d1b06863fb
* GENERAL - Update copyright. - Make kernel options for RANDOM_YARROW and RANDOM_DUMMY. Set neither to ON, which means we want Fortuna - If there is no 'device random' in the kernel, there will be NO random(4) device in the kernel, and the KERN_ARND sysctl will return nothing. With RANDOM_DUMMY there will be a random(4) that always blocks. - Repair kern.arandom (KERN_ARND sysctl). The old version went through arc4random(9) and was a bit weird. - Adjust arc4random stirring a bit - the existing code looks a little suspect. - Fix the nasty pre- and post-read overloading by providing explictit functions to do these tasks. - Redo read_random(9) so as to duplicate random(4)'s read internals. This makes it a first-class citizen rather than a hack. - Move stuff out of locked regions when it does not need to be there. - Trim RANDOM_DEBUG printfs. Some are excess to requirement, some behind boot verbose. - Use SYSINIT to sequence the startup. - Fix init/deinit sysctl stuff. - Make relevant sysctls also tunables. - Add different harvesting "styles" to allow for different requirements (direct, queue, fast). - Add harvesting of FFS atime events. This needs to be checked for weighing down the FS code. - Add harvesting of slab allocator events. This needs to be checked for weighing down the allocator code. - Fix the random(9) manpage. - Loadable modules are not present for now. These will be re-engineered when the dust settles. - Use macros for locks. - Fix comments. * src/share/man/... - Update the man pages. * src/etc/... - The startup/shutdown work is done in D2924. * src/UPDATING - Add UPDATING announcement. * src/sys/dev/random/build.sh - Add copyright. - Add libz for unit tests. * src/sys/dev/random/dummy.c - Remove; no longer needed. Functionality incorporated into randomdev.*. * live_entropy_sources.c live_entropy_sources.h - Remove; content moved. - move content to randomdev.[ch] and optimise. * src/sys/dev/random/random_adaptors.c src/sys/dev/random/random_adaptors.h - Remove; plugability is no longer used. Compile-time algorithm selection is the way to go. * src/sys/dev/random/random_harvestq.c src/sys/dev/random/random_harvestq.h - Add early (re)boot-time randomness caching. * src/sys/dev/random/randomdev_soft.c src/sys/dev/random/randomdev_soft.h - Remove; no longer needed. * src/sys/dev/random/uint128.h - Provide a fake uint128_t; if a real one ever arrived, we can use that instead. All that is needed here is N=0, N++, N==0, and some localised trickery is used to manufacture a 128-bit 0ULLL. * src/sys/dev/random/unit_test.c src/sys/dev/random/unit_test.h - Improve unit tests; previously the testing human needed clairvoyance; now the test will do a basic check of compressibility. Clairvoyant talent is still a good idea. - This is still a long way off a proper unit test. * src/sys/dev/random/fortuna.c src/sys/dev/random/fortuna.h - Improve messy union to just uint128_t. - Remove unneeded 'static struct fortuna_start_cache'. - Tighten up up arithmetic. - Provide a method to allow eternal junk to be introduced; harden it against blatant by compress/hashing. - Assert that locks are held correctly. - Fix the nasty pre- and post-read overloading by providing explictit functions to do these tasks. - Turn into self-sufficient module (no longer requires randomdev_soft.[ch]) * src/sys/dev/random/yarrow.c src/sys/dev/random/yarrow.h - Improve messy union to just uint128_t. - Remove unneeded 'staic struct start_cache'. - Tighten up up arithmetic. - Provide a method to allow eternal junk to be introduced; harden it against blatant by compress/hashing. - Assert that locks are held correctly. - Fix the nasty pre- and post-read overloading by providing explictit functions to do these tasks. - Turn into self-sufficient module (no longer requires randomdev_soft.[ch]) - Fix some magic numbers elsewhere used as FAST and SLOW. Differential Revision: https://reviews.freebsd.org/D2025 Reviewed by: vsevolod,delphij,rwatson,trasz,jmg Approved by: so (delphij)
180 lines
4.2 KiB
Groff
180 lines
4.2 KiB
Groff
.\"
|
|
.\" Copyright (c) 2015
|
|
.\" Mark R V Murray
|
|
.\" Copyright (c) 2000
|
|
.\" The Regents of the University of California. All rights reserved.
|
|
.\"
|
|
.\" All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR
|
|
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
.\"
|
|
.\" $FreeBSD$
|
|
.\" "
|
|
.Dd June 30, 2015
|
|
.Dt RANDOM 9
|
|
.Os
|
|
.Sh NAME
|
|
.Nm arc4rand ,
|
|
.Nm arc4random ,
|
|
.Nm random ,
|
|
.Nm read_random ,
|
|
.Nm srandom
|
|
.Nd supply pseudo-random numbers
|
|
.Sh SYNOPSIS
|
|
.In sys/libkern.h
|
|
.Ft void
|
|
.Fn srandom "u_long seed"
|
|
.Ft u_long
|
|
.Fn random "void"
|
|
.Ft void
|
|
.Fn arc4rand "void *ptr" "u_int length" "int reseed"
|
|
.Ft uint32_t
|
|
.Fn arc4random "void"
|
|
.Pp
|
|
.In sys/random.h
|
|
.Ft int
|
|
.Fn read_random "void *buffer" "int count"
|
|
.Sh DESCRIPTION
|
|
The
|
|
.Fn random
|
|
function will by default produce
|
|
a sequence of numbers
|
|
that can be duplicated
|
|
by calling
|
|
.Fn srandom
|
|
with some constant
|
|
as the
|
|
.Fa seed .
|
|
The
|
|
.Fn srandom
|
|
function may be called with any arbitrary
|
|
.Fa seed
|
|
value to get slightly more unpredictable numbers.
|
|
It is important to remember that the
|
|
.Fn random
|
|
function is entirely predictable,
|
|
and is therefore not of use where
|
|
knowledge of the sequence of numbers
|
|
may be of benefit to an attacker.
|
|
.Pp
|
|
The
|
|
.Fn arc4rand
|
|
function will return very good quality random numbers,
|
|
better suited
|
|
for security-related purposes.
|
|
The random numbers from
|
|
.Fn arc4rand
|
|
are seeded from the entropy device
|
|
if it is available.
|
|
Automatic reseeds happen
|
|
after a certain timeinterval
|
|
and after a certain number of bytes
|
|
have been delivered.
|
|
A forced reseed
|
|
can be forced
|
|
by passing a non-zero
|
|
value in the
|
|
.Fa reseed
|
|
argument.
|
|
.Pp
|
|
The
|
|
.Fn read_random
|
|
function is used to return entropy directly from the entropy device
|
|
if it has been loaded.
|
|
If the entropy device is not loaded, then
|
|
the
|
|
.Fa buffer
|
|
is ignored
|
|
and zero is returned.
|
|
The
|
|
.Fa buffer
|
|
is filled with no more than
|
|
.Fa count
|
|
bytes.
|
|
It is strongly advised that
|
|
.Fn read_random
|
|
is not used;
|
|
instead use
|
|
.Fn arc4rand
|
|
unless it is
|
|
necessary to know
|
|
that no entropy
|
|
has been returned.
|
|
.Pp
|
|
All the bits returned by
|
|
.Fn random ,
|
|
.Fn arc4rand
|
|
and
|
|
.Fn read_random
|
|
are usable.
|
|
For example,
|
|
.Sq Li random()&01
|
|
will produce a random binary value.
|
|
.Pp
|
|
The
|
|
.Fn arc4random
|
|
is a convenience function which calls
|
|
.Fn arc4rand
|
|
to return a 32 bit pseudo-random integer.
|
|
.Sh RETURN VALUES
|
|
The
|
|
.Fn random
|
|
function uses
|
|
a non-linear additive feedback random number generator
|
|
employing a default table
|
|
of size 31
|
|
containing long integers
|
|
to return successive pseudo-random
|
|
numbers in the range from 0 to
|
|
.if t 2\u\s731\s10\d\(mi1.
|
|
.if n (2**31)\(mi1.
|
|
The period of this random number generator
|
|
is very large,
|
|
approximately
|
|
.if t 16\(mu(2\u\s731\s10\d\(mi1).
|
|
.if n 16*((2**31)\(mi1).
|
|
.Pp
|
|
The
|
|
.Fn arc4rand
|
|
function uses the RC4 algorithm
|
|
to generate successive pseudo-random bytes.
|
|
The
|
|
.Fn arc4random
|
|
function uses
|
|
.Fn arc4rand
|
|
to generate pseudo-random numbers
|
|
in the range from 0 to
|
|
.if t 2\u\s732\s10\d\(mi1.
|
|
.if n (2**32)\(mi1.
|
|
.Pp
|
|
The
|
|
.Fn read_random
|
|
function returns
|
|
the number of bytes placed in
|
|
.Fa buffer .
|
|
.Sh AUTHORS
|
|
.An Dan Moschuk
|
|
wrote
|
|
.Fn arc4random .
|
|
.An Mark R V Murray
|
|
wrote
|
|
.Fn read_random .
|