Lines Matching +full:apt +full:- +full:get
2 * Non-physical true random number generator based on timing jitter --
5 * Copyright Stephan Mueller <smueller@chronox.de>, 2015 - 2023
32 * the restrictions contained in a BSD-style copyright.)
54 … be compiled with optimizations. See documentation. Use the compiler switch -O0 for compiling jitt…
65 /* SHA3-256 is used as conditioner */
99 #define JENT_APT_WORD_MASK (JENT_APT_LSB - 1)
101 unsigned int apt_count; /* APT counter */
102 unsigned int apt_base; /* APT base reference */
105 unsigned int apt_base_set:1; /* APT base reference set? */
113 /* -- error codes for init function -- */
127 #define JENT_APT_FAILURE 2 /* Failure in APT health test. */
138 * output entropy (that is what SP 800-90B Section 3.1.5.1.2 attempts to bound).
143 * entropy in each bit of output to at least 1-epsilon, where epsilon is
144 * required to be <= 2^(-32).
154 * This test complies with SP800-90B section 4.4.2.
158 * See the SP 800-90B comment #10b for the corrected cutoff for the SP 800-90B
159 * APT.
160 * http://www.untruth.org/~josh/sp80090b/UL%20SP800-90B-final%20comments%20v1.9%2020191212.pdf
161 * In in the syntax of R, this is C = 2 + qbinom(1 − 2^(−30), 511, 2^(-1/osr)).
166 * For the alpha < 2^-53, R cannot be used as it uses a float data type without
171 * (by FIPS 140-2 IG 7.19 Resolution # 16, we cannot choose a cutoff value that
189 ec->apt_cutoff = jent_apt_cutoff_lookup[ in jent_apt_init()
190 ARRAY_SIZE(jent_apt_cutoff_lookup) - 1]; in jent_apt_init()
191 ec->apt_cutoff_permanent = jent_apt_cutoff_permanent_lookup[ in jent_apt_init()
192 ARRAY_SIZE(jent_apt_cutoff_permanent_lookup) - 1]; in jent_apt_init()
194 ec->apt_cutoff = jent_apt_cutoff_lookup[osr - 1]; in jent_apt_init()
195 ec->apt_cutoff_permanent = in jent_apt_init()
196 jent_apt_cutoff_permanent_lookup[osr - 1]; in jent_apt_init()
200 * Reset the APT counter
206 /* Reset APT counter */ in jent_apt_reset()
207 ec->apt_count = 0; in jent_apt_reset()
208 ec->apt_base = delta_masked; in jent_apt_reset()
209 ec->apt_observations = 0; in jent_apt_reset()
213 * Insert a new entropy event into APT
221 if (!ec->apt_base_set) { in jent_apt_insert()
222 ec->apt_base = delta_masked; in jent_apt_insert()
223 ec->apt_base_set = 1; in jent_apt_insert()
227 if (delta_masked == ec->apt_base) { in jent_apt_insert()
228 ec->apt_count++; in jent_apt_insert()
230 /* Note, ec->apt_count starts with one. */ in jent_apt_insert()
231 if (ec->apt_count >= ec->apt_cutoff_permanent) in jent_apt_insert()
232 ec->health_failure |= JENT_APT_FAILURE_PERMANENT; in jent_apt_insert()
233 else if (ec->apt_count >= ec->apt_cutoff) in jent_apt_insert()
234 ec->health_failure |= JENT_APT_FAILURE; in jent_apt_insert()
237 ec->apt_observations++; in jent_apt_insert()
239 if (ec->apt_observations >= JENT_APT_WINDOW_SIZE) in jent_apt_insert()
247 * (RCT) specified in SP800-90B section 4.4.1. Instead of counting identical
248 * back-to-back values, the input to the RCT is the counting of the stuck
251 * The RCT is applied with an alpha of 2^{-30} compliant to FIPS 140-2 IG 9.8.
254 * cut-off value of C. If that value exceeds the allowed cut-off value,
260 * Repetition Count Test as defined in SP800-90B section 4.4.1
268 ec->rct_count++; in jent_rct_insert()
272 * alpha = 2^-30 or 2^-60 as recommended in SP800-90B. in jent_rct_insert()
280 * Note, ec->rct_count (which equals to value B in the pseudo in jent_rct_insert()
281 * code of SP800-90B section 4.4.1) starts with zero. Hence in jent_rct_insert()
283 * following SP800-90B. Thus C = ceil(-log_2(alpha)/H) = 30*osr in jent_rct_insert()
286 if ((unsigned int)ec->rct_count >= (60 * ec->osr)) { in jent_rct_insert()
287 ec->rct_count = -1; in jent_rct_insert()
288 ec->health_failure |= JENT_RCT_FAILURE_PERMANENT; in jent_rct_insert()
289 } else if ((unsigned int)ec->rct_count >= (30 * ec->osr)) { in jent_rct_insert()
290 ec->rct_count = -1; in jent_rct_insert()
291 ec->health_failure |= JENT_RCT_FAILURE; in jent_rct_insert()
295 ec->rct_count = 0; in jent_rct_insert()
302 return (prev < next) ? (next - prev) : in jent_delta()
303 (JENT_UINT64_MAX - prev + 1 + next); in jent_delta()
312 * All values must always be non-zero.
323 __u64 delta2 = jent_delta(ec->last_delta, current_delta); in jent_stuck()
324 __u64 delta3 = jent_delta(ec->last_delta2, delta2); in jent_stuck()
326 ec->last_delta = current_delta; in jent_stuck()
327 ec->last_delta2 = delta2; in jent_stuck()
330 * Insert the result of the comparison of two back-to-back time in jent_stuck()
341 /* RCT with a non-stuck bit */ in jent_stuck()
355 * 2 APT failure
357 * 2<<JENT_PERMANENT_FAILURE_SHIFT APT permanent failure
365 return ec->health_failure; in jent_health_failure()
388 unsigned int mask = (1<<bits) - 1; in jent_loop_shuffle()
396 for (i = 0; ((DATA_SIZE_BITS + bits - 1) / bits) > i; i++) { in jent_loop_shuffle()
409 * CPU Jitter noise source -- this is the noise source based on the CPU
431 ec->rct_count, in jent_condition_data()
432 ec->apt_observations, in jent_condition_data()
433 ec->apt_count, in jent_condition_data()
434 ec->apt_base in jent_condition_data()
437 return jent_hash_time(ec->hash_state, time, (u8 *)&addtl, sizeof(addtl), in jent_condition_data()
442 * Memory Access noise source -- this is a noise source based on variations in
456 * to reliably access either L3 or memory, the ec->mem memory must be quite
459 * @ec [in] Reference to the entropy collector with the memory access data -- if
474 if (NULL == ec || NULL == ec->mem) in jent_memaccess()
476 wrap = ec->memblocksize * ec->memblocks; in jent_memaccess()
479 * testing purposes -- allow test app to set the counter, not in jent_memaccess()
485 for (i = 0; i < (ec->memaccessloops + acc_loop_cnt); i++) { in jent_memaccess()
486 unsigned char *tmpval = ec->mem + ec->memlocation; in jent_memaccess()
489 * wrap at 255 -- memory access implies read in jent_memaccess()
494 * Addition of memblocksize - 1 to pointer in jent_memaccess()
498 ec->memlocation = ec->memlocation + ec->memblocksize - 1; in jent_memaccess()
499 ec->memlocation = ec->memlocation % wrap; in jent_memaccess()
511 * WARNING: ensure that ->prev_time is primed before using the output
529 * Get time stamp and calculate time delta to previous in jent_measure_jitter()
533 current_delta = jent_delta(ec->prev_time, time); in jent_measure_jitter()
534 ec->prev_time = time; in jent_measure_jitter()
552 * Function fills rand_data->hash_state
563 /* priming of the ->prev_time value */ in jent_gen_entropy()
572 * We multiply the loop value with ->osr to obtain the in jent_gen_entropy()
575 if (++k >= ((DATA_SIZE_BITS + safety_factor) * ec->osr)) in jent_gen_entropy()
591 * @data [in] pointer to buffer for storing random data -- buffer must already
599 * -1 entropy_collector is NULL or the generation failed
600 * -2 Intermittent health failure
601 * -3 Permanent health failure
609 return -1; in jent_read_entropy()
624 return -3; in jent_read_entropy()
632 ec->health_failure &= in jent_read_entropy()
635 return -3; in jent_read_entropy()
638 return -2; in jent_read_entropy()
645 if (jent_read_random_block(ec->hash_state, p, tocopy)) in jent_read_entropy()
646 return -1; in jent_read_entropy()
648 len -= tocopy; in jent_read_entropy()
673 entropy_collector->mem = jent_kvzalloc(JENT_MEMORY_SIZE); in jent_entropy_collector_alloc()
674 if (!entropy_collector->mem) { in jent_entropy_collector_alloc()
678 entropy_collector->memblocksize = in jent_entropy_collector_alloc()
680 entropy_collector->memblocks = in jent_entropy_collector_alloc()
682 entropy_collector->memaccessloops = JENT_MEMORY_ACCESSLOOPS; in jent_entropy_collector_alloc()
688 entropy_collector->osr = osr; in jent_entropy_collector_alloc()
689 entropy_collector->flags = flags; in jent_entropy_collector_alloc()
691 entropy_collector->hash_state = hash_state; in jent_entropy_collector_alloc()
693 /* Initialize the APT */ in jent_entropy_collector_alloc()
696 /* fill the data pad with non-zero values */ in jent_entropy_collector_alloc()
704 jent_kvzfree(entropy_collector->mem, JENT_MEMORY_SIZE); in jent_entropy_collector_free()
705 entropy_collector->mem = NULL; in jent_entropy_collector_free()
727 /* Reset the APT */ in jent_entropy_init()
729 /* Ensure that a new APT base is obtained */ in jent_entropy_init()
730 ec->apt_base_set = 0; in jent_entropy_init()
732 ec->rct_count = 0; in jent_entropy_init()
734 ec->health_failure &= (~JENT_RCT_FAILURE); in jent_entropy_init()
735 ec->health_failure &= (~JENT_APT_FAILURE); in jent_entropy_init()
753 * following sanity checks verify that we have a high-resolution in jent_entropy_init()
760 * SP800-90B requires at least 1024 initial test cycles. in jent_entropy_init()
769 end_time = ec->prev_time; in jent_entropy_init()
770 start_time = ec->prev_time - delta; in jent_entropy_init()
780 * delta even when called shortly after each other -- this in jent_entropy_init()
792 * etc. with the goal to clear it to get the worst case in jent_entropy_init()