https://stackoverflow.com/questions/18801486
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianThe internal state of the DRBG is within a FIPS 140-2 compliant security boundary. You cannot access those state variables.
Read Intel DRBG parameters
Question
Newer Intel processors include a DRBG, which generates random numbers which you can read with the RDRAND instruction. It involves a 256-bit seed S generated from a hardware entropy source dependant on noise in a metastable oscillator. The algorithm used to arrive at the numbers is effectively AES(K,V), where K is an ephemeral key derived from half of S, and V is an IV which is derived from the other half of S. I think, anyway; this is explained much better by some people who audited it.
For various reasons, I would like to audit the performance of this mechanism programmatically in situ, which requires the ability to read or derive two things:
- The value of S
- The value of either K or V
Using this and the output of RDRAND across several iterations will provide me with the required test data to make this determination.
However, nowhere in the software developer's manual or elsewhere can I find any documented means of accomplishing either of these tasks.
Assuming that I am willing to write a Linux kernel module to accomplish this, and that I am willing to use RDMSR for it or any other means available including calls to on-die devices such as the MEI, is it possible to acquire this data?
Solution
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
