summaryrefslogtreecommitdiff
path: root/crypto/jitterentropy-kcapi.c
diff options
context:
space:
mode:
authorStephan Müller <smueller@chronox.de>2019-05-29 21:24:25 +0200
committerHerbert Xu <herbert@gondor.apana.org.au>2019-06-06 14:38:57 +0800
commitd9d67c87ad37218be65f4cea3ecd7e0312735e78 (patch)
tree1bd3f1281c20262d2f8359942d3503af875cc203 /crypto/jitterentropy-kcapi.c
parentd8ea98aa3cd4646945a2a9b647c2502b1e2dcdec (diff)
downloadlwn-d9d67c87ad37218be65f4cea3ecd7e0312735e78.tar.gz
lwn-d9d67c87ad37218be65f4cea3ecd7e0312735e78.zip
crypto: jitter - update implementation to 2.1.2
The Jitter RNG implementation is updated to comply with upstream version 2.1.2. The change covers the following aspects: * Time variation measurement is conducted over the LFSR operation instead of the XOR folding * Invcation of stuck test during initialization * Removal of the stirring functionality and the Von-Neumann unbiaser as the LFSR using a primitive and irreducible polynomial generates an identical distribution of random bits This implementation was successfully used in FIPS 140-2 validations as well as in German BSI evaluations. This kernel implementation was tested as follows: * The unchanged kernel code file jitterentropy.c is compiled as part of user space application to generate raw unconditioned noise data. That data is processed with the NIST SP800-90B non-IID test tool to verify that the kernel code exhibits an equal amount of noise as the upstream Jitter RNG version 2.1.2. * Using AF_ALG with the libkcapi tool of kcapi-rng the Jitter RNG was output tested with dieharder to verify that the output does not exhibit statistical weaknesses. The following command was used: kcapi-rng -n "jitterentropy_rng" -b 100000000000 | dieharder -a -g 200 * The unchanged kernel code file jitterentropy.c is compiled as part of user space application to test the LFSR implementation. The LFSR is injected a monotonically increasing counter as input and the output is fed into dieharder to verify that the LFSR operation does not exhibit statistical weaknesses. * The patch was tested on the Muen separation kernel which returns a more coarse time stamp to verify that the Jitter RNG does not cause regressions with its initialization test considering that the Jitter RNG depends on a high-resolution timer. Tested-by: Reto Buerki <reet@codelabs.ch> Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto/jitterentropy-kcapi.c')
-rw-r--r--crypto/jitterentropy-kcapi.c5
1 files changed, 0 insertions, 5 deletions
diff --git a/crypto/jitterentropy-kcapi.c b/crypto/jitterentropy-kcapi.c
index 6ea1a270b8dc..699db1726ead 100644
--- a/crypto/jitterentropy-kcapi.c
+++ b/crypto/jitterentropy-kcapi.c
@@ -56,11 +56,6 @@ void jent_entropy_collector_free(struct rand_data *entropy_collector);
* Helper function
***************************************************************************/
-__u64 jent_rol64(__u64 word, unsigned int shift)
-{
- return rol64(word, shift);
-}
-
void *jent_zalloc(unsigned int len)
{
return kzalloc(len, GFP_KERNEL);