Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp53198pxk; Tue, 8 Sep 2020 21:39:04 -0700 (PDT) X-Google-Smtp-Source: ABdhPJysZ5fRClcahe73Hsw0+2DUtT66dmNLCoOXwROJQbfHEHKrRdCCTAuDzWY7Mw0xH+flhk2H X-Received: by 2002:a05:6402:1353:: with SMTP id y19mr2297386edw.71.1599626344142; Tue, 08 Sep 2020 21:39:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1599626344; cv=none; d=google.com; s=arc-20160816; b=cbuKFBAnKrPh4zsysE9IzBQIQjZ0tTtgFEccjP6ai8cUniAetH106JQn2bB3s4GVxS 3Ts+qEYwi0qkoSiX89rI0M88E/2QnRpuncwwMqr44TkTat5kvW2Y4+90I0dbWQelokbu BpX5UbYXCH4w9NRrVXBW8OFTW1yQ6obFmr3RGV7SL/lP/qoQYuz/yFeVTiAzR7m64iCI 6+36ZxK5bT/ZZgQ+KkTOcmHWByQZjZBhfMC3fq2ojIuI99HI9a9bLav/KaDml3+X7qZH x6DlTnsM0JXIjO9ST01ePos7lJx7ySoqwWvcpBBWomdewKKHt63MT1AkXSSnPGHgeHo1 u9iQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=mb6LbbTvpGNvVb8ywfv9eO7+GzH/7Eozhf0GkKGuNbI=; b=bxLlFtLnFGF4sa6i+HkhhD3bzUUpIw60+zsU+JXGD8dBLNFziM2DusIwjGL+l8yah5 qXK5hwmnuXVmzW5hkbexNMnnIGjDtE1mIvPAOa3QDXNFz6ND5W50kFo9kQT4FJPr0wzC pRUc8iRp1mAfHEtjAGY+O7te/3pYG6vLhEIpZT0YwjcxTGFxdJfiRx59810KOuNXmvu3 MBpj+PSP4QzjgwWYEcSlykogB/0VSSmU+lQT9JlDWkaGMknie93vXxh4aKXwbMMz0kPd G9gI1S0kXbAgoQkHunHR40na6zqYBdhj0r+LFf1HuHv6445cRd2036ZBk7C9tBYTwC7x 8AIw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=1w5ve+ed; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id p21si854736eds.193.2020.09.08.21.38.27; Tue, 08 Sep 2020 21:39:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=1w5ve+ed; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725811AbgIIEf5 (ORCPT + 99 others); Wed, 9 Sep 2020 00:35:57 -0400 Received: from mail.kernel.org ([198.145.29.99]:41600 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725767AbgIIEf5 (ORCPT ); Wed, 9 Sep 2020 00:35:57 -0400 Received: from sol.localdomain (172-10-235-113.lightspeed.sntcca.sbcglobal.net [172.10.235.113]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 53FCD20758; Wed, 9 Sep 2020 04:35:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1599626156; bh=je5OA9iAHkvXkpmZ+WvCM+zHsYTFCH8f3LiqiwGOrNM=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=1w5ve+edGLAT2nehtd7dJtNqTvtB+ux5Y1IBrNfx40qWcTjiB0aADs04LS6T2JPQ0 qlNb4DdsSpLS8ncWZe8uldart0i0jxHYTIByWnOxkYiFNMjpgziG1DN+QCSB0838j1 aKBAonfCPTMXBD6ylDnMx/UQC3aIZ6wmO1tuCC/E= Date: Tue, 8 Sep 2020 21:35:54 -0700 From: Eric Biggers To: Elena Petrova Cc: linux-crypto@vger.kernel.org, Stephan =?iso-8859-1?Q?M=FCller?= , Ard Biesheuvel , Jeffrey Vander Stoep Subject: Re: [PATCH v6] crypto: af_alg - add extra parameters for DRBG interface Message-ID: <20200909043554.GA8311@sol.localdomain> References: <20200821042443.GA25695@gondor.apana.org.au> <20200908170403.2625295-1-lenaptr@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20200908170403.2625295-1-lenaptr@google.com> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Tue, Sep 08, 2020 at 06:04:03PM +0100, Elena Petrova wrote: > Extend the user-space RNG interface: > 1. Add entropy input via ALG_SET_DRBG_ENTROPY setsockopt option; > 2. Add additional data input via sendmsg syscall. > > This allows DRBG to be tested with test vectors, for example for the > purpose of CAVP testing, which otherwise isn't possible. > > To prevent erroneous use of entropy input, it is hidden under > CRYPTO_USER_API_RNG_CAVP config option and requires CAP_SYS_ADMIN to > succeed. > > Signed-off-by: Elena Petrova > Acked-by: Stephan M?ller This doesn't compile for me. Can you rebase this onto the latest "master" branch from https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git? > +static void rng_reset_addtl(struct rng_ctx *ctx) > { > - struct sock *sk = sock->sk; > - struct alg_sock *ask = alg_sk(sk); > - struct rng_ctx *ctx = ask->private; > - int err; > + kzfree(ctx->addtl); > + ctx->addtl = NULL; > + ctx->addtl_len = 0; > +} kzfree() has been renamed to kfree_sensitive(); see commit 453431a54934 ("mm, treewide: rename kzfree() to kfree_sensitive()"). So please use kfree_sensitive() rather than kzfree(), in all three places. Note, kzfree() won't actually cause a compilation error since it's still #define'd to kfree_sensitive(). But that #define probably will go away soon. > +static int rng_test_sendmsg(struct socket *sock, struct msghdr *msg, size_t len) > +{ > + int err; > + struct alg_sock *ask = alg_sk(sock->sk); > + struct rng_ctx *ctx = ask->private; > + > + lock_sock(sock->sk); > + if (len > MAXSIZE) > + len = MAXSIZE; Since this function only supports providing the additional data all at once, not incrementally, shouldn't it return an error code if the length is too long, rather than truncate the length? > + /* > + * Non NULL pctx->entropy means that CAVP test has been initiated on > + * this socket, replace proto_ops algif_rng_ops with algif_rng_test_ops. > + */ > + if (pctx->entropy) > + sk->sk_socket->ops = algif_rng_test_ops; This means that providing additional data on a "request socket" via sendmsg will only work if ALG_SET_DRBG_ENTROPY was used on the "algorithm socket" earlier. If that's intentional, it needs to be mentioned in the documentation. > static const struct af_alg_type algif_type_rng = { > @@ -169,6 +319,9 @@ static const struct af_alg_type algif_type_rng = { > .release = rng_release, > .accept = rng_accept_parent, > .setkey = rng_setkey, > +#if IS_ENABLED(CONFIG_CRYPTO_USER_API_RNG_CAVP) > + .setentropy = rng_setentropy, > +#endif Since CRYPTO_USER_API_RNG_CAVP is now a bool rather than a tristate, this should use '#ifdef CONFIG_CRYPTO_USER_API_RNG_CAVP' instead of 'IS_ENABLED(CONFIG_CRYPTO_USER_API_RNG_CAVP)'. - Eric