bsd/dev/random/randomdev.c

   1 /*
   2  * Copyright (c) 1999, 2000-2003 Apple Computer, Inc. All rights reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * Copyright (c) 1999-2003 Apple Computer, Inc.  All Rights Reserved.
   7  *
   8  * This file contains Original Code and/or Modifications of Original Code
   9  * as defined in and that are subject to the Apple Public Source License
  10  * Version 2.0 (the 'License'). You may not use this file except in
  11  * compliance with the License. Please obtain a copy of the License at
  12  * http://www.opensource.apple.com/apsl/ and read it before using this
  13  * file.
  14  *
  15  * The Original Code and all software distributed under the License are
  16  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  17  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  18  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  19  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  20  * Please see the License for the specific language governing rights and
  21  * limitations under the License.
  22  *
  23  * @APPLE_LICENSE_HEADER_END@
  24  */
  25
  26 #include <sys/param.h>
  27 #include <sys/systm.h>
  28 #include <sys/proc.h>
  29 #include <sys/errno.h>
  30 #include <sys/ioctl.h>
  31 #include <sys/conf.h>
  32 #include <sys/fcntl.h>
  33 #include <miscfs/devfs/devfs.h>
  34 #include <kern/lock.h>
  35 #include <sys/time.h>
  36 #include <sys/malloc.h>
  37
  38 #include <dev/random/randomdev.h>
  39 #include <dev/random/YarrowCoreLib/include/yarrow.h>
  40
  41 #define RANDOM_MAJOR  -1 /* let the kernel pick the device number */
  42
  43 d_ioctl_t       random_ioctl;
  44
  45 /*
  46  * A struct describing which functions will get invoked for certain
  47  * actions.
  48  */
  49 static struct cdevsw random_cdevsw =
  50 {
  51         random_open,            /* open */
  52         random_close,           /* close */
  53         random_read,            /* read */
  54         random_write,           /* write */
  55         random_ioctl,                   /* ioctl */
  56         nulldev,                        /* stop */
  57         nulldev,                        /* reset */
  58         NULL,                           /* tty's */
  59         eno_select,                     /* select */
  60         eno_mmap,                       /* mmap */
  61         eno_strat,                      /* strategy */
  62         eno_getc,                       /* getc */
  63         eno_putc,                       /* putc */
  64         0                                       /* type */
  65 };
  66
  67 /* Used to detect whether we've already been initialized */
  68 static int gRandomInstalled = 0;
  69 static PrngRef gPrngRef;
  70 static int gRandomError = 1;
  71 static mutex_t *gYarrowMutex = 0;
  72
  73 #define RESEED_TICKS 50 /* how long a reseed operation can take */
  74
  75 /*
  76  *Initialize ONLY the Yarrow generator.
  77  */
  78 void PreliminarySetup ()
  79 {
  80     prng_error_status perr;
  81     struct timeval tt;
  82     char buffer [16];
  83
  84     /* create a Yarrow object */
  85     perr = prngInitialize(&gPrngRef);
  86     if (perr != 0) {
  87         printf ("Couldn't initialize Yarrow, /dev/random will not work.\n");
  88         return;
  89     }
  90
  91         /* clear the error flag, reads and write should then work */
  92     gRandomError = 0;
  93
  94     /* get a little non-deterministic data as an initial seed. */
  95     microtime(&tt);
  96
  97     /*
  98          * So how much of the system clock is entropic?
  99          * It's hard to say, but assume that at least the
 100          * least significant byte of a 64 bit structure
 101          * is entropic.  It's probably more, how can you figure
 102          * the exact time the user turned the computer on, for example.
 103     */
 104     perr = prngInput(gPrngRef, (BYTE*) &tt, sizeof (tt), SYSTEM_SOURCE, 8);
 105     if (perr != 0) {
 106         /* an error, complain */
 107         printf ("Couldn't seed Yarrow.\n");
 108         return;
 109     }
 110
 111     /* turn the data around */
 112     perr = prngOutput(gPrngRef, (BYTE*) buffer, sizeof (buffer));
 113
 114     /* and scramble it some more */
 115     perr = prngForceReseed(gPrngRef, RESEED_TICKS);
 116
 117     /* make a mutex to control access */
 118     gYarrowMutex = mutex_alloc(0);
 119 }
 120
 121 /*
 122  * Called to initialize our device,
 123  * and to register ourselves with devfs
 124  */
 125 void
 126 random_init()
 127 {
 128         int ret;
 129
 130         if (gRandomInstalled)
 131                 return;
 132
 133         /* install us in the file system */
 134         gRandomInstalled = 1;
 135
 136         /* setup yarrow and the mutex */
 137         PreliminarySetup();
 138
 139         ret = cdevsw_add(RANDOM_MAJOR, &random_cdevsw);
 140         if (ret < 0) {
 141                 printf("random_init: failed to allocate a major number!\n");
 142                 gRandomInstalled = 0;
 143                 return;
 144         }
 145
 146         devfs_make_node(makedev (ret, 0), DEVFS_CHAR,
 147                 UID_ROOT, GID_WHEEL, 0666, "random", 0);
 148
 149         /*
 150          * also make urandom
 151          * (which is exactly the same thing in our context)
 152          */
 153         devfs_make_node(makedev (ret, 1), DEVFS_CHAR,
 154                 UID_ROOT, GID_WHEEL, 0666, "urandom", 0);
 155 }
 156
 157 int
 158 random_ioctl(dev, cmd, data, flag, p)
 159         dev_t dev;
 160         u_long cmd;
 161         caddr_t data;
 162         int flag;
 163         struct proc *p;
 164 {
 165         switch (cmd) {
 166         case FIONBIO:
 167         case FIOASYNC:
 168                 break;
 169         default:
 170                 return ENODEV;
 171         }
 172
 173         return (0);
 174 }
 175
 176 /*
 177  * Open the device.  Make sure init happened, and make sure the caller is
 178  * authorized.
 179  */
 180
 181 int
 182 random_open(dev_t dev, int flags, int devtype, struct proc *p)
 183 {
 184         if (gRandomError != 0) {
 185                 /* forget it, yarrow didn't come up */
 186                 return (ENOTSUP);
 187         }
 188
 189         /*
 190          * if we are being opened for write,
 191          * make sure that we have privledges do so
 192          */
 193         if (flags & FWRITE) {
 194                 if (securelevel >= 2)
 195                         return (EPERM);
 196 #ifndef __APPLE__
 197                 if ((securelevel >= 1) && suser(p->p_ucred, &p->p_acflag))
 198                         return (EPERM);
 199 #endif  /* !__APPLE__ */
 200         }
 201
 202         return (0);
 203 }
 204
 205
 206 /*
 207  * close the device.
 208  */
 209
 210 int
 211 random_close(dev_t dev, int flags, int mode, struct proc *p)
 212 {
 213         return (0);
 214 }
 215
 216
 217 /*
 218  * Get entropic data from the Security Server, and use it to reseed the
 219  * prng.
 220  */
 221 int
 222 random_write (dev_t dev, struct uio *uio, int ioflag)
 223 {
 224     int retCode = 0;
 225     char rdBuffer[256];
 226
 227     if (gRandomError != 0) {
 228         return (ENOTSUP);
 229     }
 230
 231     /* get control of the Yarrow instance, Yarrow is NOT thread safe */
 232     mutex_lock(gYarrowMutex);
 233
 234     /* Security server is sending us entropy */
 235
 236     while (uio->uio_resid > 0 && retCode == 0) {
 237         /* get the user's data */
 238         int bytesToInput = min(uio->uio_resid, sizeof (rdBuffer));
 239         retCode = uiomove(rdBuffer, bytesToInput, uio);
 240         if (retCode != 0)
 241             goto /*ugh*/ error_exit;
 242
 243         /* put it in Yarrow */
 244         if (prngInput(gPrngRef, (BYTE*) rdBuffer,
 245                         sizeof (rdBuffer), SYSTEM_SOURCE,
 246                 sizeof (rdBuffer) * 8) != 0) {
 247             retCode = EIO;
 248             goto error_exit;
 249         }
 250     }
 251
 252     /* force a reseed */
 253     if (prngForceReseed(gPrngRef, RESEED_TICKS) != 0) {
 254         retCode = EIO;
 255         goto error_exit;
 256     }
 257
 258     /* retCode should be 0 at this point */
 259
 260 error_exit: /* do this to make sure the mutex unlocks. */
 261     mutex_unlock(gYarrowMutex);
 262     return (retCode);
 263 }
 264
 265 /*
 266  * return data to the caller.  Results unpredictable.
 267  */
 268 int
 269 random_read(dev_t dev, struct uio *uio, int ioflag)
 270 {
 271     int retCode = 0;
 272     char wrBuffer[512];
 273
 274     if (gRandomError != 0)
 275         return (ENOTSUP);
 276
 277    /* lock down the mutex */
 278     mutex_lock(gYarrowMutex);
 279
 280     while (uio->uio_resid > 0 && retCode == 0) {
 281         /* get the user's data */
 282         int bytesToRead = min(uio->uio_resid, sizeof (wrBuffer));
 283
 284         /* get the data from Yarrow */
 285         if (prngOutput(gPrngRef, (BYTE *) wrBuffer, sizeof (wrBuffer)) != 0) {
 286             printf ("Couldn't read data from Yarrow.\n");
 287
 288             /* something's really weird */
 289             retCode = EIO;
 290             goto error_exit;
 291         }
 292
 293         retCode = uiomove(wrBuffer, bytesToRead, uio);
 294
 295         if (retCode != 0)
 296             goto error_exit;
 297     }
 298
 299     retCode = 0;
 300
 301 error_exit:
 302     mutex_unlock(gYarrowMutex);
 303     return retCode;
 304 }
 305
 306 /* export good random numbers to the rest of the kernel */
 307 void
 308 read_random(void* buffer, u_int numbytes)
 309 {
 310     if (gYarrowMutex == 0) { /* are we initialized? */
 311         PreliminarySetup ();
 312     }
 313
 314     mutex_lock(gYarrowMutex);
 315     prngOutput(gPrngRef, (BYTE *) buffer, numbytes);
 316     mutex_unlock(gYarrowMutex);
 317 }
 318
 319 /*
 320  * Return an unsigned long pseudo-random number.
 321  */
 322 u_long
 323 RandomULong()
 324 {
 325         u_long buf;
 326         read_random(&buf, sizeof (buf));
 327         return (buf);
 328 }
 329