WSL2-Linux-Kernel/crypto
Stephan Müller bb897c5504 crypto: jitter - replace LFSR with SHA3-256
Using the kernel crypto API, the SHA3-256 algorithm is used as
conditioning element to replace the LFSR in the Jitter RNG. All other
parts of the Jitter RNG are unchanged.

The application and use of the SHA-3 conditioning operation is identical
to the user space Jitter RNG 3.4.0 by applying the following concept:

- the Jitter RNG initializes a SHA-3 state which acts as the "entropy
  pool" when the Jitter RNG is allocated.

- When a new time delta is obtained, it is inserted into the "entropy
  pool" with a SHA-3 update operation. Note, this operation in most of
  the cases is a simple memcpy() onto the SHA-3 stack.

- To cause a true SHA-3 operation for each time delta operation, a
  second SHA-3 operation is performed hashing Jitter RNG status
  information. The final message digest is also inserted into the
  "entropy pool" with a SHA-3 update operation. Yet, this data is not
  considered to provide any entropy, but it shall stir the entropy pool.

- To generate a random number, a SHA-3 final operation is performed to
  calculate a message digest followed by an immediate SHA-3 init to
  re-initialize the "entropy pool". The obtained message digest is one
  block of the Jitter RNG that is returned to the caller.

Mathematically speaking, the random number generated by the Jitter RNG
is:

aux_t = SHA-3(Jitter RNG state data)

Jitter RNG block = SHA-3(time_i || aux_i || time_(i-1) || aux_(i-1) ||
                         ... || time_(i-255) || aux_(i-255))

when assuming that the OSR = 1, i.e. the default value.

This operation implies that the Jitter RNG has an output-blocksize of
256 bits instead of the 64 bits of the LFSR-based Jitter RNG that is
replaced with this patch.

The patch also replaces the varying number of invocations of the
conditioning function with one fixed number of invocations. The use
of the conditioning function consistent with the userspace Jitter RNG
library version 3.4.0.

The code is tested with a system that exhibited the least amount of
entropy generated by the Jitter RNG: the SiFive Unmatched RISC-V
system. The measured entropy rate is well above the heuristically
implied entropy value of 1 bit of entropy per time delta. On all other
tested systems, the measured entropy rate is even higher by orders
of magnitude. The measurement was performed using updated tooling
provided with the user space Jitter RNG library test framework.

The performance of the Jitter RNG with this patch is about en par
with the performance of the Jitter RNG without the patch.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-05-12 18:48:01 +08:00
..
asymmetric_keys modules-6.4-rc1 2023-04-27 16:36:55 -07:00
async_tx async_tx: fix kernel-doc notation warnings 2023-03-24 18:22:28 +08:00
842.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157 2019-05-30 11:26:37 -07:00
Kconfig crypto: jitter - replace LFSR with SHA3-256 2023-05-12 18:48:01 +08:00
Makefile crypto: move gf128mul library into lib/crypto 2022-11-11 18:14:59 +08:00
acompress.c crypto: api - Fix CRYPTO_USER checks for report function 2023-05-02 18:22:24 +08:00
adiantum.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
aead.c crypto: api - Fix CRYPTO_USER checks for report function 2023-05-02 18:22:24 +08:00
aegis.h crypto: aegis128 - Move simd prototypes into aegis.h 2021-03-19 21:59:45 +11:00
aegis128-core.c crypto: aegis128 - Move simd prototypes into aegis.h 2021-03-19 21:59:45 +11:00
aegis128-neon-inner.c crypto: aegis128/neon - move final tag check to SIMD domain 2020-11-27 17:13:40 +11:00
aegis128-neon.c crypto: aegis128 - Move simd prototypes into aegis.h 2021-03-19 21:59:45 +11:00
aes_generic.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
aes_ti.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
af_alg.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
ahash.c crypto: hash - Make crypto_ahash_alg helper available 2023-05-12 18:48:01 +08:00
akcipher.c crypto: api - Fix CRYPTO_USER checks for report function 2023-05-02 18:22:24 +08:00
algapi.c crypto: engine - fix crypto_queue backlog handling 2023-04-28 17:50:43 +08:00
algboss.c crypto: algboss - compile out test-related code when tests disabled 2022-11-25 17:39:18 +08:00
algif_aead.c crypto: algif_aead - Do not set MAY_BACKLOG on the async path 2020-08-21 14:45:27 +10:00
algif_hash.c crypto: algif_hash - Allocate hash state with kmalloc 2023-04-06 16:18:53 +08:00
algif_rng.c crypto: af_alg - add extra parameters for DRBG interface 2020-09-25 17:48:52 +10:00
algif_skcipher.c crypto: algif_skcipher - EBUSY on aio should be an error 2020-08-21 14:45:26 +10:00
ansi_cprng.c crypto: remove cipher routines from public crypto API 2021-01-03 08:41:35 +11:00
anubis.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
api.c crypto: api - Add crypto_clone_tfm 2023-04-20 18:20:04 +08:00
arc4.c crypto: arc4 - mark ecb(arc4) skcipher as obsolete 2020-09-11 14:39:16 +10:00
aria_generic.c crypto: x86/aria - do not use magic number offsets of aria_ctx 2023-01-06 17:15:47 +08:00
authenc.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
authencesn.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
blake2b_generic.c crypto: blake2b - update file comment 2021-01-03 08:41:39 +11:00
blowfish_common.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
blowfish_generic.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
camellia_generic.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
cast5_generic.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
cast6_generic.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
cast_common.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 44 2019-05-24 17:27:12 +02:00
cbc.c crypto: remove cipher routines from public crypto API 2021-01-03 08:41:35 +11:00
ccm.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
cfb.c crypto: cleanup comments 2022-03-03 10:49:20 +12:00
chacha20poly1305.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
chacha_generic.c crypto: chacha_generic - remove unnecessary setkey() functions 2019-11-22 18:48:39 +08:00
cipher.c crypto: remove cipher routines from public crypto API 2021-01-03 08:41:35 +11:00
cmac.c crypto: remove cipher routines from public crypto API 2021-01-03 08:41:35 +11:00
compress.c crypto: compress - remove crt_u.compress (struct compress_tfm) 2019-12-11 16:37:01 +08:00
compress.h crypto: acomp - Count error stats differently 2023-03-14 17:06:42 +08:00
crc32_generic.c crypto: crc32-generic - Use SPDX-License-Identifier 2021-04-16 21:24:27 +10:00
crc32c_generic.c crypto: crc32c_generic - delete and fix duplicated words 2020-08-21 14:45:25 +10:00
crc64_rocksoft_generic.c crypto: add rocksoft 64b crc guard tag framework 2022-03-07 12:48:35 -07:00
crct10dif_common.c crypto: crct10dif - Add fallback for broken initrds 2013-09-12 15:31:34 +10:00
crct10dif_generic.c crypto: crct10dif_generic - fix duplicated words 2020-08-21 14:45:25 +10:00
cryptd.c crypto: cryptd - Add support for cloning hashes 2023-04-20 18:20:04 +08:00
crypto_engine.c crypto: engine - fix crypto_queue backlog handling 2023-04-28 17:50:43 +08:00
crypto_null.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-07-08 20:57:08 -07:00
crypto_user_base.c crypto: algapi - make unregistration functions return void 2019-12-20 14:58:35 +08:00
crypto_user_stat.c crypto: rng - Count error stats differently 2023-03-14 17:06:42 +08:00
ctr.c crypto: remove cipher routines from public crypto API 2021-01-03 08:41:35 +11:00
cts.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
curve25519-generic.c crypto: add __init/__exit annotations to init/exit funcs 2022-09-24 16:14:43 +08:00
deflate.c mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
des_generic.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
dh.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
dh_helper.c crypto: dh - split out deserialization code from crypto_dh_decode() 2022-03-03 10:47:50 +12:00
drbg.c crypto: drbg - Only fail when jent is unavailable in FIPS mode 2023-04-06 16:18:53 +08:00
ecb.c crypto: remove cipher routines from public crypto API 2021-01-03 08:41:35 +11:00
ecc.c crypto: ecc - Silence sparse warning 2023-02-14 13:39:33 +08:00
ecc_curve_defs.h Merge branch 'ecc' 2021-03-26 19:55:55 +11:00
ecdh.c crypto: add __init/__exit annotations to init/exit funcs 2022-09-24 16:14:43 +08:00
ecdh_helper.c crypto: ecdh - move curve_id of ECDH from the key to algorithm name 2021-03-13 00:04:03 +11:00
ecdsa.c crypto: add __init/__exit annotations to init/exit funcs 2022-09-24 16:14:43 +08:00
ecdsasignature.asn1 crypto: ecdsa - Add support for ECDSA signature verification 2021-03-26 19:41:58 +11:00
echainiv.c crypto: geniv - remove unneeded arguments from aead_geniv_alloc() 2020-07-16 21:49:07 +10:00
ecrdsa.c crypto: ecrdsa - Fix incorrect use of vli_cmp 2022-04-29 13:44:58 +08:00
ecrdsa_defs.h crypto: ecc - Move ecc.h to include/crypto/internal 2021-10-29 21:04:03 +08:00
ecrdsa_params.asn1 crypto: ecrdsa - add EC-RDSA (GOST 34.10) algorithm 2019-04-18 22:15:02 +08:00
ecrdsa_pub_key.asn1 crypto: ecrdsa - add EC-RDSA (GOST 34.10) algorithm 2019-04-18 22:15:02 +08:00
essiv.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
fcrypt.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
fips.c crypto: fips - simplify one-level sysctl registration for crypto_sysctl_table 2023-03-17 11:16:44 +08:00
gcm.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
geniv.c crypto: algapi - use common mechanism for inheriting flags 2020-07-16 21:49:08 +10:00
ghash-generic.c crypto: remove CRYPTO_TFM_RES_BAD_KEY_LEN 2020-01-09 11:30:53 +08:00
hash.h crypto: hash - Add crypto_clone_ahash/shash 2023-04-20 18:20:04 +08:00
hash_info.c crypto: rename sm3-256 to sm3 in hash_algo_name 2020-02-18 07:35:49 -05:00
hctr2.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
hmac.c crypto: hmac - Add support for cloning 2023-04-20 18:20:04 +08:00
internal.h crypto: api - Add crypto_clone_tfm 2023-04-20 18:20:04 +08:00
jitterentropy-kcapi.c crypto: jitter - replace LFSR with SHA3-256 2023-05-12 18:48:01 +08:00
jitterentropy.c crypto: jitter - replace LFSR with SHA3-256 2023-05-12 18:48:01 +08:00
jitterentropy.h crypto: jitter - replace LFSR with SHA3-256 2023-05-12 18:48:01 +08:00
kdf_sp800108.c crypto: kdf - silence noisy self-test 2022-11-25 17:39:18 +08:00
keywrap.c crypto: keywrap - Remove else after break statement 2021-04-02 18:28:13 +11:00
khazad.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
kpp.c crypto: api - Fix CRYPTO_USER checks for report function 2023-05-02 18:22:24 +08:00
lrw.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
lz4.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-07-08 20:57:08 -07:00
lz4hc.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-07-08 20:57:08 -07:00
lzo-rle.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-07-08 20:57:08 -07:00
lzo.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-07-08 20:57:08 -07:00
md4.c crypto: make all generic algorithms set cra_driver_name 2019-06-13 14:31:39 +08:00
md5.c crypto: md5 - remove unused macros 2020-02-28 08:43:21 +08:00
michael_mic.c crypto: michael_mic - fix broken misalignment handling 2021-02-10 17:55:55 +11:00
nhpoly1305.c crypto: poly1305 - add new 32 and 64-bit generic versions 2020-01-16 15:18:12 +08:00
ofb.c crypto: remove cipher routines from public crypto API 2021-01-03 08:41:35 +11:00
pcbc.c crypto: remove cipher routines from public crypto API 2021-01-03 08:41:35 +11:00
pcrypt.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
poly1305_generic.c crypto: poly1305 - add new 32 and 64-bit generic versions 2020-01-16 15:18:12 +08:00
polyval-generic.c crypto: x86/polyval - Add PCLMULQDQ accelerated implementation of POLYVAL 2022-06-10 16:40:17 +08:00
proc.c crypto: proc - Print fips status 2023-02-14 13:39:33 +08:00
ripemd.h crypto: rmd320 - remove RIPE-MD 320 hash algorithm 2021-01-29 16:07:04 +11:00
rmd160.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-07-08 20:57:08 -07:00
rng.c crypto: api - Fix CRYPTO_USER checks for report function 2023-05-02 18:22:24 +08:00
rsa-pkcs1pad.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
rsa.c crypto: add __init/__exit annotations to init/exit funcs 2022-09-24 16:14:43 +08:00
rsa_helper.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
rsaprivkey.asn1 crypto: rsa - Store rest of the private key components 2016-07-05 23:05:26 +08:00
rsapubkey.asn1 crypto: akcipher - Changes to asymmetric key API 2015-10-14 22:23:16 +08:00
scatterwalk.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
scompress.c crypto: api - Fix CRYPTO_USER checks for report function 2023-05-02 18:22:24 +08:00
seed.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
seqiv.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
serpent_generic.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
sha1_generic.c crypto: sha - split sha.h into sha1.h and sha2.h 2020-11-20 14:45:33 +11:00
sha3_generic.c crypto: Replace HTTP links with HTTPS ones 2020-07-23 17:34:20 +10:00
sha256_generic.c crypto: sha256 - remove duplicate generic hash init function 2021-12-31 18:10:54 +11:00
sha512_generic.c crypto: sha512 - remove imaginary and mystifying clearing of variables 2021-08-27 16:30:19 +08:00
shash.c crypto: api - Fix CRYPTO_USER checks for report function 2023-05-02 18:22:24 +08:00
simd.c crypto: algapi - use common mechanism for inheriting flags 2020-07-16 21:49:08 +10:00
skcipher.c crypto: api - Fix CRYPTO_USER checks for report function 2023-05-02 18:22:24 +08:00
sm2.c crypto: add __init/__exit annotations to init/exit funcs 2022-09-24 16:14:43 +08:00
sm2signature.asn1 crypto: sm2 - introduce OSCCA SM2 asymmetric cipher algorithm 2020-09-25 17:48:54 +10:00
sm3.c crypto: sm3,sm4 - move into crypto directory 2022-04-08 16:11:48 +08:00
sm3_generic.c crypto: sm3 - make dependent on sm3 library 2022-01-28 16:51:11 +11:00
sm4.c crypto: sm4 - export sm4 constant arrays 2022-04-08 16:12:46 +08:00
sm4_generic.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
streebog_generic.c crypto: streebog - remove two unused variables 2019-08-15 21:52:14 +10:00
tcrypt.c crypto: api - Move low-level functions into algapi.h 2023-04-14 18:59:34 +08:00
tcrypt.h crypto: tcrypt - include larger key sizes in RFC4106 benchmark 2023-01-20 18:29:31 +08:00
tea.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
testmgr.c crypto: testmgr - Add some test vectors for cmac(camellia) 2023-04-20 18:20:04 +08:00
testmgr.h crypto: testmgr - Add some test vectors for cmac(camellia) 2023-04-20 18:20:04 +08:00
twofish_common.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
twofish_generic.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
vmac.c crypto: remove cipher routines from public crypto API 2021-01-03 08:41:35 +11:00
wp512.c crypto: wp512 - disable kmsan checks in wp512_process_buffer() 2022-12-30 22:56:27 +08:00
xcbc.c crypto: remove cipher routines from public crypto API 2021-01-03 08:41:35 +11:00
xctr.c crypto: xctr - Add XCTR support 2022-06-10 16:40:16 +08:00
xor.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2021-02-21 17:23:56 -08:00
xts.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
xxhash_generic.c crypto: remove CRYPTO_TFM_RES_BAD_KEY_LEN 2020-01-09 11:30:53 +08:00
zstd.c lib: zstd: Add kernel-specific API 2021-11-08 16:55:21 -08:00