Re: [PATCH] crypto: Jitter RNG - update implementation to 2.1.2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, May 29, 2019 at 09:24:25PM +0200, Stephan Müller wrote:
> The Jitter RNG implementation is updated to comply with upstream version
> 2.1.2. The change covers the following aspects:
> 
> * Time variation measurement is conducted over the LFSR operation
> instead of the XOR folding
> 
> * Invcation of stuck test during initialization
> 
> * Removal of the stirring functionality and the Von-Neumann
> unbiaser as the LFSR using a primitive and irreducible polynomial
> generates an identical distribution of random bits
> 
> This implementation was successfully used in FIPS 140-2 validations
> as well as in German BSI evaluations.
> 
> This kernel implementation was tested as follows:
> 
> * The unchanged kernel code file jitterentropy.c is compiled as part
> of user space application to generate raw unconditioned noise
> data. That data is processed with the NIST SP800-90B non-IID test
> tool to verify that the kernel code exhibits an equal amount of noise
> as the upstream Jitter RNG version 2.1.2.
> 
> * Using AF_ALG with the libkcapi tool of kcapi-rng the Jitter RNG was
> output tested with dieharder to verify that the output does not
> exhibit statistical weaknesses. The following command was used:
> kcapi-rng -n "jitterentropy_rng" -b 100000000000 | dieharder -a -g 200
> 
> * The unchanged kernel code file jitterentropy.c is compiled as part
> of user space application to test the LFSR implementation. The
> LFSR is injected a monotonically increasing counter as input and
> the output is fed into dieharder to verify that the LFSR operation
> does not exhibit statistical weaknesses.
> 
> * The patch was tested on the Muen separation kernel which returns
> a more coarse time stamp to verify that the Jitter RNG does not cause
> regressions with its initialization test considering that the Jitter
> RNG depends on a high-resolution timer.
> 
> Tested-by: Reto Buerki <reet@xxxxxxxxxxx>
> Signed-off-by: Stephan Mueller <smueller@xxxxxxxxxx>
> ---
>  crypto/jitterentropy-kcapi.c |   5 -
>  crypto/jitterentropy.c       | 305 ++++++++++-------------------------
>  2 files changed, 82 insertions(+), 228 deletions(-)

Patch applied.  Thanks.
-- 
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux