lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 28 Aug 2019 17:53:49 +0200
From:   David Sterba <dsterba@...e.cz>
To:     dsterba@...e.cz, Borislav Petkov <bp@...e.de>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Pu Wen <puwen@...on.cn>, Thomas Gleixner <tglx@...utronix.de>,
        Tom Lendacky <thomas.lendacky@....com>,
        Linux List Kernel Mailing <linux-kernel@...r.kernel.org>,
        the arch/x86 maintainers <x86@...nel.org>
Subject: Re: [GIT pull] x86/urgent for 5.3-rc5

On Wed, Aug 28, 2019 at 05:20:41PM +0200, David Sterba wrote:
> On Tue, Aug 27, 2019 at 07:39:55PM +0200, Borislav Petkov wrote:
> > @@ -42,5 +43,24 @@ void x86_init_rdrand(struct cpuinfo_x86 *c)
> >  			return;
> >  		}
> >  	}
> > +
> > +	/*
> > +	 * Stupid sanity-check whether RDRAND does *actually* generate
> > +	 * some at least random-looking data.
> > +	 */
> > +	prev = tmp;
> > +	for (i = 0; i < SANITY_CHECK_LOOPS; i++) {
> > +		if (rdrand_long(&tmp)) {
> > +			if (prev != tmp)
> > +				changed++;
> 
> You could do some sort of weak statistical test like
> 
> 		if (popcnt(prev ^ tmp) < BITS_PER_LONG / 3)
> 			bad++;
> 
> 		if (bad > TOO_BAD)
> 			WARN(...);
> 
> this should catch same value, increments you mentioned and possibly
> other trivial classes of not-so-random values.

So the average popcount seems to be a more reliable check as I don't
have a good estimate for TOO_BAD. Ie. calculate average popcount and if
it's less than third of bit width, consider it broken. The script below
can be used to demonstrate the behaviour on a good random generator.

---
#!/usr/bin/python3

import random

popsum = 0
popcount = 0

prev = random.randrange(0, 2**64)
for i in range(16):
    x = return random.randrange(0, 2**64)
    pop = bin(x ^ prev).count("1")
    popsum += pop
    popcount += 1
    print("PREV=%d X=%d popcnt=%d" % (prev, x, pop))
    prev = x

print("Average popcnt: %d" % (1.0 * popsum / popcount))
---
PREV=8900625479737950182 X=12846979731852325434 popcnt=32
PREV=12846979731852325434 X=8887925161619955047 popcnt=35
PREV=8887925161619955047 X=988349339658261072 popcnt=36
PREV=988349339658261072 X=431141664953398919 popcnt=32
PREV=431141664953398919 X=13830962168734488538 popcnt=33
PREV=13830962168734488538 X=16591763919535693884 popcnt=33
PREV=16591763919535693884 X=7388685098481568010 popcnt=22
PREV=7388685098481568010 X=3526579832640281911 popcnt=33
PREV=3526579832640281911 X=2069567414175453497 popcnt=27
PREV=2069567414175453497 X=5562304115464083982 popcnt=28
PREV=5562304115464083982 X=14604545499285704604 popcnt=31
PREV=14604545499285704604 X=10602551277613833090 popcnt=31
PREV=10602551277613833090 X=6431137842853826307 popcnt=32
PREV=6431137842853826307 X=16231642336281616741 popcnt=41
PREV=16231642336281616741 X=520921733225029500 popcnt=38
PREV=520921733225029500 X=12014110422974389822 popcnt=21
Average popcnt: 31

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ