Received: by 2002:a25:7ec1:0:0:0:0:0 with SMTP id z184csp3956460ybc; Tue, 26 Nov 2019 01:14:56 -0800 (PST) X-Google-Smtp-Source: APXvYqzFshp88VzNf9OJhDWakePr30YdXSGG3RpSGGHHkOSpsR14MQCuMuEVMdUU0Tqo3VdMLhWp X-Received: by 2002:a17:906:4dd5:: with SMTP id f21mr41976127ejw.203.1574759696433; Tue, 26 Nov 2019 01:14:56 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1574759696; cv=pass; d=google.com; s=arc-20160816; b=gbZ5NWqX0sFAS12YUyRgPpIBAi2xLiTDT5sCp9lHIxSxkog2bThj/VyM3Tfq54FMav jdfw5F4WyzTLks3mORJDYXMZkvl3JsqmsrBsvVqfUel39XmFxrzmZdKltqD5nq6nRnc7 cxqi/PUOHwygwmspS/xiEJBgmbnM5SHvzirgohLzGl8MyCsHRAqh1/+KzhTQ+mOxJjow cBfG3YbQNOWNhyEIovNTVSIY/w1Rr870qFY5Tpdnd1w4wYiRQa1WizGPwilb126ADi8d ZhL09c4X41fzaw7t9y4DoYwlG2gefxTsiuDEOu8iEBhj7vgVTbiFcRH4PTZCJ0l3Dkb3 N8Ww== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:content-transfer-encoding :content-language:accept-language:references:message-id:date :thread-index:thread-topic:subject:cc:to:from:dkim-signature; bh=Hg+34PtvP6u0N7MyHOOoCNJq7S4yPtjOfR0bsIqizKY=; b=WpinYD6VH9uupdXWwsbT0ZE2qRopBBuuUTeuCfdz8YOE8FKLyQY9RtOmFulZsfAQlk V4SpaQkFrSf81ouLyzRYdG2NzyGUBc/7KMjAL3Ul9qXzHujAcCaJK359VmFJlhn/2rU4 gHAsfzs1tVBQX09AQs1AIU3H6UWp/ZyesyzSGYGHrk/JVNMr4ESPHmJGFkjNM2UsBiWp s9xxNyWjpjYbj9W7/1nYU2Lyx5QbCCL4xNCedg+/589KkUjU65MADTqbyxO0o++ccNEK 7he8xa8kZ/CObGNwnddI4m7MPZNFEopsyipZaJrQVlu8GSpnmXKT/qos5ypyhG6mqxHe dULg== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@nxp.com header.s=selector2 header.b=BwwNCWlB; arc=pass (i=1 spf=pass spfdomain=nxp.com dkim=pass dkdomain=nxp.com dmarc=pass fromdomain=nxp.com); spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=nxp.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p10si607994ejx.135.2019.11.26.01.14.27; Tue, 26 Nov 2019 01:14:56 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@nxp.com header.s=selector2 header.b=BwwNCWlB; arc=pass (i=1 spf=pass spfdomain=nxp.com dkim=pass dkdomain=nxp.com dmarc=pass fromdomain=nxp.com); spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=nxp.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727362AbfKZJNp (ORCPT + 99 others); Tue, 26 Nov 2019 04:13:45 -0500 Received: from mail-eopbgr140043.outbound.protection.outlook.com ([40.107.14.43]:8298 "EHLO EUR01-VE1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727028AbfKZJNp (ORCPT ); Tue, 26 Nov 2019 04:13:45 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=j9pDa9QgJg1qkTvG3UVp4C6Ppv8Cfcc4KxWEOGHo1UXvM/PN8gJjqG0Ww2WnDauNSM40A+AKG0VmzKKFycNTZCIPBMSgKRonrkYlNWX2yxb1OzGKUROtUkwLt+mX+3J7pmi/aPqgqWYUHNdJ+pxukCxv9y57egeRODcdco4mwRsMJ1VyzXZ5/o7/N68sUmn04lnNkTmmMKbdI0Ts6gCXLSS98onmrWOeo2T/jemw0v3XoPy69mtEz/RU8O7B4+jg8g55CzzJryk2UYlIdmfpJvoMDuLgfS4a521Js3pCPVO/3iE7GjApRbDi2mlKzy7OpIxltaAsWvOINmu9Z2xtgw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Hg+34PtvP6u0N7MyHOOoCNJq7S4yPtjOfR0bsIqizKY=; b=LxDA08WO4AE8B5D1nKIO6RvxuVkX7VR8nc+TvsXJfOThJp14190cxT0ErKEx3GtAv5Br7RiiOVmxfksteP0XouL0eThzftvDWi8H1UboH562eRRCIXnIE9MTMc0ddcaMxpiZT6zHhwmIn+y0HatiEPDlytOxkwLjRwtcRMemz4EXKV4JS8umGfBFAzJo8NbLGIMvjbpkxkyYgDEbjRTbrO2UNeijgSXJrU1G9IxN5yYvmeLWC/a3efhtv4pCzLdYYFoL6/I3K/7hebD9qmeYret5olaoA/Exxb/OVT4i5Z3jiwiFuFlx6ot80WO2tYONCInVHpTV8xFcKA/ii+fqbA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Hg+34PtvP6u0N7MyHOOoCNJq7S4yPtjOfR0bsIqizKY=; b=BwwNCWlBd/OvXwLHk6ltqv90kZb8XpLca2nw65+8smWdOOfH0bCewZN7hySdG+i4aMFqwrhOLzfV4QjJ19i7wacSHiwOJnAUdgBwklau8vL8yHprAZs2UtjfqWkam7LPrdaDiGp1tQnfoYZRZsFkZ2dQUYFU4vhZd2Zo9fgd4OY= Received: from VI1PR0402MB3485.eurprd04.prod.outlook.com (52.134.3.153) by VI1PR0402MB3472.eurprd04.prod.outlook.com (52.134.5.30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2474.16; Tue, 26 Nov 2019 09:13:39 +0000 Received: from VI1PR0402MB3485.eurprd04.prod.outlook.com ([fe80::89e1:552e:a24d:e72]) by VI1PR0402MB3485.eurprd04.prod.outlook.com ([fe80::89e1:552e:a24d:e72%3]) with mapi id 15.20.2495.014; Tue, 26 Nov 2019 09:13:38 +0000 From: Horia Geanta To: Andrey Smirnov , "linux-crypto@vger.kernel.org" CC: Chris Healy , Lucas Stach , Herbert Xu , Iuliana Prodan , "linux-kernel@vger.kernel.org" , dl-linux-imx Subject: Re: [PATCH v4 2/6] crypto: caam - enable prediction resistance in HRWNG Thread-Topic: [PATCH v4 2/6] crypto: caam - enable prediction resistance in HRWNG Thread-Index: AQHVoIQyJHCMNObN7kuHGNWFUpD0kQ== Date: Tue, 26 Nov 2019 09:13:38 +0000 Message-ID: References: <20191121155554.1227-1-andrew.smirnov@gmail.com> <20191121155554.1227-3-andrew.smirnov@gmail.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=horia.geanta@nxp.com; x-originating-ip: [212.146.100.6] x-ms-publictraffictype: Email x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 169b8eb6-51fe-4608-0f72-08d77250eca4 x-ms-traffictypediagnostic: VI1PR0402MB3472:|VI1PR0402MB3472: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-forefront-prvs: 0233768B38 x-forefront-antispam-report: SFV:NSPM;SFS:(10009020)(4636009)(39860400002)(376002)(396003)(366004)(346002)(136003)(199004)(189003)(52536014)(2501003)(91956017)(316002)(9686003)(7696005)(102836004)(53546011)(6506007)(86362001)(26005)(71190400001)(8676002)(8936002)(14454004)(81156014)(71200400001)(229853002)(186003)(76116006)(81166006)(66946007)(305945005)(66476007)(74316002)(66446008)(64756008)(66556008)(256004)(7736002)(110136005)(66066001)(6246003)(44832011)(446003)(55016002)(6116002)(3846002)(33656002)(5660300002)(6436002)(76176011)(4326008)(478600001)(25786009)(2906002)(54906003)(99286004);DIR:OUT;SFP:1101;SCL:1;SRVR:VI1PR0402MB3472;H:VI1PR0402MB3485.eurprd04.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1; received-spf: None (protection.outlook.com: nxp.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: BYUSgcWPJgD86qQliMRcg0k7hLjHoEbvTVB00q44XAwbZu2TzG/nDaBnjMLE00R0Ch0T2XfcaNediKHc4GOcKEadLjxwJ8RbBRGtCT2oS29lG+3m5HhR3sKOz6F0f7F09zOE/jX+29yw22VB/i0EcY98n9q9ZzTdz/eOpV9rHx27vbCyMx0GYtdr9xAT35fR6D7X81N/YA3XLo4xOsaz7GNVsVsS+oL9qDccpbbxAp0hwfiX74v0Jx4MMwRsgMGVKxZTqDlwcWk2qv/CuNfg2WQHqoVqpk4Dh/WMKQXVVCgcOFU83EGyACoTQmU3wYfjg5pb1i4OPtglcwXGop7n3XeVmFS/FP3P/yqEeqznql4DSAHDfh+vC4EffYZEuFXe/MAhvB51iswiNu5S8Rg+voKzEa/rpZ8r/PfCTJwTYzNO9vTK14cYCIk7KIPaRl7/ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: 169b8eb6-51fe-4608-0f72-08d77250eca4 X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Nov 2019 09:13:38.6481 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: syzdeTt5CJL0tqUqY5OJ0YjqO8lIeTS/2y7Uy5eAsq267ivlb7ZJwT/zVFOs/HTrrWkWF6bAaD1F9shh+sY7Jg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0402MB3472 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On 11/21/2019 5:56 PM, Andrey Smirnov wrote:=0A= > Instantiate CAAM RNG with prediction resistance enabled to improve its=0A= > quality.=0A= > =0A= It's worth noting there are two RNG operations being changed:=0A= -instantiation=0A= -generation=0A= =0A= Generation with prediction resistance (PR) is only supported on=0A= RNG state handles instantiated with PR option.=0A= =0A= Using PR when generating randomness effectively forces a reseed=0A= of the DRBG / PRNG - that's how quality is improved.=0A= =0A= > diff --git a/drivers/crypto/caam/caamrng.c b/drivers/crypto/caam/caamrng.= c=0A= > index e8baacaabe07..6dde8ae3cd9b 100644=0A= > --- a/drivers/crypto/caam/caamrng.c=0A= > +++ b/drivers/crypto/caam/caamrng.c=0A= > @@ -202,7 +202,8 @@ static inline int rng_create_sh_desc(struct caam_rng_= ctx *ctx)=0A= > init_sh_desc(desc, HDR_SHARE_SERIAL);=0A= > =0A= > /* Generate random bytes */=0A= > - append_operation(desc, OP_ALG_ALGSEL_RNG | OP_TYPE_CLASS1_ALG);=0A= > + append_operation(desc, OP_ALG_ALGSEL_RNG | OP_TYPE_CLASS1_ALG |=0A= > + OP_ALG_PR_ON);=0A= > =0A= > /* Store bytes */=0A= > append_seq_fifo_store(desc, RN_BUF_SIZE, FIFOST_TYPE_RNGSTORE);=0A= > diff --git a/drivers/crypto/caam/ctrl.c b/drivers/crypto/caam/ctrl.c=0A= > index df4db10e9fca..a1c879820286 100644=0A= > --- a/drivers/crypto/caam/ctrl.c=0A= > +++ b/drivers/crypto/caam/ctrl.c=0A= > @@ -36,7 +36,8 @@ static void build_instantiation_desc(u32 *desc, int han= dle, int do_sk)=0A= > init_job_desc(desc, 0);=0A= > =0A= > op_flags =3D OP_TYPE_CLASS1_ALG | OP_ALG_ALGSEL_RNG |=0A= > - (handle << OP_ALG_AAI_SHIFT) | OP_ALG_AS_INIT;=0A= > + (handle << OP_ALG_AAI_SHIFT) | OP_ALG_AS_INIT |=0A= > + OP_ALG_PR_ON;=0A= > =0A= > /* INIT RNG in non-test mode */=0A= > append_operation(desc, op_flags);=0A= > @@ -275,11 +276,12 @@ static int instantiate_rng(struct device *ctrldev, = int state_handle_mask,=0A= > return -ENOMEM;=0A= > =0A= > for (sh_idx =3D 0; sh_idx < RNG4_MAX_HANDLES; sh_idx++) {=0A= > + const u32 rdsta_mask =3D (RDSTA_PR0 | RDSTA_IF0) << sh_idx;=0A= > /*=0A= > * If the corresponding bit is set, this state handle=0A= > * was initialized by somebody else, so it's left alone.=0A= > */=0A= > - if ((1 << sh_idx) & state_handle_mask)=0A= > + if (rdsta_mask & state_handle_mask)=0A= > continue;=0A= > =0A= If a state handle was previously instantiated (e.g. by U-boot),=0A= but without prediction resistance support, it won't be re-instantiated=0A= ("continue" / skip above).=0A= =0A= The result is using a state handle without PR support.=0A= Due to this, when extracting / generating randomness (in caamrng.c) with=0A= the PR bit set, job descriptor will generate a prediction resistance error.= =0A= =0A= IMO the proper thing to do in case a state handle was instantiated=0A= without PR support is to re-instantiate it.=0A= =0A= There's an assumption here though: kernel handles RNG initialization only= =0A= in some cases, when it's effectively "controlling" it.=0A= In cases when it's not, like when Management Complex (MC) f/w is present=0A= (or OP-TEE OS, SECO etc.), kernel skips RNG init and only uses the job ring= =0A= interface for random generation.=0A= =3D=3D> MC, OP-TEE, SECO etc. have to be updated to initialize=0A= RNG state handles with PR support=0A= =0A= Horia=0A=