bsd/dev/random/randomdev.c

   1 /*
   2  * Copyright (c) 1999, 2000-2002 Apple Computer, Inc. All rights reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * Copyright (c) 1999-2003 Apple Computer, Inc.  All Rights Reserved.
   7  *
   8  * This file contains Original Code and/or Modifications of Original Code
   9  * as defined in and that are subject to the Apple Public Source License
  10  * Version 2.0 (the 'License'). You may not use this file except in
  11  * compliance with the License. Please obtain a copy of the License at
  12  * http://www.opensource.apple.com/apsl/ and read it before using this
  13  * file.
  14  *
  15  * The Original Code and all software distributed under the License are
  16  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  17  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  18  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  19  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  20  * Please see the License for the specific language governing rights and
  21  * limitations under the License.
  22  *
  23  * @APPLE_LICENSE_HEADER_END@
  24  */
  25
  26 #include <sys/param.h>
  27 #include <sys/systm.h>
  28 #include <sys/proc.h>
  29 #include <sys/errno.h>
  30 #include <sys/ioctl.h>
  31 #include <sys/conf.h>
  32 #include <sys/fcntl.h>
  33 #include <miscfs/devfs/devfs.h>
  34 #include <kern/lock.h>
  35 #include <sys/time.h>
  36 #include <sys/malloc.h>
  37
  38 #include <dev/random/randomdev.h>
  39 #include <dev/random/YarrowCoreLib/include/yarrow.h>
  40
  41 #define RANDOM_MAJOR  -1 /* let the kernel pick the device number */
  42
  43 /*
  44  * A struct describing which functions will get invoked for certain
  45  * actions.
  46  */
  47 static struct cdevsw random_cdevsw =
  48 {
  49         random_open,            /* open */
  50         random_close,           /* close */
  51         random_read,            /* read */
  52         random_write,           /* write */
  53         eno_ioctl,                      /* ioctl */
  54         nulldev,                        /* stop */
  55         nulldev,                        /* reset */
  56         NULL,                           /* tty's */
  57         eno_select,                     /* select */
  58         eno_mmap,                       /* mmap */
  59         eno_strat,                      /* strategy */
  60         eno_getc,                       /* getc */
  61         eno_putc,                       /* putc */
  62         0                                       /* type */
  63 };
  64
  65 /* Used to detect whether we've already been initialized */
  66 static int gRandomInstalled = 0;
  67 static PrngRef gPrngRef;
  68 static int gRandomError = 1;
  69 static mutex_t *gYarrowMutex = 0;
  70
  71 #define RESEED_TICKS 50 /* how long a reseed operation can take */
  72
  73 /*
  74  *Initialize ONLY the Yarrow generator.
  75  */
  76 void PreliminarySetup ()
  77 {
  78     prng_error_status perr;
  79     struct timeval tt;
  80     char buffer [16];
  81
  82     /* create a Yarrow object */
  83     perr = prngInitialize(&gPrngRef);
  84     if (perr != 0) {
  85         printf ("Couldn't initialize Yarrow, /dev/random will not work.\n");
  86         return;
  87     }
  88
  89         /* clear the error flag, reads and write should then work */
  90     gRandomError = 0;
  91
  92     /* get a little non-deterministic data as an initial seed. */
  93     microtime(&tt);
  94
  95     /*
  96          * So how much of the system clock is entropic?
  97          * It's hard to say, but assume that at least the
  98          * least significant byte of a 64 bit structure
  99          * is entropic.  It's probably more, how can you figure
 100          * the exact time the user turned the computer on, for example.
 101     */
 102     perr = prngInput(gPrngRef, (BYTE*) &tt, sizeof (tt), SYSTEM_SOURCE, 8);
 103     if (perr != 0) {
 104         /* an error, complain */
 105         printf ("Couldn't seed Yarrow.\n");
 106         return;
 107     }
 108
 109     /* turn the data around */
 110     perr = prngOutput(gPrngRef, (BYTE*) buffer, sizeof (buffer));
 111
 112     /* and scramble it some more */
 113     perr = prngForceReseed(gPrngRef, RESEED_TICKS);
 114
 115     /* make a mutex to control access */
 116     gYarrowMutex = mutex_alloc(0);
 117 }
 118
 119 /*
 120  * Called to initialize our device,
 121  * and to register ourselves with devfs
 122  */
 123 void
 124 random_init()
 125 {
 126         int ret;
 127
 128         if (gRandomInstalled)
 129                 return;
 130
 131         /* install us in the file system */
 132         gRandomInstalled = 1;
 133
 134         /* setup yarrow and the mutex */
 135         PreliminarySetup();
 136
 137         ret = cdevsw_add(RANDOM_MAJOR, &random_cdevsw);
 138         if (ret < 0) {
 139                 printf("random_init: failed to allocate a major number!\n");
 140                 gRandomInstalled = 0;
 141                 return;
 142         }
 143
 144         devfs_make_node(makedev (ret, 0), DEVFS_CHAR,
 145                 UID_ROOT, GID_WHEEL, 0644, "random", 0);
 146
 147         /*
 148          * also make urandom
 149          * (which is exactly the same thing in our context)
 150          */
 151         devfs_make_node(makedev (ret, 1), DEVFS_CHAR,
 152                 UID_ROOT, GID_WHEEL, 0644, "urandom", 0);
 153 }
 154
 155 /*
 156  * Open the device.  Make sure init happened, and make sure the caller is
 157  * authorized.
 158  */
 159
 160 int
 161 random_open(dev_t dev, int flags, int devtype, struct proc *p)
 162 {
 163         if (gRandomError != 0) {
 164                 /* forget it, yarrow didn't come up */
 165                 return (ENOTSUP);
 166         }
 167
 168         /*
 169          * if we are being opened for write,
 170          * make sure that we have privledges do so
 171          */
 172         if (flags & FWRITE) {
 173                 if (securelevel >= 2)
 174                         return (EPERM);
 175                 if ((securelevel >= 1) && suser(p->p_ucred, &p->p_acflag))
 176                         return (EPERM);
 177         }
 178
 179         return (0);
 180 }
 181
 182
 183 /*
 184  * close the device.
 185  */
 186
 187 int
 188 random_close(dev_t dev, int flags, int mode, struct proc *p)
 189 {
 190         return (0);
 191 }
 192
 193
 194 /*
 195  * Get entropic data from the Security Server, and use it to reseed the
 196  * prng.
 197  */
 198 int
 199 random_write (dev_t dev, struct uio *uio, int ioflag)
 200 {
 201     int retCode = 0;
 202     char rdBuffer[256];
 203
 204     if (gRandomError != 0) {
 205         return (ENOTSUP);
 206     }
 207
 208     /* get control of the Yarrow instance, Yarrow is NOT thread safe */
 209     mutex_lock(gYarrowMutex);
 210
 211     /* Security server is sending us entropy */
 212
 213     while (uio->uio_resid > 0 && retCode == 0) {
 214         /* get the user's data */
 215         int bytesToInput = min(uio->uio_resid, sizeof (rdBuffer));
 216         retCode = uiomove(rdBuffer, bytesToInput, uio);
 217         if (retCode != 0)
 218             goto /*ugh*/ error_exit;
 219
 220         /* put it in Yarrow */
 221         if (prngInput(gPrngRef, (BYTE*) rdBuffer,
 222                         sizeof (rdBuffer), SYSTEM_SOURCE,
 223                 sizeof (rdBuffer) * 8) != 0) {
 224             retCode = EIO;
 225             goto error_exit;
 226         }
 227     }
 228
 229     /* force a reseed */
 230     if (prngForceReseed(gPrngRef, RESEED_TICKS) != 0) {
 231         retCode = EIO;
 232         goto error_exit;
 233     }
 234
 235     /* retCode should be 0 at this point */
 236
 237 error_exit: /* do this to make sure the mutex unlocks. */
 238     mutex_unlock(gYarrowMutex);
 239     return (retCode);
 240 }
 241
 242 /*
 243  * return data to the caller.  Results unpredictable.
 244  */
 245 int
 246 random_read(dev_t dev, struct uio *uio, int ioflag)
 247 {
 248     int retCode = 0;
 249     char wrBuffer[512];
 250
 251     if (gRandomError != 0)
 252         return (ENOTSUP);
 253
 254    /* lock down the mutex */
 255     mutex_lock(gYarrowMutex);
 256
 257     while (uio->uio_resid > 0 && retCode == 0) {
 258         /* get the user's data */
 259         int bytesToRead = min(uio->uio_resid, sizeof (wrBuffer));
 260
 261         /* get the data from Yarrow */
 262         if (prngOutput(gPrngRef, (BYTE *) wrBuffer, sizeof (wrBuffer)) != 0) {
 263             printf ("Couldn't read data from Yarrow.\n");
 264
 265             /* something's really weird */
 266             retCode = EIO;
 267             goto error_exit;
 268         }
 269
 270         retCode = uiomove(wrBuffer, bytesToRead, uio);
 271
 272         if (retCode != 0)
 273             goto error_exit;
 274     }
 275
 276     retCode = 0;
 277
 278 error_exit:
 279     mutex_unlock(gYarrowMutex);
 280     return retCode;
 281 }
 282
 283 /* export good random numbers to the rest of the kernel */
 284 void
 285 read_random(void* buffer, u_int numbytes)
 286 {
 287     if (gYarrowMutex == 0) { /* are we initialized? */
 288         PreliminarySetup ();
 289     }
 290
 291     mutex_lock(gYarrowMutex);
 292     prngOutput(gPrngRef, (BYTE *) buffer, numbytes);
 293     mutex_unlock(gYarrowMutex);
 294 }
 295
 296 /*
 297  * Return an unsigned long pseudo-random number.
 298  */
 299 u_long
 300 RandomULong()
 301 {
 302         u_long buf;
 303         read_random(&buf, sizeof (buf));
 304         return (buf);
 305 }
 306