From owner-freebsd-hackers  Sat Sep 14  7: 6:13 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 8A5F237B400; Sat, 14 Sep 2002 07:06:07 -0700 (PDT)
Received: from host217-39-140-249.in-addr.btopenworld.com (host217-39-140-249.in-addr.btopenworld.com [217.39.140.249])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id A7C7F43E42; Sat, 14 Sep 2002 07:06:06 -0700 (PDT)
	(envelope-from dom@host217-39-140-249.in-addr.btopenworld.com)
Received: by host217-39-140-249.in-addr.btopenworld.com (Postfix, from userid 1001)
	id 6CE5E4BC; Sat, 14 Sep 2002 15:06:45 +0100 (BST)
Date: Sat, 14 Sep 2002 15:06:45 +0100
From: Dominic Marks <dominic_marks@btinternet.com>
To: Stacy Millions <stacy@millions.ca>
Cc: hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG
Subject: Re: kern_random interface
Message-ID: <20020914140645.GB627@gallium>
References: <3D822EB8.4010201@millions.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3D822EB8.4010201@millions.ca>
User-Agent: Mutt/1.5.1i
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

On Fri, Sep 13, 2002 at 12:30:16PM -0600, Stacy Millions wrote:
> I have been working on a kld that provides a driver for the Intel 82802
> hardware random number generator. I have it working (give or take), but
> am not quite ready to release it. One of the features I want to include,
> is the ability to feed entropy from the rng to kern_random. I have
> attached a patch that adds an interface to kern_random to add the
> entropy with out any of the quality estimate or timer delta calculations.
> 
> I am soliciting comments on this patch before I submit a pr.
> 
> I would also like to get some opinions on the how to enable the option to
> add entropy to kern_random. Right now, I am implementing it as a sysctl
> for my device, but I was thinking of a more general purpose solution.
> I was thinking of an "rng interface". Then any hardware rng driver that
> implemented the device_method specified by the interface would be
> able to feed entropy to kern_random. It would be controlled by
> rndcontrol, something like "rndcontrol -d rng0" to enable device rng0
> to start feeding kern_random and "rndcontrol -D rng0" to disable it.
> It could also be extended to include methods for getting random data
> directly, so that things like IPSec could get their key data from a
> specific rng.

Other '*control' applications keywords, it would be nice to keep this
constant in rndcontrol (In my opinion anyway), something like:

rndcontrol list

Show a list of the random data sources

rndcontrol enable rng0

Enable harversting from this device

rndcontrol disable rng0

Disable harversting

rndcontrol link ipsec rng0
rndcontrol link geom rng1

Assign certain parts of the kernel to certain random devices

Is this sort of what you had in mind ?

> Am I on the right track here? I have looked at the Hardware Crypto
> Support stuff and I don't think anything I'm doing or purposing
> conflicts with it.
> 
> -stacy
> 
> -- 
> If they keep lowering education standards and raising the price of
> gasoline, there are going to be a lot of stupid people walking around.
> 
> Stacy Millions                                       stacy@millions.ca
> Millions Consulting Limited
> 

> diff -ur /usr/src/sys/kern/kern_random.c ./kern/kern_random.c
> --- /usr/src/sys/kern/kern_random.c	Thu Feb 21 15:23:33 2002
> +++ ./kern/kern_random.c	Wed Sep 11 14:24:28 2002
> @@ -249,6 +249,22 @@
>  	add_timer_randomness(&random_state, &irq_timer_state[intr], intr);
>  }
>  
> +/* add entropy without any song and dance. source should be a
> + * real RNG, like the Intel 82802 hardware RNG -stacy@millions.ca */
> +void
> +add_entropy(u_int32_t v)
> +{
> +	add_entropy_word(&random_state, v);
> +	random_state.entropy_count += 32;
> +	
> +	/* Prevent overflow */
> +	if (random_state.entropy_count > POOLBITS)
> +		random_state.entropy_count = POOLBITS;
> +
> +	if (random_state.entropy_count >= 8)
> +		selwakeup(&random_state.rsel);
> +}
> +
>  #ifdef notused
>  void
>  add_blkdev_randomness(int major)
> diff -ur /usr/src/sys/sys/random.h ./sys/random.h
> --- /usr/src/sys/sys/random.h	Tue May  9 20:04:52 2000
> +++ ./sys/random.h	Wed Sep 11 14:24:16 2002
> @@ -71,6 +71,7 @@
>  void rand_initialize(void);
>  void add_keyboard_randomness(u_char scancode);
>  inthand2_t add_interrupt_randomness;
> +void add_entropy(u_int32_t e);
>  #ifdef notused
>  void add_blkdev_randomness(int major);
>  #endif
> 


-- 
Dominic Marks
 Computer & Politics Geek
  [work]::[npl.co.uk] << dominic.marks at npl.co.uk >>
  [educ]::[umist.ac.uk] << notyet-known at umist.ac.uk >>
  [home]::[btinternet] << dominic_marks at btinternet.com >>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message