gpt4 book ai didi

c - Solaris 中的 get_random_bytes() 等价物

转载 作者:太空宇宙 更新时间:2023-11-03 23:22:06 25 4
gpt4 key购买 nike

LinuxBSD为要从内核使用的 RNG 提供一个很好的接口(interface):

 void get_random_bytes(void *buf, int nbytes);

因为 KMD 无法轻松打开设备文件。然而,我无法在 Solaris 的 Kernel functions for drivers 中找到任何类似的东西.

Solaris 中的内核模块获取 CS 随机数(即您在用户模式下从 /dev/urandom 获得的随机数)的预期方式是什么?

最佳答案

扩展我上面的评论,这里有一个关于 Solaris 内核随机数生成的很好的讨论:https://blogs.oracle.com/darren/entry/solaris_random_number_generation

There is a single kernel module (random) for implementing both the /dev/random and /dev/urandom devices. The two primary entry points are rnd_read() and rnd_write() for servicing read(2) and write(2) system calls respectively.

rnd_read() calls either kcf_rnd_get_bytes() or kcf_rnd_get_pseudo_bytes() depending on wither the device node is an instance of /dev/random or /dev/urandom respectively. In FIPS mode, if /dev/random has been opened for nonblocking reads (neither O_NBLOCK nor O_NDELAY set), the rnd_read call will call fips_random_get_bytes() There is a cap on the maximum number of bytes that can be transfered in a single read, MAXRETBYTES_RANDOM (1040) and MAXRETBYTES_URANDOM(128 * 1040) respectively.

...

1.2 Interface in kernel space

The kcf module provides an API for randomnes for in kernel KCF consumers. It implements the functions mentioned above that are called to service the read(2)/write(2) calls and also provides the interfaces for kernel consumers to access the random and urandom pools.

5.0 Randomness for key generation

For asymmetric key generation inside the kernel a special random_get_nzero_bytes() API is provided.It differs from random_get_bytes() in two ways, first calls the random_get_bytes_fips140() function which only returns once all FIPS 140-2 initialization has been completed. The random_get_bytes() function needs to be available slightly earlier because some very early kernel functions need it (particularly setup of the VM system and if ZFS needs to do any writes as part of mounting the root filesystem). Secondly, it ensures that no bytes in the output have the 0 value, those are replaced with freshly extracted additional random bytes, it continues until the entire requested length is entirely made up of non zero bytes.

A corresponding random_get_nzero_pseduo_bytes() is also available for cases were we don't want 0 bytes in other random sequences, such as session keys, nonces and cookies.

内核函数 random_get_pseudo_bytes()、random_get_bytes() 和 random_get_blocking_bytes() 的旧 OpenSolaris 源代码可以在这里找到:http://src.illumos.org/source/xref/illumos-gate/usr/src/uts/common/crypto/api/kcf_random.c#1100

关于c - Solaris 中的 get_random_bytes() 等价物,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/36412635/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com