diff options
| author | Justus Winter <justus@gnupg.org> | 2017-06-02 00:47:07 +0200 |
|---|---|---|
| committer | Justus Winter <justus@gnupg.org> | 2017-06-03 16:17:08 +0200 |
| commit | 29ff193d27436e52d8112903c882ebe52f071d88 (patch) | |
| tree | 0a2b3b6ec7b0ce0d1ebbbd8db7508f7cb7bd7e42 /sutils | |
| parent | ce6764db1e045421fc9a199a334f63318d9f79d2 (diff) | |
trans: New random translator.
Previously, the Hurd included a translator providing /dev/random and
/dev/urandom based on a source copy of the random number generator
found in classic GnuPG.
The new random translator is using the SHAKE128 algorithm from the
SHA-3 family as the underlying cryptographic primitive. Being a
sponge construction, it allows the extraction of arbitrary amounts of
pseudorandom data. It is continuously fed entropy by hashing system
state that is hard to predict.
* Makefile (prog-subdirs): Remove 'random'.
* NEWS: Update.
* random/Makefile: Delete file.
* random/TODO: Likewise.
* random/gnupg-bithelp.h: Likewise.
* random/gnupg-glue.h: Likewise.
* random/gnupg-random.c: Likewise.
* random/gnupg-random.h: Likewise.
* random/gnupg-rmd.h: Likewise.
* random/gnupg-rmd160.c: Likewise.
* random/random.h: Likewise.
* sutils/MAKEDEV.sh (random): Create node.
(urandom): The new translator is both secure and non-blocking. Create
a link from urandom to random for compatibility with Linux.
* trans/Makefile (targets): Add 'random'.
* trans/random.c: Move the skeleton of the old random translator here,
but replace the PRNG with SHAKE128. Remove all dubious attempts of
accounting for entropy. Do not block ever.
Diffstat (limited to 'sutils')
| -rw-r--r-- | sutils/MAKEDEV.sh | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/sutils/MAKEDEV.sh b/sutils/MAKEDEV.sh index 1baec151..0730a64b 100644 --- a/sutils/MAKEDEV.sh +++ b/sutils/MAKEDEV.sh @@ -100,7 +100,7 @@ mkdev() { ;; std) - mkdev console tty urandom null zero full fd time mem klog shm + mkdev console tty random urandom null zero full fd time mem klog shm ;; console|com[0-9]) st $I root 600 /hurd/term ${DEVDIR}/$I device $I;; @@ -111,8 +111,12 @@ mkdev() { ${DEVDIR}/vcs/`echo $I | sed -e s/tty//`/console;; lpr[0-9]) st $I root 660 /hurd/streamio "$I";; + random) + st $I root 644 /hurd/random --seed-file /var/lib/random-seed;; urandom) - st $I root 644 /hurd/random --fast --seed-file /var/lib/random-seed;; + # Our /dev/random is both secure and non-blocking. Create a + # link for compatibility with Linux. + cmd ln -f -s random $I;; null) st $I root 666 /hurd/null;; full) |