crypt.texi 6.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154
  1. @node Cryptographic Functions, Debugging Support, System Configuration, Top
  2. @chapter Cryptographic Functions
  3. @c %MENU% A few functions to support cryptographic applications
  4. @Theglibc{} includes only one type of special-purpose cryptographic
  5. functions; these allow use of a source of cryptographically strong
  6. pseudorandom numbers, if such a source is provided by the operating
  7. system. Programs that need general-purpose cryptography should use
  8. a dedicated cryptography library, such as
  9. @uref{https://www.gnu.org/software/libgcrypt/,,libgcrypt}.
  10. @menu
  11. * Unpredictable Bytes:: Randomness for cryptographic purposes.
  12. @end menu
  13. @node Unpredictable Bytes
  14. @section Generating Unpredictable Bytes
  15. @cindex randomness source
  16. @cindex random numbers, cryptographic
  17. @cindex pseudo-random numbers, cryptographic
  18. @cindex cryptographic random number generator
  19. @cindex deterministic random bit generator
  20. @cindex CRNG
  21. @cindex CSPRNG
  22. @cindex DRBG
  23. Cryptographic applications often need random data that will be as
  24. difficult as possible for a hostile eavesdropper to guess.
  25. The pseudo-random number generators provided by @theglibc{}
  26. (@pxref{Pseudo-Random Numbers}) are not suitable for this purpose.
  27. They produce output that is @emph{statistically} random, but fails to
  28. be @emph{unpredictable}. Cryptographic applications require a
  29. @dfn{cryptographic random number generator} (CRNG), also known as a
  30. @dfn{cryptographically strong pseudo-random number generator} (CSPRNG)
  31. or a @dfn{deterministic random bit generator} (DRBG).
  32. Currently, @theglibc{} does not provide a cryptographic random number
  33. generator, but it does provide functions that read cryptographically
  34. strong random data from a @dfn{randomness source} supplied by the
  35. operating system. This randomness source is a CRNG at heart, but it
  36. also continually ``re-seeds'' itself from physical sources of
  37. randomness, such as electronic noise and clock jitter. This means
  38. applications do not need to do anything to ensure that the random
  39. numbers it produces are different on each run.
  40. The catch, however, is that these functions will only produce
  41. relatively short random strings in any one call. Often this is not a
  42. problem, but applications that need more than a few kilobytes of
  43. cryptographically strong random data should call these functions once
  44. and use their output to seed a CRNG.
  45. Most applications should use @code{getentropy}. The @code{getrandom}
  46. function is intended for low-level applications which need additional
  47. control over blocking behavior.
  48. @deftypefun int getentropy (void *@var{buffer}, size_t @var{length})
  49. @standards{GNU, sys/random.h}
  50. @safety{@mtsafe{}@assafe{}@acsafe{}}
  51. This function writes exactly @var{length} bytes of random data to the
  52. array starting at @var{buffer}. @var{length} can be no more than 256.
  53. On success, it returns zero. On failure, it returns @math{-1}, and
  54. @code{errno} is set to indicate the problem. Some of the possible
  55. errors are listed below.
  56. @table @code
  57. @item ENOSYS
  58. The operating system does not implement a randomness source, or does
  59. not support this way of accessing it. (For instance, the system call
  60. used by this function was added to the Linux kernel in version 3.17.)
  61. @item EFAULT
  62. The combination of @var{buffer} and @var{length} arguments specifies
  63. an invalid memory range.
  64. @item EIO
  65. @var{length} is larger than 256, or the kernel entropy pool has
  66. suffered a catastrophic failure.
  67. @end table
  68. A call to @code{getentropy} can only block when the system has just
  69. booted and the randomness source has not yet been initialized.
  70. However, if it does block, it cannot be interrupted by signals or
  71. thread cancellation. Programs intended to run in very early stages of
  72. the boot process may need to use @code{getrandom} in non-blocking mode
  73. instead, and be prepared to cope with random data not being available
  74. at all.
  75. The @code{getentropy} function is declared in the header file
  76. @file{sys/random.h}. It is derived from OpenBSD.
  77. @end deftypefun
  78. @deftypefun ssize_t getrandom (void *@var{buffer}, size_t @var{length}, unsigned int @var{flags})
  79. @standards{GNU, sys/random.h}
  80. @safety{@mtsafe{}@assafe{}@acsafe{}}
  81. This function writes up to @var{length} bytes of random data to the
  82. array starting at @var{buffer}. The @var{flags} argument should be
  83. either zero, or the bitwise OR of some of the following flags:
  84. @table @code
  85. @item GRND_RANDOM
  86. Use the @file{/dev/random} (blocking) source instead of the
  87. @file{/dev/urandom} (non-blocking) source to obtain randomness.
  88. If this flag is specified, the call may block, potentially for quite
  89. some time, even after the randomness source has been initialized. If it
  90. is not specified, the call can only block when the system has just
  91. booted and the randomness source has not yet been initialized.
  92. @item GRND_NONBLOCK
  93. Instead of blocking, return to the caller immediately if no data is
  94. available.
  95. @item GRND_INSECURE
  96. Write random data that may not be cryptographically secure.
  97. @end table
  98. Unlike @code{getentropy}, the @code{getrandom} function is a
  99. cancellation point, and if it blocks, it can be interrupted by
  100. signals.
  101. On success, @code{getrandom} returns the number of bytes which have
  102. been written to the buffer, which may be less than @var{length}. On
  103. error, it returns @math{-1}, and @code{errno} is set to indicate the
  104. problem. Some of the possible errors are:
  105. @table @code
  106. @item ENOSYS
  107. The operating system does not implement a randomness source, or does
  108. not support this way of accessing it. (For instance, the system call
  109. used by this function was added to the Linux kernel in version 3.17.)
  110. @item EAGAIN
  111. No random data was available and @code{GRND_NONBLOCK} was specified in
  112. @var{flags}.
  113. @item EFAULT
  114. The combination of @var{buffer} and @var{length} arguments specifies
  115. an invalid memory range.
  116. @item EINTR
  117. The system call was interrupted. During the system boot process, before
  118. the kernel randomness pool is initialized, this can happen even if
  119. @var{flags} is zero.
  120. @item EINVAL
  121. The @var{flags} argument contains an invalid combination of flags.
  122. @end table
  123. The @code{getrandom} function is declared in the header file
  124. @file{sys/random.h}. It is a GNU extension.
  125. @end deftypefun