Commit Graph

20 Commits

Author SHA1 Message Date
sommerfeld bbca3924cd Replace "timestamp" with "counter" in previous change, to avoid any
possible confusion that it has anything to do with accurate
measurement of time.

New names:
	__HAVE_CPU_COUNTER
	cpu_counter()
	cpu_hascounter()
2000-06-06 01:33:15 +00:00
sommerfeld 7497ddcce5 /dev/random code cleanups:
- Add comments about which spls apply to which data structures.
 - Consistently protect the rnd_samples queue (the queue of
unprocessed samples) at splhigh().
 - allow MD code to supply cpu_timestamp() and cpu_havetimestamp() for
an optional higher-resolution clock/roulette wheel source.
 - Collect more statistics on the pool state (keeping track of where
collected bits are going, in addition to where they came from).
 - Add RNDGETPOOLSTAT ioctl to get the additional stats.
 - Flush a few unused rndpool calls.
 - XXX XXX Cryptographic changes:
  - 32-bit rotate is:
	((val << rp->rotate) | (val >> (32 - rp->rotate))),
    not
	(val << rp->rotate) | (val >> rp->rotate)
    or
	((val << rp->rotate) | (val >> (31 - rp->rotate)))
  - Avoid overloading of rp->rotate and double-rotation of data
(which limited pool mixing somewhat; "rotate" never got above 7).
  - Be more paranoid (but probably not paranoid enough) about mixing
output back into the pool.  This is an improvement, but it needs
revisiting soon.

We should follow the spirit of some of the recommendations in
the Schneier PRNG papers:

http://www.counterpane.com/yarrow-notes.html
http://www.counterpane.com/pseudorandom_number.html

including:
 - two (or more) stage operation for better isolation between inputs
and outputs.
 - use of keyed one-way functions (probably better even than
invertible keyed functions like 3DES) at key points in the data flow,
so that breaking the PRNG is clearly as hard as breaking the function.
2000-06-05 23:42:34 +00:00
thorpej 1cff94b896 Add missing field in static initialization. 2000-05-19 04:03:33 +00:00
thorpej fc96443d15 New callout mechanism with two major improvements over the old
timeout()/untimeout() API:
- Clients supply callout handle storage, thus eliminating problems of
  resource allocation.
- Insertion and removal of callouts is constant time, important as
  this facility is used quite a lot in the kernel.

The old timeout()/untimeout() API has been removed from the kernel.
2000-03-23 07:01:25 +00:00
pk 3fffa45b75 Guard global `rnd_mempool' against interrupts.
Use appropriate flags in pool_get().
1999-06-12 10:58:47 +00:00
explorer 3f80ba486e don't allow /dev/random to be opened (return ENXIO) until there is at least
one active entropy source
1999-04-01 19:07:40 +00:00
explorer c1ab1c57fb don't collect or estimate on network devices by default 1999-02-28 19:01:30 +00:00
explorer 6b24c4b0fd Cleanup (in preparation for using gzip to estimate entropy)
(1) remove unused and probably bad (from an API POV) ioctls,
(2) split tyfl into type and flags,
(3) collect an array of samples, and add them all at once.  Soon, this
    will be using gzip to estimate the entropy, but for now the original
    estimation methods are still used.
(4) kill rnd_add_data() -- it compliated the API for little benefit
1999-02-28 17:18:42 +00:00
mrg 59a6c3d4e7 KNF anality. 1999-01-27 10:41:00 +00:00
explorer 6036d56ba6 Move RND_ENTROPY_THRESHOLD to sys/rnd.h. Use sha1 rather than md5, and
release the first 96 bits of the hash directly rather than by folding.
The full 160 bit hash is mixed back into the entropy pool.  This keeps
64 bits secret to stir the pool with.
1998-05-27 00:59:14 +00:00
explorer 1f2bca63e2 clean up the event queue more. Add volatile where needed. 1997-10-20 18:43:48 +00:00
explorer 7f8a4b47f8 Clean up the timeout and queue code. 1997-10-20 15:05:05 +00:00
explorer 2a18497c3f o Remove most of the splhigh() protected regions, making them
splsoftclock() instead.  This is done with an event queue of raw data,
  and the entropy calculation etc. is done at splsoftclock().

o Use a private entropy pool rather than the global one defined in
  rndpool.c.  That global will probably go away, eventually.
1997-10-19 11:43:05 +00:00
explorer 72dbc31c75 clean up ioctl arguments. 1997-10-15 07:22:46 +00:00
explorer be3b267427 Update notice to indicate the the IDEAS were derived from Ted's code, not the
code itself, per phone conversation with Ted
1997-10-13 19:59:26 +00:00
explorer c713bc804e update copyright to include the CORRECT spelling of Ted Ts'o's name 1997-10-13 18:34:29 +00:00
explorer 80513cb5ae o Make usage of /dev/random dependant on
pseudo-device   rnd                     # /dev/random and in-kernel generator
  in config files.

o Add declaration to all architectures.

o Clean up copyright message in rnd.c, rnd.h, and rndpool.c to include
  that this code is derived in part from Ted Tyso's linux code.
1997-10-13 00:46:08 +00:00
thorpej d7e08a2471 Don't be verbose by default. 1997-10-12 18:49:09 +00:00
explorer e4e727226c For network devices, collect timing information and mix into the pool,
but do not assume any entopy is gathered.  It can be enabled using an
IOCTL again if the user desires.

Note that the mix function uses xor, so at worse an attacker can twiddle
bits in the pool, but not into a known state assuming it started as
an unknown.
1997-10-10 16:35:00 +00:00
explorer 2021c11247 Addition of /dev/random and in-kernel random value generation.
Over the next few days (thank goodness for long weekends) I'll be hunting
down device drivers and adding hooks to gather entropy from many devices,
and adding the conf.c changes to the various port's device structs to
define major numbers for /dev/random and /dev/urandom.
1997-10-09 23:13:12 +00:00