Re: [PATCH v3 1/3] crypto: hw_random - Add new Exynos RNG driver

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Mar 27, 2017 at 03:53:03PM +0200, Stephan Müller wrote:
> Am Montag, 27. März 2017, 06:23:11 CEST schrieb PrasannaKumar Muralidharan:
> 
> Hi PrasannaKumar,
> 
> > > Oh my, if you are right with your first guess, this is a bad DRNG design.
> > > 
> > > Just out of curiousity: what happens if a caller invokes the seed function
> > > twice or more times (each time with the sufficient amount of bits)? What
> > > is
> > > your guess here?
> > 
> > Should the second seed use the random data generated by the device?
> 
> A DRNG should be capable of processing an arbitrary amount of seed data. It 
> may be the case that the seed data must be processed in chunks though.
> 

As I said, I do not know the implementation details about hardware. They
are just not disclossed.

> That said, it may be the case that after injecting one chunk of seed the 
> currently discussed RNG simply needs to generate a random number to process 
> the input data before another seed can be added. But that is pure speculation.
> 
> But I guess that can be easily tested: inject a known seed into the DRNG, 
> generate a random number, inject the same seed again and again generate a 
> random number. If both are identical (which I do not hope), then the internal 
> state is simply overwritten (strange DRNG design).
> 
> A similar test can be made to see whether a larger set of seed simply 
> overwrites the state or is really processed.
> 
> 1. seed
> 2. generate random data
> 3. reset
> 4. seed with anther seed
> 5. generate random data
> 6. reset
> 7. seed with same data from 1
> 8. seed with same data from 2
> 9. generate random data
> 
> If data from 9 is identical to 2, then additional seed data is discarded -> 
> bad design. If data from 9 is identical to 5, then the additional data 
> overwrites the initial data -> bad DRNG design. If data from 9 neither matches 
> 2 or 5, then all seed is taken -> good design.

I tested a little bit and:
1. Seeding with some value
2. generating random,
3. kcapi_rng_destroy+kcrng_init, (I cannot do a hardware reset except
   reboot of entire system)
4. seeding with the same value as in (1) - different random numbers.

Doing a system reboot and repeating above - different random numbers
(all are different: step (2) and in (4)).

Your test case also produces different random values every time.

Best regards,
Krzysztof




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux