[Cryptography] [RFC] random: add new pseudorandom number generator
Sandy Harris
sandyinchina at gmail.com
Sun Oct 3 21:22:04 EDT 2021
Bill Stewart <billstewart at pobox.com> wrote:
> How much entropy do you get out of it, and how much key material went
> into it?
Outputs are 64 bits & it gets fully rekeyed -- change key, counter
& XOR mask, total 256 bits -- every 127 iterations.
It also changes the key slightly on every iteration.
tea_key[xtea_iterations & 3] += tea_key[(xtea_iterations+1) & 3] ;
Both the rekeying function and the main function that uses the
output will use a random instruction or a hardware rng in
preference to this if available. Output from this only gets
mixed in occasionally to avoid trusting the other source
completely or used as a fallback if the other source fails.
In the worst case -- no other source configured or it fails --
it is initilalised from the input pool (which in my version of
the driver is filled with bits from /dev/urandom at compile
time) and thereafter rekeys itself with:
static void xtea_self_rekey()
{
u64 x ;
x = random_get_entropy() ;
spin_lock(&xtea_lock) ;
tea_counter += x ;
/* used with ^, so + here */
tea_mask += xtea_counter() ;
/* used with +, so ^ here */
tea_key64[0] ^= xtea_counter() ;
tea_key64[1] ^= xtea_counter() ;
tea_counter ^= xtea_counter() ;
spin_unlock(&xtea_lock) ;
}
random_get_entropy() is an existing library function
designed mainly for speed, better than nothing here
but perhaps not ideal.
More information about the cryptography
mailing list