Received: by 2002:a05:6a10:a841:0:0:0:0 with SMTP id d1csp59972pxy; Wed, 21 Apr 2021 18:29:48 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxnVaSgdtEOoiToU8fLW56Fyb0l8aWWoieHxt538pj3sdAeX1f28vRbOLNuAoL4df+BXDDr X-Received: by 2002:a17:906:1444:: with SMTP id q4mr658996ejc.343.1619054988079; Wed, 21 Apr 2021 18:29:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1619054988; cv=none; d=google.com; s=arc-20160816; b=Rvs2CEnfRgRQjz6sD70usbZ1CNnSJpLOd8X6XicV2OQ/I7WnoaOjuiN48sXkeo57xx 3sjQTADD3rR4dmMfSmuYHIj7fZsTeTz2ebIN9omnUkE3YSO48wZN77HKyyvKdO/IQ3pE 3muYz9sXZWeqmKOVIidnyLNAMvRIoMiuIppe6hoOnzF1tamPRXgBrnHIDuKYD6zlIFeQ 9wUNe/brJHSCF+OhmAABDrLHVoEbgC1mwSazQbcemFXLOWgobnzEQNbZufxVMIrMvPZj IlsTNx8UKbEnhYaDKG8vDLVpYXry2N26rThGlpwozLdmHME5d6LAyKERnkUjKDRJ4Gya zuOQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=1AeyaeZGmeE0Hv+CqvOq8qIb5HxVYmNwnGkSJqADAOc=; b=GWcx10nnHASG7Hdy7bLnF8i7ps7YsmP6mTGLoGW7b0yp/qzgelnnp+V15UmrhOY7gB V+yIiV1w7WPUqHv4NjWU/GTfvJYQQCBjwJ9pl+9Xx8SgLyvjRav76DXaX0uGh1FMlKsz GFVDe3Cm9sUxevUoXLs5kl4WkJPusj8fTrLod9Dc2JmQ0zD9wz3pw4ChxyBoShljqutN BkzwjPh/0ckF4wb9eS53fmBfZGVqK9/LmerE3NOdLhojGp1zejgTxXK+F+ivqGm4SNvn Z7rsYbrqX7k9/g79jy0hugJLwBFP/SpXCDyScyk9IUTxBGhb3XMVdJTiwOAogcrw7aBo ye/g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id p5si871133edh.472.2021.04.21.18.29.25; Wed, 21 Apr 2021 18:29:48 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235459AbhDVAPI (ORCPT + 99 others); Wed, 21 Apr 2021 20:15:08 -0400 Received: from helcar.hmeau.com ([216.24.177.18]:45926 "EHLO fornost.hmeau.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231363AbhDVAPI (ORCPT ); Wed, 21 Apr 2021 20:15:08 -0400 Received: from gwarestrin.arnor.me.apana.org.au ([192.168.103.7]) by fornost.hmeau.com with smtp (Exim 4.92 #5 (Debian)) id 1lZMzG-0006L1-Bl; Thu, 22 Apr 2021 10:14:31 +1000 Received: by gwarestrin.arnor.me.apana.org.au (sSMTP sendmail emulation); Thu, 22 Apr 2021 10:14:30 +1000 Date: Thu, 22 Apr 2021 10:14:30 +1000 From: Herbert Xu To: Corentin Labbe Cc: linux-crypto@vger.kernel.org, linus.walleij@linaro.org, linux-kernel@vger.kernel.org Subject: Re: cortina/gemini: hwrng: what is its quality ? Message-ID: <20210422001430.GA4246@gondor.apana.org.au> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Wed, Apr 21, 2021 at 10:03:17PM +0200, Corentin Labbe wrote: > hello > > I work on the crypto part of the cortina/gemini SL3516 SoC. > The datasheet mention a HWRNG in its IP but really briefly: > """ > The implementation is a 32-bit Hardware Random Number Generator that has a uniformed > distribution between 0 and 2^32 -1. The hardware randomness is created by sampling data from > different clock domains, and feeding it as input to the 32-bit maximum length LFSR (Linear Feedback > Shift Register) > """ > > Piping its output to rngtest give: > dd if=/dev/hwrng count=2000 bs=2048 | rngtest > rngtest 6.11 > rngtest: starting FIPS tests... > rngtest: entropy source drained > rngtest: bits received from input: 32768000 > rngtest: FIPS 140-2 successes: 1191 > rngtest: FIPS 140-2 failures: 447 > rngtest: FIPS 140-2(2001-10-10) Monobit: 183 > rngtest: FIPS 140-2(2001-10-10) Poker: 116 > rngtest: FIPS 140-2(2001-10-10) Runs: 346 > 2000+0 records in > 2000+0 records out > rngtest: FIPS 140-2(2001-10-10) Long run: 0 > rngtest: FIPS 140-2(2001-10-10) Continuous run: 0 > rngtest: input channel speed: (min=303.606; avg=3143.352; max=9712.208)Kibits/s > rngtest: FIPS tests speed: (min=7.104; avg=10.332; max=10.638)Mibits/s > rngtest: Program run time: 13303224 microseconds > > That's a quite number of failure. > Can the hwrng still be used with some "hwrng->quality" setting ? > Or it is just too many failure to be used ? If in doubt just leave it zero and the admin can override it if necessary. Thanks, -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt