[Cryptech Tech] Alpha board main CPU change

Bernd Paysan bernd at net2o.de
Sat May 30 18:48:22 UTC 2015

Previous message (by thread): [Cryptech Tech] Alpha board main CPU change
Next message (by thread): [Cryptech Tech] Google's project vault
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Am Samstag, 30. Mai 2015, 20:06:25 schrieb Jacob:
>  From what I gather, it depends on the mixing method you use. If it is a
> good mixer, and you force an output failure from the RNG if any of the
> fully trusted entropy sources becomes unavailable (noting the Android
> Bitcoin address generation fiasco a few days ago), then it is beneficial
> to mix in even semi-questionable sources.

Indeed, any source that has a tiny bit of "unknown" in it is good.  Even said 
AES-encrypted counter is delivering a small bit of entropy into a pool: the 
actual count value (which is unknown to the attacker unless said attacker can 
directly get at the AES output and decrypt it).

> See for example the heated debate between Linux maintainer Theodore Ts'o
> and Intel RDRAND designer David Johnston at
> https://plus.google.com/+TheodoreTso/posts/SDcoemc9V3J

IMHO David Johnson does not understand that the loadable microcode part allows 
Intel to subvert his random number generator.

The original code of RDRAND looks probably like this:

static char aeskey[16]=INTEL_INITIAL_KEY; // don't use rdrand too early after 
boot
static int128_t counter;
char out[16];
if(entropy_bytes >= 32) {
  char entropy[32];
  counter = 0;
  rdentropy(entropy, 32);
  aes_encrypt(aeskey, entropy, entropy+16);
// use AES to condense 256 bits to 128 random looking bits as key
}
aes_encrypt(out, aeskey, &counter);
counter++;

All is fine.  To subvert it, change that to:

static char aeskey[16]=NSA_AES_KEY;
static int128_t counter;
char out[16];
if(entropy_bytes >= 32) {
  char entropy[32];
  counter = 0; // leave in for timing
  rdentropy(entropy, 32);
  aes_encrypt(counter, entropy, entropy+16);
// use AES to condense 256 bits to 128 random looking bits as counter
}
aes_encrypt(out, aeskey, &counter);
counter++;

The device is still working perfectly.  All tests on the output still work 
perfectly.  The NSA can extract information when they get raw readouts of 
RDRAND, otherwise, it's still delivering valid entropy (by reseeding the 
counter with actual random data).

Unless you have a microcode decompiler, you can't know what your BIOS actually 
loads into the CPU.

A Cortex M4 has two sources for entropy that can possibly be used: The PRNG, 
and the on-chip SRAM, which contains entropy after power-on.

-- 
Bernd Paysan
"If you want it done right, you have to do it yourself"
net2o ID: kQusJzA;7*?t=uy at X}1GWr!+0qqp_Cn176t4(dQ*
http://bernd-paysan.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cryptech.is/archives/tech/attachments/20150530/fc7e17ed/attachment.sig>

Previous message (by thread): [Cryptech Tech] Alpha board main CPU change
Next message (by thread): [Cryptech Tech] Google's project vault
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Tech mailing list