The venerable Linux /dev/random served users of cryptographic mechanisms well for a long time. Its behavior is well understood to deliver entropic data. In the last years, however, the Linux /dev/random showed signs of age where it has challenges to cope with modern computing environments ranging from tiny embedded systems, over new hardware resources such as SSDs, up to massive parallel systems as well as virtualized environments. This paper proposes a new approach to entropy collection in the Linux kernel with the intention of addressing all identified shortcomings of the legacy /dev/random implementation. The new Linux Random Number Generator's design is presented and all its cryptographic aspects are backed with qualitative assessment and complete quantitative testing. The test approaches are explained and the test code is made available to allow researchers to re-perform these tests.
The Linux Random Number Generator is an API and ABI compatible drop-in replacement to the legacy /dev/random implementation in the Linux kernel.
A public git repository is found at smuellerDD/lrng.
Please see the documentation references in the table below.
The following source code contains the implementation of the Linux Random Number Generator. Older versions of the LRNG are provided with a separate page.
| Link | Changes |
|---|---|
|
v48 (Signature of source code) Test code including SP800-90B tests (Signature of test code) |
Covered kernel version: 6.1
add support for forced seeding if the fully seeded threshold cannot be reached in an appropriate time frame update for API changes of kernel 6.1 fix: properly unlock in invalidate_batched_entropy fix: ABI-incompatibility in RNDADDENTROPY - LRNG returns now 0 on success SP800-90A/B/C compliant AIS20/31 2011 compliant AIS20/31 draft 2022 compliant FIPS IG 7.19 / D.K compliant - use of DRBG as conditioning component for chaining DRBGs |
|
v49 (Signature of source code) Test code including SP800-90B tests (Signature of test code) |
Covered kernel version: 6.2
Forced seeding applied with the first user space request Forced seeding used for kernel DRNG (i.e. the atomic DRNG) Adopt kernel API changes Report health test state for scheduler ES, IRQ ES, Jitter RNG ES Apply panic() for too many consecutive health failures to comply with FIPS 140-3 SP800-90A/B/C compliant AIS20/31 2011 compliant AIS20/31 draft 2022 compliant FIPS IG 7.19 / D.K compliant - use of DRBG as conditioning component for chaining DRBGs |
|
v50 (Signature of source code) Test code including SP800-90B tests (Signature of test code) |
Covered kernel version: 6.3
add handling for permanent errors in FIPS mode fix compile issue Jitter RNG entropy source linking code simplified SP800-90A/B/C compliant AIS20/31 2011 compliant AIS20/31 draft 2022 compliant FIPS IG 7.19 / D.K compliant - use of DRBG as conditioning component for chaining DRBGs |