Re: [PATCH 3/4] crypto: drbg - replace spinlock with mutex

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Montag, 20. April 2015, 08:27:09 schrieb Herbert Xu:

Hi Herbert,

>On Sun, Apr 19, 2015 at 05:37:21PM +0200, Stephan Mueller wrote:
>> I am not sure I understand you correctly: shall the DRBG have these
>> precautions? If so, wouldn't we break the requirements in SP800-90A where
>> the DRBG is intended to seed itself?
>> 
>> Or would you want to update the crypto_alloc_rng routine?
>
>No.  Our API doesn't provide the Instantiate_function obviously.
>If you really want to have an explicit instantiate function then
>you can provide a wrapper:
>
>crypto_instantiate_drbg(...)
>{
>	struct crypto_rng *drbg;
>
>	drbg = crypto_alloc_rng(...);
>	crypto_rng_reset(drbg, ...);
>	return drbg;
>}
>
>The fact that crypto_alloc_rng currently instantiates the RNG
>is wrong because there is no provision for the personalisation
>string.

I do not want to deviate from the kernel crypto API by adding some additional 
wrapper. But what we can do is to leave the DRBG unseeded during alloc time. 
As long as the DRBG is unseeded, it will return EAGAIN to any request for 
random numbers, forcing the caller to use crypto_rng_reset to activate the 
DRBG.

When the DRBG receives a reset, it will always obtain the seed and treat any 
user-provided data as personalization string / additional data.

Such change is straight forward. I would like to roll that one into the 
patchset for the discussed seeding revamp as this issue is definitely 
noticeable there. That patch set is already complete, I am just doing the 
final testing before airing it.

Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux