Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp3734059yba; Tue, 7 May 2019 06:19:12 -0700 (PDT) X-Google-Smtp-Source: APXvYqyIJgpCyhTYFgWcgo6abYx3u7zfgm4jXuD/ODYeSMEt7GWKnW4XNcM5ZOnPWiyjQU3wkquY X-Received: by 2002:a17:902:aa92:: with SMTP id d18mr39282123plr.221.1557235151926; Tue, 07 May 2019 06:19:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557235151; cv=none; d=google.com; s=arc-20160816; b=X2CA6LXhhmjUOn5HbjaoDivLs1J+37h7BLtz6rFfGbH0weatSk+GE+++9MXSib9emG 5UXe1chUrfSYmtoiLHrUIzafuXSPgxe7UvZq9N4NBxr6uxVFBDd4tLw0hv7tpsJXCe1t tWMIsX31rYE7ThKdSdClE+yPQN7kSYs9brcHO/d5MpC/pZdL1kDSQGVy0CErPSN4rAz2 ZwC0AtWlDRqXrgKvQRmFkRrJrISGTiNbbCwOHDLGyTu6/fyjla8ylHfMJS39PW3z6f4a HJytuNFDZVjm5Gmdcp/HBHqyar7rs20ZGPiA+tNL4PeBmtbzqN49T6sEbKJWSybONITh 9JaA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=jv5P72dCZybcQkpv8dIWweCx6+nNSotuhzwul2PwsIk=; b=F9BOg4jGKs8zfikFtFa68aL013vFyVwxalKrjGzO/hIlaxT1aNMxuke4n+5+39ZqcW wD8oQUI0BZtGx4Oz0mJ0LGLQJD8st597f6S8/d8yU2qx/HNw9vFoEiwP0MBgwBvToI77 PweZeG38QDEQjWf7VltXqvgUw381q5pOkkq7aK/dPS7CkXjrmwxrC9bz294YRFUN8eOe MGGLnM8czdIQAE3K6/3pXuNES4MQlGjKEGjCBGTmbpIPmn1OHQN0ikW2k2V91J67i6Cj vgQuiUOXqL6N71brnZB62TRfFyK3yVmWTQOOuNQQfHC/+F0rpgAVk+E1B+OaqIaXT0cR 3PbA== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@chronox.de header.s=strato-dkim-0002 header.b=EHxf82fu; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z19si15456402pgi.180.2019.05.07.06.18.55; Tue, 07 May 2019 06:19:11 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@chronox.de header.s=strato-dkim-0002 header.b=EHxf82fu; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726420AbfEGNSy (ORCPT + 99 others); Tue, 7 May 2019 09:18:54 -0400 Received: from mo4-p00-ob.smtp.rzone.de ([85.215.255.25]:15879 "EHLO mo4-p00-ob.smtp.rzone.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726428AbfEGNSy (ORCPT ); Tue, 7 May 2019 09:18:54 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1557235131; s=strato-dkim-0002; d=chronox.de; h=References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: X-RZG-CLASS-ID:X-RZG-AUTH:From:Subject:Sender; bh=jv5P72dCZybcQkpv8dIWweCx6+nNSotuhzwul2PwsIk=; b=EHxf82fuxRMibKZV/qFNtkLnskCtuWWBa8ITQB2lnfvvuweSPnNOpCfbSVopx2cYMW Cam2EtIPhiCXlVtIZem3mtxp638NFSE1BfDBcRFF+eDb7HCSCHxEkMbIXNrr4yyPIjHp f0rDOYIYL0bytJqmEDhijTbMP0uSHo8mc2kfZrdSId26HezPwCR0P0ZQGmytev+AT3i6 ZI9dvGtKnS6E95xgFPRaj0GLIWlRymuVmnD0KTnm7lt2lBWmQm6EvuJYdJMcZO5ZhseF fmtcER/0cGhNOzf2rPL7/v8d18jo14sosKjhdUeyTYHAoh9xP5gPiA8ayA0VFy6rLUiM SvIQ== X-RZG-AUTH: ":P2ERcEykfu11Y98lp/T7+hdri+uKZK8TKWEqNyiHySGSa9k9x2wdNs6neUFoh7cs0E0=" X-RZG-CLASS-ID: mo00 Received: from tauon.chronox.de by smtp.strato.de (RZmta 44.18 AUTH) with ESMTPSA id R0373fv47DIn5jm (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (curve secp521r1 with 521 ECDH bits, eq. 15360 bits RSA)) (Client did not present a certificate); Tue, 7 May 2019 15:18:49 +0200 (CEST) From: Stephan Mueller To: Yann Droneaud Cc: Herbert Xu , linux-crypto@vger.kernel.org Subject: Re: [PATCH v5] crypto: DRBG - add FIPS 140-2 CTRNG for noise source Date: Tue, 07 May 2019 15:18:48 +0200 Message-ID: <2220012.cB1XuMDAq9@tauon.chronox.de> In-Reply-To: <74c517ac2c654a7372af731a67e24743c843e157.camel@opteya.com> References: <1852500.fyBc0DU23F@positron.chronox.de> <1654549.mqJkfNR9fV@positron.chronox.de> <74c517ac2c654a7372af731a67e24743c843e157.camel@opteya.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="iso-8859-1" Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Am Dienstag, 7. Mai 2019, 15:10:38 CEST schrieb Yann Droneaud: Hi Yann, > Hi, >=20 > Le mardi 07 mai 2019 =E0 11:29 +0200, Stephan M=FCller a =E9crit : > > FIPS 140-2 section 4.9.2 requires a continuous self test of the noise > > source. Up to kernel 4.8 drivers/char/random.c provided this continuous > > self test. Afterwards it was moved to a location that is inconsistent > > with the FIPS 140-2 requirements. The relevant patch was > > e192be9d9a30555aae2ca1dc3aad37cba484cd4a . >=20 > Please elaborate: in commit e192be9d9a30 ("random: replace non-blocking > pool with a Chacha20-based CRNG") the "self test" code was moved from > extract_entropy() to _extract_entropy(), which is used by > extract_entropy(). >=20 > Only crng_initialize() call _extract_entropy() with fips =3D 0, regarless > of fips_enabled. >=20 > Is this the issue ? The issue is that _extract_entropy is invoked with the input_pool from the= =20 ChaCha20 RNG during its initialization or reseed. So, this function is call= ed=20 to extract data from the input_pool and inject it into the ChaCha20 RNG. However, we need the test to be applied at the output of the ChaCha20 RNG (= or=20 /dev/random). >=20 > Could crng_initialize() pass fips_enabled to _extract_entropy() instead > of 0 ? This small change does not fix it. At the time the change to ChaCha20 was=20 applied, I provided a patch that moved the continuous test back to the=20 locations were we need it. But it was ignored. Ciao Stephan