[cryptography] Intel Security Driver and AVX CPUs (rdrand)

David Johnston dj at deadhat.com
Fri Sep 2 00:28:43 EDT 2011


On 9/1/2011 5:12 PM, Jeffrey Walton wrote:
> Hi All,
>
> For some time, Intel has offered a Security Driver for Windows [1]. It
> basically allows us to use the 810 chipset and friends as a PRNG
> source via a CSP:
>
>    if(CryptAcquireContext(&hProvider, NULL, INTEL_DEF_PROV, PROV_INTEL_SEC, 0))
>    {
>       CryptGenRandom(hProvider, size, block);
>    }
>
> Does anyone know if Intel is shipping an updated driver which
> wraps/includes rdrand from AVX?
>
> Jeff
>
RdRand is a normal instruction not an AVX instruction. This confusion 
occurred because the first publication of the instruction was in the AVX 
extension instruction reference. RdRand has nothing to do with AVX other 
than proximity in the documentation.

The whole shebang (entropy source, conditioning, self testing, CSPRNGing 
and instruction set support) is now called 'Intel Bull Mountain Technology'.

Since it is an instruction accessible to code at any privilege level and 
it is atomic at the point of use, it doesn't need a driver as such. It 
can be used directly, or through some simple library function or 
indirectly through support in OSs or cryptographic libraries.

What has been provided to date is the Bull Mountain Software 
Implementation guide and some related example code :
   
http://software.intel.com/en-us/articles/download-the-latest-bull-mountain-software-implementation-guide/

There's support for RdRand and the RdRand compiler intrinsics in up to 
date versions of GCC and the example code uses that. For proprietary 
development tools, you'll have to check with the vendor.

I don't know is there's any support for a Microsoft CSP, but given the 
nature of RdRand, the functional end of the code would be very short indeed.

Keep in mind that the output of RdRand is the output of a (very 
frequently reseeded) 128 bit PRNG. It is cryptographically inappropriate 
to seed a wider PRNG from the output of a narrower PRNG. The SIG 
document talks about this and what you can do about it if you really 
feel the need to seed a PRNG from a PRNG.




More information about the cryptography mailing list