Received: by 2002:a05:7412:b10a:b0:f3:1519:9f41 with SMTP id az10csp2616224rdb;
        Mon, 4 Dec 2023 02:42:00 -0800 (PST)
X-Google-Smtp-Source: AGHT+IGRmyZDoAk7yMYKwmG8mRTbEtywGeEkbjlAS4wVv8GUo0V8zZC8WKsTAga1FHkXqQn4Txuq
X-Received: by 2002:a17:907:7e82:b0:a19:a19b:78ba with SMTP id qb2-20020a1709077e8200b00a19a19b78bamr3998674ejc.125.1701686520801;
        Mon, 04 Dec 2023 02:42:00 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1701686520; cv=pass;
        d=google.com; s=arc-20160816;
        b=L8+jU8pUB260jawJKHlV8HVfKbUKz0k7EMDaH0ZR/934NrWZhaN2A7fDYszy9hD5L3
         exzHGy35ktNtpxPk3XaFPk/zu2ouNHQ0kNc/fHKovUYbOsiuQPDg+kRCAP5e8BmZVbD6
         JYNumfbcHex7muUGgZ7Y+HTapopm1QCn3GGbWUSOIcu7KnhIRc8ufh7kkhcHuryjOUUS
         bToMUvHXymJrxHSxnebCFM7lWM9FdJ7Jj+O/ZTmKQ60W1Evk4NPIGrIA81XhwaKtK8uR
         hMvBr+SLrG+X6UfvSH8x/DbNUUu7BOYgmfSJDrNTvm3sGouJD9VOqLbJ2EwbF/Jq9Y5D
         aDyQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:in-reply-to:message-id
         :date:subject:cc:to:from:dkim-signature:dkim-signature;
        bh=kY+CsRJEEo8Q3tTpuc3VLCmHuuBh/DLnsioFtgQtvB4=;
        fh=kk4mWdnFVS94SoJjs+4uwG+Ly9wOcR0nNES5ZFbRoZQ=;
        b=zZNpIjt9es+dn0JpfbI6jpsW/h1CtS9qQsOV2hy5kIFIofbMj4zKWwz+Ka/3GPrkTb
         XXgTbAjybC41QwENS3bAtujvkWRwfnE/UnNvqzi8H4+4tl6P+gw1EQ4i1fJCJEZcO2uq
         M7tqylukkIW5KeXMZQc8vBFpsRCNcL/hhUEzTAONvpe8ATa8Ar3CPIPdPdFGm7CoWTxa
         JZsAoc1/4holJiILY3xB4l1Kkp/UYmP4YvpufmojNXfuFoN2mfQh6U8PEe+dn65HxMa9
         HNMAXEFtbfERT3r2jUngb7TqTqXs8KN+C0249y/kAa/lmRVPiUKtQMt819XcbrJ5hWf2
         bYyg==
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@chronox.de header.s=strato-dkim-0002 header.b=f7G0hgD2;
       dkim=neutral (no key) header.i=@chronox.de;
       arc=pass (i=1);
       spf=pass (google.com: domain of linux-crypto+bounces-532-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-crypto+bounces-532-linux.lists.archive=gmail.com@vger.kernel.org"
Return-Path: <linux-crypto+bounces-532-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249])
        by mx.google.com with ESMTPS id g12-20020a1709063b0c00b00a1a6281b8dbsi2057210ejf.662.2023.12.04.02.42.00
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 04 Dec 2023 02:42:00 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-crypto+bounces-532-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@chronox.de header.s=strato-dkim-0002 header.b=f7G0hgD2;
       dkim=neutral (no key) header.i=@chronox.de;
       arc=pass (i=1);
       spf=pass (google.com: domain of linux-crypto+bounces-532-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-crypto+bounces-532-linux.lists.archive=gmail.com@vger.kernel.org"
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by am.mirrors.kernel.org (Postfix) with ESMTPS id 851761F20F4B
	for <linux.lists.archive@gmail.com>; Mon,  4 Dec 2023 10:42:00 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 02764224D1
	for <linux.lists.archive@gmail.com>; Mon,  4 Dec 2023 10:41:59 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=chronox.de header.i=@chronox.de header.b="f7G0hgD2";
	dkim=permerror (0-bit key) header.d=chronox.de header.i=@chronox.de header.b="yybkppYn"
X-Original-To: linux-crypto@vger.kernel.org
Received: from mo4-p00-ob.smtp.rzone.de (mo4-p00-ob.smtp.rzone.de [81.169.146.162])
	by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5A56BA4
	for <linux-crypto@vger.kernel.org>; Mon,  4 Dec 2023 00:52:30 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1701679948; cv=none;
    d=strato.com; s=strato-dkim-0002;
    b=BRlhcA2L63eWYuVYAgQ64WgcGRg9HDsp1W7wIuCmKFTZxls3JVtTBIg+ztMldFzDvf
    xrwvt6C4qrLvMLxRHWkeqHFadAXprlM9+O/WGLYqQ1bNSrn/oz77uxL2/S2zKzLzQXU9
    N/ZXB6gscFebIUu/KsocZdP4SsxpRwniZPP3io51YPvq95/Wcz1HryJgxc0k45iy6C67
    rOe+VAF5jc8myinEl0Um0InDX5rvEmhZTjTRwQC0GJXUiYqPwbwD+fnSINMHr4EevNDx
    tBrEt++ziPIse+/72r61KTm7bqA5CubtJ0XpQXws9MZ/MTXHJeDIudqgnC9JmEw8R7XF
    FVLQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; t=1701679948;
    s=strato-dkim-0002; d=strato.com;
    h=References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Cc:Date:
    From:Subject:Sender;
    bh=kY+CsRJEEo8Q3tTpuc3VLCmHuuBh/DLnsioFtgQtvB4=;
    b=GOcNlYImASKt+WOIKa+O5f9twTpv73ntPpo9dlSPuP2aFKmqNo4lNJHxsKAJ5huess
    asxBiULoVPKlcUOyIq/GIYpbh7Ba1h1P0OF2ZAeJSb5DP3Y0c9zIraIbrz0goTf4RNN+
    ++C4z9x9710UW34TUjqek87yPnwNJ+LSbJ+gqj51EfL3pHw7s3ZNzDiwbCPqDdlUoRkx
    mHOnGcIaM3MrfJDYhcYO68X5NbxODZ/g6tdH+WSfHpQyLoZwo3QfbMAQClOsJMurwzOV
    Bf3jHmXd1/TRGPUto5f8FdntAefF4SmCHu+KnDoT412SmMmdtUvTkWVUclYyiTC6Waz1
    EvAw==
ARC-Authentication-Results: i=1; strato.com;
    arc=none;
    dkim=none
X-RZG-CLASS-ID: mo00
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1701679948;
    s=strato-dkim-0002; d=chronox.de;
    h=References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Cc:Date:
    From:Subject:Sender;
    bh=kY+CsRJEEo8Q3tTpuc3VLCmHuuBh/DLnsioFtgQtvB4=;
    b=f7G0hgD21cAM4VYrKkFisFzhxR0zPMht/+elB7qeyZ+KJq+102sh2EARQVYYp0T7Pq
    VZKcqKMgPyY+lZ7Xiz4FTnHeTtKZY7lwhmqu1DcRg5kkqQAQfMJrMUTlg7zXm9/VlXgu
    r3alnvKYATkBPG19eTnDamuCIoh8a0nI5oVPgo4+npKj7D8RsY2lpGwHOgY0wd5mElWB
    l3NP6wbASqT7X97QVhxqeWAnEDJTTDCO9YHBN2oR/ieZ7hgf9kYqlDG6TXg/G/CEQZxb
    INYcKP6Q03RLeITSRxIBFUMTYQW6AyCWIghhwbyW/qhTkPJzMu+uh2aBhgNmdQeOi9Ue
    UfIA==
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; t=1701679948;
    s=strato-dkim-0003; d=chronox.de;
    h=References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Cc:Date:
    From:Subject:Sender;
    bh=kY+CsRJEEo8Q3tTpuc3VLCmHuuBh/DLnsioFtgQtvB4=;
    b=yybkppYniG53waKRe1oHjGYY7omK81MI5UBWnbGVI7WnCY9uuu0lPGJuTMfzsMwq3O
    1dj5obVz5kpBHR++SJBg==
X-RZG-AUTH: ":P2ERcEykfu11Y98lp/T7+hdri+uKZK8TKWEqNyiHySGSa9k9y2gdNk2TvDz0d0u1qzE="
Received: from tauon.chronox.de
    by smtp.strato.de (RZmta 49.9.7 AUTH)
    with ESMTPSA id jc800bzB48qRGVN
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits))
	(Client did not present a certificate);
    Mon, 4 Dec 2023 09:52:27 +0100 (CET)
From: Stephan Mueller <smueller@chronox.de>
To: Anton Ivanov <anton.ivanov@kot-begemot.co.uk>,
 linux-um@lists.infradead.org, Johannes Berg <johannes@sipsolutions.net>
Cc: linux-crypto@vger.kernel.org
Subject: Re: jitterentropy vs. simulation
Date: Mon, 04 Dec 2023 09:52:27 +0100
Message-ID: <1947100.kdQGY1vKdC@tauon.chronox.de>
In-Reply-To: <8ddb48606cebe4e404d17a627138aa5c5af6dccd.camel@sipsolutions.net>
References:
 <e4800de3138d3987d9f3c68310fcd9f3abc7a366.camel@sipsolutions.net>
 <7db861e3-60e4-0ed4-9b28-25a89069a9db@kot-begemot.co.uk>
 <8ddb48606cebe4e404d17a627138aa5c5af6dccd.camel@sipsolutions.net>
Precedence: bulk
X-Mailing-List: linux-crypto@vger.kernel.org
List-Id: <linux-crypto.vger.kernel.org>
List-Subscribe: <mailto:linux-crypto+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-crypto+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"

Am Freitag, 1. Dezember 2023, 19:35:11 CET schrieb Johannes Berg:

Hi Johannes,

> [I guess we should keep the CCs so other see it]
> 
> > Looking at the stuck check it will be bogus in simulations.
> 
> True.
> 
> > You might as well ifdef that instead.
> > 
> > If a simulation is running insert the entropy regardless and do not
> > compute the derivatives used in the check.
> Actually you mostly don't want anything inserted in that case, so it's
> not bad to skip it.
> 
> I was mostly thinking this might be better than adding a completely
> unrelated ifdef. Also I guess in real systems with a bad implementation
> of random_get_entropy(), the second/third derivates might be
> constant/zero for quite a while, so may be better to abort?
> 
> In any case, I couldn't figure out any way to not configure this into
> the kernel when any kind of crypto is also in ...

The reason for the Jitter RNG to be dragged in is the Kconfig select in 
CRYPTO_DRBG. Why does the DRBG require it?

The DRBG seeds from get_random_bytes || jitter rng output. It pulls an equal 
amount of data from each source where each source alone is able to provide all 
entropy that the DRBG needs. That said, the Jitter RNG can be designated as 
optional, because the code already can handle the situation where this Jitter 
RNG is not available. However, in FIPS mode, we must have the Jitter RNG 
source.

That said, I could fathom to change CRYPTO_DRBG to remove the select 
CRYPTO_JITTERENTROPY. But instead, add the select to CRYPTO_FIPS.

This change would entail a new log entry when a DRBG instance initializes:

pr_info("DRBG: Continuing without Jitter RNG\n");

I would assume that this change could help you to deselect the Jitter RNG in 
your environment.

Side note: do you have an idea how that Jitter RNG perhaps could still be 
selected by default when the DRBG is enabled, but allows it being deselected 
following the aforementioned suggestion?

Ciao
Stephan