Question - seeding the hw pseudo random number generator

Stephan Müller smueller at chronox.de
Thu Mar 23 04:35:56 PDT 2017


Am Donnerstag, 23. März 2017, 09:03:23 CET schrieb Harald Freudenberger:

Hi Harald,

> I'll have a look on it. Currently the s390/crypto/prng seeds itself with
> an algorithm based on the jitter of the very fine granular hardware
> clock of a s390 machine. There were some thoughts and measurements
> by an mathematician which let to this algorithm.

It takes a page and simply writes 512 times the high-res time stamp using 
get_tod_clock_fast into it. Effectively it uses the same fundamental noise 
source as the jitterentropy. (A couple of months ago I had to perform an 
SP800-90B assessment on exactly that code path. :-) )

> However, long-term
> the s390 platform will provide some kind of true hardware random number
> generator and the idea is to use this for seeding the prng.

The question is just that it provides a device file nobody else provides. And 
the question is whether to consolidate it. If it is a DRNG, the discussion is 
about consolidating it behind AF_ALG. If it is an RNG with its own noise 
source (i.e. it provides entropic data by itself), it should rather be placed 
into drivers/char/hw_random and use the hw-random framework. This framework 
will also ensure that it may seed the /dev/random device kernel-internally.

Ciao
Stephan



More information about the linux-arm-kernel mailing list