Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src Load entropy at system boot (only works at securelevel < 1); ...
details: https://anonhg.NetBSD.org/src/rev/39943a736316
branches: trunk
changeset: 771490:39943a736316
user: tls <tls%NetBSD.org@localhost>
date: Wed Nov 23 10:47:48 2011 +0000
description:
Load entropy at system boot (only works at securelevel < 1); save
at system shutdown. Disable with random_seed=NO in rc.conf if desired.
Goes to some trouble to never load or save to network filesystems.
Entropy should really be loaded by the boot loader but I am still
sorting out how to pass it to the kernel.
diffstat:
distrib/sets/lists/etc/mi | 3 +-
etc/defaults/rc.conf | 5 +-
etc/rc.d/Makefile | 7 +-
etc/rc.d/random_seed | 91 ++++++++++++++
sbin/rndctl/rndctl.8 | 17 ++-
sbin/rndctl/rndctl.c | 153 +++++++++++++++++++++++-
sys/dev/rnd.c | 63 ++++++++-
sys/secmodel/securelevel/secmodel_securelevel.c | 9 +-
sys/secmodel/suser/secmodel_suser.c | 5 +-
sys/sys/kauth.h | 3 +-
sys/sys/rnd.h | 4 +-
11 files changed, 336 insertions(+), 24 deletions(-)
diffs (truncated from 627 to 300 lines):
diff -r f410d26336e6 -r 39943a736316 distrib/sets/lists/etc/mi
--- a/distrib/sets/lists/etc/mi Wed Nov 23 01:16:55 2011 +0000
+++ b/distrib/sets/lists/etc/mi Wed Nov 23 10:47:48 2011 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.225 2011/09/06 21:32:30 riz Exp $
+# $NetBSD: mi,v 1.226 2011/11/23 10:47:49 tls Exp $
#
# Note: end-user configuration files that are moved to another location
# should not be marked "obsolete"; they should just be removed from
@@ -254,6 +254,7 @@
./etc/rc.d/racoon etc-net-rc
./etc/rc.d/raidframe etc-sys-rc
./etc/rc.d/raidframeparity etc-sys-rc
+./etc/rc.d/random_seed etc-sys-rc
./etc/rc.d/rarpd etc-bootserver-rc
./etc/rc.d/rbootd etc-bootserver-rc
./etc/rc.d/rndctl etc-sys-rc
diff -r f410d26336e6 -r 39943a736316 etc/defaults/rc.conf
--- a/etc/defaults/rc.conf Wed Nov 23 01:16:55 2011 +0000
+++ b/etc/defaults/rc.conf Wed Nov 23 10:47:48 2011 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: rc.conf,v 1.116 2011/11/21 20:56:21 darcy Exp $
+# $NetBSD: rc.conf,v 1.117 2011/11/23 10:47:48 tls Exp $
#
# /etc/defaults/rc.conf --
# default configuration of /etc/rc.conf
@@ -362,3 +362,6 @@
veriexec_verbose=0
veriexec_flags="-k"
+# Entropy load/save to/from /dev/random at startup/shutdown
+#
+random_seed=YES
diff -r f410d26336e6 -r 39943a736316 etc/rc.d/Makefile
--- a/etc/rc.d/Makefile Wed Nov 23 01:16:55 2011 +0000
+++ b/etc/rc.d/Makefile Wed Nov 23 10:47:48 2011 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.85 2011/09/06 21:32:29 riz Exp $
+# $NetBSD: Makefile,v 1.86 2011/11/23 10:47:48 tls Exp $
.include <bsd.own.mk>
@@ -31,8 +31,9 @@
named ndbootd network newsyslog nfsd nfslocking npf ntpd ntpdate \
perusertmp pf pf_boot pflogd postfix powerd ppp pwcheck \
quota \
- racoon rpcbind raidframe raidframeparity rarpd rbootd rndctl \
- root route6d routed rtadvd rtclocaltime rtsold rwho \
+ racoon rpcbind raidframe raidframeparity random_seed rarpd \
+ rbootd rndctl root route6d routed rtadvd rtclocaltime \
+ rtsold rwho \
savecore screenblank securelevel sshd \
staticroute swap1 swap2 sysctl sysdb syslogd \
timed tpctl ttys \
diff -r f410d26336e6 -r 39943a736316 etc/rc.d/random_seed
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/etc/rc.d/random_seed Wed Nov 23 10:47:48 2011 +0000
@@ -0,0 +1,91 @@
+#!/bin/sh
+#
+# $NetBSD: random_seed,v 1.1 2011/11/23 10:47:48 tls Exp $
+#
+
+# PROVIDE: random_seed
+# REQUIRE: mountcritlocal
+# BEFORE: securelevel
+# KEYWORD: shutdown
+
+$_rc_subr_loaded . /etc/rc.subr
+
+name="random_seed"
+rcvar=$name
+start_cmd="random_load"
+stop_cmd="random_save"
+
+random_file=${random_file:-/var/db/entropy-file}
+
+fs_safe()
+{
+ #
+ # Enforce that the file's on a local filesystem.
+ # Include only the types we can actually write.
+ #
+ fstype=$(df -G $1 | awk '$2 == "fstype" {print $1}')
+ case $fstype in
+ ffs)
+ return 0
+ ;;
+ lfs)
+ return 0
+ ;;
+ ext2fs)
+ return 0;
+ ;;
+ msdosfs)
+ return 0;
+ ;;
+ v7fs)
+ return 0;
+ ;;
+ esac
+ return 1
+}
+
+random_load()
+{
+ if [ -f $random_file ]; then
+
+ if ! fs_safe $(dirname ${random_file}); then
+ return 1
+ fi
+
+ eval $(stat -s ${random_file})
+
+ # The file must be owned by root,
+ if [ "$st_uid" != "0" ]; then
+ return 1
+ fi
+ # and root read/write only.
+ if [ "$(echo $st_mode | tail -c4)" != "600" ]; then
+ return 1
+ fi
+
+ if rndctl -L ${random_file}; then
+ echo "Loaded entropy from disk."
+ fi
+
+ fi
+}
+
+random_save()
+{
+ oum=$(umask)
+ umask 077
+
+ rm -Pf ${random_file}
+
+ if ! fs_safe $(dirname ${random_file}); then
+ return 1
+ fi
+
+ if rndctl -S ${random_file}; then
+ echo "Saved entropy to disk."
+ fi
+}
+
+
+load_rc_config $name
+run_rc_command "$1"
diff -r f410d26336e6 -r 39943a736316 sbin/rndctl/rndctl.8
--- a/sbin/rndctl/rndctl.8 Wed Nov 23 01:16:55 2011 +0000
+++ b/sbin/rndctl/rndctl.8 Wed Nov 23 10:47:48 2011 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: rndctl.8,v 1.18 2011/10/01 02:55:00 pgoyette Exp $
+.\" $NetBSD: rndctl.8,v 1.19 2011/11/23 10:47:49 tls Exp $
.\"
.\" Copyright (c) 1997 Michael Graff
.\" All rights reserved.
@@ -39,6 +39,10 @@
.Nm
.Fl ls
.Op Fl d Ar devname | Fl t Ar devtype
+.Nm
+.Fl L Ar save-file
+.Nm
+.Fl S Ar save-file
.Sh DESCRIPTION
The
.Nm
@@ -104,6 +108,17 @@
.It Ic rng
Random number generators.
.El
+.It Fl L
+Load saved entropy from file
+.Ar save-file ,
+which will be overwritten and deleted before the entropy is loaded into
+the kernel.
+.It Fl S
+Save entropy pool to file
+.Ar save-file .
+The file format is specific to
+.Nm
+and includes an estimate of the amount of saved entropy and a checksum.
.El
.Sh FILES
.Bl -tag -width /dev/urandomx -compact
diff -r f410d26336e6 -r 39943a736316 sbin/rndctl/rndctl.c
--- a/sbin/rndctl/rndctl.c Wed Nov 23 01:16:55 2011 +0000
+++ b/sbin/rndctl/rndctl.c Wed Nov 23 10:47:48 2011 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: rndctl.c,v 1.20 2011/08/27 18:48:59 joerg Exp $ */
+/* $NetBSD: rndctl.c,v 1.21 2011/11/23 10:47:49 tls Exp $ */
/*-
* Copyright (c) 1997 Michael Graff.
@@ -29,14 +29,17 @@
* SUCH DAMAGE.
*/
#include <sys/cdefs.h>
+#include <sys/types.h>
+#include <sha1.h>
#ifndef lint
-__RCSID("$NetBSD: rndctl.c,v 1.20 2011/08/27 18:48:59 joerg Exp $");
+__RCSID("$NetBSD: rndctl.c,v 1.21 2011/11/23 10:47:49 tls Exp $");
#endif
#include <sys/types.h>
#include <sys/ioctl.h>
+#include <sys/param.h>
#include <sys/rnd.h>
#include <stdio.h>
@@ -48,6 +51,12 @@
#include <string.h>
typedef struct {
+ uint32_t entropy;
+ uint8_t data[RND_POOLWORDS * sizeof(uint32_t)];
+ uint8_t digest[SHA1_DIGEST_LENGTH];
+} rndsave_t;
+
+typedef struct {
const char *a_name;
u_int32_t a_type;
} arg_t;
@@ -78,6 +87,7 @@
getprogname());
fprintf(stderr, " %s -ls [-d devname | -t devtype]\n",
getprogname());
+ fprintf(stderr, " %s -[L|S] save-file\n", getprogname());
exit(1);
}
@@ -116,6 +126,114 @@
}
static void
+do_save(const char *const filename)
+{
+ int est1, est2;
+ rndpoolstat_t rp;
+ rndsave_t rs;
+ SHA1_CTX s;
+
+ int fd;
+
+ fd = open("/dev/urandom", O_RDONLY, 0644);
+ if (fd < 0) {
+ err(1, "device open");
+ }
+
+ if (ioctl(fd, RNDGETPOOLSTAT, &rp) < 0) {
+ err(1, "ioctl(RNDGETPOOLSTAT)");
+ }
+
+ est1 = rp.curentropy;
+
+ if (read(fd, rs.data, sizeof(rs.data)) != sizeof(rs.data)) {
+ err(1, "entropy read");
+ }
+
+ if (ioctl(fd, RNDGETPOOLSTAT, &rp) < 0) {
+ err(1, "ioctl(RNDGETPOOLSTAT)");
+ }
+
+ est2 = rp.curentropy;
+
+ if (est1 - est2 < 0) {
+ rs.entropy = 0;
+ } else {
+ rs.entropy = est1 - est2;
+ }
+
+ SHA1Init(&s);
+ SHA1Update(&s, (uint8_t *)&rs.entropy, sizeof(rs.entropy));
+ SHA1Update(&s, rs.data, sizeof(rs.data));
+ SHA1Final(rs.digest, &s);
+
+ close(fd);
+ unlink(filename);
+ fd = open(filename, O_CREAT|O_EXCL|O_WRONLY, 0600);
+ if (fd < 0) {
+ err(1, "output open");
+ }
+
+ if (write(fd, &rs, sizeof(rs)) != sizeof(rs)) {
+ unlink(filename);
+ fsync_range(fd, FDATASYNC|FDISKSYNC, (off_t)0, (off_t)0);
+ err(1, "write");
+ }
+ fsync_range(fd, FDATASYNC|FDISKSYNC, (off_t)0, (off_t)0);
+ close(fd);
+}
+
+static void
+do_load(const char *const filename)
+{
Home |
Main Index |
Thread Index |
Old Index