From nobody Tue Sep 30 15:23:41 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cbhfQ121Hz69DZm; Tue, 30 Sep 2025 15:23:42 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4cbhfP5d4Kz3LvC; Tue, 30 Sep 2025 15:23:41 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1759245821; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=laRXo7iVRIEn//1It9IktesUFCCulJ6GER0lkNWkjNQ=; b=HjPvv5BZeYeEN3OPpUUd5YdT/tcWiFu5usuUgbijrE8Ge8uMSf7JoQuku7gf1z5MVAPewT 4wQFsJ17mZGW6RcUvDTSGH0wqKhaYtMBJd6/AU1ANI5ElfhPbd/YOFDPTR6D+M18JuXwQA R8pWsyNp2eig0V26LVRlLGCNhfkAEL/9I7qNGLDyfOF1l0bwg+xlK2bj0lVqVq8IJKYjs4 bxhlrNXcJ3ILMXZH+yjfcwlZPUUquetL95yGRnu7BZYGSVu0mWsnovkhApb6JBPya/d3WX 3gBI8TWHHqZKCvqyOGRcQ7J/cZJCSrTp/lxRWFwj+Ym4KRFHOx4Hv23qIDsLRA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1759245821; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=laRXo7iVRIEn//1It9IktesUFCCulJ6GER0lkNWkjNQ=; b=wxNkr4yZv18z72wbwinDK1nj2q0cHTae5+bAtFMtzcB5qR1pqYPOvsZdPUu7ankwabqLCb TSmcfvLD8EWFMi5qa+oYcMUHcAHRrFH3Lc8J7MrRE/E3kNchtKeE4yaa1CuoAcptRxoJtZ 1iWl1s7+Ea3TUciR0dXoyf2KKMaOjcOlhqfErLFMGBHVxZsJE+zGHkAOQKri8tpzvv4waP T7w2C5+ewwn0RmXQvHF+LkhVxCOL8pUASsilKKUGjKA1e3NQ/LlIFcT1Cdmz/i11NWnaHb qDgzy1jJ86s1chudx+8KgXDA1a4f7rfY+9zgW6yH2tjAnb7s/1m6OXIFrVJmkw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1759245821; a=rsa-sha256; cv=none; b=TNfMRtE+BtuhHQ4PpF/jP7P+vY6asy5hJwmKWy4hli2hvEovyjCum4yoaQAkKy0vRnVGsT EZ6tFUN4OcwEoWPqqA6oXOoawxmBb/IdqhFt99y6xlvPbtXKWPFfie4F6ank7oTQaX6I3p bh9yT5tmEBMjHYu5vv0wbFPa2SXDl0LimV1IFxXoTna0aDyaevm9jgswalzSi3WHhrKnjt wqVM7ymUKLQF/sW//tQLKIQV19JM3ZgfogBazjHaxSGaveRUOd/SKMVsUUaUvB6MoO1u2O RBdshxH5e1demnkxcIG1G/s9kIjyCXU7F6oEcM2yh6dr6DS4wqfOcxyXmZp66g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4cbhfP4hjQzjQS; Tue, 30 Sep 2025 15:23:41 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 58UFNfHH045805; Tue, 30 Sep 2025 15:23:41 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 58UFNf3d045802; Tue, 30 Sep 2025 15:23:41 GMT (envelope-from git) Date: Tue, 30 Sep 2025 15:23:41 GMT Message-Id: <202509301523.58UFNf3d045802@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 56965bbf7fd8 - stable/15 - random: Make the min-entropy estimate configurable List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 56965bbf7fd879810888d1c808ebcab49eabb95c Auto-Submitted: auto-generated The branch stable/15 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=56965bbf7fd879810888d1c808ebcab49eabb95c commit 56965bbf7fd879810888d1c808ebcab49eabb95c Author: Mark Johnston AuthorDate: 2025-09-08 14:40:42 +0000 Commit: Mark Johnston CommitDate: 2025-09-30 09:43:08 +0000 random: Make the min-entropy estimate configurable Right now the cutoff values for the RCT and APT tests are computed with a fixed min-entropy estimate of 1. In preparation for permitting alternative estimates for "pure" sources (i.e., hardware noise sources), extend the code to handle alternative estimates of an integer number of bits. For the RCT test, the cutoff is simply the formula from section 4.4.1 of NIST SP 800-90B. For the APT test, I used Excel to compute a lookup table using the formula provided in section 4.4.2. Reviewed by: cem MFC after: 2 weeks Sponsored by: Stormshield Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D52228 (cherry picked from commit 228302e630dd95586fc22b29b025b8a98b593740) --- sys/dev/random/random_harvestq.c | 52 ++++++++++++++++++++++++++++++++-------- 1 file changed, 42 insertions(+), 10 deletions(-) diff --git a/sys/dev/random/random_harvestq.c b/sys/dev/random/random_harvestq.c index 84ec174bd08e..20727471f9c7 100644 --- a/sys/dev/random/random_harvestq.c +++ b/sys/dev/random/random_harvestq.c @@ -464,7 +464,7 @@ SYSCTL_BOOL(_kern_random, OID_AUTO, nist_healthtest_enabled, "Enable NIST SP 800-90B health tests for noise sources"); static void -random_healthtest_init(enum random_entropy_source source) +random_healthtest_init(enum random_entropy_source source, int min_entropy) { struct health_test_softc *ht; @@ -485,20 +485,52 @@ random_healthtest_init(enum random_entropy_source source) } /* - * Set cutoff values for the two tests, assuming that each sample has - * min-entropy of 1 bit and allowing for an error rate of 1 in 2^{34}. - * With a sample rate of RANDOM_KTHREAD_HZ, we expect to see an false - * positive once in ~54.5 years. + * Set cutoff values for the two tests, given a min-entropy estimate for + * the source and allowing for an error rate of 1 in 2^{34}. With a + * min-entropy estimate of 1 bit and a sample rate of RANDOM_KTHREAD_HZ, + * we expect to see an false positive once in ~54.5 years. * * The RCT limit comes from the formula in section 4.4.1. * - * The APT cutoff is calculated using the formula in section 4.4.2 + * The APT cutoffs are calculated using the formula in section 4.4.2 * footnote 10 with the number of Bernoulli trials changed from W to * W-1, since the test as written counts the number of samples equal to - * the first sample in the window, and thus tests W-1 samples. + * the first sample in the window, and thus tests W-1 samples. We + * provide cutoffs for estimates up to sizeof(uint32_t)*HARVESTSIZE*8 + * bits. */ - ht->ht_rct_limit = 35; - ht->ht_apt_cutoff = 330; + const int apt_cutoffs[] = { + [1] = 329, + [2] = 195, + [3] = 118, + [4] = 73, + [5] = 48, + [6] = 33, + [7] = 23, + [8] = 17, + [9] = 13, + [10] = 11, + [11] = 9, + [12] = 8, + [13] = 7, + [14] = 6, + [15] = 5, + [16] = 5, + [17 ... 19] = 4, + [20 ... 25] = 3, + [26 ... 42] = 2, + [43 ... 64] = 1, + }; + const int error_rate = 34; + + if (min_entropy == 0) + min_entropy = 1; + else if (min_entropy < 0 || min_entropy >= nitems(apt_cutoffs)) { + panic("invalid min_entropy %d for %s", min_entropy, + random_source_descr[source]); + } + ht->ht_rct_limit = 1 + howmany(error_rate, min_entropy); + ht->ht_apt_cutoff = apt_cutoffs[min_entropy]; } static int @@ -653,7 +685,7 @@ random_harvestq_init(void *unused __unused) harvest_context.hc_active_buf = 0; for (int i = 0; i < ENTROPYSOURCE; i++) - random_healthtest_init(i); + random_healthtest_init(i, 0); } SYSINIT(random_device_h_init, SI_SUB_RANDOM, SI_ORDER_THIRD, random_harvestq_init, NULL);