On Wed, 20 Jun 2007 17:34:13 +0200 Alexander Gabert <[EMAIL PROTECTED]> wrote:
> Hi, Hello Alexander > > http://dev.gentoo.org/~pappy/kernel/linux-2.6.21.5-get_urandom_long-AT_ENTROPY.patch > > this patch adds the function drivers/char/random.c:get_random_long() > and adds an AT_ENTROPY field in the auxv without config option > (the config option was removed as suggested by Arjan on LKML). > > README: get_random_long() and AT_ENTROPY support for auxv > NAME: Alexander Gabert > EMAIL: [EMAIL PROTECTED] > > > > diff -Nru linux-2.6.21.5.ORIG/drivers/char/random.c > linux-2.6.21.5/drivers/char/random.c > --- linux-2.6.21.5.ORIG/drivers/char/random.c 2007-06-11 > 20:37:06.000000000 +0200 > +++ linux-2.6.21.5/drivers/char/random.c 2007-06-20 > 17:00:35.000000000 +0200 > @@ -1654,6 +1654,53 @@ > } > > /* > + * get_random_long() returns a randomized unsigned long word. > + * It recycles it's entropy cache for a given time period and > + * uses half_md4_transform to generate a unique return value. > + * Every REKEY_INTERVAL the cache is reloaded with fresh > + * randomization data using get_random_bytes(). > + * This function is not intended for strong cryptographic routines. > + */ > +unsigned long get_random_long(void) > +{ > + /* remember the last time we refreshed the cache with random entropy */ > + static time_t rekey_time; > + > + time_t t; > + > + /* > + * the following data in the buffer is unchanged during REKEY_INTERVAL: > + * |----|----|KKKK|KKKK|KKKK|KKKK|KKKK|KKKK|----|----|----|----| > + * ___0____1____2____3____4____5____6____7____8____9___10___11__ > + * > + * the following data is updated during the first half_md4_transform call > + * |----|YYYY|----|----|----|----|----|----|ZZZZ|ZZZZ|ZZZZ|ZZZZ| > + * ___0____1____2____3____4____5____6____7____8____9___10___11__ > + * > + * the following data is updated during the second half_md4_transform > + * |XXXX|----|----|----|----|----|----|----|ZZZZ|ZZZZ|ZZZZ|ZZZZ| > + * ___0____1____2____3____4____5____6____7____8____9___10___11__ > + */ > + static __u32 entropycache[12]; > + > + /* get the current time in seconds */ > + t = get_seconds(); > + > + /* check for REKEY_INTERVAL */ > + if (t && (!rekey_time || ((t - rekey_time) > REKEY_INTERVAL))) { > + rekey_time = t; > + /* refresh with random entropy */ > + get_random_bytes(entropycache, sizeof(entropycache)); > + } Maybe this rekeying can be added in rekey_seq_generator(), so that you dont have to test rekey_time each time get_random_long() is called. You probably could refresh only 8 values, not the full 12 values. > + > + /* transform the buffer to a new state, thus generating new return > value */ > + entropycache[1] = half_md4_transform(entropycache+8, entropycache); > + entropycache[0] = half_md4_transform(entropycache+8, entropycache); > + > + return *(unsigned long *)entropycache; This is not valid on some arches, as entropycache[] alignment (u32 -> 4) might be smaller then alignment for a long (4 or 8). This also adds about 400 instructions (half_md4_transform() is about 200 instructions, about 700 bytes of code on x86_64) in exec() path, but this is probably minor given the cost of exec() I am not sure why you unconditionally call half_md4_transform() twice, since the entropycache[1] wont be used on 32bits platforms. I suggest spliting your entropycache into two parts : One part, with 8 u32, that is read_mostly (and shared by all cpus), updated once every 300 seconds in rekey_seq_generator() static u32 entropycache_shared[8] __read_mostly; One part, with (16/sizeof(long)) long, percpu to avoid false sharing between cpus. static DEFINE_PER_CPU(unsigned long , entropycache_pcpu)[16 / sizeof(unsigned long)]; then call half_md4_transform() once : half_md4_transform((u32 *)entropycache_pcpu, entropycache_shared); return entropycache_pcpu[0]; - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
