bsd/dev/random/randomdev.c

   1 /*
   2  * Copyright (c) 1999, 2000-2003 Apple Computer, Inc. All rights reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * The contents of this file constitute Original Code as defined in and
   7  * are subject to the Apple Public Source License Version 1.1 (the
   8  * "License").  You may not use this file except in compliance with the
   9  * License.  Please obtain a copy of the License at
  10  * http://www.apple.com/publicsource and read it before using this file.
  11  *
  12  * This Original Code and all software distributed under the License are
  13  * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  14  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  15  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  16  * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT.  Please see the
  17  * License for the specific language governing rights and limitations
  18  * under the License.
  19  *
  20  * @APPLE_LICENSE_HEADER_END@
  21  */
  22
  23 #include <sys/param.h>
  24 #include <sys/systm.h>
  25 #include <sys/proc.h>
  26 #include <sys/errno.h>
  27 #include <sys/ioctl.h>
  28 #include <sys/conf.h>
  29 #include <sys/fcntl.h>
  30 #include <miscfs/devfs/devfs.h>
  31 #include <kern/lock.h>
  32 #include <sys/time.h>
  33 #include <sys/malloc.h>
  34
  35 #include <dev/random/randomdev.h>
  36 #include <dev/random/YarrowCoreLib/include/yarrow.h>
  37
  38 #define RANDOM_MAJOR  -1 /* let the kernel pick the device number */
  39
  40 d_ioctl_t       random_ioctl;
  41
  42 /*
  43  * A struct describing which functions will get invoked for certain
  44  * actions.
  45  */
  46 static struct cdevsw random_cdevsw =
  47 {
  48         random_open,            /* open */
  49         random_close,           /* close */
  50         random_read,            /* read */
  51         random_write,           /* write */
  52         random_ioctl,                   /* ioctl */
  53         nulldev,                        /* stop */
  54         nulldev,                        /* reset */
  55         NULL,                           /* tty's */
  56         eno_select,                     /* select */
  57         eno_mmap,                       /* mmap */
  58         eno_strat,                      /* strategy */
  59         eno_getc,                       /* getc */
  60         eno_putc,                       /* putc */
  61         0                                       /* type */
  62 };
  63
  64 /* Used to detect whether we've already been initialized */
  65 static int gRandomInstalled = 0;
  66 static PrngRef gPrngRef;
  67 static int gRandomError = 1;
  68 static mutex_t *gYarrowMutex = 0;
  69
  70 #define RESEED_TICKS 50 /* how long a reseed operation can take */
  71
  72 /*
  73  *Initialize ONLY the Yarrow generator.
  74  */
  75 void PreliminarySetup ()
  76 {
  77     prng_error_status perr;
  78     struct timeval tt;
  79     char buffer [16];
  80
  81     /* create a Yarrow object */
  82     perr = prngInitialize(&gPrngRef);
  83     if (perr != 0) {
  84         printf ("Couldn't initialize Yarrow, /dev/random will not work.\n");
  85         return;
  86     }
  87
  88         /* clear the error flag, reads and write should then work */
  89     gRandomError = 0;
  90
  91     /* get a little non-deterministic data as an initial seed. */
  92     microtime(&tt);
  93
  94     /*
  95          * So how much of the system clock is entropic?
  96          * It's hard to say, but assume that at least the
  97          * least significant byte of a 64 bit structure
  98          * is entropic.  It's probably more, how can you figure
  99          * the exact time the user turned the computer on, for example.
 100     */
 101     perr = prngInput(gPrngRef, (BYTE*) &tt, sizeof (tt), SYSTEM_SOURCE, 8);
 102     if (perr != 0) {
 103         /* an error, complain */
 104         printf ("Couldn't seed Yarrow.\n");
 105         return;
 106     }
 107
 108     /* turn the data around */
 109     perr = prngOutput(gPrngRef, (BYTE*) buffer, sizeof (buffer));
 110
 111     /* and scramble it some more */
 112     perr = prngForceReseed(gPrngRef, RESEED_TICKS);
 113
 114     /* make a mutex to control access */
 115     gYarrowMutex = mutex_alloc(0);
 116 }
 117
 118 /*
 119  * Called to initialize our device,
 120  * and to register ourselves with devfs
 121  */
 122 void
 123 random_init()
 124 {
 125         int ret;
 126
 127         if (gRandomInstalled)
 128                 return;
 129
 130         /* install us in the file system */
 131         gRandomInstalled = 1;
 132
 133         /* setup yarrow and the mutex */
 134         PreliminarySetup();
 135
 136         ret = cdevsw_add(RANDOM_MAJOR, &random_cdevsw);
 137         if (ret < 0) {
 138                 printf("random_init: failed to allocate a major number!\n");
 139                 gRandomInstalled = 0;
 140                 return;
 141         }
 142
 143         devfs_make_node(makedev (ret, 0), DEVFS_CHAR,
 144                 UID_ROOT, GID_WHEEL, 0666, "random", 0);
 145
 146         /*
 147          * also make urandom
 148          * (which is exactly the same thing in our context)
 149          */
 150         devfs_make_node(makedev (ret, 1), DEVFS_CHAR,
 151                 UID_ROOT, GID_WHEEL, 0666, "urandom", 0);
 152 }
 153
 154 int
 155 random_ioctl(dev, cmd, data, flag, p)
 156         dev_t dev;
 157         u_long cmd;
 158         caddr_t data;
 159         int flag;
 160         struct proc *p;
 161 {
 162         switch (cmd) {
 163         case FIONBIO:
 164         case FIOASYNC:
 165                 break;
 166         default:
 167                 return ENODEV;
 168         }
 169
 170         return (0);
 171 }
 172
 173 /*
 174  * Open the device.  Make sure init happened, and make sure the caller is
 175  * authorized.
 176  */
 177
 178 int
 179 random_open(dev_t dev, int flags, int devtype, struct proc *p)
 180 {
 181         if (gRandomError != 0) {
 182                 /* forget it, yarrow didn't come up */
 183                 return (ENOTSUP);
 184         }
 185
 186         /*
 187          * if we are being opened for write,
 188          * make sure that we have privledges do so
 189          */
 190         if (flags & FWRITE) {
 191                 if (securelevel >= 2)
 192                         return (EPERM);
 193 #ifndef __APPLE__
 194                 if ((securelevel >= 1) && suser(p->p_ucred, &p->p_acflag))
 195                         return (EPERM);
 196 #endif  /* !__APPLE__ */
 197         }
 198
 199         return (0);
 200 }
 201
 202
 203 /*
 204  * close the device.
 205  */
 206
 207 int
 208 random_close(dev_t dev, int flags, int mode, struct proc *p)
 209 {
 210         return (0);
 211 }
 212
 213
 214 /*
 215  * Get entropic data from the Security Server, and use it to reseed the
 216  * prng.
 217  */
 218 int
 219 random_write (dev_t dev, struct uio *uio, int ioflag)
 220 {
 221     int retCode = 0;
 222     char rdBuffer[256];
 223
 224     if (gRandomError != 0) {
 225         return (ENOTSUP);
 226     }
 227
 228     /* get control of the Yarrow instance, Yarrow is NOT thread safe */
 229     mutex_lock(gYarrowMutex);
 230
 231     /* Security server is sending us entropy */
 232
 233     while (uio->uio_resid > 0 && retCode == 0) {
 234         /* get the user's data */
 235         int bytesToInput = min(uio->uio_resid, sizeof (rdBuffer));
 236         retCode = uiomove(rdBuffer, bytesToInput, uio);
 237         if (retCode != 0)
 238             goto /*ugh*/ error_exit;
 239
 240         /* put it in Yarrow */
 241         if (prngInput(gPrngRef, (BYTE*) rdBuffer,
 242                         sizeof (rdBuffer), SYSTEM_SOURCE,
 243                 sizeof (rdBuffer) * 8) != 0) {
 244             retCode = EIO;
 245             goto error_exit;
 246         }
 247     }
 248
 249     /* force a reseed */
 250     if (prngForceReseed(gPrngRef, RESEED_TICKS) != 0) {
 251         retCode = EIO;
 252         goto error_exit;
 253     }
 254
 255     /* retCode should be 0 at this point */
 256
 257 error_exit: /* do this to make sure the mutex unlocks. */
 258     mutex_unlock(gYarrowMutex);
 259     return (retCode);
 260 }
 261
 262 /*
 263  * return data to the caller.  Results unpredictable.
 264  */
 265 int
 266 random_read(dev_t dev, struct uio *uio, int ioflag)
 267 {
 268     int retCode = 0;
 269     char wrBuffer[512];
 270
 271     if (gRandomError != 0)
 272         return (ENOTSUP);
 273
 274    /* lock down the mutex */
 275     mutex_lock(gYarrowMutex);
 276
 277     while (uio->uio_resid > 0 && retCode == 0) {
 278         /* get the user's data */
 279         int bytesToRead = min(uio->uio_resid, sizeof (wrBuffer));
 280
 281         /* get the data from Yarrow */
 282         if (prngOutput(gPrngRef, (BYTE *) wrBuffer, sizeof (wrBuffer)) != 0) {
 283             printf ("Couldn't read data from Yarrow.\n");
 284
 285             /* something's really weird */
 286             retCode = EIO;
 287             goto error_exit;
 288         }
 289
 290         retCode = uiomove(wrBuffer, bytesToRead, uio);
 291
 292         if (retCode != 0)
 293             goto error_exit;
 294     }
 295
 296     retCode = 0;
 297
 298 error_exit:
 299     mutex_unlock(gYarrowMutex);
 300     return retCode;
 301 }
 302
 303 /* export good random numbers to the rest of the kernel */
 304 void
 305 read_random(void* buffer, u_int numbytes)
 306 {
 307     if (gYarrowMutex == 0) { /* are we initialized? */
 308         PreliminarySetup ();
 309     }
 310
 311     mutex_lock(gYarrowMutex);
 312     prngOutput(gPrngRef, (BYTE *) buffer, numbytes);
 313     mutex_unlock(gYarrowMutex);
 314 }
 315
 316 /*
 317  * Return an unsigned long pseudo-random number.
 318  */
 319 u_long
 320 RandomULong()
 321 {
 322         u_long buf;
 323         read_random(&buf, sizeof (buf));
 324         return (buf);
 325 }
 326