lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 26 Jul 2006 14:21:53 +0000
From:	"gmu 2k6" <gmu2006@...il.com>
To:	"Michael Buesch" <mb@...sch.de>
Cc:	"Andrew Morton" <akpm@...l.org>, linux-kernel@...r.kernel.org
Subject: Re: hwrng on 82801EB/ER (ICH5/ICH5R) fails rngtest checks

On 7/26/06, Michael Buesch <mb@...sch.de> wrote:
> On Wednesday 26 July 2006 07:22, Andrew Morton wrote:
> > with latest HEAD of Linus' tree I got /dev/hwrng but although the device
> > exists rngtest does not pass as if hwrng does not work correctly.
> > actually this case is documented in the README supplied by Debian
> > but I'm surprised to hit the problem.
> >
> > I'm just curious whether there's a bug in the driver, the hwrng is bad
> > or if it is falsely detected and made accessible via /dev/hwrng.
> >
> > rngtest 2-unofficial-mt.10
> > Copyright (c) 2004 by Henrique de Moraes Holschuh
> > This is free software; see the source for copying conditions.  There
> > is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
> > PARTICULAR PURPOSE.
> >
> > rngtest: starting FIPS tests...
> > rngtest: bits received from input: 200032
> > rngtest: FIPS 140-2 successes: 0
> > rngtest: FIPS 140-2 failures: 10
> > rngtest: FIPS 140-2(2001-10-10) Monobit: 10
> > rngtest: FIPS 140-2(2001-10-10) Poker: 10
> > rngtest: FIPS 140-2(2001-10-10) Runs: 10
> > rngtest: FIPS 140-2(2001-10-10) Long run: 10
> > rngtest: FIPS 140-2(2001-10-10) Continuous run: 10
> > rngtest: input channel speed: (min=1.132; avg=2.157; max=2.794)Mibits/s
> > rngtest: FIPS tests speed: (min=202.909; avg=206.647; max=211.928)Mibits/s
> > rngtest: Program run time: 89804 microseconds
> >
> >
> > lspci
> > 00:00.0 Host bridge: Intel Corporation E7520 Memory Controller Hub (rev 0c)
> > 00:02.0 PCI bridge: Intel Corporation E7525/E7520/E7320 PCI Express Port A (rev
> > 0c)
> > 00:06.0 PCI bridge: Intel Corporation E7520 PCI Express Port C (rev 0c)
> > 00:1d.0 USB Controller: Intel Corporation 82801EB/ER (ICH5/ICH5R) USB UHCI Contr
> > oller #1 (rev 02)
> > 00:1d.1 USB Controller: Intel Corporation 82801EB/ER (ICH5/ICH5R) USB UHCI Contr
> > oller #2 (rev 02)
> > 00:1d.2 USB Controller: Intel Corporation 82801EB/ER (ICH5/ICH5R) USB UHCI Contr
> > oller #3 (rev 02)
> > 00:1d.3 USB Controller: Intel Corporation 82801EB/ER (ICH5/ICH5R) USB UHCI Contr
> > oller #4 (rev 02)
> > 00:1d.7 USB Controller: Intel Corporation 82801EB/ER (ICH5/ICH5R) USB2 EHCI Cont
> > roller (rev 02)
> > 00:1e.0 PCI bridge: Intel Corporation 82801 PCI Bridge (rev c2)
> > 00:1f.0 ISA bridge: Intel Corporation 82801EB/ER (ICH5/ICH5R) LPC Interface Brid
> > ge (rev 02)
> > 00:1f.1 IDE interface: Intel Corporation 82801EB/ER (ICH5/ICH5R) IDE Controller
> > (rev 02)
> > 01:03.0 VGA compatible controller: ATI Technologies Inc Rage XL (rev 27)
> > 01:04.0 System peripheral: Compaq Computer Corporation Integrated Lights Out Con
> > troller (rev 01)
> > 01:04.2 System peripheral: Compaq Computer Corporation Integrated Lights Out  Pr
> > ocessor (rev 01)
> > 02:00.0 PCI bridge: Intel Corporation 6700PXH PCI Express-to-PCI Bridge A (rev 0
> > 9)
> > 02:00.2 PCI bridge: Intel Corporation 6700PXH PCI Express-to-PCI Bridge B (rev 0
> > 9)
> > 03:01.0 Ethernet controller: Broadcom Corporation NetXtreme BCM5704 Gigabit Ethe
> > rnet (rev 10)
> > 03:01.1 Ethernet controller: Broadcom Corporation NetXtreme BCM5704 Gigabit Ethe
> > rnet (rev 10)
> > 04:03.0 RAID bus controller: Compaq Computer Corporation Smart Array 64xx (rev 0
> > 1)
> > 05:00.0 PCI bridge: Intel Corporation 6700PXH PCI Express-to-PCI Bridge A (rev 0
> > 9)
> > 05:00.2 PCI bridge: Intel Corporation 6700PXH PCI Express-to-PCI Bridge B (rev 0
> > 9)
> > 0a:01.0 PCI bridge: IBM PCI-X to PCI-X Bridge (rev 03)
> > 0b:04.0 RAID bus controller: Compaq Computer Corporation Smart Array 64xx (rev 0
> > 1)
>
>
> I guess you are running the Intel ICH RNG, right?
> As the FIPS test is a hardware test, I would simply say it's
> failing hardware. But let's not do this. :) Let's check what
> actually comes out of the RNG.
> Could you do a
> hexdump /dev/hwrng
> So we can see what actually comes ot of the device. Let's see
> if it's all zeros or something.
>
> Does the RNG work, if you use 2.6.17 or earlier?

it just outputs this and stops with 2.6.18-rc2-HEAD (see dmesg for hashcode or
whatever that is which is appended as localversion)

svn:~# hexdump /dev/hwrng
0000000 ffff ffff ffff ffff ffff ffff ffff ffff
*

with 2.6.17.6:
svn:~# hexdump /dev/hwrng
0000000 ffff ffff ffff ffff ffff ffff ffff ffff
*

this was without any rng-tools installed and no rngd running of course.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ