On 10/02/2012 05:42 PM, Wan-Teh Chang wrote:
On Tue, Oct 2, 2012 at 7:45 PM, Michael Demeter
<michael.deme...@intel.com> wrote:
Continuation would then be to eliminate any unnecessary work being
done to increase the randomness..Since the HW generated values
can be used directly. This could help a small little bit in performance
(but that is a secondary effect)…
The code in mozilla/security/nss/lib/freebl/drbg.c implements one of the
deterministic random bit generators (DRBGs) specified in NIST SP
800-90 (the Hash_DRBG). It is necessary for FIPS 140-2 validation.
For this reason NSS can't use hardware-generated values directly.
Wan-Teh
But we can use it go seed the prng. There's a pretty easy way to get NSS
to use HW generated values to get some initial entropy: If you create a
PKCS #11 module that advertises a RNG (See the PKCS #11 spec), NSS will
mix entropy from it's own internal PRNG as well as extract random values
to mix into it's internal PRNG. Such a scheme would allow even old
version of NSS to benefit from HW RNGs.
As another step, there are a set of internal entropy collecting
functions within NSS that are platform specific called:
win_rand.c, unix_rand.c, and os2_rand.c. Mixing hardware generated bits
into the RNG_SystemRNG() call would pick up new HW generated entropy
whenever NSS decided it needs to reseed.
bob
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
