Skip to content

Commit

Permalink
crypto: ansi_cprng - fix inverted DT increment routine
Browse files Browse the repository at this point in the history 
The ANSI X9.31 PRNG docs aren't particularly clear on how to increment DT,
but empirical testing shows we're incrementing from the wrong end. A 10,000
iteration Monte Carlo RNG test currently winds up not getting the expected
result.

From http://csrc.nist.gov/groups/STM/cavp/documents/rng/RNGVS.pdf :

# CAVS 4.3
# ANSI931 MCT
[X9.31]
[AES 128-Key]

COUNT = 0
Key = 9f5b51200bf334b5d82be8c37255c848
DT = 6376bbe52902ba3b67c925fa701f11ac
V = 572c8e76872647977e74fbddc49501d1
R = 48e9bd0d06ee18fbe45790d5c3fc9b73

Currently, we get 0dd08496c4f7178bfa70a2161a79459a after 10000 loops.

Inverting the DT increment routine results in us obtaining the expected result
of 48e9bd0d06ee18fbe45790d5c3fc9b73. Verified on both x86_64 and ppc64.

Signed-off-by: Jarod Wilson <[email protected]>
Acked-by: Neil Horman <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
  • Loading branch information
@jarodwilson @herbertx
jarodwilson authored and herbertx committed Dec 25, 2008
1 parent 9302735 commit 09fbf7c
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion crypto/ansi_cprng.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -161,7 +161,7 @@ static int _get_more_prng_bytes(struct prng_context *ctx)
/*
* Now update our DT value
*/
for (i = 0; i < DEFAULT_BLK_SZ; i++) {
for (i = DEFAULT_BLK_SZ - 1; i >= 0; i--) {
ctx->DT[i] += 1;
if (ctx->DT[i] != 0)
break;
Expand Down

0 comments on commit 09fbf7c

Please sign in to comment.