FreeBSD Bugzilla – Attachment 186932 Details for
Bug 222807
PURE entropy sources are harvested but not mixed in. Also, min-entropy low per SP800-90B measurements
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
patche that enable "pure" entropy sources such as RDRND to actually be mixed
pure-source.patch (text/plain), 7.78 KB, created by
W. Dean Freeman
on 2017-10-06 00:45:03 UTC
(
hide
)
Description:
patche that enable "pure" entropy sources such as RDRND to actually be mixed
Filename:
MIME Type:
Creator:
W. Dean Freeman
Created:
2017-10-06 00:45:03 UTC
Size:
7.78 KB
patch
obsolete
>From 0054e3e170e083811acc9f3b637f8be8a86c03e7 Mon Sep 17 00:00:00 2001 >From: Oliver Pinter <oliver.pinter@hardenedbsd.org> >Date: Sun, 24 Sep 2017 03:32:05 +0200 >Subject: [PATCH] HBSD: rework entropy source registration > >Before this patch the pure entropy sources are ignored from mixins. >This was an implementation bug in random_harvest_direct()'s enabled >sources check, where the pure sources are always ignore, because they >are never registered into harvest_context.hc_source_mask bitfield. > >This patch implements a registration framework for pure entropy sources, >which registers them at attach time to harvest_context.hc_source_mask. > >From other side, we prevent to disable them from user-space by setting >only environmental entropy source masks. > >This work mostly based on the idea from wfd@. The original idea was to >igonre the harvest mask in random_harvest_direct(), but I think this is >the proper implementation, where a newly added pure entropy source >register itself into harvest mask, and then we prevent to disable >them from sysctls. > >Original-PR: #281 >Details: https://www.funkthat.com/~jmg/vbsdcon_2017_ddfreebsdrng_slides.pdf >Tested-by: W. Dean Freeman <badfilemagic@gmail.com> <wdfreeman@ieee.org> >CC: W. Dean Freeman <badfilemagic@gmail.com> <wdfreeman@ieee.org> >CC: John-Mark Gurney <jmg@funkthat.com> >CC: Ed Maste <emaste@FreeBSD.org> >Signed-off-by: Oliver Pinter <oliver.pinter@hardenedbsd.org> >Reviewed-by: lattera dstolfa wdfreeman jmg >(cherry picked from commit 137db59df58773d5771025f9fd157827db9d2f8b) >Signed-off-by: Oliver Pinter <oliver.pinter@hardenedbsd.org> >--- > sys/dev/random/random_harvestq.c | 61 ++++++++++++++++++++++++++++++++++------ > sys/dev/random/randomdev.c | 6 ++++ > sys/sys/random.h | 8 +++++- > 3 files changed, 66 insertions(+), 9 deletions(-) > >diff --git a/sys/dev/random/random_harvestq.c b/sys/dev/random/random_harvestq.c >index 69cbd278d484b..f5dcdb36a15ae 100644 >--- a/sys/dev/random/random_harvestq.c >+++ b/sys/dev/random/random_harvestq.c >@@ -1,4 +1,6 @@ >-/*- >+ /*2 >+ * Copyright (c) 2017 Oliver Pinter >+ * Copyright (c) 2017 W. Dean Freeman > * Copyright (c) 2000-2015 Mark R V Murray > * Copyright (c) 2013 Arthur Mesh > * Copyright (c) 2004 Robert N. M. Watson >@@ -240,7 +242,29 @@ read_rate_increment(u_int chunk) > } > > /* ARGSUSED */ >-RANDOM_CHECK_UINT(harvestmask, 0, RANDOM_HARVEST_EVERYTHING_MASK); >+static int >+random_check_uint_harvestmask(SYSCTL_HANDLER_ARGS) >+{ >+ int error; >+ u_int value, orig_value; >+ >+ orig_value = value = harvest_context.hc_source_mask; >+ error = sysctl_handle_int(oidp, &value, 0, req); >+ if (error || !req->newptr) >+ return (error); >+ >+ if (flsl(value) >= ENTROPYSOURCE) >+ return (EINVAL); >+ >+ /* >+ * Set the new environmental harvest mask, regardless >+ * from the pure entropy sources. >+ * We won't allow to modify the pure entropy source. >+ */ >+ harvest_context.hc_source_mask = value | (orig_value & RANDOM_HARVEST_PURE_MASK); >+ >+ return (0); >+} > > /* ARGSUSED */ > static int >@@ -252,7 +276,7 @@ random_print_harvestmask(SYSCTL_HANDLER_ARGS) > error = sysctl_wire_old_buffer(req, 0); > if (error == 0) { > sbuf_new_for_sysctl(&sbuf, NULL, 128, req); >- for (i = RANDOM_ENVIRONMENTAL_END; i >= 0; i--) >+ for (i = ENTROPYSOURCE - 1; i >= 0; i--) > sbuf_cat(&sbuf, (harvest_context.hc_source_mask & (1 << i)) ? "1" : "0"); > error = sbuf_finish(&sbuf); > sbuf_delete(&sbuf); >@@ -272,7 +296,7 @@ static const char *(random_source_descr[]) = { > "SWI", > "FS_ATIME", > "UMA", /* ENVIRONMENTAL_END */ >- "PURE_OCTEON", >+ "PURE_OCTEON", /* PURE_START */ > "PURE_SAFE", > "PURE_GLXSB", > "PURE_UBSEC", >@@ -289,15 +313,23 @@ random_print_harvestmask_symbolic(SYSCTL_HANDLER_ARGS) > { > struct sbuf sbuf; > int error, i; >+ bool first; >+ >+ first = true; > > error = sysctl_wire_old_buffer(req, 0); > if (error == 0) { > sbuf_new_for_sysctl(&sbuf, NULL, 128, req); >- for (i = RANDOM_ENVIRONMENTAL_END; i >= 0; i--) { >- sbuf_cat(&sbuf, (i == RANDOM_ENVIRONMENTAL_END) ? "" : ","); >+ for (i = ENTROPYSOURCE - 1; i >= 0; i--) { >+ if (i >= RANDOM_PURE_START && >+ (harvest_context.hc_source_mask & (1 << i)) == 0) >+ continue; >+ if (!first) >+ sbuf_cat(&sbuf, ","); > sbuf_cat(&sbuf, !(harvest_context.hc_source_mask & (1 << i)) ? "[" : ""); > sbuf_cat(&sbuf, random_source_descr[i]); > sbuf_cat(&sbuf, !(harvest_context.hc_source_mask & (1 << i)) ? "]" : ""); >+ first = false; > } > error = sbuf_finish(&sbuf); > sbuf_delete(&sbuf); >@@ -319,8 +351,7 @@ random_harvestq_init(void *unused __unused) > SYSCTL_ADD_PROC(&random_clist, > SYSCTL_CHILDREN(random_sys_o), > OID_AUTO, "mask", CTLTYPE_UINT | CTLFLAG_RW, >- &harvest_context.hc_source_mask, 0, >- random_check_uint_harvestmask, "IU", >+ NULL, 0, random_check_uint_harvestmask, "IU", > "Entropy harvesting mask"); > SYSCTL_ADD_PROC(&random_clist, > SYSCTL_CHILDREN(random_sys_o), >@@ -493,4 +524,18 @@ random_harvest_direct(const void *entropy, u_int size, u_int bits, enum random_e > explicit_bzero(&event, sizeof(event)); > } > >+void >+random_harvest_register_source(enum random_entropy_source source) >+{ >+ >+ harvest_context.hc_source_mask |= (1 << source); >+} >+ >+void >+random_harvest_deregister_source(enum random_entropy_source source) >+{ >+ >+ harvest_context.hc_source_mask &= ~(1 << source); >+} >+ > MODULE_VERSION(random_harvestq, 1); >diff --git a/sys/dev/random/randomdev.c b/sys/dev/random/randomdev.c >index 7edfca8ad6075..28a191f8f7b6b 100644 >--- a/sys/dev/random/randomdev.c >+++ b/sys/dev/random/randomdev.c >@@ -1,4 +1,5 @@ > /*- >+ * Copyright (c) 2017 Oliver Pinter > * Copyright (c) 2000-2015 Mark R V Murray > * All rights reserved. > * >@@ -321,6 +322,8 @@ random_source_register(struct random_source *rsource) > rrs = malloc(sizeof(*rrs), M_ENTROPY, M_WAITOK); > rrs->rrs_source = rsource; > >+ random_harvest_register_source(rsource->rs_source); >+ > printf("random: registering fast source %s\n", rsource->rs_ident); > LIST_INSERT_HEAD(&source_list, rrs, rrs_entries); > } >@@ -331,6 +334,9 @@ random_source_deregister(struct random_source *rsource) > struct random_sources *rrs = NULL; > > KASSERT(rsource != NULL, ("invalid input to %s", __func__)); >+ >+ random_harvest_deregister_source(rsource->rs_source); >+ > LIST_FOREACH(rrs, &source_list, rrs_entries) > if (rrs->rrs_source == rsource) { > LIST_REMOVE(rrs, rrs_entries); >diff --git a/sys/sys/random.h b/sys/sys/random.h >index 480621a1e2d33..fed1210acb7f3 100644 >--- a/sys/sys/random.h >+++ b/sys/sys/random.h >@@ -81,7 +81,8 @@ enum random_entropy_source { > RANDOM_UMA, /* Special!! UMA/SLAB Allocator */ > RANDOM_ENVIRONMENTAL_END = RANDOM_UMA, > /* Fast hardware random-number sources from here on. */ >- RANDOM_PURE_OCTEON, >+ RANDOM_PURE_START, >+ RANDOM_PURE_OCTEON = RANDOM_PURE_START, > RANDOM_PURE_SAFE, > RANDOM_PURE_GLXSB, > RANDOM_PURE_UBSEC, >@@ -95,6 +96,7 @@ enum random_entropy_source { > }; > > #define RANDOM_HARVEST_EVERYTHING_MASK ((1 << (RANDOM_ENVIRONMENTAL_END + 1)) - 1) >+#define RANDOM_HARVEST_PURE_MASK (((1 << ENTROPYSOURCE) - 1) & (-1UL << RANDOM_PURE_START)) > > #define RANDOM_LEGACY_BOOT_ENTROPY_MODULE "/boot/entropy" > #define RANDOM_CACHED_BOOT_ENTROPY_MODULE "boot_entropy_cache" >@@ -104,10 +106,14 @@ enum random_entropy_source { > void random_harvest_queue(const void *, u_int, u_int, enum random_entropy_source); > void random_harvest_fast(const void *, u_int, u_int, enum random_entropy_source); > void random_harvest_direct(const void *, u_int, u_int, enum random_entropy_source); >+void random_harvest_register_source(enum random_entropy_source); >+void random_harvest_deregister_source(enum random_entropy_source); > #else > #define random_harvest_queue(a, b, c, d) do {} while (0) > #define random_harvest_fast(a, b, c, d) do {} while (0) > #define random_harvest_direct(a, b, c, d) do {} while (0) >+#define random_harvest_register_source(a) do {} while (0) >+#define random_harvest_deregister_source(a) do {} while (0) > #endif > > #if defined(RANDOM_ENABLE_UMA)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=186932">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 222807
: 186932 |
186933
|
186937