diff options
| author |   Stephan Mueller <smueller@chronox.de> | 2015-05-25 15:09:59 +0200 |
|---|---|---|
| committer |   Herbert Xu <herbert@gondor.apana.org.au> | 2015-05-27 17:51:53 +0800 |
| commit | b8ec5ba42c4a3854e27c44e697d9b4f0b84b32bb (patch) | |
| tree | 45522a56a48f8391f925689f78333a5344977a75 /include/crypto/drbg.h | |
| parent | crypto: drbg - add async seeding operation (diff) | |
| download | wireguard-linux-b8ec5ba42c4a3854e27c44e697d9b4f0b84b32bb.tar.xz wireguard-linux-b8ec5ba42c4a3854e27c44e697d9b4f0b84b32bb.zip | |
crypto: drbg - use Jitter RNG to obtain seed
During initialization, the DRBG now tries to allocate a handle of the
Jitter RNG. If such a Jitter RNG is available during seeding, the DRBG
pulls the required entropy/nonce string from get_random_bytes and
concatenates it with a string of equal size from the Jitter RNG. That
combined string is now the seed for the DRBG.
Written differently, the initial seed of the DRBG is now:
get_random_bytes(entropy/nonce) || jitterentropy (entropy/nonce)
If the Jitter RNG is not available, the DRBG only seeds from
get_random_bytes.
CC: Andreas Steffen <andreas.steffen@strongswan.org>
CC: Theodore Ts'o <tytso@mit.edu>
CC: Sandy Harris <sandyinchina@gmail.com>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'include/crypto/drbg.h')
| -rw-r--r-- | include/crypto/drbg.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/crypto/drbg.h b/include/crypto/drbg.h index 46994b25dc85..c3f208dc83ee 100644 --- a/include/crypto/drbg.h +++ b/include/crypto/drbg.h @@ -123,6 +123,7 @@ struct drbg_state { struct work_struct seed_work; /* asynchronous seeding support */ u8 *seed_buf; /* buffer holding the seed */ size_t seed_buf_len; + struct crypto_rng *jent; const struct drbg_state_ops *d_ops; const struct drbg_core *core; struct drbg_string test_data; |