[apple/xnu.git] / bsd / dev / random / randomdev.c

/*
 * Copyright (c) 1999, 2000-2003 Apple Computer, Inc. All rights reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 * 
 * Copyright (c) 1999-2003 Apple Computer, Inc.  All Rights Reserved.
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */

#include <sys/param.h>
#include <sys/systm.h>
#include <sys/proc.h>
#include <sys/errno.h>
#include <sys/ioctl.h>
#include <sys/conf.h>
#include <sys/fcntl.h>
#include <miscfs/devfs/devfs.h>
#include <kern/lock.h>
#include <sys/time.h>
#include <sys/malloc.h>

#include <dev/random/randomdev.h>
#include <dev/random/YarrowCoreLib/include/yarrow.h>

#define RANDOM_MAJOR  -1 /* let the kernel pick the device number */

d_ioctl_t       random_ioctl;

/*
 * A struct describing which functions will get invoked for certain
 * actions.
 */
static struct cdevsw random_cdevsw =
{
	random_open,		/* open */
	random_close,		/* close */
	random_read,		/* read */
	random_write,		/* write */
	random_ioctl,			/* ioctl */
	nulldev,			/* stop */
	nulldev,			/* reset */
	NULL,				/* tty's */
	eno_select,			/* select */
	eno_mmap,			/* mmap */
	eno_strat,			/* strategy */
	eno_getc,			/* getc */
	eno_putc,			/* putc */
	0					/* type */
};

/* Used to detect whether we've already been initialized */
static int gRandomInstalled = 0;
static PrngRef gPrngRef;
static int gRandomError = 1;
static mutex_t *gYarrowMutex = 0;

#define RESEED_TICKS 50 /* how long a reseed operation can take */

/*
 *Initialize ONLY the Yarrow generator.
 */
void PreliminarySetup ()
{
    prng_error_status perr;
    struct timeval tt;
    char buffer [16];

    /* create a Yarrow object */
    perr = prngInitialize(&gPrngRef);
    if (perr != 0) {
        printf ("Couldn't initialize Yarrow, /dev/random will not work.\n");
        return;
    }

	/* clear the error flag, reads and write should then work */
    gRandomError = 0;

    /* get a little non-deterministic data as an initial seed. */
    microtime(&tt);

    /*
	 * So how much of the system clock is entropic?
	 * It's hard to say, but assume that at least the
	 * least significant byte of a 64 bit structure
	 * is entropic.  It's probably more, how can you figure
	 * the exact time the user turned the computer on, for example.
    */
    perr = prngInput(gPrngRef, (BYTE*) &tt, sizeof (tt), SYSTEM_SOURCE, 8);
    if (perr != 0) {
        /* an error, complain */
        printf ("Couldn't seed Yarrow.\n");
        return;
    }
    
    /* turn the data around */
    perr = prngOutput(gPrngRef, (BYTE*) buffer, sizeof (buffer));
    
    /* and scramble it some more */
    perr = prngForceReseed(gPrngRef, RESEED_TICKS);
    
    /* make a mutex to control access */
    gYarrowMutex = mutex_alloc(0);
}

/*
 * Called to initialize our device,
 * and to register ourselves with devfs
 */
void
random_init()
{
	int ret;

	if (gRandomInstalled)
		return;

	/* install us in the file system */
	gRandomInstalled = 1;

	/* setup yarrow and the mutex */
	PreliminarySetup();

	ret = cdevsw_add(RANDOM_MAJOR, &random_cdevsw);
	if (ret < 0) {
		printf("random_init: failed to allocate a major number!\n");
		gRandomInstalled = 0;
		return;
	}

	devfs_make_node(makedev (ret, 0), DEVFS_CHAR,
		UID_ROOT, GID_WHEEL, 0666, "random", 0);

	/*
	 * also make urandom 
	 * (which is exactly the same thing in our context)
	 */
	devfs_make_node(makedev (ret, 1), DEVFS_CHAR,
		UID_ROOT, GID_WHEEL, 0666, "urandom", 0);
}

int
random_ioctl(dev, cmd, data, flag, p)
        dev_t dev;
        u_long cmd;
        caddr_t data;
        int flag;
        struct proc *p;
{
	switch (cmd) {
	case FIONBIO:
	case FIOASYNC:
		break;
	default:
		return ENODEV;
	}

	return (0);
}

/*
 * Open the device.  Make sure init happened, and make sure the caller is
 * authorized.
 */
 
int
random_open(dev_t dev, int flags, int devtype, struct proc *p)
{
	if (gRandomError != 0) {
		/* forget it, yarrow didn't come up */
		return (ENOTSUP);
	}

	/*
	 * if we are being opened for write,
	 * make sure that we have privledges do so
	 */
	if (flags & FWRITE) {
		if (securelevel >= 2)
			return (EPERM);
#ifndef __APPLE__
		if ((securelevel >= 1) && suser(p->p_ucred, &p->p_acflag))
			return (EPERM);
#endif	/* !__APPLE__ */
	}

	return (0);
}


/*
 * close the device.
 */
 
int
random_close(dev_t dev, int flags, int mode, struct proc *p)
{
	return (0);
}


/*
 * Get entropic data from the Security Server, and use it to reseed the
 * prng.
 */
int
random_write (dev_t dev, struct uio *uio, int ioflag)
{
    int retCode = 0;
    char rdBuffer[256];

    if (gRandomError != 0) {
        return (ENOTSUP);
    }
    
    /* get control of the Yarrow instance, Yarrow is NOT thread safe */
    mutex_lock(gYarrowMutex);
    
    /* Security server is sending us entropy */

    while (uio->uio_resid > 0 && retCode == 0) {
        /* get the user's data */
        int bytesToInput = min(uio->uio_resid, sizeof (rdBuffer));
        retCode = uiomove(rdBuffer, bytesToInput, uio);
        if (retCode != 0)
            goto /*ugh*/ error_exit;
        
        /* put it in Yarrow */
        if (prngInput(gPrngRef, (BYTE*) rdBuffer,
			sizeof (rdBuffer), SYSTEM_SOURCE,
        	sizeof (rdBuffer) * 8) != 0) {
            retCode = EIO;
            goto error_exit;
        }
    }
    
    /* force a reseed */
    if (prngForceReseed(gPrngRef, RESEED_TICKS) != 0) {
        retCode = EIO;
        goto error_exit;
    }
    
    /* retCode should be 0 at this point */
    
error_exit: /* do this to make sure the mutex unlocks. */
    mutex_unlock(gYarrowMutex);
    return (retCode);
}

/*
 * return data to the caller.  Results unpredictable.
 */ 
int
random_read(dev_t dev, struct uio *uio, int ioflag)
{
    int retCode = 0;
    char wrBuffer[512];

    if (gRandomError != 0)
        return (ENOTSUP);

   /* lock down the mutex */
    mutex_lock(gYarrowMutex);

    while (uio->uio_resid > 0 && retCode == 0) {
        /* get the user's data */
        int bytesToRead = min(uio->uio_resid, sizeof (wrBuffer));
        
        /* get the data from Yarrow */
        if (prngOutput(gPrngRef, (BYTE *) wrBuffer, sizeof (wrBuffer)) != 0) {
            printf ("Couldn't read data from Yarrow.\n");
            
            /* something's really weird */
            retCode = EIO;
            goto error_exit;
        }
        
        retCode = uiomove(wrBuffer, bytesToRead, uio);
        
        if (retCode != 0)
            goto error_exit;
    }
    
    retCode = 0;
    
error_exit:
    mutex_unlock(gYarrowMutex);
    return retCode;
}

/* export good random numbers to the rest of the kernel */
void
read_random(void* buffer, u_int numbytes)
{
    if (gYarrowMutex == 0) { /* are we initialized? */
        PreliminarySetup ();
    }
    
    mutex_lock(gYarrowMutex);
    prngOutput(gPrngRef, (BYTE *) buffer, numbytes);
    mutex_unlock(gYarrowMutex);
}

/*
 * Return an unsigned long pseudo-random number.
 */
u_long
RandomULong()
{
	u_long buf;
	read_random(&buf, sizeof (buf));
	return (buf);
}
Commit	Line	Data
0b4e3aa0	1	/*
55e303ae	2	* Copyright (c) 1999, 2000-2003 Apple Computer, Inc. All rights reserved.
0b4e3aa0 A	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
43866e37	6	* Copyright (c) 1999-2003 Apple Computer, Inc. All Rights Reserved.
0b4e3aa0	7	*
43866e37 A	8	* This file contains Original Code and/or Modifications of Original Code
	9	* as defined in and that are subject to the Apple Public Source License
	10	* Version 2.0 (the 'License'). You may not use this file except in
	11	* compliance with the License. Please obtain a copy of the License at
	12	* http://www.opensource.apple.com/apsl/ and read it before using this
	13	* file.
	14	*
	15	* The Original Code and all software distributed under the License are
	16	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
0b4e3aa0 A	17	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
0b4e3aa0 A	18	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
43866e37 A	19	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	20	* Please see the License for the specific language governing rights and
	21	* limitations under the License.
0b4e3aa0 A	22	*
	23	* @APPLE_LICENSE_HEADER_END@
	24	*/
	25
	26	#include <sys/param.h>
	27	#include <sys/systm.h>
	28	#include <sys/proc.h>
	29	#include <sys/errno.h>
	30	#include <sys/ioctl.h>
	31	#include <sys/conf.h>
	32	#include <sys/fcntl.h>
	33	#include <miscfs/devfs/devfs.h>
	34	#include <kern/lock.h>
0b4e3aa0 A	35	#include <sys/time.h>
	36	#include <sys/malloc.h>
	37
	38	#include <dev/random/randomdev.h>
	39	#include <dev/random/YarrowCoreLib/include/yarrow.h>
	40
	41	#define RANDOM_MAJOR -1 /* let the kernel pick the device number */
	42
55e303ae A	43	d_ioctl_t random_ioctl;
55e303ae A	44
0b4e3aa0 A	45	/*
	46	* A struct describing which functions will get invoked for certain
	47	* actions.
	48	*/
	49	static struct cdevsw random_cdevsw =
	50	{
	51	random_open, /* open */
	52	random_close, /* close */
	53	random_read, /* read */
	54	random_write, /* write */
55e303ae	55	random_ioctl, /* ioctl */
0b4e3aa0 A	56	nulldev, /* stop */
	57	nulldev, /* reset */
	58	NULL, /* tty's */
	59	eno_select, /* select */
	60	eno_mmap, /* mmap */
	61	eno_strat, /* strategy */
	62	eno_getc, /* getc */
	63	eno_putc, /* putc */
	64	0 /* type */
	65	};
	66
	67	/* Used to detect whether we've already been initialized */
	68	static int gRandomInstalled = 0;
	69	static PrngRef gPrngRef;
	70	static int gRandomError = 1;
	71	static mutex_t *gYarrowMutex = 0;
	72
	73	#define RESEED_TICKS 50 /* how long a reseed operation can take */
	74
	75	/*
	76	*Initialize ONLY the Yarrow generator.
	77	*/
	78	void PreliminarySetup ()
	79	{
	80	prng_error_status perr;
	81	struct timeval tt;
	82	char buffer [16];
	83
	84	/* create a Yarrow object */
	85	perr = prngInitialize(&gPrngRef);
	86	if (perr != 0) {
	87	printf ("Couldn't initialize Yarrow, /dev/random will not work.\n");
	88	return;
	89	}
	90
	91	/* clear the error flag, reads and write should then work */
	92	gRandomError = 0;
	93
	94	/* get a little non-deterministic data as an initial seed. */
	95	microtime(&tt);
	96
	97	/*
	98	* So how much of the system clock is entropic?
	99	* It's hard to say, but assume that at least the
	100	* least significant byte of a 64 bit structure
	101	* is entropic. It's probably more, how can you figure
	102	* the exact time the user turned the computer on, for example.
	103	*/
	104	perr = prngInput(gPrngRef, (BYTE*) &tt, sizeof (tt), SYSTEM_SOURCE, 8);
	105	if (perr != 0) {
	106	/* an error, complain */
	107	printf ("Couldn't seed Yarrow.\n");
	108	return;
	109	}
	110
	111	/* turn the data around */
	112	perr = prngOutput(gPrngRef, (BYTE*) buffer, sizeof (buffer));
	113
	114	/* and scramble it some more */
	115	perr = prngForceReseed(gPrngRef, RESEED_TICKS);
	116
	117	/* make a mutex to control access */
	118	gYarrowMutex = mutex_alloc(0);
	119	}
120
121	/*
122	* Called to initialize our device,
123	* and to register ourselves with devfs
124	*/
125	void
126	random_init()
127	{
128	int ret;
129
130	if (gRandomInstalled)
131	return;
132
133	/* install us in the file system */
134	gRandomInstalled = 1;
135
136	/* setup yarrow and the mutex */
137	PreliminarySetup();
138
139	ret = cdevsw_add(RANDOM_MAJOR, &random_cdevsw);
140	if (ret < 0) {
141	printf("random_init: failed to allocate a major number!\n");
142	gRandomInstalled = 0;
143	return;
144	}
145
146	devfs_make_node(makedev (ret, 0), DEVFS_CHAR,
55e303ae	147	UID_ROOT, GID_WHEEL, 0666, "random", 0);
0b4e3aa0 A	148
	149	/*
	150	* also make urandom
	151	* (which is exactly the same thing in our context)
	152	*/
	153	devfs_make_node(makedev (ret, 1), DEVFS_CHAR,
55e303ae A	154	UID_ROOT, GID_WHEEL, 0666, "urandom", 0);
	155	}
	156
	157	int
	158	random_ioctl(dev, cmd, data, flag, p)
	159	dev_t dev;
	160	u_long cmd;
	161	caddr_t data;
	162	int flag;
	163	struct proc *p;
	164	{
	165	switch (cmd) {
	166	case FIONBIO:
	167	case FIOASYNC:
	168	break;
	169	default:
	170	return ENODEV;
	171	}
	172
	173	return (0);
0b4e3aa0 A	174	}
	175
	176	/*
	177	* Open the device. Make sure init happened, and make sure the caller is
	178	* authorized.
	179	*/
	180
	181	int
	182	random_open(dev_t dev, int flags, int devtype, struct proc *p)
	183	{
	184	if (gRandomError != 0) {
	185	/* forget it, yarrow didn't come up */
	186	return (ENOTSUP);
	187	}
	188
	189	/*
	190	* if we are being opened for write,
	191	* make sure that we have privledges do so
	192	*/
	193	if (flags & FWRITE) {
	194	if (securelevel >= 2)
	195	return (EPERM);
55e303ae	196	#ifndef __APPLE__
0b4e3aa0 A	197	if ((securelevel >= 1) && suser(p->p_ucred, &p->p_acflag))
0b4e3aa0 A	198	return (EPERM);
55e303ae	199	#endif /* !__APPLE__ */
0b4e3aa0 A	200	}
	201
	202	return (0);
	203	}
	204
	205
	206	/*
	207	* close the device.
	208	*/
	209
	210	int
	211	random_close(dev_t dev, int flags, int mode, struct proc *p)
	212	{
	213	return (0);
	214	}
	215
	216
	217	/*
	218	* Get entropic data from the Security Server, and use it to reseed the
	219	* prng.
	220	*/
	221	int
	222	random_write (dev_t dev, struct uio *uio, int ioflag)
	223	{
	224	int retCode = 0;
	225	char rdBuffer[256];
	226
	227	if (gRandomError != 0) {
	228	return (ENOTSUP);
	229	}
	230
	231	/* get control of the Yarrow instance, Yarrow is NOT thread safe */
	232	mutex_lock(gYarrowMutex);
	233
	234	/* Security server is sending us entropy */
	235
	236	while (uio->uio_resid > 0 && retCode == 0) {
	237	/* get the user's data */
	238	int bytesToInput = min(uio->uio_resid, sizeof (rdBuffer));
	239	retCode = uiomove(rdBuffer, bytesToInput, uio);
	240	if (retCode != 0)
	241	goto /ugh/ error_exit;
	242
	243	/* put it in Yarrow */
	244	if (prngInput(gPrngRef, (BYTE*) rdBuffer,
	245	sizeof (rdBuffer), SYSTEM_SOURCE,
	246	sizeof (rdBuffer) * 8) != 0) {
	247	retCode = EIO;
	248	goto error_exit;
	249	}
	250	}
	251
	252	/* force a reseed */
	253	if (prngForceReseed(gPrngRef, RESEED_TICKS) != 0) {
	254	retCode = EIO;
	255	goto error_exit;
	256	}
	257
	258	/* retCode should be 0 at this point */
	259
	260	error_exit: /* do this to make sure the mutex unlocks. */
	261	mutex_unlock(gYarrowMutex);
	262	return (retCode);
	263	}
264
265	/*
266	* return data to the caller. Results unpredictable.
267	*/
268	int
269	random_read(dev_t dev, struct uio *uio, int ioflag)
270	{
271	int retCode = 0;
272	char wrBuffer[512];
273
274	if (gRandomError != 0)
275	return (ENOTSUP);
276
277	/* lock down the mutex */
278	mutex_lock(gYarrowMutex);
279
280	while (uio->uio_resid > 0 && retCode == 0) {
281	/* get the user's data */
282	int bytesToRead = min(uio->uio_resid, sizeof (wrBuffer));
283
284	/* get the data from Yarrow */
285	if (prngOutput(gPrngRef, (BYTE *) wrBuffer, sizeof (wrBuffer)) != 0) {
286	printf ("Couldn't read data from Yarrow.\n");
287
288	/* something's really weird */
289	retCode = EIO;
290	goto error_exit;
291	}
292
293	retCode = uiomove(wrBuffer, bytesToRead, uio);
294
295	if (retCode != 0)
296	goto error_exit;
297	}
298
299	retCode = 0;
300
301	error_exit:
302	mutex_unlock(gYarrowMutex);
303	return retCode;
304	}
305
306	/* export good random numbers to the rest of the kernel */
307	void
308	read_random(void* buffer, u_int numbytes)
309	{
310	if (gYarrowMutex == 0) { /* are we initialized? */
311	PreliminarySetup ();
312	}
313
314	mutex_lock(gYarrowMutex);
315	prngOutput(gPrngRef, (BYTE *) buffer, numbytes);
316	mutex_unlock(gYarrowMutex);
317	}
318
319	/*
320	* Return an unsigned long pseudo-random number.
321	*/
322	u_long
323	RandomULong()
324	{
325	u_long buf;
326	read_random(&buf, sizeof (buf));
327	return (buf);
328	}
329