Direct read from /dev/urandom without PRNG?

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Direct read from /dev/urandom without PRNG?

Sudha Duraiswamy
Hi David,

Is it possible to not use PRNG from Bouncy Castle and directly read from /dev/urandom in FIPS mode? Please assume that the system has a good entropy source and has a CMVP certification.

In other words, is it possible to use the PRNG/DRNG of the kernel in Bouncy Castle?

Please let me know!

Thanks,
Sudha
Reply | Threaded
Open this post in threaded view
|

Re: Direct read from /dev/urandom without PRNG?

David Hook-3

Anything's possible (well almost...) If the source for /dev/urandom is
compliant I think you'd just need to configure:

securerandom.strongAlgorithms=NativePRNGNonBlocking:SUN

this will mean that any DRBG created by the FIPS module will use
/dev/urandom for seeding.

Regards,

David

On 23/2/21 8:52 am, Sudha Duraiswamy wrote:

> Hi David,
>
> Is it possible to not use PRNG from Bouncy Castle and directly read
> from /dev/urandom in FIPS mode? Please assume that the system has a
> good entropy source and has a CMVP certification.
>
> In other words, is it possible to use the PRNG/DRNG of the kernel in
> Bouncy Castle?
>
> Please let me know!
>
> Thanks,
> Sudha



Reply | Threaded
Open this post in threaded view
|

Re: Direct read from /dev/urandom without PRNG?

Sudha Duraiswamy
Hi David,

Thank you for the info! 

To be more specific, would it be possible to not use the DRBG of the FIPS module at all? I see that BC has received CAVP certification (C467)  and conforms to SP-800 90A, which means BC has it's own DRNG.

Is there a way to tune BC to read from /dev/urandom for random data without going through DRBG of BC?

Regards,
Sudha

On Mon, Feb 22, 2021 at 3:26 PM David Hook <[hidden email]> wrote:

Anything's possible (well almost...) If the source for /dev/urandom is
compliant I think you'd just need to configure:

securerandom.strongAlgorithms=NativePRNGNonBlocking:SUN

this will mean that any DRBG created by the FIPS module will use
/dev/urandom for seeding.

Regards,

David

On 23/2/21 8:52 am, Sudha Duraiswamy wrote:
> Hi David,
>
> Is it possible to not use PRNG from Bouncy Castle and directly read
> from /dev/urandom in FIPS mode? Please assume that the system has a
> good entropy source and has a CMVP certification.
>
> In other words, is it possible to use the PRNG/DRNG of the kernel in
> Bouncy Castle?
>
> Please let me know!
>
> Thanks,
> Sudha


Reply | Threaded
Open this post in threaded view
|

Re: Direct read from /dev/urandom without PRNG?

David Hook-3

Hi Sudha,

BC implements DRBG algorithms, not RNGs - it is a FIPS requirement to use a certified DRBG for key generation (and GCM IVs if you are doing it dynamically). The default DRBG for the FIPS provider will use prediction resistant mode though - meaning it will reseed on every invocation. "prediction resistant" mode is probably what you are looking for, this will read from /dev/urandom (in your case) each time a key is generated, but ensure that the original seed material (from /dev/urandom) is never directly used or exposed.

Regards,

David

On 23/2/21 11:21 am, Sudha Duraiswamy wrote:
Hi David,

Thank you for the info! 

To be more specific, would it be possible to not use the DRBG of the FIPS module at all? I see that BC has received CAVP certification (C467)  and conforms to SP-800 90A, which means BC has it's own DRNG.

Is there a way to tune BC to read from /dev/urandom for random data without going through DRBG of BC?

Regards,
Sudha

On Mon, Feb 22, 2021 at 3:26 PM David Hook <[hidden email]> wrote:

Anything's possible (well almost...) If the source for /dev/urandom is
compliant I think you'd just need to configure:

securerandom.strongAlgorithms=NativePRNGNonBlocking:SUN

this will mean that any DRBG created by the FIPS module will use
/dev/urandom for seeding.

Regards,

David

On 23/2/21 8:52 am, Sudha Duraiswamy wrote:
> Hi David,
>
> Is it possible to not use PRNG from Bouncy Castle and directly read
> from /dev/urandom in FIPS mode? Please assume that the system has a
> good entropy source and has a CMVP certification.
>
> In other words, is it possible to use the PRNG/DRNG of the kernel in
> Bouncy Castle?
>
> Please let me know!
>
> Thanks,
> Sudha