Entropy-supplying system calls
Entropy-supplying system calls are system calls in Unix-like operating system kernels through which processes can obtain entropic or random data. The first of these was getentropy
, introduced to the OpenBSD operating system in release 5.6 (November 2014).[1] Linux offers a very similar system call, getrandom
, which was based on getentropy
.[2] It was first available in Linux 3.17, released in October 2015.[3] In July 2015, Solaris introduced slightly modified versions of getentropy
and getrandom
.[4]
These system calls allow processes to access quality random data without opening and reading from randomness pseudo-devices.
Microsoft Windows' CryptGenRandom
and Apple iOS's SecRandom
API are very similar. However, they are not implemented as system calls.
Motivation
Traditionally, Unix-like operating systems supply random data through two pseudo-devices: /dev/random
and /dev/urandom
. However, safely and reliably reading random data from these devices can be difficult and complicated. For example, an attacker could interfere with a process's access to the pseudo-devices by opening all available file descriptors, or through a similar form of resource exhaustion attack. The use of these devices also interferes with privilege revocation. Unprivileged processes are often denied the ability to open and read files and devices, and the randomness devices are not even visible to chrooted processes.
The difficulty of using randomness pseudo-devices often leads developers to use standard library functions instead. Some of these, such as the C programming language's rand()
, srand()
, and random()
, are very unsafe when used for cryptography or similar applications.
As security becomes a more widespread priority in software development, quality randomness is used more often and in more contexts. Because of this, providing quality randomness is increasingly considered a core responsibility of the kernel. System calls are the traditional interface through which a process uses core kernel services, and kernels are therefore supporting randomness access through system calls.
Usage
Because it is faster and adds another layer of entropy mixing, it is usually suggested that processes use these syscalls' data through a userspace cryptographically secure pseudorandom number generator (CSPRNG) rather than assigning the retrieved data directly to variables. For this purpose, OpenBSD's C standard library includes the function arc4random()
, which programs are expected to call when they need random data.[1]
This approach allows a program to fetch less entropy from the kernel without reducing the strength of its random data. The getentropy()
system call is designed based on this assumption, supplying no more than 256 bytes per call.[1][5]
See also
References
- 1 2 3 "getentropy(2) OpenBSD man page". OpenBSD manual pages. OpenBSD. Retrieved 30 December 2015.
- ↑ "[PATCH, RFC] random: introduce getrandom(2) system call". LKML. 2014-07-17. Retrieved 30 December 2015.
- ↑ "Linux 3.17". Linux Kernel Newbies. Retrieved 30 December 2015.
- ↑ Darren, Moffat. "Solaris new system calls: getentropy(2) and getrandom(2)". /dev/urandom. Oracle. Retrieved 3 January 2016.
- ↑ "arc4random(3) OpenBSD man page". OpenBSD manual pages. OpenBSD. Retrieved 30 December 2015.
External links
- A system call for random numbers: getrandom(), LWN.net, July 23, 2014, by Jake Edge