On Fri, Sep 18, 2020 at 04:42:16PM +0100, Elena Petrova wrote: > Extend the user-space RNG interface: > 1. Add entropy input via ALG_SET_DRBG_ENTROPY setsockopt option; > 2. Add additional data input via sendmsg syscall. > > This allows DRBG to be tested with test vectors, for example for the > purpose of CAVP testing, which otherwise isn't possible. > > To prevent erroneous use of entropy input, it is hidden under > CRYPTO_USER_API_RNG_CAVP config option and requires CAP_SYS_ADMIN to > succeed. > > Signed-off-by: Elena Petrova <lenaptr@xxxxxxxxxx> > Acked-by: Stephan Müller <smueller@xxxxxxxxxx> > Reviewed-by: Eric Biggers <ebiggers@xxxxxxxxxx> > --- > > Updates in v9: > Add IS_ENABLED(CONFIG_CRYPTO_USER_API_RNG_CAVP) condition for replacing > proto_ops. > > Updates in v8: > Added Reviewed-by tag to the description. > > Updates in v7: > 1) rebased onto the latest at cryptodev-2.6.git, fixed compiler errors; > 2) replaced kzfree with kfree_sensitive; > 3) changed rng_test_sendmsg to return an error if len > MAXSIZE; > 4) updated documentation to say when can Additional Data be provided. > > Updates in v6: > 1) Kconfig option renamed to CRYPTO_USER_API_RNG_CAVP and is now bool instead > of tristate; > 2) run-time switch of proto_ops depending on whether the entropy was set; > 3) corrected the NIST standard name; > 4) rebased onto the tip of the tree; > 5) documentation clarified; > > Updates in v5: > 1) use __maybe_unused instead of #ifdef; > 2) separate code path for a testing mode; > 3) only allow Additional Data input in a testing mode. > > Updates in v4: > 1) setentropy returns 0 or error code (used to return length); > 2) bigfixes suggested by Eric. > > Updates in v3: > 1) More details in commit message; > 2) config option name is now CRYPTO_USER_API_CAVP_DRBG; > 3) fixed a bug of not releasing socket locks. > > Updates in v2: > 1) Adding CONFIG_CRYPTO_CAVS_DRBG around setentropy. > 2) Requiring CAP_SYS_ADMIN for entropy reset. > 3) Locking for send and recv. > 4) Length checks added for send and setentropy; send and setentropy now return > number of bytes accepted. > 5) Minor code style corrections. > > libkcapi patch for testing: > https://github.com/Len0k/libkcapi/commit/6f095d270b982008f419078614c15caa592cb531 > > Documentation/crypto/userspace-if.rst | 20 ++- > crypto/Kconfig | 9 ++ > crypto/af_alg.c | 14 ++- > crypto/algif_rng.c | 175 ++++++++++++++++++++++++-- > include/crypto/if_alg.h | 1 + > include/uapi/linux/if_alg.h | 1 + > 6 files changed, 205 insertions(+), 15 deletions(-) Patch applied. Thanks. -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
