[PATCH] get_random_long() and AT_ENTROPY for auxv, kernel 2.6.21.5

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Alexander Gabert <pappy@gentoo.org>
To: Arjan van de Ven <arjan@infradead.org>,
	libc-alpha@sourceware.org, linux-kernel@vger.kernel.org,
	hardened@gentoo.org
Cc: torvalds@linux-foundation.org
Subject: [PATCH] get_random_long() and AT_ENTROPY for auxv, kernel 2.6.21.5
Date: Wed, 20 Jun 2007 17:34:13 +0200	[thread overview]
Message-ID: <467948F5.3010709@gentoo.org> (raw)
In-Reply-To: <4676601A.7070209@gentoo.org>

Hi,

http://dev.gentoo.org/~pappy/kernel/linux-2.6.21.5-get_urandom_long-AT_ENTROPY.patch

this patch adds the function drivers/char/random.c:get_random_long()
and adds an AT_ENTROPY field in the auxv without config option
(the config option was removed as suggested by Arjan on LKML).

README: get_random_long() and AT_ENTROPY support for auxv
NAME: Alexander Gabert
EMAIL: pappy@gentoo.org



diff -Nru linux-2.6.21.5.ORIG/drivers/char/random.c 
linux-2.6.21.5/drivers/char/random.c
--- linux-2.6.21.5.ORIG/drivers/char/random.c    2007-06-11 
20:37:06.000000000 +0200
+++ linux-2.6.21.5/drivers/char/random.c    2007-06-20 
17:00:35.000000000 +0200
@@ -1654,6 +1654,53 @@
 }
 
 /*
+ * get_random_long() returns a randomized unsigned long word.
+ * It recycles it's entropy cache for a given time period and
+ * uses half_md4_transform to generate a unique return value.
+ * Every REKEY_INTERVAL the cache is reloaded with fresh
+ * randomization data using get_random_bytes().
+ * This function is not intended for strong cryptographic routines.
+ */
+unsigned long get_random_long(void)
+{
+  /* remember the last time we refreshed the cache with random entropy */
+  static time_t   rekey_time;
+
+  time_t          t;
+
+  /*
+   * the following data in the buffer is unchanged during REKEY_INTERVAL:
+   * |----|----|KKKK|KKKK|KKKK|KKKK|KKKK|KKKK|----|----|----|----|
+   * ___0____1____2____3____4____5____6____7____8____9___10___11__
+   *
+   * the following data is updated during the first half_md4_transform call
+   * |----|YYYY|----|----|----|----|----|----|ZZZZ|ZZZZ|ZZZZ|ZZZZ|
+   * ___0____1____2____3____4____5____6____7____8____9___10___11__
+   *
+   * the following data is updated during the second half_md4_transform
+   * |XXXX|----|----|----|----|----|----|----|ZZZZ|ZZZZ|ZZZZ|ZZZZ|
+   * ___0____1____2____3____4____5____6____7____8____9___10___11__
+   */
+  static __u32    entropycache[12];
+
+  /* get the current time in seconds */
+  t = get_seconds();
+
+  /* check for REKEY_INTERVAL */
+  if (t && (!rekey_time || ((t - rekey_time) > REKEY_INTERVAL))) {
+    rekey_time = t;
+    /* refresh with random entropy */
+    get_random_bytes(entropycache, sizeof(entropycache));
+  }
+
+  /* transform the buffer to a new state, thus generating new return 
value */
+  entropycache[1] = half_md4_transform(entropycache+8, entropycache);
+  entropycache[0] = half_md4_transform(entropycache+8, entropycache);
+
+  return *(unsigned long *)entropycache;
+}
+
+/*
  * randomize_range() returns a start address such that
  *
  *    [...... <range> .....]
diff -Nru linux-2.6.21.5.ORIG/fs/binfmt_elf.c linux-2.6.21.5/fs/binfmt_elf.c
--- linux-2.6.21.5.ORIG/fs/binfmt_elf.c    2007-06-11 20:37:06.000000000 
+0200
+++ linux-2.6.21.5/fs/binfmt_elf.c    2007-06-20 17:02:59.000000000 +0200
@@ -201,6 +201,7 @@
     NEW_AUX_ENT(AT_GID, tsk->gid);
     NEW_AUX_ENT(AT_EGID, tsk->egid);
      NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm));
+  NEW_AUX_ENT(AT_ENTROPY, get_random_long());
     if (k_platform) {
         NEW_AUX_ENT(AT_PLATFORM,
                 (elf_addr_t)(unsigned long)u_platform);
diff -Nru linux-2.6.21.5.ORIG/include/linux/auxvec.h 
linux-2.6.21.5/include/linux/auxvec.h
--- linux-2.6.21.5.ORIG/include/linux/auxvec.h    2007-06-11 
20:37:06.000000000 +0200
+++ linux-2.6.21.5/include/linux/auxvec.h    2007-06-20 
16:47:44.000000000 +0200
@@ -26,6 +26,8 @@
 
 #define AT_SECURE 23   /* secure mode boolean */
 
-#define AT_VECTOR_SIZE  44 /* Size of auxiliary table.  */
+#define AT_ENTROPY 24 /* kernel entropy in auxv */
+
+#define AT_VECTOR_SIZE 45 /* Size of auxiliary table in.  */
 
 #endif /* _LINUX_AUXVEC_H */
diff -Nru linux-2.6.21.5.ORIG/include/linux/random.h 
linux-2.6.21.5/include/linux/random.h
--- linux-2.6.21.5.ORIG/include/linux/random.h    2007-06-11 
20:37:06.000000000 +0200
+++ linux-2.6.21.5/include/linux/random.h    2007-06-20 
16:19:02.000000000 +0200
@@ -67,6 +67,9 @@
 #endif
 
 unsigned int get_random_int(void);
+
+unsigned long get_random_long(void);
+
 unsigned long randomize_range(unsigned long start, unsigned long end, 
unsigned long len);
 
 u32 random32(void);

next prev parent reply	other threads:[~2007-06-20 15:34 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-06-17 23:40 AT_ENTROPY1 and AT_ENTROPY2 values for include/linux/auxvec.h Alexander Gabert
2007-06-18  1:06 ` Arjan van de Ven
2007-06-18  1:28   ` Alexander Gabert
2007-06-18  1:38     ` Arjan van de Ven
2007-06-18 10:36       ` Alexander Gabert
2007-06-20 15:34         ` Alexander Gabert [this message]
2007-06-20 15:38           ` [PATCH] get_random_long() and AT_ENTROPY for auxv, kernel 2.6.21.5 Arjan van de Ven
2007-06-20 16:39           ` Linus Torvalds
2007-06-20 17:04           ` Eric Dumazet
2007-06-20 20:30           ` Matt Mackall
2007-06-24 17:45             ` Alexander Gabert
2007-06-25  3:45               ` Matt Mackall
2007-06-25  4:43                 ` Arjan van de Ven
2007-06-25  5:12                   ` Matt Mackall
2007-06-25  7:09                   ` Jakub Jelinek
2007-06-25 15:02                 ` Alexander Gabert
2007-06-25 15:20                   ` Matt Mackall

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=467948F5.3010709@gentoo.org \
    --to=pappy@gentoo.org \
    --cc=arjan@infradead.org \
    --cc=hardened@gentoo.org \
    --cc=libc-alpha@sourceware.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.