From owner-svn-src-all@freebsd.org Fri Mar 8 01:49:36 2019 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2CEC0152E7FF for ; Fri, 8 Mar 2019 01:49:36 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-qk1-x742.google.com (mail-qk1-x742.google.com [IPv6:2607:f8b0:4864:20::742]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9E398850F8 for ; Fri, 8 Mar 2019 01:49:35 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: by mail-qk1-x742.google.com with SMTP id z13so10334940qki.2 for ; Thu, 07 Mar 2019 17:49:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=PbB+LRAXZYImwcoXbl7jjAkMCUe9cAOWrF/2ySlCImU=; b=MRRRHZVaam63/MKOf50GIml1wlbbVx1NUWzfWh+4CM/HsjAohjODl8XhZG/5goXRZb jeskGlcc1/NCdsD/seYtkGSr3FRAtVmkL5qbA/LBKBboTxMs/XoSKuP/0uJyg6DCdQjJ i6iS1HZNzQDoVADrZTxL7GHFm/aAaDUhCnIB3Qvaf8MFZGTKu6Zcca4q4RcOKZ/1Ovwe I5pzULJH6L3EdVsuKWGkP9w/fk7ynuyCqpiwthhhpzkOKl9pIK5f2gvyeappfTX88P+S L28NeeeHV8EyZ/Ahpneuv8YHly0jmiYkqLbAqAHfi2vUgZre/+CAM/KmNegvqkH3166K mq6Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=PbB+LRAXZYImwcoXbl7jjAkMCUe9cAOWrF/2ySlCImU=; b=dpwDCYDRVyjpgTXuXOmnFGSWIeat7PE5qo/EhzuMRJKFnkAJExXtVNZu/lS2jcqo4d lyJxlHQ6Qe3TvM01OCfFcHg3PKTBRysQb0xs9AWjsmvaxX/rHM2YmlUvdKbJlH3ETjcE icLlsewMGRMNa/Kqt0lSasQPoVtBYCQESre4YJNE5+kmaLyHskT0mb8y1jx5SCvjTEco ATkUX5tNklUiLKwhJPAUX9u9DIHT+iZWQN7l7gDr8jNBr7v2xVzNQt6U99OPy5llJV0p vEorckNt2xLd48YfYloNsbzbmj01ufIL8GcWldbd19fRX4Fmo0qGz+LMF955GhM+x9po rlTA== X-Gm-Message-State: APjAAAWM0bzldQfwB7mZm6WE+BFxVN4zdl8e3P4JwqsMvZocmORpQuIM dmGLIZYKPfGvGqIjEWb3v8mh2X3hQGE= X-Google-Smtp-Source: APXvYqwuh8hf7x4rYCe8u/U5XjzLzoWORYdusUjJY+cQM+wY3JevyXTZb+P1fdu8XEtLYuCYy/E5Vg== X-Received: by 2002:a05:620a:12e1:: with SMTP id f1mr4411727qkl.151.1552009775087; Thu, 07 Mar 2019 17:49:35 -0800 (PST) Received: from mutt-hbsd ([151.196.118.239]) by smtp.gmail.com with ESMTPSA id g123sm4772343qkg.0.2019.03.07.17.49.34 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 07 Mar 2019 17:49:34 -0800 (PST) Date: Thu, 7 Mar 2019 20:48:58 -0500 From: Shawn Webb To: Conrad Meyer Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r344913 - head/sys/dev/random Message-ID: <20190308014858.2kowmri5nx7oa7a5@mutt-hbsd> References: <201903080117.x281HK4N002587@repo.freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="iyadebnuiasa6kxb" Content-Disposition: inline In-Reply-To: <201903080117.x281HK4N002587@repo.freebsd.org> X-Operating-System: FreeBSD mutt-hbsd 13.0-CURRENT-HBSD FreeBSD 13.0-CURRENT-HBSD HARDENEDBSD-13-CURRENT amd64 X-PGP-Key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0x6A84658F52456EEE User-Agent: NeoMutt/20180716 X-Rspamd-Queue-Id: 9E398850F8 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-6.99 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; REPLY(-4.00)[]; NEURAL_HAM_SHORT(-0.99)[-0.987,0] X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Mar 2019 01:49:36 -0000 --iyadebnuiasa6kxb Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hey Conrad, On Fri, Mar 08, 2019 at 01:17:20AM +0000, Conrad Meyer wrote: > Author: cem > Date: Fri Mar 8 01:17:20 2019 > New Revision: 344913 > URL: https://svnweb.freebsd.org/changeset/base/344913 >=20 > Log: > Fortuna: Add Chacha20 as an alternative stream cipher > =20 > Chacha20 with a 256 bit key and 128 bit counter size is a good match fo= r an > AES256-ICM replacement. > =20 > In userspace, Chacha20 is typically marginally slower than AES-ICM on > machines with AESNI intrinsics, but typically much faster than AES on > machines without special intrinsics. ChaCha20 does well on typical mod= ern > architectures with SIMD instructions, which includes most types of mach= ines > FreeBSD runs on. > =20 > In the kernel, we can't (or don't) make use of AESNI intrinsics for > random(4) anyway. So even on amd64, using Chacha provides a modest > performance improvement in random device throughput today. > =20 > This change makes the stream cipher used by random(4) configurable at b= oot > time with the 'kern.random.use_chacha20_cipher' tunable. > =20 > Very rough, non-scientific measurements at the /dev/random device, on a > GENERIC-NODEBUG amd64 VM with 'pv', show a factor of 2.2x higher throug= hput > for Chacha20 over the existing AES-ICM mode. > =20 > Reviewed by: delphij, markm > Approved by: secteam (delphij) > Differential Revision: https://reviews.freebsd.org/D19475 >=20 > Modified: > head/sys/dev/random/fortuna.c > head/sys/dev/random/hash.c > head/sys/dev/random/hash.h > head/sys/dev/random/uint128.h > > Modified: head/sys/dev/random/hash.c > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > --- head/sys/dev/random/hash.c Fri Mar 8 01:04:19 2019 (r344912) > +++ head/sys/dev/random/hash.c Fri Mar 8 01:17:20 2019 (r344913) > +/* Validate that full Chacha IV is as large as the 128-bit counter */ > +_Static_assert(CHACHA_STATELEN =3D=3D RANDOM_BLOCKSIZE, ""); > + > +/* > + * Experimental Chacha20-based PRF for Fortuna keystream primitive. For= now, > + * disabled by default. But we may enable it in the future. > + * > + * Benefits include somewhat faster keystream generation compared with > + * unaccelerated AES-ICM. > + */ > +bool random_chachamode =3D false; > +#ifdef _KERNEL > +SYSCTL_BOOL(_kern_random, OID_AUTO, use_chacha20_cipher, CTLFLAG_RDTUN, > + &random_chachamode, 0, > + "If non-zero, use the ChaCha20 cipher for randomdev PRF. " > + "If zero, use AES-ICM cipher for randomdev PRF (default)."); > +#endif I'm curious if that sysctl node could be documented in a manpage, perhaps the random(4) manpage would be a good candidate for updating. Thanks, --=20 Shawn Webb Cofounder and Security Engineer HardenedBSD Tor-ified Signal: +1 443-546-8752 Tor+XMPP+OTR: lattera@is.a.hacker.sx GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE --iyadebnuiasa6kxb Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEKrq2ve9q9Ia+iT2eaoRlj1JFbu4FAlyByggACgkQaoRlj1JF bu66sQ//bUflj/qhnl9tOaGhDP2jAsWeIFGZ7WCzeCpkeFzhxT4LHvQveJnjtFhX p4ub4qGvbLGv0fDHRxIuP4S8NObaI5mkIivCAmdPOApNT5RBYtasoz8Y0O+A0Xkm x647JwVGdmPtXY8gGJPNuQKeMGMav7YX5gUxTDlh3M4Qasje+dxM9j/0adEYp6EX jZdPvtisT/iIH+eDvFZA2ayjsQ2BPB7ADKXkHEnmhi9JXyyX6hzX+bSbYSU2ry9g 9LupckX3RFXWFrvHqKPfKzmzGVmUiA4GZP3rjCc1rOsUmHeVO8PfzjZ/yWKGA8JU p7S8RnnPfb0ji5Edp9wO4WnXaCnpdsCTipBLMd9Z+WPQog+xkq1Es/H3owjAbVtY t5FTv3Pay63sGj3CgodkJU9lbslmJgX2yyoyZJa9LNGPow5bJmeHEoCN3wCHERTD uSdgQX4xoQlCrW+fMn5FDCrtNr+rLHYIbwQSBEXGAvINDFsGjRVGnwWRi2oH8Xqq BCMu9giAm3j+BVMtSeBD/jf0XUv3CaYEzOrAQjMRuwBf6rUXGmR9CY0wR6gdzZcw QXkTC3UZAYJZi8SXkEZKzpC3jT11Dl7TPNsoLWI/gGR7ZKWXz9jrNtDyC2l3mrfg qkhceGVfYIA9WKAhlUvsCA/gL66CiCqz/52jm+aPBRgUKNwCJ2A= =1COL -----END PGP SIGNATURE----- --iyadebnuiasa6kxb--