Re: [PATCH] crypto: sun4i-ss: support the Security System PRNG

From: Stephan Mueller
Date: Thu Nov 17 2016 - 03:18:56 EST

Next message: Tomasz Nowicki: "Re: [PATCH V4 2/2] PCI/ACPI: hisi: Add ACPI support for HiSilicon SoCs Host Controllers"
Previous message: yuantian.tang: "[PATCH 2/2] arm64: dts: updated sata node on ls1046a dts"
In reply to: Corentin Labbe: "Re: [PATCH] crypto: sun4i-ss: support the Security System PRNG"
Next in thread: Sandy Harris: "Re: [PATCH] crypto: sun4i-ss: support the Security System PRNG"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Am Donnerstag, 17. November 2016, 09:07:48 CET schrieb Corentin Labbe:

Hi Corentin,
>
> Seed again, or just do not seed (and so return -EAGAIN for read() function)
> until ready_callback ?

This is your choice. But for the start sequence, you should not simply rely on
get_random_bytes.

For the DRBG in crypto/drbg.c we seed with get_random_bytes and the Jitter RNG
in case the input_pool is not fully seeded. The reseed trigger is reduced to
50 DRBG requests, i.e. after 50 requests, the DRBG again reseeds from
get_random_bytes / Jitter RNG. This is continued until the input_pool has been
sufficiently seeded (i.e. the registered callback is triggered). At that
point, another get_random_bytes call is made, the Jitter RNG is deactivated
and the reseed threshold is set to the common value.

Ciao
Stephan

Next message: Tomasz Nowicki: "Re: [PATCH V4 2/2] PCI/ACPI: hisi: Add ACPI support for HiSilicon SoCs Host Controllers"
Previous message: yuantian.tang: "[PATCH 2/2] arm64: dts: updated sata node on ls1046a dts"
In reply to: Corentin Labbe: "Re: [PATCH] crypto: sun4i-ss: support the Security System PRNG"
Next in thread: Sandy Harris: "Re: [PATCH] crypto: sun4i-ss: support the Security System PRNG"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]