Entropy Source and DRNG Manager

... or /dev/random in user space

The Entropy Source and DRNG Manager (ESDM) manages a set of deterministic random number generators (DRNG) and ensures their proper seeding and reseeding. To seed the DRNGs, a set of entropy sources are managed by the ESDM. The cryptographic strength of the entire ESDM is always 256 bits. All entropy processing is designed to maintain this strength.

Besides other services, it provides an API and ABI compliant drop-in replacement for the Linux `/dev/random` and `/dev/urandom` devices as well as the `getrandom` system call. This means it not only supports common users requesting random numbers, but also services using the IOCTLs documented in `random(4)` or using `select(2)` / `poll(2)` on the device files.

In addition to the Linux interface support, the ESDM provides a daemon managing the entropy sources and DRNG instances that can be accessed with a wrapper library. The ESDM requires only POSIX support along with `protobuf-c` and thus is intended to be executable on different operating systems.

It is extensible as follows:

The (re)seeding operation of the DRNG implements design ideas of the following specifications:

The Entropy Source and DRNG Manager is an API and ABI compatible drop-in replacement to the legacy /dev/random implementation in the Linux kernel but fully in user space.

GitHub Link

A public git repository is found at github.com/smuellerDD/esdm.

Documentation

A PDF presentation is also available providing the gist of the ESDM documentation.

Source Code

The following source code contains the implementation of the Entropy Source and DRNG Manager.

Link Changes

Initial Release (Signature of source code)

Initial release

0.3.0 (Signature of source code)

Replace protobuf-c-rpc with built-in RPC mechanism reducing amount of mallocs, performing proper zeroization and being fully thread-aware

Testing: disable /dev/random fallbacks for verifying RPC operation

RNDGETENTCNT returns the seed state of the auxiliary entropy pool only. This makes it 100% ABI compliant to random.c

Add ChaCha20 DRNG to regular code base

Add SHA-3 conditioning hash to regular code base

Add /proc/sys/kernel/random files handler along with SELinux policy, tested with: rng-tools, jitterentropy-rngd, haveged

SP800-90A/B/C compliant

0.4.0 (Signature of source code)

Start CUSE daemons independently from ESDM server

add support for invoking DRNG with prediction resistance when opening /dev/random with O_SYNC or using the esdm_get_random_bytes_pr API. This reestablishes the NTG.1 property as well as well as supports using the DRBG as a conditioning component pursuent to SP800-90C and FIPS 140 IG 7.19 / D.K.

initialize the DRNG immediately with 256 bits (disregarding 32/128 bits)

add interrupt entropy source

modify collection in scheduler ES: maintain a hash state per CPU as a per-CPU entropy pool

add proper interrupt/signal handling code to the ESDM RPC client library

privilege level change in CUSE is now limited to caller only

add support to allow ld.so.preload to be used to refer to libesdm-getrandom.so for a system-wide replacement of getrandom/getentropy system call.

SP800-90A/B/C compliant AIS20/31 compliant FIPS IG 7.19 / D.K compliant - use of DRBG as conditioning component for chaining DRBGs

2022-07-02 smueller at chronox.de