+6 -4

bench/speed.ml

··· 480 480 throughput_into name (fun dst cs -> DES.ECB.unsafe_encrypt_into ~key cs ~src_off:0 dst ~dst_off:0 (String.length cs))) ; 481 481 482 482 bm "fortuna" (fun name -> 483 483 - Mirage_crypto_rng_unix.initialize (module Mirage_crypto_rng.Fortuna); 484 484 - throughput name (fun buf -> 485 485 - let buf = Bytes.unsafe_of_string buf in 486 486 - Mirage_crypto_rng.generate_into buf ~off:0 (Bytes.length buf))) ; 483 483 + begin[@alert "-deprecated"] 484 484 + Mirage_crypto_rng_unix.initialize (module Mirage_crypto_rng.Fortuna); 485 485 + throughput name (fun buf -> 486 486 + let buf = Bytes.unsafe_of_string buf in 487 487 + Mirage_crypto_rng.generate_into buf ~off:0 (Bytes.length buf)) 488 488 + end); 487 489 488 490 bm "getentropy" (fun name -> 489 491 Mirage_crypto_rng_unix.use_getentropy ();

+1

rng/async/mirage_crypto_rng_async.mli

··· 16 16 -> ?sleep:Time_ns.Span.t 17 17 -> 'a Mirage_crypto_rng.generator 18 18 -> unit 19 19 + [@@deprecated "Use 'Mirage_crypto_rng_unix.use_default ()' instead."]

+1

rng/eio/mirage_crypto_rng_eio.mli

··· 39 39 -> 'a Mirage_crypto_rng.generator 40 40 -> _ env 41 41 -> (unit -> 'b) -> 'b 42 42 + [@@deprecated "Use 'Mirage_crypto_rng_unix.use_default ()' instead."]

+1

rng/lwt/mirage_crypto_rng_lwt.mli

··· 9 9 is used to collect entropy. 10 10 *) 11 11 val initialize : ?g:'a -> ?sleep:int64 -> 'a Mirage_crypto_rng.generator -> unit 12 12 + [@@deprecated "Use 'Mirage_crypto_rng_unix.use_default ()' instead."]

+7 -14

rng/mirage_crypto_rng.mli

··· 23 23 Please ensure to call [Mirage_crypto_rng_unix.use_default], or 24 24 [Mirage_crypto_rng_unix.use_dev_urandom] (if you only want to use 25 25 /dev/urandom), or [Mirage_crypto_rng_unix.use_getentropy] (if you only want 26 26 - to use getentropy). 26 26 + to use getrandom/getentropy/BCryptGenRandom). 27 27 28 28 For fine-grained control (doing entropy harvesting, etc.), please continue 29 29 - reading the documentation below. {b Please be aware that the feeding of Fortuna 30 30 - and producing random numbers is not thread-safe} (it is on Miou_unix via Pfortuna). 31 31 - 32 32 - The RNGs here are merely the deterministic part of a full random number 33 33 - generation suite. For proper operation, they need to be seeded with a 34 34 - high-quality entropy source. 29 29 + reading the documentation below. {b Please be aware that the feeding of 30 30 + Fortuna and producing random numbers is not thread-safe} (it is on Miou_unix 31 31 + via Pfortuna). 35 32 36 33 Suitable entropy feeding of generators are provided by other libraries 37 37 - {{!Mirage_crypto_rng_lwt}mirage-crypto-rng-lwt} (for Lwt), 38 38 - {{!Mirage_crypto_rng_async}mirage-crypto-rng-async} (for Async), 39 34 {{!Mirage_crypto_rng_mirage}mirage-crypto-rng-mirage} (for MirageOS), 40 40 - {{!Mirage_crypto_rng_unix}mirage-crypto-rng.unix}, 41 41 - {{!Mirage_crypto_rng_eio}mirage-crypto-rng-eio} (for Eio), 42 35 and {{!Mirage_crypto_rng_miou_unix}mirage-crypto-miou-unix} (for Miou_unix). 43 36 44 37 The intention is that "initialize" in the respective sub-library is called ··· 49 42 generator should be used in most setting, and that should be fed a constant 50 43 stream of entropy. 51 44 52 52 - [mirage-crypto-rng-eio] package differs slightly from other rng packages. 53 53 - Instead of the [initialize] function a [run] function is provided with 54 54 - similar behaviour, i.e. RNG setup, entropy collection and periodic reseeding. 45 45 + The RNGs here are merely the deterministic part of a full random number 46 46 + generation suite. For proper operation, they need to be seeded with a 47 47 + high-quality entropy source. 55 48 56 49 Although this module exposes a more fine-grained interface, e.g. allowing 57 50 manual seeding of generators, this is intended either for implementing

+3 -13

rng/rng.ml

··· 16 16 \n If you are using MirageOS, use the random device in config.ml: \ 17 17 `let main = Mirage.main \"Unikernel.Main\" (random @-> job)`, \ 18 18 and `let () = register \"my_unikernel\" [main $ default_random]`. \ 19 19 - \n If you are using Lwt, execute \ 20 20 - `Mirage_crypto_rng_lwt.initialize (module Mirage_crypto_rng.Fortuna)` \ 21 21 - at startup. \ 22 22 - \n If you are using Async, execute \ 23 23 - `Mirage_crypto_rng_async.initialize (module Mirage_crypto_rng.Fortuna)` \ 24 24 - at startup. \ 25 25 - \n If you are using Eio, execute in one of the fibers \ 26 26 - `Mirage_crypto_rng_eio.run (module Fortuna) env` (`env` from `Eio_main.run`). 27 27 - \n Otherwise, there is no periodic reseeding. For an initial seed from \ 28 28 - getrandom(), execute \ 29 29 - `Mirage_crypto_rng_unix.initialize (module Mirage_crypto_rng.Fortuna)`. \ 30 30 - You can use `Mirage_crypto_rng.accumulate` and `Mirage_crypto_rng.reseed` \ 31 31 - to reseed the RNG manually." 19 19 + \n If you are using miou, execute \ 20 20 + `Mirage_crypto_rng_miou_unix.initialize (module Mirage_crypto_rng.Fortuna)` \ 21 21 + at startup." 32 22 33 23 let () = Printexc.register_printer (function 34 24 | Unseeded_generator ->

+1

rng/unix/mirage_crypto_rng_unix.mli

··· 8 8 9 9 (** [initialize ~g rng] will bring the RNG into a working state. *) 10 10 val initialize : ?g:'a -> 'a Mirage_crypto_rng.generator -> unit 11 11 + [@@deprecated "Use 'Mirage_crypto_rng_unix.use_default ()' instead."] 11 12 12 13 (** [getrandom size] returns a buffer of [size] filled with random bytes. *) 13 14 val getrandom : int -> string

+15 -13

tests/test_eio_entropy_collection.ml

··· 20 20 21 21 let () = 22 22 Eio_main.run @@ fun env -> 23 23 - Mirage_crypto_rng_eio.run (module Printing_rng) env @@ fun () -> 24 24 - Eio.Fiber.both 25 25 - begin fun () -> 26 26 - let sleep = Duration.(of_sec 2 |> to_f) in 27 27 - Eio.Time.sleep env#clock sleep 28 28 - end 29 29 - begin fun () -> 30 30 - Format.printf "entropy sources: %a@,%!" 31 31 - (fun ppf -> List.iter (fun x -> 32 32 - Mirage_crypto_rng.Entropy.pp_source ppf x; 33 33 - Format.pp_print_space ppf ())) 34 34 - (Mirage_crypto_rng.Entropy.sources ()) 35 35 - end 23 23 + begin[@alert "-deprecated"] 24 24 + Mirage_crypto_rng_eio.run (module Printing_rng) env @@ fun () -> 25 25 + Eio.Fiber.both 26 26 + begin fun () -> 27 27 + let sleep = Duration.(of_sec 2 |> to_f) in 28 28 + Eio.Time.sleep env#clock sleep 29 29 + end 30 30 + begin fun () -> 31 31 + Format.printf "entropy sources: %a@,%!" 32 32 + (fun ppf -> List.iter (fun x -> 33 33 + Mirage_crypto_rng.Entropy.pp_source ppf x; 34 34 + Format.pp_print_space ppf ())) 35 35 + (Mirage_crypto_rng.Entropy.sources ()) 36 36 + end 37 37 + end 36 38

+9 -7

tests/test_eio_rng.ml

··· 2 2 3 3 let () = 4 4 Eio_main.run @@ fun env -> 5 5 - Mirage_crypto_rng_eio.run (module Fortuna) env @@ fun () -> 6 6 - let random_num = Mirage_crypto_rng.generate 32 in 7 7 - assert (String.length random_num = 32); 8 8 - Printf.printf "32 bit random number: %S\n%!" random_num; 9 9 - let random_num = Mirage_crypto_rng.generate 16 in 10 10 - assert (String.length random_num = 16); 11 11 - Printf.printf "16 bit random number: %S\n%!" random_num; 5 5 + begin[@alert "-deprecated"] 6 6 + Mirage_crypto_rng_eio.run (module Fortuna) env @@ fun () -> 7 7 + let random_num = Mirage_crypto_rng.generate 32 in 8 8 + assert (String.length random_num = 32); 9 9 + Printf.printf "32 bit random number: %S\n%!" random_num; 10 10 + let random_num = Mirage_crypto_rng.generate 16 in 11 11 + assert (String.length random_num = 16); 12 12 + Printf.printf "16 bit random number: %S\n%!" random_num; 13 13 + end

+3 -1

tests/test_entropy_collection_async.ml

··· 28 28 29 29 30 30 let main () = 31 31 - E.initialize (module Printing_rng); 31 31 + begin[@alert "-deprecated"] 32 32 + E.initialize (module Printing_rng); 33 33 + end; 32 34 Format.printf "entropy sources: %a@,%!" 33 35 (fun ppf -> List.iter ~f:(fun x -> 34 36 Mirage_crypto_rng.Entropy.pp_source ppf x;