Documentation and Analysis of the Linux Random Number Generator Version: 3.6 Document history Version Date Editor Description 2.0 2018-03-21 Stephan Müller Covering kernel 4.15 Re-running all tests of chapters 6 and following on 4.15 2.1 2018-04-11 Stephan Müller Updating the test results for the reboot tests on bare metal with 50,000 reboot cycles 2.2 2018-04-11 Stephan Müller Covering kernel 4.16 2.3 2018-06-18 Stephan Müller Covering kernel 4.17 2.4 2018-08-24 Stephan Müller Covering kernel 4.18 2.5 2018-11-12 Stephan Müller Covering kernel 4.19 Updated seeding process ChaCha20 DRNG documented 2.6 2019-01-11 Stephan Müller Covering kernel 4.20 3.0 2019-04-05 Stephan Müller Covering kernel 5.0 Re-running all tests of chapters 6 and following on 5.0 3.1 2019-04-12 Stephan Müller Adding results of reboot-tests for 5.0 3.2 2019-05-17 Stephan Müller Addressing comments from BSI Covering kernel 5.1 3.3 2019-08-13 Stephan Müller Covering kernel 5.2 3.4 2019-09-26 Stephan Müller Covering kernel 5.3 3.5 2019-12-13 Stephan Müller Covering kernel 5.4 3.6 2020-04-07 Stephan Müller Covering kernel 5.5 Federal Office for Information Security Post Box 20 03 63 D-53133 Bonn Internet: https://www.bsi.bund.de © Federal Office for Information Security 2020 Document history This analysis was prepared for BSI by atsec information security GmbH. Federal Office for Information Security 3 Federal Office for Information Security 5 Table of Contents Table of Contents Document history.............................................................................................................................................................................. 2 1 Introduction....................................................................................................................................................................................... 13 1.1 Authors.......................................................................................................................................................................................... 14 1.2 Copyright...................................................................................................................................................................................... 14 1.3 BSI-Reference............................................................................................................................................................................. 14 2 Architecture of Non-Deterministic Random Number Generators (NDRNGs)..................................................15 2.1 Terminology................................................................................................................................................................................ 15 2.2 General Architecture............................................................................................................................................................... 17 3 Design of the Linux-RNG............................................................................................................................................................. 20 3.1 Historical Background............................................................................................................................................................ 20 3.2 Linux-RNG Architecture....................................................................................................................................................... 20 3.2.1 Linux-RNG Internal Design.......................................................................................................................................... 21 3.3 Deterministic Random Number Generators (DRNGs)............................................................................................23 3.3.1 Entropy Pools....................................................................................................................................................................... 23 3.3.2 ChaCha20 DRNG................................................................................................................................................................ 33 3.4 Interfaces to Linux-RNG....................................................................................................................................................... 37 3.4.1 Character Device Files...................................................................................................................................................... 37 3.4.2 System Call............................................................................................................................................................................ 41 3.4.3 In-Kernel Interfaces.......................................................................................................................................................... 41 3.4.4 /proc Files.............................................................................................................................................................................. 42 3.5 Entropy Sources......................................................................................................................................................................... 43 3.5.1 Timer State Maintenance for Entropy Sources....................................................................................................43 3.5.2 Entropy Collection............................................................................................................................................................ 45 3.6 Entropy Estimation.................................................................................................................................................................. 57 3.6.1 Storing of “Superfluous” Entropy...............................................................................................................................59 3.7 Generic Architecture and Linux-RNG............................................................................................................................60 3.8 Use of the Linux-RNG............................................................................................................................................................. 62 3.9 Hardware-based Random Number Generators..........................................................................................................63 3.9.1 CPU Hardware Random Number Generators......................................................................................................63 3.9.2 Hardware Random Number Generator Framework.........................................................................................65 3.10 Support Functions for Other Kernel Parts....................................................................................................................67 3.11 Time Line of Entropy Requirements...............................................................................................................................68 3.11.1 Installation Time................................................................................................................................................................ 68 3.11.2 First Reboot After Installation...................................................................................................................................... 69 3.11.3 Regular Usage....................................................................................................................................................................... 69 3.12 Security Domain Protecting the Linux-RNG...............................................................................................................70 4 Conducted Analyses of the Linux-RNG................................................................................................................................ 71 4.1 Attacks of Gutterman et al. And its Relevance............................................................................................................71 4.1.1 Denial of Service Attacks................................................................................................................................................ 71 4.1.2 Use of Diskless Systems................................................................................................................................................... 71 4.1.3 Enhanced Backward Secrecy........................................................................................................................................ 72 4.2 Lacharme’s Analysis................................................................................................................................................................. 72 4.2.1 Linux-RNG Without Input to the Entropy Pools................................................................................................72 4.2.2 Attacks on the Input......................................................................................................................................................... 72 Federal Office for Information Security 7 Table of Contents 4.2.3 Assessment of the Entropy Estimation....................................................................................................................72 4.3 Conclusions from [LRSV12] and [GPR06]......................................................................................................................72
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages193 Page
-
File Size-