Hi Stephan,

FIPS RNG test is supposed to be run on the output of an RNG, and not on the RNG 
entropy source. It is not surprising that the RNG input fails the entropy tests 
from NIST. Check the following example.

Imagine you have a perfectly random sequence, a_1, a_2, .., a_n, where each a_i 
is a byte. And imagine, this sequence passes all randomness tests.

Now, let's say I create a new sequence a_1, 0, a_2, 0, a_3, 0, ..., 0, a_n, 
where each zero is a byte

If you give this sequence (as an entropy source) to a randomness test, it will 
fail most of the tests, if not all. This does not mean this sequence is not 
appropriate as an entropy source, it just means we need twice more bytes to 
gain the same amount of entropy.

I can give this 2n byte sequence to an RNG as an entropy source and it provides 
the same amount of security as if I give the n byte stream.

Thanks,
Miaoqing

-----Original Message-----
From: Stephan Mueller [mailto:smuel...@chronox.de] 
Sent: Wednesday, August 10, 2016 1:29 PM
To: Pan, Miaoqing <miaoq...@qti.qualcomm.com>
Cc: Herbert Xu <herb...@gondor.apana.org.au>; Matt Mackall <m...@selenic.com>; 
miaoq...@codeaurora.org; Valo, Kalle <kv...@qca.qualcomm.com>; 
linux-wirel...@vger.kernel.org; ath9k-devel <ath9k-de...@qca.qualcomm.com>; 
linux-crypto@vger.kernel.org; ja...@lakedaemon.net; Sepehrdad, Pouyan 
<pouy...@qti.qualcomm.com>
Subject: Re: [PATCH 2/2] ath9k: disable RNG by default

Am Mittwoch, 10. August 2016, 02:35:04 CEST schrieb Pan, Miaoqing:

Hi Miaoqing,

> Hi Stephan,
> 
> For those less perfect noise source, can't pass the FIPS test.
> 
> static int update_kernel_random(int random_step,
>         unsigned char *buf, fips_ctx_t *fipsctx_in) {
>         unsigned char *p;
>         int fips;
> 
>         fips = fips_run_rng_test(fipsctx_in, buf);
>         if (fips)
>                 return 1;
> 
>         for (p = buf; p + random_step <= &buf[FIPS_RNG_BUFFER_SIZE];
>                  p += random_step) {
>                 random_add_entropy(p, random_step);
>                 random_sleep();
>         }
>         return 0;
> }

Not even the poor cheap AIS20 statistical tests from rngd pass?

I guess the only sensible solution is what Ted suggested to use 
add_device_randomness.

Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to