lede/target/linux/generic/backport-6.6/906-03-v6.7-crypto-jitter-Allow-configuration-of-oversampling-rate.patch

From 0baa8fab334a4d7017235b72fa8a547433572109 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stephan=20M=C3=BCller?= <smueller@chronox.de>
Date: Thu, 21 Sep 2023 13:48:59 +0200
Subject: [PATCH] crypto: jitter - Allow configuration of oversampling rate

The oversampling rate used by the Jitter RNG allows the configuration of
the heuristically implied entropy in one timing measurement. This
entropy rate is (1 / OSR) bits of entropy per time stamp.

Considering that the Jitter RNG now support APT/RCT health tests for
different OSRs, allow this value to be configured at compile time to
support systems with limited amount of entropy in their timer.

The allowed range of OSR values complies with the APT/RCT cutoff health
test values which range from 1 through 15.

The default value of the OSR selection support is left at 1 which is the
current default. Thus, the addition of the configuration support does
not alter the default Jitter RNG behavior.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---
 crypto/Kconfig               | 17 +++++++++++++++++
 crypto/jitterentropy-kcapi.c |  6 ++++--
 2 files changed, 21 insertions(+), 2 deletions(-)

--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -1340,6 +1340,23 @@ config CRYPTO_JITTERENTROPY_MEMORY_BLOCK
 	default 1024 if CRYPTO_JITTERENTROPY_MEMSIZE_1024
 	default 2048 if CRYPTO_JITTERENTROPY_MEMSIZE_8192
 
+config CRYPTO_JITTERENTROPY_OSR
+	int "CPU Jitter RNG Oversampling Rate"
+	range 1 15
+	default 1
+	depends on CRYPTO_JITTERENTROPY
+	help
+	  The Jitter RNG allows the specification of an oversampling rate (OSR).
+	  The Jitter RNG operation requires a fixed amount of timing
+	  measurements to produce one output block of random numbers. The
+	  OSR value is multiplied with the amount of timing measurements to
+	  generate one output block. Thus, the timing measurement is oversampled
+	  by the OSR factor. The oversampling allows the Jitter RNG to operate
+	  on hardware whose timers deliver limited amount of entropy (e.g.
+	  the timer is coarse) by setting the OSR to a higher value. The
+	  trade-off, however, is that the Jitter RNG now requires more time
+	  to generate random numbers.
+
 config CRYPTO_JITTERENTROPY_TESTINTERFACE
 	bool "CPU Jitter RNG Test Interface"
 	depends on CRYPTO_JITTERENTROPY
--- a/crypto/jitterentropy-kcapi.c
+++ b/crypto/jitterentropy-kcapi.c
@@ -256,7 +256,9 @@ static int jent_kcapi_init(struct crypto
 	crypto_shash_init(sdesc);
 	rng->sdesc = sdesc;
 
-	rng->entropy_collector = jent_entropy_collector_alloc(0, 0, sdesc);
+	rng->entropy_collector =
+		jent_entropy_collector_alloc(CONFIG_CRYPTO_JITTERENTROPY_OSR, 0,
+					     sdesc);
 	if (!rng->entropy_collector) {
 		ret = -ENOMEM;
 		goto err;
@@ -345,7 +347,7 @@ static int __init jent_mod_init(void)
 
 	desc->tfm = tfm;
 	crypto_shash_init(desc);
-	ret = jent_entropy_init(0, 0, desc);
+	ret = jent_entropy_init(CONFIG_CRYPTO_JITTERENTROPY_OSR, 0, desc);
 	shash_desc_zero(desc);
 	crypto_free_shash(tfm);
 	if (ret) {
generic: crypto: fix jitterentropy initialization failed issue Sync jitterentropy source code with linux-6.12 to solve the issue of jitterentropy initialization failed: [ 9.523489] jitterentropy: Initialization failed with host not compliant with requirements: 9 [ 9.661916] kmodloader: 1 module could not be probed [ 9.662377] kmodloader: - jitterentropy_rng - 0 In linux upstream commit cf27d9475f37 ("crypto: jitter - use permanent health test storage"), when FIPS crypto is disabled, the health test results are always explicitly skipped. That means it will never return error code 9 (health test failed) again. Fixes: https://github.com/openwrt/openwrt/issues/16684 Signed-off-by: Shiji Yang <yangshiji66@outlook.com> Link: https://github.com/openwrt/openwrt/pull/18399 Signed-off-by: Robert Marko <robimarko@gmail.com> 2025-04-02 23:36:28 +08:00			`From 0baa8fab334a4d7017235b72fa8a547433572109 Mon Sep 17 00:00:00 2001`
			`From: =?UTF-8?q?Stephan=20M=C3=BCller?= <smueller@chronox.de>`
			`Date: Thu, 21 Sep 2023 13:48:59 +0200`
			`Subject: [PATCH] crypto: jitter - Allow configuration of oversampling rate`

			`The oversampling rate used by the Jitter RNG allows the configuration of`
			`the heuristically implied entropy in one timing measurement. This`
			`entropy rate is (1 / OSR) bits of entropy per time stamp.`

			`Considering that the Jitter RNG now support APT/RCT health tests for`
			`different OSRs, allow this value to be configured at compile time to`
			`support systems with limited amount of entropy in their timer.`

			`The allowed range of OSR values complies with the APT/RCT cutoff health`
			`test values which range from 1 through 15.`

			`The default value of the OSR selection support is left at 1 which is the`
			`current default. Thus, the addition of the configuration support does`
			`not alter the default Jitter RNG behavior.`

			`Signed-off-by: Stephan Mueller <smueller@chronox.de>`
			`Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>`
			`---`
			`crypto/Kconfig \| 17 +++++++++++++++++`
			`crypto/jitterentropy-kcapi.c \| 6 ++++--`
			`2 files changed, 21 insertions(+), 2 deletions(-)`

			`--- a/crypto/Kconfig`
			`+++ b/crypto/Kconfig`
			`@@ -1340,6 +1340,23 @@ config CRYPTO_JITTERENTROPY_MEMORY_BLOCK`
			`default 1024 if CRYPTO_JITTERENTROPY_MEMSIZE_1024`
			`default 2048 if CRYPTO_JITTERENTROPY_MEMSIZE_8192`

			`+config CRYPTO_JITTERENTROPY_OSR`
			`+ int "CPU Jitter RNG Oversampling Rate"`
			`+ range 1 15`
			`+ default 1`
			`+ depends on CRYPTO_JITTERENTROPY`
			`+ help`
			`+ The Jitter RNG allows the specification of an oversampling rate (OSR).`
			`+ The Jitter RNG operation requires a fixed amount of timing`
			`+ measurements to produce one output block of random numbers. The`
			`+ OSR value is multiplied with the amount of timing measurements to`
			`+ generate one output block. Thus, the timing measurement is oversampled`
			`+ by the OSR factor. The oversampling allows the Jitter RNG to operate`
			`+ on hardware whose timers deliver limited amount of entropy (e.g.`
			`+ the timer is coarse) by setting the OSR to a higher value. The`
			`+ trade-off, however, is that the Jitter RNG now requires more time`
			`+ to generate random numbers.`
			`+`
			`config CRYPTO_JITTERENTROPY_TESTINTERFACE`
			`bool "CPU Jitter RNG Test Interface"`
			`depends on CRYPTO_JITTERENTROPY`
			`--- a/crypto/jitterentropy-kcapi.c`
			`+++ b/crypto/jitterentropy-kcapi.c`
			`@@ -256,7 +256,9 @@ static int jent_kcapi_init(struct crypto`
			`crypto_shash_init(sdesc);`
			`rng->sdesc = sdesc;`

			`- rng->entropy_collector = jent_entropy_collector_alloc(0, 0, sdesc);`
			`+ rng->entropy_collector =`
			`+ jent_entropy_collector_alloc(CONFIG_CRYPTO_JITTERENTROPY_OSR, 0,`
			`+ sdesc);`
			`if (!rng->entropy_collector) {`
			`ret = -ENOMEM;`
			`goto err;`
			`@@ -345,7 +347,7 @@ static int __init jent_mod_init(void)`

			`desc->tfm = tfm;`
			`crypto_shash_init(desc);`
			`- ret = jent_entropy_init(0, 0, desc);`
			`+ ret = jent_entropy_init(CONFIG_CRYPTO_JITTERENTROPY_OSR, 0, desc);`
			`shash_desc_zero(desc);`
			`crypto_free_shash(tfm);`
			`if (ret) {`