True RNG and GnuPG / libgcrypt (was: NeuG 0.11)

NIIBE Yutaka gniibe at fsij.org
Mon Sep 2 05:27:04 CEST 2013 

I have a question about support of hardware RNG and GnuPG / libgcrypt.

I develop NeuG, my own True RNG implementation.  It is Free Software
for embedded MCU, specifically, STM32F103.  It is possible to use the
routine as a standalone device, and free hardware design by me is
also available.

When I test (at least for each release), I collect 64GiB of output and
test by NIST STS 2.1.1, Dieharder 3.31.1.  Recently, it is also tested
by PractRand 0.90.  I don't know if it's good to address, but it is
also tested by TestU01, too.  (Note that TestU01 is not free software.)

I think that the quality of random output is good enough.  Currently,
I use the output through the interface of /dev/random on GNU/Linux.

There are two issues for me, now.

  (1) I don't find any method to feed entropy (for /dev/random) on
      *BSD system

  (2) It would be better for an application to use the standalone
      device directly, not through /dev/random

Please let me know any related information about those issues. And...

How do you think about supporting hardware RNG by GnuPG / libgcrypt?


			*	*	*

FYI, here's the information about NeuG to /dev/random.

Standalone device of NeuG can be used to feed entropy to /dev/random.
I have following files for that:

============================== /etc/udev/rules.d/90-neug.rules
KERNEL=="ttyACM[0-9]*", SUBSYSTEMS=="usb", ACTION=="add", \
    ATTRS{idVendor}=="234b", ATTRS{idProduct}=="0001", \
    RUN+="/etc/udev/ctrl_rng.sh"

SUBSYSTEMS=="usb", ACTION=="remove", \
    ATTRS{idVendor}=="234b", ATTRS{idProduct}=="0001", \
    RUN+="/etc/udev/ctrl_rng.sh"
==============================

============================== /etc/udev/ctrl_rng.sh
#! /bin/sh

PIDFILE=/var/run/rngd.pid

case "$ACTION" in
add)
  stty -F $DEVNAME raw -echo -parenb
  /usr/sbin/rngd --fill-watermark=90% --feed-interval=1 --rng-device=$DEVNAME
  ;;
remove)
  # This will be called twice, since there are two interfaces for the device.
  # Called once for 10/0/0, another for 2/2/1.
  if [ x$INTERFACE = x"2/2/1" -a -f $PIDFILE ]; then
      kill -SIGTERM `cat $PIDFILE`
      rm -f $PIDFILE
  else
      exit 0
  fi
  ;;
esac

exit 0
==============================

That's for automatically connecting NeuG standalone device to RNGD,
when plugged.
--

More information about the Gnupg-devel mailing list