Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp927656pxk; Fri, 25 Sep 2020 01:18:21 -0700 (PDT) X-Google-Smtp-Source: ABdhPJygZkmSrm2C10Hm/a29YJl7v55+YeOwbaYRRXJIxiuMjcbRX1d/B+Lha1qSj8j+8d7hyy4j X-Received: by 2002:a17:907:394:: with SMTP id ss20mr1525211ejb.120.1601021901161; Fri, 25 Sep 2020 01:18:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1601021901; cv=none; d=google.com; s=arc-20160816; b=zufDqr3fcdZPzncxp6kmQf8Hitq/rAWm4ssDhZO2DoKu2+sW2UxxIoRJ6GZRdDR7k7 sLzTsZCRac6sRuo7KIPDsWHvwfN4OJkDVUMU1Ch+geJvQwkYwgOYPCsTZmDJz9eInWe8 bUCsmVzvO78Lv6QSYPYGaR0n/n/MLEEz3qzInCejmszwzCiMu36M7gTvSYjKHmRdtk7x 5+S5KhVz+Pqthu12zIKoyY0BaSPi7cGmjFGl4d2TqcoQ1dlB/1EoxsVI5x9Y6OpTItHi 0XeocSEAKMw8owLEQq01IXGglkX6xGq/fY35xeUdpp9ysMUt/55Uu5WUEcIql0HfjyQ6 CkAA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=cp8uR0jSyphVCSAw1xFyII531DE+Kb0/JNrc2shMajA=; b=eis1+Na+fnsAiSRiN9zT0NYDk9byZZuJKIdIEIdwMcEq808OdEfJPTRVm+Ca04P3Ox UawKNyZ11Gm5TEPVGd/szeP2GumRHXbBI6qgFZMsi6TzKz4xDxAgbYFrOhuisOC7TUuk BKbWG7+3qonzcajrzxRZva2Fv63MDuSjNRzte/N862UTq5hUraKQaBlFlXYIl0Hwe6S1 Sv2u7lXTGGI65qrUpDRI6cyludhXjGX5D1rekLDIIaJYfSRyExwHlLgNHejuW2uYlZlr ucHWrGkQoOVFqYiGpnHaf8dOmZ9YHAd3udzi9ZdY+d3VfxA9ehMbz7r+NyG4VedjPpIl 5MQg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id ha18si1258464ejb.543.2020.09.25.01.17.56; Fri, 25 Sep 2020 01:18:21 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727295AbgIYIQz (ORCPT + 99 others); Fri, 25 Sep 2020 04:16:55 -0400 Received: from helcar.hmeau.com ([216.24.177.18]:53378 "EHLO fornost.hmeau.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727248AbgIYIQz (ORCPT ); Fri, 25 Sep 2020 04:16:55 -0400 Received: from gwarestrin.arnor.me.apana.org.au ([192.168.0.7]) by fornost.hmeau.com with smtp (Exim 4.92 #5 (Debian)) id 1kLiuS-0007O2-8c; Fri, 25 Sep 2020 18:16:53 +1000 Received: by gwarestrin.arnor.me.apana.org.au (sSMTP sendmail emulation); Fri, 25 Sep 2020 18:16:52 +1000 Date: Fri, 25 Sep 2020 18:16:52 +1000 From: Herbert Xu To: Elena Petrova Cc: linux-crypto@vger.kernel.org, Eric Biggers , Stephan =?iso-8859-1?Q?M=FCller?= , Ard Biesheuvel , Jeffrey Vander Stoep , Eric Biggers Subject: Re: [PATCH v9] crypto: af_alg - add extra parameters for DRBG interface Message-ID: <20200925081651.GQ6381@gondor.apana.org.au> References: <20200918064348.GA9479@gondor.apana.org.au> <20200918154216.1678740-1-lenaptr@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20200918154216.1678740-1-lenaptr@google.com> User-Agent: Mutt/1.10.1 (2018-07-13) Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Fri, Sep 18, 2020 at 04:42:16PM +0100, Elena Petrova wrote: > Extend the user-space RNG interface: > 1. Add entropy input via ALG_SET_DRBG_ENTROPY setsockopt option; > 2. Add additional data input via sendmsg syscall. > > This allows DRBG to be tested with test vectors, for example for the > purpose of CAVP testing, which otherwise isn't possible. > > To prevent erroneous use of entropy input, it is hidden under > CRYPTO_USER_API_RNG_CAVP config option and requires CAP_SYS_ADMIN to > succeed. > > Signed-off-by: Elena Petrova > Acked-by: Stephan M?ller > Reviewed-by: Eric Biggers > --- > > Updates in v9: > Add IS_ENABLED(CONFIG_CRYPTO_USER_API_RNG_CAVP) condition for replacing > proto_ops. > > Updates in v8: > Added Reviewed-by tag to the description. > > Updates in v7: > 1) rebased onto the latest at cryptodev-2.6.git, fixed compiler errors; > 2) replaced kzfree with kfree_sensitive; > 3) changed rng_test_sendmsg to return an error if len > MAXSIZE; > 4) updated documentation to say when can Additional Data be provided. > > Updates in v6: > 1) Kconfig option renamed to CRYPTO_USER_API_RNG_CAVP and is now bool instead > of tristate; > 2) run-time switch of proto_ops depending on whether the entropy was set; > 3) corrected the NIST standard name; > 4) rebased onto the tip of the tree; > 5) documentation clarified; > > Updates in v5: > 1) use __maybe_unused instead of #ifdef; > 2) separate code path for a testing mode; > 3) only allow Additional Data input in a testing mode. > > Updates in v4: > 1) setentropy returns 0 or error code (used to return length); > 2) bigfixes suggested by Eric. > > Updates in v3: > 1) More details in commit message; > 2) config option name is now CRYPTO_USER_API_CAVP_DRBG; > 3) fixed a bug of not releasing socket locks. > > Updates in v2: > 1) Adding CONFIG_CRYPTO_CAVS_DRBG around setentropy. > 2) Requiring CAP_SYS_ADMIN for entropy reset. > 3) Locking for send and recv. > 4) Length checks added for send and setentropy; send and setentropy now return > number of bytes accepted. > 5) Minor code style corrections. > > libkcapi patch for testing: > https://github.com/Len0k/libkcapi/commit/6f095d270b982008f419078614c15caa592cb531 > > Documentation/crypto/userspace-if.rst | 20 ++- > crypto/Kconfig | 9 ++ > crypto/af_alg.c | 14 ++- > crypto/algif_rng.c | 175 ++++++++++++++++++++++++-- > include/crypto/if_alg.h | 1 + > include/uapi/linux/if_alg.h | 1 + > 6 files changed, 205 insertions(+), 15 deletions(-) Patch applied. Thanks. -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt