Date: Fri, 13 Sep 2002 12:30:16 -0600 From: Stacy Millions <stacy@millions.ca> To: hackers@FreeBSD.ORG Cc: freebsd-security@FreeBSD.ORG Subject: kern_random interface Message-ID: <3D822EB8.4010201@millions.ca>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
--------------010005060904050005080108
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
I have been working on a kld that provides a driver for the Intel 82802
hardware random number generator. I have it working (give or take), but
am not quite ready to release it. One of the features I want to include,
is the ability to feed entropy from the rng to kern_random. I have
attached a patch that adds an interface to kern_random to add the
entropy with out any of the quality estimate or timer delta calculations.
I am soliciting comments on this patch before I submit a pr.
I would also like to get some opinions on the how to enable the option to
add entropy to kern_random. Right now, I am implementing it as a sysctl
for my device, but I was thinking of a more general purpose solution.
I was thinking of an "rng interface". Then any hardware rng driver that
implemented the device_method specified by the interface would be
able to feed entropy to kern_random. It would be controlled by
rndcontrol, something like "rndcontrol -d rng0" to enable device rng0
to start feeding kern_random and "rndcontrol -D rng0" to disable it.
It could also be extended to include methods for getting random data
directly, so that things like IPSec could get their key data from a
specific rng.
Am I on the right track here? I have looked at the Hardware Crypto
Support stuff and I don't think anything I'm doing or purposing
conflicts with it.
-stacy
--
If they keep lowering education standards and raising the price of
gasoline, there are going to be a lot of stupid people walking around.
Stacy Millions stacy@millions.ca
Millions Consulting Limited
--------------010005060904050005080108
Content-Type: text/plain;
name="random.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="random.diff"
diff -ur /usr/src/sys/kern/kern_random.c ./kern/kern_random.c
--- /usr/src/sys/kern/kern_random.c Thu Feb 21 15:23:33 2002
+++ ./kern/kern_random.c Wed Sep 11 14:24:28 2002
@@ -249,6 +249,22 @@
add_timer_randomness(&random_state, &irq_timer_state[intr], intr);
}
+/* add entropy without any song and dance. source should be a
+ * real RNG, like the Intel 82802 hardware RNG -stacy@millions.ca */
+void
+add_entropy(u_int32_t v)
+{
+ add_entropy_word(&random_state, v);
+ random_state.entropy_count += 32;
+
+ /* Prevent overflow */
+ if (random_state.entropy_count > POOLBITS)
+ random_state.entropy_count = POOLBITS;
+
+ if (random_state.entropy_count >= 8)
+ selwakeup(&random_state.rsel);
+}
+
#ifdef notused
void
add_blkdev_randomness(int major)
diff -ur /usr/src/sys/sys/random.h ./sys/random.h
--- /usr/src/sys/sys/random.h Tue May 9 20:04:52 2000
+++ ./sys/random.h Wed Sep 11 14:24:16 2002
@@ -71,6 +71,7 @@
void rand_initialize(void);
void add_keyboard_randomness(u_char scancode);
inthand2_t add_interrupt_randomness;
+void add_entropy(u_int32_t e);
#ifdef notused
void add_blkdev_randomness(int major);
#endif
--------------010005060904050005080108--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D822EB8.4010201>