Commit Graph

47 Commits

Author SHA1 Message Date
Mark Murray
10cb24248a This is the much-discussed major upgrade to the random(4) device, known to you all as /dev/random.
This code has had an extensive rewrite and a good series of reviews, both by the author and other parties. This means a lot of code has been simplified. Pluggable structures for high-rate entropy generators are available, and it is most definitely not the case that /dev/random can be driven by only a hardware souce any more. This has been designed out of the device. Hardware sources are stirred into the CSPRNG (Yarrow, Fortuna) like any other entropy source. Pluggable modules may be written by third parties for additional sources.

The harvesting structures and consequently the locking have been simplified. Entropy harvesting is done in a more general way (the documentation for this will follow). There is some GREAT entropy to be had in the UMA allocator, but it is disabled for now as messing with that is likely to annoy many people.

The venerable (but effective) Yarrow algorithm, which is no longer supported by its authors now has an alternative, Fortuna. For now, Yarrow is retained as the default algorithm, but this may be changed using a kernel option. It is intended to make Fortuna the default algorithm for 11.0. Interested parties are encouraged to read ISBN 978-0-470-47424-2 "Cryptography Engineering" By Ferguson, Schneier and Kohno for Fortuna's gory details. Heck, read it anyway.

Many thanks to Arthur Mesh who did early grunt work, and who got caught in the crossfire rather more than he deserved to.

My thanks also to folks who helped me thresh this out on whiteboards and in the odd "Hallway track", or otherwise.

My Nomex pants are on. Let the feedback commence!

Reviewed by:	trasz,des(partial),imp(partial?),rwatson(partial?)
Approved by:	so(des)
2014-10-30 21:21:53 +00:00
Warner Losh
3bdf775801 NO_MAN= has been deprecated in favor of MAN= for some time, go ahead
and finish the job. ncurses is now the only Makefile in the tree that
uses it since it wasn't a simple mechanical change, and will be
addressed in a future commit.
2014-04-13 05:21:56 +00:00
Mark Murray
f02e47dc1e Snapshot. This passes the build test, but has not yet been finished or debugged.
Contains:

* Refactor the hardware RNG CPU instruction sources to feed into
the software mixer. This is unfinished. The actual harvesting needs
to be sorted out. Modified by me (see below).

* Remove 'frac' parameter from random_harvest(). This was never
used and adds extra code for no good reason.

* Remove device write entropy harvesting. This provided a weak
attack vector, was not very good at bootstrapping the device. To
follow will be a replacement explicit reseed knob.

* Separate out all the RANDOM_PURE sources into separate harvest
entities. This adds some secuity in the case where more than one
is present.

* Review all the code and fix anything obviously messy or inconsistent.
Address som review concerns while I'm here, like rename the pseudo-rng
to 'dummy'.

Submitted by:	Arthur Mesh <arthurmesh@gmail.com> (the first item)
2013-10-04 06:55:06 +00:00
Mark Murray
7737ec4198 Remove short-lived idea; thread to harvest (eg) RDRAND enropy into the usual harvest queues. It was a nifty idea, but too heavyweight.
Submitted by:	Arthur Mesh <arthurmesh@gmail.com>
2013-08-30 17:47:53 +00:00
Mark Murray
ddbfa6b19e 1) example (partially humorous random_adaptor, that I call "EXAMPLE")
* It's not meant to be used in a real system, it's there to show how
   the basics of how to create interfaces for random_adaptors. Perhaps
   it should belong in a manual page

2) Move probe.c's functionality in to random_adaptors.c
 * rename random_ident_hardware() to random_adaptor_choose()

3) Introduce a new way to choose (or select) random_adaptors via tunable
"rngs_want" It's a list of comma separated names of adaptors, ordered
by preferences. I.e.:
rngs_want="yarrow,rdrand"

Such setting would cause yarrow to be preferred to rdrand. If neither of
them are available (or registered), then system will default to
something reasonable (currently yarrow). If yarrow is not present, then
we fall back to the adaptor that's first on the list of registered
adaptors.

4) Introduce a way where RNGs can play a role of entropy source. This is
mostly useful for HW rngs.

The way I envision this is that every HW RNG will use this
functionality by default. Functionality to disable this is also present.
I have an example of how to use this in random_adaptor_example.c (see
modload event, and init function)

5) fix kern.random.adaptors from
kern.random.adaptors: yarrowpanicblock
to
kern.random.adaptors: yarrow,panic,block

6) add kern.random.active_adaptor to indicate currently selected
adaptor:
root@freebsd04:~ # sysctl kern.random.active_adaptor
kern.random.active_adaptor: yarrow

Submitted by:	Arthur Mesh <arthurmesh@gmail.com>
2013-08-24 13:54:56 +00:00
Gleb Smirnoff
60bd643435 Fix typo.
Submitted by:	ae
2013-07-17 13:13:44 +00:00
Gleb Smirnoff
9fd7a1b3dd Improve example, so that it doesn't dump core when example module
isn't loaded.
2013-07-17 12:28:48 +00:00
Kevin Lo
9823d52705 Revert previous commit...
Pointyhat to:	kevlo (myself)
2012-10-10 08:36:38 +00:00
Kevin Lo
a10cee30c9 Prefer NULL over 0 for pointers 2012-10-09 08:27:40 +00:00
Ed Maste
6337d82014 Minor style(9) improvement 2012-08-07 13:11:47 +00:00
Ed Maste
bedca8b119 Uuencode the sample "binary" firmware image file (instead of explicitly
adding \0 bytes).  This is a technique that would be used in an actual
driver and is more suitable as an example.

Reviewed by:    mlaier
2011-04-01 23:47:10 +00:00
Ed Maste
ce5a491af8 Avoid having a binary file in our source tree and instead create it at
build time, to avoid possible grief maintaining FreeBSD source in
alternative version control tools.
2011-03-31 15:12:40 +00:00
Lawrence Stewart
12db289af8 Add an example Khelp module, which will be referenced in the forthcoming Khelp
documentation.

Sponsored by:	FreeBSD Foundation
Discussed with:	David Hayes <dahayes at swin edu au>
MFC after:	5 weeks
X-MFC with:	r216615
2011-02-11 07:26:17 +00:00
Matthew D Fleming
f4f04709ac Fix a few more SYSCTL_PROC() that were missing a CTLFLAG type specifier. 2011-01-19 00:57:58 +00:00
Konstantin Belousov
8284562954 Fix the syscall module name after r205320.
Submitted by:	Vladislav Movchan <vladislav.movchan gmail com>
MFC after:	1 week
2010-06-15 09:30:36 +00:00
Wojciech A. Koszek
55f031bd90 Conform style.Makefile(5) and replace = and += with ?=, which lets you to
override WARNS.

Reported by:	<marius@nuenneri.ch> and uqs@
2010-02-01 16:13:56 +00:00
Wojciech A. Koszek
12a91a4387 Include unistd.h for read(), write() and stdlib.h for exit().
Bump WARNS to 5 while being here.
2010-01-18 23:13:22 +00:00
Wojciech A. Koszek
d632071e0e Small cleanup while being here:
- sort includes
- remove usage(), since it seems to come from older version
  of the KLD
- remove unnecessary variable
- mark argc/argv as unused

Bring WARNS = 5 to the Makefile.
2010-01-18 23:09:07 +00:00
Wojciech A. Koszek
6f31cdcdba Include stdlib.h for exit(3) and unistd.h for syscall(2). This makes
this program to compile cleanly.
2010-01-18 23:04:38 +00:00
Wojciech A. Koszek
539f7d3ac2 Small fix for making this KLD to compile. 2010-01-18 22:59:53 +00:00
Pawel Jakub Dawidek
195ebc7e9e Where if not in examples we should follow style(9)? 2009-06-03 09:28:58 +00:00
Kevin Lo
282a3889eb Include the <sys/sysproto.h> header which includes the prerequisite header
for AUE_NULL.

Approved by: re (kensmith)
2007-07-22 06:48:34 +00:00
Maxim Sobolev
dc79eb6b2a We don't have d_maj field in cdevsw structure anymore. 2006-05-19 20:02:44 +00:00
Ruslan Ermilov
1999b9bf80 Style. 2006-03-15 10:40:01 +00:00
Max Laier
6aec1278dc firmware(9) is a subsystem to load binary data into the kernel via a
specially crafted module.  There are several handrolled sollutions to this
problem in the tree already which will be replaced with this.  They include
iwi(4), ipw(4), ispfw(4) and digi(4).

No objection from:	arch
MFC after:		2 weeks
X-MFC after:		some drivers have been converted
2006-01-29 02:52:42 +00:00
Ruslan Ermilov
e653b48c80 Start the dreaded NOFOO -> NO_FOO conversion.
OK'ed by:	core
2004-12-21 08:47:35 +00:00
Ruslan Ermilov
a35d88931c For variables that are only checked with defined(), don't provide
any fake value.
2004-10-24 15:33:08 +00:00
Pawel Jakub Dawidek
74bf4e164b According to module(9), when command is unrecognized, the module should
return EOPNOTSUPP.
2004-08-30 09:49:59 +00:00
Tim J. Robbins
5db700e0f5 Update for struct cdevsw and dev_t -> struct cdev * changes, plus one
64-bit portability fix.
2004-07-16 06:55:34 +00:00
Maxim Konovalov
ef92aa117e Style. 2004-06-09 17:10:41 +00:00
Lukas Ertl
c5810cfd89 Remove duplicate #include.
PR:             misc/67748
Submitted by:   bugghy <bugghy@phenix.rootshell.be>
2004-06-09 15:40:00 +00:00
Martin Blapp
fffc6e58d9 Fix the cdev kld example.
PR:		52954
Submitted by:	Priit Piipuu <priit.piipuu@mail.ee>
Reviewed by:	phk
2003-08-03 10:39:29 +00:00
Ruslan Ermilov
11f0b352e0 Update the SUBDIR hacks to work with the current bsd.subdir.mk. 2002-07-11 13:38:05 +00:00
Andrew R. Reiter
a220d00e74 Update the KLD examples so they will work with current.
Reviewed: jhb
2001-11-13 07:42:30 +00:00
Ruslan Ermilov
2fb2e1897d Style. 2001-09-18 12:28:22 +00:00
Ruslan Ermilov
6990ffd8a9 Style. 2001-09-18 12:03:42 +00:00
Ruslan Ermilov
59ca51df49 Removed unneeded stuff. 2001-05-18 13:56:29 +00:00
Andrzej Bialecki
04d949605c Unbreak by syncing with changes in <sys/sysctl.h> macros. 2001-02-10 22:36:05 +00:00
David E. O'Brien
1a37aa566b Add `_PATH_DEVZERO'.
Use _PATH_* where where possible.
2000-12-09 09:35:55 +00:00
Maxim Sobolev
7320fd3a30 Fix cdev kld example after it has been broken for year or so. Also extend list
of supported operations by example read() and write() operations.

Inspired by:    http://www.daemonnews.org/200010/blueprints.html
PR:             16173
Submitted by:   sobomax
2000-10-02 14:14:07 +00:00
Andrzej Bialecki
bd3cdc3105 These patches implement dynamic sysctls. It's possible now to add
and remove sysctl oids at will during runtime - they don't rely on
linker sets. Also, the node oids can be referenced by more than
one kernel user, which means that it's possible to create partially
overlapping trees.

Add sysctl contexts to help programmers manage multiple dynamic
oids in convenient way.

Please see the manpages for detailed discussion, and example module
for typical use.

This work is based on ideas and code snippets coming from many
people, among them:  Arun Sharma, Jonathan Lemon, Doug Rabson,
Brian Feldman, Kelly Yancey, Poul-Henning Kamp and others. I'd like
to specially thank Brian Feldman for detailed review and style
fixes.

PR:		kern/16928
Reviewed by:	dfr, green, phk
2000-07-15 10:26:04 +00:00
Peter Wemm
7f3dea244c $Id$ -> $FreeBSD$ 1999-08-28 00:22:10 +00:00
Doug Rabson
0f2a20dfd7 * Tidy up a few things and fix some more warnings.
* Change the devsw declaration to standard form and add missing fields
* Change the filename from cdev_mod.ko to cdev.ko
1999-06-27 12:44:44 +00:00
Doug Rabson
e523e96f26 Make this sample build again. 1999-06-25 07:50:26 +00:00
Doug Rabson
bcb321b33e Use modstat(2) to get the syscall number. 1999-01-09 15:03:06 +00:00
Doug Rabson
380a989b32 Replace the misc example with a simpler syscall example using the new
module registration hooks for syscalls.

Submitted by: Assar Westerlund <assar@sics.se>
1999-01-09 14:26:22 +00:00
Doug Rabson
abbcaa0a10 Sample modules for KLD.
PR: misc/8621
Submitted by: Rajesh Vaidheeswarran <rv@fore.com>
1998-12-11 10:44:31 +00:00