]>
Commit | Line | Data |
---|---|---|
0b4e3aa0 | 1 | /* |
91447636 | 2 | * Copyright (c) 1999-2004 Apple Computer, Inc. All rights reserved. |
0b4e3aa0 A |
3 | * |
4 | * @APPLE_LICENSE_HEADER_START@ | |
5 | * | |
37839358 A |
6 | * The contents of this file constitute Original Code as defined in and |
7 | * are subject to the Apple Public Source License Version 1.1 (the | |
8 | * "License"). You may not use this file except in compliance with the | |
9 | * License. Please obtain a copy of the License at | |
10 | * http://www.apple.com/publicsource and read it before using this file. | |
0b4e3aa0 | 11 | * |
37839358 A |
12 | * This Original Code and all software distributed under the License are |
13 | * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER | |
0b4e3aa0 A |
14 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, |
15 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, | |
37839358 A |
16 | * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the |
17 | * License for the specific language governing rights and limitations | |
18 | * under the License. | |
0b4e3aa0 A |
19 | * |
20 | * @APPLE_LICENSE_HEADER_END@ | |
21 | */ | |
22 | ||
23 | #include <sys/param.h> | |
24 | #include <sys/systm.h> | |
25 | #include <sys/proc.h> | |
26 | #include <sys/errno.h> | |
27 | #include <sys/ioctl.h> | |
28 | #include <sys/conf.h> | |
29 | #include <sys/fcntl.h> | |
30 | #include <miscfs/devfs/devfs.h> | |
31 | #include <kern/lock.h> | |
0b4e3aa0 A |
32 | #include <sys/time.h> |
33 | #include <sys/malloc.h> | |
91447636 | 34 | #include <sys/uio_internal.h> |
0b4e3aa0 A |
35 | |
36 | #include <dev/random/randomdev.h> | |
37 | #include <dev/random/YarrowCoreLib/include/yarrow.h> | |
38 | ||
39 | #define RANDOM_MAJOR -1 /* let the kernel pick the device number */ | |
40 | ||
55e303ae A |
41 | d_ioctl_t random_ioctl; |
42 | ||
0b4e3aa0 A |
43 | /* |
44 | * A struct describing which functions will get invoked for certain | |
45 | * actions. | |
46 | */ | |
47 | static struct cdevsw random_cdevsw = | |
48 | { | |
49 | random_open, /* open */ | |
50 | random_close, /* close */ | |
51 | random_read, /* read */ | |
52 | random_write, /* write */ | |
91447636 A |
53 | random_ioctl, /* ioctl */ |
54 | (stop_fcn_t *)nulldev, /* stop */ | |
55 | (reset_fcn_t *)nulldev, /* reset */ | |
0b4e3aa0 A |
56 | NULL, /* tty's */ |
57 | eno_select, /* select */ | |
58 | eno_mmap, /* mmap */ | |
59 | eno_strat, /* strategy */ | |
60 | eno_getc, /* getc */ | |
61 | eno_putc, /* putc */ | |
62 | 0 /* type */ | |
63 | }; | |
64 | ||
65 | /* Used to detect whether we've already been initialized */ | |
66 | static int gRandomInstalled = 0; | |
67 | static PrngRef gPrngRef; | |
68 | static int gRandomError = 1; | |
69 | static mutex_t *gYarrowMutex = 0; | |
70 | ||
71 | #define RESEED_TICKS 50 /* how long a reseed operation can take */ | |
72 | ||
91447636 | 73 | |
0b4e3aa0 A |
74 | /* |
75 | *Initialize ONLY the Yarrow generator. | |
76 | */ | |
91447636 | 77 | void PreliminarySetup( void ) |
0b4e3aa0 A |
78 | { |
79 | prng_error_status perr; | |
80 | struct timeval tt; | |
81 | char buffer [16]; | |
82 | ||
83 | /* create a Yarrow object */ | |
84 | perr = prngInitialize(&gPrngRef); | |
85 | if (perr != 0) { | |
86 | printf ("Couldn't initialize Yarrow, /dev/random will not work.\n"); | |
87 | return; | |
88 | } | |
89 | ||
90 | /* clear the error flag, reads and write should then work */ | |
91 | gRandomError = 0; | |
92 | ||
93 | /* get a little non-deterministic data as an initial seed. */ | |
94 | microtime(&tt); | |
95 | ||
96 | /* | |
97 | * So how much of the system clock is entropic? | |
98 | * It's hard to say, but assume that at least the | |
99 | * least significant byte of a 64 bit structure | |
100 | * is entropic. It's probably more, how can you figure | |
101 | * the exact time the user turned the computer on, for example. | |
102 | */ | |
103 | perr = prngInput(gPrngRef, (BYTE*) &tt, sizeof (tt), SYSTEM_SOURCE, 8); | |
104 | if (perr != 0) { | |
105 | /* an error, complain */ | |
106 | printf ("Couldn't seed Yarrow.\n"); | |
107 | return; | |
108 | } | |
109 | ||
110 | /* turn the data around */ | |
111 | perr = prngOutput(gPrngRef, (BYTE*) buffer, sizeof (buffer)); | |
112 | ||
113 | /* and scramble it some more */ | |
114 | perr = prngForceReseed(gPrngRef, RESEED_TICKS); | |
115 | ||
116 | /* make a mutex to control access */ | |
117 | gYarrowMutex = mutex_alloc(0); | |
118 | } | |
119 | ||
120 | /* | |
121 | * Called to initialize our device, | |
122 | * and to register ourselves with devfs | |
123 | */ | |
124 | void | |
91447636 | 125 | random_init( void ) |
0b4e3aa0 A |
126 | { |
127 | int ret; | |
128 | ||
129 | if (gRandomInstalled) | |
130 | return; | |
131 | ||
132 | /* install us in the file system */ | |
133 | gRandomInstalled = 1; | |
134 | ||
135 | /* setup yarrow and the mutex */ | |
136 | PreliminarySetup(); | |
137 | ||
138 | ret = cdevsw_add(RANDOM_MAJOR, &random_cdevsw); | |
139 | if (ret < 0) { | |
140 | printf("random_init: failed to allocate a major number!\n"); | |
141 | gRandomInstalled = 0; | |
142 | return; | |
143 | } | |
144 | ||
145 | devfs_make_node(makedev (ret, 0), DEVFS_CHAR, | |
55e303ae | 146 | UID_ROOT, GID_WHEEL, 0666, "random", 0); |
0b4e3aa0 A |
147 | |
148 | /* | |
149 | * also make urandom | |
150 | * (which is exactly the same thing in our context) | |
151 | */ | |
152 | devfs_make_node(makedev (ret, 1), DEVFS_CHAR, | |
55e303ae A |
153 | UID_ROOT, GID_WHEEL, 0666, "urandom", 0); |
154 | } | |
155 | ||
156 | int | |
91447636 A |
157 | random_ioctl( __unused dev_t dev, u_long cmd, __unused caddr_t data, |
158 | __unused int flag, __unused struct proc *p ) | |
55e303ae A |
159 | { |
160 | switch (cmd) { | |
161 | case FIONBIO: | |
162 | case FIOASYNC: | |
163 | break; | |
164 | default: | |
165 | return ENODEV; | |
166 | } | |
167 | ||
168 | return (0); | |
0b4e3aa0 A |
169 | } |
170 | ||
171 | /* | |
172 | * Open the device. Make sure init happened, and make sure the caller is | |
173 | * authorized. | |
174 | */ | |
175 | ||
176 | int | |
91447636 | 177 | random_open(__unused dev_t dev, int flags, __unused int devtype, __unused struct proc *p) |
0b4e3aa0 A |
178 | { |
179 | if (gRandomError != 0) { | |
180 | /* forget it, yarrow didn't come up */ | |
181 | return (ENOTSUP); | |
182 | } | |
183 | ||
184 | /* | |
185 | * if we are being opened for write, | |
186 | * make sure that we have privledges do so | |
187 | */ | |
188 | if (flags & FWRITE) { | |
189 | if (securelevel >= 2) | |
190 | return (EPERM); | |
55e303ae | 191 | #ifndef __APPLE__ |
91447636 | 192 | if ((securelevel >= 1) && proc_suser(p)) |
0b4e3aa0 | 193 | return (EPERM); |
55e303ae | 194 | #endif /* !__APPLE__ */ |
0b4e3aa0 A |
195 | } |
196 | ||
197 | return (0); | |
198 | } | |
199 | ||
200 | ||
201 | /* | |
202 | * close the device. | |
203 | */ | |
204 | ||
205 | int | |
91447636 | 206 | random_close(__unused dev_t dev, __unused int flags, __unused int mode, __unused struct proc *p) |
0b4e3aa0 A |
207 | { |
208 | return (0); | |
209 | } | |
210 | ||
211 | ||
212 | /* | |
213 | * Get entropic data from the Security Server, and use it to reseed the | |
214 | * prng. | |
215 | */ | |
216 | int | |
91447636 | 217 | random_write (__unused dev_t dev, struct uio *uio, __unused int ioflag) |
0b4e3aa0 A |
218 | { |
219 | int retCode = 0; | |
220 | char rdBuffer[256]; | |
221 | ||
222 | if (gRandomError != 0) { | |
223 | return (ENOTSUP); | |
224 | } | |
225 | ||
226 | /* get control of the Yarrow instance, Yarrow is NOT thread safe */ | |
227 | mutex_lock(gYarrowMutex); | |
228 | ||
229 | /* Security server is sending us entropy */ | |
230 | ||
91447636 | 231 | while (uio_resid(uio) > 0 && retCode == 0) { |
0b4e3aa0 | 232 | /* get the user's data */ |
91447636 A |
233 | // LP64todo - fix this! uio_resid may be 64-bit value |
234 | int bytesToInput = min(uio_resid(uio), sizeof (rdBuffer)); | |
0b4e3aa0 A |
235 | retCode = uiomove(rdBuffer, bytesToInput, uio); |
236 | if (retCode != 0) | |
237 | goto /*ugh*/ error_exit; | |
238 | ||
239 | /* put it in Yarrow */ | |
240 | if (prngInput(gPrngRef, (BYTE*) rdBuffer, | |
241 | sizeof (rdBuffer), SYSTEM_SOURCE, | |
242 | sizeof (rdBuffer) * 8) != 0) { | |
243 | retCode = EIO; | |
244 | goto error_exit; | |
245 | } | |
246 | } | |
247 | ||
248 | /* force a reseed */ | |
249 | if (prngForceReseed(gPrngRef, RESEED_TICKS) != 0) { | |
250 | retCode = EIO; | |
251 | goto error_exit; | |
252 | } | |
253 | ||
254 | /* retCode should be 0 at this point */ | |
255 | ||
256 | error_exit: /* do this to make sure the mutex unlocks. */ | |
257 | mutex_unlock(gYarrowMutex); | |
258 | return (retCode); | |
259 | } | |
260 | ||
261 | /* | |
262 | * return data to the caller. Results unpredictable. | |
263 | */ | |
264 | int | |
91447636 | 265 | random_read(__unused dev_t dev, struct uio *uio, __unused int ioflag) |
0b4e3aa0 A |
266 | { |
267 | int retCode = 0; | |
268 | char wrBuffer[512]; | |
269 | ||
270 | if (gRandomError != 0) | |
271 | return (ENOTSUP); | |
272 | ||
273 | /* lock down the mutex */ | |
274 | mutex_lock(gYarrowMutex); | |
275 | ||
91447636 | 276 | while (uio_resid(uio) > 0 && retCode == 0) { |
0b4e3aa0 | 277 | /* get the user's data */ |
91447636 A |
278 | // LP64todo - fix this! uio_resid may be 64-bit value |
279 | int bytesToRead = min(uio_resid(uio), sizeof (wrBuffer)); | |
0b4e3aa0 A |
280 | |
281 | /* get the data from Yarrow */ | |
282 | if (prngOutput(gPrngRef, (BYTE *) wrBuffer, sizeof (wrBuffer)) != 0) { | |
283 | printf ("Couldn't read data from Yarrow.\n"); | |
284 | ||
285 | /* something's really weird */ | |
286 | retCode = EIO; | |
287 | goto error_exit; | |
288 | } | |
289 | ||
290 | retCode = uiomove(wrBuffer, bytesToRead, uio); | |
291 | ||
292 | if (retCode != 0) | |
293 | goto error_exit; | |
294 | } | |
295 | ||
296 | retCode = 0; | |
297 | ||
298 | error_exit: | |
299 | mutex_unlock(gYarrowMutex); | |
300 | return retCode; | |
301 | } | |
302 | ||
303 | /* export good random numbers to the rest of the kernel */ | |
304 | void | |
305 | read_random(void* buffer, u_int numbytes) | |
306 | { | |
307 | if (gYarrowMutex == 0) { /* are we initialized? */ | |
308 | PreliminarySetup (); | |
309 | } | |
310 | ||
311 | mutex_lock(gYarrowMutex); | |
312 | prngOutput(gPrngRef, (BYTE *) buffer, numbytes); | |
313 | mutex_unlock(gYarrowMutex); | |
314 | } | |
315 | ||
316 | /* | |
317 | * Return an unsigned long pseudo-random number. | |
318 | */ | |
319 | u_long | |
91447636 | 320 | RandomULong( void ) |
0b4e3aa0 A |
321 | { |
322 | u_long buf; | |
323 | read_random(&buf, sizeof (buf)); | |
324 | return (buf); | |
325 | } | |
326 |