diff options
author | markm <markm@FreeBSD.org> | 2000-06-25 08:38:58 +0000 |
---|---|---|
committer | markm <markm@FreeBSD.org> | 2000-06-25 08:38:58 +0000 |
commit | c46e65268d46deb39e14305f985392ab802dcf50 (patch) | |
tree | e0bfb9fa4a9b68a3491f5333474df5e6d22bf077 /sys | |
parent | 58318db80801eb90db1a44822cdb52018a3a0cad (diff) | |
download | FreeBSD-src-c46e65268d46deb39e14305f985392ab802dcf50.zip FreeBSD-src-c46e65268d46deb39e14305f985392ab802dcf50.tar.gz |
New machine-independant /dev/random driver.
This is work-in-progress, and the entropy-gathering routines are not
yet present. As such, this should be viewed as a pretty reasonable
PRNG with _ABSOLUTELY_NO_ security!!
Entropy gathering will be the subject of ongoing work.
This is written as a module, and as such is unloadable, but there is
no refcounting done. I would like to use something like device_busy(9)
to achieve this (eventually).
Lots of useful ideas from: bde, phk, Jeroen van Gelderen
Reviewed by: dfr
Diffstat (limited to 'sys')
-rw-r--r-- | sys/dev/random/randomdev.c | 145 | ||||
-rw-r--r-- | sys/dev/random/yarrow.c | 213 | ||||
-rw-r--r-- | sys/dev/random/yarrow.h | 42 | ||||
-rw-r--r-- | sys/dev/randomdev/randomdev.c | 145 | ||||
-rw-r--r-- | sys/dev/randomdev/yarrow.c | 213 | ||||
-rw-r--r-- | sys/dev/randomdev/yarrow.h | 42 |
6 files changed, 800 insertions, 0 deletions
diff --git a/sys/dev/random/randomdev.c b/sys/dev/random/randomdev.c new file mode 100644 index 0000000..157fd73 --- /dev/null +++ b/sys/dev/random/randomdev.c @@ -0,0 +1,145 @@ +/*- + * Copyright (c) 2000 Mark Murray + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer + * in this position and unchanged. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#include <sys/param.h> +#include <sys/systm.h> +#include <sys/conf.h> +#include <sys/fcntl.h> +#include <sys/uio.h> +#include <sys/kernel.h> +#include <sys/kobj.h> +#include <sys/malloc.h> +#include <sys/module.h> +#include <sys/bus.h> +#include <sys/random.h> +#include <machine/bus.h> +#include <machine/resource.h> +#include <sys/rman.h> +#include <sys/signalvar.h> +#include <sys/sysctl.h> +#include <crypto/blowfish/blowfish.h> + +#include "yarrow.h" + +static d_read_t randomread; +static d_write_t randomwrite; + +#define CDEV_MAJOR 2 +#define RANDOM_MINOR 3 + +static struct cdevsw random_cdevsw = { + /* open */ (d_open_t *)nullop, + /* close */ (d_close_t *)nullop, + /* read */ randomread, + /* write */ randomwrite, + /* ioctl */ noioctl, + /* poll */ nopoll, + /* mmap */ nommap, + /* strategy */ nostrategy, + /* name */ "random", + /* maj */ CDEV_MAJOR, + /* dump */ nodump, + /* psize */ nopsize, + /* flags */ 0, + /* bmaj */ -1 +}; + +/* For use with make_dev(9)/destroy_dev(9). */ +static dev_t randomdev; + +void *buf; + +extern void randominit(void); + +extern struct state state; + +/* This is mostly academic at the moment; as Yarrow gets extended, it will + become more relevant */ +SYSCTL_NODE(_kern, OID_AUTO, random, CTLFLAG_RW, 0, "Random Number Generator"); +SYSCTL_NODE(_kern_random, OID_AUTO, yarrow, CTLFLAG_RW, 0, "Yarrow Parameters"); +SYSCTL_INT(_kern_random_yarrow, OID_AUTO, gengateinterval, CTLFLAG_RW, &state.gengateinterval, 10, "Generator Gate Interval"); + +static int +randomread(dev_t dev, struct uio *uio, int flag) +{ + u_int c, ret; + int error = 0; + + c = min(uio->uio_resid, PAGE_SIZE); + buf = (void *)malloc(c, M_TEMP, M_WAITOK); + while (uio->uio_resid > 0 && error == 0) { + ret = read_random(buf, c); + error = uiomove(buf, ret, uio); + } + free(buf, M_TEMP); + return error; +} + +static int +randomwrite(dev_t dev, struct uio *uio, int flag) +{ + u_int c; + int error = 0; + + buf = (void *)malloc(PAGE_SIZE, M_TEMP, M_WAITOK); + while (uio->uio_resid > 0) { + c = min(uio->uio_resid, PAGE_SIZE); + error = uiomove(buf, c, uio); + if (error) + break; + /* write_random(buf, c); */ + } + free(buf, M_TEMP); + return error; +} + +static int +random_modevent(module_t mod, int type, void *data) +{ + switch(type) { + case MOD_LOAD: + if (bootverbose) + printf("random: <entropy source>\n"); + randomdev = make_dev(&random_cdevsw, RANDOM_MINOR, UID_ROOT, + GID_WHEEL, 0666, "zero"); + randominit(); + return 0; + + case MOD_UNLOAD: + destroy_dev(randomdev); + return 0; + + case MOD_SHUTDOWN: + return 0; + + default: + return EOPNOTSUPP; + } +} + +DEV_MODULE(random, random_modevent, NULL); diff --git a/sys/dev/random/yarrow.c b/sys/dev/random/yarrow.c new file mode 100644 index 0000000..189ef13 --- /dev/null +++ b/sys/dev/random/yarrow.c @@ -0,0 +1,213 @@ +/*- + * Copyright (c) 2000 Mark Murray + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer + * in this position and unchanged. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * $FreeBSD$ + */ + +/* NOTE NOTE NOTE - This is not finished! It will supply numbers, but + it is not yet cryptographically secure!! */ + +#include <sys/param.h> +#include <sys/systm.h> +#include <sys/queue.h> +#include <sys/linker.h> +#include <sys/libkern.h> +#include <sys/mbuf.h> +#include <sys/random.h> +#include <sys/types.h> +#include <crypto/blowfish/blowfish.h> + +#include "yarrow.h" + +void generator_gate(void); +void reseed(void); +void randominit(void); + +/* This is the beastie that needs protecting. It contains all of the + * state that we are excited about. + */ +struct state state; + +void +randominit(void) +{ + /* XXX much more to come */ + state.gengateinterval = 10; +} + +void +reseed(void) +{ + unsigned char v[BINS][KEYSIZE]; /* v[i] */ + unsigned char hash[KEYSIZE]; /* h' */ + BF_KEY hashkey; + unsigned char ivec[8]; + unsigned char temp[KEYSIZE]; + int i, j; + + /* 1. Hash the accumulated entropy into v[0] */ + + /* XXX to be done properly */ + bzero((void *)&v[0], KEYSIZE); + for (j = 0; j < sizeof(state.randomstuff); j += KEYSIZE) { + BF_set_key(&hashkey, KEYSIZE, &state.randomstuff[j]); + BF_cbc_encrypt(v[0], temp, KEYSIZE, &hashkey, + ivec, BF_ENCRYPT); + memcpy(&v[0], temp, KEYSIZE); + } + + /* 2. Compute hash values for all v. _Supposed_ to be computationally */ + /* intensive. */ + + for (i = 1; i < BINS; i++) { + bzero((void *)&v[i], KEYSIZE); + for (j = 0; j < sizeof(state.randomstuff); j += KEYSIZE) { + /* v[i] #= h(v[i-1]) */ + BF_set_key(&hashkey, KEYSIZE, v[i - 1]); + BF_cbc_encrypt(v[i], temp, KEYSIZE, &hashkey, + ivec, BF_ENCRYPT); + memcpy(&v[i], temp, KEYSIZE); + /* v[i] #= h(v[0]) */ + BF_set_key(&hashkey, KEYSIZE, v[0]); + BF_cbc_encrypt(v[i], temp, KEYSIZE, &hashkey, + ivec, BF_ENCRYPT); + memcpy(&v[i], temp, KEYSIZE); + /* v[i] #= h(i) */ + BF_set_key(&hashkey, sizeof(int), (unsigned char *)&i); + BF_cbc_encrypt(v[i], temp, KEYSIZE, &hashkey, + ivec, BF_ENCRYPT); + memcpy(&v[i], temp, KEYSIZE); + } + } + + /* 3. Compute a new Key. */ + + bzero((void *)hash, KEYSIZE); + BF_set_key(&hashkey, KEYSIZE, (unsigned char *)&state.key); + BF_cbc_encrypt(hash, temp, KEYSIZE, &hashkey, + ivec, BF_ENCRYPT); + memcpy(hash, temp, KEYSIZE); + for (i = 1; i < BINS; i++) { + BF_set_key(&hashkey, KEYSIZE, v[i]); + BF_cbc_encrypt(hash, temp, KEYSIZE, &hashkey, + ivec, BF_ENCRYPT); + memcpy(hash, temp, KEYSIZE); + } + + BF_set_key(&state.key, KEYSIZE, hash); + + /* 4. Recompute the counter */ + + state.counter = 0; + BF_cbc_encrypt((unsigned char *)&state.counter, temp, + sizeof(state.counter), &state.key, state.ivec, + BF_ENCRYPT); + memcpy(&state.counter, temp, state.counter); + + /* 5. Reset all entropy estimate accumulators to zero */ + + bzero((void *)state.randomstuff, sizeof(state.randomstuff)); + + /* 6. Wipe memory of intermediate values */ + + bzero((void *)v, sizeof(v)); + bzero((void *)temp, sizeof(temp)); + bzero((void *)hash, sizeof(hash)); + + /* 7. Dump to seed file (XXX done by external process?) */ + +} + +u_int +read_random(char *buf, u_int count) +{ + static int cur = 0; + static int gate = 1; + u_int i; + u_int retval; + u_int64_t genval; + + if (gate) { + generator_gate(); + state.outputblocks = 0; + gate = 0; + } + if (count >= sizeof(state.counter)) { + retval = 0; + for (i = 0; i < count; i += sizeof(state.counter)) { + state.counter++; + BF_cbc_encrypt((unsigned char *)&state.counter, + (unsigned char *)&genval, sizeof(state.counter), + &state.key, state.ivec, BF_ENCRYPT); + memcpy(&buf[i], &genval, sizeof(state.counter)); + if (++state.outputblocks >= state.gengateinterval) { + generator_gate(); + state.outputblocks = 0; + } + retval += sizeof(state.counter); + } + } + else { + if (!cur) { + state.counter++; + BF_cbc_encrypt((unsigned char *)&state.counter, + (unsigned char *)&genval, sizeof(state.counter), + &state.key, state.ivec, BF_ENCRYPT); + memcpy(buf, &genval, count); + cur = sizeof(state.counter) - count; + if (++state.outputblocks >= state.gengateinterval) { + generator_gate(); + state.outputblocks = 0; + } + retval = count; + } + else { + retval = cur < count ? cur : count; + memcpy(buf, + (char *)&state.counter + + (sizeof(state.counter) - retval), + retval); + cur -= retval; + } + } + return retval; +} + +void +generator_gate(void) +{ + int i; + unsigned char temp[KEYSIZE]; + + for (i = 0; i < KEYSIZE; i += sizeof(state.counter)) { + state.counter++; + BF_cbc_encrypt((unsigned char *)&state.counter, &temp[i], + sizeof(state.counter), &state.key, state.ivec, + BF_ENCRYPT); + } + + BF_set_key(&state.key, KEYSIZE, temp); + bzero((void *)temp, KEYSIZE); +} diff --git a/sys/dev/random/yarrow.h b/sys/dev/random/yarrow.h new file mode 100644 index 0000000..6fb557e --- /dev/null +++ b/sys/dev/random/yarrow.h @@ -0,0 +1,42 @@ +/*- + * Copyright (c) 2000 Mark Murray + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer + * in this position and unchanged. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#define BINS 10 /* t */ +#define KEYSIZE 32 /* 32 bytes == 256 bits */ + +/* This is the beasite that needs protecting. It contains all of the + * state that we are excited about. + */ +struct state { + u_int64_t counter; /* C */ + BF_KEY key; /* K */ + unsigned char ivec[8]; /* Blowfish internal */ + int gengateinterval; /* Pg */ + int outputblocks; + unsigned char randomstuff[1024]; /* XXX to be done properly */ +}; diff --git a/sys/dev/randomdev/randomdev.c b/sys/dev/randomdev/randomdev.c new file mode 100644 index 0000000..157fd73 --- /dev/null +++ b/sys/dev/randomdev/randomdev.c @@ -0,0 +1,145 @@ +/*- + * Copyright (c) 2000 Mark Murray + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer + * in this position and unchanged. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#include <sys/param.h> +#include <sys/systm.h> +#include <sys/conf.h> +#include <sys/fcntl.h> +#include <sys/uio.h> +#include <sys/kernel.h> +#include <sys/kobj.h> +#include <sys/malloc.h> +#include <sys/module.h> +#include <sys/bus.h> +#include <sys/random.h> +#include <machine/bus.h> +#include <machine/resource.h> +#include <sys/rman.h> +#include <sys/signalvar.h> +#include <sys/sysctl.h> +#include <crypto/blowfish/blowfish.h> + +#include "yarrow.h" + +static d_read_t randomread; +static d_write_t randomwrite; + +#define CDEV_MAJOR 2 +#define RANDOM_MINOR 3 + +static struct cdevsw random_cdevsw = { + /* open */ (d_open_t *)nullop, + /* close */ (d_close_t *)nullop, + /* read */ randomread, + /* write */ randomwrite, + /* ioctl */ noioctl, + /* poll */ nopoll, + /* mmap */ nommap, + /* strategy */ nostrategy, + /* name */ "random", + /* maj */ CDEV_MAJOR, + /* dump */ nodump, + /* psize */ nopsize, + /* flags */ 0, + /* bmaj */ -1 +}; + +/* For use with make_dev(9)/destroy_dev(9). */ +static dev_t randomdev; + +void *buf; + +extern void randominit(void); + +extern struct state state; + +/* This is mostly academic at the moment; as Yarrow gets extended, it will + become more relevant */ +SYSCTL_NODE(_kern, OID_AUTO, random, CTLFLAG_RW, 0, "Random Number Generator"); +SYSCTL_NODE(_kern_random, OID_AUTO, yarrow, CTLFLAG_RW, 0, "Yarrow Parameters"); +SYSCTL_INT(_kern_random_yarrow, OID_AUTO, gengateinterval, CTLFLAG_RW, &state.gengateinterval, 10, "Generator Gate Interval"); + +static int +randomread(dev_t dev, struct uio *uio, int flag) +{ + u_int c, ret; + int error = 0; + + c = min(uio->uio_resid, PAGE_SIZE); + buf = (void *)malloc(c, M_TEMP, M_WAITOK); + while (uio->uio_resid > 0 && error == 0) { + ret = read_random(buf, c); + error = uiomove(buf, ret, uio); + } + free(buf, M_TEMP); + return error; +} + +static int +randomwrite(dev_t dev, struct uio *uio, int flag) +{ + u_int c; + int error = 0; + + buf = (void *)malloc(PAGE_SIZE, M_TEMP, M_WAITOK); + while (uio->uio_resid > 0) { + c = min(uio->uio_resid, PAGE_SIZE); + error = uiomove(buf, c, uio); + if (error) + break; + /* write_random(buf, c); */ + } + free(buf, M_TEMP); + return error; +} + +static int +random_modevent(module_t mod, int type, void *data) +{ + switch(type) { + case MOD_LOAD: + if (bootverbose) + printf("random: <entropy source>\n"); + randomdev = make_dev(&random_cdevsw, RANDOM_MINOR, UID_ROOT, + GID_WHEEL, 0666, "zero"); + randominit(); + return 0; + + case MOD_UNLOAD: + destroy_dev(randomdev); + return 0; + + case MOD_SHUTDOWN: + return 0; + + default: + return EOPNOTSUPP; + } +} + +DEV_MODULE(random, random_modevent, NULL); diff --git a/sys/dev/randomdev/yarrow.c b/sys/dev/randomdev/yarrow.c new file mode 100644 index 0000000..189ef13 --- /dev/null +++ b/sys/dev/randomdev/yarrow.c @@ -0,0 +1,213 @@ +/*- + * Copyright (c) 2000 Mark Murray + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer + * in this position and unchanged. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * $FreeBSD$ + */ + +/* NOTE NOTE NOTE - This is not finished! It will supply numbers, but + it is not yet cryptographically secure!! */ + +#include <sys/param.h> +#include <sys/systm.h> +#include <sys/queue.h> +#include <sys/linker.h> +#include <sys/libkern.h> +#include <sys/mbuf.h> +#include <sys/random.h> +#include <sys/types.h> +#include <crypto/blowfish/blowfish.h> + +#include "yarrow.h" + +void generator_gate(void); +void reseed(void); +void randominit(void); + +/* This is the beastie that needs protecting. It contains all of the + * state that we are excited about. + */ +struct state state; + +void +randominit(void) +{ + /* XXX much more to come */ + state.gengateinterval = 10; +} + +void +reseed(void) +{ + unsigned char v[BINS][KEYSIZE]; /* v[i] */ + unsigned char hash[KEYSIZE]; /* h' */ + BF_KEY hashkey; + unsigned char ivec[8]; + unsigned char temp[KEYSIZE]; + int i, j; + + /* 1. Hash the accumulated entropy into v[0] */ + + /* XXX to be done properly */ + bzero((void *)&v[0], KEYSIZE); + for (j = 0; j < sizeof(state.randomstuff); j += KEYSIZE) { + BF_set_key(&hashkey, KEYSIZE, &state.randomstuff[j]); + BF_cbc_encrypt(v[0], temp, KEYSIZE, &hashkey, + ivec, BF_ENCRYPT); + memcpy(&v[0], temp, KEYSIZE); + } + + /* 2. Compute hash values for all v. _Supposed_ to be computationally */ + /* intensive. */ + + for (i = 1; i < BINS; i++) { + bzero((void *)&v[i], KEYSIZE); + for (j = 0; j < sizeof(state.randomstuff); j += KEYSIZE) { + /* v[i] #= h(v[i-1]) */ + BF_set_key(&hashkey, KEYSIZE, v[i - 1]); + BF_cbc_encrypt(v[i], temp, KEYSIZE, &hashkey, + ivec, BF_ENCRYPT); + memcpy(&v[i], temp, KEYSIZE); + /* v[i] #= h(v[0]) */ + BF_set_key(&hashkey, KEYSIZE, v[0]); + BF_cbc_encrypt(v[i], temp, KEYSIZE, &hashkey, + ivec, BF_ENCRYPT); + memcpy(&v[i], temp, KEYSIZE); + /* v[i] #= h(i) */ + BF_set_key(&hashkey, sizeof(int), (unsigned char *)&i); + BF_cbc_encrypt(v[i], temp, KEYSIZE, &hashkey, + ivec, BF_ENCRYPT); + memcpy(&v[i], temp, KEYSIZE); + } + } + + /* 3. Compute a new Key. */ + + bzero((void *)hash, KEYSIZE); + BF_set_key(&hashkey, KEYSIZE, (unsigned char *)&state.key); + BF_cbc_encrypt(hash, temp, KEYSIZE, &hashkey, + ivec, BF_ENCRYPT); + memcpy(hash, temp, KEYSIZE); + for (i = 1; i < BINS; i++) { + BF_set_key(&hashkey, KEYSIZE, v[i]); + BF_cbc_encrypt(hash, temp, KEYSIZE, &hashkey, + ivec, BF_ENCRYPT); + memcpy(hash, temp, KEYSIZE); + } + + BF_set_key(&state.key, KEYSIZE, hash); + + /* 4. Recompute the counter */ + + state.counter = 0; + BF_cbc_encrypt((unsigned char *)&state.counter, temp, + sizeof(state.counter), &state.key, state.ivec, + BF_ENCRYPT); + memcpy(&state.counter, temp, state.counter); + + /* 5. Reset all entropy estimate accumulators to zero */ + + bzero((void *)state.randomstuff, sizeof(state.randomstuff)); + + /* 6. Wipe memory of intermediate values */ + + bzero((void *)v, sizeof(v)); + bzero((void *)temp, sizeof(temp)); + bzero((void *)hash, sizeof(hash)); + + /* 7. Dump to seed file (XXX done by external process?) */ + +} + +u_int +read_random(char *buf, u_int count) +{ + static int cur = 0; + static int gate = 1; + u_int i; + u_int retval; + u_int64_t genval; + + if (gate) { + generator_gate(); + state.outputblocks = 0; + gate = 0; + } + if (count >= sizeof(state.counter)) { + retval = 0; + for (i = 0; i < count; i += sizeof(state.counter)) { + state.counter++; + BF_cbc_encrypt((unsigned char *)&state.counter, + (unsigned char *)&genval, sizeof(state.counter), + &state.key, state.ivec, BF_ENCRYPT); + memcpy(&buf[i], &genval, sizeof(state.counter)); + if (++state.outputblocks >= state.gengateinterval) { + generator_gate(); + state.outputblocks = 0; + } + retval += sizeof(state.counter); + } + } + else { + if (!cur) { + state.counter++; + BF_cbc_encrypt((unsigned char *)&state.counter, + (unsigned char *)&genval, sizeof(state.counter), + &state.key, state.ivec, BF_ENCRYPT); + memcpy(buf, &genval, count); + cur = sizeof(state.counter) - count; + if (++state.outputblocks >= state.gengateinterval) { + generator_gate(); + state.outputblocks = 0; + } + retval = count; + } + else { + retval = cur < count ? cur : count; + memcpy(buf, + (char *)&state.counter + + (sizeof(state.counter) - retval), + retval); + cur -= retval; + } + } + return retval; +} + +void +generator_gate(void) +{ + int i; + unsigned char temp[KEYSIZE]; + + for (i = 0; i < KEYSIZE; i += sizeof(state.counter)) { + state.counter++; + BF_cbc_encrypt((unsigned char *)&state.counter, &temp[i], + sizeof(state.counter), &state.key, state.ivec, + BF_ENCRYPT); + } + + BF_set_key(&state.key, KEYSIZE, temp); + bzero((void *)temp, KEYSIZE); +} diff --git a/sys/dev/randomdev/yarrow.h b/sys/dev/randomdev/yarrow.h new file mode 100644 index 0000000..6fb557e --- /dev/null +++ b/sys/dev/randomdev/yarrow.h @@ -0,0 +1,42 @@ +/*- + * Copyright (c) 2000 Mark Murray + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer + * in this position and unchanged. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#define BINS 10 /* t */ +#define KEYSIZE 32 /* 32 bytes == 256 bits */ + +/* This is the beasite that needs protecting. It contains all of the + * state that we are excited about. + */ +struct state { + u_int64_t counter; /* C */ + BF_KEY key; /* K */ + unsigned char ivec[8]; /* Blowfish internal */ + int gengateinterval; /* Pg */ + int outputblocks; + unsigned char randomstuff[1024]; /* XXX to be done properly */ +}; |