diff options
author | markm <markm@FreeBSD.org> | 2000-07-17 12:23:04 +0000 |
---|---|---|
committer | markm <markm@FreeBSD.org> | 2000-07-17 12:23:04 +0000 |
commit | 8d7820758595ec235d4238e286c63546a533f9d3 (patch) | |
tree | 340bfc3b8cc0e99ad95e3e127e973e17127f38fb /sys | |
parent | 542bea8cf0b0bdbb6b61e4bb41cce819a51347da (diff) | |
download | FreeBSD-src-8d7820758595ec235d4238e286c63546a533f9d3.zip FreeBSD-src-8d7820758595ec235d4238e286c63546a533f9d3.tar.gz |
Add randomness write functionality. This does absolutely nothing for
entropy estimation, but causes an immediate reseed after the input
(read in sizeof(u_int64_t) chunks) is "harvested".
This will be used in the reboot "reseeder", coming in another
commit. This can be used very effectively at any time you think
your randomness is compromised; something like
# (ps -gauxwww; netstat -an; dmesg; vmstat -c10 1) > /dev/random
will give the attacker something to think about.
Diffstat (limited to 'sys')
-rw-r--r-- | sys/dev/random/randomdev.c | 2 | ||||
-rw-r--r-- | sys/dev/random/yarrow.c | 19 | ||||
-rw-r--r-- | sys/dev/randomdev/randomdev.c | 2 | ||||
-rw-r--r-- | sys/dev/randomdev/yarrow.c | 19 | ||||
-rw-r--r-- | sys/sys/random.h | 2 |
5 files changed, 41 insertions, 3 deletions
diff --git a/sys/dev/random/randomdev.c b/sys/dev/random/randomdev.c index ff5e481..c84f4bd 100644 --- a/sys/dev/random/randomdev.c +++ b/sys/dev/random/randomdev.c @@ -117,7 +117,7 @@ random_write(dev_t dev, struct uio *uio, int flag) error = uiomove(random_buf, c, uio); if (error) break; - /* write_random(random_buf, c); */ + write_random(random_buf, c); } free(random_buf, M_TEMP); return error; diff --git a/sys/dev/random/yarrow.c b/sys/dev/random/yarrow.c index c6ae448..e5174d9 100644 --- a/sys/dev/random/yarrow.c +++ b/sys/dev/random/yarrow.c @@ -274,6 +274,25 @@ read_random(char *buf, u_int count) return retval; } +void +write_random(char *buf, u_int count) +{ + u_int i; + intrmask_t mask; + struct timespec nanotime; + + /* The reseed task must not be jumped on */ + mask = splsofttq(); + for (i = 0; i < count/sizeof(u_int64_t); i++) { + getnanotime(&nanotime); + random_harvest_internal(&nanotime, + *(u_int64_t *)&buf[i*sizeof(u_int64_t)], + 0, 0, RANDOM_WRITE); + } + reseed(FAST); + splx(mask); +} + static void generator_gate(void) { diff --git a/sys/dev/randomdev/randomdev.c b/sys/dev/randomdev/randomdev.c index ff5e481..c84f4bd 100644 --- a/sys/dev/randomdev/randomdev.c +++ b/sys/dev/randomdev/randomdev.c @@ -117,7 +117,7 @@ random_write(dev_t dev, struct uio *uio, int flag) error = uiomove(random_buf, c, uio); if (error) break; - /* write_random(random_buf, c); */ + write_random(random_buf, c); } free(random_buf, M_TEMP); return error; diff --git a/sys/dev/randomdev/yarrow.c b/sys/dev/randomdev/yarrow.c index c6ae448..e5174d9 100644 --- a/sys/dev/randomdev/yarrow.c +++ b/sys/dev/randomdev/yarrow.c @@ -274,6 +274,25 @@ read_random(char *buf, u_int count) return retval; } +void +write_random(char *buf, u_int count) +{ + u_int i; + intrmask_t mask; + struct timespec nanotime; + + /* The reseed task must not be jumped on */ + mask = splsofttq(); + for (i = 0; i < count/sizeof(u_int64_t); i++) { + getnanotime(&nanotime); + random_harvest_internal(&nanotime, + *(u_int64_t *)&buf[i*sizeof(u_int64_t)], + 0, 0, RANDOM_WRITE); + } + reseed(FAST); + splx(mask); +} + static void generator_gate(void) { diff --git a/sys/sys/random.h b/sys/sys/random.h index 1b99532..4888ec5 100644 --- a/sys/sys/random.h +++ b/sys/sys/random.h @@ -34,7 +34,7 @@ u_int read_random(char *, u_int); void write_random(char *, u_int); -enum esource { RANDOM_KEYBOARD, RANDOM_MOUSE }; +enum esource { RANDOM_WRITE, RANDOM_KEYBOARD, RANDOM_MOUSE }; void random_harvest(u_int64_t, u_int, u_int, u_int); #endif |