bind/lib/isc/entropy_private.h

/*
 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 *
 * See the COPYRIGHT file distributed with this work for additional
 * information regarding copyright ownership.
 */

#pragma once

#include <stdint.h>
#include <stdlib.h>

#include <isc/lang.h>

/*! \file isc/entropy.h
 * \brief Implements wrapper around CSPRNG cryptographic library calls
 * for getting cryptographically secure pseudo-random numbers.
 *
 * - If OpenSSL is used, it uses RAND_bytes()
 * - If PKCS#11 is used, it uses pkcs_C_GenerateRandom()
 *
 */

ISC_LANG_BEGINDECLS

void
isc_entropy_get(void *buf, size_t buflen);
/*!<
 * \brief Get cryptographically-secure pseudo-random data.
 */

ISC_LANG_ENDDECLS
Change isc_random() to be just PRNG, and add isc_nonce_buf() that uses CSPRNG This commit reverts the previous change to use system provided entropy, as (SYS_)getrandom is very slow on Linux because it is a syscall. The change introduced in this commit adds a new call isc_nonce_buf that uses CSPRNG from cryptographic library provider to generate secure data that can be and must be used for generating nonces. Example usage would be DNS cookies. The isc_random() API has been changed to use fast PRNG that is not cryptographically secure, but runs entirely in user space. Two contestants have been considered xoroshiro family of the functions by Villa&Blackman and PCG by O'Neill. After a consideration the xoshiro128starstar function has been used as uint32_t random number provider because it is very fast and has good enough properties for our usage pattern. The other change introduced in the commit is the more extensive usage of isc_random_uniform in places where the usage pattern was isc_random() % n to prevent modulo bias. For usage patterns where only 16 or 8 bits are needed (DNS Message ID), the isc_random() functions has been renamed to isc_random32(), and isc_random16() and isc_random8() functions have been introduced by &-ing the isc_random32() output with 0xffff and 0xff. Please note that the functions that uses stripped down bit count doesn't pass our NIST SP 800-22 based random test. 2018-05-28 15:22:23 +02:00			`/*`
			`* Copyright (C) Internet Systems Consortium, Inc. ("ISC")`
			`*`
			`* This Source Code Form is subject to the terms of the Mozilla Public`
			`* License, v. 2.0. If a copy of the MPL was not distributed with this`
			`* file, You can obtain one at http://mozilla.org/MPL/2.0/.`
			`*`
			`* See the COPYRIGHT file distributed with this work for additional`
			`* information regarding copyright ownership.`
			`*/`

			`#pragma once`

			`#include <stdint.h>`
			`#include <stdlib.h>`

			`#include <isc/lang.h>`

			`/*! \file isc/entropy.h`
			`* \brief Implements wrapper around CSPRNG cryptographic library calls`
			`* for getting cryptographically secure pseudo-random numbers.`
			`*`
			`* - If OpenSSL is used, it uses RAND_bytes()`
			`* - If PKCS#11 is used, it uses pkcs_C_GenerateRandom()`
			`*`
			`*/`

			`ISC_LANG_BEGINDECLS`

			`void`
			`isc_entropy_get(void *buf, size_t buflen);`
			`/*!<`
			`* \brief Get cryptographically-secure pseudo-random data.`
			`*/`

			`ISC_LANG_ENDDECLS`