diff options
author | Stephan Müller <smueller@chronox.de> | 2019-05-29 21:24:25 +0200 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2019-06-06 14:38:57 +0800 |
commit | f67faf67701574a9f463c44f29ce3a6c80152f61 (patch) | |
tree | da8fd0aaab6105bb7e7ccf8e5dfab6b92623ef25 /crypto/testmgr.c | |
parent | b15f05e1647f8d35ec211b92ec0c02e867ee1e38 (diff) | |
download | linux-crypto-f67faf67701574a9f463c44f29ce3a6c80152f61.tar.gz linux-crypto-f67faf67701574a9f463c44f29ce3a6c80152f61.zip |
crypto: jitter - update implementation to 2.1.2
The Jitter RNG implementation is updated to comply with upstream version
2.1.2. The change covers the following aspects:
* Time variation measurement is conducted over the LFSR operation
instead of the XOR folding
* Invcation of stuck test during initialization
* Removal of the stirring functionality and the Von-Neumann
unbiaser as the LFSR using a primitive and irreducible polynomial
generates an identical distribution of random bits
This implementation was successfully used in FIPS 140-2 validations
as well as in German BSI evaluations.
This kernel implementation was tested as follows:
* The unchanged kernel code file jitterentropy.c is compiled as part
of user space application to generate raw unconditioned noise
data. That data is processed with the NIST SP800-90B non-IID test
tool to verify that the kernel code exhibits an equal amount of noise
as the upstream Jitter RNG version 2.1.2.
* Using AF_ALG with the libkcapi tool of kcapi-rng the Jitter RNG was
output tested with dieharder to verify that the output does not
exhibit statistical weaknesses. The following command was used:
kcapi-rng -n "jitterentropy_rng" -b 100000000000 | dieharder -a -g 200
* The unchanged kernel code file jitterentropy.c is compiled as part
of user space application to test the LFSR implementation. The
LFSR is injected a monotonically increasing counter as input and
the output is fed into dieharder to verify that the LFSR operation
does not exhibit statistical weaknesses.
* The patch was tested on the Muen separation kernel which returns
a more coarse time stamp to verify that the Jitter RNG does not cause
regressions with its initialization test considering that the Jitter
RNG depends on a high-resolution timer.
Tested-by: Reto Buerki <reet@codelabs.ch>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto/testmgr.c')
0 files changed, 0 insertions, 0 deletions