HP-UX Reference (11i v2 07/12) - 7 Device (Special) Files, 9 General Information, Index (vol 10)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

131

132

133

134

135

136

137

138

139

140

random(7) random(7)

NAME

random, urandom, rng - strong random number generator

SYNOPSIS

#include <sys/random.h>

DESCRIPTION

The character special ﬁles /dev/random and /dev/urandom

provide an interface to the kernel-

resident random number generator,

rng.Aread()

from /dev/random is potentially blocking. A

read() from /dev/urandom is always nonblocking. Data from

/dev/urandom can potentially have

lower entropy than data from

/dev/random .

The rng module is a dynamically loadable kernel module (DLKM). That is, it can be dynamically

unconﬁgured or reconﬁgured by an administrator with root authority without rebooting the system.

A sequence from rng has unlimited entropy. In contrast, a sequence generated computationally by a pseu-

dorandom number generator, such as random(3M), has limited entropy, derived only from its initial seed.

The rng module should be considered a quality source for randomness. It has passed extensive statistical

testing, including the NIST (National Institute of Standards and Technology) tests for randomness.

The rng module uses the uncertainty in completion times of interrupt threads triggered by external

events. The rng module extracts a sequence of bits from the interrupt time stamps. Any existing bit bias

is removed to yield a sequence with uniform distribution of 0’s and 1’s. The resulting sequence is divided

between the holding buffers for the special ﬁles /dev/random and /dev/urandom . For each

read()

on /dev/random and /dev/urandom , data is retrieved from the corresponding holding buffer. A hash

function based on AES (Advanced Encryption Standard) is applied and the result is placed in the buffer pro-

vided by the user. All requests on the holding buffers are serialized to ensure that returned random data is

not shared between different requests even for simultaneous requests on a multiprocessor system.

There is no write() function associated with either /dev/random or /dev/urandom , and both dev-

ices are read-only by all users. A single ioctl() is deﬁned for /dev/random to facilitate independent

veriﬁcation of

rng production.

The ﬁle /usr/include/sys/random.h

contains the following deﬁnitions:

/* The maximum request size, for read() or ioctl(), in bytes */

#define RNG_READMAX 256

/* ioctl() to retrieve data from the entropy collector directly*/

#define RNG_GETRAW _IOR(’Q’, 0, uint8_t[RNG_READMAX])

If a

read() request is for more than RNG_READMAX bytes, it is treated as if it was for exactly

RNG_READMAX bytes. This holds for both /dev/random and /dev/urandom .

Speciﬁc Information About /dev/random

When there are a large number of requests on /dev/random within a short time interval, the demand on

the holding buffer can exceed the rate at which data is supplied by rng.A

read() on the

/dev/random device blocks the requesting thread if the random data stored in the holding buffer is too

low to complete the request. The thread blocks until the holding buffer has been updated with enough ran-

dom data to complete the request.

For /dev/random open() ﬂags, only O_NONBLOCK and O_NDELAY have device-speciﬁc actions. If

neither of these ﬂags is set, a read() on /dev/random will block until the amount of data requested,

up to RNG_READMAX bytes, can be returned. When the requested number of bytes is not available and

either of the above ﬂags are set, read() returns immediately. If the O_NONBLOCK ﬂag is set, read()

returns -1 and errno is set to [EAGAIN]. If O_NONBLOCK is not set and O_NDELAY is set, read()

returns zero.

The RNG_GETRAW ioctl() permits an application with superuser privilege to fetch RNG_READMAX

bytes of data directly from the /dev/random holding buffer, after bias has been removed but before the

AES hash. This interface is not intended to be used for cryptographic applications, rather, for statistical

testing of the randomness of the data in the /dev/random holding buffer. This RNG_GETRAW

ioctl()

blocks for the same reason as a read on /dev/random . If the requesting thread does not have

superuser authority, [EACCES] is returned.

136 Hewlett-Packard Company − 1 − HP-UX 11i Version 2: December 2007 Update