random.c revision 41cf421d9c6400a15b7c05a8f75a59121e759f6c
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
*/
#include <stdio.h>
#include <unistd.h>
#include <errno.h>
#include <string.h>
#include <fcntl.h>
#include <locale.h>
#include <stdarg.h>
#include <cryptoutil.h>
#include <pthread.h>
static pthread_mutex_t random_mutex = PTHREAD_MUTEX_INITIALIZER;
static pthread_mutex_t urandom_mutex = PTHREAD_MUTEX_INITIALIZER;
static pthread_mutex_t random_seed_mutex = PTHREAD_MUTEX_INITIALIZER;
static pthread_mutex_t urandom_seed_mutex = PTHREAD_MUTEX_INITIALIZER;
#define RANDOM_DEVICE "/dev/random" /* random device name */
#define URANDOM_DEVICE "/dev/urandom" /* urandom device name */
static int random_fd = -1;
static int urandom_fd = -1;
static int random_seed_fd = -1;
static int urandom_seed_fd = -1;
/*
* Equivalent of open(2) insulated from EINTR.
* Also sets close-on-exec.
*/
int
open_nointr(const char *path, int oflag, ...)
{
int fd;
mode_t pmode;
va_list alist;
va_start(alist, oflag);
pmode = va_arg(alist, mode_t);
va_end(alist);
do {
if ((fd = open(path, oflag, pmode)) >= 0) {
(void) fcntl(fd, F_SETFD, FD_CLOEXEC);
break;
}
/* errno definitely set by failed open() */
} while (errno == EINTR);
return (fd);
}
/*
* Equivalent of read(2) insulated from EINTR.
*/
ssize_t
readn_nointr(int fd, void *dbuf, size_t dlen)
{
char *marker = dbuf;
size_t left = dlen;
ssize_t nread = 0, err;
for (err = 0; left > 0 && nread != -1; marker += nread, left -= nread) {
if ((nread = read(fd, marker, left)) < 0) {
if (errno == EINTR) { /* keep trying */
nread = 0;
continue;
}
err = nread; /* hard error */
break;
} else if (nread == 0) {
break;
}
}
return (err != 0 ? err : dlen - left);
}
/*
* Equivalent of write(2) insulated from EINTR.
*/
ssize_t
writen_nointr(int fd, void *dbuf, size_t dlen)
{
char *marker = dbuf;
size_t left = dlen;
ssize_t nwrite = 0, err;
for (err = 0; left > 0 && nwrite != -1; marker += nwrite,
left -= nwrite) {
if ((nwrite = write(fd, marker, left)) < 0) {
if (errno == EINTR) { /* keep trying */
nwrite = 0;
continue;
}
err = nwrite; /* hard error */
break;
} else if (nwrite == 0) {
break;
}
}
return (err != 0 ? err : dlen - left);
}
/*
* Opens the random number generator devices if not already open.
* Always returns the opened fd of the device, or error.
*/
static int
pkcs11_open_common(int *fd, pthread_mutex_t *mtx, const char *dev, int oflag)
{
(void) pthread_mutex_lock(mtx);
if (*fd < 0)
*fd = open_nointr(dev, oflag);
(void) pthread_mutex_unlock(mtx);
return (*fd);
}
static int
pkcs11_open_random(void)
{
return (pkcs11_open_common(&random_fd, &random_mutex,
RANDOM_DEVICE, O_RDONLY));
}
static int
pkcs11_open_urandom(void)
{
return (pkcs11_open_common(&urandom_fd, &urandom_mutex,
URANDOM_DEVICE, O_RDONLY));
}
static int
pkcs11_open_random_seed(void)
{
return (pkcs11_open_common(&random_seed_fd, &random_seed_mutex,
RANDOM_DEVICE, O_WRONLY));
}
static int
pkcs11_open_urandom_seed(void)
{
return (pkcs11_open_common(&urandom_seed_fd, &urandom_seed_mutex,
URANDOM_DEVICE, O_WRONLY));
}
/*
* Close the random number generator devices if already open.
*/
static void
pkcs11_close_common(int *fd, pthread_mutex_t *mtx)
{
(void) pthread_mutex_lock(mtx);
(void) close(*fd);
*fd = -1;
(void) pthread_mutex_unlock(mtx);
}
void
pkcs11_close_random(void)
{
pkcs11_close_common(&random_fd, &random_mutex);
}
void
pkcs11_close_urandom(void)
{
pkcs11_close_common(&urandom_fd, &urandom_mutex);
}
static void
pkcs11_close_random_seed(void)
{
pkcs11_close_common(&random_seed_fd, &random_seed_mutex);
}
void
pkcs11_close_urandom_seed(void)
{
pkcs11_close_common(&urandom_seed_fd, &urandom_seed_mutex);
}
/*
* Read from the random number generator devices.
*/
static size_t
pkcs11_read_common(int *fd, pthread_mutex_t *mtx, void *dbuf, size_t dlen)
{
size_t n;
(void) pthread_mutex_lock(mtx);
n = readn_nointr(*fd, dbuf, dlen);
(void) pthread_mutex_unlock(mtx);
return (n);
}
static size_t
pkcs11_read_random(void *dbuf, size_t dlen)
{
return (pkcs11_read_common(&random_fd, &random_mutex, dbuf, dlen));
}
static size_t
pkcs11_read_urandom(void *dbuf, size_t dlen)
{
return (pkcs11_read_common(&urandom_fd, &urandom_mutex, dbuf, dlen));
}
/*
* Write to the random number generator devices.
*/
static size_t
pkcs11_write_common(int *fd, pthread_mutex_t *mtx, void *dbuf, size_t dlen)
{
size_t n;
(void) pthread_mutex_lock(mtx);
n = writen_nointr(*fd, dbuf, dlen);
(void) pthread_mutex_unlock(mtx);
return (n);
}
static size_t
pkcs11_write_random_seed(void *dbuf, size_t dlen)
{
return (pkcs11_write_common(&random_seed_fd, &random_seed_mutex,
dbuf, dlen));
}
static size_t
pkcs11_write_urandom_seed(void *dbuf, size_t dlen)
{
return (pkcs11_write_common(&urandom_seed_fd, &urandom_seed_mutex,
dbuf, dlen));
}
/*
* Seed /dev/random with the data in the buffer.
*/
int
pkcs11_seed_random(void *sbuf, size_t slen)
{
int rv;
if (sbuf == NULL || slen == 0)
return (0);
/* Seeding error could mean it's not supported (errno = EACCES) */
if (pkcs11_open_random_seed() < 0)
return (-1);
rv = -1;
if (pkcs11_write_random_seed(sbuf, slen) == slen)
rv = 0;
pkcs11_close_random_seed();
return (rv);
}
/*
* Seed /dev/urandom with the data in the buffer.
*/
int
pkcs11_seed_urandom(void *sbuf, size_t slen)
{
int rv;
if (sbuf == NULL || slen == 0)
return (0);
/* Seeding error could mean it's not supported (errno = EACCES) */
if (pkcs11_open_urandom_seed() < 0)
return (-1);
rv = -1;
if (pkcs11_write_urandom_seed(sbuf, slen) == slen)
rv = 0;
pkcs11_close_urandom_seed();
return (rv);
}
/*
* Put the requested amount of random data into a preallocated buffer.
* Good for token key data, persistent objects.
*/
int
pkcs11_get_random(void *dbuf, size_t dlen)
{
if (dbuf == NULL || dlen == 0)
return (0);
/* Read random data directly from /dev/random */
if (pkcs11_open_random() < 0)
return (-1);
if (pkcs11_read_random(dbuf, dlen) == dlen)
return (0);
return (-1);
}
/*
* Put the requested amount of random data into a preallocated buffer.
* Good for passphrase salts, initialization vectors.
*/
int
pkcs11_get_urandom(void *dbuf, size_t dlen)
{
if (dbuf == NULL || dlen == 0)
return (0);
/* Read random data directly from /dev/urandom */
if (pkcs11_open_urandom() < 0)
return (-1);
if (pkcs11_read_urandom(dbuf, dlen) == dlen)
return (0);
return (-1);
}
/*
* Same as pkcs11_get_urandom but ensures non zero data.
*/
int
pkcs11_get_nzero_urandom(void *dbuf, size_t dlen)
{
char extrarand[32];
size_t bytesleft = 0;
size_t i = 0;
/* Start with some random data */
if (pkcs11_get_urandom(dbuf, dlen) < 0)
return (-1);
/* Walk through data replacing any 0 bytes with more random data */
while (i < dlen) {
if (((char *)dbuf)[i] != 0) {
i++;
continue;
}
if (bytesleft == 0) {
bytesleft = sizeof (extrarand);
if (pkcs11_get_urandom(extrarand, bytesleft) < 0)
return (-1);
}
bytesleft--;
((char *)dbuf)[i] = extrarand[bytesleft];
}
return (0);
}