Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/arch/arm/sunxi Reduce entropy estimate for sun8icrypto T...
details: https://anonhg.NetBSD.org/src/rev/a8562e6efbaa
branches: trunk
changeset: 1005718:a8562e6efbaa
user: riastradh <riastradh%NetBSD.org@localhost>
date: Wed Dec 18 02:26:48 2019 +0000
description:
Reduce entropy estimate for sun8icrypto TRNG.
NIST's SP800-90B entropy estimation tools put it at no more than .08
bits of entropy per byte of data(!), so estimate 100 bits of data per
bit of entropy. This is probably not conservative enough -- the NIST
tools were written without knowledge of how this alleged TRNG works!
Knowledge of the physics of how the TRNG is supposed to work could
probably enable a better job at predicting the outputs.
While here, bump the size of data we can sample directly with sysctl
to 4096 bytes.
diffstat:
sys/arch/arm/sunxi/sun8i_crypto.c | 21 ++++++++++-----------
1 files changed, 10 insertions(+), 11 deletions(-)
diffs (70 lines):
diff -r 5b70e9c2f659 -r a8562e6efbaa sys/arch/arm/sunxi/sun8i_crypto.c
--- a/sys/arch/arm/sunxi/sun8i_crypto.c Wed Dec 18 02:16:04 2019 +0000
+++ b/sys/arch/arm/sunxi/sun8i_crypto.c Wed Dec 18 02:26:48 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: sun8i_crypto.c,v 1.8 2019/12/15 01:16:33 riastradh Exp $ */
+/* $NetBSD: sun8i_crypto.c,v 1.9 2019/12/18 02:26:48 riastradh Exp $ */
/*-
* Copyright (c) 2019 The NetBSD Foundation, Inc.
@@ -43,7 +43,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(1, "$NetBSD: sun8i_crypto.c,v 1.8 2019/12/15 01:16:33 riastradh Exp $");
+__KERNEL_RCSID(1, "$NetBSD: sun8i_crypto.c,v 1.9 2019/12/18 02:26:48 riastradh Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -65,9 +65,8 @@
#include <arm/sunxi/sun8i_crypto.h>
#define SUN8I_CRYPTO_TIMEOUT hz
-#define SUN8I_CRYPTO_RNGENTROPY 8 /* estimated bits per bit of entropy */
-#define SUN8I_CRYPTO_RNGBYTES \
- (SUN8I_CRYPTO_RNGENTROPY*howmany(RND_POOLBITS, NBBY))
+#define SUN8I_CRYPTO_RNGENTROPY 100 /* estimated bits per bit of entropy */
+#define SUN8I_CRYPTO_RNGBYTES PAGE_SIZE
struct sun8i_crypto_task;
@@ -964,8 +963,8 @@
* This TRNG has quite low entropy at best. But if it fails a
* repeated output test, then assume it's busted.
*/
- CTASSERT((SUN8I_CRYPTO_RNGBYTES % SUN8I_CRYPTO_RNGENTROPY) == 0);
- entropybits = NBBY * (SUN8I_CRYPTO_RNGBYTES/SUN8I_CRYPTO_RNGENTROPY);
+ CTASSERT(SUN8I_CRYPTO_RNGBYTES <= UINT32_MAX/NBBY);
+ entropybits = (NBBY*SUN8I_CRYPTO_RNGBYTES)/SUN8I_CRYPTO_RNGENTROPY;
if (consttime_memequal(buf, buf + SUN8I_CRYPTO_RNGBYTES/2,
SUN8I_CRYPTO_RNGBYTES/2)) {
device_printf(sc->sc_dev, "failed repeated output test\n");
@@ -1171,10 +1170,10 @@
return;
}
- /* hw.sun8icryptoN.rng (`struct', 1024-byte array) */
+ /* hw.sun8icryptoN.rng (`struct', 4096-byte array) */
sysctl_createv(&cy->cy_log, 0, &cy->cy_root_node, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READONLY|CTLFLAG_PRIVATE, CTLTYPE_STRUCT,
- "rng", SYSCTL_DESCR("Read up to 1024 bytes out of the TRNG"),
+ "rng", SYSCTL_DESCR("Read up to 4096 bytes out of the TRNG"),
&sun8i_crypto_sysctl_rng, 0, sc, 0, CTL_CREATE, CTL_EOL);
if (error) {
aprint_error_dev(sc->sc_dev,
@@ -1195,13 +1194,13 @@
/* If oldp == NULL, the caller wants to learn the size. */
if (oldp == NULL) {
- *oldlenp = 1024;
+ *oldlenp = 4096;
return 0;
}
/* Verify the output buffer size is reasonable. */
size = *oldlenp;
- if (size > 1024) /* size_t, so never negative */
+ if (size > 4096) /* size_t, so never negative */
return E2BIG;
if (size == 0)
return 0; /* nothing to do */
Home |
Main Index |
Thread Index |
Old Index