From d5861655770012f2a69a575c40f59a3567351672 Mon Sep 17 00:00:00 2001 From: markm Date: Tue, 30 Jun 2015 17:00:45 +0000 Subject: Huge cleanup of random(4) code. * GENERAL - Update copyright. - Make kernel options for RANDOM_YARROW and RANDOM_DUMMY. Set neither to ON, which means we want Fortuna - If there is no 'device random' in the kernel, there will be NO random(4) device in the kernel, and the KERN_ARND sysctl will return nothing. With RANDOM_DUMMY there will be a random(4) that always blocks. - Repair kern.arandom (KERN_ARND sysctl). The old version went through arc4random(9) and was a bit weird. - Adjust arc4random stirring a bit - the existing code looks a little suspect. - Fix the nasty pre- and post-read overloading by providing explictit functions to do these tasks. - Redo read_random(9) so as to duplicate random(4)'s read internals. This makes it a first-class citizen rather than a hack. - Move stuff out of locked regions when it does not need to be there. - Trim RANDOM_DEBUG printfs. Some are excess to requirement, some behind boot verbose. - Use SYSINIT to sequence the startup. - Fix init/deinit sysctl stuff. - Make relevant sysctls also tunables. - Add different harvesting "styles" to allow for different requirements (direct, queue, fast). - Add harvesting of FFS atime events. This needs to be checked for weighing down the FS code. - Add harvesting of slab allocator events. This needs to be checked for weighing down the allocator code. - Fix the random(9) manpage. - Loadable modules are not present for now. These will be re-engineered when the dust settles. - Use macros for locks. - Fix comments. * src/share/man/... - Update the man pages. * src/etc/... - The startup/shutdown work is done in D2924. * src/UPDATING - Add UPDATING announcement. * src/sys/dev/random/build.sh - Add copyright. - Add libz for unit tests. * src/sys/dev/random/dummy.c - Remove; no longer needed. Functionality incorporated into randomdev.*. * live_entropy_sources.c live_entropy_sources.h - Remove; content moved. - move content to randomdev.[ch] and optimise. * src/sys/dev/random/random_adaptors.c src/sys/dev/random/random_adaptors.h - Remove; plugability is no longer used. Compile-time algorithm selection is the way to go. * src/sys/dev/random/random_harvestq.c src/sys/dev/random/random_harvestq.h - Add early (re)boot-time randomness caching. * src/sys/dev/random/randomdev_soft.c src/sys/dev/random/randomdev_soft.h - Remove; no longer needed. * src/sys/dev/random/uint128.h - Provide a fake uint128_t; if a real one ever arrived, we can use that instead. All that is needed here is N=0, N++, N==0, and some localised trickery is used to manufacture a 128-bit 0ULLL. * src/sys/dev/random/unit_test.c src/sys/dev/random/unit_test.h - Improve unit tests; previously the testing human needed clairvoyance; now the test will do a basic check of compressibility. Clairvoyant talent is still a good idea. - This is still a long way off a proper unit test. * src/sys/dev/random/fortuna.c src/sys/dev/random/fortuna.h - Improve messy union to just uint128_t. - Remove unneeded 'static struct fortuna_start_cache'. - Tighten up up arithmetic. - Provide a method to allow eternal junk to be introduced; harden it against blatant by compress/hashing. - Assert that locks are held correctly. - Fix the nasty pre- and post-read overloading by providing explictit functions to do these tasks. - Turn into self-sufficient module (no longer requires randomdev_soft.[ch]) * src/sys/dev/random/yarrow.c src/sys/dev/random/yarrow.h - Improve messy union to just uint128_t. - Remove unneeded 'staic struct start_cache'. - Tighten up up arithmetic. - Provide a method to allow eternal junk to be introduced; harden it against blatant by compress/hashing. - Assert that locks are held correctly. - Fix the nasty pre- and post-read overloading by providing explictit functions to do these tasks. - Turn into self-sufficient module (no longer requires randomdev_soft.[ch]) - Fix some magic numbers elsewhere used as FAST and SLOW. Differential Revision: https://reviews.freebsd.org/D2025 Reviewed by: vsevolod,delphij,rwatson,trasz,jmg Approved by: so (delphij) --- sys/dev/random/live_entropy_sources.c | 190 ---------------------------------- 1 file changed, 190 deletions(-) delete mode 100644 sys/dev/random/live_entropy_sources.c (limited to 'sys/dev/random/live_entropy_sources.c') diff --git a/sys/dev/random/live_entropy_sources.c b/sys/dev/random/live_entropy_sources.c deleted file mode 100644 index 9899cb4..0000000 --- a/sys/dev/random/live_entropy_sources.c +++ /dev/null @@ -1,190 +0,0 @@ -/*- - * Copyright (c) 2013 Arthur Mesh - * Copyright (c) 2013 Mark R V Murray - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer - * in this position and unchanged. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include -__FBSDID("$FreeBSD$"); - -#include "opt_random.h" - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include - -#include -#include -#include -#include - -#include "live_entropy_sources.h" - -/* - * The les_lock protects the consistency of the "struct les_head les_sources" - */ -static struct sx les_lock; /* Need a sleepable lock for the sbuf/sysctl stuff. */ - -LIST_HEAD(les_head, live_entropy_sources); -static struct les_head les_sources = LIST_HEAD_INITIALIZER(les_sources); - -void -live_entropy_source_register(struct live_entropy_source *rsource) -{ - struct live_entropy_sources *lles; - - KASSERT(rsource != NULL, ("invalid input to %s", __func__)); - - lles = malloc(sizeof(*lles), M_ENTROPY, M_WAITOK); - lles->lles_rsource = rsource; - - sx_xlock(&les_lock); - LIST_INSERT_HEAD(&les_sources, lles, lles_entries); - sx_xunlock(&les_lock); -} - -void -live_entropy_source_deregister(struct live_entropy_source *rsource) -{ - struct live_entropy_sources *lles = NULL; - - KASSERT(rsource != NULL, ("invalid input to %s", __func__)); - - sx_xlock(&les_lock); - LIST_FOREACH(lles, &les_sources, lles_entries) - if (lles->lles_rsource == rsource) { - LIST_REMOVE(lles, lles_entries); - break; - } - sx_xunlock(&les_lock); - if (lles != NULL) - free(lles, M_ENTROPY); -} - -static int -live_entropy_source_handler(SYSCTL_HANDLER_ARGS) -{ - struct live_entropy_sources *lles; - struct sbuf sbuf; - int error, count; - - sx_slock(&les_lock); - - sbuf_new_for_sysctl(&sbuf, NULL, 64, req); - - count = 0; - LIST_FOREACH(lles, &les_sources, lles_entries) { - sbuf_cat(&sbuf, (count++ ? ",'" : "'")); - sbuf_cat(&sbuf, lles->lles_rsource->les_ident); - sbuf_cat(&sbuf, "'"); - } - - error = sbuf_finish(&sbuf); - sbuf_delete(&sbuf); - - sx_sunlock(&les_lock); - - return (error); -} - -/* - * Run through all "live" sources reading entropy for the given - * number of rounds, which should be a multiple of the number - * of entropy accumulation pools in use; 2 for Yarrow and 32 - * for Fortuna. - * - * BEWARE!!! - * This function runs inside the RNG thread! Don't do anything silly! - */ -/* XXXRW: get_cyclecount() is cheap on most modern hardware, where cycle - * counters are built in, but on older hardware it will do a real time clock - * read which can be quite expensive. - */ -void -live_entropy_sources_feed(void) -{ - static struct harvest_event event; - struct live_entropy_sources *lles; - int i, read_rate; - u_int n; - - sx_slock(&les_lock); - - /* - * Walk over all of live entropy sources, and feed their output - * to the system-wide RNG. - */ - read_rate = random_adaptor_read_rate(); - LIST_FOREACH(lles, &les_sources, lles_entries) { - - for (i = 0; i < harvest_pool_count*read_rate; i++) { - /* This *must* be quick, since it's a live entropy source. */ - n = lles->lles_rsource->les_read(event.he_entropy, HARVESTSIZE); - KASSERT((n > 0 && n <= HARVESTSIZE), ("very bad return from les_read (= %d) in %s", n, __func__)); - memset(event.he_entropy + n, 0, HARVESTSIZE - n); - - event.he_somecounter = get_cyclecount(); - event.he_size = n; - event.he_bits = (n*8)/2; - event.he_source = lles->lles_rsource->les_source; - event.he_destination = harvest_destination[event.he_source]++; - - /* Do the actual entropy insertion */ - harvest_process_event(&event); - } - - } - - sx_sunlock(&les_lock); -} - -void -live_entropy_sources_init(void) -{ - - SYSCTL_PROC(_kern_random, OID_AUTO, live_entropy_sources, - CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE, - NULL, 0, live_entropy_source_handler, "", - "List of Active Live Entropy Sources"); - - sx_init(&les_lock, "live_entropy_sources"); -} - -void -live_entropy_sources_deinit(void) -{ - - sx_destroy(&les_lock); -} -- cgit v1.1