isc/win32/entropy.c

	entropy.c revision 0c27b3fe77ac1d5094ba3521e8142d9e7973133f
/*
 * Copyright (C) 2000-2002, 2004, 2007, 2009, 2013, 2016  Internet Systems Consortium, Inc. ("ISC")
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 */

/* $Id: entropy.c,v 1.10 2009/01/18 23:48:14 tbox Exp $ */

/*
 * This is the system dependent part of the ISC entropy API.
 */

#include <config.h>

#include <windows.h>
#include <wincrypt.h>

#include <process.h>
#include <io.h>
#include <share.h>

/*
 * There is only one variable in the entropy data structures that is not
 * system independent, but pulling the structure that uses it into this file
 * ultimately means pulling several other independent structures here also to
 * resolve their interdependencies.  Thus only the problem variable's type
 * is defined here.
 */
#define FILESOURCE_HANDLE_TYPE  HCRYPTPROV

typedef struct {
    int dummy;
} isc_entropyusocketsource_t;

#include "../entropy.c"

static unsigned int
get_from_filesource(isc_entropysource_t *source, isc_uint32_t desired) {
    isc_entropy_t *ent = source->ent;
    unsigned char buf[128];
    HCRYPTPROV hcryptprov = source->sources.file.handle;
    ssize_t ndesired;
    unsigned int added;

    if (source->bad)
        return (0);

    desired = desired / 8 + (((desired & 0x07) > 0) ? 1 : 0);

    added = 0;
    while (desired > 0) {
        ndesired = ISC_MIN(desired, sizeof(buf));
        if (!CryptGenRandom(hcryptprov, (DWORD)ndesired, buf)) {
            CryptReleaseContext(hcryptprov, 0);
            source->bad = ISC_TRUE;
            goto out;
        }

        entropypool_adddata(ent, buf,
                    (unsigned int)ndesired,
                    (unsigned int)ndesired * 8);
        added += (unsigned int)ndesired * 8;
        desired -= (isc_uint32_t)ndesired;
    }

 out:
    return (added);
}

/*
 * Poll each source, trying to get data from it to stuff into the entropy
 * pool.
 */
static void
fillpool(isc_entropy_t *ent, unsigned int desired, isc_boolean_t blocking) {
    unsigned int added;
    unsigned int remaining;
    unsigned int needed;
    unsigned int nsource;
    isc_entropysource_t *source;
    isc_entropysource_t *firstsource;

    REQUIRE(VALID_ENTROPY(ent));

    needed = desired;

    /*
     * This logic is a little strange, so an explanation is in order.
     *
     * If needed is 0, it means we are being asked to "fill to whatever
     * we think is best."  This means that if we have at least a
     * partially full pool (say, > 1/4th of the pool) we probably don't
     * need to add anything.
     *
     * Also, we will check to see if the "pseudo" count is too high.
     * If it is, try to mix in better data.  Too high is currently
     * defined as 1/4th of the pool.
     *
     * Next, if we are asked to add a specific bit of entropy, make
     * certain that we will do so.  Clamp how much we try to add to
     * (DIGEST_SIZE * 8 < needed < POOLBITS - entropy).
     *
     * Note that if we are in a blocking mode, we will only try to
     * get as much data as we need, not as much as we might want
     * to build up.
     */
    if (needed == 0) {
        REQUIRE(!blocking);

        if ((ent->pool.entropy >= RND_POOLBITS / 4)
            && (ent->pool.pseudo <= RND_POOLBITS / 4))
            return;

        needed = THRESHOLD_BITS * 4;
    } else {
        needed = ISC_MAX(needed, THRESHOLD_BITS);
        needed = ISC_MIN(needed, RND_POOLBITS);
    }

    /*
     * In any case, clamp how much we need to how much we can add.
     */
    needed = ISC_MIN(needed, RND_POOLBITS - ent->pool.entropy);

    /*
     * But wait!  If we're not yet initialized, we need at least
     *  THRESHOLD_BITS
     * of randomness.
     */
    if (ent->initialized < THRESHOLD_BITS)
        needed = ISC_MAX(needed, THRESHOLD_BITS - ent->initialized);

    /*
     * Poll each file source to see if we can read anything useful from
     * it.  XXXMLG When where are multiple sources, we should keep a
     * record of which one we last used so we can start from it (or the
     * next one) to avoid letting some sources build up entropy while
     * others are always drained.
     */

    added = 0;
    remaining = needed;
    if (ent->nextsource == NULL) {
        ent->nextsource = ISC_LIST_HEAD(ent->sources);
        if (ent->nextsource == NULL)
            return;
    }
    source = ent->nextsource;
    /*
     * Remember the first source so we can break if we have looped back to
     * the beginning and still have nothing
     */
    firstsource = source;
 again_file:
    for (nsource = 0; nsource < ent->nsources; nsource++) {
        unsigned int got;

        if (remaining == 0)
            break;

        got = 0;

        if (source->type == ENTROPY_SOURCETYPE_FILE)
            got = get_from_filesource(source, remaining);

        added += got;

        remaining -= ISC_MIN(remaining, got);

        source = ISC_LIST_NEXT(source, link);
        if (source == NULL)
            source = ISC_LIST_HEAD(ent->sources);
    }
    ent->nextsource = source;

    /*
     * Go again only if there's been progress and we've not
     * gone back to the beginning
     */
    if (!(ent->nextsource == firstsource && added == 0)) {
        if (blocking && remaining != 0) {
                goto again_file;
        }
    }

    /*
     * Here, if there are bits remaining to be had and we can block,
     * check to see if we have a callback source.  If so, call them.
     */
    source = ISC_LIST_HEAD(ent->sources);
    while ((remaining != 0) && (source != NULL)) {
        unsigned int got;

        got = 0;

        if (source->type == ENTROPY_SOURCETYPE_CALLBACK)
            got = get_from_callback(source, remaining, blocking);

        added += got;
        remaining -= ISC_MIN(remaining, got);

        if (added >= needed)
            break;

        source = ISC_LIST_NEXT(source, link);
    }

    /*
     * Mark as initialized if we've added enough data.
     */
    if (ent->initialized < THRESHOLD_BITS)
        ent->initialized += added;
}


/*
 * Requires "ent" be locked.
 */
static void
destroyfilesource(isc_entropyfilesource_t *source) {
    CryptReleaseContext(source->handle, 0);
}

static void
destroyusocketsource(isc_entropyusocketsource_t *source) {
    UNUSED(source);
}


isc_result_t
isc_entropy_createfilesource(isc_entropy_t *ent, const char *fname) {
    isc_result_t ret;
    isc_entropysource_t *source;
    HCRYPTPROV hcryptprov;
    BOOL err;

    REQUIRE(VALID_ENTROPY(ent));
    REQUIRE(fname != NULL);

    LOCK(&ent->lock);

    source = NULL;

    /*
     * The first time we just try to acquire the context
     */
    err = CryptAcquireContext(&hcryptprov, NULL, NULL, PROV_RSA_FULL,
                  CRYPT_VERIFYCONTEXT);
    if (!err){
        (void)GetLastError();
        ret = ISC_R_IOERROR;
        goto errout;
    }

    source = isc_mem_get(ent->mctx, sizeof(isc_entropysource_t));
    if (source == NULL) {
        ret = ISC_R_NOMEMORY;
        goto closecontext;
    }

    /*
     * From here down, no failures can occur.
     */
    source->magic = SOURCE_MAGIC;
    source->type = ENTROPY_SOURCETYPE_FILE;
    source->ent = ent;
    source->total = 0;
    source->bad = ISC_FALSE;
    memset(source->name, 0, sizeof(source->name));
    ISC_LINK_INIT(source, link);
    source->sources.file.handle = hcryptprov;

    /*
     * Hook it into the entropy system.
     */
    ISC_LIST_APPEND(ent->sources, source, link);
    ent->nsources++;

    UNLOCK(&ent->lock);
    return (ISC_R_SUCCESS);

 closecontext:
    CryptReleaseContext(hcryptprov, 0);

 errout:
    if (source != NULL)
        isc_mem_put(ent->mctx, source, sizeof(isc_entropysource_t));

    UNLOCK(&ent->lock);

    return (ret);
}