2008-07-03 20:19:41

by Neil Horman

[permalink] [raw]
Subject: [PATCH 0/2] RNG: Add Pseudo Random Number Generator to kernel

This patchset add a pseudo random number generator to the kernel crypto library.
Usefull in assisting with the implementation of various FIPS compliant ipsec
algorithms. Based on the suggestions provided in ANSI X9.31 Appendix A.2.4.
Tested successfully by myself. Set consists of two parts:
1/2: creation of files prng.c and prng.h
2/2: Addition of Kconfig & Makefile rules to build code

Regards
Neil

Signed-off-by: Neil Horman <[email protected]>


--
/***************************************************
*Neil Horman
*[email protected]
*gpg keyid: 1024D / 0x92A74FA1
*http://pgp.mit.edu
***************************************************/


Subject: Re: [PATCH 0/2] RNG: Add Pseudo Random Number Generator to kernel

* Neil Horman | 2008-07-03 16:19:24 [-0400]:

>This patchset add a pseudo random number generator to the kernel crypto library.
>Usefull in assisting with the implementation of various FIPS compliant ipsec
>algorithms. Based on the suggestions provided in ANSI X9.31 Appendix A.2.4.
>Tested successfully by myself. Set consists of two parts:

Anything wrong with get_random_bytes()?
Whats the advantage over get_random_bytes()?

>
>Regards
>Neil

Sebastian

2008-07-03 23:36:36

by Andi Kleen

[permalink] [raw]
Subject: Re: [PATCH 0/2] RNG: Add Pseudo Random Number Generator to kernel

Sebastian Siewior <[email protected]> writes:
>
> Anything wrong with get_random_bytes()?
> Whats the advantage over get_random_bytes()?

get_random_bytes() is not a _pseudo_ random number generator,
it doesn't have a seed and you cannot get repeatable sequences
out of it.

random32.c is though, but currently it's not reseedable either.
I needed a true reseedable prng a few times too so this
would be useful, although i guess random32.c could have been
fixed. But perhaps there's a need for a more cryptographically
strong PRNG too.

-Andi

2008-07-04 02:10:59

by Neil Horman

[permalink] [raw]
Subject: Re: [PATCH 0/2] RNG: Add Pseudo Random Number Generator to kernel

On Fri, Jul 04, 2008 at 01:36:33AM +0200, Andi Kleen wrote:
> Sebastian Siewior <[email protected]> writes:
> >
> > Anything wrong with get_random_bytes()?
> > Whats the advantage over get_random_bytes()?
>
> get_random_bytes() is not a _pseudo_ random number generator,
> it doesn't have a seed and you cannot get repeatable sequences
> out of it.
>
> random32.c is though, but currently it's not reseedable either.
> I needed a true reseedable prng a few times too so this
> would be useful, although i guess random32.c could have been
> fixed. But perhaps there's a need for a more cryptographically
> strong PRNG too.
>
> -Andi
I've not looked at random32.c specifically, but I wrote this module specifically
to be FIPS 140 compliant, which requires several things, including, but not
limited to the use of the AES and DES3 ciphers. The details of the requirements
that I wrote it to are found in ANSI X9.31, you can find it here:
http://csrc.nist.gov/groups/STM/cavp/documents/rng/931rngext.pdf

Best
Neil

--
/****************************************************
* Neil Horman <[email protected]>
* Software Engineer, Red Hat
****************************************************/

Subject: Re: [PATCH 0/2] RNG: Add Pseudo Random Number Generator to kernel

* Neil Horman | 2008-07-03 22:10:28 [-0400]:

>On Fri, Jul 04, 2008 at 01:36:33AM +0200, Andi Kleen wrote:
>> Sebastian Siewior <[email protected]> writes:
>> >
>> > Anything wrong with get_random_bytes()?
>> > Whats the advantage over get_random_bytes()?
>>
>> get_random_bytes() is not a _pseudo_ random number generator,
>> it doesn't have a seed and you cannot get repeatable sequences
>> out of it.
>>
>> random32.c is though, but currently it's not reseedable either.
>> I needed a true reseedable prng a few times too so this
>> would be useful, although i guess random32.c could have been
>> fixed. But perhaps there's a need for a more cryptographically
>> strong PRNG too.
>>
>> -Andi
>I've not looked at random32.c specifically, but I wrote this module specifically
>to be FIPS 140 compliant, which requires several things, including, but not
>limited to the use of the AES and DES3 ciphers. The details of the requirements
>that I wrote it to are found in ANSI X9.31, you can find it here:
Do you want a repeatable random number generator or just to be FIPS140
compliant (for instance for a certificate thing)?

>http://csrc.nist.gov/groups/STM/cavp/documents/rng/931rngext.pdf
I take a look on that.

>
>Best
>Neil

Sebastian

2008-07-04 11:44:41

by Neil Horman

[permalink] [raw]
Subject: Re: [PATCH 0/2] RNG: Add Pseudo Random Number Generator to kernel

On Fri, Jul 04, 2008 at 10:44:15AM +0200, Sebastian Siewior wrote:
> * Neil Horman | 2008-07-03 22:10:28 [-0400]:
>
> >On Fri, Jul 04, 2008 at 01:36:33AM +0200, Andi Kleen wrote:
> >> Sebastian Siewior <[email protected]> writes:
> >> >
> >> > Anything wrong with get_random_bytes()?
> >> > Whats the advantage over get_random_bytes()?
> >>
> >> get_random_bytes() is not a _pseudo_ random number generator,
> >> it doesn't have a seed and you cannot get repeatable sequences
> >> out of it.
> >>
> >> random32.c is though, but currently it's not reseedable either.
> >> I needed a true reseedable prng a few times too so this
> >> would be useful, although i guess random32.c could have been
> >> fixed. But perhaps there's a need for a more cryptographically
> >> strong PRNG too.
> >>
> >> -Andi
> >I've not looked at random32.c specifically, but I wrote this module specifically
> >to be FIPS 140 compliant, which requires several things, including, but not
> >limited to the use of the AES and DES3 ciphers. The details of the requirements
> >that I wrote it to are found in ANSI X9.31, you can find it here:
> Do you want a repeatable random number generator or just to be FIPS140
> compliant (for instance for a certificate thing)?
>
The former. this is intended to be a prng that can produce repeatable results
for the same initial vector, key, secret vector V and input DT. This will also
have the effet of being FIPS compliant.

Regards
Neil


--
/****************************************************
* Neil Horman <[email protected]>
* Software Engineer, Red Hat
****************************************************/

2008-07-07 07:18:23

by Herbert Xu

[permalink] [raw]
Subject: Re: [PATCH 0/2] RNG: Add Pseudo Random Number Generator to kernel

On Thu, Jul 03, 2008 at 04:19:24PM -0400, Neil Horman wrote:
> This patchset add a pseudo random number generator to the kernel crypto library.
> Usefull in assisting with the implementation of various FIPS compliant ipsec
> algorithms. Based on the suggestions provided in ANSI X9.31 Appendix A.2.4.
> Tested successfully by myself. Set consists of two parts:
> 1/2: creation of files prng.c and prng.h
> 2/2: Addition of Kconfig & Makefile rules to build code
>
> Regards
> Neil
>
> Signed-off-by: Neil Horman <[email protected]>

All applied to cryptodev-2.6. Thanks Neil!
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt