[cryptography] Intel Security Driver and AVX CPUs (rdrand)
dj at deadhat.com
Fri Sep 2 00:28:43 EDT 2011
On 9/1/2011 5:12 PM, Jeffrey Walton wrote:
> Hi All,
> For some time, Intel has offered a Security Driver for Windows . It
> basically allows us to use the 810 chipset and friends as a PRNG
> source via a CSP:
> if(CryptAcquireContext(&hProvider, NULL, INTEL_DEF_PROV, PROV_INTEL_SEC, 0))
> CryptGenRandom(hProvider, size, block);
> Does anyone know if Intel is shipping an updated driver which
> wraps/includes rdrand from AVX?
RdRand is a normal instruction not an AVX instruction. This confusion
occurred because the first publication of the instruction was in the AVX
extension instruction reference. RdRand has nothing to do with AVX other
than proximity in the documentation.
The whole shebang (entropy source, conditioning, self testing, CSPRNGing
and instruction set support) is now called 'Intel Bull Mountain Technology'.
Since it is an instruction accessible to code at any privilege level and
it is atomic at the point of use, it doesn't need a driver as such. It
can be used directly, or through some simple library function or
indirectly through support in OSs or cryptographic libraries.
What has been provided to date is the Bull Mountain Software
Implementation guide and some related example code :
There's support for RdRand and the RdRand compiler intrinsics in up to
date versions of GCC and the example code uses that. For proprietary
development tools, you'll have to check with the vendor.
I don't know is there's any support for a Microsoft CSP, but given the
nature of RdRand, the functional end of the code would be very short indeed.
Keep in mind that the output of RdRand is the output of a (very
frequently reseeded) 128 bit PRNG. It is cryptographically inappropriate
to seed a wider PRNG from the output of a narrower PRNG. The SIG
document talks about this and what you can do about it if you really
feel the need to seed a PRNG from a PRNG.
More information about the cryptography