lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1874451.yxlQQexqVa@bagend>
Date: Tue, 16 Jul 2024 15:59:40 +0200
From: Diederik de Haas <didi.debian@...ow.org>
To: Daniel Golle <daniel@...rotopia.org>
Cc: Chen-Yu Tsai <wens@...nel.org>, Aurelien Jarno <aurelien@...el32.net>,
 Herbert Xu <herbert@...dor.apana.org.au>, Heiko Stuebner <heiko@...ech.de>,
 linux-rockchip@...ts.infradead.org, Olivia Mackall <olivia@...enic.com>,
 Rob Herring <robh@...nel.org>, Krzysztof Kozlowski <krzk+dt@...nel.org>,
 Conor Dooley <conor+dt@...nel.org>, Philipp Zabel <p.zabel@...gutronix.de>,
 Dragan Simic <dsimic@...jaro.org>,
 Uwe Kleine-König <ukleinek@...ian.org>,
 Sebastian Reichel <sebastian.reichel@...labora.com>,
 Cristian Ciocaltea <cristian.ciocaltea@...labora.com>,
 Sascha Hauer <s.hauer@...gutronix.de>, Martin Kaiser <martin@...ser.cx>,
 Ard Biesheuvel <ardb@...nel.org>, linux-crypto@...r.kernel.org,
 devicetree@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
 linux-kernel@...r.kernel.org
Subject: Re: [PATCH v7 0/3] hwrng: add hwrng support for Rockchip RK3568

Hi Daniel,

On Tuesday, 16 July 2024 15:27:33 CEST Daniel Golle wrote:
> On Tue, Jul 16, 2024 at 02:34:40PM +0200, Diederik de Haas wrote:
> > [...]
> > rngtest: starting FIPS tests...
> > rngtest: bits received from input: 20000032
> > rngtest: FIPS 140-2 successes: 362
> > rngtest: FIPS 140-2 failures: 638
> > rngtest: FIPS 140-2(2001-10-10) Monobit: 634
> > rngtest: FIPS 140-2(2001-10-10) Poker: 106
> > rngtest: FIPS 140-2(2001-10-10) Runs: 43
> > rngtest: FIPS 140-2(2001-10-10) Long run: 0
> > rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
> > rngtest: input channel speed: (min=2.638; avg=139.351;
> > max=9765625.000)Kibits/s rngtest: FIPS tests speed: (min=21.169;
> > avg=36.158; max=68.610)Mibits/s rngtest: Program run time: 148109761
> > microseconds
> > ===============================================================
> > 
> > That's almost twice as many failures as successes ...
> 
> That's bad news, and apparently different from Aurelien's initial
> testing of the driver.
> 
> Can you try if the result is also that bad when using his version of
> the driver:
> 
> https://patchwork.kernel.org/project/linux-arm-kernel/patch/20221128184718.1
> 963353-3-aurelien@...el32.net/
> 
> If so, we can try to increase RK_RNG_SAMPLE_CNT, and we may need
> different values depending on the SoC...

I had been using a rebased version (with fixed includes) of Aurelien's
patch set and I switched to 'your' version somewhere in the 6.10-rcX
cycle, but I didn't record exactly when.
But I had a 6.9.2 kernel of which I'm confident has that rebased patch set:

=========================================================== 
root@...rtz64a:~# uname -a
Linux quartz64a 6.9+unreleased-arm64 #1 SMP Debian 6.9.2-1~cknow (2024-04-24) aarch64 GNU/Linux

root@...rtz64a:~# dd if=/dev/hwrng bs=100000 count=1 > /dev/null
1+0 records in
1+0 records out
100000 bytes (100 kB, 98 KiB) copied, 5.6801 s, 17.6 kB/s
root@...rtz64a:~# cat /dev/hwrng | rngtest -c 1000
rngtest 5
Copyright (c) 2004 by Henrique de Moraes Holschuh
This is free software; see the source for copying conditions. 
There is NO warranty; not even for MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE.

rngtest: starting FIPS tests...
rngtest: bits received from input: 20000032
rngtest: FIPS 140-2 successes: 361
rngtest: FIPS 140-2 failures: 639
rngtest: FIPS 140-2(2001-10-10) Monobit: 637
rngtest: FIPS 140-2(2001-10-10) Poker: 115
rngtest: FIPS 140-2(2001-10-10) Runs: 34
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=2.603; avg=137.548; max=9765625.000)Kibits/s
rngtest: FIPS tests speed: (min=21.479; avg=37.156; max=89.547)Mibits/s
rngtest: Program run time: 149992805 microseconds
=========================================================== 

So that's consistent(ly bad).

For shits and giggles, I tried it on my PineTab2 too (also rk3566):

=========================================================== 
root@...etab2:~# uname -a
Linux pinetab2 6.10+unreleased-arm64 #1 SMP Debian 6.10-1~cknow (2024-04-24) aarch64 GNU/Linux

root@...etab2:~# dd if=/dev/hwrng bs=100000 count=1 > /dev/null
1+0 records in
1+0 records out
100000 bytes (100 kB, 98 KiB) copied, 5,69533 s, 17,6 kB/s

root@...bian-pinetab2:~# cat /dev/hwrng | rngtest -c 1000
rngtest 5
Copyright (c) 2004 by Henrique de Moraes Holschuh
This is free software; see the source for copying conditions.
There is NO warranty; not even for MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE.

rngtest: starting FIPS tests...
rngtest: bits received from input: 20000032
rngtest: FIPS 140-2 successes: 730
rngtest: FIPS 140-2 failures: 270
rngtest: FIPS 140-2(2001-10-10) Monobit: 266
rngtest: FIPS 140-2(2001-10-10) Poker: 23
rngtest: FIPS 140-2(2001-10-10) Runs: 9
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=2.615; avg=137.889; max=9765625.000)Kibits/s
rngtest: FIPS tests speed: (min=24.643; avg=34.518; max=68.364)Mibits/s
rngtest: Program run time: 149674336 microseconds
=========================================================== 

That's looking quite a lot better ... and I have no idea why.

The Q64-A is used as headless server and the PineTab2 is not,
but I connected to both over SSH and they were freshly booted
into, thus I haven't actually/normally used the PT2 since boot.

HTH,
  Diederik
Download attachment "signature.asc" of type "application/pgp-signature" (229 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ