Application of random numbers in KVM in Linux

Random numbers are very important in computer systems. without random numbers, many applications may be in trouble. Random numbers are also crucial in cryptography and security. This article mainly introduces the concept and importance of random numbers, how random numbers are generated in Linux, the most Label: KVM

Random numbers are very important in computer systems. without random numbers, many applications may be in trouble. Random numbers are also crucial in cryptography and security. This article describes the concept and importance of random numbers, how random numbers are generated in Linux, and how to add and use hardware random number generators to generate random numbers in KVM virtual machines.

What is a random number?

Many software and applications require random numbers. Random numbers are everywhere, from card game card distribution to key generation in SSL security protocol. A random number must meet at least two conditions:

1. The numerical sequence is statistically random.
2. The sequence following a known sequence cannot be estimated.

Since the birth of the computer, researchers have been paying attention to the research on the use of computers to produce high-quality random number sequences. Generally, it is difficult to use a computer program to generate a real random number, because the program behavior is predictable, the random number sequence generated by the computer using the designed algorithm combined with the seeds provided by the user is usually a "pseudo-random number". a pseudo-random number is a "random number" that we usually use ". Pseudo-random numbers can meet the needs of general applications, but they have obvious disadvantages in environments and fields with high security requirements:

1. Pseudo-random numbers are cyclical. when they are large enough, they repeat the numerical sequence.
2. If the same algorithm and the same seed value are provided, the same random number sequence will be obtained.
3. Reverse engineering can be used to guess the algorithm and seed value, so as to calculate all the subsequent random series.

Only real physical processes are truly random. only the randomness of things in the physical world can generate real random numbers, for example, noise produced by quantum fluctuations of sub-atomic particles in a vacuum environment, quantum uncertainty and radioactive decay of ultra-bright light emitting diodes in noise.

 

Why random numbers are so important

Generating random numbers is a basic task in cryptography and is essential for generating encryption keys, encryption algorithms, and encryption protocols. the quality of random numbers is critical to security. Recently, it was reported that someone successfully attacked a website by exploiting the disadvantages of random numbers and obtained administrator privileges. Security researchers in the United States and France have also recently evaluated the security of the two Linux kernels PRNG --/dev/random and/dev/urandom, we believe that Linux pseudo-random number generator does not meet the robust security concept and does not accumulate entropy correctly. It can be seen that random numbers play a very important role in security systems.

 

How to generate random numbers in Linux

PRNG (Pseudo-Random Number Generator)

In 1994, US software engineer Theodore Y. Ts 'o first implemented a random number generator in the Linux kernel, using the SHA-1 hash algorithm instead of the password, which increased the password strength.

The Linux kernel uses entropy to describe the randomness of data. entropy is a physical quantity used to describe the degree of disorder and disorder of the system. The larger the entropy of a system, the worse the ordering of the system, that is, the greater the uncertainty. The kernel maintains an entropy pool to collect environmental noise from device drivers and other sources. Theoretically, the data in the entropy pool is completely random and can generate a sequence of real random numbers. To track the randomness of the data in the entropy pool, the kernel adds the data to the pool to estimate the randomness of the data. this process is called entropy estimation. The entropy estimation value describes the number of random numbers in the pool. a greater value indicates a better randomness of the data in the pool. The random number generator PRNG in the kernel is a character device named random. the code is implemented in drivers/char/random. c. The device implements a series of interface functions to obtain noise data in the system environment and add them to the entropy pool. The noise data in the system environment includes the interval between two device interruptions, the operation interval of the input device, and the operation interval of the continuous disk. Corresponding interfaces include:

 
 

  
  
void add_device_randomness(const void *buf, unsigned int size); 
  
  
void add_input_randomness(unsigned int type, unsigned int code, 
  
  
                unsigned int value); 
  
  
void add_interrupt_randomness(int irq, int irq_flags); 
  
  
void add_disk_randomness(struct gendisk *disk); 
 
 

The kernel provides one interface for other kernel modules.

 
 

  
  
void get_random_bytes(void *buf, int nbytes); 
 
 

This interface returns a random number of specified bytes. The random device provides two character devices for user-state processes --/dev/random and/dev/urandom:

• /Dev/random is suitable for requests with high random number quality requirements. when there is insufficient data in the entropy pool, when reading the dev/random device, a random byte smaller than the total number of entropy pool noises will be returned. /Dev/random can generate a high random public key or one-time cipher book. If the entropy pool is empty, read operations on/dev/random will be blocked until sufficient environmental noise is collected. This design makes/dev/random a real random number generator and provides the maximum possible random data entropy.
• /Dev/urandom, a non-blocking random number generator, which repeatedly uses the data in the entropy pool to generate pseudo-random data. This indicates that read operations on/dev/urandom will not be blocked, but the output entropy may be less than/dev/random. It can be used as a pseudo-random number generator to generate low-intensity passwords. for most applications, randomness is acceptable.

/Dev/random can also be written. any user can add random data to the entropy pool. Even writing non-random data is harmless, because only the administrator can call ioctl to increase the entropy pool size. In Linux, the current entropy value and size can be obtained by accessing/proc/sys/kernel/random/, for example:

 
 

  
  
# cat /proc/sys/kernel/random/poolsize 
  
  
4096 
  
  
# cat /proc/sys/kernel/random/entropy_avail 
  
  
298 
  
  
# cat /proc/sys/kernel/random/uuid 
  
  
4f0683ae-6141-41e1-b5b9-57f4bd299219 
 
 

However, there are several vulnerabilities in the random generator in Linux kernel, such as embedded systems (lack of mouse and keyboard), Live CD systems (lack of disks), routers, diskless workstations, and some server systems, the source of environmental entropy is limited, and the random number quality will decrease. For systems with NVRAM, it is recommended to save the status of some random number generators during shutdown so that these statuses can be restored at the next boot. For routers, network data can be considered as the main source of entropy.

EGD

EGD (entropy gathering daemon) can provide similar functions in Unix systems that do not support/dev/random devices. This is a daemon running in user mode and provides high-quality random password data. Some encryption software, such as OpenSSL, GNU Privacy Guard, and Apache HTTP Server, support using EGD when/dev/random is unavailable.

EGD, or similar software prngd, can collect pseudo-random entropy from multiple sources and process the data to remove bias and improve cryptographic quality, then, other programs are allowed to access their output through the Unix domain interface (usually/dev/egd-pool) or TCP interface. This program usually uses the method of establishing sub-processes to query the state to collect entropy. Its query status is usually changeable and unpredictable, such as CPU, I/O, network usage, or some log files and contents in the temporary directory.

EGD communicates with clients that require random numbers through a simple protocol. the client connects to EGD socket to send commands (identify commands from the first eight digits ):

• Command 0: query the current available entropy
• Command 1: unblocking random bytes
• Command 2: gets the number of random bytes in a blocking manner.
• Command 3: update entropy

Hardware random number generator

Currently, many hardware random number generators (hwrng) are used to generate reliable random numbers, but they are all commercial and expensive. The most common use is ComScire QNG. as of this article, the official price of ComScire PQ4000KU is close to $900.

Intel's Ivy Bridge family has a feature called "Secure Key", which contains an internal hardware DRNG (Digital Random Number Generator) used to generate Random numbers, the assembled command RDRAND can be used to obtain high-intensity random numbers. Linux Kernel uses the XOR operation to mix the random numbers generated by RDRAND into the entropy pool. the code is implemented in drivers/char/random. c extract_entropy () function.

 
 

  
  
for (i = 0; i < LONGS(EXTRACT_SIZE); i++) { 
  
  
unsigned long v; 
  
  
if (!arch_get_random_long(&v)) 
  
  
break; 
  
  
hash.l[i] ^= v; 
  
  
} 
 
 

There are also some third-party hardware random number generators, usually USB or PCI devices, mainly used on servers. Linux Kernel's hwrng (hardware random number generator) abstraction layer (/dev/hwrng device) can choose to monitor RNG devices, when the entropy pool data is insufficient, the device is required to provide random data to the kernel entropy pool. the rngd daemon can read hwrng data and then supply it to the kernel entropy pool.

 

How to apply in a KVM VM

In a virtual machine environment similar to a server, there are few input device operations. compared with the Host, Disk I/O is also relatively small. Therefore, the random number produced by relying on the PRNG of Guest itself is not of high quality, therefore, virtual machines usually obtain partial random data from the Host. For KVM virtual machines, a semi-virtualization device virtio-rng is used as the hardware random number generator. Linux Kernel supports virtio-rng from 2.6.26, and QEMU supports virtio-rng in version 1.3. The virtio-rng device reads the random number source of the Host and fills it in the entropy pool of the Guest (client. Generally,/dev/random is used as the input source. Of course, the data source can be changed. if hwrng exists in the Host system, you can use/dev/hwrng as the input source of virtio-rng. You can also pass-through the hwrng device to the client, but it is not practical. for example, there may be problems in Live Migration (real-time Migration) of virtual machines. Add a virtio-rng device to Guest and use/dev/random as the input source:

 
 

  
  
Use libvirt to edit the XML of the VM
  
  
In the virtual machine XML definition  Section: 
  
  
  
  
  
  Random'>/Dev/random  
  
  
 
  
  
Use QEMU command Line to directly add:
  
  
-ObjectRng-random, Filename =/dev/random, id = rng0 \
  
  
-Device virtio-rng-pci, rng = rng0
 
 

After the VM is started, on the Host:

 
 

  
  
___FCKpd___5nbsp;lsof /dev/random 
  
  
COMMAND     PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME 
  
  
qemu-syst 23590 mars   11r   CHR    1,8      0t0 1032 /dev/random 
 
 

 

The current QEMU process is using the/dev/random device.

 
 

  
  
Guest:
  
  
___ FCKpd ___ 6 nbsp; cat/sys/devices/virtual/misc/hw_random/rng_available
  
  
Virtio
  
  
___ FCKpd ___ 6 nbsp; cat/sys/devices/virtual/misc/hw_random/rng_current
  
  
Virtio
  
  
___ FCKpd ___ 6 nbsp; lsmod | grep virtio_rng
  
  
Virtio_rng 12790 0
  
  
....
 
 

 

We can see that Guest has recognized the hardware random number generator.

 
 

  
  
___FCKpd___7nbsp;dd if=/dev/hwrng of=/home/random-data bs=1 
 
 

Add the bs option and set a smaller value, because there may be fewer random number resources on the Host. if the bs value is too large, you may not be able to get enough data to write files in a short time, at the same time, do more mouse, keyboard, or disk operations on the Host to generate random numbers faster.

 
 

  
  
___FCKpd___8nbsp;hexdump /home/random-data 
  
  
00000000    9501 e702 .... 
  
  
00000010    .... .... .... 
 
 

 

Use the EGD protocol as the input source:

 
 

  
  
Use libvirt to edit the XML of the VM:
  
  
  
  
  
  Egd'Type = 'tcp '> 
  
  
  
  
  
 
  
  
  
  
  
Use QEMU command Line to directly add:
  
  
-Chardev socket, host = localhost, port = 1024, id = chr0 \
  
  
-ObjectRng-egd, Chardev = chr0, id = rng0 \
  
  
-Device virtio-rng-pci, rng = rng0
 
 

 

Summary

Random numbers play an important role in computer systems. This article describes the concept and importance of random numbers and introduces how to generate random numbers in Linux, in the KVM environment, how does a virtual machine use virtio-rng to obtain random data.