diff --git a/SPEC/RdRand.spec b/SPEC/RdRand.spec index f1b3398..53555ad 100644 --- a/SPEC/RdRand.spec +++ b/SPEC/RdRand.spec @@ -1,28 +1,28 @@ Summary: Library for generating random numbers using the RdRand instruction on Intel CPUs Name: RdRand -Version: 2.1.2 +Version: 2.1.3 Release: 1%{?dist} License: LGPLv2+ URL: https://github.com/jtulak/%{name} Source0: https://github.com/jtulak/%{name}/archive/%{version}.tar.gz -ExclusiveArch: %{ix86} x86_64 +ExclusiveArch: %{ix86} x86_64 Requires: openssl BuildRequires: gcc-c++ BuildRequires: openssl-devel %description -RdRand is an instruction for returning random numbers from an Intel on-chip -hardware random number generator.RdRand is available in Ivy Bridge and later +RdRand is an instruction for returning random numbers from an Intel on-chip +hardware random number generator.RdRand is available in Ivy Bridge and later processors. It uses cascade construction, combining a HW RNG operating at 3Gbps with CSPRNG with all components sealed on CPU. The entropy source is a meta-stable circuit, -with unpredictable behavior based on thermal noise. The entropy is fed into -a 3:1 compression ratio entropy extractor (whitener) based on AES-CBC-MAC. -Online statistical tests are performed at this stage and only high quality -random data are used as the seed for cryptograhically secure SP800-90 AES-CTR -DRBG compliant PRNG. -This generator is producing maximum of 512 128-bit AES blocks before it's -reseeded. According to documentation the 512 blocks is a upper limit for +with unpredictable behavior based on thermal noise. The entropy is fed into +a 3:1 compression ratio entropy extractor (whitener) based on AES-CBC-MAC. +Online statistical tests are performed at this stage and only high quality +random data are used as the seed for cryptograhically secure SP800-90 AES-CTR +DRBG compliant PRNG. +This generator is producing maximum of 512 128-bit AES blocks before it's +reseeded. According to documentation the 512 blocks is a upper limit for reseed, in practice it reseeds much more frequently. %package devel @@ -60,7 +60,10 @@ rm -f $RPM_BUILD_ROOT{%{_libdir}/librdrand.la,%{_libdir}/librdrand/include/rdran %{_libdir}/pkgconfig/* %changelog -* Tue Jun 16 2020 Jirka Hladky - 2.1.2-1 +* Thu Feb 17 2022 Jirka Hladky - 2.1.3-1 +- Updated man page + +* Tue Jun 16 2020 Jirka Hladky - 2.1.2-1 - Added support for AMD CPUs * Tue Jan 28 2020 Fedora Release Engineering - 2.1.1-9 diff --git a/man/rdrand-gen.7 b/man/rdrand-gen.7 index bd838c8..65308ea 100644 --- a/man/rdrand-gen.7 +++ b/man/rdrand-gen.7 @@ -4,9 +4,9 @@ .SH NAME rdrand-gen \- Generate randomness by using RdRand on Intel's CPUs. .SH SYNOPSIS -rdrand-gen [--amount NUM] [--method NAME] [--output FILE] +rdrand-gen [--amount NUM] [--method NAME] [--output FILE] .br -[--threads NUM] [--aes-ctr [--aes-keys FILE]] [--verbose] [--version] +[--threads NUM] [--aes-ctr [--aes-keys FILE]] [--verbose] [--version] .br [--help] @@ -22,11 +22,11 @@ Despite the statistical tests did not reveal any flaws in RdRand's output, it's rdrand-gen is a simple application for generating randomness on Intel's CPUs (Ivy Bridge and newers) using the HW RNG on the CPU. It can use three methods of generating: -Default +Default .B get_bytes -- is fastest (on a laptop with a Core i7 about 200 MiB/s in one thread) and simply pulls out randomness from the HW RNG, and two slow, but more secure methods. These two methods, +- is fastest (on a laptop with a Core i7 about 200 MiB/s in one thread) and simply pulls out randomness from the HW RNG, and two slow, but more secure methods. These two methods, .B reseed_delay -and +and .B reseed_skip are enforcing full regeneration of the CPU's pool before each single value that is pushed out. @@ -34,9 +34,9 @@ are enforcing full regeneration of the CPU's pool before each single value that is putting small delays (20 microseconds), long enough to allow the HW to reseed the RdRand's internal generator with new thermal noise based entropy so that two consequent values returned by reseed_delay are guaranteed to be produced with different seed. .B reseed_skip is taking one of 1025 64bit values (the size of the inner pool) and throwing away the rest, forcing the HW to reseed. -The perfomance of these reseeding methods is about 1/1000 of the default one. The performance differs on each machine, one one machine the +The perfomance of these reseeding methods is about 1/1000 of the default one. The performance differs on each machine, one one machine the .B reseed_skip -is faster than +is faster than .B reseed_delay , while on another one it can be different. @@ -57,28 +57,28 @@ On each line is a hexadecimal string containing a key and a nonce. There can be .SH OPTIONS \-\-help \-h Print this help. - \-\-amount \-n -.I NUM + \-\-amount \-n +.I NUM Generate given amount of bytes. Suffixes: K, M, G, T. Without the option or when 0, generate unlimited amount. - \-\-method \-m + \-\-method \-m .I NAME -Use method NAME (default is +Use method NAME (default is .B get_bytes -, others are +, others are .B reseed_skip and .B reseed_delay ). - \-\-output \-o + \-\-output \-o .I FILE Save the generated data to the file. - \-\-threads \-t + \-\-threads \-t .I NUM Run the generator in NUM threads (default 2). \-\-aes-ctr \-a Encrypt the output with AES-CTR. \-\-aes-keys \-k -.I FILE +.I FILE Use given key file for the AES encryption .br instead of random one. Works only when -a is set. @@ -98,32 +98,32 @@ rdrand-gen -n 10.5M -o /tmp/random .B Generate 20 random passwords of length 20 build from all letters .B and digits. Use the secure get_uint64_array_reseed_skip method. .br -(rdrand-gen -n2k -m reseed_skip +(rdrand-gen -n2k -m reseed_skip | tr -cd '[:alnum:]' | fold -w 20 && echo ) | head -20 -.B Create GPG encrypted keyfile for aespipe. +.B Create GPG encrypted keyfile for aespipe. .br -.B Encrypt: +.B Encrypt: .br tar -cvf - files... | bzip2 | aespipe -w 10 -K keyfile.gpg >archive.aes .br -.B Decrypt: +.B Decrypt: .br aespipe -d -K keyfile.gpg < /tmp/archive.aes | bzip2 -d -q | tar -tvf - .br -rdrand-gen -n3705 -m reseed_skip +rdrand-gen -n3705 -m reseed_skip | uuencode -m - | head -n 66 | tail -n 65 | \\ .br gpg --symmetric -a > keyfile.gpg - - - .B Test the randomness of the generated data with dieharder test suite .br rdrand-gen | dieharder -g 200 -a +.B Test the randomness of the generated data with PractRand +.br +rdrand-gen | practrand-RNG_test stdin8 -tlmax 4G .B Measure the speed of generation. .br diff --git a/src/librdrand-aes.c b/src/librdrand-aes.c index 16b2966..d0d1e4b 100644 --- a/src/librdrand-aes.c +++ b/src/librdrand-aes.c @@ -1,6 +1,7 @@ /* vim: set expandtab cindent fdm=marker ts=4 sw=4: */ /* - * Copyright (C) 2013 Jan Tulak + * Copyright (C) 2013-2020 Jan Tulak + * Copyright (C) 2013-2022 Jirka Hladky hladky DOT jiri AT gmail DOT com * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -14,7 +15,7 @@ * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, + * Foundation, Inc., 51 Franklin Street, Fifth Floor, * Boston, MA 02110-1301 USA */ diff --git a/src/librdrand-aes.h b/src/librdrand-aes.h index f2d2b0a..67b14c9 100644 --- a/src/librdrand-aes.h +++ b/src/librdrand-aes.h @@ -1,6 +1,7 @@ /* vim: set expandtab cindent fdm=marker ts=4 sw=4: */ /* - * Copyright (C) 2013 Jan Tulak + * Copyright (C) 2013-2020 Jan Tulak + * Copyright (C) 2013-2022 Jirka Hladky hladky DOT jiri AT gmail DOT com * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff --git a/src/librdrand-aes.private.h b/src/librdrand-aes.private.h index 46279ee..4097b9e 100644 --- a/src/librdrand-aes.private.h +++ b/src/librdrand-aes.private.h @@ -1,6 +1,7 @@ /* vim: set expandtab cindent fdm=marker ts=4 sw=4: */ /* - * Copyright (C) 2013 Jan Tulak + * Copyright (C) 2013-2020 Jan Tulak + * Copyright (C) 2013-2022 Jirka Hladky hladky DOT jiri AT gmail DOT com * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff --git a/src/librdrand.c b/src/librdrand.c index d81eb57..0d6a706 100644 --- a/src/librdrand.c +++ b/src/librdrand.c @@ -1,6 +1,7 @@ /* vim: set expandtab cindent fdm=marker ts=2 sw=2: */ /* - * Copyright (C) 2013 Jan Tulak + * Copyright (C) 2013-2020 Jan Tulak + * Copyright (C) 2013-2022 Jirka Hladky hladky DOT jiri AT gmail DOT com * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff --git a/src/librdrand.h b/src/librdrand.h index 6513512..fd7762d 100644 --- a/src/librdrand.h +++ b/src/librdrand.h @@ -1,6 +1,7 @@ /* vim: set expandtab cindent fdm=marker ts=2 sw=2: */ /* - * Copyright (C) 2013 Jan Tulak + * Copyright (C) 2013-2020 Jan Tulak + * Copyright (C) 2013-2022 Jirka Hladky hladky DOT jiri AT gmail DOT com * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff --git a/src/rdrand-gen.c b/src/rdrand-gen.c index 1255ac8..fb201ad 100644 --- a/src/rdrand-gen.c +++ b/src/rdrand-gen.c @@ -1,7 +1,7 @@ /* vim: set expandtab cindent fdm=marker ts=4 sw=4: */ /* * Copyright (C) 2013-2020 Jan Tulak - * Copyright (C) 2020 Jirka Hladky + * Copyright (C) 2013-2022 Jirka Hladky hladky DOT jiri AT gmail DOT com * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -83,7 +83,7 @@ #define SLOW_RETRY_LIMIT 1000 #define SLOW_RETRY_DELAY 1000 // 1 ms -#define VERSION "2.1.2" +#define VERSION "2.1.3" // }}} macros // {{{ diff --git a/src/rdrand-gen.h b/src/rdrand-gen.h index 86a6b12..22b672d 100644 --- a/src/rdrand-gen.h +++ b/src/rdrand-gen.h @@ -1,6 +1,7 @@ /* vim: set expandtab cindent fdm=marker ts=4 sw=4: */ /* - * Copyright (C) 2013 Jan Tulak + * Copyright (C) 2013-2020 Jan Tulak + * Copyright (C) 2013-2022 Jirka Hladky hladky DOT jiri AT gmail DOT com * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public