23 Jul, 2020
1 commit
-
Rationale:
Reduces attack surface on kernel devs opening the links for MITM
as HTTPS traffic is much harder to manipulate.Deterministic algorithm:
For each file:
If not .svg:
For each line:
If doesn't contain `\bxmlns\b`:
For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`:
If both the HTTP and HTTPS versions
return 200 OK and serve the same content:
Replace HTTP with HTTPS.Signed-off-by: Alexander A. Klimov
Signed-off-by: Herbert Xu
24 Apr, 2020
1 commit
-
SP800-90B specifies various requirements for the noise source(s) that
may seed any DRNG including SP800-90A DRBGs. In November 2020,
SP800-90B will be mandated for all noise sources that provide entropy
to DRBGs as part of a FIPS 140-[2|3] validation or other evaluation
types. Without SP800-90B compliance, a noise source is defined to always
deliver zero bits of entropy.This patch ports the SP800-90B compliance from the user space Jitter RNG
version 2.2.0.The following changes are applied:
- addition of (an enhanced version of) the repetitive count test (RCT)
from SP800-90B section 4.4.1 - the enhancement is due to the fact of
using the stuck test as input to the RCT.- addition of the adaptive proportion test (APT) from SP800-90B section
4.4.2- update of the power-on self test to perform a test measurement of 1024
noise samples compliant to SP800-90B section 4.3- remove of the continuous random number generator test which is
replaced by APT and RCTHealth test failures due to the SP800-90B operation are only enforced in
FIPS mode. If a runtime health test failure is detected, the Jitter RNG
is reset. If more than 1024 resets in a row are performed, a permanent
error is returned to the caller.Signed-off-by: Stephan Mueller
Signed-off-by: Herbert Xu
18 Oct, 2019
1 commit
-
Fix the following build warnings by adding a header for
the definitions shared between jitterentropy.c and
jitterentropy-kcapi.c. Fixes the following:crypto/jitterentropy.c:445:5: warning: symbol 'jent_read_entropy' was not declared. Should it be static?
crypto/jitterentropy.c:475:18: warning: symbol 'jent_entropy_collector_alloc' was not declared. Should it be static?
crypto/jitterentropy.c:509:6: warning: symbol 'jent_entropy_collector_free' was not declared. Should it be static?
crypto/jitterentropy.c:516:5: warning: symbol 'jent_entropy_init' was not declared. Should it be static?
crypto/jitterentropy-kcapi.c:59:6: warning: symbol 'jent_zalloc' was not declared. Should it be static?
crypto/jitterentropy-kcapi.c:64:6: warning: symbol 'jent_zfree' was not declared. Should it be static?
crypto/jitterentropy-kcapi.c:69:5: warning: symbol 'jent_fips_enabled' was not declared. Should it be static?
crypto/jitterentropy-kcapi.c:74:6: warning: symbol 'jent_panic' was not declared. Should it be static?
crypto/jitterentropy-kcapi.c:79:6: warning: symbol 'jent_memcpy' was not declared. Should it be static?
crypto/jitterentropy-kcapi.c:93:6: warning: symbol 'jent_get_nstime' was not declared. Should it be static?Signed-off-by: Ben Dooks
Reviewed-by: Stephan Mueller
04 Oct, 2019
1 commit
-
One should not say "ec can be NULL" and then dereference it.
One cannot talk about the return value if the function returns void.Signed-off-by: Alexander E. Patrakov
Signed-off-by: Herbert Xu
06 Jun, 2019
1 commit
-
The Jitter RNG implementation is updated to comply with upstream version
2.1.2. The change covers the following aspects:* Time variation measurement is conducted over the LFSR operation
instead of the XOR folding* Invcation of stuck test during initialization
* Removal of the stirring functionality and the Von-Neumann
unbiaser as the LFSR using a primitive and irreducible polynomial
generates an identical distribution of random bitsThis implementation was successfully used in FIPS 140-2 validations
as well as in German BSI evaluations.This kernel implementation was tested as follows:
* The unchanged kernel code file jitterentropy.c is compiled as part
of user space application to generate raw unconditioned noise
data. That data is processed with the NIST SP800-90B non-IID test
tool to verify that the kernel code exhibits an equal amount of noise
as the upstream Jitter RNG version 2.1.2.* Using AF_ALG with the libkcapi tool of kcapi-rng the Jitter RNG was
output tested with dieharder to verify that the output does not
exhibit statistical weaknesses. The following command was used:
kcapi-rng -n "jitterentropy_rng" -b 100000000000 | dieharder -a -g 200* The unchanged kernel code file jitterentropy.c is compiled as part
of user space application to test the LFSR implementation. The
LFSR is injected a monotonically increasing counter as input and
the output is fed into dieharder to verify that the LFSR operation
does not exhibit statistical weaknesses.* The patch was tested on the Muen separation kernel which returns
a more coarse time stamp to verify that the Jitter RNG does not cause
regressions with its initialization test considering that the Jitter
RNG depends on a high-resolution timer.Tested-by: Reto Buerki
Signed-off-by: Stephan Mueller
Signed-off-by: Herbert Xu
25 Jun, 2015
2 commits
-
The kzfree() function tests whether its argument is NULL and then
returns immediately. Thus the test around the call is not needed.This issue was detected by using the Coccinelle software.
Signed-off-by: Markus Elfring
Signed-off-by: Herbert Xu -
The core of the Jitter RNG is intended to be compiled with -O0. To
ensure that the Jitter RNG can be compiled on all architectures,
separate out the RNG core into a stand-alone C file that can be compiled
with -O0 which does not depend on any kernel include file.As no kernel includes can be used in the C file implementing the core
RNG, any dependencies on kernel code must be extracted.A second file provides the link to the kernel and the kernel crypto API
that can be compiled with the regular compile options of the kernel.Signed-off-by: Stephan Mueller
Signed-off-by: Herbert Xu
09 Jun, 2015
1 commit
-
Replace the global -O0 compiler flag from the Makefile with GCC
pragmas to mark only the functions required to be compiled without
optimizations.This patch also adds a comment describing the rationale for the
functions chosen to be compiled without optimizations.Signed-off-by: Stephan Mueller
Signed-off-by: Herbert Xu
28 May, 2015
1 commit
-
The patch removes the use of timekeeping_valid_for_hres which is now
marked as internal for the time keeping subsystem. The jitterentropy
does not really require this verification as a coarse timer (when
random_get_entropy is absent) is discovered by the initialization test
of jent_entropy_init, which would cause the jitter rng to not load in
that case.Reported-by: kbuild test robot
Signed-off-by: Stephan Mueller
Signed-off-by: Herbert Xu
27 May, 2015
1 commit
-
The CPU Jitter RNG provides a source of good entropy by
collecting CPU executing time jitter. The entropy in the CPU
execution time jitter is magnified by the CPU Jitter Random
Number Generator. The CPU Jitter Random Number Generator uses
the CPU execution timing jitter to generate a bit stream
which complies with different statistical measurements that
determine the bit stream is random.The CPU Jitter Random Number Generator delivers entropy which
follows information theoretical requirements. Based on these
studies and the implementation, the caller can assume that
one bit of data extracted from the CPU Jitter Random Number
Generator holds one bit of entropy.The CPU Jitter Random Number Generator provides a decentralized
source of entropy, i.e. every caller can operate on a private
state of the entropy pool.The RNG does not have any dependencies on any other service
in the kernel. The RNG only needs a high-resolution time
stamp.Further design details, the cryptographic assessment and
large array of test results are documented at
http://www.chronox.de/jent.html.CC: Andreas Steffen
CC: Theodore Ts'o
CC: Sandy Harris
Signed-off-by: Stephan Mueller
Signed-off-by: Herbert Xu