Wed Jul 15 13:47:40 2020 UTC ()

Pull up following revision(s) (requested by riastradh in ticket #1007):

	share/man/man9/rnd.9: revision 1.26
	share/man/man9/rnd.9: revision 1.27

Update rnd(9) man page to reflect reality since netbsd-7.
- Note rndsource_setcb, RND_FLAG_HASCB, and rnd_add_data_sync.
- Note user's obligation to serialize access to each rndsource.

Simplify macro usage.


(martin)

diff -r1.25 -r1.25.18.1 src/share/man/man9/rnd.9

--- src/share/man/man9/rnd.9 2015/04/13 22:23:54	1.25
+++ src/share/man/man9/rnd.9 2020/07/15 13:47:40	1.25.18.1

 @@ -1,14 +1,14 @@
-.\"	$NetBSD: rnd.9,v 1.25 2015/04/13 22:23:54 riastradh Exp $
+.\"	$NetBSD: rnd.9,v 1.25.18.1 2020/07/15 13:47:40 martin Exp $
 .\"
 .\" Copyright (c) 1997 The NetBSD Foundation, Inc.
 .\" All rights reserved.
 .\"
 .\" This documentation is derived from text contributed to The NetBSD
 .\" Foundation by S.P.Zeidler (aka stargazer).
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
 .\" are met:
 .\" 1. Redistributions of source code must retain the above copyright
 .\"    notice, this list of conditions and the following disclaimer.
 .\" 2. Redistributions in binary form must reproduce the above copyright
 @@ -25,59 +25,113 @@
 .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
 .Dd August 10, 2014
 .Dt RND 9
 .Os
 .Sh NAME
 .Nm RND ,
 .Nm rnd_attach_source ,
 .Nm rnd_detach_source ,
 .Nm rnd_add_data ,
 .Nm rnd_add_data_sync ,
 .Nm rnd_add_uint32
 .Nd functions to make a device available for entropy collection
 .Sh SYNOPSIS
 .In sys/rndsource.h
 .Ft void
 .Fn rndsource_setcb "krndsource_t *rnd_source" "void (*callback)(size_t, void *)" "void *cookie"
 .Ft void
 .Fn rnd_attach_source "krndsource_t *rnd_source" "char *devname" "uint32_t source_type" "uint32_t flags"
 .Ft void
 .Fn rnd_detach_source "krndsource_t *rnd_source"
 .Ft void
 .Fn rnd_add_data "krndsource_t *rnd_source" "void *data" "uint32_t len" "uint32_t entropy"
 .Ft void
 .Fn rnd_add_data_sync "krndsource_t *rnd_source" "void *data" "uint32_t len" "uint32_t entropy"
 .Ft void
 .Fn rnd_add_uint32 "krndsource_t *rnd_source" "uint32_t datum"
 .Sh DESCRIPTION
 These
 .Nm
 functions make a device available for entropy collection for
 the kernel entropy pool, which provides key material for the
 .Xr cprng 9
 and
 .Xr rnd 4
 .Pa ( /dev/random )
 interfaces.
 .Pp
 The caller must zero an
 .Fa rnd_source
 object before using it.
 Ideally the first argument
 .Fa rnd_source
 of these functions gets included in the devices' entity struct,
 but any means to permanently (statically) attach one such argument
 to one incarnation of the device is ok.
 Do not share
 .Fa rnd_source
-structures between two devices.
+structures between two devices, and make sure to serialize all access
-.Pp
+to each
 .Fa rnd_source ,
 for example with
 .Xr mutex 9 .
 .Bl -tag -width 8n
 .It Fn rndsource_setcb "krndsource_t *rnd_source" "void (*callback)(size_t, void *)" "void *cookie"
 This function sets a callback to be invoked when the kernel entropy
 pool is hungry.
 It is optional; if used, it must be used
 .Em before
 .Fn rnd_attach_source ,
 and the caller must pass
 .Dv RND_FLAG_HASCB
 to
 .Fn rnd_attach_source
 in order for the callback to be used.
 The callback is invoked as
 .Fa callback ( Fa nbytes , Fa cookie ) ,
 where
 .Fa nbytes
 is the number of bytes requested for the entropy pool, and
 .Fa cookie
 is the cookie that was passed to
 .Fn rndsource_setcb .
 The callback normally does one of two things:
 .Bl -dash
 .It
 Sends a request to a hardware device for entropy and returns.
 The hardware will later return data asynchronously by an interrupt, and
 the callback will use
 .Fn rnd_add_data
 or
 .Fn rnd_add_uint32
 to add the data to the pool.
 .It
 Synchronously gathers entropy from hardware \(em for example, by a CPU
 instruction like Intel RDSEED.
 In this case, in order to add data to the pool
 .Em before
 returning, the callback
 .Em must
 use
 .Fn rnd_add_data_sync ,
 not
 .Fn rnd_add_data
 or
 .Fn rnd_add_uint32 .
 .El
 .It Fn rnd_attach_source "krndsource_t *rnd_source" "char *devname" "uint32_t source_type" "uint32_t flags"
 This function announces the availability of a device for entropy collection.
 It must be called before the source struct pointed to by
 .Fa rnd_source
 is used in any of the following functions.
 .Pp
 .Fa devname
 is the name of the device.
 It is used to print a message (if the kernel is compiled with
 ``options RND_VERBOSE'') and also for status information printed with
 .Xr rndctl 8 .
 .Pp
 .Fa source_type
 @@ -99,37 +153,39 @@ is not to be used as a type.
 It is used internally to the rnd system.
 .Pp
 .Fa flags
 are the logical OR of
 .Dv RND_FLAG_COLLECT_VALUE
 (mix data provided by this source into the pool)
 .Dv RND_FLAG_COLLECT_TIME
 (mix timestamps from this source into the pool)
 .Dv RND_FLAG_ESTIMATE_VALUE
 (use a delta estimator to count bits of entropy from this source's data towards
 the pool estimate)
 .Dv RND_FLAG_ESTIMATE_TIME
 (use a delta estimator to count bits of entropy from this source's timestamps
-towards the pool estimate).
+towards the pool estimate)
 .Dv RND_FLAG_HASCB
 (caller specified a callback with
 .Fn rndsource_setcb ) .
 For many devices,
 .Dv RND_FLAG_DEFAULT
 .Dv ( RND_FLAG_COLLECT_VALUE | RND_FLAG_COLLECT_TIME | RND_FLAG_ESTIMATE_TIME )
 is the best choice.
 Note that devices of type
 .Dv RND_TYPE_NET
 default to
 .Dv RND_FLAG_COLLECT_VALUE | RND_FLAG_COLLECT_TIME
 (no entropy counted).
 .Pp
 .It Fn rnd_detach_source "krndsource_t *rnd_source"
 This function disconnects the device from entropy collection.
 .It Fn rnd_add_uint32 "krndsource_t *rnd_source" "uint32_t datum"
 This function adds the value of
 .Va datum
 to the entropy pool.
 No entropy is assumed to be collected from this value, it merely helps
 stir the entropy pool.
 All entropy is gathered from jitter between the timing of events.
 .Pp
 Note that using a constant for
 .Va datum
 does not weaken security, but it does
 @@ -145,26 +201,34 @@ the interrupt handler, since on some sys
 .Pp
 This function loses nearly all usefulness if it is called from a scheduled
 software interrupt.
 If that is the only way to add the device as an entropy source, don't.
 .Pp
 If it is desired to mix in the
 .Va datum
 and to add in a timestamp, but not to actually estimate entropy from a source
 of randomness, passing
 .Dv NULL
 for
 .Va rnd_source
 is permitted, and the device does not need to be attached.
 .Pp
 .Fn rnd_add_uint32
 .Em must not
 be used during a callback as set with
 .Fn rndsource_setcb ;
 use
 .Fn rnd_add_data_sync
 instead.
 .It Fn rnd_add_data "krndsource_t *rnd_source" "void *data" "uint32_t len" "uint32_t entropy"
 adds (hopefully) random
 .Fa data
 to the entropy pool.
 .Fa len
 is the number of bytes in
 .Fa data
 and
 .Fa entropy
 is an "entropy quality" measurement.
 If every bit of
 .Fa data
 is known to be random,
 @@ -173,26 +237,34 @@ is the number of bits in
 .Fa data .
 .Pp
 Timing information is also used to add entropy into the system, using
 inter-event timings.
 .Pp
 If it is desired to mix in the
 .Va data
 and to add in a timestamp, but not to actually estimate entropy from a source
 of randomness, passing
 .Dv NULL
 for
 .Va rnd_source
 is permitted, and the device does not need to be attached.
 .Pp
 .Fn rnd_add_data
 .Em must not
 be used during a callback as set with
 .Fn rndsource_setcb ;
 use
 .Fn rnd_add_data_sync
 instead.
 .El
 .Sh INTERNAL ENTROPY POOL MANAGEMENT
 When a hardware event occurs (such as completion of a hard drive
 transfer or an interrupt from a network device) a timestamp is
 generated.
 This timestamp is compared to the previous timestamp
 recorded for the device, and the first, second, and third order
 differentials are calculated.
 .Pp
 If any of these differentials is zero, no entropy is assumed to
 have been gathered.
 If all are non-zero, one bit is assumed.
 Next, data is mixed into the entropy pool using an LFSR (linear