Entropy-supplying system calls are system calls in Unix-like operating system kernels through which processes can obtain entropic or random data. The first of these was getentropy, introduced to the OpenBSD operating system in release 5.6 (November 2014). Linux offers a very similar system call, getrandom, which was based on getentropy. It was first available in Linux 3.17, released in October 2015. In July 2015, Solaris introduced slightly modified versions of getentropy and getrandom. In June 2015, FreeBSD introduced the sysctl object KERN_ARND for obtaining random data from the kernel.
Contents
These system calls allow processes to access quality random data without opening and reading from randomness pseudo-devices.
Microsoft Windows' CryptGenRandom and Apple iOS's SecRandom API are very similar. However, they are not implemented as system calls.
Motivation
Traditionally, Unix-like operating systems supply random data through two pseudo-devices: /dev/random and /dev/urandom. However, safely and reliably reading random data from these devices can be difficult and complicated. For example, an attacker could interfere with a process's access to the pseudo-devices by opening all available file descriptors, or through a similar form of resource exhaustion attack. The use of these devices also interferes with privilege revocation. Unprivileged processes are often denied the ability to open and read files and devices, and the randomness devices are not even visible to chrooted processes.
The difficulty of using randomness pseudo-devices often leads developers to use standard library functions instead. Some of these, such as the C programming language's rand(), srand(), and random(), are very unsafe when used for cryptography or similar applications, because the algorithm used for random number generation is not built to be of high enough quality but rather pseudo-random number generation.
As security becomes a more widespread priority in software development, quality randomness is used more often and in more contexts. Because of this, providing quality randomness is increasingly considered a core responsibility of the kernel. System calls are the traditional interface through which a process uses core kernel services, and kernels are therefore supporting randomness access through system calls.
Usage
Because it is faster and adds another layer of entropy mixing, it is usually suggested that processes use these syscalls' data through a userspace cryptographically secure pseudorandom number generator (CSPRNG) rather than assigning the retrieved data directly to variables. For this purpose, OpenBSD's C standard library includes the function arc4random, which programs are expected to call when they need random data.
This approach allows a program to fetch less entropy from the kernel without reducing the strength of its random data. The getentropy system call is designed based on this assumption, supplying no more than 256 bytes per call.