RdRand is an instruction for returning random numbers from an Intel on-chip hardware random number generator.RdRand is available in Ivy Bridge and later processors.
It uses cascade construction, combining a HW RNG operating at 3Gbps with CSPRNG with all components sealed on CPU. The entropy source is a meta-stable circuit, with unpredictable behavior based on thermal noise. The entropy is fed into a 3:1 compression ratio entropy extractor (whitener) based on AES-CBC-MAC. Online statistical tests are performed at this stage and only high quality random data are used as the seed for cryptograhically secure SP800-90 AES-CTR DRBG compliant PRNG. This generator is producing maximum of 512 128-bit AES blocks before it's reseeded. According to documentation the 512 blocks is a upper limit for reseed, in practice it reseeds much more frequently.
Usage
Development with librdrand
Requirements
Installation
Authors
The rdrand-gen provides an easy access to random numbers generated by RdRand instruction.
rdrand-gen Usage: ./rdrand-gen [OPTIONS] If no output file is specified, the program will print random values to STDOUT.
OPTIONS --help -h Print this help. --amount -n NUM Generate given amount of bytes. Suffixes: K, M, G, T. Without the option or when 0, generate unlimited amount. --method -m NAME Use method NAME (default is get_bytes). --output -o FILE Save the generated data to the file. --threads -t NUM Run the generator in NUM threads (default 2). --aes-ctr -a Encrypt the output with AES-CTR. --aes-keys -k FILE Use given key file for the AES encryption instead of random one. --verbose -v Be verbose (will print on stderr). --version -V Print version.
Accessible methods: get_bytes [default] get_uint64_array_reseed_delay get_uint64_array_reseed_skip
This is just a short overview, see man page.
To start, include the library:
#include <librdrand.h>
Then test if the CPU supports RdRand:
int rdrand_testSupport(); // returns 1 on support
And then generate as many bytes of randomness as you want:
size_t rdrand_get_bytes_retry(void *dest, const size_t size, int retry_limit);
This function generates size
bytes of randomness and saves it to dest
. If the RdRand for some reason fails and don't return a random value (for example, with low entropy in its pools), the function tries for retry_limit
times in a sequence to read again. After exceeding this limit, the function ends without generating all requested bytes, returning amount of sucessfully acquired random bytes.
In the man page, you can find more functions with similar signature, that works with 16, 32 or 64 bits instead of bytes, as well as simple wrapper that just call the bytecode of the instruction.
Furthemore, it is possible include aes-extended version of the library. This will provide a one more generating function (rdrand_get_bytes_aes_ctr
), that encrypts the RdRand output with AES-CTR from OpenSSL to mitigate any possible weakness in the RdRand instruction. See a man page man 3 librdrand-aes
for details of usage.
#include <librdrand-aes.h>
unsigned int rdrand_get_bytes_aes_ctr(void *dest, const unsigned int count, int retry_limit);
For compiling, except of autotools as usual you need to have:
And since version 2 also:
./configure make make install
Jan Tulak (jan@tulak.me), Jiri Hladky (hladky.jiri@gmail.com)
This library was created as part of Jan Tulak's thesis. For more information about the library, RdRand and performance and statistical issues see the thesis.