DOCSLIB.ORG

Documentation and Analysis of the Linux Random Number Generator

Documentation and Analysis of the Linux Random Number Generator

Documentation and Analysis of the Linux Random Number Generator Version: 4.4 Document history Version Date Editor Description 4.0 2020-07-15 Stephan Müller Kernel version 5.6 4.1 2020-07-15 Stephan Müller Kernel version 5.7 4.2 2020-08-03 Stephan Müller Kernel version 5.8 4.3 2020-10-12 Stephan Müller Kernel version 5.9 4.4 2021-01-05 Stephan Müller Kernel version 5.10 This analysis was prepared for BSI by atsec information security GmbH. Federal Office for Information Security Post Box 20 03 63 D-53133 Bonn Internet: https://www.bsi.bund.de © Federal Office for Information Security 2021 Table of Contents Table of Contents Document history.............................................................................................................................................................................. 2 1 Introduction......................................................................................................................................................................................... 7 1.1 Authors............................................................................................................................................................................................. 8 1.2 Copyright......................................................................................................................................................................................... 8 1.3 BSI-Reference................................................................................................................................................................................ 8 2 Architecture of Non-Deterministic Random Number Generators (NDRNGs).....................................................9 2.1 Terminology.................................................................................................................................................................................. 9 2.2 General Architecture............................................................................................................................................................... 11 3 Design of the Linux-RNG............................................................................................................................................................. 14 3.1 Historical Background............................................................................................................................................................ 14 3.2 Linux-RNG Architecture....................................................................................................................................................... 14 3.2.1 Linux-RNG Internal Design.......................................................................................................................................... 15 3.3 Deterministic Random Number Generators (DRNGs)............................................................................................17 3.3.1 Entropy Pool input_pool................................................................................................................................................ 17 3.3.2 ChaCha20 DRNG................................................................................................................................................................ 26 3.4 Interfaces to Linux-RNG....................................................................................................................................................... 31 3.4.1 Character Device Files...................................................................................................................................................... 31 3.4.2 System Call............................................................................................................................................................................ 34 3.4.3 In-Kernel Interfaces.......................................................................................................................................................... 34 3.4.4 /proc Files.............................................................................................................................................................................. 35 3.5 Entropy Sources......................................................................................................................................................................... 36 3.5.1 Timer State Maintenance for Entropy Sources....................................................................................................36 3.5.2 Entropy Collection............................................................................................................................................................ 38 3.6 Entropy Estimation.................................................................................................................................................................. 50 3.7 Generic Architecture and Linux-RNG............................................................................................................................53 3.8 Use of the Linux-RNG............................................................................................................................................................. 55 3.9 Hardware-based Random Number Generators..........................................................................................................56 3.9.1 CPU Hardware Random Number Generators......................................................................................................56 3.9.2 Hardware Random Number Generator Framework.........................................................................................57 3.10 Support Functions for Other Kernel Parts....................................................................................................................59 3.11 Time Line of Entropy Requirements...............................................................................................................................60 3.11.1 Installation Time................................................................................................................................................................ 60 3.11.2 First Reboot After Installation...................................................................................................................................... 61 3.11.3 Regular Usage....................................................................................................................................................................... 61 3.12 Security Domain Protecting the Linux-RNG...............................................................................................................61 4 Conducted Analyses of the Linux-RNG................................................................................................................................ 63 4.1 Attacks of Gutterman et al. and its Relevance.............................................................................................................63 4.1.1 Denial of Service Attacks................................................................................................................................................ 63 4.1.2 Use of Diskless Systems................................................................................................................................................... 63 4.1.3 Enhanced Backward Secrecy........................................................................................................................................ 64 4.2 Lacharme’s Analysis................................................................................................................................................................. 64 4.2.1 Linux-RNG Without Input to the Entropy Pools................................................................................................64 4.2.2 Attacks on the Input......................................................................................................................................................... 64 4.2.3 Assessment of the Entropy Estimation....................................................................................................................64 Federal Office for Information Security 3 Table of Contents 4.3 Conclusions from [LRSV12] and [GPR06]......................................................................................................................64 4.4 Considerations by Müller...................................................................................................................................................... 65 5 Coverage of BSI Requirements NTG.1 and DRG.3...........................................................................................................68 5.1 Approach to NTG.1................................................................................................................................................................... 68 5.2 input_pool: NTG.1..................................................................................................................................................................... 69 5.2.1 NTG.1.1.................................................................................................................................................................................... 69 5.2.2 NTG.1.2...................................................................................................................................................................................

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    131 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us