[OmniOS-discuss] OmniOS/Illumos and entropy
Dan McDonald
danmcd at omniti.com
Wed Nov 2 17:53:25 UTC 2016
> On Nov 2, 2016, at 1:35 PM, Dominik Hassler <hasslerd at gmx.li> wrote:
>
> Hi,
>
> just a general question. Where does Omnios/Illumos get it's entropy from to feed /dev/random.
>
> This is just out of curiosity since I can drain any /dev/random on e.g. a linux system (w/o a HWRNG) easily by doing:
>
> $ cat /dev/random
>
> But on OmniOS it is not possible to drain the entropy pool at all on /dev/random.
Use the source!
http://src.illumos.org/source/xref/illumos-gate/usr/src/uts/common/io/random.c#227
That's the /dev/random read() routine. Note how it calls kcf_rnd_get_bytes()? And note the block() parameter depends on how you open it? You'll get to rnd_get_bytes(), which calls rngprov_getbytes(), which then calls all of the random providers to get more. In this case, it's swrand.
Here's the core routine:
http://src.illumos.org/source/xref/illumos-gate/usr/src/uts/common/crypto/io/swrand.c#swrand_get_entropy
A lot comes from physical memory trolling, e.g.:
http://src.illumos.org/source/xref/illumos-gate/usr/src/uts/common/crypto/io/swrand.c#656
One could add another RNG provider using CPU features, but given recent revelations about the some of Intel ones, I'm not so sure how good of an idea that might be.
Dan
More information about the OmniOS-discuss
mailing list