1646041a8SMark Murray /*- 2646041a8SMark Murray * Copyright (c) 2015 Mark R V Murray 3646041a8SMark Murray * All rights reserved. 4646041a8SMark Murray * 5646041a8SMark Murray * Redistribution and use in source and binary forms, with or without 6646041a8SMark Murray * modification, are permitted provided that the following conditions 7646041a8SMark Murray * are met: 8646041a8SMark Murray * 1. Redistributions of source code must retain the above copyright 9646041a8SMark Murray * notice, this list of conditions and the following disclaimer 10646041a8SMark Murray * in this position and unchanged. 11646041a8SMark Murray * 2. Redistributions in binary form must reproduce the above copyright 12646041a8SMark Murray * notice, this list of conditions and the following disclaimer in the 13646041a8SMark Murray * documentation and/or other materials provided with the distribution. 14646041a8SMark Murray * 15646041a8SMark Murray * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16646041a8SMark Murray * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17646041a8SMark Murray * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18646041a8SMark Murray * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19646041a8SMark Murray * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20646041a8SMark Murray * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21646041a8SMark Murray * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22646041a8SMark Murray * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23646041a8SMark Murray * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24646041a8SMark Murray * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25646041a8SMark Murray * 26646041a8SMark Murray */ 27646041a8SMark Murray 28646041a8SMark Murray #include <sys/param.h> 29646041a8SMark Murray #include <sys/systm.h> 30646041a8SMark Murray #include <sys/kernel.h> 31646041a8SMark Murray #include <sys/malloc.h> 32646041a8SMark Murray #include <sys/random.h> 33646041a8SMark Murray #include <sys/sysctl.h> 34646041a8SMark Murray 35646041a8SMark Murray #include <dev/random/randomdev.h> 36646041a8SMark Murray 37646041a8SMark Murray /* Set up the sysctl root node for the entropy device */ 38*4312ebfeSPawel Biernacki SYSCTL_NODE(_kern, OID_AUTO, random, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 393782136fSConrad Meyer "Cryptographically Secure Random Number Generator"); 40*4312ebfeSPawel Biernacki SYSCTL_NODE(_kern_random, OID_AUTO, initial_seeding, 41*4312ebfeSPawel Biernacki CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 423782136fSConrad Meyer "Initial seeding control and information"); 433782136fSConrad Meyer 443782136fSConrad Meyer /* 453782136fSConrad Meyer * N.B., this is a dangerous default, but it matches the behavior prior to 463782136fSConrad Meyer * r346250 (and, say, OpenBSD -- although they get some guaranteed saved 473782136fSConrad Meyer * entropy from the prior boot because of their KARL system, on RW media). 483782136fSConrad Meyer */ 493782136fSConrad Meyer bool random_bypass_before_seeding = true; 503782136fSConrad Meyer SYSCTL_BOOL(_kern_random_initial_seeding, OID_AUTO, 513782136fSConrad Meyer bypass_before_seeding, CTLFLAG_RDTUN, &random_bypass_before_seeding, 523782136fSConrad Meyer 0, "If set non-zero, bypass the random device in requests for random " 533782136fSConrad Meyer "data when the random device is not yet seeded. This is considered " 543782136fSConrad Meyer "dangerous. Ordinarily, the random device will block requests until " 553782136fSConrad Meyer "it is seeded by sufficient entropy."); 563782136fSConrad Meyer 573782136fSConrad Meyer /* 583782136fSConrad Meyer * This is a read-only diagnostic that reports the combination of the former 593782136fSConrad Meyer * tunable and actual bypass. It is intended for programmatic inspection by 603782136fSConrad Meyer * userspace administrative utilities after boot. 613782136fSConrad Meyer */ 623782136fSConrad Meyer bool read_random_bypassed_before_seeding = false; 633782136fSConrad Meyer SYSCTL_BOOL(_kern_random_initial_seeding, OID_AUTO, 643782136fSConrad Meyer read_random_bypassed_before_seeding, CTLFLAG_RD, 653782136fSConrad Meyer &read_random_bypassed_before_seeding, 0, "If non-zero, the random device " 663782136fSConrad Meyer "was bypassed because the 'bypass_before_seeding' knob was enabled and a " 673782136fSConrad Meyer "request was submitted prior to initial seeding."); 683782136fSConrad Meyer 693782136fSConrad Meyer /* 703782136fSConrad Meyer * This is a read-only diagnostic that reports the combination of the former 713782136fSConrad Meyer * tunable and actual bypass for arc4random initial seeding. It is intended 723782136fSConrad Meyer * for programmatic inspection by userspace administrative utilities after 733782136fSConrad Meyer * boot. 743782136fSConrad Meyer */ 753782136fSConrad Meyer bool arc4random_bypassed_before_seeding = false; 763782136fSConrad Meyer SYSCTL_BOOL(_kern_random_initial_seeding, OID_AUTO, 773782136fSConrad Meyer arc4random_bypassed_before_seeding, CTLFLAG_RD, 783782136fSConrad Meyer &arc4random_bypassed_before_seeding, 0, "If non-zero, the random device " 793782136fSConrad Meyer "was bypassed when initially seeding the kernel arc4random(9), because " 803782136fSConrad Meyer "the 'bypass_before_seeding' knob was enabled and a request was submitted " 813782136fSConrad Meyer "prior to initial seeding."); 823782136fSConrad Meyer 833782136fSConrad Meyer /* 843782136fSConrad Meyer * This knob is for users who do not want additional warnings in their logs 853782136fSConrad Meyer * because they intend to handle bypass by inspecting the status of the 863782136fSConrad Meyer * diagnostic sysctls. 873782136fSConrad Meyer */ 883782136fSConrad Meyer bool random_bypass_disable_warnings = false; 893782136fSConrad Meyer SYSCTL_BOOL(_kern_random_initial_seeding, OID_AUTO, 903782136fSConrad Meyer disable_bypass_warnings, CTLFLAG_RDTUN, 913782136fSConrad Meyer &random_bypass_disable_warnings, 0, "If non-zero, do not log a warning " 923782136fSConrad Meyer "if the 'bypass_before_seeding' knob is enabled and a request is " 933782136fSConrad Meyer "submitted prior to initial seeding."); 94646041a8SMark Murray 95646041a8SMark Murray MALLOC_DEFINE(M_ENTROPY, "entropy", "Entropy harvesting buffers and data structures"); 96646041a8SMark Murray 97646041a8SMark Murray #if defined(RANDOM_LOADABLE) 983ee1d5bbSConrad Meyer const struct random_algorithm *p_random_alg_context; 993ee1d5bbSConrad Meyer void (*_read_random)(void *, u_int); 1003ee1d5bbSConrad Meyer int (*_read_random_uio)(struct uio *, bool); 1013ee1d5bbSConrad Meyer bool (*_is_random_seeded)(void); 102646041a8SMark Murray #endif /* defined(RANDOM_LOADABLE) */ 103