CVS commit: src/sys

To: source-changes%NetBSD.org@localhost
Subject: CVS commit: src/sys
From: "Taylor R Campbell" <riastradh%netbsd.org@localhost>
Date: Mon, 2 Sep 2019 20:09:30 +0000

Module Name:    src
Committed By:   riastradh
Date:           Mon Sep  2 20:09:30 UTC 2019

Modified Files:
        src/sys/conf: files
        src/sys/dev: rndpseudo.c
        src/sys/kern: subr_cprng.c
        src/sys/rump/kern/lib/libcrypto: Makefile
        src/sys/rump/librump/rumpkern: Makefile.rumpkern
        src/sys/sys: cprng.h
Added Files:
        src/sys/crypto/nist_hash_drbg: files.nist_hash_drbg nist_hash_drbg.c
            nist_hash_drbg.h
Removed Files:
        src/sys/crypto/nist_ctr_drbg: files.nist_ctr_drbg
            nist_ctr_aes_rijndael.h nist_ctr_drbg.c nist_ctr_drbg.h
            nist_ctr_drbg_aes128.h nist_ctr_drbg_aes256.h
            nist_ctr_drbg_config.h

Log Message:
Switch from NIST CTR_DRBG with AES to NIST Hash_DRBG with SHA-256.

Benefits:

- larger seeds -- a 128-bit key alone is not enough for `128-bit security'
- better resistance to timing side channels than AES
- a better-understood security story (https://eprint.iacr.org/2018/349)
- no loss in compliance with US government standards that nobody ever
  got fired for choosing, at least in the US-dominated western world
- no dirty endianness tricks
- self-tests

Drawbacks:

- performance hit: throughput is reduced to about 1/3 in naive measurements
  => possible to mitigate by using hardware SHA-256 instructions
  => all you really need is 32 bytes to seed a userland PRNG anyway
  => if we just used ChaCha this would go away...

XXX pullup-7
XXX pullup-8
XXX pullup-9


To generate a diff of this commit:
cvs rdiff -u -r1.1237 -r1.1238 src/sys/conf/files
cvs rdiff -u -r1.1 -r0 src/sys/crypto/nist_ctr_drbg/files.nist_ctr_drbg \
    src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg.c \
    src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg_config.h
cvs rdiff -u -r1.2 -r0 src/sys/crypto/nist_ctr_drbg/nist_ctr_aes_rijndael.h \
    src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes128.h \
    src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes256.h
cvs rdiff -u -r1.3 -r0 src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg.h
cvs rdiff -u -r0 -r1.1 src/sys/crypto/nist_hash_drbg/files.nist_hash_drbg \
    src/sys/crypto/nist_hash_drbg/nist_hash_drbg.c \
    src/sys/crypto/nist_hash_drbg/nist_hash_drbg.h
cvs rdiff -u -r1.37 -r1.38 src/sys/dev/rndpseudo.c
cvs rdiff -u -r1.30 -r1.31 src/sys/kern/subr_cprng.c
cvs rdiff -u -r1.4 -r1.5 src/sys/rump/kern/lib/libcrypto/Makefile
cvs rdiff -u -r1.175 -r1.176 src/sys/rump/librump/rumpkern/Makefile.rumpkern
cvs rdiff -u -r1.14 -r1.15 src/sys/sys/cprng.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: [netbsd-9] src/doc
Next by Date: CVS commit: src/external/bsd/compiler_rt/lib/clang/lib/netbsd
Previous by Thread: CVS commit: [netbsd-9] src/doc
Next by Thread: CVS commit: src/external/bsd/compiler_rt/lib/clang/lib/netbsd
Indexes:

Home | Main Index | Thread Index | Old Index