From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from wolverine01.qualcomm.com ([199.106.114.254]:3171 "EHLO wolverine01.qualcomm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S934991AbcHJS2k convert rfc822-to-8bit (ORCPT ); Wed, 10 Aug 2016 14:28:40 -0400 From: "Pan, Miaoqing" To: Stephan Mueller CC: Herbert Xu , Matt Mackall , "miaoqing@codeaurora.org" , "Valo, Kalle" , "linux-wireless@vger.kernel.org" , ath9k-devel , "linux-crypto@vger.kernel.org" , "jason@lakedaemon.net" , "Sepehrdad, Pouyan" Subject: RE: [PATCH 2/2] ath9k: disable RNG by default Date: Wed, 10 Aug 2016 07:40:54 +0000 Message-ID: <1e8e88ad7de64c528f08c75ff9176ab8@aptaiexm02f.ap.qualcomm.com> (sfid-20160810_221400_011401_113337DA) References: <1470726147-30095-1-git-send-email-miaoqing@codeaurora.org> <1526134.1iUazSISyZ@positron.chronox.de> <4321952.1nMxxDi7Wz@positron.chronox.de> In-Reply-To: <4321952.1nMxxDi7Wz@positron.chronox.de> Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Sender: linux-wireless-owner@vger.kernel.org List-ID: Hi Stephan, That is set as "optional but highly recommended" in the FIPS doc, plus the fact that we do not have a requirement to have a FIP-approved RNG in our case. Although FIPS might impose higher and stronger requirements on the source of entropy, but not passing those tests does not mean the source of entropy is of bad quality. As I mentioned earlier, we just need to evaluate the amount of entropy it provides correctly and use it accordingly. If we are dealing with a chip which has a HW RNG, we expect extremely high entropy close to full from our source, but this patch is for chips which do not have a dedicated HW RNG in place to improve the quality of random number generation on the platform. Thanks, Miaoqing -----Original Message----- From: Stephan Mueller [mailto:smueller@chronox.de] Sent: Wednesday, August 10, 2016 3:27 PM To: Pan, Miaoqing Cc: Herbert Xu ; Matt Mackall ; miaoqing@codeaurora.org; Valo, Kalle ; linux-wireless@vger.kernel.org; ath9k-devel ; linux-crypto@vger.kernel.org; jason@lakedaemon.net; Sepehrdad, Pouyan Subject: Re: [PATCH 2/2] ath9k: disable RNG by default Am Mittwoch, 10. August 2016, 07:15:49 CEST schrieb Pan, Miaoqing: Hi Miaoqing, > Hi Stephan, > > NIST SP 800-22-rev1a and NIST SP 800-90B are used together to evaluate > the amount of min entropy the source provides, and not to decide if > the source has passed the tests or failed. See > > https://github.com/usnistgov/SP800-90B_EntropyAssessment > > The goal is often to make sure the input entropy is more than the > entropy we expect from the output. You are correct on the SP800-90B tests (hence I did not refer to them for the binary decision). Yet, SP800-22 with the associated tool delivers a binary decision. Ciao Stephan From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Pan, Miaoqing" Subject: RE: [PATCH 2/2] ath9k: disable RNG by default Date: Wed, 10 Aug 2016 07:40:54 +0000 Message-ID: <1e8e88ad7de64c528f08c75ff9176ab8@aptaiexm02f.ap.qualcomm.com> References: <1470726147-30095-1-git-send-email-miaoqing@codeaurora.org> <1526134.1iUazSISyZ@positron.chronox.de> <4321952.1nMxxDi7Wz@positron.chronox.de> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 8BIT Cc: Herbert Xu , Matt Mackall , "miaoqing-sgV2jX0FEOL9JmXXK+q4OQ@public.gmane.org" , "Valo, Kalle" , "linux-wireless-u79uwXL29TY76Z2rM5mHXA@public.gmane.org" , ath9k-devel , "linux-crypto-u79uwXL29TY76Z2rM5mHXA@public.gmane.org" , "jason-NLaQJdtUoK4Be96aLqz0jA@public.gmane.org" , "Sepehrdad, Pouyan" To: Stephan Mueller Return-path: In-Reply-To: <4321952.1nMxxDi7Wz-jJGQKZiSfeo1haGO/jJMPxvVK+yQ3ZXh@public.gmane.org> Content-Language: en-US Sender: linux-wireless-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org List-Id: linux-crypto.vger.kernel.org Hi Stephan, That is set as "optional but highly recommended" in the FIPS doc, plus the fact that we do not have a requirement to have a FIP-approved RNG in our case. Although FIPS might impose higher and stronger requirements on the source of entropy, but not passing those tests does not mean the source of entropy is of bad quality. As I mentioned earlier, we just need to evaluate the amount of entropy it provides correctly and use it accordingly. If we are dealing with a chip which has a HW RNG, we expect extremely high entropy close to full from our source, but this patch is for chips which do not have a dedicated HW RNG in place to improve the quality of random number generation on the platform. Thanks, Miaoqing -----Original Message----- From: Stephan Mueller [mailto:smueller-T9tCv8IpfcWELgA04lAiVw@public.gmane.org] Sent: Wednesday, August 10, 2016 3:27 PM To: Pan, Miaoqing Cc: Herbert Xu ; Matt Mackall ; miaoqing-sgV2jX0FEOL9JmXXK+q4OQ@public.gmane.org; Valo, Kalle ; linux-wireless-u79uwXL29TY76Z2rM5mHXA@public.gmane.org; ath9k-devel ; linux-crypto-u79uwXL29TY76Z2rM5mHXA@public.gmane.org; jason-NLaQJdtUoK4Be96aLqz0jA@public.gmane.org; Sepehrdad, Pouyan Subject: Re: [PATCH 2/2] ath9k: disable RNG by default Am Mittwoch, 10. August 2016, 07:15:49 CEST schrieb Pan, Miaoqing: Hi Miaoqing, > Hi Stephan, > > NIST SP 800-22-rev1a and NIST SP 800-90B are used together to evaluate > the amount of min entropy the source provides, and not to decide if > the source has passed the tests or failed. See > > https://github.com/usnistgov/SP800-90B_EntropyAssessment > > The goal is often to make sure the input entropy is more than the > entropy we expect from the output. You are correct on the SP800-90B tests (hence I did not refer to them for the binary decision). Yet, SP800-22 with the associated tool delivers a binary decision. Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org More majordomo info at http://vger.kernel.org/majordomo-info.html