1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
## SeedRNG — `seedrng(8)`
##### by [Jason A. Donenfeld](mailto:Jason@zx2c4.com)
SeedRNG is a simple program made for seeding the Linux kernel random number
generator from seed files. The program takes no arguments, must be run as root,
and always attempts to do something useful.
This program is useful in light of the fact that the Linux kernel RNG cannot be
initialized from shell scripts, and new seeds cannot be safely generated from
boot time shell scripts either.
It should be run once at init time and once at shutdown time. It can be run at
other times without detriment as well. Whenever it is run, it writes existing
seed files into the RNG pool, and then creates a new seed file. If the RNG is
initialized at the time of creating a new seed file, then that new seed file is
marked as "creditable", which means it can be used to initialize the RNG.
Otherwise, it is marked as "non-creditable", in which case it is still used to
seed the RNG's pool, but will not initialize the RNG.
In order to ensure that entropy only ever stays the same or increases from one
seed file to the next, old seed values are hashed together with new seed values
when writing new seed files:
```
new_seed = new_seed[:-32] || HASH(fixed_prefix || real_time || boot_time || old_seed_len || old_seed || new_seed_len || new_seed)
```
The seed is stored in `LOCALSTATEDIR/seedrng/`, which can be adjusted at
compile time. If the `SEEDRNG_SKIP_CREDIT` environment variable is set to `1`,
`true`, `yes`, or `y`, then seeds never credit the RNG, even if the seed file
is creditable.
Being a single C file, `seedrng.c`, SeedRNG is meant to be copy and pasted
verbatim into various minimal init system projects and tweaked as needed.
**Please do not package this repo as a standalone program**: it is intended as
utility code meant to be imported into existing projects instead.
### Building & Installing
```
$ make
$ sudo make install
```
In addition to the usual compiler environment variables (`CFLAGS`, etc), the
following environment variable is respected during compilation:
* `LOCALSTATEDIR` default: `/var/lib`
* `RUNSTATEDIR` default: `/var/run`
The following environment variables are respected during installation:
* `PREFIX` default: `/usr`
* `DESTDIR` default:
* `SBINDIR` default: `$(PREFIX)/sbin`
### Usage
```
# seedrng
```
However, this invocation should generally come from init and shutdown scripts.
### License
This program is licensed under any one of the the following licenses, so that it can be incorporated into other software projects as needed:
- GPL-2.0
- Apache-2.0
- MIT
- BSD-1-Clause
- CC0-1.0
|
