From owner-freebsd-hackers  Fri Sep 13 12:38:14 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7590037B400
	for <hackers@FreeBSD.ORG>; Fri, 13 Sep 2002 12:38:09 -0700 (PDT)
Received: from rootlabs.com (root.org [67.118.192.226])
	by mx1.FreeBSD.org (Postfix) with SMTP id ECFB643E6E
	for <hackers@FreeBSD.ORG>; Fri, 13 Sep 2002 12:38:08 -0700 (PDT)
	(envelope-from nate@rootlabs.com)
Received: (qmail 27778 invoked by uid 1000); 13 Sep 2002 19:38:09 -0000
Date: Fri, 13 Sep 2002 12:38:09 -0700 (PDT)
From: Nate Lawson <nate@root.org>
To: Stacy Millions <stacy@millions.ca>
Cc: hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG
Subject: Re: kern_random interface
In-Reply-To: <3D822EB8.4010201@millions.ca>
Message-ID: <Pine.BSF.4.21.0209131225310.27608-100000@root.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

On Fri, 13 Sep 2002, Stacy Millions wrote:
> I have been working on a kld that provides a driver for the Intel 82802
> hardware random number generator. I have it working (give or take), but
> am not quite ready to release it. 

Great!

> I would also like to get some opinions on the how to enable the option to
> add entropy to kern_random. 
> I was thinking of an "rng interface". Then any hardware rng driver that
> implemented the device_method specified by the interface would be
> able to feed entropy to kern_random. It would be controlled by
> rndcontrol, something like "rndcontrol -d rng0" to enable device rng0
> to start feeding kern_random and "rndcontrol -D rng0" to disable it.
> It could also be extended to include methods for getting random data
> directly, so that things like IPSec could get their key data from a
> specific rng.
> 
> Am I on the right track here? I have looked at the Hardware Crypto
> Support stuff and I don't think anything I'm doing or purposing
> conflicts with it.

Your patch is for -stable.  The random subsystem has been replaced on
-current with Yarrow.  Mark Murray is the one you probably want to talk
with although Sam Leffler has also been doing a bit of work on the kernel
crypto stuff.

-Nate


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message