Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

New sentence, new line. 

Remove trailing whitespace.
This commit is contained in:
wiz 2009-02-22 12:18:32 +00:00
parent 63b0517c27
commit 02b22ed2c3
1 changed files with 46 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
share/man/man4/rnd.4
View File

@ -1,4 +1,4 @@
.\" $NetBSD: rnd.4,v 1.13 2009/02/22 11:04:03 plunky Exp $
.\" $NetBSD: rnd.4,v 1.14 2009/02/22 12:18:32 wiz Exp $
.\"
.\" Copyright (c) 1997 Michael Graff
.\" All rights reserved.
@ -38,29 +38,32 @@
The
.Nm
pseudo-device uses event timing information collected from many
devices, and mixes this into an entropy pool. This pool is stirred
with a cryptographically strong hash function when data is extracted
from the pool.
devices, and mixes this into an entropy pool.
This pool is stirred with a cryptographically strong hash function
when data is extracted from the pool.
.Sh INTERNAL ENTROPY POOL MANAGEMENT
When a hardware event occurs (such as completion of a hard drive
transfer or an interrupt from a network device) a timestamp is
generated. This timestamp is compared to the previous timestamp
generated.
This timestamp is compared to the previous timestamp
recorded for the device, and the first, second, and third order
differentials are calculated.
.Pp
If any of these differentials is zero, no entropy is assumed to
have been gathered. If all are non-zero, one bit is assumed.
have been gathered.
If all are non-zero, one bit is assumed.
Next, data is mixed into the entropy pool using an LFSR (linear
feedback shift register).
.Pp
To extract data from the entropy pool, a cryptographically strong hash
function is used. The output of this hash is mixed back into the pool
using the LFSR, and then folded in half before being returned to the
caller.
function is used.
The output of this hash is mixed back into the pool using the LFSR,
and then folded in half before being returned to the caller.
.Pp
Mixing the actual hash into the pool causes the next extraction to
return a different value, even if no timing events were added to the
pool. Folding the data in half prevents the caller to derive the
pool.
Folding the data in half prevents the caller to derive the
actual hash of the pool, preventing some attacks.
.Sh USER ACCESS
User code can obtain random values from the kernel in two ways.
@ -68,14 +71,17 @@ User code can obtain random values from the kernel in two ways.
Reading from
.Pa /dev/random
will only return values while sufficient entropy exists in the
internal pool. When sufficient entropy does not exist, EAGAIN is
returned for non-blocking reads, or the read will block for blocking
reads.
internal pool.
When sufficient entropy does not exist,
.Er EAGAIN
is returned for non-blocking reads, or the read will block for
blocking reads.
.Pp
Reading from
.Pa /dev/urandom
will return as many values as requested, even when the entropy pool is
empty. This data is not as good as reading from
empty.
This data is not as good as reading from
.Pa /dev/random
since when the pool is empty, data is still returned, degenerating to a
pseudo-random generator.
@ -99,20 +105,25 @@ typedef struct {
.Ed
.Pp
This structure holds the internal representation of a device's timing
state. The
state.
The
.Va name
field holes the device name, as known to the kernel. The
field holes the device name, as known to the kernel.
The
.Va last_time
entry is the timestamp of the last time this device generated an
event. It is for internal use only, and not in any specific
representation. The
event.
It is for internal use only, and not in any specific representation.
The
.Va last_delta
and
.Va last_delta2
fields hold the last first- and second-order deltas. The
fields hold the last first- and second-order deltas.
The
.Va total
field holds a count of how many bits this device has potentially
generated. This is not the same as how many bits were used from it.
generated.
This is not the same as how many bits were used from it.
The
.Va type
field holds the device type.
@ -122,7 +133,8 @@ Currently, these types are defined:
.It Dv RND_TYPE_DISK
The device is a physical hard drive.
.It Dv RND_TYPE_NET
The device is a network interface. By default, timing information is
The device is a network interface.
By default, timing information is
collected from this source type, but entropy is not estimated.
.It Dv RND_TYPE_TAPE
The device is a tape device.
@ -144,7 +156,8 @@ Do not even add timing information to the pool.
Various
.Xr ioctl 2
functions are available to control device behavior, gather statistics,
and add data to the entropy pool. These are all defined in the
and add data to the entropy pool.
These are all defined in the
.Aq Pa sys/rnd.h
file, along with the data types and constants.
.Pp
@ -187,8 +200,8 @@ and returning at most
sources.
.Pp
The values returned are actual in-kernel snapshots of the entropy
status for devices. Leaking the internal timing information will
weaken security.
status for devices.
Leaking the internal timing information will weaken security.
.It Dv RNDGETSRCNAME
.Pq Li "rndstat_name_t"
.Bd -literal -offset indent
@ -210,19 +223,23 @@ typedef struct {
} rndctl_t;
.Ed
.Pp
Change bits in the device state information. If
Change bits in the device state information.
If
.Va type
is 0xff, only the device name stored in
.Va name
is used. If it is any other value, all devices of type
is used.
If it is any other value, all devices of type
.Va type
are altered. This allows all network interfaces to be disabled for
are altered.
This allows all network interfaces to be disabled for
entropy collection with one call, for example.
The
.Va flags
and
.Va mask
work together to change flag bits. The
work together to change flag bits.
The
.Va mask
field specifies which bits in
.Va flags