mirage-crypto-rng

A cryptographically secure PRNG
Legend:
Library
Module
Module type
Parameter
Class
Class type
Library mirage-crypto-rng
type source

Entropy sources.

val sources : unit -> source list

sources () returns the list of available sources.

val pp_source : Format.formatter -> source -> unit

pp_source ppf source pretty-prints the entropy source on ppf.

val register_source : string -> source

register_source name registers name as entropy source.

Bootstrap

val whirlwind_bootstrap : int -> Cstruct.t

whirlwind_bootstrap id exploits CPU-level data races which lead to execution-time variability. It returns 200 bytes random data prefixed by id.

See http://www.ieee-security.org/TC/SP2014/papers/Not-So-RandomNumbersinVirtualizedLinuxandtheWhirlwindRNG.pdf for further details.

val cpu_rng_bootstrap : ( int -> Cstruct.t, [ `Not_supported ] ) Result.t

cpu_rng_bootstrap id returns 8 bytes of random data using the CPU RNG (rdseed or rdrand). On 32bit platforms, only 4 bytes are filled. The id is used as prefix.

  • raises Failure

    if no CPU RNG is available, or if it doesn't return a random value.

val bootstrap : int -> Cstruct.t

bootstrap id is either cpu_rng_bootstrap, if the CPU supports it, or whirlwind_bootstrap if not.

Timer source

val interrupt_hook : unit -> unit -> Cstruct.t

interrupt_hook () collects lower bytes from the cycle counter, to be used for entropy collection in the event loop.

val timer_accumulator : g option -> unit -> unit

timer_accumulator g is the accumulator for the timer source, applying interrupt_hook on each call.

Periodic pulled sources

val feed_pools : g option -> source -> ( unit -> Cstruct.t ) -> unit

feed_pools g source f feeds all pools of g using source by executing f for each pool.

val cpu_rng : ( g option -> unit -> unit, [ `Not_supported ] ) Result.t

cpu_rng g uses the CPU RNG (rdrand or rdseed) to feed all pools of g. It uses feed_pools internally. If neither rdrand nor rdseed are available, fun () -> () is returned.