diff --git a/rng/miou/mirage_crypto_rng_miou_unix.mli b/rng/miou/mirage_crypto_rng_miou_unix.mli index 2a025d5c..057afbc8 100644 --- a/rng/miou/mirage_crypto_rng_miou_unix.mli +++ b/rng/miou/mirage_crypto_rng_miou_unix.mli @@ -14,7 +14,6 @@ type rng (** Type of tasks seeding the RNG. *) val initialize : ?g:'a -> ?sleep:int64 -> 'a Mirage_crypto_rng.generator -> rng -[@@deprecated "Use 'Mirage_crypto_rng_unix.use_default ()' instead."] (** [initialize ?g ?sleep (module Generator)] will allow the RNG to operate in a returned task. This task periodically launches sub-tasks that seed the engine (using [getrandom()], [getentropy()] or [BCryptGenRandom()] depending diff --git a/rng/mirage_crypto_rng.mli b/rng/mirage_crypto_rng.mli index ad7e9299..240c9379 100644 --- a/rng/mirage_crypto_rng.mli +++ b/rng/mirage_crypto_rng.mli @@ -30,6 +30,18 @@ Fortuna and producing random numbers is not thread-safe} (it is on Miou_unix via Pfortuna). + Suitable entropy feeding of generators are provided by other libraries + {{!Mirage_crypto_rng_mirage}mirage-crypto-rng-mirage} (for MirageOS), + and {{!Mirage_crypto_rng_miou_unix}mirage-crypto-miou-unix} (for Miou_unix). + + The intention is that "initialize" in the respective sub-library is called + once, which sets the default generator and registers entropy + harvesting asynchronous tasks. The semantics is that the entropy is always + fed to the {{!default_generator}default generator}, which is not necessarily + the one set by "initialize". The reasoning behind this is that the default + generator should be used in most setting, and that should be fed a constant + stream of entropy. + The RNGs here are merely the deterministic part of a full random number generation suite. For proper operation, they need to be seeded with a high-quality entropy source. diff --git a/rng/rng.ml b/rng/rng.ml index c410d415..0c628bfc 100644 --- a/rng/rng.ml +++ b/rng/rng.ml @@ -15,7 +15,10 @@ let setup_rng = following:\ \n If you are using MirageOS, use the random device in config.ml: \ `let main = Mirage.main \"Unikernel.Main\" (random @-> job)`, \ - and `let () = register \"my_unikernel\" [main $ default_random]`." + and `let () = register \"my_unikernel\" [main $ default_random]`. \ + \n If you are using miou, execute \ + `Mirage_crypto_rng_miou_unix.initialize (module Mirage_crypto_rng.Fortuna)` \ + at startup." let () = Printexc.register_printer (function | Unseeded_generator -> diff --git a/tests/test_miou_entropy_collection.ml b/tests/test_miou_entropy_collection.ml index 45a7f20f..57ad3eab 100644 --- a/tests/test_miou_entropy_collection.ml +++ b/tests/test_miou_entropy_collection.ml @@ -20,11 +20,7 @@ end let () = Miou_unix.run @@ fun () -> - let rng = - begin[@alert "-deprecated"] - Mirage_crypto_rng_miou_unix.initialize (module Printing_rng) - end - in + let rng = Mirage_crypto_rng_miou_unix.initialize (module Printing_rng) in Format.printf "entropy sources: %a@,%!" (fun ppf -> List.iter (fun x -> Mirage_crypto_rng.Entropy.pp_source ppf x; diff --git a/tests/test_miou_rng.ml b/tests/test_miou_rng.ml index 852a3251..1cd5dcb8 100644 --- a/tests/test_miou_rng.ml +++ b/tests/test_miou_rng.ml @@ -1,9 +1,5 @@ let () = Miou_unix.run @@ fun () -> - let rng = - begin[@alert "-deprecated"] - Mirage_crypto_rng_miou_unix.(initialize (module Pfortuna)) - end - in + let rng = Mirage_crypto_rng_miou_unix.(initialize (module Pfortuna)) in let random_num = Mirage_crypto_rng.generate 32 in assert (String.length random_num = 32); Printf.printf "32 bit random number: %s\n%!" (Ohex.encode random_num);