FIPS 140-2 rng data tester for h/w crypto devices. This driver periodically

monitors the entropy data harvested by crypto drivers to verify it complies with FIPS 140-2. If data fails any test then the driver discards it and commences continuous testing of harvested data until it is deemed ok. Results are collected in a statistics block and, optionally, reported on the console. In normal use the overhead associated with this driver is not noticeable. Note that drivers must (currently) be compiled specially to enable use. Obtained from: original code by Jason L. Wright
2003-03-11 19:26:16 +00:00 · 2003-03-11 19:26:16 +00:00 · ac7e2c0515
commit ac7e2c0515
parent d947796288
3 changed files with 10 additions and 0 deletions
--- a/sys/conf/NOTES
+++ b/sys/conf/NOTES
@ -2154,6 +2154,7 @@ device		cryptodev	# /dev/crypto for access to h/w

 device		hifn		# Hifn 7951, 7781, etc.
 device		ubsec		# Broadcom 5501, 5601, 58xx
+device		rndtest		# FIPS 140-2 entropy tester

 #####################################################################

--- a/sys/conf/files
+++ b/sys/conf/files
@ -629,6 +629,7 @@ crypto/sha2/sha2.c	optional random
 dev/ray/if_ray.c	optional ray card
 dev/ray/if_ray.c	optional ray pccard
 dev/rc/rc.c		optional rc
+dev/rndtest/rndtest.c	optional rndtest
 dev/rp/rp.c		optional rp
 dev/rp/rp_isa.c		optional rp isa
 dev/rp/rp_pci.c		optional rp pci
--- a/sys/modules/rndtest/Makefile
+++ b/sys/modules/rndtest/Makefile
@ -0,0 +1,8 @@
+# $FreeBSD$
+
+.PATH:	${.CURDIR}/../../dev/rndtest
+KMOD	= rndtest
+SRCS	= rndtest.c
+SRCS   += device_if.h bus_if.h
+
+.include <bsd.kmod.mk>