2 * rngd.c -- Random Number Generator daemon
4 * rngd reads data from a hardware random number generator, verifies it
5 * looks like random data, and adds it to /dev/random's entropy store.
7 * In theory, this should allow you to read very quickly from
8 * /dev/random; rngd also adds bytes to the entropy store periodically
9 * when it's full, which makes predicting the entropy store's contents
12 * Copyright (C) 2001 Philipp Rumpf
14 * This program is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU General Public License as published by
16 * the Free Software Foundation; either version 2 of the License, or
17 * (at your option) any later version.
19 * This program is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
24 * You should have received a copy of the GNU General Public License
25 * along with this program; if not, write to the Free Software
26 * Foundation, Inc., 51 Franklin Street, Suite 500, Boston, MA 02110-1335 USA
32 #error Invalid or missing autoconf build environment
35 #include "rng-tools-config.h"
41 #include <sys/types.h>
53 #include "rngd_entsource.h"
54 #include "rngd_linux.h"
60 /* Background/daemon mode */
61 bool am_daemon
; /* True if we went daemon */
63 bool server_running
= true; /* set to false, to stop daemon */
65 /* Command line arguments and processing */
66 const char *argp_program_version
=
68 "Copyright 2001-2004 Jeff Garzik\n"
69 "Copyright (c) 2001 by Philipp Rumpf\n"
70 "This is free software; see the source for copying conditions. There is NO "
71 "warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.";
73 const char *argp_program_bug_address
= PACKAGE_BUGREPORT
;
76 "Check and feed random data from hardware device to kernel entropy pool.\n";
78 static struct argp_option options
[] = {
79 { "foreground", 'f', 0, 0, "Do not fork and become a daemon" },
81 { "background", 'b', 0, 0, "Become a daemon (default)" },
83 { "random-device", 'o', "file", 0,
84 "Kernel device used for random number output (default: /dev/random)" },
86 { "rng-device", 'r', "file", 0,
87 "Kernel device used for random number input (default: /dev/hwrng)" },
89 { "pid-file", 'p', "file", 0,
90 "File used for recording daemon PID, and multiple exclusion (default: /var/run/rngd.pid)" },
92 { "random-step", 's', "nnn", 0,
93 "Number of bytes written to random-device at a time (default: 64)" },
95 { "fill-watermark", 'W', "n", 0,
96 "Do not stop feeding entropy to random-device until at least n bits of entropy are available in the pool (default: 2048), 0 <= n <= 4096" },
98 { "quiet", 'q', 0, 0, "Suppress error messages" },
100 { "verbose" ,'v', 0, 0, "Report available entropy sources" },
102 { "no-drng", 'd', "1|0", 0,
103 "Do not use drng as a source of random number input (default: 0)" },
105 { "no-tpm", 'n', "1|0", 0,
106 "Do not use tpm as a source of random number input (default: 0)" },
111 static struct arguments default_arguments
= {
112 .random_name
= "/dev/random",
113 .pid_file
= "/var/run/rngd.pid",
121 struct arguments
*arguments
= &default_arguments
;
123 static struct rng rng_default
= {
124 .rng_name
= "/dev/hwrng",
129 static struct rng rng_drng
= {
135 static struct rng rng_tpm
= {
136 .rng_name
= "/dev/tpm0",
141 struct rng
*rng_list
;
144 * command line processing
146 static error_t
parse_opt (int key
, char *arg
, struct argp_state
*state
)
150 arguments
->random_name
= arg
;
153 arguments
->pid_file
= arg
;
156 rng_default
.rng_name
= arg
;
159 arguments
->daemon
= false;
162 arguments
->daemon
= true;
165 if (sscanf(arg
, "%i", &arguments
->random_step
) == 0)
170 if ((sscanf(arg
, "%i", &n
) == 0) || (n
< 0) || (n
> 4096))
173 arguments
->fill_watermark
= n
;
177 arguments
->quiet
= true;
180 arguments
->verbose
= true;
184 if ((sscanf(arg
,"%i", &n
) == 0) || ((n
| 1)!=1))
187 arguments
->enable_drng
= false;
192 if ((sscanf(arg
,"%i", &n
) == 0) || ((n
| 1)!=1))
195 arguments
->enable_tpm
= false;
200 return ARGP_ERR_UNKNOWN
;
206 static struct argp argp
= { options
, parse_opt
, NULL
, doc
};
209 static int update_kernel_random(int random_step
,
210 unsigned char *buf
, fips_ctx_t
*fipsctx_in
)
215 fips
= fips_run_rng_test(fipsctx_in
, buf
);
219 for (p
= buf
; p
+ random_step
<= &buf
[FIPS_RNG_BUFFER_SIZE
];
221 random_add_entropy(p
, random_step
);
227 static void do_loop(int random_step
)
229 unsigned char buf
[FIPS_RNG_BUFFER_SIZE
];
233 while (no_work
< 100) {
238 for (iter
= rng_list
; iter
; iter
= iter
->next
)
247 continue; /* failed, no work */
249 retval
= iter
->xread(buf
, sizeof buf
, iter
);
251 continue; /* failed, no work */
255 rc
= update_kernel_random(random_step
,
259 if (iter
->success
>= RNG_OK_CREDIT
) {
264 break; /* succeeded, work done */
268 if (iter
->failures
<= MAX_RNG_FAILURES
/4) {
269 /* FIPS tests have false positives */
271 } else if (iter
->failures
>= MAX_RNG_FAILURES
) {
272 if (!arguments
->quiet
)
273 message(LOG_DAEMON
|LOG_ERR
,
274 "too many FIPS failures, disabling entropy source\n");
275 iter
->disabled
= true;
283 if (!arguments
->quiet
)
284 message(LOG_DAEMON
|LOG_ERR
,
285 "No entropy sources working, exiting rngd\n");
288 static void term_signal(int signo
)
290 server_running
= false;
293 int main(int argc
, char **argv
)
300 openlog("rngd", 0, LOG_DAEMON
);
302 /* Get the default watermark level for this platform */
303 arguments
->fill_watermark
= default_watermark();
305 /* Parsing of commandline parameters */
306 argp_parse(&argp
, argc
, argv
, 0, 0, arguments
);
308 /* Init entropy sources, and open TRNG device */
309 if (arguments
->enable_drng
)
310 rc_drng
= init_drng_entropy_source(&rng_drng
);
311 rc_rng
= init_entropy_source(&rng_default
);
312 if (arguments
->enable_tpm
&& rc_rng
)
313 rc_tpm
= init_tpm_entropy_source(&rng_tpm
);
315 if (rc_rng
&& rc_drng
&& rc_tpm
) {
316 if (!arguments
->quiet
) {
317 message(LOG_DAEMON
|LOG_ERR
,
318 "can't open any entropy source");
319 message(LOG_DAEMON
|LOG_ERR
,
320 "Maybe RNG device modules are not loaded\n");
325 if (arguments
->verbose
) {
326 printf("Available entropy sources:\n");
328 printf("\tIntel/AMD hardware rng\n");
336 && (rc_drng
|| !arguments
->enable_drng
)
337 && (rc_tpm
|| !arguments
->enable_tpm
)) {
338 if (!arguments
->quiet
)
339 message(LOG_DAEMON
|LOG_ERR
,
340 "No entropy source available, shutting down\n");
344 /* Init entropy sink and open random device */
345 init_kernel_rng(arguments
->random_name
);
347 if (arguments
->daemon
) {
350 if (daemon(0, 0) < 0) {
351 if(!arguments
->quiet
)
352 fprintf(stderr
, "can't daemonize: %s\n",
357 /* require valid, locked PID file to proceed */
358 pid_fd
= write_pid_file(arguments
->pid_file
);
362 signal(SIGHUP
, SIG_IGN
);
363 signal(SIGPIPE
, SIG_IGN
);
364 signal(SIGINT
, term_signal
);
365 signal(SIGTERM
, term_signal
);
368 do_loop(arguments
->random_step
);
371 unlink(arguments
->pid_file
);