Received: by 2002:a25:868d:0:0:0:0:0 with SMTP id z13csp393663ybk; Wed, 20 May 2020 02:19:35 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyh2tPQRiMDSxMU9bbXKhjSxdF6j7KfTIS+D+ZMQelJqr8Ppg0kC+ixsl2iOWLvKOXRWjD/ X-Received: by 2002:a17:906:fb0e:: with SMTP id lz14mr2803029ejb.237.1589966375536; Wed, 20 May 2020 02:19:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1589966375; cv=none; d=google.com; s=arc-20160816; b=wy5b5chl7USgdzSw6v3zxR+wU+O5La25AH22qvJoZt2N04xdHqSFuZG/rfou74ec++ ++hTvR3q77cPMzzHJjK8FwzXLIWooIiyUjbaJSiOCNa9DGWzZ/ivZHmB32Fwfmz8/Wrq 39svsE+RvtH1u0/M5/dkUP540eq6dfUvOFo2Y8NEEilX/VD7SXpEf4rClAQ4oLHiJqrv X66kLbLc3P9zEVqo2Z0ZJjZO7yX8baT3Cq8EUhnBBx8C5Z4vTNpub9DZNs9E4frDCXQC J0khWpKAlgz8izbq+uiGoyzamz+MZKKrRqH7LzUdLi2k/SrbL/48kIRdXdZeE+zGu4bc xW+w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=jnu5hWhBP4JZRIy4PRG4U6miSmGbRgsPoOIk1eFJ53E=; b=lDo+f83xwdIBwXzfnaqwHYsgYvOnnzKnnBdlpujTic16cha063KXHtitoxxXjhy7i/ sajWF5cgGRdbmXHaQK/H/W1bgDiw3UE1cVLNX2+M8J5xJmeAuI4qVfSSA5Tn39TUbVlA sCFz5Oy7qlPY9jpo2o5AyXDwMj9A/WWIyV2PDHs2eoXtCKt85aVFwWgfJh6ohuk415wI lHGP1+T1CRpiBz6+Vedd87GfsMsOPcfymc9H7mT41E3WdcCoJNTXANq2xEub8xHJKSec //mSMTKPuUYLSC7nU6sDWbuZNe0ss7pXpxjy5wWMvK5Q86wHwGkX0bDoQ+t0gckQW9ni pntw== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@chronox.de header.s=strato-dkim-0002 header.b=opcHvNIS; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id s19si1373645ejf.753.2020.05.20.02.19.10; Wed, 20 May 2020 02:19:35 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=fail header.i=@chronox.de header.s=strato-dkim-0002 header.b=opcHvNIS; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726718AbgETJSz (ORCPT + 99 others); Wed, 20 May 2020 05:18:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35794 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726224AbgETJSy (ORCPT ); Wed, 20 May 2020 05:18:54 -0400 Received: from mo6-p01-ob.smtp.rzone.de (mo6-p01-ob.smtp.rzone.de [IPv6:2a01:238:20a:202:5301::7]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1FCB2C061A0E; Wed, 20 May 2020 02:18:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1589966330; s=strato-dkim-0002; d=chronox.de; h=References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: X-RZG-CLASS-ID:X-RZG-AUTH:From:Subject:Sender; bh=jnu5hWhBP4JZRIy4PRG4U6miSmGbRgsPoOIk1eFJ53E=; b=opcHvNIS2wUmw7Z8RZ1xMShDtJeCEMF2S+IkoH4VGplXLFVF9y22JJ9TZPnZYh4Rdy i6wkhmgcfBQHzF3VxqKfXAYptX9H3/FG4YiJzCo7GANAEzeC5iX7PR6O6bqmmNE/LCIh WIfpu0IqwbVzf03B/9hBW21168BNxHJhesyFKjkfTFwMJrnTQgAuPlxdYYDOLhpofFfu 3pFRffsvVKBBAuqt9hWkvXkegriOQohGq0xA9sWTgWaV4LL36r3bgjvYc8Rb/D9WXOda mOEU5gHHrOtFZ211MbFl5AQ2tx8jf7k9NxcVwaRbDujt+miqvgtZnXZHdP+l+Eov+uzf frvQ== X-RZG-AUTH: ":P2ERcEykfu11Y98lp/T7+hdri+uKZK8TKWEqNyiHySGSa9k9zmgLKehaO2hZDSTWbg/LOA==" X-RZG-CLASS-ID: mo00 Received: from tauon.chronox.de by smtp.strato.de (RZmta 46.7.0 AUTH) with ESMTPSA id k09005w4K9IZ4DL (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits)) (Client did not present a certificate); Wed, 20 May 2020 11:18:35 +0200 (CEST) From: Stephan Mueller To: Lukasz Stelmach Cc: Matt Mackall , Herbert Xu , Arnd Bergmann , Greg Kroah-Hartman , Ray Jui , Scott Branden , bcm-kernel-feedback-list@broadcom.com, Kukjin Kim , Krzysztof Kozlowski , Florian Fainelli , Markus Elfring , Matthias Brugger , Stefan Wahren , linux-crypto@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-samsung-soc@vger.kernel.org, Bartlomiej Zolnierkiewicz Subject: Re: [PATCH v2 1/2] hwrng: iproc-rng200 - Set the quality value Date: Wed, 20 May 2020 11:18:32 +0200 Message-ID: <15745285.MnsZKaK4VV@tauon.chronox.de> In-Reply-To: References: <1748331.j7eDFAdTc1@tauon.chronox.de> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="UTF-8" Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Am Mittwoch, 20. Mai 2020, 11:10:32 CEST schrieb Lukasz Stelmach: Hi Lukasz, > It was <2020-05-20 =C5=9Bro 08:23>, when Stephan Mueller wrote: > > Am Dienstag, 19. Mai 2020, 23:25:51 CEST schrieb =C5=81ukasz Stelmach: > >> The value was estimaded with ea_iid[1] using on 10485760 bytes read fr= om > >> the RNG via /dev/hwrng. The min-entropy value calculated using the most > >> common value estimate (NIST SP 800-90P[2], section 6.3.1) was 7.964464. > >=20 > > I am sorry, but I think I did not make myself clear: testing random > > numbers > > post-processing with the statistical tools does NOT give any idea about > > the > > entropy rate. Thus, all that was calculated is the proper implementation > > of > > the post-processing operation and not the actual noise source. > >=20 > > What needs to happen is that we need access to raw, unconditioned data > > from > > the noise source that is analyzed with the statistical methods. >=20 > I did understand you and I assure you the data I tested were obtained > directly from RNGs. As I pointed before[1], that is how /dev/hwrng > works[2]. I understand that /dev/hwrng pulls the data straight from the hardware. But= =20 the data from the hardware usually is not obtained straight from the noise= =20 source. Typically you have a noise source (e.g. a ring oscillator) whose data is=20 digitized then fed into a compression function like an LFSR or a hash. Then= a=20 cryptographic operation like a CBC-MAC, hash or even a DRBG is applied to t= hat=20 data when the caller wants to have random numbers. In order to estimate entropy, we need the raw unconditioned data from the,= =20 say, ring oscillator and not from the (cryptographic) output operation. That said, the illustrated example is typical for hardware RNGs. Yet it is= =20 never guaranteed to work that way. Thus, if you can point to architecture=20 documentation of your specific hardware RNGs showing that the data read fro= m=20 the hardware is pure unconditioned noise data, then I have no objections to= =20 the patch. >=20 > If I am wrong, do show me the code that processes the data from a HW RNG > before copying them to user provided buffer[3]. I am not talking about any software post-processing. I am talking about pos= t- processing within the hardware. >=20 > [1] https://lkml.org/lkml/2020/5/15/252 > [2] > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/D= oc > umentation/admin-guide/hw_random.rst?h=3Dv5.6 [3] > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/d= ri > vers/char/hw_random/core.c?h=3Dv5.6#n251 >=20 > Kind regards, Ciao Stephan