From: Stephan Mueller <smueller@chronox.de>
To: Sandy Harris <sandyinchina@gmail.com>
Cc: "Theodore Ts'o" <tytso@mit.edu>,
LKML <linux-kernel@vger.kernel.org>,
linux-crypto@vger.kernel.org
Subject: Re: [PATCH] CPU Jitter RNG: inclusion into kernel crypto API and /dev/random
Date: Tue, 15 Oct 2013 08:23:41 +0200 [thread overview]
Message-ID: <2784827.Oba8fbRgfE@tauon> (raw)
In-Reply-To: <CACXcFm=M2Jrra3tttWyhwfs-a6iVm0joiKi=wHKuANe_s_F-Sw@mail.gmail.com>
Am Montag, 14. Oktober 2013, 11:18:16 schrieb Sandy Harris:
Hi Sandy,
Could you please review the following code to see that the mix is
function right in your eyes?
>
>However, having done that, I see no reason not to add mixing.
>Using bit() for getting one bit of input and rotl(x) for rotating
>left one bit, your code is basically, with 64-bit x:
>
> for( i=0, x = 0 ; i < 64; i++, x =rotl(x) )
> x |= bit()
>
>Why not declare some 64-bit constant C with a significant
>number of bits set and do this:
>
> for( i=0, x = 0 ; i < 64; i++, x =rotl(x) ) // same loop control
> if( bit() ) x ^= C ;
I only want to use the XOR function as this is bijective and fits to my
mathematical model.
The entropy_collector->data contains the random number. The code first
produces the mixer value that is XORed as often as set bits are
available in the input random number. Finally, it is XORed with the
random number.
The function is currently called unconditionally after the 64 bit random
number is generated from the noise source.
static inline void jent_stir_pool(struct rand_data *entropy_collector)
{
/* This constant is derived from the first two 32 bit
initialization
* vectors of SHA-1 -- 32 bits are set and 32 are unset */
__u64 constant = 0x67452301efcdab89;
__u64 mixer = 0;
int i = 0;
for(i = 0; i < DATA_SIZE_BITS; i++)
{
/* get the i-th bit of the input random number and
* XOR the constant into the mixer value only when that
bit
* is set */
if((entropy_collector->data >> i) & 0x0000000000000001)
mixer ^= constant;
mixer = rol64(mixer, 1);
}
entropy_collector->data ^= mixer;
}
The statistical behavior of the output looks good so far (just tested it
with the ent tool -- the Chi Square value is good). It also does not
compress with bzip2.
Thanks a lot
Stephan
next prev parent reply other threads:[~2013-10-15 6:23 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-11 18:38 [PATCH] CPU Jitter RNG: inclusion into kernel crypto API and /dev/random Stephan Mueller
2013-10-12 1:45 ` Sandy Harris
2013-10-12 3:28 ` Theodore Ts'o
2013-10-12 19:04 ` Stephan Mueller
2013-10-12 20:12 ` Stephan Mueller
[not found] ` <CACXcFm=_jmeKe2YYbHDi-jTGX-23hDsDeu_weWQkr2F_FpE_6g@mail.gmail.com>
2013-10-14 13:38 ` Fwd: " Sandy Harris
2013-10-14 14:12 ` Stephan Mueller
2013-10-14 14:26 ` Stephan Mueller
2013-10-14 14:14 ` Sandy Harris
2013-10-14 14:40 ` Stephan Mueller
2013-10-14 15:18 ` Sandy Harris
2013-10-14 15:26 ` Stephan Mueller
2013-10-14 15:46 ` Sandy Harris
2013-10-14 21:33 ` Sandy Harris
2013-10-15 6:23 ` Stephan Mueller [this message]
2013-10-28 15:40 ` Stephan Mueller
2013-10-28 16:06 ` Henrique de Moraes Holschuh
2013-10-28 16:15 ` Stephan Mueller
2013-10-28 21:45 ` Theodore Ts'o
2013-10-29 8:42 ` Stephan Mueller
2013-10-29 13:24 ` Theodore Ts'o
2013-10-29 14:00 ` Stephan Mueller
2013-10-29 22:25 ` Stephan Mueller
2013-11-02 11:01 ` Pavel Machek
2013-11-02 11:12 ` Pavel Machek
2013-11-03 7:20 ` Stephan Mueller
2013-11-03 12:41 ` Theodore Ts'o
2013-11-05 12:20 ` Stephan Mueller
2013-11-06 11:49 ` Stephan Mueller
2013-11-06 12:43 ` Theodore Ts'o
2013-11-06 12:51 ` Stephan Mueller
2013-11-06 13:04 ` Theodore Ts'o
2013-11-06 13:24 ` Pavel Machek
2013-11-07 0:36 ` Nicholas Mc Guire
2013-11-07 5:21 ` Stephan Mueller
2013-11-09 22:04 ` Clemens Ladisch
2013-11-10 1:10 ` Stephan Mueller
2013-11-10 16:31 ` Clemens Ladisch
2013-11-10 17:21 ` Stephan Mueller
2013-11-10 20:28 ` Clemens Ladisch
2013-11-13 3:12 ` Stephan Mueller
2013-11-13 11:51 ` Clemens Ladisch
2013-11-13 15:15 ` Stephan Mueller
2013-11-13 17:14 ` Pavel Machek
2013-11-14 10:51 ` Clemens Ladisch
2013-11-14 18:01 ` Stephan Mueller
2013-11-14 18:30 ` Clemens Ladisch
2013-11-14 18:34 ` Stephan Mueller
2013-11-11 2:58 ` H. Peter Anvin
2013-11-07 1:03 ` Nicholas Mc Guire
2013-11-07 5:26 ` Stephan Mueller
2013-11-09 22:04 ` Clemens Ladisch
2013-11-10 1:16 ` Stephan Mueller
2013-11-03 23:32 ` Pavel Machek
2013-11-05 12:25 ` Stephan Mueller
2013-11-05 13:45 ` Stephan Mueller
2013-11-06 11:42 ` Stephan Mueller
2013-11-06 13:26 ` Pavel Machek
2013-11-07 3:12 ` Stephan Mueller
2013-11-13 3:37 ` [PATCH] CPU Jitter RNG: Executing time variation tests on bare metal Stephan Mueller
2013-10-30 12:59 ` [PATCH] CPU Jitter RNG: inclusion into kernel crypto API and /dev/random Sandy Harris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2784827.Oba8fbRgfE@tauon \
--to=smueller@chronox.de \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sandyinchina@gmail.com \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox