This patchset add a pseudo random number generator to the kernel crypto library.
Usefull in assisting with the implementation of various FIPS compliant ipsec
algorithms. Based on the suggestions provided in ANSI X9.31 Appendix A.2.4.
Tested successfully by myself. Set consists of two parts:
1/2: creation of files prng.c and prng.h
2/2: Addition of Kconfig & Makefile rules to build code
Regards
Neil
Signed-off-by: Neil Horman <[email protected]>
--
/***************************************************
*Neil Horman
*[email protected]
*gpg keyid: 1024D / 0x92A74FA1
*http://pgp.mit.edu
***************************************************/
* Neil Horman | 2008-07-03 16:19:24 [-0400]:
>This patchset add a pseudo random number generator to the kernel crypto library.
>Usefull in assisting with the implementation of various FIPS compliant ipsec
>algorithms. Based on the suggestions provided in ANSI X9.31 Appendix A.2.4.
>Tested successfully by myself. Set consists of two parts:
Anything wrong with get_random_bytes()?
Whats the advantage over get_random_bytes()?
>
>Regards
>Neil
Sebastian
Sebastian Siewior <[email protected]> writes:
>
> Anything wrong with get_random_bytes()?
> Whats the advantage over get_random_bytes()?
get_random_bytes() is not a _pseudo_ random number generator,
it doesn't have a seed and you cannot get repeatable sequences
out of it.
random32.c is though, but currently it's not reseedable either.
I needed a true reseedable prng a few times too so this
would be useful, although i guess random32.c could have been
fixed. But perhaps there's a need for a more cryptographically
strong PRNG too.
-Andi
On Fri, Jul 04, 2008 at 01:36:33AM +0200, Andi Kleen wrote:
> Sebastian Siewior <[email protected]> writes:
> >
> > Anything wrong with get_random_bytes()?
> > Whats the advantage over get_random_bytes()?
>
> get_random_bytes() is not a _pseudo_ random number generator,
> it doesn't have a seed and you cannot get repeatable sequences
> out of it.
>
> random32.c is though, but currently it's not reseedable either.
> I needed a true reseedable prng a few times too so this
> would be useful, although i guess random32.c could have been
> fixed. But perhaps there's a need for a more cryptographically
> strong PRNG too.
>
> -Andi
I've not looked at random32.c specifically, but I wrote this module specifically
to be FIPS 140 compliant, which requires several things, including, but not
limited to the use of the AES and DES3 ciphers. The details of the requirements
that I wrote it to are found in ANSI X9.31, you can find it here:
http://csrc.nist.gov/groups/STM/cavp/documents/rng/931rngext.pdf
Best
Neil
--
/****************************************************
* Neil Horman <[email protected]>
* Software Engineer, Red Hat
****************************************************/
* Neil Horman | 2008-07-03 22:10:28 [-0400]:
>On Fri, Jul 04, 2008 at 01:36:33AM +0200, Andi Kleen wrote:
>> Sebastian Siewior <[email protected]> writes:
>> >
>> > Anything wrong with get_random_bytes()?
>> > Whats the advantage over get_random_bytes()?
>>
>> get_random_bytes() is not a _pseudo_ random number generator,
>> it doesn't have a seed and you cannot get repeatable sequences
>> out of it.
>>
>> random32.c is though, but currently it's not reseedable either.
>> I needed a true reseedable prng a few times too so this
>> would be useful, although i guess random32.c could have been
>> fixed. But perhaps there's a need for a more cryptographically
>> strong PRNG too.
>>
>> -Andi
>I've not looked at random32.c specifically, but I wrote this module specifically
>to be FIPS 140 compliant, which requires several things, including, but not
>limited to the use of the AES and DES3 ciphers. The details of the requirements
>that I wrote it to are found in ANSI X9.31, you can find it here:
Do you want a repeatable random number generator or just to be FIPS140
compliant (for instance for a certificate thing)?
>http://csrc.nist.gov/groups/STM/cavp/documents/rng/931rngext.pdf
I take a look on that.
>
>Best
>Neil
Sebastian
On Fri, Jul 04, 2008 at 10:44:15AM +0200, Sebastian Siewior wrote:
> * Neil Horman | 2008-07-03 22:10:28 [-0400]:
>
> >On Fri, Jul 04, 2008 at 01:36:33AM +0200, Andi Kleen wrote:
> >> Sebastian Siewior <[email protected]> writes:
> >> >
> >> > Anything wrong with get_random_bytes()?
> >> > Whats the advantage over get_random_bytes()?
> >>
> >> get_random_bytes() is not a _pseudo_ random number generator,
> >> it doesn't have a seed and you cannot get repeatable sequences
> >> out of it.
> >>
> >> random32.c is though, but currently it's not reseedable either.
> >> I needed a true reseedable prng a few times too so this
> >> would be useful, although i guess random32.c could have been
> >> fixed. But perhaps there's a need for a more cryptographically
> >> strong PRNG too.
> >>
> >> -Andi
> >I've not looked at random32.c specifically, but I wrote this module specifically
> >to be FIPS 140 compliant, which requires several things, including, but not
> >limited to the use of the AES and DES3 ciphers. The details of the requirements
> >that I wrote it to are found in ANSI X9.31, you can find it here:
> Do you want a repeatable random number generator or just to be FIPS140
> compliant (for instance for a certificate thing)?
>
The former. this is intended to be a prng that can produce repeatable results
for the same initial vector, key, secret vector V and input DT. This will also
have the effet of being FIPS compliant.
Regards
Neil
--
/****************************************************
* Neil Horman <[email protected]>
* Software Engineer, Red Hat
****************************************************/
On Thu, Jul 03, 2008 at 04:19:24PM -0400, Neil Horman wrote:
> This patchset add a pseudo random number generator to the kernel crypto library.
> Usefull in assisting with the implementation of various FIPS compliant ipsec
> algorithms. Based on the suggestions provided in ANSI X9.31 Appendix A.2.4.
> Tested successfully by myself. Set consists of two parts:
> 1/2: creation of files prng.c and prng.h
> 2/2: Addition of Kconfig & Makefile rules to build code
>
> Regards
> Neil
>
> Signed-off-by: Neil Horman <[email protected]>
All applied to cryptodev-2.6. Thanks Neil!
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt