Question - seeding the hw pseudo random number generator

Stephan Müller smueller at chronox.de
Thu Mar 23 04:44:57 PDT 2017


Am Donnerstag, 23. März 2017, 10:44:06 CET schrieb Herbert Xu:

Hi Herbert,

> On Thu, Mar 23, 2017 at 09:23:07AM +0100, Corentin Labbe wrote:
> > Problem with this conversion, a huge regression for user space.
> > Using hwrng is simple as cat /dev/hwrng.
> > Using algif_rng via AF_ALG is ... unusable for the moment.
> > Perhaps creating an user space tool (prng-tool which provide a cat
> > /dev/hwrng replacement) is mandatory before any convertion.
> Stephan may have a tool to do this.  Stephan?

Creating such tool is more or less trivial. It simply requires the invocation 
of kcapi_rng_init, kcapi_rng_seed, kcapi_rng_generate and eventually 
kcapi_rng_destroy from [1]. I can write such a tool if requested.

I see one change we need to add to algif_rng.c: currently the caller must 
provide the specific name of the DRNG to be used. With such a tool, the caller 
does not care about the type of DRNG. Thus, rng_bind should be changed such 
that if name is NULL, it should use crypto_get_default_rng(). This would 
alleviate the caller from selecting "the right" DRNG.

[1] http://www.chronox.de/libkcapi.html

Ciao
Stephan



More information about the linux-arm-kernel mailing list