1 From 59bcfd788552504606e3eb774ae68052379396b6 Mon Sep 17 00:00:00 2001
2 From: =?UTF-8?q?Stephan=20M=C3=BCller?= <smueller@chronox.de>
3 Date: Thu, 21 Sep 2023 13:48:33 +0200
4 Subject: [PATCH] crypto: jitter - Allow configuration of memory size
6 The memory size consumed by the Jitter RNG is one contributing factor in
7 the amount of entropy that is gathered. As the amount of entropy
8 directly correlates with the distance of the memory from the CPU, the
9 caches that are possibly present on a given system have an impact on the
12 Thus, the kernel compile time should offer a means to configure the
13 amount of memory used by the Jitter RNG. Although this option could be
14 turned into a runtime option (e.g. a kernel command line option), it
15 should remain a compile time option as otherwise adminsitrators who may
16 not have performed an entropy assessment may select a value that is
19 The default value selected by the configuration is identical to the
20 current Jitter RNG value. Thus, the patch should not lead to any change
21 in the Jitter RNG behavior.
23 To accommodate larger memory buffers, kvzalloc / kvfree is used.
25 Signed-off-by: Stephan Mueller <smueller@chronox.de>
26 Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
28 crypto/Kconfig | 43 ++++++++++++++++++++++++++++++++++++
29 crypto/jitterentropy-kcapi.c | 11 +++++++++
30 crypto/jitterentropy.c | 16 ++++++++------
31 crypto/jitterentropy.h | 2 ++
32 4 files changed, 65 insertions(+), 7 deletions(-)
36 @@ -1297,6 +1297,49 @@ config CRYPTO_JITTERENTROPY
38 See https://www.chronox.de/jent/
41 + prompt "CPU Jitter RNG Memory Size"
42 + default CRYPTO_JITTERENTROPY_MEMSIZE_2
43 + depends on CRYPTO_JITTERENTROPY
45 + The Jitter RNG measures the execution time of memory accesses.
46 + Multiple consecutive memory accesses are performed. If the memory
47 + size fits into a cache (e.g. L1), only the memory access timing
48 + to that cache is measured. The closer the cache is to the CPU
49 + the less variations are measured and thus the less entropy is
50 + obtained. Thus, if the memory size fits into the L1 cache, the
51 + obtained entropy is less than if the memory size fits within
52 + L1 + L2, which in turn is less if the memory fits into
53 + L1 + L2 + L3. Thus, by selecting a different memory size,
54 + the entropy rate produced by the Jitter RNG can be modified.
56 + config CRYPTO_JITTERENTROPY_MEMSIZE_2
57 + bool "2048 Bytes (default)"
59 + config CRYPTO_JITTERENTROPY_MEMSIZE_128
62 + config CRYPTO_JITTERENTROPY_MEMSIZE_1024
65 + config CRYPTO_JITTERENTROPY_MEMSIZE_8192
69 +config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS
71 + default 64 if CRYPTO_JITTERENTROPY_MEMSIZE_2
72 + default 512 if CRYPTO_JITTERENTROPY_MEMSIZE_128
73 + default 1024 if CRYPTO_JITTERENTROPY_MEMSIZE_1024
74 + default 4096 if CRYPTO_JITTERENTROPY_MEMSIZE_8192
76 +config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE
78 + default 32 if CRYPTO_JITTERENTROPY_MEMSIZE_2
79 + default 256 if CRYPTO_JITTERENTROPY_MEMSIZE_128
80 + default 1024 if CRYPTO_JITTERENTROPY_MEMSIZE_1024
81 + default 2048 if CRYPTO_JITTERENTROPY_MEMSIZE_8192
83 config CRYPTO_JITTERENTROPY_TESTINTERFACE
84 bool "CPU Jitter RNG Test Interface"
85 depends on CRYPTO_JITTERENTROPY
86 --- a/crypto/jitterentropy-kcapi.c
87 +++ b/crypto/jitterentropy-kcapi.c
90 ***************************************************************************/
92 +void *jent_kvzalloc(unsigned int len)
94 + return kvzalloc(len, GFP_KERNEL);
97 +void jent_kvzfree(void *ptr, unsigned int len)
99 + memzero_explicit(ptr, len);
103 void *jent_zalloc(unsigned int len)
105 return kzalloc(len, GFP_KERNEL);
106 --- a/crypto/jitterentropy.c
107 +++ b/crypto/jitterentropy.c
108 @@ -75,10 +75,10 @@ struct rand_data {
110 unsigned int flags; /* Flags used to initialize */
111 unsigned int osr; /* Oversample rate */
112 -#define JENT_MEMORY_BLOCKS 64
113 -#define JENT_MEMORY_BLOCKSIZE 32
114 #define JENT_MEMORY_ACCESSLOOPS 128
115 -#define JENT_MEMORY_SIZE (JENT_MEMORY_BLOCKS*JENT_MEMORY_BLOCKSIZE)
116 +#define JENT_MEMORY_SIZE \
117 + (CONFIG_CRYPTO_JITTERENTROPY_MEMORY_BLOCKS * \
118 + CONFIG_CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE)
119 unsigned char *mem; /* Memory access location with size of
120 * memblocks * memblocksize */
121 unsigned int memlocation; /* Pointer to byte in *mem */
122 @@ -650,13 +650,15 @@ struct rand_data *jent_entropy_collector
123 /* Allocate memory for adding variations based on memory
126 - entropy_collector->mem = jent_zalloc(JENT_MEMORY_SIZE);
127 + entropy_collector->mem = jent_kvzalloc(JENT_MEMORY_SIZE);
128 if (!entropy_collector->mem) {
129 jent_zfree(entropy_collector);
132 - entropy_collector->memblocksize = JENT_MEMORY_BLOCKSIZE;
133 - entropy_collector->memblocks = JENT_MEMORY_BLOCKS;
134 + entropy_collector->memblocksize =
135 + CONFIG_CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE;
136 + entropy_collector->memblocks =
137 + CONFIG_CRYPTO_JITTERENTROPY_MEMORY_BLOCKS;
138 entropy_collector->memaccessloops = JENT_MEMORY_ACCESSLOOPS;
141 @@ -679,7 +681,7 @@ struct rand_data *jent_entropy_collector
143 void jent_entropy_collector_free(struct rand_data *entropy_collector)
145 - jent_zfree(entropy_collector->mem);
146 + jent_kvzfree(entropy_collector->mem, JENT_MEMORY_SIZE);
147 entropy_collector->mem = NULL;
148 jent_zfree(entropy_collector);
150 --- a/crypto/jitterentropy.h
151 +++ b/crypto/jitterentropy.h
153 // SPDX-License-Identifier: GPL-2.0-or-later
155 +extern void *jent_kvzalloc(unsigned int len);
156 +extern void jent_kvzfree(void *ptr, unsigned int len);
157 extern void *jent_zalloc(unsigned int len);
158 extern void jent_zfree(void *ptr);
159 extern void jent_get_nstime(__u64 *out);
projects / openwrt / staging / xback.git / blob