lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3190961.CRkYR5qTbq@bagend>
Date: Tue, 16 Jul 2024 18:53:43 +0200
From: Diederik de Haas <didi.debian@...ow.org>
To: wens@...nel.org
Cc: Daniel Golle <daniel@...rotopia.org>, linux-rockchip@...ts.infradead.org,
 linux-arm-kernel@...ts.infradead.org, Rob Herring <robh@...nel.org>,
 Conor Dooley <conor+dt@...nel.org>, linux-kernel@...r.kernel.org,
 Herbert Xu <herbert@...dor.apana.org.au>, Martin Kaiser <martin@...ser.cx>,
 Sascha Hauer <s.hauer@...gutronix.de>,
 Sebastian Reichel <sebastian.reichel@...labora.com>,
 Ard Biesheuvel <ardb@...nel.org>,
 Uwe Kleine-König <ukleinek@...ian.org>,
 devicetree@...r.kernel.org, linux-crypto@...r.kernel.org,
 Philipp Zabel <p.zabel@...gutronix.de>, Olivia Mackall <olivia@...enic.com>,
 Krzysztof Kozlowski <krzk+dt@...nel.org>, Dragan Simic <dsimic@...jaro.org>,
 Aurelien Jarno <aurelien@...el32.net>, Heiko Stuebner <heiko@...ech.de>
Subject: Re: [PATCH v7 0/3] hwrng: add hwrng support for Rockchip RK3568

On Tuesday, 16 July 2024 17:18:48 CEST Chen-Yu Tsai wrote:
> On Jul 16, 2024 at 10:13 PM Diederik de Haas <didi.debian@...ow.org> wrote:
> > On Tuesday, 16 July 2024 15:59:40 CEST Diederik de Haas wrote:
> > > For shits and giggles, I tried it on my PineTab2 too (also rk3566):
> > > 
> > > ===========================================================
> > > root@...etab2:~# uname -a
> > > Linux pinetab2 6.10+unreleased-arm64 #1 SMP Debian 6.10-1~cknow
> > > (2024-04-24) aarch64 GNU/Linux
> > > 
> > > root@...etab2:~# dd if=/dev/hwrng bs=100000 count=1 > /dev/null
> > > 1+0 records in
> > > 1+0 records out
> > > 100000 bytes (100 kB, 98 KiB) copied, 5,69533 s, 17,6 kB/s
> > > 
> > > root@...bian-pinetab2:~# cat /dev/hwrng | rngtest -c 1000
> > > rngtest 5
> > > Copyright (c) 2004 by Henrique de Moraes Holschuh
> > > This is free software; see the source for copying conditions.
> > > There is NO warranty; not even for MERCHANTABILITY or
> > > FITNESS FOR A PARTICULAR PURPOSE.
> > > 
> > > rngtest: starting FIPS tests...
> > > rngtest: bits received from input: 20000032
> > > rngtest: FIPS 140-2 successes: 730
> > > rngtest: FIPS 140-2 failures: 270
> > > rngtest: FIPS 140-2(2001-10-10) Monobit: 266
> > > rngtest: FIPS 140-2(2001-10-10) Poker: 23
> > > rngtest: FIPS 140-2(2001-10-10) Runs: 9
> > > rngtest: FIPS 140-2(2001-10-10) Long run: 0
> > > rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
> > > rngtest: input channel speed: (min=2.615; avg=137.889;
> > > max=9765625.000)Kibits/s rngtest: FIPS tests speed: (min=24.643;
> > > avg=34.518; max=68.364)Mibits/s rngtest: Program run time: 149674336
> > > microseconds
> > > ===========================================================
> > > 
> > > That's looking quite a lot better ... and I have no idea why.
> > > 
> > > The Q64-A is used as headless server and the PineTab2 is not,
> > > but I connected to both over SSH and they were freshly booted
> > > into, thus I haven't actually/normally used the PT2 since boot.
> > 
> > I did freshly install rng-tools5 package before running the test, so
> > I rebooted again to make sure that wasn't a factor:
> > 
> > ===========================================================
> > root@...etab2:~# cat /dev/hwrng | rngtest -c 1000
> > rngtest 5
> > ...
> > 
> > rngtest: starting FIPS tests...
> > rngtest: bits received from input: 20000032
> > rngtest: FIPS 140-2 successes: 704
> > rngtest: FIPS 140-2 failures: 296
> > rngtest: FIPS 140-2(2001-10-10) Monobit: 293
> > rngtest: FIPS 140-2(2001-10-10) Poker: 32
> > rngtest: FIPS 140-2(2001-10-10) Runs: 10
> > rngtest: FIPS 140-2(2001-10-10) Long run: 0
> > rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
> > rngtest: input channel speed: (min=2.612; avg=137.833;
> > max=9765625.000)Kibits/s rngtest: FIPS tests speed: (min=24.391;
> > avg=34.416; max=68.364)Mibits/s rngtest: Program run time: 149736205
> > microseconds
> > ===========================================================
> > 
> > So that 704/296 vs 730/270 in the previous run on the PT2.
> > 
> > In case it helps:
> > ===========================================================
> > root@...rtz64a:~# grep . /sys/devices/virtual/misc/hw_random/rng_*
> > /sys/devices/virtual/misc/hw_random/rng_available:rockchip-rng
> > /sys/devices/virtual/misc/hw_random/rng_current:rockchip-rng
> > /sys/devices/virtual/misc/hw_random/rng_quality:900
> > /sys/devices/virtual/misc/hw_random/rng_selected:0
> > 
> > root@...etab2:~# grep . /sys/devices/virtual/misc/hw_random/rng_*
> > /sys/devices/virtual/misc/hw_random/rng_available:rockchip-rng
> > /sys/devices/virtual/misc/hw_random/rng_current:rockchip-rng
> > /sys/devices/virtual/misc/hw_random/rng_quality:900
> > /sys/devices/virtual/misc/hw_random/rng_selected:0
> > ===========================================================
> 
> On my Rock 3A:
> 
> wens@...k-3a:~$ sudo cat /dev/hwrng | rngtest -c 1000
> rngtest 5
> Copyright (c) 2004 by Henrique de Moraes Holschuh
> This is free software; see the source for copying conditions.  There
> is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
> PARTICULAR PURPOSE.
> 
> rngtest: starting FIPS tests...
> rngtest: bits received from input: 20000032
> rngtest: FIPS 140-2 successes: 992
> rngtest: FIPS 140-2 failures: 8
> rngtest: FIPS 140-2(2001-10-10) Monobit: 7
> rngtest: FIPS 140-2(2001-10-10) Poker: 0
> rngtest: FIPS 140-2(2001-10-10) Runs: 0
> rngtest: FIPS 140-2(2001-10-10) Long run: 1
> rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
> rngtest: input channel speed: (min=2.658; avg=140.067;
> max=9765625.000)Kibits/s rngtest: FIPS tests speed: (min=26.751;
> avg=34.901; max=65.320)Mibits/s rngtest: Program run time: 147367594
> microseconds
> 
> wens@...k-3a:~$ uname -a
> Linux rock-3a 6.10.0-rc7-next-20240712-12899-g7df602fe7c8b #9 SMP Mon
> Jul 15 00:39:32 CST 2024 aarch64 GNU/Linux

I wondered if ``dd if=/dev/hwrng bs=100000 count=1 > /dev/null`` before
the actual test run made a difference.
Tried it on my Quartz64 Model A: no

Then I tried it on my Quartz64 Model B:

root@...rtz64b:~# cat /dev/hwrng | rngtest -c 1000
rngtest 5
...
rngtest: starting FIPS tests...
rngtest: bits received from input: 20000032
rngtest: FIPS 140-2 successes: 120
rngtest: FIPS 140-2 failures: 880
rngtest: FIPS 140-2(2001-10-10) Monobit: 879
rngtest: FIPS 140-2(2001-10-10) Poker: 332
rngtest: FIPS 140-2(2001-10-10) Runs: 91
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=2.615; avg=138.117; max=9765625.000)Kibits/s
rngtest: FIPS tests speed: (min=20.777; avg=34.535; max=68.857)Mibits/s
rngtest: Program run time: 149461754 microseconds

root@...rtz64b:~# dd if=/dev/hwrng bs=100000 count=1 > /dev/null
1+0 records in
1+0 records out
100000 bytes (100 kB, 98 KiB) copied, 5.71466 s, 17.5 kB/s

root@...rtz64b:~# cat /dev/hwrng | rngtest -c 1000
rngtest 5
...
rngtest: starting FIPS tests...
rngtest: bits received from input: 20000032
rngtest: FIPS 140-2 successes: 104
rngtest: FIPS 140-2 failures: 896
rngtest: FIPS 140-2(2001-10-10) Monobit: 892
rngtest: FIPS 140-2(2001-10-10) Poker: 335
rngtest: FIPS 140-2(2001-10-10) Runs: 79
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=2.613; avg=138.098; max=9765625.000)Kibits/s
rngtest: FIPS tests speed: (min=20.465; avg=34.587; max=69.107)Mibits/s
rngtest: Program run time: 149475187 microseconds

root@...rtz64b:~# uname -a
Linux quartz64b 6.10+unreleased-arm64 #1 SMP Debian 6.10-1~cknow (2024-04-24) aarch64 GNU/Linux

:-O
Download attachment "signature.asc" of type "application/pgp-signature" (229 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ