Re: jitterentropy_rng on armv5 embedded target

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Freitag, 8. Mai 2020, 13:40:08 CEST schrieb Alexander Dahl:

Hi Alexander,

> Hello,
> 
> after upgrading OpenSSL to 1.1.1g on an armv5 based embedded target I had a
> deeper look into entropy generation for that device and stumbled over the in
> kernel 'jitterentropy_rng' module.
> 
> As far as I understood it's supposed to do the same as the well known
> 'haveged' or the userspace daemon 'jitterentropy-rngd' by Stephan Müller
> [1], right?

Yes, precisely. In fact, it is the identical code base of the core 
functionality that both the kernel and the jitterentropy-rngd uses. See the 
comment at the top of the kernel source code.

> (Although those daemons would solve my problem, I currently try
> to avoid them, because memory on my platform is very restricted and every
> additional running userspace process costs at least around 1 MB.)

If you compile it and you also have AF_ALG for RNGs compiled, you can use it 
through the AF_ALG interface (see [1] for a library). But IMHO if you are 
space-constrained, you do not want that code.

Rather use the jitterentropy-library from [2] and link it straight from your 
application.
> 
> If so, then how is it supposed to be set up? 

It is intended for in-kernel purposes (namely to seed its DRBG).

> I built it for 4.9.x LTS, but
> after loading it with 'modprobe' I see nothing in the kernel log and there's
> no significant change in /proc/sys/kernel/random/entropy_avail (stays well
> below 100 most of the time). Isn't that module supposed to gather entropy
> from cpu timing jitter?
> 
> Puzzled
> Alex
> 
> [1] https://www.chronox.de/jent.html

[1] https://www.chronox.de/libkcapi.html

[2] https://github.com/smuellerDD/jitterentropy-library


Ciao
Stephan






[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux