Return to ffs_appleufs.c CVS log

Up to [cvs.NetBSD.org] / src / sys / ufs / ffs

First step of random number subsystem rework described in
<20111022023242.BA26F14A158@mail.netbsd.org>.  This change includes
the following:

	An initial cleanup and minor reorganization of the entropy pool
	code in sys/dev/rnd.c and sys/dev/rndpool.c.  Several bugs are
	fixed.  Some effort is made to accumulate entropy more quickly at
	boot time.

	A generic interface, "rndsink", is added, for stream generators to
	request that they be re-keyed with good quality entropy from the pool
	as soon as it is available.

	The arc4random()/arc4randbytes() implementation in libkern is
	adjusted to use the rndsink interface for rekeying, which helps
	address the problem of low-quality keys at boot time.

	An implementation of the FIPS 140-2 statistical tests for random
	number generator quality is provided (libkern/rngtest.c).  This
	is based on Greg Rose's implementation from Qualcomm.

	A new random stream generator, nist_ctr_drbg, is provided.  It is
	based on an implementation of the NIST SP800-90 CTR_DRBG by
	Henric Jungheim.  This generator users AES in a modified counter
	mode to generate a backtracking-resistant random stream.

	An abstraction layer, "cprng", is provided for in-kernel consumers
	of randomness.  The arc4random/arc4randbytes API is deprecated for
	in-kernel use.  It is replaced by "cprng_strong".  The current
	cprng_fast implementation wraps the existing arc4random
	implementation.  The current cprng_strong implementation wraps the
	new CTR_DRBG implementation.  Both interfaces are rekeyed from
	the entropy pool automatically at intervals justifiable from best
	current cryptographic practice.

	In some quick tests, cprng_fast() is about the same speed as
	the old arc4randbytes(), and cprng_strong() is about 20% faster
	than rnd_extract_data().  Performance is expected to improve.

	The AES code in src/crypto/rijndael is no longer an optional
	kernel component, as it is required by cprng_strong, which is
	not an optional kernel component.

	The entropy pool output is subjected to the rngtest tests at
	startup time; if it fails, the system will reboot.  There is
	approximately a 3/10000 chance of a false positive from these
	tests.  Entropy pool _input_ from hardware random numbers is
	subjected to the rngtest tests at attach time, as well as the
	FIPS continuous-output test, to detect bad or stuck hardware
	RNGs; if any are detected, they are detached, but the system
	continues to run.

	A problem with rndctl(8) is fixed -- datastructures with
	pointers in arrays are no longer passed to userspace (this
	was not a security problem, but rather a major issue for
	compat32).  A new kernel will require a new rndctl.

	The sysctl kern.arandom() and kern.urandom() nodes are hooked
	up to the new generators, but the /dev/*random pseudodevices
	are not, yet.

	Manual pages for the new kernel interfaces are forthcoming.

/*	$NetBSD: ffs_appleufs.c,v 1.12 2011/11/19 22:51:31 tls Exp $	*/

/*
 * Copyright (c) 2002 Darrin B. Jewell
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: ffs_appleufs.c,v 1.12 2011/11/19 22:51:31 tls Exp $");

#include <sys/param.h>
#include <sys/time.h>
#if defined(_KERNEL)
#include <sys/kernel.h>
#include <sys/systm.h>
#include <sys/cprng.h>
#endif

#include <ufs/ufs/dinode.h>
#include <ufs/ufs/ufs_bswap.h>
#include <ufs/ffs/fs.h>
#include <ufs/ffs/ffs_extern.h>

#if !defined(_KERNEL) && !defined(STANDALONE)
#include <stddef.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <assert.h>
#define KASSERT(x) assert(x)
#endif

/*
 * this is the same calculation as in_cksum
 */
u_int16_t
ffs_appleufs_cksum(const struct appleufslabel *appleufs)
{
	const u_int16_t *p = (const u_int16_t *)appleufs;
	int len = APPLEUFS_LABEL_SIZE; /* sizeof(struct appleufslabel) */
	long res = 0;
	while (len > 1)  {
		res += *p++;
		len -= 2;
	}
#if 0 /* APPLEUFS_LABEL_SIZE is guaranteed to be even */
	if (len == 1)
		res += htobe16(*(u_char *)p<<8);
#endif
	res = (res >> 16) + (res & 0xffff);
	res += (res >> 16);
	return (~res);
}

/* copies o to n, validating and byteswapping along the way
 * returns 0 if ok, EINVAL if not valid
 */
int
ffs_appleufs_validate(const char *name, const struct appleufslabel *o,
    struct appleufslabel *n)
{
	struct appleufslabel tmp;
	if (!n) n = &tmp;

	if (o->ul_magic != be32toh(APPLEUFS_LABEL_MAGIC)) {
		return EINVAL;
	}
	*n = *o;
	n->ul_checksum = 0;
	n->ul_checksum = ffs_appleufs_cksum(n);
	if (n->ul_checksum != o->ul_checksum) {
#if defined(DIAGNOSTIC) || !defined(_KERNEL)
		printf("%s: invalid APPLE UFS checksum. found 0x%x, expecting 0x%x",
			name,o->ul_checksum,n->ul_checksum);
#endif
		return EINVAL;
	}
	n->ul_magic = be32toh(o->ul_magic);
	n->ul_version = be32toh(o->ul_version);
	n->ul_time = be32toh(o->ul_time);
	n->ul_namelen = be16toh(o->ul_namelen);

	if (n->ul_namelen > APPLEUFS_MAX_LABEL_NAME) {
#if defined(DIAGNOSTIC) || !defined(_KERNEL)
		printf("%s: APPLE UFS label name too long, truncated.\n",
				name);
#endif
		n->ul_namelen = APPLEUFS_MAX_LABEL_NAME;
	}
	/* if len is max, will set ul_unused1 */
	n->ul_name[n->ul_namelen - 1] = '\0';

#ifdef DEBUG
	printf("%s: found APPLE UFS label v%d: \"%s\"\n",
	    name,n->ul_version,n->ul_name);
#endif
	n->ul_uuid = be64toh(o->ul_uuid);

	return 0;
}

void
ffs_appleufs_set(struct appleufslabel *appleufs, const char *name, time_t t,
    uint64_t uuid)
{
	size_t namelen;
	if (!name) name = "untitled";
	if (t == ((time_t)-1)) {
#if defined(_KERNEL)
		t = time_second;
#elif defined(STANDALONE)
		t = 0;
#else
		(void)time(&t);
#endif
	}
	if (uuid == 0) {
#if defined(_KERNEL) && !defined(STANDALONE)
		uuid = cprng_fast64();
#endif
	}
	namelen = strlen(name);
	if (namelen > APPLEUFS_MAX_LABEL_NAME)
		namelen = APPLEUFS_MAX_LABEL_NAME;
	memset(appleufs, 0, APPLEUFS_LABEL_SIZE);
	appleufs->ul_magic   = htobe32(APPLEUFS_LABEL_MAGIC);
	appleufs->ul_version = htobe32(APPLEUFS_LABEL_VERSION);
	appleufs->ul_time    = htobe32((u_int32_t)t);
	appleufs->ul_namelen = htobe16(namelen);
	strncpy(appleufs->ul_name,name,namelen);
	appleufs->ul_uuid    = htobe64(uuid);
	appleufs->ul_checksum = ffs_appleufs_cksum(appleufs);
}