]>
Commit | Line | Data |
---|---|---|
61af3de3 JG |
1 | /* |
2 | * rngd.c -- Random Number Generator daemon | |
3 | * | |
4 | * rngd reads data from a hardware random number generator, verifies it | |
5 | * looks like random data, and adds it to /dev/random's entropy store. | |
d1b4c504 | 6 | * |
61af3de3 JG |
7 | * In theory, this should allow you to read very quickly from |
8 | * /dev/random; rngd also adds bytes to the entropy store periodically | |
9 | * when it's full, which makes predicting the entropy store's contents | |
10 | * harder. | |
11 | * | |
12 | * Copyright (C) 2001 Philipp Rumpf | |
13 | * | |
14 | * This program is free software; you can redistribute it and/or modify | |
15 | * it under the terms of the GNU General Public License as published by | |
16 | * the Free Software Foundation; either version 2 of the License, or | |
17 | * (at your option) any later version. | |
d1b4c504 | 18 | * |
61af3de3 JG |
19 | * This program is distributed in the hope that it will be useful, |
20 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
21 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
22 | * GNU General Public License for more details. | |
23 | * | |
24 | * You should have received a copy of the GNU General Public License | |
25 | * along with this program; if not, write to the Free Software | |
26 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | |
27 | */ | |
28 | ||
29 | #define _GNU_SOURCE | |
30 | ||
31 | #ifndef HAVE_CONFIG_H | |
32 | #error Invalid or missing autoconf build environment | |
33 | #endif | |
34 | ||
35 | #include "rng-tools-config.h" | |
36 | ||
37 | #include <unistd.h> | |
38 | #include <stdint.h> | |
39 | #include <stdio.h> | |
40 | #include <stdlib.h> | |
41 | #include <sys/types.h> | |
42 | #include <sys/stat.h> | |
43 | #include <fcntl.h> | |
44 | #include <errno.h> | |
45 | #include <string.h> | |
46 | #include <argp.h> | |
47 | #include <syslog.h> | |
48 | ||
49 | #include "rngd.h" | |
50 | #include "fips.h" | |
51 | #include "exits.h" | |
52 | #include "rngd_entsource.h" | |
53 | #include "rngd_linux.h" | |
54 | ||
55 | /* | |
56 | * Globals | |
57 | */ | |
58 | ||
59 | /* Background/daemon mode */ | |
60 | int am_daemon; /* Nonzero if we went daemon */ | |
61 | ||
62 | /* Command line arguments and processing */ | |
d1b4c504 | 63 | const char *argp_program_version = |
61af3de3 JG |
64 | "rngd " VERSION "\n" |
65 | "Copyright 2001-2004 Jeff Garzik\n" | |
66 | "Copyright (c) 2001 by Philipp Rumpf\n" | |
67 | "This is free software; see the source for copying conditions. There is NO " | |
68 | "warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."; | |
69 | ||
70 | const char *argp_program_bug_address = PACKAGE_BUGREPORT; | |
71 | ||
72 | static char doc[] = | |
73 | "Check and feed random data from hardware device to kernel entropy pool.\n"; | |
74 | ||
75 | static struct argp_option options[] = { | |
76 | { "foreground", 'f', 0, 0, "Do not fork and become a daemon" }, | |
77 | ||
78 | { "background", 'b', 0, 0, "Become a daemon (default)" }, | |
79 | ||
80 | { "random-device", 'o', "file", 0, | |
81 | "Kernel device used for random number output (default: /dev/random)" }, | |
82 | ||
83 | { "rng-device", 'r', "file", 0, | |
dc51bdc9 | 84 | "Kernel device used for random number input (default: /dev/hw_random)" }, |
61af3de3 JG |
85 | |
86 | { "random-step", 's', "nnn", 0, | |
87 | "Number of bytes written to random-device at a time (default: 64)" }, | |
88 | ||
89 | { "fill-watermark", 'W', "n", 0, | |
90 | "Do not stop feeding entropy to random-device until at least n bits of entropy are available in the pool (default: 2048), 0 <= n <= 4096" }, | |
91 | ||
92 | { "timeout", 't', "nnn", 0, | |
93 | "Interval written to random-device when the entropy pool is full, in seconds (default: 60)" }, | |
d1b4c504 JG |
94 | { "no-tpm", 'n', "1|0", 0, |
95 | "do not use tpm as a source of random number input (default: 0)" }, | |
61af3de3 JG |
96 | |
97 | { 0 }, | |
98 | }; | |
99 | ||
100 | static struct arguments default_arguments = { | |
61af3de3 JG |
101 | .random_name = "/dev/random", |
102 | .poll_timeout = 60, | |
103 | .random_step = 64, | |
d1b4c504 | 104 | .fill_watermark = 2048, |
61af3de3 | 105 | .daemon = 1, |
d1b4c504 | 106 | .enable_tpm = 1, |
61af3de3 JG |
107 | }; |
108 | struct arguments *arguments = &default_arguments; | |
109 | ||
d1b4c504 JG |
110 | static struct rng rng_default = { |
111 | .rng_name = "/dev/hw_random", | |
112 | .rng_fd = -1, | |
113 | .xread = xread, | |
114 | .fipsctx = NULL, | |
115 | .next = NULL, | |
116 | }; | |
117 | ||
118 | static struct rng rng_tpm = { | |
119 | .rng_name = "/dev/tpm0", | |
120 | .rng_fd = -1, | |
121 | .xread = xread_tpm, | |
122 | .fipsctx = NULL, | |
123 | .next = NULL, | |
124 | }; | |
125 | ||
126 | struct rng *rng_list; | |
61af3de3 JG |
127 | |
128 | /* | |
129 | * command line processing | |
130 | */ | |
131 | static error_t parse_opt (int key, char *arg, struct argp_state *state) | |
132 | { | |
61af3de3 JG |
133 | switch(key) { |
134 | case 'o': | |
135 | arguments->random_name = arg; | |
136 | break; | |
137 | case 'r': | |
d1b4c504 | 138 | rng_default.rng_name = arg; |
61af3de3 JG |
139 | break; |
140 | case 't': { | |
141 | float f; | |
142 | if (sscanf(arg, "%f", &f) == 0) | |
143 | argp_usage(state); | |
144 | else | |
145 | arguments->poll_timeout = f; | |
146 | break; | |
147 | } | |
148 | ||
149 | case 'f': | |
150 | arguments->daemon = 0; | |
151 | break; | |
152 | case 'b': | |
153 | arguments->daemon = 1; | |
154 | break; | |
155 | case 's': | |
156 | if (sscanf(arg, "%i", &arguments->random_step) == 0) | |
157 | argp_usage(state); | |
158 | break; | |
159 | case 'W': { | |
160 | int n; | |
161 | if ((sscanf(arg, "%i", &n) == 0) || (n < 0) || (n > 4096)) | |
162 | argp_usage(state); | |
163 | else | |
164 | arguments->fill_watermark = n; | |
165 | break; | |
166 | } | |
d1b4c504 JG |
167 | case 'n': { |
168 | int n; | |
169 | if ((sscanf(arg,"%i", &n) == 0) || ((n | 1)!=1)) | |
170 | argp_usage(state); | |
171 | else | |
172 | arguments->enable_tpm = 0; | |
173 | break; | |
174 | } | |
61af3de3 JG |
175 | |
176 | default: | |
177 | return ARGP_ERR_UNKNOWN; | |
178 | } | |
179 | ||
180 | return 0; | |
181 | } | |
182 | ||
183 | static struct argp argp = { options, parse_opt, NULL, doc }; | |
184 | ||
185 | ||
d1b4c504 JG |
186 | static int update_kernel_random(int random_step, double poll_timeout, |
187 | unsigned char *buf, fips_ctx_t *fipsctx) | |
61af3de3 | 188 | { |
61af3de3 JG |
189 | unsigned char *p; |
190 | int fips; | |
191 | ||
d1b4c504 JG |
192 | fips = fips_run_rng_test(fipsctx, buf); |
193 | if (fips) { | |
194 | message(LOG_DAEMON|LOG_ERR, "failed fips test\n"); | |
195 | return 1; | |
196 | } | |
61af3de3 | 197 | |
d1b4c504 JG |
198 | for (p = buf; p + random_step <= &buf[FIPS_RNG_BUFFER_SIZE]; |
199 | p += random_step) { | |
200 | random_add_entropy(p, random_step); | |
201 | random_sleep(poll_timeout); | |
202 | } | |
203 | return 0; | |
204 | } | |
61af3de3 | 205 | |
d1b4c504 JG |
206 | static void do_loop(int random_step, double poll_timeout) |
207 | { | |
208 | unsigned char buf[FIPS_RNG_BUFFER_SIZE]; | |
209 | int retval; | |
61af3de3 | 210 | |
d1b4c504 JG |
211 | for (;;) { |
212 | struct rng *iter; | |
213 | for (iter = rng_list; iter; iter = iter->next) | |
214 | { | |
215 | retval = iter->xread(buf, sizeof buf, iter); | |
216 | if (retval == 0) | |
217 | update_kernel_random(random_step, | |
218 | poll_timeout, buf, | |
219 | iter->fipsctx); | |
61af3de3 JG |
220 | } |
221 | } | |
222 | } | |
223 | ||
61af3de3 JG |
224 | int main(int argc, char **argv) |
225 | { | |
d1b4c504 JG |
226 | int rc_rng = 1; |
227 | int rc_tpm = 1; | |
228 | ||
229 | /* Parsing of commandline parameters */ | |
61af3de3 JG |
230 | argp_parse(&argp, argc, argv, 0, 0, arguments); |
231 | ||
d1b4c504 JG |
232 | /* Init entropy sources, and open TRNG device */ |
233 | rc_rng = init_entropy_source(&rng_default); | |
234 | if (arguments->enable_tpm) | |
235 | rc_tpm = init_tpm_entropy_source(&rng_tpm); | |
236 | ||
237 | if (rc_rng && rc_tpm) { | |
238 | message(LOG_DAEMON|LOG_ERR, | |
239 | "can't open entropy source(tpm or intel/amd rng)"); | |
240 | message(LOG_DAEMON|LOG_ERR, | |
241 | "Maybe RNG device modules are not loaded\n"); | |
242 | return 1; | |
243 | } | |
61af3de3 JG |
244 | |
245 | /* Init entropy sink and open random device */ | |
246 | init_kernel_rng(arguments->random_name); | |
247 | ||
248 | if (arguments->daemon) { | |
249 | am_daemon = 1; | |
250 | ||
251 | if (daemon(0, 0) < 0) { | |
252 | fprintf(stderr, "can't daemonize: %s\n", | |
253 | strerror(errno)); | |
254 | return 1; | |
255 | } | |
256 | ||
257 | openlog("rngd", 0, LOG_DAEMON); | |
258 | } | |
259 | ||
260 | do_loop(arguments->random_step, | |
261 | arguments->poll_timeout ? : -1.0); | |
262 | ||
263 | return 0; | |
264 | } |