使用引擎生成随机数 [英] Using engines for random number generation
问题描述
我正在尝试使用 RAND_bytes OpenSSL的API,但我想尝试使用各种随机数生成引擎.
I am trying to use the RAND_bytes API of OpenSSL, but I want to try it with various Random Number Generating Engines.
是否存在建议的方法来生成随机字节并在OpenSSL中添加熵?我在哪里可以得到其他Engine实施,以及如何将它们交换进来?
Is there a recommended way of generating Random bytes and adding entropy in OpenSSL? Where can I get other Engine implementations, and how can I swap them in?
推荐答案
是否存在建议的方法来生成随机字节并在OpenSSL中添加熵?
Is there a recommended way of generating Random bytes and adding entropy in OpenSSL?
是的.请参见随机数上的OpenSSL Wiki.它需要您为种子添加熵,并提取字节以用于密钥和其他秘密材料.
Yes. See the OpenSSL wiki on Random Numbers. It takes you through adding entropy for a seed, and extracting bytes for use in keying and other secret material.
随机数和种子介绍了添加种子的熵. 随机数和生成中介绍了提取用于键控和其他机密材料的字节.
Adding entropy for seeding is covered under Random Numbers and Seeds. Extracting bytes for use in keysing and other secret material is covered at Random Numbers and Generation.
在哪里可以获得其他Engine实施,以及如何互换它们?
Where can I get other Engine implementations, and how can I swap them in?
OpenSSL附带了一些与随机数有关的引擎.默认值为基于软件的PRNG引擎md_rand.您可以在<openssl src>/crypto/rand/md_rand.c中找到其源代码.另一个是英特尔的RDRAND引擎.您可以在<openssl src>/crypto/engine/eng_rdrand.c找到源.
OpenSSL comes with a few engines related to random numbers. The default is a software based PRNG engine, md_rand. You can find its source code at <openssl src>/crypto/rand/md_rand.c. Another is Intel's RDRAND engine. You can find the source at <openssl src>/crypto/engine/eng_rdrand.c.
如果您拥有硬件,也可以使用基于硬件的RNG.您甚至可以编写自己的提供SHA-512 HMAC的引擎.甚至可以将SHA-512 HMAC与RDRAND结合(异或). Mersenne Twister很受欢迎,您甚至还可以为其编写引擎.
You can also use hardware based RNGs if you have the hardware. You can even write your own engine that provides a SHA-512 HMAC. Or even one that combines (XORs) an SHA-512 HMAC with with RDRAND. The Mersenne Twister is popular, and you could even write an engine for it, too.
这是交换引擎以用于随机数的方式.它取自OpenSSL Wiki,并交换了Intel RDRAND引擎:
Here's how you swap in an engine to use for random numbers. Its taken from the OpenSSL wiki, and it swaps-in the Intel RDRAND engine:
1 unsigned long err = 0;
2 int rc = 0;
3
4 OPENSSL_cpuid_setup();
5 ENGINE_load_rdrand();
6
7 ENGINE* eng = ENGINE_by_id("rdrand");
8 err = ERR_get_error();
9
10 if(NULL == eng) {
11 fprintf(stderr, "ENGINE_load_rdrand failed, err = 0x%lx\n", err);
12 abort(); /* failed */
13 }
14
15 rc = ENGINE_init(eng);
16 err = ERR_get_error();
17
18 if(0 == rc) {
19 fprintf(stderr, "ENGINE_init failed, err = 0x%lx\n", err);
20 abort(); /* failed */
21 }
22
23 rc = ENGINE_set_default(eng, ENGINE_METHOD_RAND);
24 err = ERR_get_error();
25
26 if(0 == rc) {
27 fprintf(stderr, "ENGINE_set_default failed, err = 0x%lx\n", err);
28 abort(); /* failed */
29 }
30
31 /* OK to proceed */
32
33 ...
34 ENGINE_finish(eng);
35 ENGINE_free(eng);
36 ENGINE_cleanup();
...我正在尝试使用OpenSSL的RAND_bytes API ...
... I am trying to use the RAND_bytes API of OpenSSL ...
除了正常使用RAND_bytes,RAND_add和朋友外,您什么也不会做. RAND_bytes,RAND_add和朋友的使用方式永远不变.
You never do anything other than use RAND_bytes, RAND_add and friends as normal. How you use RAND_bytes, RAND_add and friends never changes.
梅森·扭转者(Mersenne Twister)很受欢迎,您甚至还可以为其编写引擎...
The Mersenne Twister is popular, and you could even write an engine for it, too...
如果执行此操作,则可以考虑发布源代码供他人使用.我建议在OpenSSL的Wiki上创建一个页面,解释Mersenne Twister引擎,解释如何使用它,并为其提供补丁.
If you do this, then you might consider posting the source code for others to use. I would suggest creating a page on OpenSSL's wiki, explain the Mersenne Twister engine, explain how to use it, and provide a patch for it.
另一种选择是将其作为功能/增强功能提交给 RT系统(错误跟踪器) .但是据我观察,大多数事物一旦进入RT就会枯萎而死亡.
The other choice is to submit it to the RT system (the bug tracker) as a feature/enhancement. But its been my observation that most things wither and die once they enter RT.
这篇关于使用引擎生成随机数的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
