Skip to content

Commit

Permalink
crypto: jitter - SP800-90B compliance
Browse files Browse the repository at this point in the history
SP800-90B specifies various requirements for the noise source(s) that
may seed any DRNG including SP800-90A DRBGs. In November 2020,
SP800-90B will be mandated for all noise sources that provide entropy
to DRBGs as part of a FIPS 140-[2|3] validation or other evaluation
types. Without SP800-90B compliance, a noise source is defined to always
deliver zero bits of entropy.

This patch ports the SP800-90B compliance from the user space Jitter RNG
version 2.2.0.

The following changes are applied:

- addition of (an enhanced version of) the repetitive count test (RCT)
  from SP800-90B section 4.4.1 - the enhancement is due to the fact of
  using the stuck test as input to the RCT.

- addition of the adaptive proportion test (APT) from SP800-90B section
  4.4.2

- update of the power-on self test to perform a test measurement of 1024
  noise samples compliant to SP800-90B section 4.3

- remove of the continuous random number generator test which is
  replaced by APT and RCT

Health test failures due to the SP800-90B operation are only enforced in
FIPS mode. If a runtime health test failure is detected, the Jitter RNG
is reset. If more than 1024 resets in a row are performed, a permanent
error is returned to the caller.

Signed-off-by: Stephan Mueller <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
  • Loading branch information
smuellerDD authored and herbertx committed Apr 24, 2020
1 parent 63e05f3 commit 764428f
Show file tree
Hide file tree
Showing 2 changed files with 343 additions and 101 deletions.
27 changes: 27 additions & 0 deletions crypto/jitterentropy-kcapi.c
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,7 @@ void jent_get_nstime(__u64 *out)
struct jitterentropy {
spinlock_t jent_lock;
struct rand_data *entropy_collector;
unsigned int reset_cnt;
};

static int jent_kcapi_init(struct crypto_tfm *tfm)
Expand Down Expand Up @@ -142,7 +143,33 @@ static int jent_kcapi_random(struct crypto_rng *tfm,
int ret = 0;

spin_lock(&rng->jent_lock);

/* Return a permanent error in case we had too many resets in a row. */
if (rng->reset_cnt > (1<<10)) {
ret = -EFAULT;
goto out;
}

ret = jent_read_entropy(rng->entropy_collector, rdata, dlen);

/* Reset RNG in case of health failures */
if (ret < -1) {
pr_warn_ratelimited("Reset Jitter RNG due to health test failure: %s failure\n",
(ret == -2) ? "Repetition Count Test" :
"Adaptive Proportion Test");

rng->reset_cnt++;

ret = -EAGAIN;
} else {
rng->reset_cnt = 0;

/* Convert the Jitter RNG error into a usable error code */
if (ret == -1)
ret = -EINVAL;
}

out:
spin_unlock(&rng->jent_lock);

return ret;
Expand Down
Loading

0 comments on commit 764428f

Please sign in to comment.