Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp92511pxv; Tue, 13 Jul 2021 22:53:00 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxt8n8A+0i/KaIRAdrNbR6teqZrty5dnVAYjGew2Jf4FlDBym5kRgOeAMLDE7V0klJPVHN7 X-Received: by 2002:a02:380c:: with SMTP id b12mr7316801jaa.68.1626241980045; Tue, 13 Jul 2021 22:53:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1626241980; cv=none; d=google.com; s=arc-20160816; b=J/+SH5iNMq37LxkLE60cerNBT5GqonufSpJHaY+yfDQQ6+89XHUXRKioSsuJ9zhU22 BZh6UiD6DSEmuvXJwXMWjRIop7B8YVzS3dgeaGiD8R10AsD/jmOothBHDtQzMjSIk+EM NIonG0QAlvxv/0y7Yh1VIJN21YAskiyTP8hoFl5ei4423Op5E2hBIDoHzlP/7kQ/5e4q fSHpSec0cmZr7qusue15b5nCBOYDxT4SRohkG2nzazoGIrGzJUCa63XbdXJ94NFY/o4Z CGSJT0yY+bn2aaYvpXgGMCRf7R7IlmRT5e3BbJR09YaGXwh86nvgMDsO5zZOTjUYk6I7 RV/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=QPS7OuH3DnMGYhAOAdZFeI9eRAvYhooyGueRH9+3eaQ=; b=J8wFDWtCs7/djodmoVKAce6k3vnAppX8Oyhji8w1FbO1hqE+dc3pMpLHpAGt+SHdIa 9G7/8Izk/rfYiGThVG9j4dDuHc48tTQ2NReCOCn0emcVd9ynOq3jp5KijApU+n04hxAt e+FSk/ZGheDH/vDygdP4J9ix84jT58USa8fHjNukhmyl1LXpLhDVZmJr2/i5agx3MjuP INRSBB12U9IZNbfsmq9rOn5atk5zoNdtHcD4MMsistKNjZ/NdDDP/HM7EjeMgQWtNXrw rS33oPZRfIAeVMqnKjh6nPKWG0RBF003yGAZK7lNdiRMeROWIKF7neoD/e8yY3EaMURy pNJQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chronox.de header.s=strato-dkim-0002 header.b=tEngVz1K; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id h5si1687482iol.44.2021.07.13.22.52.48; Tue, 13 Jul 2021 22:53:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@chronox.de header.s=strato-dkim-0002 header.b=tEngVz1K; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237998AbhGNFzO (ORCPT + 99 others); Wed, 14 Jul 2021 01:55:14 -0400 Received: from mo4-p03-ob.smtp.rzone.de ([81.169.146.174]:11883 "EHLO mo4-p03-ob.smtp.rzone.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237959AbhGNFzA (ORCPT ); Wed, 14 Jul 2021 01:55:00 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1626241849; s=strato-dkim-0002; d=chronox.de; h=References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Cc:Date: From:Subject:Sender; bh=QPS7OuH3DnMGYhAOAdZFeI9eRAvYhooyGueRH9+3eaQ=; b=tEngVz1KJa+q1P8czzuUJP5st33/XIHV0R43TV83p/+U5xLNfbnJ0Z1kW0OWrk2Cr4 ObyT/BT+bA5PtqQQhMOTpHb15R6jMihZZin24es9DR+ApwJASzHPYPwAV8JsZOPV/Hj4 VqUy8R2f2q/Pz5YzEwN7BT6ac9J1CzMqlKyRfyT4a8GQFsXbqv0vy8IMtKgY8VVYWrpv St/IwWl4l+Rc9I5RPT0PovE/L+rNuuemnk0fO058BDuvtgXB4bnDL6lJQScS4wp7yYMq sdScOGit/Ffvvo/aA5GfGwMRMQA1/x0ZDb+PCuDykPZe6aKSMUbXNa3Pe0VfOvZMttnx h1yg== Authentication-Results: strato.com; dkim=none X-RZG-AUTH: ":P2ERcEykfu11Y98lp/T7+hdri+uKZK8TKWEqNyiHySGSa9k9xmwdNnzHHXPSI/SaRQ==" X-RZG-CLASS-ID: mo00 Received: from positron.chronox.de by smtp.strato.de (RZmta 47.28.1 DYNA|AUTH) with ESMTPSA id N0753fx6E5omwyS (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits)) (Client did not present a certificate); Wed, 14 Jul 2021 07:50:48 +0200 (CEST) From: Stephan =?ISO-8859-1?Q?M=FCller?= To: Tso Ted , linux-crypto@vger.kernel.org Cc: Willy Tarreau , Nicolai Stange , LKML , Arnd Bergmann , Greg Kroah-Hartman , "Eric W. Biederman" , "Alexander E. Patrakov" , "Ahmed S. Darwish" , Matthew Garrett , Vito Caputo , Andreas Dilger , Jan Kara , Ray Strode , William Jon McCann , zhangjs , Andy Lutomirski , Florian Weimer , Lennart Poettering , Peter Matthias , Marcelo Henrique Cerri , Neil Horman , Randy Dunlap , Julia Lawall , Dan Carpenter , Andy Lavr , Eric Biggers , "Jason A. Donenfeld" , Petr Tesarik , John Haxby , Alexander Lobakin Subject: [PATCH v41 10/13] LRNG - add Jitter RNG fast noise source Date: Wed, 14 Jul 2021 07:48:40 +0200 Message-ID: <8015368.FPDjnrgga5@positron.chronox.de> In-Reply-To: <7822794.ITf6fX9eNu@positron.chronox.de> References: <7822794.ITf6fX9eNu@positron.chronox.de> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org The Jitter RNG fast noise source implemented as part of the kernel crypto API is queried for 256 bits of entropy at the time the seed buffer managed by the LRNG is about to be filled. CC: Torsten Duwe CC: "Eric W. Biederman" CC: "Alexander E. Patrakov" CC: "Ahmed S. Darwish" CC: "Theodore Y. Ts'o" CC: Willy Tarreau CC: Matthew Garrett CC: Vito Caputo CC: Andreas Dilger CC: Jan Kara CC: Ray Strode CC: William Jon McCann CC: zhangjs CC: Andy Lutomirski CC: Florian Weimer CC: Lennart Poettering CC: Nicolai Stange CC: Alexander Lobakin Reviewed-by: Marcelo Henrique Cerri Tested-by: Marcelo Henrique Cerri Tested-by: Neil Horman Signed-off-by: Stephan Mueller --- drivers/char/lrng/Kconfig | 27 +++++++++++ drivers/char/lrng/Makefile | 1 + drivers/char/lrng/lrng_jent.c | 90 +++++++++++++++++++++++++++++++++++ 3 files changed, 118 insertions(+) create mode 100644 drivers/char/lrng/lrng_jent.c diff --git a/drivers/char/lrng/Kconfig b/drivers/char/lrng/Kconfig index ffd2df43f2d4..e622b8532e2b 100644 --- a/drivers/char/lrng/Kconfig +++ b/drivers/char/lrng/Kconfig @@ -182,6 +182,33 @@ config LRNG_IRQ_ENTROPY_RATE interrupt entropy source will still deliver data but without being credited with entropy. +comment "Jitter RNG Entropy Source" + +config LRNG_JENT + bool "Enable Jitter RNG as LRNG Seed Source" + depends on CRYPTO + select CRYPTO_JITTERENTROPY + help + The Linux RNG may use the Jitter RNG as noise source. Enabling + this option enables the use of the Jitter RNG. Its default + entropy level is 16 bits of entropy per 256 data bits delivered + by the Jitter RNG. This entropy level can be changed at boot + time or at runtime with the lrng_base.jitterrng configuration + variable. + +config LRNG_JENT_ENTROPY_RATE + int "Jitter RNG Entropy Source Entropy Rate" + range 0 256 + default 16 + help + The option defines the amount of entropy the LRNG applies to 256 + bits of data obtained from the Jitter RNG entropy source. The + LRNG enforces the limit that this value must be in the range + between 0 and 256. + + In order to disable the Jitter RNG entropy source, the option + has to be set to 0. + comment "CPU Entropy Source" config LRNG_CPU_ENTROPY_RATE diff --git a/drivers/char/lrng/Makefile b/drivers/char/lrng/Makefile index 97d2b13d3227..6be88156010a 100644 --- a/drivers/char/lrng/Makefile +++ b/drivers/char/lrng/Makefile @@ -14,3 +14,4 @@ obj-$(CONFIG_LRNG_DRNG_SWITCH) += lrng_switch.o obj-$(CONFIG_LRNG_KCAPI_HASH) += lrng_kcapi_hash.o obj-$(CONFIG_LRNG_DRBG) += lrng_drbg.o obj-$(CONFIG_LRNG_KCAPI) += lrng_kcapi.o +obj-$(CONFIG_LRNG_JENT) += lrng_jent.o diff --git a/drivers/char/lrng/lrng_jent.c b/drivers/char/lrng/lrng_jent.c new file mode 100644 index 000000000000..2599ab9352b6 --- /dev/null +++ b/drivers/char/lrng/lrng_jent.c @@ -0,0 +1,90 @@ +// SPDX-License-Identifier: GPL-2.0 OR BSD-2-Clause +/* + * LRNG Fast Entropy Source: Jitter RNG + * + * Copyright (C) 2016 - 2021, Stephan Mueller + */ + +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt + +#include +#include + +#include "lrng_internal.h" + +/* + * Estimated entropy of data is a 16th of LRNG_DRNG_SECURITY_STRENGTH_BITS. + * Albeit a full entropy assessment is provided for the noise source indicating + * that it provides high entropy rates and considering that it deactivates + * when it detects insufficient hardware, the chosen under estimation of + * entropy is considered to be acceptable to all reviewers. + */ +static u32 jitterrng = CONFIG_LRNG_JENT_ENTROPY_RATE; +#ifdef CONFIG_LRNG_RUNTIME_ES_CONFIG +module_param(jitterrng, uint, 0644); +MODULE_PARM_DESC(jitterrng, "Entropy in bits of 256 data bits from Jitter RNG noise source"); +#endif + +static bool lrng_jent_initialized = false; +static struct rand_data *lrng_jent_state; + +static int __init lrng_jent_initialize(void) +{ + /* Initialize the Jitter RNG after the clocksources are initialized. */ + lrng_jent_state = jent_lrng_entropy_collector(); + if (!lrng_jent_state) { + jitterrng = 0; + pr_info("Jitter RNG unusable on current system\n"); + return 0; + } + lrng_jent_initialized = true; + lrng_pool_add_entropy(); + pr_debug("Jitter RNG working on current system\n"); + + return 0; +} +device_initcall(lrng_jent_initialize); + +/** + * lrng_get_jent() - Get Jitter RNG entropy + * + * @outbuf: buffer to store entropy + * @outbuflen: length of buffer + * + * Return: + * * > 0 on success where value provides the added entropy in bits + * * 0 if no fast source was available + */ +u32 lrng_get_jent(u8 *outbuf, u32 requested_bits) +{ + int ret; + u32 ent_bits = lrng_jent_entropylevel(requested_bits); + unsigned long flags; + static DEFINE_SPINLOCK(lrng_jent_lock); + + spin_lock_irqsave(&lrng_jent_lock, flags); + + if (!ent_bits || !lrng_jent_initialized) { + spin_unlock_irqrestore(&lrng_jent_lock, flags); + return 0; + } + + ret = jent_read_entropy(lrng_jent_state, outbuf, requested_bits >> 3); + spin_unlock_irqrestore(&lrng_jent_lock, flags); + + if (ret) { + pr_debug("Jitter RNG failed with %d\n", ret); + return 0; + } + + pr_debug("obtained %u bits of entropy from Jitter RNG noise source\n", + ent_bits); + + return ent_bits; +} + +u32 lrng_jent_entropylevel(u32 requested_bits) +{ + return lrng_fast_noise_entropylevel((lrng_jent_initialized) ? + jitterrng : 0, requested_bits); +} -- 2.31.1