-NeuG - a random number generator implementation (for STM32F103)
+NeuG - a true random number generator implementation (for STM32F103)
- Version 0.03
- 2012-09-27
+ Version 0.10
+ 2013-06-XX
Niibe Yutaka
Free Software Initiative of Japan
Release notes
=============
-This is the fourth release of NeuG, which is still experimental.
-Basic features (generating random numbers) are stable, but newly added
+This is the seventh release of NeuG, which is still experimental. Basic
+features (generating random numbers) are stable, but newly added
things like reGNUal support should be considered unstable. Note that
-you need the snapshot of ChibiOS/RT (from trunk). This means that it
-is covered by GNU GPL. No "linking exception" option is available for
-the snapshot.
+you need Chopstx as external source code.
FAQ
Q0: How NeuG device is good?
A0: I believe it's good enough if we compare to other hardware RNGs.
- If its usage is as an entropy source for RNG-tools, or use for
- computer simulations, I think that it's good enough. I evaluated
- it with rngtest of RNG-tools, NIST STS test suite and Dieharder.
- See the directory neug/test-results/.
+ I evaluated it with rngtest of RNG-tools, NIST STS test suite and
+ Dieharder. See the directory neug/test-results/.
A0-dash: For better entropy device with embedded test, you could get
EntropyKey. See http://www.entropykey.co.uk/
A0-double-dash: STM32F2xx and STM32F4xx have built-in TRNG, it would
looks not that good).
Q1: How fast is NeuG device?
-A1: It's something around 30 Ki-byte/second.
+A1: It's more than 50 Ki-byte/sec for conditioned output (by SHA-256),
+ and more than 140 Ki-byte/sec for CRC-32 filtered output.
Q2: Should we check condition of noise sources?
A2: Yes, we should. Three continuous tests are implemented, following
is really rare, but it could occur even for normal condition), the
generation of random bits restart again.
+Q3: Conditioning with SHA-256 sounds over-kill. Why not simpler?
+A3: It is because NIST SP 800-90B mandates something like that for
+ "full entropy source". If your usage is as an entropy source for
+ RNG-tools to feed entropy to your kernel, or use for computer
+ simulations, I think that CRC32 filter would be good enough. You
+ can configure NeuG device by "stty -F /dev/ttyACM0 parenb parodd"
+ to get raw data before SHA-256 conditioning component. With
+ high speed hub, you'll get more than 240 Ki-byte/second .
+
Targets
=======
-FST-01, STBee Mini, Olimex STM32-H103, CQ-STARM, and STBee are
-supported.
+FST-01, Olimex STM32-H103, and STM32 part of STM8S Discovery Kit are
+supported. CQ-STARM, STBee Mini, and STBee will be supported.
Souce code
External source code
====================
-To build NeuG device, we need external source code.
+To build NeuG device, you need external source code.
+
+* chopstx/ -- Chopstx, the RT Thread Library
+
+It is available at:
+
+ http://gitorious.org/chopstx/chopstx
+
+
+USB vendor ID and product ID (USB device ID)
+============================================
+
+When you have a vender ID and assign a product ID for NeuG, edit the
+file NEUG_USB_DEVICE_ID and add an entry for yours. In this case,
+please contact Niibe, so that it is listed to the file in the official
+release of the source code.
+
+When you are modifing NeuG and installing the binary to device, you
+should replace the vendor string to yours, so that users can see it's
+not by original vendor, and it is modified version.
+
+FSIJ allows you to use USB device ID of FSIJ (234b:0001) for devices
+with standalone NeuG under one of following conditions:
+
+ * For everyone for experimental purpose:
+
+ - You must not distribute a binary with FSIJ's USB device ID, but
+ must use the binary by yourself only for your experiment. Note
+ that "Distributing binary" includes distributing a device which
+ holds the binary.
+
+ * For general individuals:
+
+ - No additional conditions.
+
+ * For individuals with explicit permission from FSIJ.
+
+ - No additional conditions.
-* chibios/ -- ChibiOS/RT 2.3.x snapshot
+FSIJ could give companies or business entities "second source
+manufacturer" license to use USB device ID of FSIJ for devices with
+unmodified version of NeuG, provided they support Free Software and
+respect users' freedom for computing. Please ask FSIJ for the
+license.
- Please get it from http://chibios.sourceforge.net/
- We use ChibiOS/RT as the kernel for NeuG device.
+Otherwise, companies which want to distribute NeuG devices, please use
+your own USB vendor ID and product ID. Please replace vendor string
+and possibly product string to yours, when you modify NeuG.
How to compile
You need GNU toolchain and newlib for 'arm-none-eabi' target.
-See http://github.com/uwehermann/summon-arm-toolchain/ for preparation
+See https://launchpad.net/gcc-arm-embedded for preparation
of GNU Toolchain for 'arm-none-eabi' target.
Change directory to `src':
$ openocd -f interface/olimex-jtag-tiny.cfg -f board/olimex_stm32_h103.cfg
-Then, with another terminal, type following to write "gnuk.elf" to Flash ROM:
+Then, with another terminal, type following to write "neug.elf" to Flash ROM:
$ telnet localhost 4444
> reset halt
When you want to get raw output (not conditioned), you can configure:
- $ stty -F /dev/ttyACM0 parenb
+ $ stty -F /dev/ttyACM0 parenb parodd
+
+for raw data after filter. For direct raw data of ADC samples,
+configure:
+
+ $ stty -F /dev/ttyACM0 parenb -parodd
And you can get conditioned output by configuring:
$ stty -F /dev/ttyACM0 -parenb
-Structure of the NeuG
-=====================
+Structure of NeuG
+=================
Here is a figure of the circuit.
-
- Physical-based RNG
-
- +--------------+ Noise sources
+ Noise sources
+
+ /|<---+--- [ Analog input Vref ]
+ 16 | |<-+-|--- [ Analog input Temperature Sensor ]
+ +---/-[ADC1] <==| | | |
+ | | |<-+ |
+ +-+ | \|<---+
+ | |<---+ |
+ +----| | MUX CTL >--+
+ | | |<---+
+ | +-+ | /|
+ | | 16 | |<------- [ Analog input 0 ] (pull up to Vdd)
+ | +---/-[ADC2] <==| |
+ | | |<------- [ Analog input 1 ] (pull up to Vdd)
+ | \|
+ | |
+ | MUX CTL >--+
+ |
+ +------------------+ <============ (*1)
+ |
+ / 32
+ |
+ | Put 4 times to output 32-bit
+ V
+ [ CRC-32 filter ]
+ |
+ | Put 35 times to output 1120-bit
+ +---------------------------------+ <====== (*2)
+ |
+ / 32
+ |
+ V
+ [ Entropy Buffer ]
+ |
+ +--------------+ |
+ | | |
+ | Conditioning | 1120 |
+ | Component |<------------/------------+
| |
- | Conditioning | 1112 ||<-- LSB of result of [ IN10 ]
- | Component |<---/---||
- | | ||<-- LSB of result of [ IN11 ]
+-----| Hash_df |
| | by |
| | SHA-256 |
- | | |
- | | | 128
- | | |<---/---+
- | +--------------+ |
- | |
- +-----------------------------+
+ | | | 128
+ | | |<--/--+
+ | +--------------+ |
+ | |
+ +---------------------------+
|
/ 256
|
v
- Random Number Output
+ Random Number Output <========== (*3)
+
-STM32F103 has two built-in A/D converters of 12-bit resolution. NeuG
-uses LSBs of A/D converters' outputs as entropy sources. It is
-considered noise of quantization error, plus noise from power supply,
-etc.
+Specifying by "stty", you can get (*3) with -parenb, (*2) with parenb
+parodd, and (*1) with parenb -parodd.
-We chose analog inputs of IN10 and IN11, which is not connected to
-external pin (for the version of 36-pin or 48-pin STM32F103). The
-input is configured as digital output 50MHz to get maximum noise of
-environment.
+STM32F103 has two built-in A/D converters. NeuG uses A/D converters'
+outputs as entropy sources. It is considered noise of quantization
+error, plus noise from power supply, etc.
-By 556 samplings of two channels, we can get 1112-bit, as we can get
-two bits (LSB of IN10 and LSB of IN11) from one sampling. We put this
-1112-bit and half of previous output to conditioning component.
+We chose four analog input sources of: built-in voltage reference,
+temperature sensor and two analog inputs which are pull-up to Vdd.
-Conditioning component is implemented by Hash_df function by SHA-256.
-Since the noise source is not "white", signal is whiten by this
-Conditioning component.
+By a single sampling of two channels, we get 32-bit (not all 32-bit is
+valid, as a A/D converter resolution is 12-bit only). We take four
+sampling of combinations: (Vref, IN0), (Temp, IN1), (Vref, IN1), and
+(Temp, IN0). Those 32-bit * 4 is fed into CRC32 filter.
-Experiments show that raw noise source of LSBs has more than 6.0
-bit/byte entropy when it is no computation but just to take samples.
-The entropy varies among different boards. It seems that a board with
-good power supply and capacitor has smaller entropy (6.2 or so), and
-the one with poor power supply and capacitor has bigger entropy (7.3
-or so). That is considered noise of quantization error.
+We use STM32F103's CRC32 calculation unit as a kind of filter. We put
+output of A/D converters into CRC32 calculation unit, four times, to
+get 4-byte output.
-When there is some activities of MCU, it's more than 7.0 bit/byte
-entropy for a board even with good power supply and capacitor.
+Output of CRC32 filter is collected 35 times, and it becomes 1120-bit
+(32 * 35). This is the noise source bits.
+
+We put this 1120-bit and half of previous output (128-bit) to
+conditioning component.
+
+Conditioning Component is implemented by Hash_df function which is
+composed by SHA-256. Since the noise source is not "white", signal is
+whiten by this Conditioning Component.
My experience with STM32F103 and NeuG shows that noise source is
stable at least for a year.
See files under the directory test-results, for test result of
"rngtest" in rng-tools, NIST STS 2.1.1, and Dieharder.
-For Dieharder, I correct 13GiB (it took five days and six hours
-and more), and use scripts to invoke dieharder.
+I collect 110 files of 125MB (= 13750MB), and use scripts to invoke
+dieharder and rngtest. Collecting 110 files, it took three days.
+
+For NIST STS 2.1.1, I used only 10 files of size 125MB.
Read-only Git Repository
========================
-You can browse at http://www.gniibe.org/gitweb?p=neug.git;a=summary
+You can browse at http://www.gniibe.org/gitweb?p=neug.git
You can get it by:
$ git clone http://www.gniibe.org/git/neug.git/
-I put ChibiOS/RT as a submodule of Git. Please do this:
+I put Chopstx as a submodule of Git. Please do this:
$ git submodule init
$ git submodule update
Information on the Web
======================
-Not yet.
-
-
-Known Problem(s)
-================
-
-On STBee (high-density device of STM32), sometimes, I observed stall
-of generation of random number, after two hours, two hours and half,
-etc.
-
-Identified somehow. When it stalls, status is like this (by OpenOCD, GDB):
-
- adcp->state = ADC_ACTIVE
- main thread: wait on condition variable at neug_get
- rng thread: holding rb->m, event wait at rng_gen for ADC_DATA_AVAILABLE
- idle thread: running
- LED thread: event wait
-
-Kicking DMA controller again (note: ADC is continuous mode, no need to
-kick), by doing following:
-
- (gdb) set ADCD1.dmastp->channel->CCR = 0
- (gdb) set ADCD1.dmastp->channel->CNDTR = 8
- (gdb) set ADCD1.dmastp->channel->CCR = 0x258f
- (gdb) x/x 0x40020000 # DMA interrupt status register (DMA_ISR)
- 0x40020000: 0x00000007
-
-Then, it goes again.
+Please use FST-01 Q&A Forum at: http://no-passwd.net/askbot/questions/
-Lost DMA finish interrupt?
Your Contributions
FSIJ welcomes your contributions. Please assign your copyright
to FSIJ (if possible).
---
+--
projects / gnuk / neug.git / blobdiff