[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87zgqurhcj.fsf@suse.de>
Date: Wed, 27 Oct 2021 10:40:12 +0200
From: Nicolai Stange <nstange@...e.de>
To: Stephan Müller <smueller@...onox.de>
Cc: Herbert Xu <herbert@...dor.apana.org.au>,
"David S. Miller" <davem@...emloft.net>,
Nicolai Stange <nstange@...e.de>, Torsten Duwe <duwe@...e.de>,
linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 0/6] crypto: DRBG - improve 'nopr' reseeding
Hi Stephan,
first of all, many thanks for your prompt review!
Stephan Müller <smueller@...onox.de> writes:
> Am Montag, 25. Oktober 2021, 11:25:19 CEST schrieb Nicolai Stange:
>
>
>> - Replace the asynchronous random_ready_callback based DRBG reseeding
>> logic with a synchronous solution leveraging rng_is_initialized().
>
> Could you please help me why replacing an async method with a sync method is
> helpful? Which problems do you see with the async method that are alleviated
> with the swtich to the sync method? In general, an async method is more
> powerful, though it requires a bit more code.
There is no problem with the async method (*), I just don't see any
advantage over the less complex approach of doing all reseeding
work synchronously from drbg_generate().
Before the change, there had been two sites taking care of reseeding:
the drbg_async_seed() work handler scheduled from the
random_ready_callback and drbg_generate().
After the change, all reseeding is handled at a single place only, namely
drbg_generate(), which, in my opinion, makes it easier to reason about.
In particular, in preparation for patch 6/6 from this series introducing
yet another condition for triggering a reseed...
Thanks,
Nicolai
(*) Except for that a wait_for_random_bytes() issued by DRBG users won't
give any guarantees with respect to a subsequent drbg_generate()
operation, c.f. my other mail in reply to your review on 3/6 I'm
about to write in a second. As of now, there aren't any DRBG users
invoking wait_for_random_bytes(), but one might perhaps consider
changing that in the future.
>> This
>> move simplifies the code IMO and, as a side-effect, would enable DRBG
>> users to rely on wait_for_random_bytes() to sync properly with
>> drbg_generate(), if desired. Implemented by patches 1-5/6.
>> - Make the 'nopr' DRBGs to reseed themselves every 5min from
>> get_random_bytes(). This achieves at least kind of a partial prediction
>> resistance over the time domain at almost no extra cost. Implemented
>> by patch 6/6, the preceding patches in this series are a prerequisite
>> for this.
--
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
(HRB 36809, AG Nürnberg), GF: Felix Imendörffer
Powered by blists - more mailing lists