I'm trying to understand the Linux crypto layer, and a lot of the code I read for guidance I instead end up wanting to fix. My current itch to scratch is crypto/ansi_cprng.c. There is a lot of questionable code I'll submit patches for, particularly: - The "rand_data_valid" variable, which is actually the amount of INvalid data in ctx->rand_data[]. (I'm renaming it to rand_data_pos.) - The ctx->I and ctx->last_rand_data buffers, which are completely unnecessary (and in the latter case, violate anti-backtracking). - The fact that cprng_init() calls reset_prng_context() with NULL key and V inputs, and the latter has special-case code to handle that, when cprng_init() sets PRNG_NEED_RESET, so can just omit the call entirely. But there's one thing that I can't figure out, and that is whether the code is meant to be an implementation of the ANSI X9.17/X9.31 RNG. It's currently definitely not, because the spec requires periodic input of a timestamp with some seed entropy, while the code just uses an incrementing counter. So I have two paths available: 1. Clarify in comments that, although "Based on" X9.31 Appendix A.2.4, this is very much NOT an implementation thereof. This is a fully deterministic PRNG, while the spec is for an RNG. 2. Alternativelt, change the code to actually use high-resolution timestamps for seed material. In the latter case, I'd use jiffies and random_get_entropy, and provide a compatible deterministic option for self-testing. I'd drop the recommended seedsize to DEFAULT_PRNG_KSZ + DEFAULT_BLK_SZ, but keep the current implementation's support for an optional starting DT value. If it isn't provided (the default), the code would generate it fresh on each call to _get_more_prng_bytes, rather than the current default to zero. My problem is I don't know which option is intended. Is it guaranteed that CRYPTO_ALG_TYPE_RNG is deterministic? -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
