Received: by 2002:a05:6a10:1a4d:0:0:0:0 with SMTP id nk13csp4114502pxb; Fri, 11 Feb 2022 16:06:03 -0800 (PST) X-Google-Smtp-Source: ABdhPJzt46+J9qJ9tmqfcZhBMuz7pKvQWvEvpadOHQYsEgD1oj0cVUPeJiEtA/3YvOVknWLF4hDa X-Received: by 2002:a17:902:be11:: with SMTP id r17mr3862063pls.5.1644624362655; Fri, 11 Feb 2022 16:06:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1644624362; cv=none; d=google.com; s=arc-20160816; b=BUAaOSHLvUyZQIm+8N01YvAms6gluk+hOa9mrKSH+NCr8EIUluZLytG/HrLy3RvFBU dew4cmELKTKLM8+FrafJ+DRlL3zPiwPQuzFiq2i6lRbdTkUdfwj7h3wbYWI+niFlNPra XQVIfUBKJ3/tBzuZ/LPbMmkr3Je7XegaqddrtOoNuzGY1Ye0V4upvty56hs9KF31hAMx 1X7/g1AELIJW2Qd4TLO+X70rNXzI5O5w+Du9bURFOKd8c5xXOAyrwbLan+nH84NwSRJ2 ESF4zke6ur3MXIlPK3RFdhW7vgpv/NNxjp6IG6kROL5tzfgE5eBpjnlSMhrWFC6Qpvjp 8OyA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:to:subject:message-id:date:from:mime-version :dkim-signature; bh=Q9vjqRcbEx3G5/Z1C2zvbBDueYb3rslHgsJMw5Sxo48=; b=qYXQLJvjjZkAcwCqN+lGX4VMeZK8JuMO3CgrMl4R2Enw6e97hOkFp9ajmSy5QxC3X5 /OXxvCYXP4KTukaJoKWZNUfzx9IWzA/nMtrLSbtaCN2YoKhlCBBJx3x63SxNI42zaBDR 8dgS6rD5kOKbga0hAFs6OG5PTLPdO8ae+bXO4k7n1UQ60P3YrXIaNsmRC7OZRZNRqOQE NRfLJ3U00kBlKjjo/aAUAxexRlILVwdLW6r7hzMsrHt1YPyYLxy8JJUKfd3o8baZ4UcW Lb3zC9IaIOppPq1XgaZEIEHdTworeYkFB6m/xbau2El4AkeShdkX1e6LsYQslW9W6Itm Waqw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=CIZKLW2Y; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id nn2si6280177pjb.132.2022.02.11.16.05.36; Fri, 11 Feb 2022 16:06:02 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=CIZKLW2Y; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243088AbiBJOmJ (ORCPT + 99 others); Thu, 10 Feb 2022 09:42:09 -0500 Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:50938 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S243092AbiBJOmG (ORCPT ); Thu, 10 Feb 2022 09:42:06 -0500 Received: from mail-ej1-x630.google.com (mail-ej1-x630.google.com [IPv6:2a00:1450:4864:20::630]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 33388CC6 for ; Thu, 10 Feb 2022 06:42:07 -0800 (PST) Received: by mail-ej1-x630.google.com with SMTP id a8so15866739ejc.8 for ; Thu, 10 Feb 2022 06:42:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:from:date:message-id:subject:to; bh=Q9vjqRcbEx3G5/Z1C2zvbBDueYb3rslHgsJMw5Sxo48=; b=CIZKLW2YpERiYqilNBZwn1KHtJi4mKpGR7KnVZSu1uvFr69gO21mxe60rfczbSuuTZ aaoFfqSf+GRrAvvGsBYVEiz5OHGvqCV47N3BVS3F8qlZFdxrHvgtqI4bRGPwzUXHMUjB pHj0/cQr9mEIbzTdN9yETmDUlbciEO5oTyazJB8hnw6URay8vxV9Jpy1CAk9pwDBbz0l cXr9lMPn+Jg/Xo1MyuSLP0YXcjJ+aH3PXm56p2InZU/r88eizSr1Zc1yY6tgl+yp5D5A aNMD25gfFraWRjSK1nKRJ5jJAYXm7fhEQjnmQk+b9mAcIah3jof0msx8bPMEaVDMlTmM Kx6A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=Q9vjqRcbEx3G5/Z1C2zvbBDueYb3rslHgsJMw5Sxo48=; b=41gQbp9/zg/rkUgChJPoI9KiGjwwTshM7JZov7qoAuvWRkf3vLUlpjKh6Je1wSASR5 WMioSlBmg8ZAT+gUU8W3sDmVoM+L61hr0jZi1CiT3I9lKohBQqTgOR9o8k/O7HgW3/Dt LNS27+oxocJwkvQg3j35hIaigJEZ5a5tVFUED9dmEDhGghVtwsPGNSNQ27/hOOl/vxfb e95AqHWtt1MD9l44QFwNA4+QWcyj8Al98SNqy9V4eb4uu+Obc6RS5kxxN+NEueX/lq62 3ExUF6Eyh5y1QM1KrCVsd9GWclEsaEzTfcLf65/ZOA3MykhufQ18hh7vjsfhAqPV5nLo 8ZFQ== X-Gm-Message-State: AOAM533cW9IV5HlvT9ixxqqu/76nEPdliWnZEnkFLSyyqXmzASgXPirc PJlOKTp9GgOFHe51503b/fnjJe5JAy2+6mPiwwMnbrMi26I= X-Received: by 2002:a17:907:7292:: with SMTP id dt18mr6773682ejc.649.1644504125521; Thu, 10 Feb 2022 06:42:05 -0800 (PST) MIME-Version: 1.0 From: Sandy Harris Date: Thu, 10 Feb 2022 22:41:53 +0800 Message-ID: Subject: [PATCH 3/4] random: get_source_long() function To: Linux Crypto Mailing List , "Ted Ts'o" , "Jason A. Donenfeld" , Herbert Xu , Greg Kroah-Hartman Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org This function gets random data from the best available source The current code has a sequence in several places that calls one or more of arch_get_random_long() or related functions, checks the return value(s) and on failure falls back to random_get_entropy(). get_source long() is intended to replace all such sequences. This is better in several ways. In the fallback case it gives much more random output than random_get_entropy(). It never wastes effort by calling arch_get_random_long() et al. when the relevant config variables are not set. When it does use arch_get_random_long(), it does not deliver raw output from that function but masks it by mixing with stored random data. Signed-off-by: Sandy Harris --- drivers/char/random.c | 74 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) diff --git a/drivers/char/random.c b/drivers/char/random.c index 9edf65ad4259..6c77fd056f66 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -1031,6 +1031,80 @@ static void xtea_rekey(void) xtea_iterations = 0 ; } +/************************************************************************** + * Load a 64-bit word with data from whatever source we have + * + * arch_get_random_long() + * hardware RNG + * emulated HWRNG in a VM + * + * When there are two sources, alternate. + * If you have no better source, or if one fails, + * fall back to get_xtea_long() + * + * This function always succeeds, which allows some + * simplifications elsewhere in the code. + * + * This is intended only for use inside the kernel. + * Any data sent to user space should come from the + * chacha-based crng construction. + ***************************************************************************/ + +static int load_count = 0; +#define COUNT_RESTART 128 + +/* + * Add a mask variable so we can avoid using data + * from any source directly as output. + */ +static unsigned long source_mask ; + +/* + * Use xtea sometimes even if we have a good source + * Avoids trusting the source completely + */ +#define MIX_MASK 15 + +static void get_source_long(unsigned long *x) +{ + int a, b ; + int ret = 0 ; + + if (load_count >= COUNT_RESTART) + load_count = 0 ; + if (load_count == 0) + get_xtea_long(&source_mask) ; + + a = IS_ENABLED(CONFIG_ARCH_RANDOM) ; + b = IS_ENABLED(CONFIG_HW_RANDOM) ; + + if (a && b) { + if (load_count & 1) + ret = arch_get_random_long(x) ; + else ret = get_hw_long(x) ; + } + if (a && !b) { + if (load_count&MIX_MASK) + ret = arch_get_random_long(x) ; + } + if (!a && b) { + if (load_count&MIX_MASK) + ret = get_hw_long(x) ; + } + /* + * no source configured + * or configured one failed + * + * or it is just time for tea, + * (load_count&MIX_MASK) == 0 + */ + if (!ret) + get_xtea_long(x) ; + + *x += source_mask ; + load_count++ ; +} + /********************************************************************* * * CRNG using CHACHA20 -- 2.25.1