]> git.ipfire.org Git - thirdparty/rng-tools.git/blob - rngd.c
projects / thirdparty / rng-tools.git / blob
? search:


587567175b4660b9fd2bf19c79acc328068f238c
[thirdparty/rng-tools.git] / rngd.c
1 /*
2 * rngd.c -- Random Number Generator daemon
3 *
4 * rngd reads data from a hardware random number generator, verifies it
5 * looks like random data, and adds it to /dev/random's entropy store.
6 *
7 * In theory, this should allow you to read very quickly from
8 * /dev/random; rngd also adds bytes to the entropy store periodically
9 * when it's full, which makes predicting the entropy store's contents
10 * harder.
11 *
12 * Copyright (C) 2001 Philipp Rumpf
13 *
14 * This program is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU General Public License as published by
16 * the Free Software Foundation; either version 2 of the License, or
17 * (at your option) any later version.
18 *
19 * This program is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
23 *
24 * You should have received a copy of the GNU General Public License
25 * along with this program; if not, write to the Free Software
26 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
27 */
28
29 #define _GNU_SOURCE
30
31 #ifndef HAVE_CONFIG_H
32 #error Invalid or missing autoconf build environment
33 #endif
34
35 #include "rng-tools-config.h"
36
37 #include <unistd.h>
38 #include <stdint.h>
39 #include <stdio.h>
40 #include <stdlib.h>
41 #include <sys/types.h>
42 #include <sys/stat.h>
43 #include <fcntl.h>
44 #include <errno.h>
45 #include <string.h>
46 #include <argp.h>
47 #include <syslog.h>
48 #include <signal.h>
49
50 #include "rngd.h"
51 #include "fips.h"
52 #include "exits.h"
53 #include "rngd_entsource.h"
54 #include "rngd_linux.h"
55
56 /*
57 * Globals
58 */
59
60 /* Background/daemon mode */
61 int am_daemon; /* Nonzero if we went daemon */
62
63 bool server_running = true; /* set to false, to stop daemon */
64
65 /* Command line arguments and processing */
66 const char *argp_program_version =
67 "rngd " VERSION "\n"
68 "Copyright 2001-2004 Jeff Garzik\n"
69 "Copyright (c) 2001 by Philipp Rumpf\n"
70 "This is free software; see the source for copying conditions. There is NO "
71 "warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.";
72
73 const char *argp_program_bug_address = PACKAGE_BUGREPORT;
74
75 static char doc[] =
76 "Check and feed random data from hardware device to kernel entropy pool.\n";
77
78 static struct argp_option options[] = {
79 { "foreground", 'f', 0, 0, "Do not fork and become a daemon" },
80
81 { "background", 'b', 0, 0, "Become a daemon (default)" },
82
83 { "random-device", 'o', "file", 0,
84 "Kernel device used for random number output (default: /dev/random)" },
85
86 { "rng-device", 'r', "file", 0,
87 "Kernel device used for random number input (default: /dev/hw_random)" },
88
89 { "pid-file", 'p', "file", 0,
90 "File used for recording daemon PID, and multiple exclusion (default: /var/run/rngd.pid)" },
91
92 { "random-step", 's', "nnn", 0,
93 "Number of bytes written to random-device at a time (default: 64)" },
94
95 { "fill-watermark", 'W', "n", 0,
96 "Do not stop feeding entropy to random-device until at least n bits of entropy are available in the pool (default: 2048), 0 <= n <= 4096" },
97
98 { "quiet", 'q', 0, 0, "Suppress error messages" },
99
100 { "verbose" ,'v', 0, 0, "Report available entropy sources" },
101
102 { "timeout", 't', "nnn", 0,
103 "Interval written to random-device when the entropy pool is full, in seconds, or 0 to disable (default: 60)" },
104 { "no-tpm", 'n', "1|0", 0,
105 "do not use tpm as a source of random number input (default: 0)" },
106
107 { 0 },
108 };
109
110 static struct arguments default_arguments = {
111 .random_name = "/dev/random",
112 .pid_file = "/var/run/rngd.pid",
113 .poll_timeout = 60,
114 .random_step = 64,
115 .fill_watermark = 2048,
116 .daemon = 1,
117 .enable_tpm = 1,
118 .quiet = 0,
119 .verbose = 0,
120 };
121 struct arguments *arguments = &default_arguments;
122
123 static struct rng rng_default = {
124 .rng_name = "/dev/hw_random",
125 .rng_fd = -1,
126 .xread = xread,
127 };
128
129 static struct rng rng_tpm = {
130 .rng_name = "/dev/tpm0",
131 .rng_fd = -1,
132 .xread = xread_tpm,
133 };
134
135 struct rng *rng_list;
136
137 /*
138 * command line processing
139 */
140 static error_t parse_opt (int key, char *arg, struct argp_state *state)
141 {
142 switch(key) {
143 case 'o':
144 arguments->random_name = arg;
145 break;
146 case 'p':
147 arguments->pid_file = arg;
148 break;
149 case 'r':
150 rng_default.rng_name = arg;
151 break;
152 case 't': {
153 float f;
154 if (sscanf(arg, "%f", &f) == 0)
155 argp_usage(state);
156 else
157 arguments->poll_timeout = f;
158 break;
159 }
160
161 case 'f':
162 arguments->daemon = 0;
163 break;
164 case 'b':
165 arguments->daemon = 1;
166 break;
167 case 's':
168 if (sscanf(arg, "%i", &arguments->random_step) == 0)
169 argp_usage(state);
170 break;
171 case 'W': {
172 int n;
173 if ((sscanf(arg, "%i", &n) == 0) || (n < 0) || (n > 4096))
174 argp_usage(state);
175 else
176 arguments->fill_watermark = n;
177 break;
178 }
179 case 'q':
180 arguments->quiet = 1;
181 break;
182 case 'v':
183 arguments->verbose = 1;
184 break;
185 case 'n': {
186 int n;
187 if ((sscanf(arg,"%i", &n) == 0) || ((n | 1)!=1))
188 argp_usage(state);
189 else
190 arguments->enable_tpm = 0;
191 break;
192 }
193
194 default:
195 return ARGP_ERR_UNKNOWN;
196 }
197
198 return 0;
199 }
200
201 static struct argp argp = { options, parse_opt, NULL, doc };
202
203
204 static int update_kernel_random(int random_step, double poll_timeout,
205 unsigned char *buf, fips_ctx_t *fipsctx_in)
206 {
207 unsigned char *p;
208 int fips;
209
210 fips = fips_run_rng_test(fipsctx_in, buf);
211 if (fips) {
212 if (!arguments->quiet)
213 message(LOG_DAEMON|LOG_ERR, "failed fips test\n");
214 return 1;
215 }
216
217 for (p = buf; p + random_step <= &buf[FIPS_RNG_BUFFER_SIZE];
218 p += random_step) {
219 random_add_entropy(p, random_step);
220 random_sleep(poll_timeout);
221 }
222 return 0;
223 }
224
225 static void do_loop(int random_step, double poll_timeout)
226 {
227 unsigned char buf[FIPS_RNG_BUFFER_SIZE];
228 int retval = 0;
229 int no_work = 0;
230
231 while (no_work < 100) {
232 struct rng *iter;
233 bool work_done;
234
235 work_done = false;
236 for (iter = rng_list; iter; iter = iter->next)
237 {
238 int rc;
239
240 if (!server_running)
241 return;
242
243 if (iter->disabled)
244 continue; /* failed, no work */
245
246 retval = iter->xread(buf, sizeof buf, iter);
247 if (retval)
248 continue; /* failed, no work */
249
250 work_done = true;
251
252 rc = update_kernel_random(random_step,
253 poll_timeout, buf,
254 iter->fipsctx);
255 if (rc == 0)
256 continue; /* succeeded, work done */
257
258 iter->failures++;
259 if (iter->failures == MAX_RNG_FAILURES) {
260 if (!arguments->quiet)
261 message(LOG_DAEMON|LOG_ERR,
262 "too many FIPS failures, disabling entropy source\n");
263 iter->disabled = true;
264 }
265 }
266
267 if (!work_done)
268 no_work++;
269 }
270
271 if (!arguments->quiet)
272 message(LOG_DAEMON|LOG_ERR,
273 "No entropy sources working, exiting rngd\n");
274 }
275
276 static void term_signal(int signo)
277 {
278 server_running = false;
279 }
280
281 int main(int argc, char **argv)
282 {
283 int rc_rng = 0;
284 int rc_tpm = 0;
285 int pid_fd = -1;
286
287 openlog("rngd", 0, LOG_DAEMON);
288
289 /* Parsing of commandline parameters */
290 argp_parse(&argp, argc, argv, 0, 0, arguments);
291
292 /* Init entropy sources, and open TRNG device */
293 rc_rng = init_entropy_source(&rng_default);
294 if (arguments->enable_tpm)
295 rc_tpm = init_tpm_entropy_source(&rng_tpm);
296
297 if (rc_rng && rc_tpm) {
298 if (!arguments->quiet) {
299 message(LOG_DAEMON|LOG_ERR,
300 "can't open entropy source(tpm or intel/amd rng)");
301 message(LOG_DAEMON|LOG_ERR,
302 "Maybe RNG device modules are not loaded\n");
303 }
304 return 1;
305 }
306
307 if (arguments->verbose) {
308 printf("Available entropy sources:\n");
309 if (!rc_rng)
310 printf("\tIntel/AMD hardware rng\n");
311 if (!rc_tpm)
312 printf("\tTPM\n");
313 }
314
315 if (rc_rng
316 && (rc_tpm || !arguments->enable_tpm)) {
317 if (!arguments->quiet)
318 message(LOG_DAEMON|LOG_ERR,
319 "No entropy source available, shutting down\n");
320 return 1;
321 }
322
323 /* Init entropy sink and open random device */
324 init_kernel_rng(arguments->random_name);
325
326 if (arguments->daemon) {
327 am_daemon = 1;
328
329 if (daemon(0, 0) < 0) {
330 if(!arguments->quiet)
331 fprintf(stderr, "can't daemonize: %s\n",
332 strerror(errno));
333 return 1;
334 }
335
336 /* require valid, locked PID file to proceed */
337 pid_fd = write_pid_file(arguments->pid_file);
338 if (pid_fd < 0)
339 return 1;
340
341 signal(SIGHUP, SIG_IGN);
342 signal(SIGPIPE, SIG_IGN);
343 signal(SIGINT, term_signal);
344 signal(SIGTERM, term_signal);
345 }
346
347 do_loop(arguments->random_step,
348 arguments->poll_timeout ? : -1.0);
349
350 if (pid_fd >= 0)
351 unlink(arguments->pid_file);
352
353 return 0;
354 }
Unnamed repository; edit this file 'description' to name the repository.