From nobody Mon Sep 8 15:26:30 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cL9lp3jpQz66kMC; Mon, 08 Sep 2025 15:26:30 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4cL9lp34lWz3Mv2; Mon, 08 Sep 2025 15:26:30 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1757345190; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=/Hl5nHasOphNPq3NW7rfM578D+IKtJ08GUvIVm50gdM=; b=Jkhr3Ktg1KbWb77aoN2xhDvUpcDKur0o1I1/nF4NpuucmQCEgjJ1NVNIhELEUoxwjL3zfn 0GmidciToIkqkpb365q5gwOUNPoRdj7oUou4MShSoBnP2uEH0xdSosmdu0uhttc28x22hi Ypj986HxW3FYZ0Y2lJkYS49GULzd9BY11x36/G1WcjS8LbWLuqaMDch935dkucgXNP7Syc f8Af4eG3c2cLsHDAu4K8unqbGseSnncreBr+B+FshsQnfxiio+k62DyF1Pj1q35m94zcGv BFBFEyZ+PKoK8E3Qfm97FJqcEvG+Eh3zIwHzgw4ZK4gIkJPPArXXARBnfETQFg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1757345190; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=/Hl5nHasOphNPq3NW7rfM578D+IKtJ08GUvIVm50gdM=; b=iQGgbGTp+TvvldulxRGVAn8lfSsKUspxN9qqOgTIJpv7LLtKQUr52lR9LSr9UIrvTUCmuj e572t8hFGFzoUTlYMo+U/8AdC46bZvjr1qFw1B30WTHmIdA7npoRlfuBEJTqlV6bTlCt3N g3YcGNY45poIzCvsjnQfK3K+SftHCkxUIIo1UMVGwgYlJzO/+zvxaZ60t110q4kNP8VzEU WAZw0nBGYZRRvmLT/i/WMXkgyUsIl68XsE5Yj33ZLL88LBX5dIyHEpFTrNE0PZwHN52x7A BX4fn8CLfHEsnxpTUfeQJ1Je9+22+44hGDQV5YuaR8NFERes8XALF4Ex/nNyhA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1757345190; a=rsa-sha256; cv=none; b=Sz6ZddBvSPYP0pHEMtLx/hM+OA2M8SbmEIC/sj07Uoooj92oO/ZOzHH3eA4RCFmBmlt465 pfBXUIi9kqOEsebLfhmwLSdxvl0DAMv5C6As7ueyKKtxbMlOdMv45t58QoIuEf+tWx+fWF brt8poRFlWZmijuWJuSddtCsxkdoqtKpSA51vru0XLB6masseMk01CCWHUqIPrAuj2bqaJ Ww8Vu2aRVUMA6JhCAyUfRqPUYISIctpvsVw5OhUJyE3zaGiXjXptGeDa+dv244HwNCEhSG W0BnJ+goSHikR4+JibGTob37mjzNtFaZO8LoflaohnJGLSi3V5CLsGrMlOjNJA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4cL9lp2PMJz19wJ; Mon, 08 Sep 2025 15:26:30 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 588FQUB9076497; Mon, 8 Sep 2025 15:26:30 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 588FQULQ076494; Mon, 8 Sep 2025 15:26:30 GMT (envelope-from git) Date: Mon, 8 Sep 2025 15:26:30 GMT Message-Id: <202509081526.588FQULQ076494@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Mark Johnston Subject: git: 228302e630dd - main - random: Make the min-entropy estimate configurable List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 228302e630dd95586fc22b29b025b8a98b593740 Auto-Submitted: auto-generated The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=228302e630dd95586fc22b29b025b8a98b593740 commit 228302e630dd95586fc22b29b025b8a98b593740 Author: Mark Johnston AuthorDate: 2025-09-08 14:40:42 +0000 Commit: Mark Johnston CommitDate: 2025-09-08 15:21:43 +0000 random: Make the min-entropy estimate configurable Right now the cutoff values for the RCT and APT tests are computed with a fixed min-entropy estimate of 1. In preparation for permitting alternative estimates for "pure" sources (i.e., hardware noise sources), extend the code to handle alternative estimates of an integer number of bits. For the RCT test, the cutoff is simply the formula from section 4.4.1 of NIST SP 800-90B. For the APT test, I used Excel to compute a lookup table using the formula provided in section 4.4.2. Reviewed by: cem MFC after: 2 weeks Sponsored by: Stormshield Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D52228 --- sys/dev/random/random_harvestq.c | 52 ++++++++++++++++++++++++++++++++-------- 1 file changed, 42 insertions(+), 10 deletions(-) diff --git a/sys/dev/random/random_harvestq.c b/sys/dev/random/random_harvestq.c index 84ec174bd08e..20727471f9c7 100644 --- a/sys/dev/random/random_harvestq.c +++ b/sys/dev/random/random_harvestq.c @@ -464,7 +464,7 @@ SYSCTL_BOOL(_kern_random, OID_AUTO, nist_healthtest_enabled, "Enable NIST SP 800-90B health tests for noise sources"); static void -random_healthtest_init(enum random_entropy_source source) +random_healthtest_init(enum random_entropy_source source, int min_entropy) { struct health_test_softc *ht; @@ -485,20 +485,52 @@ random_healthtest_init(enum random_entropy_source source) } /* - * Set cutoff values for the two tests, assuming that each sample has - * min-entropy of 1 bit and allowing for an error rate of 1 in 2^{34}. - * With a sample rate of RANDOM_KTHREAD_HZ, we expect to see an false - * positive once in ~54.5 years. + * Set cutoff values for the two tests, given a min-entropy estimate for + * the source and allowing for an error rate of 1 in 2^{34}. With a + * min-entropy estimate of 1 bit and a sample rate of RANDOM_KTHREAD_HZ, + * we expect to see an false positive once in ~54.5 years. * * The RCT limit comes from the formula in section 4.4.1. * - * The APT cutoff is calculated using the formula in section 4.4.2 + * The APT cutoffs are calculated using the formula in section 4.4.2 * footnote 10 with the number of Bernoulli trials changed from W to * W-1, since the test as written counts the number of samples equal to - * the first sample in the window, and thus tests W-1 samples. + * the first sample in the window, and thus tests W-1 samples. We + * provide cutoffs for estimates up to sizeof(uint32_t)*HARVESTSIZE*8 + * bits. */ - ht->ht_rct_limit = 35; - ht->ht_apt_cutoff = 330; + const int apt_cutoffs[] = { + [1] = 329, + [2] = 195, + [3] = 118, + [4] = 73, + [5] = 48, + [6] = 33, + [7] = 23, + [8] = 17, + [9] = 13, + [10] = 11, + [11] = 9, + [12] = 8, + [13] = 7, + [14] = 6, + [15] = 5, + [16] = 5, + [17 ... 19] = 4, + [20 ... 25] = 3, + [26 ... 42] = 2, + [43 ... 64] = 1, + }; + const int error_rate = 34; + + if (min_entropy == 0) + min_entropy = 1; + else if (min_entropy < 0 || min_entropy >= nitems(apt_cutoffs)) { + panic("invalid min_entropy %d for %s", min_entropy, + random_source_descr[source]); + } + ht->ht_rct_limit = 1 + howmany(error_rate, min_entropy); + ht->ht_apt_cutoff = apt_cutoffs[min_entropy]; } static int @@ -653,7 +685,7 @@ random_harvestq_init(void *unused __unused) harvest_context.hc_active_buf = 0; for (int i = 0; i < ENTROPYSOURCE; i++) - random_healthtest_init(i); + random_healthtest_init(i, 0); } SYSINIT(random_device_h_init, SI_SUB_RANDOM, SI_ORDER_THIRD, random_harvestq_init, NULL);