change system file

hc

2024-10-09 244b2c5ca8b14627e4a17755e5922221e121c771

 kernel/Documentation/crypto/userspace-if.rst
..
..
@@ -23,7 +23,7 @@
23
23
 and asynchronous invocations. The user space API call is fully
24
24
 synchronous.
25
25
 
26
-[1] http://www.chronox.de/libkcapi.html
26
+[1] https://www.chronox.de/libkcapi.html
27
27
 
28
28
 User Space API General Remarks
29
29
 ------------------------------
..
..
@@ -296,15 +296,16 @@
296
296
 
297
297
     struct sockaddr_alg sa = {
298
298
         .salg_family = AF_ALG,
299
-        .salg_type = "rng", /* this selects the symmetric cipher */
300
-        .salg_name = "drbg_nopr_sha256" /* this is the cipher name */
299
+        .salg_type = "rng", /* this selects the random number generator */
300
+        .salg_name = "drbg_nopr_sha256" /* this is the RNG name */
301
301
     };
302
302
 
303
303
 
304
304
 Depending on the RNG type, the RNG must be seeded. The seed is provided
305
305
 using the setsockopt interface to set the key. For example, the
306
306
 ansi_cprng requires a seed. The DRBGs do not require a seed, but may be
307
-seeded.
307
+seeded. The seed is also known as a *Personalization String* in NIST SP 800-90A
308
+standard.
308
309
 
309
310
 Using the read()/recvmsg() system calls, random numbers can be obtained.
310
311
 The kernel generates at most 128 bytes in one call. If user space
..
..
@@ -313,6 +314,16 @@
313
314
 WARNING: The user space caller may invoke the initially mentioned accept
314
315
 system call multiple times. In this case, the returned file descriptors
315
316
 have the same state.
317
+
318
+Following CAVP testing interfaces are enabled when kernel is built with
319
+CRYPTO_USER_API_RNG_CAVP option:
320
+
321
+-  the concatenation of *Entropy* and *Nonce* can be provided to the RNG via
322
+   ALG_SET_DRBG_ENTROPY setsockopt interface. Setting the entropy requires
323
+   CAP_SYS_ADMIN permission.
324
+
325
+-  *Additional Data* can be provided using the send()/sendmsg() system calls,
326
+   but only after the entropy has been set.
316
327
 
317
328
 Zero-Copy Interface
318
329
 -------------------
..
..
@@ -377,6 +388,9 @@
377
388
    provided ciphertext is assumed to contain an authentication tag of
378
389
    the given size (see section about AEAD memory layout below).
379
390
 
391
+-  ALG_SET_DRBG_ENTROPY -- Setting the entropy of the random number generator.
392
+   This option is applicable to RNG cipher type only.
393
+
380
394
 User space API example
381
395
 ----------------------
382
396
 
..
..
@@ -384,4 +398,4 @@
384
398
 the aforementioned Netlink kernel interface. [1] also contains a test
385
399
 application that invokes all libkcapi API calls.
386
400
 
387
-[1] http://www.chronox.de/libkcapi.html
401
+[1] https://www.chronox.de/libkcapi.html