Check out my first novel, midnight's simulacra!

RDRAND

From dankwiki
Revision as of 03:48, 4 August 2011 by Dank (talk | contribs)

RDRAND is an AVX instruction available on Intel processors for which CPUID sets bit 30 of the ECX register high. It is available at all privilege levels, and generates 16-, 32- or 64-bit random integer values (64-bit only in long mode). Its single operand is the (general-purpose) destination register. It sets the CF bit of EFLAGS to 1 if the destination register has been successfully set. Bull Mountain (the DRNG hardware + RDRAND instruction) is said to leverage "NIST SP800-90, FIPS-140-2, and ANSI X9.82." The Bull Mountain hardware is per-processor package. H. Peter Anvin added support to the Linux kernel 2011-07-29.

DRNG Implementation

  • A "nondeterministic hardware process" provides a 3Gbps entropy source as paired 256-bit values...
    • which are distilled through a FIPS-197/NIST SP800-38A AES/CBC-MAC conditioner, yielding single 256-bit values...
    • which seed a "~6Gbps" NIST SP800-90 AES-CTR, computing "not more than 511 128-bit values per seed."
  • "Online Health Tests" test the entropy source against mathematical models per-sample and at a 64k window
    • Each seed requires at least two healthy values (per-sample result)
    • "In the rare event a DRNG fails at runtime, it will cease to issue random numbers"
  • "Built-in Self Tests"
    • DRNG is run for 256 samples of OHT validation before being made available to software
    • OHT is provided known-bad data and must identify it as "unhealthy"
    • Deterministic values are played through the conditioner, and results are verified

See Also