korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-12-16 23:45:31 +08:00
Code Issues Packages Projects Releases Wiki Activity
ff98cc986a
linux/arch/s390/crypto
History
Harald Freudenberger ff98cc986a s390/crypto: add arch_get_random_long() support 
The random longs to be pulled by arch_get_random_long() are
prepared in an 4K buffer which is filled from the NIST 800-90
compliant s390 drbg. By default the random long buffer is refilled
256 times before the drbg itself needs a reseed. The reseed of the
drbg is done with 32 bytes fetched from the high quality (but slow)
trng which is assumed to deliver 100% entropy. So the 32 * 8 = 256
bits of entropy are spread over 256 * 4KB = 1MB serving 131072
arch_get_random_long() invocations before reseeded.

How often the 4K random long buffer is refilled with the drbg
before the drbg is reseeded can be adjusted. There is a module
parameter 's390_arch_rnd_long_drbg_reseed' accessible via
  /sys/module/arch_random/parameters/rndlong_drbg_reseed
or as kernel command line parameter
  arch_random.rndlong_drbg_reseed=<value>
This parameter tells how often the drbg fills the 4K buffer before
it is re-seeded by fresh entropy from the trng.
A value of 16 results in reseeding the drbg at every 16 * 4 KB = 64
KB with 32 bytes of fresh entropy pulled from the trng. So a value
of 16 would result in 256 bits entropy per 64 KB.
A value of 256 results in 1MB of drbg output before a reseed of the
drbg is done. So this would spread the 256 bits of entropy among 1MB.
Setting this parameter to 0 forces the reseed to take place every
time the 4K buffer is depleted, so the entropy rises to 256 bits
entropy per 4K or 0.5 bit entropy per arch_get_random_long().  With
setting this parameter to negative values all this effort is
disabled, arch_get_random long() returns false and thus indicating
that the arch_get_random_long() feature is disabled at all.

arch_get_random_long() is used by random.c among others to provide
an initial hash value to be mixed with the entropy pool on every
random data pull. For about 64 bytes read from /dev/urandom there
is one call to arch_get_random_long(). So these additional random
long values count for performance of /dev/urandom with measurable
but low penalty.

Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Juergen Christ <jchrist@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
2020-12-10 21:02:08 +01:00
..
aes_s390.c s390/crypto: explicitly memzero stack key material in aes_s390.c 2020-02-27 16:02:21 +01:00
arch_random.c s390/crypto: add arch_get_random_long() support 2020-12-10 21:02:08 +01:00
crc32-vx.c crypto: remove CRYPTO_TFM_RES_BAD_KEY_LEN 2020-01-09 11:30:53 +08:00
crc32be-vx.S s390: add missing ENDPROC statements to assembler functions 2019-05-02 13:54:11 +02:00
crc32le-vx.S s390: add missing ENDPROC statements to assembler functions 2019-05-02 13:54:11 +02:00
des_s390.c crypto: s390/des - convert to skcipher API 2019-10-23 19:46:58 +11:00
ghash_s390.c crypto: remove CRYPTO_TFM_RES_BAD_KEY_LEN 2020-01-09 11:30:53 +08:00
Makefile s390/crypto: Support for SHA3 via CPACF (MSA6) 2019-09-13 12:18:50 +02:00
paes_s390.c s390/pkey/zcrypt: Support EP11 AES secure keys 2020-01-30 13:07:56 +01:00
prng.c s390/prng: let misc_register() add the prng sysfs attributes 2020-11-20 19:19:10 +01:00
sha1_s390.c crypto: s390/sha1 - prefix the "sha1_" functions 2020-05-08 15:32:16 +10:00
sha3_256_s390.c s390/crypto: Support for SHA3 via CPACF (MSA6) 2019-09-13 12:18:50 +02:00
sha3_512_s390.c s390/crypto: Support for SHA3 via CPACF (MSA6) 2019-09-13 12:18:50 +02:00
sha256_s390.c crypto: s390 - Rename functions to avoid conflict with crypto/sha256.h 2019-09-05 14:37:30 +10:00
sha512_s390.c s390/crypto: sha: Use -ENODEV instead of -EOPNOTSUPP 2019-06-15 12:24:48 +02:00
sha_common.c s390/crypto: Fix unsigned variable compared with zero 2019-11-20 12:58:12 +01:00
sha.h s390/crypto: Support for SHA3 via CPACF (MSA6) 2019-09-13 12:18:50 +02:00