+#include <crypto/internal/jitterentropy.h>
+
+#include "lrng_internal.h"
+
+/*
+ * Estimated entropy of data is a 16th of LRNG_DRNG_SECURITY_STRENGTH_BITS.
+ * Albeit a full entropy assessment is provided for the noise source indic=
ating
+ * that it provides high entropy rates and considering that it deactivates
+ * when it detects insufficient hardware, the chosen under estimation of
+ * entropy is considered to be acceptable to all reviewers.
+ */
+static u32 jitterrng =3D LRNG_DRNG_SECURITY_STRENGTH_BITS>>4;
+module_param(jitterrng, uint, 0644);
+MODULE_PARM_DESC(jitterrng, "Entropy in bits of 256 data bits from Jitter =
RNG noise source");
+
+/**
+ * lrng_get_jent() - Get Jitter RNG entropy
+ *
+ * @outbuf: buffer to store entropy
+ * @outbuflen: length of buffer
+ *
+ * Return:
+ * * > 0 on success where value provides the added entropy in bits
+ * * 0 if no fast source was available
+ */
+static struct rand_data *lrng_jent_state;
+
+u32 lrng_get_jent(u8 *outbuf, unsigned int outbuflen)
+{
+	int ret;
+	u32 ent_bits =3D jitterrng;
+	unsigned long flags;
+	static DEFINE_SPINLOCK(lrng_jent_lock);
+	static int lrng_jent_initialized =3D 0;
+
+	spin_lock_irqsave(&lrng_jent_lock, flags);
+
+	if (!ent_bits || (lrng_jent_initialized =3D=3D -1)) {
+		spin_unlock_irqrestore(&lrng_jent_lock, flags);
+		return 0;
+	}
+
+	if (!lrng_jent_initialized) {
+		lrng_jent_state =3D jent_lrng_entropy_collector();
+		if (!lrng_jent_state) {
+			jitterrng =3D 0;
+			lrng_jent_initialized =3D -1;
+			spin_unlock_irqrestore(&lrng_jent_lock, flags);
+			pr_info("Jitter RNG unusable on current system\n");
+			return 0;
+		}
+		lrng_jent_initialized =3D 1;
+		pr_debug("Jitter RNG working on current system\n");
+	}
+	ret =3D jent_read_entropy(lrng_jent_state, outbuf, outbuflen);
+	spin_unlock_irqrestore(&lrng_jent_lock, flags);
+
+	if (ret) {
+		pr_debug("Jitter RNG failed with %d\n", ret);
+		return 0;
+	}
+
+	/* Obtain entropy statement */
+	if (outbuflen !=3D LRNG_DRNG_SECURITY_STRENGTH_BYTES)
+		ent_bits =3D (ent_bits * outbuflen<<3) /
+			   LRNG_DRNG_SECURITY_STRENGTH_BITS;
+	/* Cap entropy to buffer size in bits */
+	ent_bits =3D min_t(u32, ent_bits, outbuflen<<3);
+	pr_debug("obtained %u bits of entropy from Jitter RNG noise source\n",
+		 ent_bits);
+
+	return ent_bits;
+}
+
+u32 lrng_jent_entropylevel(void)
+{
+	return min_t(u32, jitterrng, LRNG_DRNG_SECURITY_STRENGTH_BITS);
+}
=2D-=20
2.29.2