git.baikalelectronics.ru Git - kernel.git/commit

author	Stephan Mueller <smueller@chronox.de>
	Wed, 10 Jun 2015 01:33:37 +0000 (03:33 +0200)
committer	Herbert Xu <herbert@gondor.apana.org.au>
	Wed, 10 Jun 2015 11:14:05 +0000 (19:14 +0800)
commit	0513eaec3d3bd861c92ec10fa7b58a3e85d12f7b
tree	18c491c8da018ac142ab53d3d47982a95bc3f1d3	tree \| snapshot
parent	546e563d0a9b5693e2efd9028df78f53fda30d40	commit \| diff

crypto: drbg - reseed often if seedsource is degraded

As required by SP800-90A, the DRBG implements are reseeding threshold.
This threshold is at 2**48 (64 bit) and 2**32 bit (32 bit) as
implemented in drbg_max_requests.

With the recently introduced changes, the DRBG is now always used as a
stdrng which is initialized very early in the boot cycle. To ensure that
sufficient entropy is present, the Jitter RNG is added to even provide
entropy at early boot time.

However, the 2nd seed source, the nonblocking pool, is usually
degraded at that time. Therefore, the DRBG is seeded with the Jitter RNG
(which I believe contains good entropy, which however is questioned by
others) and is seeded with a degradded nonblocking pool. This seed is
now used for quasi the lifetime of the system (2**48 requests is a lot).

The patch now changes the reseed threshold as follows: up until the time
the DRBG obtains a seed from a fully iniitialized nonblocking pool, the
reseeding threshold is lowered such that the DRBG is forced to reseed
itself resonably often. Once it obtains the seed from a fully
initialized nonblocking pool, the reseed threshold is set to the value
required by SP800-90A.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

crypto/drbg.c		diff \| blob \| history
include/crypto/drbg.h		diff \| blob \| history