-
Notifications
You must be signed in to change notification settings - Fork 88
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add functions to create random numbers #64
Conversation
/// Create a cryptographicly secure 32bit random number with the support of | ||
/// the underlying hardware. If the required hardware isn't available, | ||
/// the function returns `None`. | ||
#[inline(always)] | ||
pub unsafe fn secure_rand32() -> Option<u32> { | ||
sys_secure_rand32() | ||
} | ||
|
||
/// Create a cryptographicly secure 64bit random number with the support of | ||
/// the underlying hardware. If the required hardware isn't available, | ||
/// the function returns `None`. | ||
#[inline(always)] | ||
pub unsafe fn secure_rand64() -> Option<u64> { | ||
sys_secure_rand64() | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there a reason these functions are unsafe? Will asking for random number ever invoke UB?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I will answer the question in the comment below.
extern "Rust" { | ||
fn sys_secure_rand64() -> Option<u64>; | ||
fn sys_secure_rand32() -> Option<u32>; | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So having extern "Rust"
here means that the version of rustc
used to compile hermit-abi
must be exactly the same version used to compile the kernel (rusty-hermit
/libhermit-rs
). Is this a problem? (I don't know much about HermitCore).
If it is, you could just have a returned value of 0
represent failure (I realize this is technically a valid random number, but it's extremely unlikely that it gets returned). Alternatively, you could take a *mut u64
as input and return 0
/-ENOSYS
on success/failure.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In principle, the unikernel is completely written in Rust. Technical it could be possible that the Rust standard library call directly the Rust function of the unikernel. However, the unikernel depends on too many crates. The Rust community will not permit that rustc depends on all these crates. The workaround is a small system interface hermit-abi
, which provides a similar interface like the crate libc
. The unikernel itself will be provided as common static library. To guarantee that the unikernel and the application are build by the same compiler, we provide the crate hermit-sys
. This crate builds the unikernel and link the library to the application. This is the reason that we suggest to add following line to Cargo.toml
:
[target.'cfg(target_os = "hermit")'.dependencies]
hermit-sys = "0.1.*"
Unfortunately, every jump into a static library is unsafe
because the compiler is not able to check the function. But we are able to use "real" Rust functions and to use Option
as return value.
bors ping |
pong |
bors try |
tryBuild failed: |
bors r+ |
Merge conflict. |
rand creates pseudo-random numbers, while secure_rand32/64 produce cryptographicly secure random numbers
bors r+ |
I assume that @josephlr like the patch an accept it |
Does this patch actually generate random numbers? |
It should generate random numbers. The function calls implicitly generate_random_number64, which uses Intel's |
okay great I have |
Currently not, but we are working on it. |
Okay so my patch to Thanks for your assistance! |
rand
creates pseudo-random numbers, whilesecure_rand32
/64
produce cryptographicly secure random numbers