[thirdparty/rng-tools.git] / rngd.c

/*
 * rngd.c -- Random Number Generator daemon
 *
 * rngd reads data from a hardware random number generator, verifies it
 * looks like random data, and adds it to /dev/random's entropy store.
 *
 * In theory, this should allow you to read very quickly from
 * /dev/random; rngd also adds bytes to the entropy store periodically
 * when it's full, which makes predicting the entropy store's contents
 * harder.
 *
 * Copyright (C) 2001 Philipp Rumpf
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */

#define _GNU_SOURCE

#ifndef HAVE_CONFIG_H
#error Invalid or missing autoconf build environment
#endif

#include "rng-tools-config.h"

#include <unistd.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <errno.h>
#include <string.h>
#include <argp.h>
#include <syslog.h>

#include "rngd.h"
#include "fips.h"
#include "exits.h"
#include "rngd_entsource.h"
#include "rngd_linux.h"

/*
 * Globals
 */

/* Background/daemon mode */
int am_daemon;				/* Nonzero if we went daemon */

/* Command line arguments and processing */
const char *argp_program_version =
	"rngd " VERSION "\n"
	"Copyright 2001-2004 Jeff Garzik\n"
	"Copyright (c) 2001 by Philipp Rumpf\n"
	"This is free software; see the source for copying conditions.  There is NO "
	"warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.";

const char *argp_program_bug_address = PACKAGE_BUGREPORT;

static char doc[] =
	"Check and feed random data from hardware device to kernel entropy pool.\n";

static struct argp_option options[] = {
	{ "foreground",	'f', 0, 0, "Do not fork and become a daemon" },

	{ "background", 'b', 0, 0, "Become a daemon (default)" },

	{ "random-device", 'o', "file", 0,
	  "Kernel device used for random number output (default: /dev/random)" },

	{ "rng-device", 'r', "file", 0,
	  "Kernel device used for random number input (default: /dev/hw_random)" },

	{ "random-step", 's', "nnn", 0,
	  "Number of bytes written to random-device at a time (default: 64)" },

	{ "fill-watermark", 'W', "n", 0,
	  "Do not stop feeding entropy to random-device until at least n bits of entropy are available in the pool (default: 2048), 0 <= n <= 4096" },

	{ "timeout", 't', "nnn", 0,
	  "Interval written to random-device when the entropy pool is full, in seconds (default: 60)" },
	{ "no-tpm", 'n', "1|0", 0,
	  "do not use tpm as a source of random number input (default: 0)" },

	{ 0 },
};

static struct arguments default_arguments = {
	.random_name	= "/dev/random",
	.poll_timeout	= 60,
	.random_step	= 64,
	.fill_watermark	= 2048,
	.daemon		= 1,
	.enable_tpm	= 1,
};
struct arguments *arguments = &default_arguments;

static struct rng rng_default = {
	.rng_name	= "/dev/hw_random",
	.rng_fd		= -1,
	.xread		= xread,
	.fipsctx	= NULL,
	.next		= NULL,
};

static struct rng rng_tpm = {
	.rng_name	= "/dev/tpm0",
	.rng_fd		= -1,
	.xread		= xread_tpm,
	.fipsctx	= NULL,
	.next		= NULL,
};

struct rng *rng_list;

/*
 * command line processing
 */
static error_t parse_opt (int key, char *arg, struct argp_state *state)
{
	switch(key) {
	case 'o':
		arguments->random_name = arg;
		break;
	case 'r':
		rng_default.rng_name = arg;
		break;
	case 't': {
		float f;
		if (sscanf(arg, "%f", &f) == 0)
			argp_usage(state);
		else
			arguments->poll_timeout = f;
		break;
	}

	case 'f':
		arguments->daemon = 0;
		break;
	case 'b':
		arguments->daemon = 1;
		break;
	case 's':
		if (sscanf(arg, "%i", &arguments->random_step) == 0)
			argp_usage(state);
		break;
	case 'W': {
		int n;
		if ((sscanf(arg, "%i", &n) == 0) || (n < 0) || (n > 4096))
			argp_usage(state);
		else
			arguments->fill_watermark = n;
		break;
	}
	case 'n': {
		int n;
		if ((sscanf(arg,"%i", &n) == 0) || ((n | 1)!=1))
			argp_usage(state);
		else
			arguments->enable_tpm = 0;
		break;
	}

	default:
		return ARGP_ERR_UNKNOWN;
	}

	return 0;
}

static struct argp argp = { options, parse_opt, NULL, doc };


static int update_kernel_random(int random_step, double poll_timeout,
	unsigned char *buf, fips_ctx_t *fipsctx)
{
	unsigned char *p;
	int fips;

	fips = fips_run_rng_test(fipsctx, buf);
	if (fips) {
		message(LOG_DAEMON|LOG_ERR, "failed fips test\n");
		return 1;
	}

	for (p = buf; p + random_step <= &buf[FIPS_RNG_BUFFER_SIZE];
		 p += random_step) {
		random_add_entropy(p, random_step);
		random_sleep(poll_timeout);
	}
	return 0;
}

static void do_loop(int random_step, double poll_timeout)
{
	unsigned char buf[FIPS_RNG_BUFFER_SIZE];
	int retval;

	for (;;) {
		struct rng *iter;
		for (iter = rng_list; iter; iter = iter->next)
		{
			retval = iter->xread(buf, sizeof buf, iter);
			if (retval == 0)
				update_kernel_random(random_step,
						     poll_timeout, buf,
						     iter->fipsctx);
		}
	}
}

int main(int argc, char **argv)
{
	int rc_rng = 1;
	int rc_tpm = 1;

	/* Parsing of commandline parameters */
	argp_parse(&argp, argc, argv, 0, 0, arguments);

	/* Init entropy sources, and open TRNG device */
	rc_rng = init_entropy_source(&rng_default);
	if (arguments->enable_tpm)
		rc_tpm = init_tpm_entropy_source(&rng_tpm);

	if (rc_rng && rc_tpm) {
		message(LOG_DAEMON|LOG_ERR,
			"can't open entropy source(tpm or intel/amd rng)");
		message(LOG_DAEMON|LOG_ERR,
			"Maybe RNG device modules are not loaded\n");
		return 1;
	}

	/* Init entropy sink and open random device */
	init_kernel_rng(arguments->random_name);

	if (arguments->daemon) {
		am_daemon = 1;

		if (daemon(0, 0) < 0) {
			fprintf(stderr, "can't daemonize: %s\n",
				strerror(errno));
			return 1;
		}

		openlog("rngd", 0, LOG_DAEMON);
	}

	do_loop(arguments->random_step,
		arguments->poll_timeout ? : -1.0);

	return 0;
}
Commit	Line	Data
61af3de3 JG	1	/*
	2	* rngd.c -- Random Number Generator daemon
	3	*
	4	* rngd reads data from a hardware random number generator, verifies it
	5	* looks like random data, and adds it to /dev/random's entropy store.
d1b4c504	6	*
61af3de3 JG	7	* In theory, this should allow you to read very quickly from
	8	* /dev/random; rngd also adds bytes to the entropy store periodically
	9	* when it's full, which makes predicting the entropy store's contents
	10	* harder.
	11	*
	12	* Copyright (C) 2001 Philipp Rumpf
	13	*
	14	* This program is free software; you can redistribute it and/or modify
	15	* it under the terms of the GNU General Public License as published by
	16	* the Free Software Foundation; either version 2 of the License, or
	17	* (at your option) any later version.
d1b4c504	18	*
61af3de3 JG	19	* This program is distributed in the hope that it will be useful,
	20	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	21	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	22	* GNU General Public License for more details.
	23	*
	24	* You should have received a copy of the GNU General Public License
	25	* along with this program; if not, write to the Free Software
	26	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
	27	*/
	28
	29	#define _GNU_SOURCE
	30
	31	#ifndef HAVE_CONFIG_H
	32	#error Invalid or missing autoconf build environment
	33	#endif
	34
	35	#include "rng-tools-config.h"
	36
	37	#include <unistd.h>
	38	#include <stdint.h>
	39	#include <stdio.h>
	40	#include <stdlib.h>
	41	#include <sys/types.h>
	42	#include <sys/stat.h>
	43	#include <fcntl.h>
	44	#include <errno.h>
	45	#include <string.h>
	46	#include <argp.h>
	47	#include <syslog.h>
	48
	49	#include "rngd.h"
	50	#include "fips.h"
	51	#include "exits.h"
	52	#include "rngd_entsource.h"
	53	#include "rngd_linux.h"
	54
	55	/*
	56	* Globals
	57	*/
	58
	59	/* Background/daemon mode */
	60	int am_daemon; /* Nonzero if we went daemon */
	61
	62	/* Command line arguments and processing */
d1b4c504	63	const char *argp_program_version =
61af3de3 JG	64	"rngd " VERSION "\n"
	65	"Copyright 2001-2004 Jeff Garzik\n"
	66	"Copyright (c) 2001 by Philipp Rumpf\n"
	67	"This is free software; see the source for copying conditions. There is NO "
	68	"warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.";
	69
	70	const char *argp_program_bug_address = PACKAGE_BUGREPORT;
	71
	72	static char doc[] =
	73	"Check and feed random data from hardware device to kernel entropy pool.\n";
	74
	75	static struct argp_option options[] = {
	76	{ "foreground", 'f', 0, 0, "Do not fork and become a daemon" },
	77
	78	{ "background", 'b', 0, 0, "Become a daemon (default)" },
	79
	80	{ "random-device", 'o', "file", 0,
	81	"Kernel device used for random number output (default: /dev/random)" },
	82
	83	{ "rng-device", 'r', "file", 0,
dc51bdc9	84	"Kernel device used for random number input (default: /dev/hw_random)" },
61af3de3 JG	85
	86	{ "random-step", 's', "nnn", 0,
	87	"Number of bytes written to random-device at a time (default: 64)" },
	88
	89	{ "fill-watermark", 'W', "n", 0,
	90	"Do not stop feeding entropy to random-device until at least n bits of entropy are available in the pool (default: 2048), 0 <= n <= 4096" },
	91
	92	{ "timeout", 't', "nnn", 0,
	93	"Interval written to random-device when the entropy pool is full, in seconds (default: 60)" },
d1b4c504 JG	94	{ "no-tpm", 'n', "1\|0", 0,
d1b4c504 JG	95	"do not use tpm as a source of random number input (default: 0)" },
61af3de3 JG	96
	97	{ 0 },
	98	};
	99
	100	static struct arguments default_arguments = {
61af3de3 JG	101	.random_name = "/dev/random",
	102	.poll_timeout = 60,
	103	.random_step = 64,
d1b4c504	104	.fill_watermark = 2048,
61af3de3	105	.daemon = 1,
d1b4c504	106	.enable_tpm = 1,
61af3de3 JG	107	};
	108	struct arguments *arguments = &default_arguments;
	109
d1b4c504 JG	110	static struct rng rng_default = {
	111	.rng_name = "/dev/hw_random",
	112	.rng_fd = -1,
	113	.xread = xread,
	114	.fipsctx = NULL,
	115	.next = NULL,
	116	};
	117
	118	static struct rng rng_tpm = {
	119	.rng_name = "/dev/tpm0",
	120	.rng_fd = -1,
	121	.xread = xread_tpm,
	122	.fipsctx = NULL,
	123	.next = NULL,
	124	};
	125
	126	struct rng *rng_list;
61af3de3 JG	127
	128	/*
	129	* command line processing
	130	*/
	131	static error_t parse_opt (int key, char arg, struct argp_state state)
	132	{
61af3de3 JG	133	switch(key) {
	134	case 'o':
	135	arguments->random_name = arg;
	136	break;
	137	case 'r':
d1b4c504	138	rng_default.rng_name = arg;
61af3de3 JG	139	break;
	140	case 't': {
	141	float f;
	142	if (sscanf(arg, "%f", &f) == 0)
	143	argp_usage(state);
	144	else
	145	arguments->poll_timeout = f;
	146	break;
	147	}
	148
	149	case 'f':
	150	arguments->daemon = 0;
	151	break;
	152	case 'b':
	153	arguments->daemon = 1;
	154	break;
	155	case 's':
	156	if (sscanf(arg, "%i", &arguments->random_step) == 0)
	157	argp_usage(state);
	158	break;
	159	case 'W': {
	160	int n;
	161	if ((sscanf(arg, "%i", &n) == 0) \|\| (n < 0) \|\| (n > 4096))
	162	argp_usage(state);
	163	else
	164	arguments->fill_watermark = n;
	165	break;
	166	}
d1b4c504 JG	167	case 'n': {
	168	int n;
	169	if ((sscanf(arg,"%i", &n) == 0) \|\| ((n \| 1)!=1))
	170	argp_usage(state);
	171	else
	172	arguments->enable_tpm = 0;
	173	break;
	174	}
61af3de3 JG	175
	176	default:
	177	return ARGP_ERR_UNKNOWN;
	178	}
	179
	180	return 0;
	181	}
	182
	183	static struct argp argp = { options, parse_opt, NULL, doc };
	184
	185
d1b4c504 JG	186	static int update_kernel_random(int random_step, double poll_timeout,
d1b4c504 JG	187	unsigned char buf, fips_ctx_t fipsctx)
61af3de3	188	{
61af3de3 JG	189	unsigned char *p;
	190	int fips;
	191
d1b4c504 JG	192	fips = fips_run_rng_test(fipsctx, buf);
	193	if (fips) {
	194	message(LOG_DAEMON\|LOG_ERR, "failed fips test\n");
	195	return 1;
	196	}
61af3de3	197
d1b4c504 JG	198	for (p = buf; p + random_step <= &buf[FIPS_RNG_BUFFER_SIZE];
	199	p += random_step) {
	200	random_add_entropy(p, random_step);
	201	random_sleep(poll_timeout);
	202	}
	203	return 0;
	204	}
61af3de3	205
d1b4c504 JG	206	static void do_loop(int random_step, double poll_timeout)
	207	{
	208	unsigned char buf[FIPS_RNG_BUFFER_SIZE];
	209	int retval;
61af3de3	210
d1b4c504 JG	211	for (;;) {
	212	struct rng *iter;
	213	for (iter = rng_list; iter; iter = iter->next)
	214	{
	215	retval = iter->xread(buf, sizeof buf, iter);
	216	if (retval == 0)
	217	update_kernel_random(random_step,
	218	poll_timeout, buf,
	219	iter->fipsctx);
61af3de3 JG	220	}
	221	}
	222	}
	223
61af3de3 JG	224	int main(int argc, char **argv)
61af3de3 JG	225	{
d1b4c504 JG	226	int rc_rng = 1;
	227	int rc_tpm = 1;
	228
	229	/* Parsing of commandline parameters */
61af3de3 JG	230	argp_parse(&argp, argc, argv, 0, 0, arguments);
61af3de3 JG	231
d1b4c504 JG	232	/* Init entropy sources, and open TRNG device */
	233	rc_rng = init_entropy_source(&rng_default);
	234	if (arguments->enable_tpm)
	235	rc_tpm = init_tpm_entropy_source(&rng_tpm);
	236
	237	if (rc_rng && rc_tpm) {
	238	message(LOG_DAEMON\|LOG_ERR,
	239	"can't open entropy source(tpm or intel/amd rng)");
	240	message(LOG_DAEMON\|LOG_ERR,
	241	"Maybe RNG device modules are not loaded\n");
	242	return 1;
	243	}
61af3de3 JG	244
	245	/* Init entropy sink and open random device */
	246	init_kernel_rng(arguments->random_name);
	247
	248	if (arguments->daemon) {
	249	am_daemon = 1;
	250
	251	if (daemon(0, 0) < 0) {
	252	fprintf(stderr, "can't daemonize: %s\n",
	253	strerror(errno));
	254	return 1;
	255	}
	256
	257	openlog("rngd", 0, LOG_DAEMON);
	258	}
	259
	260	do_loop(arguments->random_step,
	261	arguments->poll_timeout ? : -1.0);
	262
	263	return 0;
	264	}