Re: [PATCH v25 10/12] LRNG - add TRNG support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



20.11.2019 13:58, Stephan Müller пишет:

Or another idea and apologies if I restart this conversation as there was
already a discussion around it: what about extending the getrandom(2) call
instead of adding a device file?

What about adding yet another flag to getrandom: GRND_TRUERANDOM and process
it as follows:

         if (flags & ~(GRND_NONBLOCK|GRND_RANDOM|GRND_INSECURE|
GRND_TRUERANDOM))
                 return -EINVAL;

         //From Andy's tree
         /*
          * Requesting insecure and blocking randomness at the same time makes
          * no sense.
          */
         if ((flags & (GRND_INSECURE|GRND_RANDOM)) == (GRND_INSECURE|
GRND_RANDOM))
                 return -EINVAL;

	  /* We only allow GRND_TRUERANDOM by itself or with NONBLOCK */
	  if (! ((flags & GRND_TRUERANDOM) &&
                ((flags == GRND_TRUERANDOM) ||
                 (flags == GRND_TRUERANDOM | GRND_NONBLOCK))))
		return -EINVAL;

	if (flags & GRND_TRUERANDOM) {
		... do the TRNG processing ...
		... may return -ENOPNOTSUPP if no TRNG available ...
	}

This would totally miss the point of adding a device node: UNIX permissions that don't allow "others" to read and deplete "true" random numbers.

--
Alexander E. Patrakov



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux