mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-28 21:33:52 +00:00
Code Issues Releases Wiki Activity
linux-stable/crypto
History
Stephan Müller 35b0b59743 crypto: jitter - permanent and intermittent health errors 
[ Upstream commit 3fde2fe99a ]

According to SP800-90B, two health failures are allowed: the intermittend
and the permanent failure. So far, only the intermittent failure was
implemented. The permanent failure was achieved by resetting the entire
entropy source including its health test state and waiting for two or
more back-to-back health errors.

This approach is appropriate for RCT, but not for APT as APT has a
non-linear cutoff value. Thus, this patch implements 2 cutoff values
for both RCT/APT. This implies that the health state is left untouched
when an intermittent failure occurs. The noise source is reset
and a new APT powerup-self test is performed. Yet, whith the unchanged
health test state, the counting of failures continues until a permanent
failure is reached.

Any non-failing raw entropy value causes the health tests to reset.

The intermittent error has an unchanged significance level of 2^-30.
The permanent error has a significance level of 2^-60. Considering that
this level also indicates a false-positive rate (see SP800-90B section 4.2)
a false-positive must only be incurred with a low probability when
considering a fleet of Linux kernels as a whole. Hitting the permanent
error may cause a panic(), the following calculation applies: Assuming
that a fleet of 10^9 Linux kernels run concurrently with this patch in
FIPS mode and on each kernel 2 health tests are performed every minute
for one year, the chances of a false positive is about 1:1000
based on the binomial distribution.

In addition, any power-up health test errors triggered with
jent_entropy_init are treated as permanent errors.

A permanent failure causes the entire entropy source to permanently
return an error. This implies that a caller can only remedy the situation
by re-allocating a new instance of the Jitter RNG. In a subsequent
patch, a transparent re-allocation will be provided which also changes
the implied heuristic entropy assessment.

In addition, when the kernel is booted with fips=1, the Jitter RNG
is defined to be part of a FIPS module. The permanent error of the
Jitter RNG is translated as a FIPS module error. In this case, the entire
FIPS module must cease operation. This is implemented in the kernel by
invoking panic().

The patch also fixes an off-by-one in the RCT cutoff value which is now
set to 30 instead of 31. This is because the counting of the values
starts with 0.

Reviewed-by: Vladis Dronov <vdronov@redhat.com>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Reviewed-by: Marcelo Henrique Cerri <marcelo.cerri@canonical.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-05-24 17:30:06 +01:00
..
asymmetric_keys asymmetric_keys: log on fatal failures in PE/pkcs7 2023-03-21 16:23:56 +00:00
async_tx treewide: use get_random_bytes() when possible 2022-10-11 17:42:58 -06:00
842.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157 2019-05-30 11:26:37 -07:00
acompress.c crypto: api - permit users to specify numa node of acomp hardware 2020-07-09 18:25:23 +10:00
adiantum.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
aead.c crypto: algapi - enforce that all instances have a ->free() method 2020-01-09 11:30:58 +08:00
aegis.h crypto: aegis128 - Move simd prototypes into aegis.h 2021-03-19 21:59:45 +11:00
aegis128-core.c crypto: aegis128 - Move simd prototypes into aegis.h 2021-03-19 21:59:45 +11:00
aegis128-neon-inner.c crypto: aegis128/neon - move final tag check to SIMD domain 2020-11-27 17:13:40 +11:00
aegis128-neon.c crypto: aegis128 - Move simd prototypes into aegis.h 2021-03-19 21:59:45 +11:00
aes_generic.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
aes_ti.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
af_alg.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
ahash.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
akcipher.c crypto: akcipher - default implementation for setting a private key 2022-09-09 16:18:33 +08:00
algapi.c crypto: engine - fix crypto_queue backlog handling 2023-05-17 14:01:50 +02:00
algboss.c crypto: algboss - compile out test-related code when tests disabled 2022-11-25 17:39:18 +08:00
algif_aead.c crypto: algif_aead - Do not set MAY_BACKLOG on the async path 2020-08-21 14:45:27 +10:00
algif_hash.c af_alg_make_sg(): switch to advancing variant of iov_iter_get_pages() 2022-08-08 22:37:23 -04:00
algif_rng.c crypto: af_alg - add extra parameters for DRBG interface 2020-09-25 17:48:52 +10:00
algif_skcipher.c crypto: algif_skcipher - EBUSY on aio should be an error 2020-08-21 14:45:26 +10:00
ansi_cprng.c crypto: remove cipher routines from public crypto API 2021-01-03 08:41:35 +11:00
anubis.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
api.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
arc4.c crypto: arc4 - mark ecb(arc4) skcipher as obsolete 2020-09-11 14:39:16 +10:00
aria_generic.c crypto: x86/aria - do not use magic number offsets of aria_ctx 2023-01-06 17:15:47 +08:00
authenc.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
authencesn.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
blake2b_generic.c crypto: blake2b - update file comment 2021-01-03 08:41:39 +11:00
blowfish_common.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
blowfish_generic.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
camellia_generic.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
cast5_generic.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
cast6_generic.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
cast_common.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 44 2019-05-24 17:27:12 +02:00
cbc.c crypto: remove cipher routines from public crypto API 2021-01-03 08:41:35 +11:00
ccm.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
cfb.c crypto: cleanup comments 2022-03-03 10:49:20 +12:00
chacha20poly1305.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
chacha_generic.c crypto: chacha_generic - remove unnecessary setkey() functions 2019-11-22 18:48:39 +08:00
cipher.c crypto: remove cipher routines from public crypto API 2021-01-03 08:41:35 +11:00
cmac.c crypto: remove cipher routines from public crypto API 2021-01-03 08:41:35 +11:00
compress.c crypto: compress - remove crt_u.compress (struct compress_tfm) 2019-12-11 16:37:01 +08:00
crc32_generic.c crypto: crc32-generic - Use SPDX-License-Identifier 2021-04-16 21:24:27 +10:00
crc32c_generic.c crypto: crc32c_generic - delete and fix duplicated words 2020-08-21 14:45:25 +10:00
crc64_rocksoft_generic.c crypto: add rocksoft 64b crc guard tag framework 2022-03-07 12:48:35 -07:00
crct10dif_common.c
crct10dif_generic.c crypto: crct10dif_generic - fix duplicated words 2020-08-21 14:45:25 +10:00
cryptd.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
crypto_engine.c crypto: engine - fix crypto_queue backlog handling 2023-05-17 14:01:50 +02:00
crypto_null.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-07-08 20:57:08 -07:00
crypto_user_base.c crypto: algapi - make unregistration functions return void 2019-12-20 14:58:35 +08:00
crypto_user_stat.c crypto: skcipher - remove the "blkcipher" algorithm type 2019-11-01 13:38:32 +08:00
ctr.c crypto: remove cipher routines from public crypto API 2021-01-03 08:41:35 +11:00
cts.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
curve25519-generic.c crypto: add __init/__exit annotations to init/exit funcs 2022-09-24 16:14:43 +08:00
deflate.c mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
des_generic.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
dh.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
dh_helper.c crypto: dh - split out deserialization code from crypto_dh_decode() 2022-03-03 10:47:50 +12:00
drbg.c crypto: drbg - Only fail when jent is unavailable in FIPS mode 2023-05-11 23:17:16 +09:00
ecb.c crypto: remove cipher routines from public crypto API 2021-01-03 08:41:35 +11:00
ecc.c crypto: ecc - Silence sparse warning 2023-02-14 13:39:33 +08:00
ecc_curve_defs.h Merge branch 'ecc' 2021-03-26 19:55:55 +11:00
ecdh.c crypto: add __init/__exit annotations to init/exit funcs 2022-09-24 16:14:43 +08:00
ecdh_helper.c crypto: ecdh - move curve_id of ECDH from the key to algorithm name 2021-03-13 00:04:03 +11:00
ecdsa.c crypto: add __init/__exit annotations to init/exit funcs 2022-09-24 16:14:43 +08:00
ecdsasignature.asn1 crypto: ecdsa - Add support for ECDSA signature verification 2021-03-26 19:41:58 +11:00
echainiv.c crypto: geniv - remove unneeded arguments from aead_geniv_alloc() 2020-07-16 21:49:07 +10:00
ecrdsa.c crypto: ecrdsa - Fix incorrect use of vli_cmp 2022-04-29 13:44:58 +08:00
ecrdsa_defs.h crypto: ecc - Move ecc.h to include/crypto/internal 2021-10-29 21:04:03 +08:00
ecrdsa_params.asn1 crypto: ecrdsa - add EC-RDSA (GOST 34.10) algorithm 2019-04-18 22:15:02 +08:00
ecrdsa_pub_key.asn1 crypto: ecrdsa - add EC-RDSA (GOST 34.10) algorithm 2019-04-18 22:15:02 +08:00
essiv.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
fcrypt.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
fips.c crypto: fips - make proc files report fips module name and version 2022-07-15 16:43:22 +08:00
gcm.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
geniv.c crypto: algapi - use common mechanism for inheriting flags 2020-07-16 21:49:08 +10:00
ghash-generic.c crypto: remove CRYPTO_TFM_RES_BAD_KEY_LEN 2020-01-09 11:30:53 +08:00
hash_info.c crypto: rename sm3-256 to sm3 in hash_algo_name 2020-02-18 07:35:49 -05:00
hctr2.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
hmac.c crypto: hmac - disallow keys < 112 bits in FIPS mode 2022-02-11 20:22:01 +11:00
internal.h crypto: api - compile out crypto_boot_test_finished when tests disabled 2022-11-25 17:39:18 +08:00
jitterentropy-kcapi.c crypto: jitter - permanent and intermittent health errors 2023-05-24 17:30:06 +01:00
jitterentropy.c crypto: jitter - permanent and intermittent health errors 2023-05-24 17:30:06 +01:00
jitterentropy.h crypto: jitter - permanent and intermittent health errors 2023-05-24 17:30:06 +01:00
Kconfig crypto: move gf128mul library into lib/crypto 2022-11-11 18:14:59 +08:00
kdf_sp800108.c crypto: kdf - silence noisy self-test 2022-11-25 17:39:18 +08:00
keywrap.c crypto: keywrap - Remove else after break statement 2021-04-02 18:28:13 +11:00
khazad.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
kpp.c crypto: add crypto_has_kpp() 2022-08-02 17:14:47 -06:00
lrw.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
lz4.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-07-08 20:57:08 -07:00
lz4hc.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-07-08 20:57:08 -07:00
lzo-rle.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-07-08 20:57:08 -07:00
lzo.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-07-08 20:57:08 -07:00
Makefile crypto: move gf128mul library into lib/crypto 2022-11-11 18:14:59 +08:00
md4.c crypto: make all generic algorithms set cra_driver_name 2019-06-13 14:31:39 +08:00
md5.c crypto: md5 - remove unused macros 2020-02-28 08:43:21 +08:00
michael_mic.c crypto: michael_mic - fix broken misalignment handling 2021-02-10 17:55:55 +11:00
nhpoly1305.c crypto: poly1305 - add new 32 and 64-bit generic versions 2020-01-16 15:18:12 +08:00
ofb.c crypto: remove cipher routines from public crypto API 2021-01-03 08:41:35 +11:00
pcbc.c crypto: remove cipher routines from public crypto API 2021-01-03 08:41:35 +11:00
pcrypt.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
poly1305_generic.c crypto: poly1305 - add new 32 and 64-bit generic versions 2020-01-16 15:18:12 +08:00
polyval-generic.c crypto: x86/polyval - Add PCLMULQDQ accelerated implementation of POLYVAL 2022-06-10 16:40:17 +08:00
proc.c crypto: proc - Print fips status 2023-02-14 13:39:33 +08:00
ripemd.h crypto: rmd320 - remove RIPE-MD 320 hash algorithm 2021-01-29 16:07:04 +11:00
rmd160.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-07-08 20:57:08 -07:00
rng.c crypto: rng - fix crypto_rng_reset() refcounting when !CRYPTO_STATS 2021-04-02 18:28:12 +11:00
rsa-pkcs1pad.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
rsa.c crypto: add __init/__exit annotations to init/exit funcs 2022-09-24 16:14:43 +08:00
rsa_helper.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
rsaprivkey.asn1
rsapubkey.asn1
scatterwalk.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
scompress.c crypto: algapi - make unregistration functions return void 2019-12-20 14:58:35 +08:00
seed.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
seqiv.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
serpent_generic.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
sha1_generic.c crypto: sha - split sha.h into sha1.h and sha2.h 2020-11-20 14:45:33 +11:00
sha3_generic.c crypto: Replace HTTP links with HTTPS ones 2020-07-23 17:34:20 +10:00
sha256_generic.c crypto: sha256 - remove duplicate generic hash init function 2021-12-31 18:10:54 +11:00
sha512_generic.c crypto: sha512 - remove imaginary and mystifying clearing of variables 2021-08-27 16:30:19 +08:00
shash.c crypto: scatterwalk - use kmap_local() not kmap_atomic() 2022-12-30 22:56:27 +08:00
simd.c crypto: algapi - use common mechanism for inheriting flags 2020-07-16 21:49:08 +10:00
skcipher.c crypto: skcipher - Use scatterwalk (un)map interface for dst and src buffers 2023-01-13 12:11:18 +08:00
sm2.c crypto: add __init/__exit annotations to init/exit funcs 2022-09-24 16:14:43 +08:00
sm2signature.asn1 crypto: sm2 - introduce OSCCA SM2 asymmetric cipher algorithm 2020-09-25 17:48:54 +10:00
sm3.c crypto: sm3,sm4 - move into crypto directory 2022-04-08 16:11:48 +08:00
sm3_generic.c crypto: sm3 - make dependent on sm3 library 2022-01-28 16:51:11 +11:00
sm4.c crypto: sm4 - export sm4 constant arrays 2022-04-08 16:12:46 +08:00
sm4_generic.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
streebog_generic.c crypto: streebog - remove two unused variables 2019-08-15 21:52:14 +10:00
tcrypt.c crypto: tcrypt - include larger key sizes in RFC4106 benchmark 2023-01-20 18:29:31 +08:00
tcrypt.h crypto: tcrypt - include larger key sizes in RFC4106 benchmark 2023-01-20 18:29:31 +08:00
tea.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
testmgr.c crypto: testmgr - fix RNG performance in fuzz tests 2023-05-11 23:16:50 +09:00
testmgr.h crypto: testmgr - add SM4 cts-cbc/xts/xcbc test vectors 2022-11-04 17:34:21 +08:00
twofish_common.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
twofish_generic.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
vmac.c crypto: remove cipher routines from public crypto API 2021-01-03 08:41:35 +11:00
wp512.c crypto: wp512 - disable kmsan checks in wp512_process_buffer() 2022-12-30 22:56:27 +08:00
xcbc.c crypto: remove cipher routines from public crypto API 2021-01-03 08:41:35 +11:00
xctr.c crypto: xctr - Add XCTR support 2022-06-10 16:40:16 +08:00
xor.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2021-02-21 17:23:56 -08:00
xts.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
xxhash_generic.c crypto: remove CRYPTO_TFM_RES_BAD_KEY_LEN 2020-01-09 11:30:53 +08:00
zstd.c lib: zstd: Add kernel-specific API 2021-11-08 16:55:21 -08:00