[src/trunk]: src Add cprng(9) manual page, remove arc4random(9) manual page

[tls <tls%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/c757c227ce70
branches:  trunk
changeset: 771687:c757c227ce70
user:      tls <tls%NetBSD.org@localhost>
date:      Mon Nov 28 20:19:25 2011 +0000

description:
Add cprng(9) manual page, remove arc4random(9) manual page

diffstat:

 distrib/sets/lists/comp/mi  |   35 +++++-
 share/man/man9/Makefile     |   17 ++-
 share/man/man9/arc4random.9 |   87 ---------------
 share/man/man9/cprng.9      |  251 ++++++++++++++++++++++++++++++++++++++++++++
 share/man/man9/rnd.9        |    5 +-
 5 files changed, 303 insertions(+), 92 deletions(-)

diffs (truncated from 463 to 300 lines):

diff -r 190ab6b9736d -r c757c227ce70 distrib/sets/lists/comp/mi
--- a/distrib/sets/lists/comp/mi        Mon Nov 28 18:21:46 2011 +0000
+++ b/distrib/sets/lists/comp/mi        Mon Nov 28 20:19:25 2011 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: mi,v 1.1713 2011/11/28 16:22:15 tron Exp $
+#      $NetBSD: mi,v 1.1714 2011/11/28 20:19:25 tls Exp $
 #
 # Note: don't delete entries from here - mark them as "obsolete" instead.
 #
@@ -9779,6 +9779,17 @@
 ./usr/share/man/cat9/copyoutstr.0              comp-sys-catman         .cat
 ./usr/share/man/cat9/copystr.0                 comp-sys-catman         .cat
 ./usr/share/man/cat9/coredump_write.0          comp-sys-catman         .cat
+./usr/share/man/cat9/cprng.0                   comp-sys-catman         .cat
+./usr/share/man/cat9/cprng_strong.0            comp-sys-catman         .cat
+./usr/share/man/cat9/cprng_strong_create.0     comp-sys-catman         .cat
+./usr/share/man/cat9/cprng_strong_destroy.0    comp-sys-catman         .cat
+./usr/share/man/cat9/cprng_strong_getflags.0   comp-sys-catman         .cat
+./usr/share/man/cat9/cprng_strong_setflags.0   comp-sys-catman         .cat
+./usr/share/man/cat9/cprng_strong32.0          comp-sys-catman         .cat
+./usr/share/man/cat9/cprng_strong64.0          comp-sys-catman         .cat
+./usr/share/man/cat9/cprng_fast.0              comp-sys-catman         .cat
+./usr/share/man/cat9/cprng_fast32.0            comp-sys-catman         .cat
+./usr/share/man/cat9/cprng_fast64.0            comp-sys-catman         .cat
 ./usr/share/man/cat9/cpu_configure.0           comp-sys-catman         .cat
 ./usr/share/man/cat9/cpu_coredump.0            comp-sys-catman         .cat
 ./usr/share/man/cat9/cpu_dump.0                        comp-sys-catman         .cat
@@ -15906,6 +15917,17 @@
 ./usr/share/man/html9/copyoutstr.html          comp-sys-htmlman        html
 ./usr/share/man/html9/copystr.html             comp-sys-htmlman        html
 ./usr/share/man/html9/coredump_write.html      comp-sys-htmlman        html
+./usr/share/man/html9/cprng.html               comp-sys-htmlman        html
+./usr/share/man/html9/cprng_strong.html                comp-sys-htmlman        html
+./usr/share/man/html9/cprng_strong_create.html comp-sys-htmlman        html
+./usr/share/man/html9/cprng_strong_destroy.html        comp-sys-htmlman        html
+./usr/share/man/html9/cprng_strong_getflags.html comp-sys-htmlman      html
+./usr/share/man/html9/cprng_strong_setflags.html comp-sys-htmlman      html
+./usr/share/man/html9/cprng_strong32.html      comp-sys-htmlman        html
+./usr/share/man/html9/cprng_strong64.html      comp-sys-htmlman        html
+./usr/share/man/html9/cprng_fast.html          comp-sys-htmlman        html
+./usr/share/man/html9/cprng_fast32.html                comp-sys-htmlman        html
+./usr/share/man/html9/cprng_fast64.html                comp-sys-htmlman        html
 ./usr/share/man/html9/cpu_configure.html       comp-sys-htmlman        html
 ./usr/share/man/html9/cpu_coredump.html                comp-sys-htmlman        html
 ./usr/share/man/html9/cpu_dump.html            comp-sys-htmlman        html
@@ -22152,6 +22174,17 @@
 ./usr/share/man/man9/copyoutstr.9              comp-sys-man            .man
 ./usr/share/man/man9/copystr.9                 comp-sys-man            .man
 ./usr/share/man/man9/coredump_write.9          comp-sys-man            .man
+./usr/share/man/man9/cprng.9                   comp-sys-man            .man
+./usr/share/man/man9/cprng_strong.9            comp-sys-man            .man
+./usr/share/man/man9/cprng_strong_create.9     comp-sys-man            .man
+./usr/share/man/man9/cprng_strong_destroy.9    comp-sys-man            .man
+./usr/share/man/man9/cprng_strong_getflags.9   comp-sys-man            .man
+./usr/share/man/man9/cprng_strong_setflags.9   comp-sys-man            .man
+./usr/share/man/man9/cprng_strong32.9          comp-sys-man            .man
+./usr/share/man/man9/cprng_strong64.9          comp-sys-man            .man
+./usr/share/man/man9/cprng_fast.9              comp-sys-man            .man
+./usr/share/man/man9/cprng_fast32.9            comp-sys-man            .man
+./usr/share/man/man9/cprng_fast64.9            comp-sys-man            .man
 ./usr/share/man/man9/cpu_configure.9           comp-sys-man            .man
 ./usr/share/man/man9/cpu_coredump.9            comp-sys-man            .man
 ./usr/share/man/man9/cpu_dump.9                        comp-sys-man            .man
diff -r 190ab6b9736d -r c757c227ce70 share/man/man9/Makefile
--- a/share/man/man9/Makefile   Mon Nov 28 18:21:46 2011 +0000
+++ b/share/man/man9/Makefile   Mon Nov 28 20:19:25 2011 +0000
@@ -1,9 +1,9 @@
-#       $NetBSD: Makefile,v 1.359 2011/11/15 00:50:55 jym Exp $
+#       $NetBSD: Makefile,v 1.360 2011/11/28 20:19:28 tls Exp $
 
 #      Makefile for section 9 (kernel function and variable) manual pages.
 
 MAN=   accept_filter.9 accf_data.9 accf_http.9 \
-       altq.9 arc4random.9 arp.9 audio.9 autoconf.9 \
+       altq.9 arp.9 audio.9 autoconf.9 \
        bcdtobin.9 bcmp.9 bcopy.9 bintime_add.9 bluetooth.9 boothowto.9 bpf.9 \
        buffercache.9 bufq.9 bus_dma.9 bus_space.9 byteorder.9 bzero.9 \
        callback.9 callout.9 cardbus.9 cnmagic.9 condvar.9 config.9 \
@@ -63,6 +63,19 @@
 MAN+=  boothowto.9
 MLINKS+=boothowto.9 BOOT_FLAG.9
 
+MAN+=  cprng.9
+MLINKS+=cprng.9        cprng_strong.9 \
+       cprng.9 cprng_strong_create.9 \
+       cprng.9 cprng_strong_destroy.9 \
+       cprng.9 cprng_strong_getflags.9 \
+       cprng.9 cprng_strong_setflags.9 \
+       cprng.9 cprng_strong32.9 \
+       cprng.9 cprng_strong64.9 \
+       cprng.9 cprng_fast.9 \
+       cprng.9 cprng_fast32.9 \
+       cprng.9 cprng_fast64.9 \
+       cprng.9 arc4random.9
+       
 MAN+=  deviter.9
 MLINKS+=deviter.9 deviter_first.9 \
        deviter.9 deviter_init.9 \
diff -r 190ab6b9736d -r c757c227ce70 share/man/man9/arc4random.9
--- a/share/man/man9/arc4random.9       Mon Nov 28 18:21:46 2011 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,87 +0,0 @@
-.\"    $NetBSD: arc4random.9,v 1.3 2005/12/26 19:48:12 perry Exp $
-.\" $OpenBSD: arc4random.3,v 1.17 2000/12/21 14:07:41 aaron Exp $
-.\"
-.\" Copyright 1997 Niels Provos <provos%physnet.uni-hamburg.de@localhost>
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\"    must display the following acknowledgement:
-.\"      This product includes software developed by Niels Provos.
-.\" 4. The name of the author may not be used to endorse or promote products
-.\"    derived from this software without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
-.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
-.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.\" Manual page, using -mandoc macros
-.\"
-.Dd April 15, 1997
-.Dt ARC4RANDOM 9
-.Os
-.Sh NAME
-.Nm arc4random
-.Nd arc4 random number generator
-.Sh SYNOPSIS
-.In sys/types.h
-.In sys/systm.h
-.Ft uint32_t
-.Fn arc4random "void"
-.Sh DESCRIPTION
-The
-.Fn arc4random
-function provides a high quality 32-bit pseudo-random
-number very quickly.
-.Fn arc4random
-seeds itself on a regular basis from the kernel strong random number
-subsystem described in
-.Xr rnd 4 .
-On each call, an ARC4 generator is used to generate a new result.
-The
-.Fn arc4random
-function uses the ARC4 cipher key stream generator,
-which uses 8*8 8 bit S-Boxes.
-The S-Boxes can be in about (2**1700) states.
-.Pp
-.Fn arc4random
-fits into a middle ground not covered by other subsystems such as
-the strong, slow, and resource expensive random
-devices described in
-.Xr rnd 4
-versus the fast but poor quality interfaces such as
-.Fn random .
-.Sh SEE ALSO
-.Xr arc4random 3 ,
-.Xr rnd 4
-.Sh HISTORY
-An algorithm called
-.Pa RC4
-was designed by RSA Data Security, Inc.
-It was considered a trade secret, but not trademarked.
-Because it was a trade secret, it obviously could not be patented.
-A clone of this was posted anonymously to USENET and confirmed to
-be equivalent by several sources who had access to the original cipher.
-Because of the trade secret situation, RSA Data Security, Inc. can do
-nothing about the release of the ARC4 algorithm.
-Since
-.Pa RC4
-used to be a trade secret, the cipher is now referred to as
-.Pa ARC4 .
-.Pp
-These functions first appeared in
-.Ox 2.1 .
diff -r 190ab6b9736d -r c757c227ce70 share/man/man9/cprng.9
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/share/man/man9/cprng.9    Mon Nov 28 20:19:25 2011 +0000
@@ -0,0 +1,251 @@
+.\"    $NetBSD: cprng.9,v 1.1 2011/11/28 20:19:28 tls Exp $
+.\"
+.\" Copyright (c) 2011 The NetBSD Foundation, Inc.
+.\" All rights reserved.
+.\"
+.\" This code is derived from software contributed to The NetBSD Foundation
+.\" by Thor Lancelot Simon.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+.\" POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd November 28, 2011
+.Dt CPRNG 9
+.Os
+.Sh NAME
+.Nm cprng ,
+.Nm cprng_strong_create ,
+.Nm cprng_strong ,
+.Nm cprng_strong32 ,
+.Nm cprng_strong64 ,
+.Nm cprng_strong_getflags ,
+.Nm cprng_strong_setflags ,
+.Nm cprng_strong_destroy , 
+.Nm cprng_fast ,
+.Nm cprng_fast32 ,
+.Nm cprng_fast64 ,
+.Nd cryptographic pseudorandom number generators
+.Sh SYNOPSIS
+.In sys/cprng.h
+.Ft cprng_strong_t
+.Fn cprng_strong_create "const char *const name, int ipl, int flags"
+.Ft void
+.Fn cprng_strong_destroy "cprng_strong_t *cprng"
+.Ft size_t
+.Fn cprng_strong "cprng_strong_t *const cprng, void *buf, size_t len"
+.Ft size_t
+.Fn cprng_fast "void *buf, size_t len"
+.Ft uint32_t
+.Fn cprng_strong32 "void"
+.Ft uint64_t
+.Fn cprng_strong64 "void"
+.Ft uint32_t
+.Fn cprng_fast32 "void"
+.Ft uint32_t
+.Fn cprng_fast64 "void"
+.Ft int
+.Fn cprng_strong_getflags "cprng_strong_t *const cprng"
+.Ft void
+.Fn cprng_strong_setflags "cprng_strong_t *const cprng, int flags"
+.Bd -literal
+#define CPRNG_MAX_LEN   524288
+
+typedef struct _cprng_strong {
+        kmutex_t      mtx;
+        kcondvar_t    cv;
+        NIST_CTR_DRBG drbg;
+        int           flags;
+        char          name[16];
+        int           reseed_pending;
+        rndsink_t     reseed;
+} cprng_strong_t;
+.Ed
+.Pp
+.Sh DESCRIPTION
+The
+.Nm
+family of functions supply randomness to callers within the
+.Nx
+kernel.  They replace the
+.Xr arc4random 9
+and
+.Xr rnd_extract_data 9
+functions for this purpose.  The
+.Nm
+functions provide stream generators automatically keyed (and if
+necessary rekeyed) from the kernel entropy pool.  The
+.Nx
+kernel no longer supports direct reading from the kernel entropy pool; all
+access is mediated by the
+.Nm
+functions.
+.Pp
+The
+.Dq strong
+family of functions supply cryptographically strong random numbers
+suitable for keying cryptosystems and similar purposes.  Calls to
+.Xr rnd_extract_data 9
+should be replaced with calls to
+.Nm cprng_strong .