Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
0514024aff
NetBSD/sys/ufs/ffs/ffs_appleufs.c
tls 3afd44cf08 First step of random number subsystem rework described in 
<20111022023242.BA26F14A158@mail.netbsd.org>.  This change includes
the following:

	An initial cleanup and minor reorganization of the entropy pool
	code in sys/dev/rnd.c and sys/dev/rndpool.c.  Several bugs are
	fixed.  Some effort is made to accumulate entropy more quickly at
	boot time.

	A generic interface, "rndsink", is added, for stream generators to
	request that they be re-keyed with good quality entropy from the pool
	as soon as it is available.

	The arc4random()/arc4randbytes() implementation in libkern is
	adjusted to use the rndsink interface for rekeying, which helps
	address the problem of low-quality keys at boot time.

	An implementation of the FIPS 140-2 statistical tests for random
	number generator quality is provided (libkern/rngtest.c).  This
	is based on Greg Rose's implementation from Qualcomm.

	A new random stream generator, nist_ctr_drbg, is provided.  It is
	based on an implementation of the NIST SP800-90 CTR_DRBG by
	Henric Jungheim.  This generator users AES in a modified counter
	mode to generate a backtracking-resistant random stream.

	An abstraction layer, "cprng", is provided for in-kernel consumers
	of randomness.  The arc4random/arc4randbytes API is deprecated for
	in-kernel use.  It is replaced by "cprng_strong".  The current
	cprng_fast implementation wraps the existing arc4random
	implementation.  The current cprng_strong implementation wraps the
	new CTR_DRBG implementation.  Both interfaces are rekeyed from
	the entropy pool automatically at intervals justifiable from best
	current cryptographic practice.

	In some quick tests, cprng_fast() is about the same speed as
	the old arc4randbytes(), and cprng_strong() is about 20% faster
	than rnd_extract_data().  Performance is expected to improve.

	The AES code in src/crypto/rijndael is no longer an optional
	kernel component, as it is required by cprng_strong, which is
	not an optional kernel component.

	The entropy pool output is subjected to the rngtest tests at
	startup time; if it fails, the system will reboot.  There is
	approximately a 3/10000 chance of a false positive from these
	tests.  Entropy pool _input_ from hardware random numbers is
	subjected to the rngtest tests at attach time, as well as the
	FIPS continuous-output test, to detect bad or stuck hardware
	RNGs; if any are detected, they are detached, but the system
	continues to run.

	A problem with rndctl(8) is fixed -- datastructures with
	pointers in arrays are no longer passed to userspace (this
	was not a security problem, but rather a major issue for
	compat32).  A new kernel will require a new rndctl.

	The sysctl kern.arandom() and kern.urandom() nodes are hooked
	up to the new generators, but the /dev/*random pseudodevices
	are not, yet.

	Manual pages for the new kernel interfaces are forthcoming.
2011-11-19 22:51:18 +00:00

155 lines
4.5 KiB
C
Raw Blame History

/* $NetBSD: ffs_appleufs.c,v 1.12 2011/11/19 22:51:31 tls Exp $ */
/*
* Copyright (c) 2002 Darrin B. Jewell
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: ffs_appleufs.c,v 1.12 2011/11/19 22:51:31 tls Exp $");
#include <sys/param.h>
#include <sys/time.h>
#if defined(_KERNEL)
#include <sys/kernel.h>
#include <sys/systm.h>
#include <sys/cprng.h>
#endif
#include <ufs/ufs/dinode.h>
#include <ufs/ufs/ufs_bswap.h>
#include <ufs/ffs/fs.h>
#include <ufs/ffs/ffs_extern.h>
#if !defined(_KERNEL) && !defined(STANDALONE)
#include <stddef.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <assert.h>
#define KASSERT(x) assert(x)
#endif
/*
* this is the same calculation as in_cksum
*/
u_int16_t
ffs_appleufs_cksum(const struct appleufslabel *appleufs)
{
const u_int16_t *p = (const u_int16_t *)appleufs;
int len = APPLEUFS_LABEL_SIZE; /* sizeof(struct appleufslabel) */
long res = 0;
while (len > 1) {
res += *p++;
len -= 2;
}
#if 0 /* APPLEUFS_LABEL_SIZE is guaranteed to be even */
if (len == 1)
res += htobe16(*(u_char *)p<<8);
#endif
res = (res >> 16) + (res & 0xffff);
res += (res >> 16);
return (~res);
}
/* copies o to n, validating and byteswapping along the way
* returns 0 if ok, EINVAL if not valid
*/
int
ffs_appleufs_validate(const char *name, const struct appleufslabel *o,
struct appleufslabel *n)
{
struct appleufslabel tmp;
if (!n) n = &tmp;
if (o->ul_magic != be32toh(APPLEUFS_LABEL_MAGIC)) {
return EINVAL;
}
*n = *o;
n->ul_checksum = 0;
n->ul_checksum = ffs_appleufs_cksum(n);
if (n->ul_checksum != o->ul_checksum) {
#if defined(DIAGNOSTIC) || !defined(_KERNEL)
printf("%s: invalid APPLE UFS checksum. found 0x%x, expecting 0x%x",
name,o->ul_checksum,n->ul_checksum);
#endif
return EINVAL;
}
n->ul_magic = be32toh(o->ul_magic);
n->ul_version = be32toh(o->ul_version);
n->ul_time = be32toh(o->ul_time);
n->ul_namelen = be16toh(o->ul_namelen);
if (n->ul_namelen > APPLEUFS_MAX_LABEL_NAME) {
#if defined(DIAGNOSTIC) || !defined(_KERNEL)
printf("%s: APPLE UFS label name too long, truncated.\n",
name);
#endif
n->ul_namelen = APPLEUFS_MAX_LABEL_NAME;
}
/* if len is max, will set ul_unused1 */
n->ul_name[n->ul_namelen - 1] = '\0';
#ifdef DEBUG
printf("%s: found APPLE UFS label v%d: \"%s\"\n",
name,n->ul_version,n->ul_name);
#endif
n->ul_uuid = be64toh(o->ul_uuid);
return 0;
}
void
ffs_appleufs_set(struct appleufslabel *appleufs, const char *name, time_t t,
uint64_t uuid)
{
size_t namelen;
if (!name) name = "untitled";
if (t == ((time_t)-1)) {
#if defined(_KERNEL)
t = time_second;
#elif defined(STANDALONE)
t = 0;
#else
(void)time(&t);
#endif
}
if (uuid == 0) {
#if defined(_KERNEL) && !defined(STANDALONE)
uuid = cprng_fast64();
#endif
}
namelen = strlen(name);
if (namelen > APPLEUFS_MAX_LABEL_NAME)
namelen = APPLEUFS_MAX_LABEL_NAME;
memset(appleufs, 0, APPLEUFS_LABEL_SIZE);
appleufs->ul_magic = htobe32(APPLEUFS_LABEL_MAGIC);
appleufs->ul_version = htobe32(APPLEUFS_LABEL_VERSION);
appleufs->ul_time = htobe32((u_int32_t)t);
appleufs->ul_namelen = htobe16(namelen);
strncpy(appleufs->ul_name,name,namelen);
appleufs->ul_uuid = htobe64(uuid);
appleufs->ul_checksum = ffs_appleufs_cksum(appleufs);
}
Reference in New Issue View Git Blame Copy Permalink