-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathkernel_notes.txt
58 lines (48 loc) · 2.7 KB
/
kernel_notes.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
chacha20 PR in the linux kernel:
https://lwn.net/Articles/691941/
Research paper for the chacha20 PR
http://www.chronox.de/lrng.html
http://www.chronox.de/lrng/doc/lrng.pdf
-- test they ran:
$ dd if =/ dev / random of = file bs =29
^ C32179 +32179 Datensätze ein
32179+32179 Datensätze aus
1029728 bytes (1 ,0 MB , 1006 KiB ) copied , 486 ,352 s , 2 ,1 kB /s
--- 130 sm@x86 -64 ~ ------------------------------------------------------------
$ ent -b file
Entropy = 1.000000 bits per bit .
Optimum compression would reduce the size
of this 8237824 bit file by 0 percent .
Chi square distribution for 8237824 samples is 0.06 , and randomly
would exceed this value 80.14 percent of the times .
Arithmetic mean value of data bits is 0.5000 (0.5 = random ).
Monte Carlo value for Pi is 3.140944290 ( error 0.02 percent ).
Serial correlation coefficient is 0.000093 ( totally uncorrelated = 0.0).
--- 0 sm@x86 -64 ~ --------------------------------------------------------------
$ ent file
Entropy = 7.999809 bits per byte .
Optimum compression would reduce the size
of this 1029728 byte file by 0 percent .
Chi square distribution for 1029728 samples is 272.84 , and randomly
would exceed this value 21.14 percent of the times .
Arithmetic mean value of data bytes is 127.4439 (127.5 = random ).
Monte Carlo value for Pi is 3.140944290 ( error 0.02 percent ).
42
Serial correlation coefficient is 0.001174 ( totally uncorrelated = 0.0).
There are Three differnt paths for pulling entorpy out of the linux kernel:
random_read() -> uses sha1 to extra data from the entropy pool (equivalent to /dev/random)
urandom_read() uses chacha20 and is /dev/urandom
https://github.com/torvalds/linux/blob/master/drivers/char/random.c#L1876-L1882
chacha20 path to get entropy out:
https://github.com/torvalds/linux/blob/master/drivers/char/random.c#L1042-L1059
We want to profile random.c -> urandom_read()
urandom_read() uses _extract_crng() which calls chacha20_block()
We would replace this method with AES-NI: https://github.com/torvalds/linux/blob/master/drivers/char/random.c#L974
random_read() uses extract_entropy_user() which then calls extract_buf(), this is the sha1 path: extract_entropy_user https://github.com/torvalds/linux/blob/master/drivers/char/random.c#L1422-L1436
CHACHA BLOCK size: https://github.com/torvalds/linux/blob/b71acb0e372160167bf6d5500b88b30b52ccef6e/include/crypto/chacha.h#L25-L27
android kernel configs:
linux kernel 4.4 :(
git clone https://android.googlesource.com/kernel/configs
https://android.googlesource.com/kernel/configs/
bugs in the recent kernel:
https://github.com/torvalds/linux/search?o=desc&p=3&q=drbg&s=committer-date&type=Commits