[PATCH v2 22/25] crypto: ansi_cprng - Tweak comments

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



It's not based on the NIST-recommended algorithm, it *is* the
NIST-recommended algorithm, and has even passed their validation
tests.

Also make clear that it's intended to be a determinsitic generator,
despite the confusing name of the DT vector.

Signed-off-by: George Spelvin <linux@xxxxxxxxxxx>
---
 crypto/ansi_cprng.c | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/crypto/ansi_cprng.c b/crypto/ansi_cprng.c
index f3e280c4..9c8475a2 100644
--- a/crypto/ansi_cprng.c
+++ b/crypto/ansi_cprng.c
@@ -1,7 +1,9 @@
 /*
- * PRNG: Pseudo Random Number Generator
- *       Based on NIST Recommended PRNG From ANSI X9.31 Appendix A.2.4 using
- *       AES 128 cipher
+ * PRNG: This is the "NIST-Recommended Random Number Generator Based
+ *	 on ANSI X9.31 Appendix A.2.4" using the AES 128 cipher.
+ *	 Many specific kernel snapshots have collected validations from
+ *	 the NIST RNG Validation System; results are available at
+ *	 http://csrc.nist.gov/groups/STM/cavp/documents/rng/rngval.html
  *
  *  (C) Neil Horman <nhorman@xxxxxxxxxxxxx>
  *
@@ -9,8 +11,6 @@
  *  under the terms of the GNU General Public License as published by the
  *  Free Software Foundation; either version 2 of the License, or (at your
  *  any later version.
- *
- *
  */
 
 #include <crypto/internal/rng.h>
@@ -36,7 +36,12 @@
  * Note: DT is our counter value
  *	 V is our seed vector
  * See http://csrc.nist.gov/groups/STM/cavp/documents/rng/931rngext.pdf
- * for implementation details
+ * for implementation details.
+ *
+ * Note that even though DT stands for "date/time", since this is a
+ * deterministic pseudo-random generator, it is a determinsitic counter,
+ * not a timestamp.  Its function is not to inject seed entropy, but to
+ * ensure a long period in the output.
  */
 struct prng_context {
 	spinlock_t prng_lock;
-- 
2.1.3

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux