0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * Copyright (C) 2000-2002, 2004, 2007, 2009, 2013, 2016 Internet Systems Consortium, Inc. ("ISC")
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * This Source Code Form is subject to the terms of the Mozilla Public
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * License, v. 2.0. If a copy of the MPL was not distributed with this
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * file, You can obtain one at http://mozilla.org/MPL/2.0/.
9a14f870ddc0108402d2daa7a7ff84b6e20f08b4Automatic Updater/* $Id: entropy.c,v 1.10 2009/01/18 23:48:14 tbox Exp $ */
1016f2638f8a34a802ce41043d5369553ac14246Francis Dupont * This is the system dependent part of the ISC entropy API.
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence * There is only one variable in the entropy data structures that is not
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence * system independent, but pulling the structure that uses it into this file
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence * ultimately means pulling several other independent structures here also to
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence * resolve their interdependencies. Thus only the problem variable's type
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence * is defined here.
945cb085b859dbfc6a883813dda03c83e06995d3Mark Andrewstypedef struct {
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrencestatic unsigned int
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrenceget_from_filesource(isc_entropysource_t *source, isc_uint32_t desired) {
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence HCRYPTPROV hcryptprov = source->sources.file.handle;
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence desired = desired / 8 + (((desired & 0x07) > 0) ? 1 : 0);
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews if (!CryptGenRandom(hcryptprov, (DWORD)ndesired, buf)) {
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews (unsigned int)ndesired,
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence * Poll each source, trying to get data from it to stuff into the entropy
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrencefillpool(isc_entropy_t *ent, unsigned int desired, isc_boolean_t blocking) {
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence * This logic is a little strange, so an explanation is in order.
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence * If needed is 0, it means we are being asked to "fill to whatever
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence * we think is best." This means that if we have at least a
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence * partially full pool (say, > 1/4th of the pool) we probably don't
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence * need to add anything.
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence * Also, we will check to see if the "pseudo" count is too high.
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence * If it is, try to mix in better data. Too high is currently
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence * defined as 1/4th of the pool.
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence * Next, if we are asked to add a specific bit of entropy, make
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence * certain that we will do so. Clamp how much we try to add to
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence * (DIGEST_SIZE * 8 < needed < POOLBITS - entropy).
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence * Note that if we are in a blocking mode, we will only try to
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence * get as much data as we need, not as much as we might want
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence * to build up.
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence * In any case, clamp how much we need to how much we can add.
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence needed = ISC_MIN(needed, RND_POOLBITS - ent->pool.entropy);
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence * But wait! If we're not yet initialized, we need at least
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence * THRESHOLD_BITS
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence * of randomness.
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence needed = ISC_MAX(needed, THRESHOLD_BITS - ent->initialized);
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence * Poll each file source to see if we can read anything useful from
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence * it. XXXMLG When where are multiple sources, we should keep a
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence * record of which one we last used so we can start from it (or the
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence * next one) to avoid letting some sources build up entropy while
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence * others are always drained.
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence ent->nextsource = ISC_LIST_HEAD(ent->sources);
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence * Remember the first source so we can break if we have looped back to
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence * the beginning and still have nothing
f1b68725503ff3e46001eee5a1751e29a43a09d1Andreas Gustafsson for (nsource = 0; nsource < ent->nsources; nsource++) {
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence got = get_from_filesource(source, remaining);
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence * Go again only if there's been progress and we've not
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence * gone back to the beginning
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence if (!(ent->nextsource == firstsource && added == 0)) {
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence * Here, if there are bits remaining to be had and we can block,
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence * check to see if we have a callback source. If so, call them.
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence while ((remaining != 0) && (source != NULL)) {
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence if (source->type == ENTROPY_SOURCETYPE_CALLBACK)
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence got = get_from_callback(source, remaining, blocking);
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence * Mark as initialized if we've added enough data.
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence * Requires "ent" be locked.
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrencedestroyfilesource(isc_entropyfilesource_t *source) {
945cb085b859dbfc6a883813dda03c83e06995d3Mark Andrewsdestroyusocketsource(isc_entropyusocketsource_t *source) {
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrenceisc_entropy_createfilesource(isc_entropy_t *ent, const char *fname) {
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence * The first time we just try to acquire the context
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence err = CryptAcquireContext(&hcryptprov, NULL, NULL, PROV_RSA_FULL,
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence source = isc_mem_get(ent->mctx, sizeof(isc_entropysource_t));
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence * From here down, no failures can occur.
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence memset(source->name, 0, sizeof(source->name));
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence * Hook it into the entropy system.