1*00b67f09SDavid van Moolenbroek /* $NetBSD: entropy.c,v 1.6 2014/12/10 04:38:01 christos Exp $ */
2*00b67f09SDavid van Moolenbroek
3*00b67f09SDavid van Moolenbroek /*
4*00b67f09SDavid van Moolenbroek * Copyright (C) 2004, 2007, 2009, 2013 Internet Systems Consortium, Inc. ("ISC")
5*00b67f09SDavid van Moolenbroek * Copyright (C) 2000-2002 Internet Software Consortium.
6*00b67f09SDavid van Moolenbroek *
7*00b67f09SDavid van Moolenbroek * Permission to use, copy, modify, and/or distribute this software for any
8*00b67f09SDavid van Moolenbroek * purpose with or without fee is hereby granted, provided that the above
9*00b67f09SDavid van Moolenbroek * copyright notice and this permission notice appear in all copies.
10*00b67f09SDavid van Moolenbroek *
11*00b67f09SDavid van Moolenbroek * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
12*00b67f09SDavid van Moolenbroek * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
13*00b67f09SDavid van Moolenbroek * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
14*00b67f09SDavid van Moolenbroek * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
15*00b67f09SDavid van Moolenbroek * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
16*00b67f09SDavid van Moolenbroek * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
17*00b67f09SDavid van Moolenbroek * PERFORMANCE OF THIS SOFTWARE.
18*00b67f09SDavid van Moolenbroek */
19*00b67f09SDavid van Moolenbroek
20*00b67f09SDavid van Moolenbroek /* Id: entropy.c,v 1.10 2009/01/18 23:48:14 tbox Exp */
21*00b67f09SDavid van Moolenbroek
22*00b67f09SDavid van Moolenbroek /*
23*00b67f09SDavid van Moolenbroek * This is the system dependent part of the ISC entropy API.
24*00b67f09SDavid van Moolenbroek */
25*00b67f09SDavid van Moolenbroek
26*00b67f09SDavid van Moolenbroek #include <config.h>
27*00b67f09SDavid van Moolenbroek
28*00b67f09SDavid van Moolenbroek #include <windows.h>
29*00b67f09SDavid van Moolenbroek #include <wincrypt.h>
30*00b67f09SDavid van Moolenbroek
31*00b67f09SDavid van Moolenbroek #include <process.h>
32*00b67f09SDavid van Moolenbroek #include <io.h>
33*00b67f09SDavid van Moolenbroek #include <share.h>
34*00b67f09SDavid van Moolenbroek
35*00b67f09SDavid van Moolenbroek /*
36*00b67f09SDavid van Moolenbroek * There is only one variable in the entropy data structures that is not
37*00b67f09SDavid van Moolenbroek * system independent, but pulling the structure that uses it into this file
38*00b67f09SDavid van Moolenbroek * ultimately means pulling several other independent structures here also to
39*00b67f09SDavid van Moolenbroek * resolve their interdependencies. Thus only the problem variable's type
40*00b67f09SDavid van Moolenbroek * is defined here.
41*00b67f09SDavid van Moolenbroek */
42*00b67f09SDavid van Moolenbroek #define FILESOURCE_HANDLE_TYPE HCRYPTPROV
43*00b67f09SDavid van Moolenbroek
44*00b67f09SDavid van Moolenbroek typedef struct {
45*00b67f09SDavid van Moolenbroek int dummy;
46*00b67f09SDavid van Moolenbroek } isc_entropyusocketsource_t;
47*00b67f09SDavid van Moolenbroek
48*00b67f09SDavid van Moolenbroek #include "../entropy.c"
49*00b67f09SDavid van Moolenbroek
50*00b67f09SDavid van Moolenbroek static unsigned int
get_from_filesource(isc_entropysource_t * source,isc_uint32_t desired)51*00b67f09SDavid van Moolenbroek get_from_filesource(isc_entropysource_t *source, isc_uint32_t desired) {
52*00b67f09SDavid van Moolenbroek isc_entropy_t *ent = source->ent;
53*00b67f09SDavid van Moolenbroek unsigned char buf[128];
54*00b67f09SDavid van Moolenbroek HCRYPTPROV hcryptprov = source->sources.file.handle;
55*00b67f09SDavid van Moolenbroek ssize_t ndesired;
56*00b67f09SDavid van Moolenbroek unsigned int added;
57*00b67f09SDavid van Moolenbroek
58*00b67f09SDavid van Moolenbroek if (source->bad)
59*00b67f09SDavid van Moolenbroek return (0);
60*00b67f09SDavid van Moolenbroek
61*00b67f09SDavid van Moolenbroek desired = desired / 8 + (((desired & 0x07) > 0) ? 1 : 0);
62*00b67f09SDavid van Moolenbroek
63*00b67f09SDavid van Moolenbroek added = 0;
64*00b67f09SDavid van Moolenbroek while (desired > 0) {
65*00b67f09SDavid van Moolenbroek ndesired = ISC_MIN(desired, sizeof(buf));
66*00b67f09SDavid van Moolenbroek if (!CryptGenRandom(hcryptprov, (DWORD)ndesired, buf)) {
67*00b67f09SDavid van Moolenbroek CryptReleaseContext(hcryptprov, 0);
68*00b67f09SDavid van Moolenbroek source->bad = ISC_TRUE;
69*00b67f09SDavid van Moolenbroek goto out;
70*00b67f09SDavid van Moolenbroek }
71*00b67f09SDavid van Moolenbroek
72*00b67f09SDavid van Moolenbroek entropypool_adddata(ent, buf,
73*00b67f09SDavid van Moolenbroek (unsigned int)ndesired,
74*00b67f09SDavid van Moolenbroek (unsigned int)ndesired * 8);
75*00b67f09SDavid van Moolenbroek added += (unsigned int)ndesired * 8;
76*00b67f09SDavid van Moolenbroek desired -= (isc_uint32_t)ndesired;
77*00b67f09SDavid van Moolenbroek }
78*00b67f09SDavid van Moolenbroek
79*00b67f09SDavid van Moolenbroek out:
80*00b67f09SDavid van Moolenbroek return (added);
81*00b67f09SDavid van Moolenbroek }
82*00b67f09SDavid van Moolenbroek
83*00b67f09SDavid van Moolenbroek /*
84*00b67f09SDavid van Moolenbroek * Poll each source, trying to get data from it to stuff into the entropy
85*00b67f09SDavid van Moolenbroek * pool.
86*00b67f09SDavid van Moolenbroek */
87*00b67f09SDavid van Moolenbroek static void
fillpool(isc_entropy_t * ent,unsigned int desired,isc_boolean_t blocking)88*00b67f09SDavid van Moolenbroek fillpool(isc_entropy_t *ent, unsigned int desired, isc_boolean_t blocking) {
89*00b67f09SDavid van Moolenbroek unsigned int added;
90*00b67f09SDavid van Moolenbroek unsigned int remaining;
91*00b67f09SDavid van Moolenbroek unsigned int needed;
92*00b67f09SDavid van Moolenbroek unsigned int nsource;
93*00b67f09SDavid van Moolenbroek isc_entropysource_t *source;
94*00b67f09SDavid van Moolenbroek isc_entropysource_t *firstsource;
95*00b67f09SDavid van Moolenbroek
96*00b67f09SDavid van Moolenbroek REQUIRE(VALID_ENTROPY(ent));
97*00b67f09SDavid van Moolenbroek
98*00b67f09SDavid van Moolenbroek needed = desired;
99*00b67f09SDavid van Moolenbroek
100*00b67f09SDavid van Moolenbroek /*
101*00b67f09SDavid van Moolenbroek * This logic is a little strange, so an explanation is in order.
102*00b67f09SDavid van Moolenbroek *
103*00b67f09SDavid van Moolenbroek * If needed is 0, it means we are being asked to "fill to whatever
104*00b67f09SDavid van Moolenbroek * we think is best." This means that if we have at least a
105*00b67f09SDavid van Moolenbroek * partially full pool (say, > 1/4th of the pool) we probably don't
106*00b67f09SDavid van Moolenbroek * need to add anything.
107*00b67f09SDavid van Moolenbroek *
108*00b67f09SDavid van Moolenbroek * Also, we will check to see if the "pseudo" count is too high.
109*00b67f09SDavid van Moolenbroek * If it is, try to mix in better data. Too high is currently
110*00b67f09SDavid van Moolenbroek * defined as 1/4th of the pool.
111*00b67f09SDavid van Moolenbroek *
112*00b67f09SDavid van Moolenbroek * Next, if we are asked to add a specific bit of entropy, make
113*00b67f09SDavid van Moolenbroek * certain that we will do so. Clamp how much we try to add to
114*00b67f09SDavid van Moolenbroek * (DIGEST_SIZE * 8 < needed < POOLBITS - entropy).
115*00b67f09SDavid van Moolenbroek *
116*00b67f09SDavid van Moolenbroek * Note that if we are in a blocking mode, we will only try to
117*00b67f09SDavid van Moolenbroek * get as much data as we need, not as much as we might want
118*00b67f09SDavid van Moolenbroek * to build up.
119*00b67f09SDavid van Moolenbroek */
120*00b67f09SDavid van Moolenbroek if (needed == 0) {
121*00b67f09SDavid van Moolenbroek REQUIRE(!blocking);
122*00b67f09SDavid van Moolenbroek
123*00b67f09SDavid van Moolenbroek if ((ent->pool.entropy >= RND_POOLBITS / 4)
124*00b67f09SDavid van Moolenbroek && (ent->pool.pseudo <= RND_POOLBITS / 4))
125*00b67f09SDavid van Moolenbroek return;
126*00b67f09SDavid van Moolenbroek
127*00b67f09SDavid van Moolenbroek needed = THRESHOLD_BITS * 4;
128*00b67f09SDavid van Moolenbroek } else {
129*00b67f09SDavid van Moolenbroek needed = ISC_MAX(needed, THRESHOLD_BITS);
130*00b67f09SDavid van Moolenbroek needed = ISC_MIN(needed, RND_POOLBITS);
131*00b67f09SDavid van Moolenbroek }
132*00b67f09SDavid van Moolenbroek
133*00b67f09SDavid van Moolenbroek /*
134*00b67f09SDavid van Moolenbroek * In any case, clamp how much we need to how much we can add.
135*00b67f09SDavid van Moolenbroek */
136*00b67f09SDavid van Moolenbroek needed = ISC_MIN(needed, RND_POOLBITS - ent->pool.entropy);
137*00b67f09SDavid van Moolenbroek
138*00b67f09SDavid van Moolenbroek /*
139*00b67f09SDavid van Moolenbroek * But wait! If we're not yet initialized, we need at least
140*00b67f09SDavid van Moolenbroek * THRESHOLD_BITS
141*00b67f09SDavid van Moolenbroek * of randomness.
142*00b67f09SDavid van Moolenbroek */
143*00b67f09SDavid van Moolenbroek if (ent->initialized < THRESHOLD_BITS)
144*00b67f09SDavid van Moolenbroek needed = ISC_MAX(needed, THRESHOLD_BITS - ent->initialized);
145*00b67f09SDavid van Moolenbroek
146*00b67f09SDavid van Moolenbroek /*
147*00b67f09SDavid van Moolenbroek * Poll each file source to see if we can read anything useful from
148*00b67f09SDavid van Moolenbroek * it. XXXMLG When where are multiple sources, we should keep a
149*00b67f09SDavid van Moolenbroek * record of which one we last used so we can start from it (or the
150*00b67f09SDavid van Moolenbroek * next one) to avoid letting some sources build up entropy while
151*00b67f09SDavid van Moolenbroek * others are always drained.
152*00b67f09SDavid van Moolenbroek */
153*00b67f09SDavid van Moolenbroek
154*00b67f09SDavid van Moolenbroek added = 0;
155*00b67f09SDavid van Moolenbroek remaining = needed;
156*00b67f09SDavid van Moolenbroek if (ent->nextsource == NULL) {
157*00b67f09SDavid van Moolenbroek ent->nextsource = ISC_LIST_HEAD(ent->sources);
158*00b67f09SDavid van Moolenbroek if (ent->nextsource == NULL)
159*00b67f09SDavid van Moolenbroek return;
160*00b67f09SDavid van Moolenbroek }
161*00b67f09SDavid van Moolenbroek source = ent->nextsource;
162*00b67f09SDavid van Moolenbroek /*
163*00b67f09SDavid van Moolenbroek * Remember the first source so we can break if we have looped back to
164*00b67f09SDavid van Moolenbroek * the beginning and still have nothing
165*00b67f09SDavid van Moolenbroek */
166*00b67f09SDavid van Moolenbroek firstsource = source;
167*00b67f09SDavid van Moolenbroek again_file:
168*00b67f09SDavid van Moolenbroek for (nsource = 0; nsource < ent->nsources; nsource++) {
169*00b67f09SDavid van Moolenbroek unsigned int got;
170*00b67f09SDavid van Moolenbroek
171*00b67f09SDavid van Moolenbroek if (remaining == 0)
172*00b67f09SDavid van Moolenbroek break;
173*00b67f09SDavid van Moolenbroek
174*00b67f09SDavid van Moolenbroek got = 0;
175*00b67f09SDavid van Moolenbroek
176*00b67f09SDavid van Moolenbroek if (source->type == ENTROPY_SOURCETYPE_FILE)
177*00b67f09SDavid van Moolenbroek got = get_from_filesource(source, remaining);
178*00b67f09SDavid van Moolenbroek
179*00b67f09SDavid van Moolenbroek added += got;
180*00b67f09SDavid van Moolenbroek
181*00b67f09SDavid van Moolenbroek remaining -= ISC_MIN(remaining, got);
182*00b67f09SDavid van Moolenbroek
183*00b67f09SDavid van Moolenbroek source = ISC_LIST_NEXT(source, link);
184*00b67f09SDavid van Moolenbroek if (source == NULL)
185*00b67f09SDavid van Moolenbroek source = ISC_LIST_HEAD(ent->sources);
186*00b67f09SDavid van Moolenbroek }
187*00b67f09SDavid van Moolenbroek ent->nextsource = source;
188*00b67f09SDavid van Moolenbroek
189*00b67f09SDavid van Moolenbroek /*
190*00b67f09SDavid van Moolenbroek * Go again only if there's been progress and we've not
191*00b67f09SDavid van Moolenbroek * gone back to the beginning
192*00b67f09SDavid van Moolenbroek */
193*00b67f09SDavid van Moolenbroek if (!(ent->nextsource == firstsource && added == 0)) {
194*00b67f09SDavid van Moolenbroek if (blocking && remaining != 0) {
195*00b67f09SDavid van Moolenbroek goto again_file;
196*00b67f09SDavid van Moolenbroek }
197*00b67f09SDavid van Moolenbroek }
198*00b67f09SDavid van Moolenbroek
199*00b67f09SDavid van Moolenbroek /*
200*00b67f09SDavid van Moolenbroek * Here, if there are bits remaining to be had and we can block,
201*00b67f09SDavid van Moolenbroek * check to see if we have a callback source. If so, call them.
202*00b67f09SDavid van Moolenbroek */
203*00b67f09SDavid van Moolenbroek source = ISC_LIST_HEAD(ent->sources);
204*00b67f09SDavid van Moolenbroek while ((remaining != 0) && (source != NULL)) {
205*00b67f09SDavid van Moolenbroek unsigned int got;
206*00b67f09SDavid van Moolenbroek
207*00b67f09SDavid van Moolenbroek got = 0;
208*00b67f09SDavid van Moolenbroek
209*00b67f09SDavid van Moolenbroek if (source->type == ENTROPY_SOURCETYPE_CALLBACK)
210*00b67f09SDavid van Moolenbroek got = get_from_callback(source, remaining, blocking);
211*00b67f09SDavid van Moolenbroek
212*00b67f09SDavid van Moolenbroek added += got;
213*00b67f09SDavid van Moolenbroek remaining -= ISC_MIN(remaining, got);
214*00b67f09SDavid van Moolenbroek
215*00b67f09SDavid van Moolenbroek if (added >= needed)
216*00b67f09SDavid van Moolenbroek break;
217*00b67f09SDavid van Moolenbroek
218*00b67f09SDavid van Moolenbroek source = ISC_LIST_NEXT(source, link);
219*00b67f09SDavid van Moolenbroek }
220*00b67f09SDavid van Moolenbroek
221*00b67f09SDavid van Moolenbroek /*
222*00b67f09SDavid van Moolenbroek * Mark as initialized if we've added enough data.
223*00b67f09SDavid van Moolenbroek */
224*00b67f09SDavid van Moolenbroek if (ent->initialized < THRESHOLD_BITS)
225*00b67f09SDavid van Moolenbroek ent->initialized += added;
226*00b67f09SDavid van Moolenbroek }
227*00b67f09SDavid van Moolenbroek
228*00b67f09SDavid van Moolenbroek
229*00b67f09SDavid van Moolenbroek
230*00b67f09SDavid van Moolenbroek /*
231*00b67f09SDavid van Moolenbroek * Requires "ent" be locked.
232*00b67f09SDavid van Moolenbroek */
233*00b67f09SDavid van Moolenbroek static void
destroyfilesource(isc_entropyfilesource_t * source)234*00b67f09SDavid van Moolenbroek destroyfilesource(isc_entropyfilesource_t *source) {
235*00b67f09SDavid van Moolenbroek CryptReleaseContext(source->handle, 0);
236*00b67f09SDavid van Moolenbroek }
237*00b67f09SDavid van Moolenbroek
238*00b67f09SDavid van Moolenbroek static void
destroyusocketsource(isc_entropyusocketsource_t * source)239*00b67f09SDavid van Moolenbroek destroyusocketsource(isc_entropyusocketsource_t *source) {
240*00b67f09SDavid van Moolenbroek UNUSED(source);
241*00b67f09SDavid van Moolenbroek }
242*00b67f09SDavid van Moolenbroek
243*00b67f09SDavid van Moolenbroek
244*00b67f09SDavid van Moolenbroek isc_result_t
isc_entropy_createfilesource(isc_entropy_t * ent,const char * fname)245*00b67f09SDavid van Moolenbroek isc_entropy_createfilesource(isc_entropy_t *ent, const char *fname) {
246*00b67f09SDavid van Moolenbroek isc_result_t ret;
247*00b67f09SDavid van Moolenbroek isc_entropysource_t *source;
248*00b67f09SDavid van Moolenbroek HCRYPTPROV hcryptprov;
249*00b67f09SDavid van Moolenbroek BOOL err;
250*00b67f09SDavid van Moolenbroek
251*00b67f09SDavid van Moolenbroek REQUIRE(VALID_ENTROPY(ent));
252*00b67f09SDavid van Moolenbroek REQUIRE(fname != NULL);
253*00b67f09SDavid van Moolenbroek
254*00b67f09SDavid van Moolenbroek LOCK(&ent->lock);
255*00b67f09SDavid van Moolenbroek
256*00b67f09SDavid van Moolenbroek source = NULL;
257*00b67f09SDavid van Moolenbroek
258*00b67f09SDavid van Moolenbroek /*
259*00b67f09SDavid van Moolenbroek * The first time we just try to acquire the context
260*00b67f09SDavid van Moolenbroek */
261*00b67f09SDavid van Moolenbroek err = CryptAcquireContext(&hcryptprov, NULL, NULL, PROV_RSA_FULL,
262*00b67f09SDavid van Moolenbroek CRYPT_VERIFYCONTEXT);
263*00b67f09SDavid van Moolenbroek if (!err){
264*00b67f09SDavid van Moolenbroek (void)GetLastError();
265*00b67f09SDavid van Moolenbroek ret = ISC_R_IOERROR;
266*00b67f09SDavid van Moolenbroek goto errout;
267*00b67f09SDavid van Moolenbroek }
268*00b67f09SDavid van Moolenbroek
269*00b67f09SDavid van Moolenbroek source = isc_mem_get(ent->mctx, sizeof(isc_entropysource_t));
270*00b67f09SDavid van Moolenbroek if (source == NULL) {
271*00b67f09SDavid van Moolenbroek ret = ISC_R_NOMEMORY;
272*00b67f09SDavid van Moolenbroek goto closecontext;
273*00b67f09SDavid van Moolenbroek }
274*00b67f09SDavid van Moolenbroek
275*00b67f09SDavid van Moolenbroek /*
276*00b67f09SDavid van Moolenbroek * From here down, no failures can occur.
277*00b67f09SDavid van Moolenbroek */
278*00b67f09SDavid van Moolenbroek source->magic = SOURCE_MAGIC;
279*00b67f09SDavid van Moolenbroek source->type = ENTROPY_SOURCETYPE_FILE;
280*00b67f09SDavid van Moolenbroek source->ent = ent;
281*00b67f09SDavid van Moolenbroek source->total = 0;
282*00b67f09SDavid van Moolenbroek source->bad = ISC_FALSE;
283*00b67f09SDavid van Moolenbroek memset(source->name, 0, sizeof(source->name));
284*00b67f09SDavid van Moolenbroek ISC_LINK_INIT(source, link);
285*00b67f09SDavid van Moolenbroek source->sources.file.handle = hcryptprov;
286*00b67f09SDavid van Moolenbroek
287*00b67f09SDavid van Moolenbroek /*
288*00b67f09SDavid van Moolenbroek * Hook it into the entropy system.
289*00b67f09SDavid van Moolenbroek */
290*00b67f09SDavid van Moolenbroek ISC_LIST_APPEND(ent->sources, source, link);
291*00b67f09SDavid van Moolenbroek ent->nsources++;
292*00b67f09SDavid van Moolenbroek
293*00b67f09SDavid van Moolenbroek UNLOCK(&ent->lock);
294*00b67f09SDavid van Moolenbroek return (ISC_R_SUCCESS);
295*00b67f09SDavid van Moolenbroek
296*00b67f09SDavid van Moolenbroek closecontext:
297*00b67f09SDavid van Moolenbroek CryptReleaseContext(hcryptprov, 0);
298*00b67f09SDavid van Moolenbroek
299*00b67f09SDavid van Moolenbroek errout:
300*00b67f09SDavid van Moolenbroek if (source != NULL)
301*00b67f09SDavid van Moolenbroek isc_mem_put(ent->mctx, source, sizeof(isc_entropysource_t));
302*00b67f09SDavid van Moolenbroek
303*00b67f09SDavid van Moolenbroek UNLOCK(&ent->lock);
304*00b67f09SDavid van Moolenbroek
305*00b67f09SDavid van Moolenbroek return (ret);
306*00b67f09SDavid van Moolenbroek }
307*00b67f09SDavid van Moolenbroek
308*00b67f09SDavid van Moolenbroek
309*00b67f09SDavid van Moolenbroek
310*00b67f09SDavid van Moolenbroek
311