AMD Secure Random Number Generator Library

AMD CPU Foundation Libraries includes a suite of numerical libraries that target AMD EPYCTM processor family. These libraries provide functionality for performing some of the core mathematical operations required in most scientific and high performance applications. The blog here provides an overview of all the libraries. In this blog, I will talk about one of the component library of this suite called, AMD Secure Random Number Generator (RNG) library.

Most cryptographic applications including encryption/decryption key generation, data masking, etc., require high quality random numbers. The random numbers need to be secure against attacks from adversary as well as pass statistical randomness tests. AMD’s RYZENTM and EPYCTM processors are equipped with Random Number Generator (RNG) in the Cryptographic Co-processor (CCP) 5.0 hardware that enables generation of cryptographically secure random numbers. The RNG is kdesigned to produce fast, high quality random numbers for use by the AMD Secure Processor as well as x86 software. David Kaplan’s whitepaper here provides details on the AMD RNG hardware design.

The random values generated by the AMD RNG hardware are written to output registers and are accessible to software through x86 user-level instructions. The x86 instructions are:

  1. RDRAND : Returns a 16-bit, 32-bit or 64-bit random value
  2. RDSEED : Returns a 16-bit, 32-bit or 64-bit conditioned random value. This can be used as a seed for software implemented pseudo-random number generator (PRNG)

Accessing the random values using these low-level instructions can be cumbersome in high level applications. Also, most applications would need a stream of random numbers which means multiple calls to RDRAND/RDSEED instructions. To facilitate easier programming, AMD Secure RNG library exposes set of APIs that application developers can use to fetch the secure random numbers generated by the RNG hardware.

AMD Secure RNG Library

AMD Secure RNG library exposes several APIs that makes use of the RDRAND and RDSEED instructions to either return a single random value or a stream of them. Following APIs are supported by the library

Check Hardware support for RNG instructions

  • is_RDRAND_Supported
  • is_RDSEED_Supported

Fetch random numbers of 16-bit, 32-bit, 64-bit and random bytes using RDRAND instruction

  • get_rdrand16u
  • get_rdrand32u, get_rdrand32u_arr
  • get_rdrand64u, get_rdrand64u_arr
  • get_rdrand_bytes_arr

Fetch random numbers of 16-bit, 32-bit, 64-bit and random bytes using RDSEED instruction

  • get_rdseed16u
  • get_rdseed32u, get_rdseed32u_arr
  • get_rdseed64u, get_rdseed64u_arr
  • get_rdseed_bytes_arr

The benefits of using the library include

  • Applications can just link to the library and invoke either a single or stream of random numbers.
  • It abstracts out low level programming for accessing RDRAND and RDSEED instructions as well as handling some of the possible outcomes based on register outputs.
  • Library also manages checking for any hardware failure while generation and allows user to specify retrial attempts

Below code snippet shows sample usage of the library API to return an array of 1000 64-bit random values using RDRAND

Conclusion

One of the ubiquitous use of random numbers is in Cryptography. It underlies the security mechanism of modern communication systems such as authentication, e-commerce, etc. The quality of random numbers is crucial in such applications for secure operations. AMD Secure RNG library provides applications an easy-to use programming interface to fetch cryptographically secure random numbers generated by the AMD RNG hardware.

Pradeep Rao is an SMTS developer for CPU Libraries team at AMD. His postings are his own opinions and may not represent AMD’s positions, strategies or opinions. Links to third party sites are provided for convenience and unless explicitly stated, AMD is not responsible for the contents of such linked sites and no endorsement is implied.

DISCLAIMER

The information contained herein is for informational purposes only, and is subject to change without notice. While every precaution has been taken in the preparation of this document, it may contain technical inaccuracies, omissions and typographical errors, and AMD is under no obligation to update or otherwise correct this information. Advanced Micro Devices, Inc. makes no representations or warranties with respect to the accuracy or completeness of the contents of this document, and assumes no liability of any kind, including the implied warranties of noninfringement, merchantability or fitness for particular purposes, with respect to the operation or use of AMD hardware, software or other products described herein. No license, including implied or arising by estoppel, to any intellectual property rights is granted by this document. Terms and limitations applicable to the purchase or use of AMD’s products are as set forth in a signed agreement between the parties or in AMD’s Standard Terms and Conditions of Sale.

AMD, the AMD Arrow logo, EPYC and combinations thereof are trademarks of Advanced Micro Devices, Inc. Other product names used in this publication are for identification purposes only and may be trademarks of their respective companies.

Leave a Reply