2 * rngd.c -- Random Number Generator daemon
4 * rngd reads data from a hardware random number generator, verifies it
5 * looks like random data, and adds it to /dev/random's entropy store.
7 * In theory, this should allow you to read very quickly from
8 * /dev/random; rngd also adds bytes to the entropy store periodically
9 * when it's full, which makes predicting the entropy store's contents
12 * Copyright (C) 2001 Philipp Rumpf
14 * This program is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU General Public License as published by
16 * the Free Software Foundation; either version 2 of the License, or
17 * (at your option) any later version.
19 * This program is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
24 * You should have received a copy of the GNU General Public License
25 * along with this program; if not, write to the Free Software
26 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
32 #error Invalid or missing autoconf build environment
35 #include "rng-tools-config.h"
41 #include <sys/types.h>
53 #include "rngd_entsource.h"
54 #include "rngd_linux.h"
60 /* Background/daemon mode */
61 int am_daemon
; /* Nonzero if we went daemon */
63 bool server_running
= true; /* set to false, to stop daemon */
65 /* Command line arguments and processing */
66 const char *argp_program_version
=
68 "Copyright 2001-2004 Jeff Garzik\n"
69 "Copyright (c) 2001 by Philipp Rumpf\n"
70 "This is free software; see the source for copying conditions. There is NO "
71 "warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.";
73 const char *argp_program_bug_address
= PACKAGE_BUGREPORT
;
76 "Check and feed random data from hardware device to kernel entropy pool.\n";
78 static struct argp_option options
[] = {
79 { "foreground", 'f', 0, 0, "Do not fork and become a daemon" },
81 { "background", 'b', 0, 0, "Become a daemon (default)" },
83 { "random-device", 'o', "file", 0,
84 "Kernel device used for random number output (default: /dev/random)" },
86 { "rng-device", 'r', "file", 0,
87 "Kernel device used for random number input (default: /dev/hw_random)" },
89 { "pid-file", 'p', "file", 0,
90 "File used for recording daemon PID, and multiple exclusion (default: /var/run/rngd.pid)" },
92 { "random-step", 's', "nnn", 0,
93 "Number of bytes written to random-device at a time (default: 64)" },
95 { "fill-watermark", 'W', "n", 0,
96 "Do not stop feeding entropy to random-device until at least n bits of entropy are available in the pool (default: 2048), 0 <= n <= 4096" },
98 { "quiet", 'q', 0, 0, "Suppress error messages" },
100 { "verbose" ,'v', 0, 0, "Report available entropy sources" },
102 { "timeout", 't', "nnn", 0,
103 "Interval written to random-device when the entropy pool is full, in seconds, or 0 to disable (default: 60)" },
104 { "no-tpm", 'n', "1|0", 0,
105 "do not use tpm as a source of random number input (default: 0)" },
110 static struct arguments default_arguments
= {
111 .random_name
= "/dev/random",
112 .pid_file
= "/var/run/rngd.pid",
115 .fill_watermark
= 2048,
121 struct arguments
*arguments
= &default_arguments
;
123 static struct rng rng_default
= {
124 .rng_name
= "/dev/hw_random",
129 static struct rng rng_tpm
= {
130 .rng_name
= "/dev/tpm0",
135 struct rng
*rng_list
;
138 * command line processing
140 static error_t
parse_opt (int key
, char *arg
, struct argp_state
*state
)
144 arguments
->random_name
= arg
;
147 arguments
->pid_file
= arg
;
150 rng_default
.rng_name
= arg
;
154 if (sscanf(arg
, "%f", &f
) == 0)
157 arguments
->poll_timeout
= f
;
162 arguments
->daemon
= 0;
165 arguments
->daemon
= 1;
168 if (sscanf(arg
, "%i", &arguments
->random_step
) == 0)
173 if ((sscanf(arg
, "%i", &n
) == 0) || (n
< 0) || (n
> 4096))
176 arguments
->fill_watermark
= n
;
180 arguments
->quiet
= 1;
183 arguments
->verbose
= 1;
187 if ((sscanf(arg
,"%i", &n
) == 0) || ((n
| 1)!=1))
190 arguments
->enable_tpm
= 0;
195 return ARGP_ERR_UNKNOWN
;
201 static struct argp argp
= { options
, parse_opt
, NULL
, doc
};
204 static int update_kernel_random(int random_step
, double poll_timeout
,
205 unsigned char *buf
, fips_ctx_t
*fipsctx_in
)
210 fips
= fips_run_rng_test(fipsctx_in
, buf
);
212 if (!arguments
->quiet
)
213 message(LOG_DAEMON
|LOG_ERR
, "failed fips test\n");
217 for (p
= buf
; p
+ random_step
<= &buf
[FIPS_RNG_BUFFER_SIZE
];
219 random_add_entropy(p
, random_step
);
220 random_sleep(poll_timeout
);
225 static void do_loop(int random_step
, double poll_timeout
)
227 unsigned char buf
[FIPS_RNG_BUFFER_SIZE
];
231 while (no_work
< 100) {
236 for (iter
= rng_list
; iter
; iter
= iter
->next
)
244 continue; /* failed, no work */
246 retval
= iter
->xread(buf
, sizeof buf
, iter
);
248 continue; /* failed, no work */
252 rc
= update_kernel_random(random_step
,
256 continue; /* succeeded, work done */
259 if (iter
->failures
== MAX_RNG_FAILURES
) {
260 if (!arguments
->quiet
)
261 message(LOG_DAEMON
|LOG_ERR
,
262 "too many FIPS failures, disabling entropy source\n");
263 iter
->disabled
= true;
271 if (!arguments
->quiet
)
272 message(LOG_DAEMON
|LOG_ERR
,
273 "No entropy sources working, exiting rngd\n");
276 static void term_signal(int signo
)
278 server_running
= false;
281 int main(int argc
, char **argv
)
287 openlog("rngd", 0, LOG_DAEMON
);
289 /* Parsing of commandline parameters */
290 argp_parse(&argp
, argc
, argv
, 0, 0, arguments
);
292 /* Init entropy sources, and open TRNG device */
293 rc_rng
= init_entropy_source(&rng_default
);
294 if (arguments
->enable_tpm
)
295 rc_tpm
= init_tpm_entropy_source(&rng_tpm
);
297 if (rc_rng
&& rc_tpm
) {
298 if (!arguments
->quiet
) {
299 message(LOG_DAEMON
|LOG_ERR
,
300 "can't open entropy source(tpm or intel/amd rng)");
301 message(LOG_DAEMON
|LOG_ERR
,
302 "Maybe RNG device modules are not loaded\n");
307 if (arguments
->verbose
) {
308 printf("Available entropy sources:\n");
310 printf("\tIntel/AMD hardware rng\n");
316 && (rc_tpm
|| !arguments
->enable_tpm
)) {
317 if (!arguments
->quiet
)
318 message(LOG_DAEMON
|LOG_ERR
,
319 "No entropy source available, shutting down\n");
323 /* Init entropy sink and open random device */
324 init_kernel_rng(arguments
->random_name
);
326 if (arguments
->daemon
) {
329 if (daemon(0, 0) < 0) {
330 if(!arguments
->quiet
)
331 fprintf(stderr
, "can't daemonize: %s\n",
336 /* require valid, locked PID file to proceed */
337 pid_fd
= write_pid_file(arguments
->pid_file
);
341 signal(SIGHUP
, SIG_IGN
);
342 signal(SIGPIPE
, SIG_IGN
);
343 signal(SIGINT
, term_signal
);
344 signal(SIGTERM
, term_signal
);
347 do_loop(arguments
->random_step
,
348 arguments
->poll_timeout
? : -1.0);
351 unlink(arguments
->pid_file
);