nortti
/
sortix-mirror
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
sortix-mirror/kernel/random.cpp

175 lines
5.2 KiB
C++
Raw Normal View History

Relicense Sortix to the ISC license. I hereby relicense all my work on Sortix under the ISC license as below. All Sortix contributions by other people are already under this license, are not substantial enough to be copyrightable, or have been removed. All imported code from other projects is compatible with this license. All GPL licensed code from other projects had previously been removed. Copyright 2011-2016 Jonas 'Sortie' Termansen and contributors. Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
2016-03-02 22:38:16 +00:00
/*
Seed kernel entropy with randomness from the previous boot. The bootloader will now load the /boot/random.seed file if it exists, in which case the kernel will use it as the initial kernel entropy. The kernel warns if no random seed was loaded, unless the --no-random-seed option was given. This option is used for live environments that inherently have no prior secret state. The kernel initializes its entropy pool from the random seed as of the first things, so randomness is available very early on. init(8) will emit a fresh /boot/random.seed file on boot to avoid the same entropy being used twice. init(8) also writes out /boot/random.seed on system shutdown where the system has the most entropy. init(8) will warn if writing the file fails, except if /boot is a real-only filesystem, and keeping such state is impossible. The system administrator is then responsible for ensuring the bootloader somehow passes a fresh random seed on the next boot. /boot/random.seed must be owned by the root user and root group and must have file permissions 600 to avoid unprivileged users can read it. The file is passed to the kernel by the bootloader as a multiboot module with the command line --random-seed. If no random seed is loaded, the kernel attempts a poor quality fallback where it seeds the kernel arc4random(3) continuously with the current time. The timing variance may provide some effective entropy. There is no real kernel entropy gathering yet. The read of the CMOS real time clock is moved to an early point in the kernel boot, so the current time is available as fallback entropy. The kernel access of the random seed module is supposed to be infallible and happens before the kernel log is set up, but there is not yet a failsafe API for mapping single pages in the early kernel. sysupgrade(8) creates /boot/random.seed if it's absent as a temporary compatibility measure for people upgrading from the 1.0 release. The GRUB port will need to be upgraded with support for /boot/random.seed in the 10_sortix script. Installation with manual bootloader configuration will need to load the random seed with the --random-seed command line. With GRUB, this can be done with: module /boot/random.seed --random-seed
2016-08-20 00:27:33 +00:00
* Copyright (c) 2014, 2015, 2016 Jonas 'Sortie' Termansen.
Relicense Sortix to the ISC license. I hereby relicense all my work on Sortix under the ISC license as below. All Sortix contributions by other people are already under this license, are not substantial enough to be copyrightable, or have been removed. All imported code from other projects is compatible with this license. All GPL licensed code from other projects had previously been removed. Copyright 2011-2016 Jonas 'Sortie' Termansen and contributors. Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
2016-03-02 22:38:16 +00:00
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
* random.cpp
* Kernel entropy gathering.
*/
Add getentropy(2).
2014-07-14 21:24:43 +00:00
Seed kernel entropy with randomness from the previous boot. The bootloader will now load the /boot/random.seed file if it exists, in which case the kernel will use it as the initial kernel entropy. The kernel warns if no random seed was loaded, unless the --no-random-seed option was given. This option is used for live environments that inherently have no prior secret state. The kernel initializes its entropy pool from the random seed as of the first things, so randomness is available very early on. init(8) will emit a fresh /boot/random.seed file on boot to avoid the same entropy being used twice. init(8) also writes out /boot/random.seed on system shutdown where the system has the most entropy. init(8) will warn if writing the file fails, except if /boot is a real-only filesystem, and keeping such state is impossible. The system administrator is then responsible for ensuring the bootloader somehow passes a fresh random seed on the next boot. /boot/random.seed must be owned by the root user and root group and must have file permissions 600 to avoid unprivileged users can read it. The file is passed to the kernel by the bootloader as a multiboot module with the command line --random-seed. If no random seed is loaded, the kernel attempts a poor quality fallback where it seeds the kernel arc4random(3) continuously with the current time. The timing variance may provide some effective entropy. There is no real kernel entropy gathering yet. The read of the CMOS real time clock is moved to an early point in the kernel boot, so the current time is available as fallback entropy. The kernel access of the random seed module is supposed to be infallible and happens before the kernel log is set up, but there is not yet a failsafe API for mapping single pages in the early kernel. sysupgrade(8) creates /boot/random.seed if it's absent as a temporary compatibility measure for people upgrading from the 1.0 release. The GRUB port will need to be upgraded with support for /boot/random.seed in the 10_sortix script. Installation with manual bootloader configuration will need to load the random seed with the --random-seed command line. With GRUB, this can be done with: module /boot/random.seed --random-seed
2016-08-20 00:27:33 +00:00
#include <sys/mman.h>
Add getentropy(2).
2014-07-14 21:24:43 +00:00
#include <errno.h>
Add arc4random support to the kernel.
2015-05-10 20:24:45 +00:00
#include <stdlib.h>
#include <string.h>
Add getentropy(2).
2014-07-14 21:24:43 +00:00
Fix fake kernel entropy being entirely static.
2015-02-17 20:20:04 +00:00
#include <sortix/clock.h>
Seed kernel entropy with randomness from the previous boot. The bootloader will now load the /boot/random.seed file if it exists, in which case the kernel will use it as the initial kernel entropy. The kernel warns if no random seed was loaded, unless the --no-random-seed option was given. This option is used for live environments that inherently have no prior secret state. The kernel initializes its entropy pool from the random seed as of the first things, so randomness is available very early on. init(8) will emit a fresh /boot/random.seed file on boot to avoid the same entropy being used twice. init(8) also writes out /boot/random.seed on system shutdown where the system has the most entropy. init(8) will warn if writing the file fails, except if /boot is a real-only filesystem, and keeping such state is impossible. The system administrator is then responsible for ensuring the bootloader somehow passes a fresh random seed on the next boot. /boot/random.seed must be owned by the root user and root group and must have file permissions 600 to avoid unprivileged users can read it. The file is passed to the kernel by the bootloader as a multiboot module with the command line --random-seed. If no random seed is loaded, the kernel attempts a poor quality fallback where it seeds the kernel arc4random(3) continuously with the current time. The timing variance may provide some effective entropy. There is no real kernel entropy gathering yet. The read of the CMOS real time clock is moved to an early point in the kernel boot, so the current time is available as fallback entropy. The kernel access of the random seed module is supposed to be infallible and happens before the kernel log is set up, but there is not yet a failsafe API for mapping single pages in the early kernel. sysupgrade(8) creates /boot/random.seed if it's absent as a temporary compatibility measure for people upgrading from the 1.0 release. The GRUB port will need to be upgraded with support for /boot/random.seed in the 10_sortix script. Installation with manual bootloader configuration will need to load the random seed with the --random-seed command line. With GRUB, this can be done with: module /boot/random.seed --random-seed
2016-08-20 00:27:33 +00:00
#include <sortix/kernel/addralloc.h>
Add getentropy(2).
2014-07-14 21:24:43 +00:00
#include <sortix/kernel/copy.h>
Seed kernel entropy with randomness from the previous boot. The bootloader will now load the /boot/random.seed file if it exists, in which case the kernel will use it as the initial kernel entropy. The kernel warns if no random seed was loaded, unless the --no-random-seed option was given. This option is used for live environments that inherently have no prior secret state. The kernel initializes its entropy pool from the random seed as of the first things, so randomness is available very early on. init(8) will emit a fresh /boot/random.seed file on boot to avoid the same entropy being used twice. init(8) also writes out /boot/random.seed on system shutdown where the system has the most entropy. init(8) will warn if writing the file fails, except if /boot is a real-only filesystem, and keeping such state is impossible. The system administrator is then responsible for ensuring the bootloader somehow passes a fresh random seed on the next boot. /boot/random.seed must be owned by the root user and root group and must have file permissions 600 to avoid unprivileged users can read it. The file is passed to the kernel by the bootloader as a multiboot module with the command line --random-seed. If no random seed is loaded, the kernel attempts a poor quality fallback where it seeds the kernel arc4random(3) continuously with the current time. The timing variance may provide some effective entropy. There is no real kernel entropy gathering yet. The read of the CMOS real time clock is moved to an early point in the kernel boot, so the current time is available as fallback entropy. The kernel access of the random seed module is supposed to be infallible and happens before the kernel log is set up, but there is not yet a failsafe API for mapping single pages in the early kernel. sysupgrade(8) creates /boot/random.seed if it's absent as a temporary compatibility measure for people upgrading from the 1.0 release. The GRUB port will need to be upgraded with support for /boot/random.seed in the 10_sortix script. Installation with manual bootloader configuration will need to load the random seed with the --random-seed command line. With GRUB, this can be done with: module /boot/random.seed --random-seed
2016-08-20 00:27:33 +00:00
#include <sortix/kernel/kernel.h>
#include <sortix/kernel/kthread.h>
#include <sortix/kernel/memorymanagement.h>
#include <sortix/kernel/random.h>
Add getentropy(2).
2014-07-14 21:24:43 +00:00
#include <sortix/kernel/syscall.h>
Fix fake kernel entropy being entirely static.
2015-02-17 20:20:04 +00:00
#include <sortix/kernel/time.h>
Add getentropy(2).
2014-07-14 21:24:43 +00:00
Seed kernel entropy with randomness from the previous boot. The bootloader will now load the /boot/random.seed file if it exists, in which case the kernel will use it as the initial kernel entropy. The kernel warns if no random seed was loaded, unless the --no-random-seed option was given. This option is used for live environments that inherently have no prior secret state. The kernel initializes its entropy pool from the random seed as of the first things, so randomness is available very early on. init(8) will emit a fresh /boot/random.seed file on boot to avoid the same entropy being used twice. init(8) also writes out /boot/random.seed on system shutdown where the system has the most entropy. init(8) will warn if writing the file fails, except if /boot is a real-only filesystem, and keeping such state is impossible. The system administrator is then responsible for ensuring the bootloader somehow passes a fresh random seed on the next boot. /boot/random.seed must be owned by the root user and root group and must have file permissions 600 to avoid unprivileged users can read it. The file is passed to the kernel by the bootloader as a multiboot module with the command line --random-seed. If no random seed is loaded, the kernel attempts a poor quality fallback where it seeds the kernel arc4random(3) continuously with the current time. The timing variance may provide some effective entropy. There is no real kernel entropy gathering yet. The read of the CMOS real time clock is moved to an early point in the kernel boot, so the current time is available as fallback entropy. The kernel access of the random seed module is supposed to be infallible and happens before the kernel log is set up, but there is not yet a failsafe API for mapping single pages in the early kernel. sysupgrade(8) creates /boot/random.seed if it's absent as a temporary compatibility measure for people upgrading from the 1.0 release. The GRUB port will need to be upgraded with support for /boot/random.seed in the 10_sortix script. Installation with manual bootloader configuration will need to load the random seed with the --random-seed command line. With GRUB, this can be done with: module /boot/random.seed --random-seed
2016-08-20 00:27:33 +00:00
#include "multiboot.h"
// TODO: This implementation does not gather entropy. No claims are being made
// whatsoever that this implementation is secure. It isn't secure.
Add getentropy(2).
2014-07-14 21:24:43 +00:00
namespace Sortix {
Add arc4random support to the kernel.
2015-05-10 20:24:45 +00:00
namespace Random {
Add getentropy(2).
2014-07-14 21:24:43 +00:00
Seed kernel entropy with randomness from the previous boot. The bootloader will now load the /boot/random.seed file if it exists, in which case the kernel will use it as the initial kernel entropy. The kernel warns if no random seed was loaded, unless the --no-random-seed option was given. This option is used for live environments that inherently have no prior secret state. The kernel initializes its entropy pool from the random seed as of the first things, so randomness is available very early on. init(8) will emit a fresh /boot/random.seed file on boot to avoid the same entropy being used twice. init(8) also writes out /boot/random.seed on system shutdown where the system has the most entropy. init(8) will warn if writing the file fails, except if /boot is a real-only filesystem, and keeping such state is impossible. The system administrator is then responsible for ensuring the bootloader somehow passes a fresh random seed on the next boot. /boot/random.seed must be owned by the root user and root group and must have file permissions 600 to avoid unprivileged users can read it. The file is passed to the kernel by the bootloader as a multiboot module with the command line --random-seed. If no random seed is loaded, the kernel attempts a poor quality fallback where it seeds the kernel arc4random(3) continuously with the current time. The timing variance may provide some effective entropy. There is no real kernel entropy gathering yet. The read of the CMOS real time clock is moved to an early point in the kernel boot, so the current time is available as fallback entropy. The kernel access of the random seed module is supposed to be infallible and happens before the kernel log is set up, but there is not yet a failsafe API for mapping single pages in the early kernel. sysupgrade(8) creates /boot/random.seed if it's absent as a temporary compatibility measure for people upgrading from the 1.0 release. The GRUB port will need to be upgraded with support for /boot/random.seed in the 10_sortix script. Installation with manual bootloader configuration will need to load the random seed with the --random-seed command line. With GRUB, this can be done with: module /boot/random.seed --random-seed
2016-08-20 00:27:33 +00:00
static kthread_mutex_t entropy_lock = KTHREAD_MUTEX_INITIALIZER;
static unsigned char entropy[256];
static size_t entropy_used = 0;
static size_t entropy_available = 0;
static bool any_random_seed = false;
static bool fallback = false;
Fix fake kernel entropy being entirely static.
2015-02-17 20:20:04 +00:00
Seed kernel entropy with randomness from the previous boot. The bootloader will now load the /boot/random.seed file if it exists, in which case the kernel will use it as the initial kernel entropy. The kernel warns if no random seed was loaded, unless the --no-random-seed option was given. This option is used for live environments that inherently have no prior secret state. The kernel initializes its entropy pool from the random seed as of the first things, so randomness is available very early on. init(8) will emit a fresh /boot/random.seed file on boot to avoid the same entropy being used twice. init(8) also writes out /boot/random.seed on system shutdown where the system has the most entropy. init(8) will warn if writing the file fails, except if /boot is a real-only filesystem, and keeping such state is impossible. The system administrator is then responsible for ensuring the bootloader somehow passes a fresh random seed on the next boot. /boot/random.seed must be owned by the root user and root group and must have file permissions 600 to avoid unprivileged users can read it. The file is passed to the kernel by the bootloader as a multiboot module with the command line --random-seed. If no random seed is loaded, the kernel attempts a poor quality fallback where it seeds the kernel arc4random(3) continuously with the current time. The timing variance may provide some effective entropy. There is no real kernel entropy gathering yet. The read of the CMOS real time clock is moved to an early point in the kernel boot, so the current time is available as fallback entropy. The kernel access of the random seed module is supposed to be infallible and happens before the kernel log is set up, but there is not yet a failsafe API for mapping single pages in the early kernel. sysupgrade(8) creates /boot/random.seed if it's absent as a temporary compatibility measure for people upgrading from the 1.0 release. The GRUB port will need to be upgraded with support for /boot/random.seed in the 10_sortix script. Installation with manual bootloader configuration will need to load the random seed with the --random-seed command line. With GRUB, this can be done with: module /boot/random.seed --random-seed
2016-08-20 00:27:33 +00:00
void Init(multiboot_info_t* bootinfo)
Add arc4random support to the kernel.
2015-05-10 20:24:45 +00:00
{
Seed kernel entropy with randomness from the previous boot. The bootloader will now load the /boot/random.seed file if it exists, in which case the kernel will use it as the initial kernel entropy. The kernel warns if no random seed was loaded, unless the --no-random-seed option was given. This option is used for live environments that inherently have no prior secret state. The kernel initializes its entropy pool from the random seed as of the first things, so randomness is available very early on. init(8) will emit a fresh /boot/random.seed file on boot to avoid the same entropy being used twice. init(8) also writes out /boot/random.seed on system shutdown where the system has the most entropy. init(8) will warn if writing the file fails, except if /boot is a real-only filesystem, and keeping such state is impossible. The system administrator is then responsible for ensuring the bootloader somehow passes a fresh random seed on the next boot. /boot/random.seed must be owned by the root user and root group and must have file permissions 600 to avoid unprivileged users can read it. The file is passed to the kernel by the bootloader as a multiboot module with the command line --random-seed. If no random seed is loaded, the kernel attempts a poor quality fallback where it seeds the kernel arc4random(3) continuously with the current time. The timing variance may provide some effective entropy. There is no real kernel entropy gathering yet. The read of the CMOS real time clock is moved to an early point in the kernel boot, so the current time is available as fallback entropy. The kernel access of the random seed module is supposed to be infallible and happens before the kernel log is set up, but there is not yet a failsafe API for mapping single pages in the early kernel. sysupgrade(8) creates /boot/random.seed if it's absent as a temporary compatibility measure for people upgrading from the 1.0 release. The GRUB port will need to be upgraded with support for /boot/random.seed in the 10_sortix script. Installation with manual bootloader configuration will need to load the random seed with the --random-seed command line. With GRUB, this can be done with: module /boot/random.seed --random-seed
2016-08-20 00:27:33 +00:00
size_t offset = 0;
// TODO: This assumes the multiboot structures are accessible. That
// assumption is wrong in general and we should map them ourselves in
// manner that cannot fail.
struct multiboot_mod_list* modules =
(struct multiboot_mod_list*) (uintptr_t) bootinfo->mods_addr;
for ( uint32_t i = 0; i < bootinfo->mods_count; i++ )
{
struct multiboot_mod_list* module = &modules[i];
// TODO: This assumes module is mapped.
size_t mod_size = module->mod_end - module->mod_start;
const char* cmdline = (const char*) (uintptr_t) module->cmdline;
// TODO: This assumes cmdline is mapped.
if ( strcmp(cmdline, "--random-seed") != 0 )
continue;
any_random_seed = true;
// TODO: Make an early map facility that cannot fail and use it to map
// the random seed.
// TODO: AllocateKernelAddress might invoke randomness in some way in
// future.
addralloc_t addralloc;
if ( !AllocateKernelAddress(&addralloc, mod_size) )
PanicF("Random::Init AllocateKernelAddress failed: %m");
addr_t physfrom = module->mod_start;
addr_t mapat = addralloc.from;
for ( size_t i = 0; i < mod_size; i += Page::Size() )
{
if ( !Memory::Map(physfrom + i, mapat + i, PROT_KREAD | PROT_KWRITE) )
PanicF("Random::Init Memory::Map failed: %m");
}
Memory::Flush();
unsigned char* seed = (unsigned char*) addralloc.from;
for ( size_t i = 0; i < mod_size; i++ )
{
entropy[offset++] ^= seed[i];
if ( entropy_available < offset )
entropy_available = offset;
offset %= sizeof(entropy);
}
explicit_bzero(seed, mod_size);
for ( size_t i = 0; i < mod_size; i += Page::Size() )
Memory::Unmap(mapat + i);
Memory::Flush();
FreeKernelAddress(&addralloc);
}
fallback = entropy_available < sizeof(entropy);
}
int GetFallbackStatus()
{
// If in fallback mode, mix in the current time. No particular reason.
(void) arc4random();
ScopedLock lock(&entropy_lock);
if ( !any_random_seed )
return 1;
if ( fallback )
return 2;
return 0;
}
bool HasEntropy(size_t amount)
{
ScopedLock lock(&entropy_lock);
if ( amount <= entropy_available )
return true;
// Keep mixing fallback values (current time) in the hope it's better than
// nothing.
if ( fallback )
return true;
return false;
Add arc4random support to the kernel.
2015-05-10 20:24:45 +00:00
}
void GetEntropy(void* result, size_t size)
Add getentropy(2).
2014-07-14 21:24:43 +00:00
{
Seed kernel entropy with randomness from the previous boot. The bootloader will now load the /boot/random.seed file if it exists, in which case the kernel will use it as the initial kernel entropy. The kernel warns if no random seed was loaded, unless the --no-random-seed option was given. This option is used for live environments that inherently have no prior secret state. The kernel initializes its entropy pool from the random seed as of the first things, so randomness is available very early on. init(8) will emit a fresh /boot/random.seed file on boot to avoid the same entropy being used twice. init(8) also writes out /boot/random.seed on system shutdown where the system has the most entropy. init(8) will warn if writing the file fails, except if /boot is a real-only filesystem, and keeping such state is impossible. The system administrator is then responsible for ensuring the bootloader somehow passes a fresh random seed on the next boot. /boot/random.seed must be owned by the root user and root group and must have file permissions 600 to avoid unprivileged users can read it. The file is passed to the kernel by the bootloader as a multiboot module with the command line --random-seed. If no random seed is loaded, the kernel attempts a poor quality fallback where it seeds the kernel arc4random(3) continuously with the current time. The timing variance may provide some effective entropy. There is no real kernel entropy gathering yet. The read of the CMOS real time clock is moved to an early point in the kernel boot, so the current time is available as fallback entropy. The kernel access of the random seed module is supposed to be infallible and happens before the kernel log is set up, but there is not yet a failsafe API for mapping single pages in the early kernel. sysupgrade(8) creates /boot/random.seed if it's absent as a temporary compatibility measure for people upgrading from the 1.0 release. The GRUB port will need to be upgraded with support for /boot/random.seed in the 10_sortix script. Installation with manual bootloader configuration will need to load the random seed with the --random-seed command line. With GRUB, this can be done with: module /boot/random.seed --random-seed
2016-08-20 00:27:33 +00:00
kthread_mutex_lock(&entropy_lock);
size_t amount = size < entropy_available ? size : entropy_available;
memcpy(result, entropy + entropy_used, amount);
explicit_bzero(entropy + entropy_used, amount);
entropy_used += amount;
entropy_available -= amount;
kthread_mutex_unlock(&entropy_lock);
// If more entropy is needed, mix in the current time and the time since
// boot in the hope that the unpredictability of exactly when randomness is
// consumed introduces some entropy.
struct
Fix fake kernel entropy being entirely static.
2015-02-17 20:20:04 +00:00
{
Seed kernel entropy with randomness from the previous boot. The bootloader will now load the /boot/random.seed file if it exists, in which case the kernel will use it as the initial kernel entropy. The kernel warns if no random seed was loaded, unless the --no-random-seed option was given. This option is used for live environments that inherently have no prior secret state. The kernel initializes its entropy pool from the random seed as of the first things, so randomness is available very early on. init(8) will emit a fresh /boot/random.seed file on boot to avoid the same entropy being used twice. init(8) also writes out /boot/random.seed on system shutdown where the system has the most entropy. init(8) will warn if writing the file fails, except if /boot is a real-only filesystem, and keeping such state is impossible. The system administrator is then responsible for ensuring the bootloader somehow passes a fresh random seed on the next boot. /boot/random.seed must be owned by the root user and root group and must have file permissions 600 to avoid unprivileged users can read it. The file is passed to the kernel by the bootloader as a multiboot module with the command line --random-seed. If no random seed is loaded, the kernel attempts a poor quality fallback where it seeds the kernel arc4random(3) continuously with the current time. The timing variance may provide some effective entropy. There is no real kernel entropy gathering yet. The read of the CMOS real time clock is moved to an early point in the kernel boot, so the current time is available as fallback entropy. The kernel access of the random seed module is supposed to be infallible and happens before the kernel log is set up, but there is not yet a failsafe API for mapping single pages in the early kernel. sysupgrade(8) creates /boot/random.seed if it's absent as a temporary compatibility measure for people upgrading from the 1.0 release. The GRUB port will need to be upgraded with support for /boot/random.seed in the 10_sortix script. Installation with manual bootloader configuration will need to load the random seed with the --random-seed command line. With GRUB, this can be done with: module /boot/random.seed --random-seed
2016-08-20 00:27:33 +00:00
struct timespec realtime;
struct timespec monotonic;
} seed;
size_t sofar = amount;
while ( sofar < size )
{
seed.realtime = Time::Get(CLOCK_REALTIME);
seed.monotonic = Time::Get(CLOCK_MONOTONIC);
unsigned char* out = (unsigned char*) result + sofar;
size_t left = size - sofar;
amount = left < sizeof(seed) ? left : sizeof(seed);
memcpy(out, &seed, amount);
sofar += amount;
}
explicit_bzero(&seed, sizeof(seed));
Add arc4random support to the kernel.
2015-05-10 20:24:45 +00:00
}
} // namespace Random
} // namespace Sortix
namespace Sortix {
int sys_getentropy(void* user_buffer, size_t size)
{
unsigned char buffer[256];
if ( sizeof(buffer) < size )
return errno = EIO, -1;
Seed kernel entropy with randomness from the previous boot. The bootloader will now load the /boot/random.seed file if it exists, in which case the kernel will use it as the initial kernel entropy. The kernel warns if no random seed was loaded, unless the --no-random-seed option was given. This option is used for live environments that inherently have no prior secret state. The kernel initializes its entropy pool from the random seed as of the first things, so randomness is available very early on. init(8) will emit a fresh /boot/random.seed file on boot to avoid the same entropy being used twice. init(8) also writes out /boot/random.seed on system shutdown where the system has the most entropy. init(8) will warn if writing the file fails, except if /boot is a real-only filesystem, and keeping such state is impossible. The system administrator is then responsible for ensuring the bootloader somehow passes a fresh random seed on the next boot. /boot/random.seed must be owned by the root user and root group and must have file permissions 600 to avoid unprivileged users can read it. The file is passed to the kernel by the bootloader as a multiboot module with the command line --random-seed. If no random seed is loaded, the kernel attempts a poor quality fallback where it seeds the kernel arc4random(3) continuously with the current time. The timing variance may provide some effective entropy. There is no real kernel entropy gathering yet. The read of the CMOS real time clock is moved to an early point in the kernel boot, so the current time is available as fallback entropy. The kernel access of the random seed module is supposed to be infallible and happens before the kernel log is set up, but there is not yet a failsafe API for mapping single pages in the early kernel. sysupgrade(8) creates /boot/random.seed if it's absent as a temporary compatibility measure for people upgrading from the 1.0 release. The GRUB port will need to be upgraded with support for /boot/random.seed in the 10_sortix script. Installation with manual bootloader configuration will need to load the random seed with the --random-seed command line. With GRUB, this can be done with: module /boot/random.seed --random-seed
2016-08-20 00:27:33 +00:00
arc4random_buf(buffer, size);
Add getentropy(2).
2014-07-14 21:24:43 +00:00
if ( !CopyToUser(user_buffer, buffer, size) )
return -1;
return 0;
}
} // namespace Sortix