On Wed, May 29, 2019 at 09:24:25PM +0200, Stephan Müller wrote: > The Jitter RNG implementation is updated to comply with upstream version > 2.1.2. The change covers the following aspects: > > * Time variation measurement is conducted over the LFSR operation > instead of the XOR folding > > * Invcation of stuck test during initialization > > * Removal of the stirring functionality and the Von-Neumann > unbiaser as the LFSR using a primitive and irreducible polynomial > generates an identical distribution of random bits > > This implementation was successfully used in FIPS 140-2 validations > as well as in German BSI evaluations. > > This kernel implementation was tested as follows: > > * The unchanged kernel code file jitterentropy.c is compiled as part > of user space application to generate raw unconditioned noise > data. That data is processed with the NIST SP800-90B non-IID test > tool to verify that the kernel code exhibits an equal amount of noise > as the upstream Jitter RNG version 2.1.2. > > * Using AF_ALG with the libkcapi tool of kcapi-rng the Jitter RNG was > output tested with dieharder to verify that the output does not > exhibit statistical weaknesses. The following command was used: > kcapi-rng -n "jitterentropy_rng" -b 100000000000 | dieharder -a -g 200 > > * The unchanged kernel code file jitterentropy.c is compiled as part > of user space application to test the LFSR implementation. The > LFSR is injected a monotonically increasing counter as input and > the output is fed into dieharder to verify that the LFSR operation > does not exhibit statistical weaknesses. > > * The patch was tested on the Muen separation kernel which returns > a more coarse time stamp to verify that the Jitter RNG does not cause > regressions with its initialization test considering that the Jitter > RNG depends on a high-resolution timer. > > Tested-by: Reto Buerki <reet@xxxxxxxxxxx> > Signed-off-by: Stephan Mueller <smueller@xxxxxxxxxx> > --- > crypto/jitterentropy-kcapi.c | 5 - > crypto/jitterentropy.c | 305 ++++++++++------------------------- > 2 files changed, 82 insertions(+), 228 deletions(-) Patch applied. Thanks. -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
