Wednesday, November 13, 2019

SP800-90A and SP800-90B compliant Linux Random Number Generator

Stephan Mueller
With the enforcement of SP800-90B starting in November 2020, the noise sources behind the Linux /dev/random, /dev/urandom and the getrandom system call interfaces must comply with all requirements stipulated by SP800-90B. If this compliance is not achieved, all modules using Linux random number generator as entropy source from its operational environment will likely fail FIPS validation starting at that time due to the lack of an acceptable noise source.

The existing implementation has difficulties in meeting the SP800-90B requirements. Not only are the health tests missing, but also the current architecture does not comply with SP800-90B section 3.1.6 as multiple similar noise software sources are credited with entropy. The interrupt noise source as well as the derivatives of interrupts of human interface device events and block device events are equally credited to provide entropy.

Our colleague Stephan Mueller has developed an API and ABI compatible replacement for the Linux random number generator implementation that provides not only SP800-90B compliance but also provides random data generated by an SP800-90A DRBG. This implies that data out of /dev/random, /dev/urandom or getrandom system call will comply with all requirements mandated by FIPS 140-2 without even needing to be processed with an additional DRBG.

The Application Binary Interface (ABI) is one step beyond the application program interface (API), which defines the calls from the application to the operating system. The ABI defines the API plus the machine language for a particular CPU family. An API does not ensure runtime compatibility, but an ABI does, because it defines the machine format

As part of the publication of the source code of the Linux random number generator replacement implementation, the full test set for performing SP800-90B compliant tests are provided. In addition, a full SP800-90B compliance assessment is provided in the documentation covering the implementation.

The source code to the SP800-90B compliant Linux random number generator implementation has been sent to the upstream Linux kernel community for assessment.
Stephan made the source code available at [1]. The test code can be downloaded at [2] and the documentation including the SP800-90B compliance documentation can be accessed at [3].


No comments:

Post a Comment

Comments are moderated with the goal of reducing spam. This means that there may be a delay before your comment shows up.