random.c 5.43 KB
Newer Older
1 2 3
/*
 * cryptsetup kernel RNG access functions
 *
Milan Broz's avatar
Milan Broz committed
4
 * Copyright (C) 2010-2018, Red Hat, Inc. All rights reserved.
5 6 7
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
8 9
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
10 11 12 13 14 15 16 17
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
18
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
19 20 21 22 23 24 25
 */

#include <stdlib.h>
#include <string.h>
#include <fcntl.h>
#include <errno.h>
#include <assert.h>
John Spencer's avatar
John Spencer committed
26
#include <sys/select.h>
27 28 29 30

#include "libcryptsetup.h"
#include "internal.h"

31 32 33 34
#ifndef O_CLOEXEC
#define O_CLOEXEC 0
#endif

35 36 37 38 39 40 41 42 43 44 45
static int random_initialised = 0;

#define URANDOM_DEVICE	"/dev/urandom"
static int urandom_fd = -1;

#define RANDOM_DEVICE	"/dev/random"
static int random_fd = -1;

/* Read random chunk - gathered data usually appears with this granularity */
#define RANDOM_DEVICE_CHUNK	8

Milan Broz's avatar
Milan Broz committed
46
/* Timeout to print warning if no random data (entropy) */
47 48 49
#define RANDOM_DEVICE_TIMEOUT	5

/* URANDOM_DEVICE access */
50 51
static int _get_urandom(struct crypt_device *ctx __attribute__((unused)),
			char *buf, size_t len)
52 53 54 55 56 57 58 59 60 61 62
{
	int r;
	size_t old_len = len;
	char *old_buf = buf;

	assert(urandom_fd != -1);

	while(len) {
		r = read(urandom_fd, buf, len);
		if (r == -1 && errno != EINTR)
			return -EINVAL;
63 64 65 66
		if (r > 0) {
			len -= r;
			buf += r;
		}
67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122
	}

	assert(len == 0);
	assert((size_t)(buf - old_buf) == old_len);

	return 0;
}

static void _get_random_progress(struct crypt_device *ctx, int warn,
				 size_t expected_len, size_t read_len)
{
	if (warn)
		log_std(ctx,
			_("System is out of entropy while generating volume key.\n"
			  "Please move mouse or type some text in another window "
			  "to gather some random events.\n"));

	log_std(ctx, _("Generating key (%d%% done).\n"),
		(int)((expected_len - read_len) * 100 / expected_len));
}

/* RANDOM_DEVICE access */
static int _get_random(struct crypt_device *ctx, char *buf, size_t len)
{
	int r, warn_once = 1;
	size_t n, old_len = len;
	char *old_buf = buf;
	fd_set fds;
	struct timeval tv;

	assert(random_fd != -1);

	while (len) {
		FD_ZERO(&fds);
		FD_SET(random_fd, &fds);

		tv.tv_sec = RANDOM_DEVICE_TIMEOUT;
		tv.tv_usec = 0;

		r = select(random_fd + 1, &fds, NULL, NULL, &tv);
		if(r == -1)
			return -EINVAL;

		if(!r) {
			_get_random_progress(ctx, warn_once, old_len, len);
			warn_once = 0;
			continue;
		}

		do {
			n = RANDOM_DEVICE_CHUNK;
			if (len < RANDOM_DEVICE_CHUNK)
				n = len;

			r = read(random_fd, buf, n);

123 124
			if (r == -1 && errno == EINTR) {
				r = 0;
125
				continue;
126
			}
127 128 129 130 131 132

			/* bogus read? */
			if(r > (int)n)
				return -EINVAL;

			/* random device is opened with O_NONBLOCK, EAGAIN is expected */
133
			if (r == -1 && (errno != EAGAIN && errno != EWOULDBLOCK))
134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153
				return -EINVAL;

			if (r > 0) {
				len -= r;
				buf += r;
			}
		} while (len && r > 0);
	}

	assert(len == 0);
	assert((size_t)(buf - old_buf) == old_len);

	if (!warn_once)
		_get_random_progress(ctx, 0, old_len, len);

	return 0;
}
/* Initialisation of both RNG file descriptors is mandatory */
int crypt_random_init(struct crypt_device *ctx)
{
154 155 156
	if (random_initialised)
		return 0;

157 158
	/* Used for CRYPT_RND_NORMAL */
	if(urandom_fd == -1)
159
		urandom_fd = open(URANDOM_DEVICE, O_RDONLY | O_CLOEXEC);
160 161 162 163 164
	if(urandom_fd == -1)
		goto fail;

	/* Used for CRYPT_RND_KEY */
	if(random_fd == -1)
165
		random_fd = open(RANDOM_DEVICE, O_RDONLY | O_NONBLOCK | O_CLOEXEC);
166 167 168
	if(random_fd == -1)
		goto fail;

169 170 171
	if (crypt_fips_mode())
		log_verbose(ctx, _("Running in FIPS mode.\n"));

172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187
	random_initialised = 1;
	return 0;
fail:
	crypt_random_exit();
	log_err(ctx, _("Fatal error during RNG initialisation.\n"));
	return -ENOSYS;
}

int crypt_random_get(struct crypt_device *ctx, char *buf, size_t len, int quality)
{
	int status, rng_type;

	switch(quality) {
	case CRYPT_RND_NORMAL:
		status = _get_urandom(ctx, buf, len);
		break;
188
	case CRYPT_RND_SALT:
189
		if (crypt_fips_mode())
190
			status = crypt_backend_rng(buf, len, quality, 1);
191 192
		else
			status = _get_urandom(ctx, buf, len);
193
		break;
194
	case CRYPT_RND_KEY:
195
		if (crypt_fips_mode()) {
196
			status = crypt_backend_rng(buf, len, quality, 1);
197 198
			break;
		}
199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217
		rng_type = ctx ? crypt_get_rng_type(ctx) :
				 crypt_random_default_key_rng();
		switch (rng_type) {
		case CRYPT_RNG_URANDOM:
			status = _get_urandom(ctx, buf, len);
			break;
		case CRYPT_RNG_RANDOM:
			status = _get_random(ctx, buf, len);
			break;
		default:
			abort();
		}
		break;
	default:
		log_err(ctx, _("Unknown RNG quality requested.\n"));
		return -EINVAL;
	}

	if (status)
218
		log_err(ctx, _("Error reading from RNG.\n"));
219 220 221 222

	return status;
}

223
void crypt_random_exit(void)
224 225 226 227 228 229 230 231 232 233 234 235 236 237
{
	random_initialised = 0;

	if(random_fd != -1) {
		(void)close(random_fd);
		random_fd = -1;
	}

	if(urandom_fd != -1) {
		(void)close(urandom_fd);
		urandom_fd = -1;
	}
}

238
int crypt_random_default_key_rng(void)
239
{
240
	/* coverity[pointless_string_compare] */
241 242 243
	if (!strcmp(DEFAULT_RNG, RANDOM_DEVICE))
		return CRYPT_RNG_RANDOM;

244
	/* coverity[pointless_string_compare] */
245 246 247 248 249 250
	if (!strcmp(DEFAULT_RNG, URANDOM_DEVICE))
		return CRYPT_RNG_URANDOM;

	/* RNG misconfiguration is fatal */
	abort();
}