Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp3523372ybl; Mon, 27 Jan 2020 05:43:06 -0800 (PST) X-Google-Smtp-Source: APXvYqy7kwo4NhbvlQ9mq9f8rLCxlJp/6k80gFSxHUfVHW4VUCEtMiRNaKWYAPytDyI+y0EOp01D X-Received: by 2002:aca:90f:: with SMTP id 15mr1807007oij.18.1580132586318; Mon, 27 Jan 2020 05:43:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1580132586; cv=none; d=google.com; s=arc-20160816; b=dXQw2v6ujdt92CZr6Cj92YDWVF30lTQMtjAOSpu/P17fQZ0uGXIsyfhdU6cB8hPMSl 4bmPtbcezHPO60+yKa/HYg2G5FKP6O9Cg/mFgKlP02f5lDDr0JGtpyJQirEqk2idM2dX Iqu22/TNnJGN8PT1E2vgeMSeYglfV2tIGE2I8HLqBKFgzDklrJtuZosRzrqdap4uYKH2 G+vhqa0bevz0eo+xtinpjYBbIR/V6QZ+XRrxnZa1EjhYnH6M8R7wjJF9x8opm8LIwygg HZGtKQSnZIjNEtdFK3Vs84AHRoksIAMy0b39FJ9B6JUlDJuML/Ldt06R3wTO+mrRmcVd GKjQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=y6ki84dpG3p3ueoh8tAmX4ZWvgFXi6ehd6g1X98nIDY=; b=lNkaLa9d/ei93qYvhZ/gzEjScCIME0psfWjaZUugEudVkKEePqKV5r4OIaBQUl6Sl9 +2GjDBepdGCr6Iz4Zj5Z8D57tSf+AH1pCUQrTdJOT/KkdmjcbQ9RY9tpdu0/BepIsl23 2JCzPFk2GIi03/mbUt0QvCryf0sBNCAA8ODlf/wyNiPFQVhlLApXaavzi21NFT0eX34B /FsGg9SIKFLwTUO0woQVibqCrPEn1Nu958jivPQh1dX520jFbyBtgYZbbamBuuxB9k1A 0BzytAeOW5nx9T99wLubaCCPTyPC9sFwrdXJkPelFjr7GhGkH9FkY89kNHfxP4ju4Z0v 9BGw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=oz58F4m2; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t7si6532509otl.133.2020.01.27.05.42.46; Mon, 27 Jan 2020 05:43:06 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=oz58F4m2; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726635AbgA0Nmm (ORCPT + 99 others); Mon, 27 Jan 2020 08:42:42 -0500 Received: from mail-wr1-f65.google.com ([209.85.221.65]:44054 "EHLO mail-wr1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725990AbgA0Nmm (ORCPT ); Mon, 27 Jan 2020 08:42:42 -0500 Received: by mail-wr1-f65.google.com with SMTP id q10so11340363wrm.11; Mon, 27 Jan 2020 05:42:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=y6ki84dpG3p3ueoh8tAmX4ZWvgFXi6ehd6g1X98nIDY=; b=oz58F4m2sfW3y9sCPEbOpOZAefxEjNLwcykf10DEj3+dfzrRVX72hMDNRW1Ei/RE7C ZXA6GXb69ir2cLwgZlV2CL7yZM2Yvye242O1kiiPu2fZx6SZDwWcqA+/7VWBgq3OHS1l FAMOjWQBUwjtefp15OGbKMwhZb/boQ4+612L71nWs2IQyWOgb6dVHJOAuavfrFDzzxYM 0VMvqCoOttl/W9Qp/O6KyWLHje9z+SLTm9L2TeKQ64Oy17fHZ+DiUt4Cz6V14vEHmSzL sXaoxloZEUbfXL6/vfCMjIviwSHEe1ndDe6C7ERfDk+qptzSt5MtVz/VO/ReEA2lms19 mntw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=y6ki84dpG3p3ueoh8tAmX4ZWvgFXi6ehd6g1X98nIDY=; b=WmA25/LDPEdUu1uqyA+Dy6ucSTz3HMVOZrFcA6ebfs0MemPey3YDE/pu3EuUDrZ5xO g15K0wPsxCwWkoDn2vFcgAjdn6EA1LkOk0lbuEzCW3xiLxz3Fw3AtLJ7MY4XbyjoN9xK WMGKHLB4vzqSNQMnHtBJwHkj+jAs5o48MAIXUSZ8A07pvA+Boqir7UhUSIH6FguVINbx o57lvnKmZ35spHVCUgJ26ow2yMoudhDRKMnz55wfaP1ZnNxoYMCX86dkOcYsDhfnlY+f v1zyI8207WrKNDcPtnAHjz2P/kztjaW5XfOf1QRZQ2mwI1NqP1oUzb/FPINGisB55Euz BOig== X-Gm-Message-State: APjAAAVEbybSS7v+ZYZvpQhCX5aRK55agO+bPtxs9FDaWsZ+tJmy3UGr jYRuBWe8lrWZ8OWfnCnqC5PafftudgNAfcaEqlE= X-Received: by 2002:a05:6000:11c5:: with SMTP id i5mr21942512wrx.102.1580132560146; Mon, 27 Jan 2020 05:42:40 -0800 (PST) MIME-Version: 1.0 References: <20200108154047.12526-1-andrew.smirnov@gmail.com> <20200108154047.12526-8-andrew.smirnov@gmail.com> In-Reply-To: From: Andrey Smirnov Date: Mon, 27 Jan 2020 05:42:28 -0800 Message-ID: Subject: Re: [PATCH v6 7/7] crypto: caam - limit single JD RNG output to maximum of 16 bytes To: Horia Geanta Cc: "linux-crypto@vger.kernel.org" , Chris Healy , Lucas Stach , Herbert Xu , Iuliana Prodan , "linux-kernel@vger.kernel.org" , dl-linux-imx Content-Type: text/plain; charset="UTF-8" Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Mon, Jan 13, 2020 at 6:10 AM Horia Geanta wrote: > > On 1/8/2020 5:42 PM, Andrey Smirnov wrote: > > In order to follow recommendation in SP800-90C (section "9.4 The > > Oversampling-NRBG Construction") limit the output of "generate" JD > > submitted to CAAM. See > > https://lore.kernel.org/linux-crypto/VI1PR0402MB3485EF10976A4A69F90E5B0F98580@VI1PR0402MB3485.eurprd04.prod.outlook.com/ > > for more details. > > > > This change should make CAAM's hwrng driver good enough to have 999 > > quality rating. > > > [...] > > @@ -241,6 +241,7 @@ int caam_rng_init(struct device *ctrldev) > > ctx->rng.init = caam_init; > > ctx->rng.cleanup = caam_cleanup; > > ctx->rng.read = caam_read; > > + ctx->rng.quality = 999; > > > AFAICS the maximum value of hwrng.quality is 1024. > > Any reason why it's configured to be lower, now that CAAM RNG-based DRBG > is configured to reseed as requested by FIPS spec to behave as a TRNG? > Only my reading of the old version of corresponding documentation which listed this field as being per mil. Will fix in v7. Thanks, Andrey Smirnov