Date: Sat, 14 Sep 2002 15:06:45 +0100 From: Dominic Marks <dominic_marks@btinternet.com> To: Stacy Millions <stacy@millions.ca> Cc: hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: kern_random interface Message-ID: <20020914140645.GB627@gallium> In-Reply-To: <3D822EB8.4010201@millions.ca> References: <3D822EB8.4010201@millions.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Sep 13, 2002 at 12:30:16PM -0600, Stacy Millions wrote:
> I have been working on a kld that provides a driver for the Intel 82802
> hardware random number generator. I have it working (give or take), but
> am not quite ready to release it. One of the features I want to include,
> is the ability to feed entropy from the rng to kern_random. I have
> attached a patch that adds an interface to kern_random to add the
> entropy with out any of the quality estimate or timer delta calculations.
>
> I am soliciting comments on this patch before I submit a pr.
>
> I would also like to get some opinions on the how to enable the option to
> add entropy to kern_random. Right now, I am implementing it as a sysctl
> for my device, but I was thinking of a more general purpose solution.
> I was thinking of an "rng interface". Then any hardware rng driver that
> implemented the device_method specified by the interface would be
> able to feed entropy to kern_random. It would be controlled by
> rndcontrol, something like "rndcontrol -d rng0" to enable device rng0
> to start feeding kern_random and "rndcontrol -D rng0" to disable it.
> It could also be extended to include methods for getting random data
> directly, so that things like IPSec could get their key data from a
> specific rng.
Other '*control' applications keywords, it would be nice to keep this
constant in rndcontrol (In my opinion anyway), something like:
rndcontrol list
Show a list of the random data sources
rndcontrol enable rng0
Enable harversting from this device
rndcontrol disable rng0
Disable harversting
rndcontrol link ipsec rng0
rndcontrol link geom rng1
Assign certain parts of the kernel to certain random devices
Is this sort of what you had in mind ?
> Am I on the right track here? I have looked at the Hardware Crypto
> Support stuff and I don't think anything I'm doing or purposing
> conflicts with it.
>
> -stacy
>
> --
> If they keep lowering education standards and raising the price of
> gasoline, there are going to be a lot of stupid people walking around.
>
> Stacy Millions stacy@millions.ca
> Millions Consulting Limited
>
> diff -ur /usr/src/sys/kern/kern_random.c ./kern/kern_random.c
> --- /usr/src/sys/kern/kern_random.c Thu Feb 21 15:23:33 2002
> +++ ./kern/kern_random.c Wed Sep 11 14:24:28 2002
> @@ -249,6 +249,22 @@
> add_timer_randomness(&random_state, &irq_timer_state[intr], intr);
> }
>
> +/* add entropy without any song and dance. source should be a
> + * real RNG, like the Intel 82802 hardware RNG -stacy@millions.ca */
> +void
> +add_entropy(u_int32_t v)
> +{
> + add_entropy_word(&random_state, v);
> + random_state.entropy_count += 32;
> +
> + /* Prevent overflow */
> + if (random_state.entropy_count > POOLBITS)
> + random_state.entropy_count = POOLBITS;
> +
> + if (random_state.entropy_count >= 8)
> + selwakeup(&random_state.rsel);
> +}
> +
> #ifdef notused
> void
> add_blkdev_randomness(int major)
> diff -ur /usr/src/sys/sys/random.h ./sys/random.h
> --- /usr/src/sys/sys/random.h Tue May 9 20:04:52 2000
> +++ ./sys/random.h Wed Sep 11 14:24:16 2002
> @@ -71,6 +71,7 @@
> void rand_initialize(void);
> void add_keyboard_randomness(u_char scancode);
> inthand2_t add_interrupt_randomness;
> +void add_entropy(u_int32_t e);
> #ifdef notused
> void add_blkdev_randomness(int major);
> #endif
>
--
Dominic Marks
Computer & Politics Geek
[work]::[npl.co.uk] << dominic.marks at npl.co.uk >>
[educ]::[umist.ac.uk] << notyet-known at umist.ac.uk >>
[home]::[btinternet] << dominic_marks at btinternet.com >>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020914140645.GB627>