Question - seeding the hw pseudo random number generator
smueller at chronox.de
Thu Mar 23 04:44:57 PDT 2017
Am Donnerstag, 23. März 2017, 10:44:06 CET schrieb Herbert Xu:
> On Thu, Mar 23, 2017 at 09:23:07AM +0100, Corentin Labbe wrote:
> > Problem with this conversion, a huge regression for user space.
> > Using hwrng is simple as cat /dev/hwrng.
> > Using algif_rng via AF_ALG is ... unusable for the moment.
> > Perhaps creating an user space tool (prng-tool which provide a cat
> > /dev/hwrng replacement) is mandatory before any convertion.
> Stephan may have a tool to do this. Stephan?
Creating such tool is more or less trivial. It simply requires the invocation
of kcapi_rng_init, kcapi_rng_seed, kcapi_rng_generate and eventually
kcapi_rng_destroy from . I can write such a tool if requested.
I see one change we need to add to algif_rng.c: currently the caller must
provide the specific name of the DRNG to be used. With such a tool, the caller
does not care about the type of DRNG. Thus, rng_bind should be changed such
that if name is NULL, it should use crypto_get_default_rng(). This would
alleviate the caller from selecting "the right" DRNG.
More information about the linux-arm-kernel