Commit 4ec78bd1 authored by Niels Möller's avatar Niels Möller
Browse files

Work in progress.

Rev: src/lsh-make-seed.c:1.2
parent 781c398f
......@@ -33,6 +33,10 @@
#include <stdlib.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <fcntl.h>
#if HAVE_UNISTD_H
#include <unistd.h>
#endif
......@@ -141,13 +145,205 @@ main_argp =
NULL, NULL
};
/* The sources we use. */
enum source_type
{
/* Data from /dev/random, if available */
SOURCE_DEV_RANDOM,
/* Data from /dev/mem, if we have permissions */
SOURCE_DEV_MEM,
/* Output from miscellaneous commands */
SOURCE_SYSTEM,
/* As a last resort, ask the user to type on the keyboard. */
SOURCE_USER,
/* Number of sources */
NSOURCES
};
static void
get_dev_random(struct yarrow256_ctx *ctx, enum source_type source)
{
}
static void
get_dev_mem(struct yarrow256_ctx *ctx, enum source_type source)
{
}
static void
get_system(struct yarrow256_ctx *ctx, enum source_type source)
{
/* List of commands based on Peter Gutmann's cryptlib,
* misc/rndunix.c. <URL:
* http://www.cs.auckland.ac.nz/~pgut001/cryptlib/> */
#if 0
static struct RI {
const char *path; /* Path to check for existence of source */
const char *arg; /* Args for source */
const int usefulness; /* Usefulness of source */
FILE *pipe; /* Pipe to source as FILE * */
int pipeFD; /* Pipe to source as FD */
pid_t pid; /* pid of child for waitpid() */
int length; /* Quantity of output produced */
const BOOLEAN hasAlternative; /* Whether source has alt.location */
} dataSources[] = {
{ "/bin/vmstat", "-s", SC( -3 ), NULL, 0, 0, 0, TRUE },
{ "/usr/bin/vmstat", "-s", SC( -3 ), NULL, 0, 0, 0, FALSE },
{ "/bin/vmstat", "-c", SC( -3 ), NULL, 0, 0, 0, TRUE },
{ "/usr/bin/vmstat", "-c", SC( -3 ), NULL, 0, 0, 0, FALSE },
{ "/usr/bin/pfstat", NULL, SC( -2 ), NULL, 0, 0, 0, FALSE },
{ "/bin/vmstat", "-i", SC( -2 ), NULL, 0, 0, 0, TRUE },
{ "/usr/bin/vmstat", "-i", SC( -2 ), NULL, 0, 0, 0, FALSE },
{ "/usr/ucb/netstat", "-s", SC( 2 ), NULL, 0, 0, 0, TRUE },
{ "/usr/bin/netstat", "-s", SC( 2 ), NULL, 0, 0, 0, TRUE },
{ "/usr/sbin/netstat", "-s", SC( 2 ), NULL, 0, 0, 0, TRUE },
{ "/bin/netstat", "-s", SC( 2 ), NULL, 0, 0, 0, TRUE },
{ "/usr/etc/netstat", "-s", SC( 2 ), NULL, 0, 0, 0, FALSE },
{ "/usr/bin/nfsstat", NULL, SC( 2 ), NULL, 0, 0, 0, FALSE },
{ "/usr/ucb/netstat", "-m", SC( -1 ), NULL, 0, 0, 0, TRUE },
{ "/usr/bin/netstat", "-m", SC( -1 ), NULL, 0, 0, 0, TRUE },
{ "/usr/sbin/netstat", "-m", SC( -1 ), NULL, 0, 0, 0, TRUE },
{ "/bin/netstat", "-m", SC( -1 ), NULL, 0, 0, 0, TRUE },
{ "/usr/etc/netstat", "-m", SC( -1 ), NULL, 0, 0, 0, FALSE },
{ "/usr/ucb/netstat", "-in", SC( -1 ), NULL, 0, 0, 0, TRUE },
{ "/usr/bin/netstat", "-in", SC( -1 ), NULL, 0, 0, 0, TRUE },
{ "/usr/sbin/netstat", "-in", SC( -1 ), NULL, 0, 0, 0, TRUE },
{ "/bin/netstat", "-in", SC( -1 ), NULL, 0, 0, 0, TRUE },
{ "/usr/etc/netstat", "-in", SC( -1 ), NULL, 0, 0, 0, FALSE },
{ "/usr/sbin/ntptrace", "-r2 -t1 -nv", SC( -1 ), NULL, 0, 0, 0, FALSE },
{ "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.7.1.0", SC( -1 ), NULL, 0, 0, 0, FALSE }, /* UDP in */
{ "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.7.4.0", SC( -1 ), NULL, 0, 0, 0, FALSE }, /* UDP out */
{ "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.4.3.0", SC( -1 ), NULL, 0, 0, 0, FALSE }, /* IP ? */
{ "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.6.10.0", SC( -1 ), NULL, 0, 0, 0, FALSE }, /* TCP ? */
{ "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.6.11.0", SC( -1 ), NULL, 0, 0, 0, FALSE }, /* TCP ? */
{ "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.6.13.0", SC( -1 ), NULL, 0, 0, 0, FALSE }, /* TCP ? */
{ "/usr/bin/mpstat", NULL, SC( 1 ), NULL, 0, 0, 0, FALSE },
{ "/usr/bin/w", NULL, SC( 1 ), NULL, 0, 0, 0, TRUE },
{ "/usr/bsd/w", NULL, SC( 1 ), NULL, 0, 0, 0, FALSE },
{ "/usr/bin/df", NULL, SC( 1 ), NULL, 0, 0, 0, TRUE },
{ "/bin/df", NULL, SC( 1 ), NULL, 0, 0, 0, FALSE },
{ "/usr/sbin/portstat", NULL, SC( 1 ), NULL, 0, 0, 0, FALSE },
{ "/usr/bin/iostat", NULL, SC( SC_0 ), NULL, 0, 0, 0, FALSE },
{ "/usr/bin/uptime", NULL, SC( SC_0 ), NULL, 0, 0, 0, TRUE },
{ "/usr/bsd/uptime", NULL, SC( SC_0 ), NULL, 0, 0, 0, FALSE },
{ "/bin/vmstat", "-f", SC( SC_0 ), NULL, 0, 0, 0, TRUE },
{ "/usr/bin/vmstat", "-f", SC( SC_0 ), NULL, 0, 0, 0, FALSE },
{ "/bin/vmstat", NULL, SC( SC_0 ), NULL, 0, 0, 0, TRUE },
{ "/usr/bin/vmstat", NULL, SC( SC_0 ), NULL, 0, 0, 0, FALSE },
{ "/usr/ucb/netstat", "-n", SC( 0.5 ), NULL, 0, 0, 0, TRUE },
{ "/usr/bin/netstat", "-n", SC( 0.5 ), NULL, 0, 0, 0, TRUE },
{ "/usr/sbin/netstat", "-n", SC( 0.5) , NULL, 0, 0, 0, TRUE },
{ "/bin/netstat", "-n", SC( 0.5) , NULL, 0, 0, 0, TRUE },
{ "/usr/etc/netstat", "-n", SC( 0.5) , NULL, 0, 0, 0, FALSE },
#if defined( __sgi ) || defined( __hpux )
{ "/bin/ps", "-el", SC( 0.3 ), NULL, 0, 0, 0, TRUE },
#endif /* __sgi || __hpux */
{ "/usr/ucb/ps", "aux", SC( 0.3 ), NULL, 0, 0, 0, TRUE },
{ "/usr/bin/ps", "aux", SC( 0.3 ), NULL, 0, 0, 0, TRUE },
{ "/bin/ps", "aux", SC( 0.3 ), NULL, 0, 0, 0, FALSE },
{ "/usr/bin/ipcs", "-a", SC( 0.5 ), NULL, 0, 0, 0, TRUE },
{ "/bin/ipcs", "-a", SC( 0.5 ), NULL, 0, 0, 0, FALSE },
/* Unreliable source, depends on system usage */
{ "/etc/pstat", "-p", SC( 0.5 ), NULL, 0, 0, 0, TRUE },
{ "/bin/pstat", "-p", SC( 0.5 ), NULL, 0, 0, 0, FALSE },
{ "/etc/pstat", "-S", SC( 0.2 ), NULL, 0, 0, 0, TRUE },
{ "/bin/pstat", "-S", SC( 0.2 ), NULL, 0, 0, 0, FALSE },
{ "/etc/pstat", "-v", SC( 0.2 ), NULL, 0, 0, 0, TRUE },
{ "/bin/pstat", "-v", SC( 0.2 ), NULL, 0, 0, 0, FALSE },
{ "/etc/pstat", "-x", SC( 0.2 ), NULL, 0, 0, 0, TRUE },
{ "/bin/pstat", "-x", SC( 0.2 ), NULL, 0, 0, 0, FALSE },
{ "/etc/pstat", "-t", SC( 0.1 ), NULL, 0, 0, 0, TRUE },
{ "/bin/pstat", "-t", SC( 0.1 ), NULL, 0, 0, 0, FALSE },
/* pstat is your friend */
{ "/usr/bin/last", "-n 50", SC( 0.3 ), NULL, 0, 0, 0, TRUE },
#ifdef __sgi
{ "/usr/bsd/last", "-50", SC( 0.3 ), NULL, 0, 0, 0, FALSE },
#endif /* __sgi */
#ifdef __hpux
{ "/etc/last", "-50", SC( 0.3 ), NULL, 0, 0, 0, FALSE },
#endif /* __hpux */
{ "/usr/bsd/last", "-n 50", SC( 0.3 ), NULL, 0, 0, 0, FALSE },
#ifdef sun
{ "/usr/bin/showrev", "-a", SC( 0.1 ), NULL, 0, 0, 0, FALSE },
{ "/usr/sbin/swap", "-l", SC( SC_0 ), NULL, 0, 0, 0, FALSE },
{ "/usr/sbin/prtconf", "-v", SC( SC_0 ), NULL, 0, 0, 0, FALSE },
#endif /* sun */
{ "/usr/sbin/psrinfo", NULL, SC( SC_0 ), NULL, 0, 0, 0, FALSE },
{ "/usr/local/bin/lsof", "-lnwP", SC( 0.3 ), NULL, 0, 0, 0, FALSE },
/* Output is very system and version-dependent */
{ "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.5.1.0", SC( 0.1 ), NULL, 0, 0, 0, FALSE }, /* ICMP ? */
{ "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.5.3.0", SC( 0.1 ), NULL, 0, 0, 0, FALSE }, /* ICMP ? */
{ "/etc/arp", "-a", SC( 0.1 ), NULL, 0, 0, 0, TRUE },
{ "/usr/etc/arp", "-a", SC( 0.1 ), NULL, 0, 0, 0, TRUE },
{ "/usr/bin/arp", "-a", SC( 0.1 ), NULL, 0, 0, 0, TRUE },
{ "/usr/sbin/arp", "-a", SC( 0.1 ), NULL, 0, 0, 0, FALSE },
{ "/usr/sbin/ripquery", "-nw 1 127.0.0.1", SC( 0.1 ), NULL, 0, 0, 0, FALSE },
{ "/bin/lpstat", "-t", SC( 0.1 ), NULL, 0, 0, 0, TRUE },
{ "/usr/bin/lpstat", "-t", SC( 0.1 ), NULL, 0, 0, 0, TRUE },
{ "/usr/ucb/lpstat", "-t", SC( 0.1 ), NULL, 0, 0, 0, FALSE },
{ "/usr/bin/tcpdump", "-c 5 -efvvx", SC( 1 ), NULL, 0, 0, 0, FALSE },
/* This is very environment-dependant. If
network traffic is low, it'll probably time
out before delivering 5 packets, which is OK
because it'll probably be fixed stuff like
ARP anyway */
{ "/usr/sbin/advfsstat", "-b usr_domain", SC( SC_0 ), NULL, 0, 0, 0, FALSE },
{ "/usr/sbin/advfsstat", "-l 2 usr_domain", SC( 0.5 ), NULL, 0, 0, 0, FALSE },
{ "/usr/sbin/advfsstat", "-p usr_domain", SC( SC_0 ), NULL, 0, 0, 0, FALSE },
/* This is a complex and screwball program. Some
systems have things like rX_dmn, x = integer,
for RAID systems, but the statistics are
pretty dodgy */
#if 0
/* The following aren't enabled since they're somewhat slow and not very
unpredictable, however they give an indication of the sort of sources
you can use (for example the finger might be more useful on a
firewalled internal network) */
{ "/usr/bin/finger", "@ml.media.mit.edu", SC( 0.9 ), NULL, 0, 0, 0, FALSE },
{ "/usr/local/bin/wget", "-O - http://lavarand.sgi.com/block.html", SC( 0.9 ), NULL, 0, 0, 0, FALSE },
{ "/bin/cat", "/usr/spool/mqueue/syslog", SC( 0.9 ), NULL, 0, 0, 0, FALSE },
#endif /* 0 */
{ NULL, NULL, 0, NULL, 0, 0, 0, FALSE } };
#endif
}
static void
get_interact(struct yarrow256_ctx *ctx, enum source_type source)
{
}
int
main(int argc, char **argv)
{
struct lsh_make_seed_options_options *options = make_options();
struct lsh_make_seed_options *options = make_options();
int fd;
struct yarrow256_ctx yarrow;
struct yarrow_source sources[NSOURCES];
argp_parse(&main_argp, argc, argv, 0, NULL, options);
yarrow256_init(&yarrow, NSOURCES, sources);
get_dev_random(&yarrow, SOURCE_DEV_RANDOM);
get_dev_mem(&yarrow, SOURCE_DEV_MEM);
get_system(&yarrow, SOURCE_SYSTEM);
if (!yarrow256_is_seeded(&yarrow))
{
/* Get the number of additional sources that need to get above
* the reseed threshold before a reseed happens. */
if (yarrow256_needed_sources(&yarrow) > 1)
{
werror("Couldn't get enough randomness from the environment.\n");
return EXIT_FAILURE;
}
get_interact(&yarrow, SOURCE_USER);
}
return EXIT_SUCCESS;
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment