tech-crypto archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Lightweight support for instruction RNGs



On Mon, Dec 21, 2015 at 12:06:38AM +0000, Taylor R Campbell wrote:
> 
> This is an API concern.  It sounds like the operative difference of
> the cpu_rng API from the rndsource API is that the cpu_rng API is
> optimized for callback-only entropy sources which never sleep for I/O
> or require any inter-CPU communication.  E.g., it sounds like
> bcmrng(4) would satisfy this contract too.

Looked at from that point of view, the Octeon RNG (which just reads an
I/O register that's actually local to the CPU) is close enough too.

I do not think you will ever encounter a CPU that has more than one
onboard entropy source (RDRAND and RDSEED are just two different ways
to read from the same source); so I do think that a simple, MI cpu_rng
wrapper is a good abstraction to have.

If you're going to slim down and speed up the rndsource implementation,
we can probably use a single, clean, little driver to hook any port's
cpu_rng up to it, and all done.

Does that make sense to you?

Keccak would be a lot better than the current rndpool mess, and 
per-CPU pools better than one global pool, so long as we avoid some
of the pain Linux bought that way.

Thor


Home | Main Index | Thread Index | Old Index