Entropy-supplying system calls are

system call In computing, a system call (syscall) is the programmatic way in which a computer program requests a service from the operating system on which it is executed. This may include hardware-related services (for example, accessing a hard disk drive ...

s in

Unix-like A Unix-like (sometimes referred to as UN*X, *nix or *NIX) operating system is one that behaves in a manner similar to a Unix system, although not necessarily conforming to or being certified to any version of the Single UNIX Specification. A Uni ...

operating system

kernels Kernel may refer to: Computing * Kernel (operating system), the central component of most operating systems * Kernel (image processing), a matrix used for image convolution * Compute kernel, in GPGPU programming * Kernel method, in machine learnin ...

through which

process A process is a series or set of activities that interact to produce a result; it may occur once-only or be recurrent or periodic. Things called a process include: Business and management * Business process, activities that produce a specific s ...

es can obtain entropic or random data. The first of these was getentropy, introduced to the

OpenBSD OpenBSD is a security-focused operating system, security-focused, free software, Unix-like operating system based on the Berkeley Software Distribution (BSD). Theo de Raadt created OpenBSD in 1995 by fork (software development), forking NetBSD ...

operating system in release 5.6 (November 2014), as a refactoring of the sysctl(3) KERN_ARND approach used since 1997. Linux offers a very similar system call, getrandom, which was based on getentropy. It was first available in Linux 3.17, released in October 2014. In July 2015,

Solaris Solaris is the Latin word for sun. It may refer to: Arts and entertainment Literature, television and film * ''Solaris'' (novel), a 1961 science fiction novel by Stanisław Lem ** ''Solaris'' (1968 film), directed by Boris Nirenburg ** ''Sol ...

introduced slightly modified versions of getentropy and getrandom. In August 2015,

FreeBSD FreeBSD is a free-software Unix-like operating system descended from the Berkeley Software Distribution (BSD). The first version was released in 1993 developed from 386BSD, one of the first fully functional and free Unix clones on affordable ...

introduced the read_random system call for obtaining random data from the kernel. These system calls allow processes to access quality random data without opening and reading from randomness pseudo-devices.

Microsoft Windows Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...

' CryptGenRandom and Apple

iOS Ios, Io or Nio (, ; ; locally Nios, Νιός) is a Greek island in the Cyclades group in the Aegean Sea. Ios is a hilly island with cliffs down to the sea on most sides. It is situated halfway between Naxos and Santorini. It is about long an ...

's SecRandom

API An application programming interface (API) is a connection between computers or between computer programs. It is a type of software interface, offering a service to other pieces of software. A document or standard that describes how to build ...

are very similar. However, they are not implemented as system calls.

Motivation

Traditionally, Unix-like operating systems supply random data through two

pseudo-device In Unix-like operating systems, a device file, device node, or special file is an interface to a device driver that appears in a file system as if it were an ordinary file. There are also special files in DOS, OS/2, and Windows. These specia ...

/dev/random 

In Unix-like operating systems,  and  are special files that provide random numbers from a cryptographically secure pseudorandom number generator (CSPRNG). The CSPRNG is seeded with Entropy_(computing), entropy (a value that provides randomness) f ...

and /dev/urandom. However, safely and reliably reading random data from these devices can be difficult and complicated. For example, an attacker could interfere with a process's access to the pseudo-devices by opening all available

file descriptor In Unix and Unix-like computer operating systems, a file descriptor (FD, less frequently fildes) is a process-unique identifier (handle) for a file or other input/output resource, such as a pipe or network socket. File descriptors typically h ...

s, or through a similar form of resource exhaustion attack. The use of these devices also interferes with privilege revocation. Unprivileged processes are often denied the ability to open and read files and devices, and the randomness devices are not even visible to

chroot chroot is a shell (computer), shell command (computing), command and a system call on Unix and Unix-like operating systems that changes the apparent root directory for the current running process and its Child process, children. A program that i ...

ed processes. The difficulty of using randomness pseudo-devices often leads developers to use standard library functions instead. Some of these, such as the

C programming language C (''pronounced'' '' – like the letter c'') is a general-purpose programming language. It was created in the 1970s by Dennis Ritchie and remains very widely used and influential. By design, C's features cleanly reflect the capabilities of ...

's rand(),

POSIX The Portable Operating System Interface (POSIX; ) is a family of standards specified by the IEEE Computer Society for maintaining compatibility between operating systems. POSIX defines application programming interfaces (APIs), along with comm ...

's random(), and drand48(), are very unsafe when used for cryptography or similar applications, because these algorithms are actually deterministic, having been intentionally crippled to satisfy seed-reuse requirements through the interfaces srand(), srandom(), and srand48(). A significant difference exists between these calls: getentropy() guarantees that random numbers will be returned immediately, without any blocking. It requires operating support which guarantees random data stream initialization at the earliest opportunity. To encourage other operating systems follow this model, getentropy() cannot indicate errors to the application. Other calls described here may return errors instead, or block indeterminately. Such blocking semantics have been implicated in significant problems. As security becomes a more widespread priority in software development, quality randomness is used more often and in more contexts. Because of this, providing quality randomness is increasingly considered a core responsibility of the kernel. System calls are the traditional interface through which a process uses core kernel services, and kernels are therefore supporting accessing randomness through system calls.

Usage

Because it is faster and adds another layer of entropy mixing, it is usually suggested that processes use these syscalls' data through a userspace

cryptographically secure pseudorandom number generator A cryptographically secure pseudorandom number generator (CSPRNG) or cryptographic pseudorandom number generator (CPRNG) is a pseudorandom number generator (PRNG) with properties that make it suitable for use in cryptography. It is also referred t ...

(CSPRNG) rather than assigning the retrieved data directly to variables. For this purpose, OpenBSD's C standard library includes the function arc4random, which programs are expected to call when they need random data. Like getentropy, arc4random also may not block nor return an error. This approach allows a program to fetch less entropy from the kernel without reducing the strength of its random data. The getentropy system call is designed based on this assumption, supplying no more than 256 bytes per call.

References

{{reflist

External links

A system call for random numbers: getrandom()
LWN.net, 23 July 2014, by Jake Edge System calls

Motivation

Usage

See also

References

External links