10Sstevel@tonic-gate /*
2*781Sgtb * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
30Sstevel@tonic-gate * Use is subject to license terms.
40Sstevel@tonic-gate */
50Sstevel@tonic-gate
60Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI"
70Sstevel@tonic-gate
80Sstevel@tonic-gate /*
90Sstevel@tonic-gate * Copyright (C) 1998 by the FundsXpress, INC.
100Sstevel@tonic-gate *
110Sstevel@tonic-gate * All rights reserved.
120Sstevel@tonic-gate *
130Sstevel@tonic-gate * Export of this software from the United States of America may require
140Sstevel@tonic-gate * a specific license from the United States Government. It is the
150Sstevel@tonic-gate * responsibility of any person or organization contemplating export to
160Sstevel@tonic-gate * obtain such a license before exporting.
170Sstevel@tonic-gate *
180Sstevel@tonic-gate * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
190Sstevel@tonic-gate * distribute this software and its documentation for any purpose and
200Sstevel@tonic-gate * without fee is hereby granted, provided that the above copyright
210Sstevel@tonic-gate * notice appear in all copies and that both that copyright notice and
220Sstevel@tonic-gate * this permission notice appear in supporting documentation, and that
230Sstevel@tonic-gate * the name of FundsXpress. not be used in advertising or publicity pertaining
240Sstevel@tonic-gate * to distribution of the software without specific, written prior
250Sstevel@tonic-gate * permission. FundsXpress makes no representations about the suitability of
260Sstevel@tonic-gate * this software for any purpose. It is provided "as is" without express
270Sstevel@tonic-gate * or implied warranty.
280Sstevel@tonic-gate */
290Sstevel@tonic-gate
300Sstevel@tonic-gate #include <k5-int.h>
310Sstevel@tonic-gate
320Sstevel@tonic-gate #ifdef _KERNEL
330Sstevel@tonic-gate #include <sys/random.h>
340Sstevel@tonic-gate #endif
350Sstevel@tonic-gate
360Sstevel@tonic-gate #ifndef _KERNEL
370Sstevel@tonic-gate
380Sstevel@tonic-gate /*
390Sstevel@tonic-gate * Solaris kerberos: we don't need a random number generator
400Sstevel@tonic-gate * for the /dev/[u]random, as it uses entropy in the kernel.
410Sstevel@tonic-gate * Keep this function as some apps might call it directly.
420Sstevel@tonic-gate */
430Sstevel@tonic-gate
440Sstevel@tonic-gate /*ARGSUSED*/
45*781Sgtb krb5_error_code KRB5_CALLCONV
krb5_c_random_seed(krb5_context context,krb5_data * data)460Sstevel@tonic-gate krb5_c_random_seed(krb5_context context, krb5_data *data)
470Sstevel@tonic-gate {
480Sstevel@tonic-gate /*
490Sstevel@tonic-gate * We can't do much if this fails, so ignore the
500Sstevel@tonic-gate * return code. /dev/urandom has its own entropy
510Sstevel@tonic-gate * source, so seeding it from here is of questionable
520Sstevel@tonic-gate * value in the first place.
530Sstevel@tonic-gate */
540Sstevel@tonic-gate (void) C_SeedRandom(krb_ctx_hSession(context),
550Sstevel@tonic-gate (CK_BYTE_PTR)data->data,
560Sstevel@tonic-gate (CK_ULONG)data->length);
570Sstevel@tonic-gate
580Sstevel@tonic-gate return(0);
590Sstevel@tonic-gate }
600Sstevel@tonic-gate #endif /* !_KERNEL */
610Sstevel@tonic-gate
620Sstevel@tonic-gate /*
630Sstevel@tonic-gate * krb5_get_random_octets
640Sstevel@tonic-gate * New for Solaris 9. This routine takes advantage of the new
650Sstevel@tonic-gate * /dev/[u]random interface provided in Solaris 9 for getting random
660Sstevel@tonic-gate * bytes generated from the kernel. The entropy produced there is generally
670Sstevel@tonic-gate * considered better than the current MIT PRNG code that we are replacing.
680Sstevel@tonic-gate *
690Sstevel@tonic-gate * This func is visible so that it can be used to generate a
700Sstevel@tonic-gate * random confounder.
710Sstevel@tonic-gate */
720Sstevel@tonic-gate
730Sstevel@tonic-gate #ifndef _KERNEL
740Sstevel@tonic-gate
750Sstevel@tonic-gate #endif /* ! _KERNEL */
760Sstevel@tonic-gate
770Sstevel@tonic-gate /*
780Sstevel@tonic-gate * We can assume that the memory for data is already malloc'd.
790Sstevel@tonic-gate * Return an error if there is an error, but don't clear the data->length
800Sstevel@tonic-gate * or free data->data. This will be done by the calling function.
810Sstevel@tonic-gate */
820Sstevel@tonic-gate
830Sstevel@tonic-gate /*ARGSUSED*/
84*781Sgtb krb5_error_code KRB5_CALLCONV
krb5_c_random_make_octets(krb5_context context,krb5_data * data)850Sstevel@tonic-gate krb5_c_random_make_octets(krb5_context context, krb5_data *data)
860Sstevel@tonic-gate {
870Sstevel@tonic-gate /*
880Sstevel@tonic-gate * Solaris kerberos uses /dev/[u]random
890Sstevel@tonic-gate */
900Sstevel@tonic-gate #ifndef _KERNEL /* User space code */
910Sstevel@tonic-gate
920Sstevel@tonic-gate krb5_error_code err = 0;
930Sstevel@tonic-gate CK_RV rv;
940Sstevel@tonic-gate
950Sstevel@tonic-gate KRB5_LOG0(KRB5_INFO, "krb5_c_random_make_octets() start, user space using "
960Sstevel@tonic-gate "krb5_get_random_octets()\n");
970Sstevel@tonic-gate
980Sstevel@tonic-gate rv = C_GenerateRandom(krb_ctx_hSession(context), (CK_BYTE_PTR)data->data,
990Sstevel@tonic-gate (CK_ULONG)data->length);
1000Sstevel@tonic-gate
1010Sstevel@tonic-gate if (rv != CKR_OK) {
1020Sstevel@tonic-gate KRB5_LOG(KRB5_ERR, "C_GenerateRandom failed in "
1030Sstevel@tonic-gate "krb5_c_random_make_octets: rv = 0x%x.", rv);
1040Sstevel@tonic-gate err = PKCS_ERR;
1050Sstevel@tonic-gate }
1060Sstevel@tonic-gate if (err != 0) {
1070Sstevel@tonic-gate KRB5_LOG0(KRB5_ERR, "krb5_c_random_make_octets() end, error");
1080Sstevel@tonic-gate return (err);
1090Sstevel@tonic-gate }
1100Sstevel@tonic-gate
1110Sstevel@tonic-gate #else /* Kernel code section */
1120Sstevel@tonic-gate
1130Sstevel@tonic-gate /*
1140Sstevel@tonic-gate * Solaris Kerberos: for kernel code we use the randomness generator native
1150Sstevel@tonic-gate * to Solaris 9. We avoid global variables and other nastiness this way.
1160Sstevel@tonic-gate *
1170Sstevel@tonic-gate * Using random_get_pseudo_bytes() instead of random_get_bytes() because it
1180Sstevel@tonic-gate * will not return an error code if there isn't enough entropy but will use
1190Sstevel@tonic-gate * a pseudo random algorithm to produce randomness. Most of the time it
1200Sstevel@tonic-gate * should be as good as random_get_bytes() and we don't have to worry about
1210Sstevel@tonic-gate * dealing with a non-fatal error.
1220Sstevel@tonic-gate */
1230Sstevel@tonic-gate KRB5_LOG0(KRB5_INFO, "krb5_c_random_make_octets() start, kernel using "
1240Sstevel@tonic-gate "random_get_pseudo_bytes()\n ");
1250Sstevel@tonic-gate
1260Sstevel@tonic-gate if(random_get_pseudo_bytes((uint8_t *)data->data, data->length) != 0) {
1270Sstevel@tonic-gate KRB5_LOG0(KRB5_ERR, "krb5_c_random_make_octets() end, "
1280Sstevel@tonic-gate "random_get_pseudo_bytes() error.\n");
1290Sstevel@tonic-gate return(KRB5_CRYPTO_INTERNAL);
1300Sstevel@tonic-gate }
1310Sstevel@tonic-gate
1320Sstevel@tonic-gate #endif /* !_KERNEL */
1330Sstevel@tonic-gate
1340Sstevel@tonic-gate KRB5_LOG0(KRB5_INFO, "krb5_c_random_make_octets() end\n");
1350Sstevel@tonic-gate return(0);
1360Sstevel@tonic-gate }
137