src/random-seed.c

   1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
   2
   3 /***
   4   This file is part of systemd.
   5
   6   Copyright 2010 Lennart Poettering
   7
   8   systemd is free software; you can redistribute it and/or modify it
   9   under the terms of the GNU General Public License as published by
  10   the Free Software Foundation; either version 2 of the License, or
  11   (at your option) any later version.
  12
  13   systemd is distributed in the hope that it will be useful, but
  14   WITHOUT ANY WARRANTY; without even the implied warranty of
  15   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  16   General Public License for more details.
  17
  18   You should have received a copy of the GNU General Public License
  19   along with systemd; If not, see <http://www.gnu.org/licenses/>.
  20 ***/
  21
  22 #include <unistd.h>
  23 #include <fcntl.h>
  24 #include <errno.h>
  25 #include <string.h>
  26 #include <sys/stat.h>
  27
  28 #include "log.h"
  29 #include "util.h"
  30
  31 #define POOL_SIZE_MIN 512
  32
  33 int main(int argc, char *argv[]) {
  34         int seed_fd = -1, random_fd = -1;
  35         int ret = EXIT_FAILURE;
  36         void* buf;
  37         size_t buf_size = 0;
  38         ssize_t r;
  39         FILE *f;
  40
  41         if (argc != 2) {
  42                 log_error("This program requires one argument.");
  43                 return EXIT_FAILURE;
  44         }
  45
  46         log_set_target(LOG_TARGET_SYSLOG_OR_KMSG);
  47         log_parse_environment();
  48         log_open();
  49
  50         /* Read pool size, if possible */
  51         if ((f = fopen("/proc/sys/kernel/random/poolsize", "re"))) {
  52                 fscanf(f, "%zu", &buf_size);
  53                 fclose(f);
  54         }
  55
  56         if (buf_size <= POOL_SIZE_MIN)
  57                 buf_size = POOL_SIZE_MIN;
  58
  59         if (!(buf = malloc(buf_size))) {
  60                 log_error("Failed to allocate buffer.");
  61                 goto finish;
  62         }
  63
  64         /* When we load the seed we read it and write it to the device
  65          * and then immediately update the saved seed with new data,
  66          * to make sure the next boot gets seeded differently. */
  67
  68         if (streq(argv[1], "load")) {
  69
  70                 if ((seed_fd = open(RANDOM_SEED, O_RDWR|O_CLOEXEC|O_NOCTTY|O_CREAT, 0600)) < 0) {
  71                         if ((seed_fd = open(RANDOM_SEED, O_RDONLY|O_CLOEXEC|O_NOCTTY)) < 0) {
  72                                 log_error("Failed to open random seed: %m");
  73                                 goto finish;
  74                         }
  75                 }
  76
  77                 if ((random_fd = open("/dev/urandom", O_RDWR|O_CLOEXEC|O_NOCTTY, 0600)) < 0) {
  78                         if ((random_fd = open("/dev/urandom", O_WRONLY|O_CLOEXEC|O_NOCTTY, 0600)) < 0) {
  79                                 log_error("Failed to open /dev/urandom: %m");
  80                                 goto finish;
  81                         }
  82                 }
  83
  84                 if ((r = loop_read(seed_fd, buf, buf_size, false)) <= 0)
  85                         log_error("Failed to read seed file: %s", r < 0 ? strerror(errno) : "EOF");
  86                 else {
  87                         lseek(seed_fd, 0, SEEK_SET);
  88
  89                         if ((r = loop_write(random_fd, buf, (size_t) r, false)) <= 0)
  90                                 log_error("Failed to write seed to /dev/random: %s", r < 0 ? strerror(errno) : "short write");
  91                 }
  92
  93         } else if (streq(argv[1], "save")) {
  94
  95                 if ((seed_fd = open(RANDOM_SEED, O_WRONLY|O_CLOEXEC|O_NOCTTY|O_CREAT, 0600)) < 0) {
  96                         log_error("Failed to open random seed: %m");
  97                         goto finish;
  98                 }
  99
 100                 if ((random_fd = open("/dev/urandom", O_RDONLY|O_CLOEXEC|O_NOCTTY)) < 0) {
 101                         log_error("Failed to open /dev/urandom: %m");
 102                         goto finish;
 103                 }
 104         } else {
 105                 log_error("Unknown verb %s.", argv[1]);
 106                 goto finish;
 107         }
 108
 109         /* This is just a safety measure. Given that we are root and
 110          * most likely created the file ourselves the mode and owner
 111          * should be correct anyway. */
 112         fchmod(seed_fd, 0600);
 113         fchown(seed_fd, 0, 0);
 114
 115         if ((r = loop_read(random_fd, buf, buf_size, false)) <= 0)
 116                 log_error("Failed to read new seed from /dev/urandom: %s", r < 0 ? strerror(errno) : "EOF");
 117         else {
 118                 if ((r = loop_write(seed_fd, buf, (size_t) r, false)) <= 0)
 119                         log_error("Failed to write new random seed file: %s", r < 0 ? strerror(errno) : "short write");
 120         }
 121
 122         ret = EXIT_SUCCESS;
 123
 124 finish:
 125         if (random_fd >= 0)
 126                 close_nointr_nofail(random_fd);
 127
 128         if (seed_fd >= 0)
 129                 close_nointr_nofail(seed_fd);
 130
 131         free(buf);
 132
 133         return ret;
 134 }